Bug#858670: nmu: wxpython3.0_3.0.2.0+dfsg-3

[Scott Talbert]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi,

wxwidgets3.0 was recently binNMU'd in stretch.  wxpython3.0 needs to be 
rebuilt to avoid a C++ ABI mismatch warning when all wxPython 
applications are used.

nmu wxpython3.0_3.0.2.0+dfsg-3 . ANY . stretch . -m "Rebuild due to wxWidgets 
C++ ABI change"

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#858650: unblock: plv8/1:1.4.9.ds-1

[Christoph Berg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package plv8. The new version fixes a security problem.


diff -Nru plv8-1.4.8.ds/debian/changelog plv8-1.4.9.ds/debian/changelog
--- plv8-1.4.8.ds/debian/changelog  2017-01-14 21:15:06.0 +0100
+++ plv8-1.4.9.ds/debian/changelog  2017-03-22 19:01:08.0 +0100
@@ -1,3 +1,9 @@
+plv8 (1:1.4.9.ds-1) unstable; urgency=medium
+
+  * Security bugfix release: Check for permission to call functions.
+
+ -- Christoph Berg   Wed, 22 Mar 2017 19:01:08 +0100
+
 plv8 (1:1.4.8.ds-3) unstable; urgency=medium
 
   * Remove Evgeni from Uploaders. Thanks!
diff -Nru plv8-1.4.8.ds/expected/startup.out plv8-1.4.9.ds/expected/startup.out
--- plv8-1.4.8.ds/expected/startup.out  2013-06-20 16:49:58.0 +0200
+++ plv8-1.4.9.ds/expected/startup.out  2017-03-22 19:01:01.0 +0100
@@ -1,7 +1,7 @@
 -- test startup failure
 set plv8.start_proc = foo;
 do $$ plv8.elog(NOTICE, 'foo = ' + foo) $$ language plv8;
-WARNING:  failed to find js function function "foo" does not exist
+WARNING:  failed to find js function function "foo()" does not exist
 ERROR:  ReferenceError: foo is not defined
 DETAIL:  undefined() LINE 1:  plv8.elog(NOTICE, 'foo = ' + foo) 
 \c
diff -Nru plv8-1.4.8.ds/Makefile plv8-1.4.9.ds/Makefile
--- plv8-1.4.8.ds/Makefile  2016-04-21 11:00:49.0 +0200
+++ plv8-1.4.9.ds/Makefile  2017-03-22 19:01:01.0 +0100
@@ -12,7 +12,7 @@
 #   'make static' will download v8 and build, then statically link to it.
 #
 #-#
-PLV8_VERSION = 1.4.8
+PLV8_VERSION = 1.4.9
 
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
diff -Nru plv8-1.4.8.ds/META.json plv8-1.4.9.ds/META.json
--- plv8-1.4.8.ds/META.json 2016-04-21 11:00:49.0 +0200
+++ plv8-1.4.9.ds/META.json 2017-03-22 19:01:01.0 +0100
@@ -2,7 +2,7 @@
 "name": "plv8",
 "abstract": "A procedural language in JavaScript powered by V8",
 "description": "plv8 is a trusted procedural language that is safe to use, 
fast to run and easy to develop.",
-"version": "1.4.8",
+"version": "1.4.9",
 "maintainer": [
 "Jerry Sievert ",
 "Hitoshi Harada "
@@ -24,21 +24,21 @@
 },
 "provides": {
 "plv8": {
-"file": "plv8--1.4.8.sql",
+"file": "plv8--1.4.9.sql",
 "docfile": "doc/plv8.md",
-"version": "1.4.8",
+"version": "1.4.9",
 "abstract": "A procedural language in JavaScript"
  },
 "plcoffee": {
-"file": "plcoffee--1.4.8.sql",
+"file": "plcoffee--1.4.9.sql",
 "docfile": "doc/plv8.md",
-"version": "1.4.8",
+"version": "1.4.9",
 "abstract": "A procedural language in CoffeeScript"
  },
 "plls": {
-"file": "plls--1.4.8.sql",
+"file": "plls--1.4.9.sql",
 "docfile": "doc/plv8.md",
-"version": "1.4.8",
+"version": "1.4.9",
 "abstract": "A procedural language in LiveScript"
  }
 },
diff -Nru plv8-1.4.8.ds/plv8.cc plv8-1.4.9.ds/plv8.cc
--- plv8-1.4.8.ds/plv8.cc   2016-04-21 10:59:10.0 +0200
+++ plv8-1.4.9.ds/plv8.cc   2017-03-22 19:01:01.0 +0100
@@ -191,7 +191,7 @@
 _PG_init(void)
 {
HASHCTLhash_ctl = { 0 };
-   
+
hash_ctl.keysize = sizeof(Oid);
hash_ctl.entrysize = sizeof(plv8_proc_cache);
hash_ctl.hash = oid_hash;
@@ -1263,6 +1263,18 @@
return ThrowException(Exception::Error(String::New(message)));
 }
 
+static text *
+charToText(char *string)
+{
+   int len = strlen(string);
+   text *result = (text *) palloc(len + 1 + VARHDRSZ);
+
+   SET_VARSIZE(result, len + VARHDRSZ);
+   memcpy(VARDATA(result), string, len + 1);
+
+   return result;
+}
+
 static Persistent
 GetGlobalContext()
 {
@@ -1307,10 +1319,40 @@
Context::Scope  context_scope(global_context);
TryCatchtry_catch;
MemoryContext   ctx = CurrentMemoryContext;
+   text *arg1, *arg2;
+   FunctionCallInfoData fake_fcinfo;
+   FmgrInfoflinfo;
+
+   char proc[NAMEDATALEN + 32];
+   strcpy(proc, plv8_start_proc);
+   strcat(proc, "()");
+   char perm[16];
+   strcpy(perm, "EXECUTE");
+   arg1 = charToText(proc);
+   arg2 = charToText(perm);
+
+   MemSet(_fcinfo, 0, sizeof(fake_fcinfo));
+   MemSet(, 0, sizeof(flinfo));
+   

Bug#858649: unblock: postgresql-filedump/9.6.0-2

[Christoph Berg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package postgresql-filedump. The version currently in
testing FTBFSed on armhf in the +b1 binnmu round.

https://buildd.debian.org/status/logs.php?pkg=postgresql-filedump=armhf

Diff:

commit 7c97dcd25d2f5f051b400d97a6ef692f9e118bff
Author: Christoph Berg 
Date:   Sat Mar 18 14:32:18 2017 +0100

Disable PIE on 32bit archs; cf. #797530.

diff --git a/debian/changelog b/debian/changelog
index dac0cbd..a96d51e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+postgresql-filedump (9.6.0-2) unstable; urgency=medium
+
+  * Disable PIE on 32bit archs; cf. #797530.
+
+ -- Christoph Berg   Sat, 18 Mar 2017 14:28:04 +0100
+
 postgresql-filedump (9.6.0-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/rules b/debian/rules
index ca4bbea..d6c4c9f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,13 @@
 #!/usr/bin/make -f
 
+# disable PIE on 32bit because it's disabled in PostgreSQL's libpgport.a
+# as well, cf. comments in postgresql-9.6's debian/rules and #797530
+ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH_BITS || :),32)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+else
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+endif
+
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
 

unblock postgresql-filedump/9.6.0-2

Thanks,
Christoph


signature.asc
Description: PGP signature

Bug#858639: unblock: libdatetime-timezone-perl/1:2.09-1+2017b

[gregor herrmann]

On Fri, 24 Mar 2017 20:20:20 +0100, Emilio Pozuelo Monfort wrote:

> > I've uploaded libdatetime-timezone-perl 1:2.09-1+2017b to unstable
> > which incorporates the changes from tzdata 2017b. As usual as a quilt
> > patch touching only the timezone data files in lib/.
> 
> Yay to governments changing a country's timezones with two days' notice.

Yay indeed :/
 
> Thanks for the update, will unblock it in a moment (once respighi sees the 
> update).

Thank you!


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Led Zeppelin: Celebration Day


signature.asc
Description: Digital Signature

Bug#858642: jessie-pu: package libdatetime-timezone-perl/1:1.75-2+2017b

[gregor herrmann]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I've prepared an update for libdatetime-timezone-perl in jessie,
adding the changes from tzdata 2017b as a quilt patch.

The contemporary change is that Haiti now observes DST again,
starting already back on 2017-03-12.

Find attached a manually stripped down debdiff.


Thanks in advance,
gregor

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAljVcbJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaOfRAAhDAtBlbOXQOSWFcaNHO6VSd5xWO5A+Ifwf9GfC0ilIFGtpY2FX8gYtCB
qXPUFCqqIupdPxKpCSE3tMHnt08JWYnLyczRCp6M/4mWy/pimPQdoNowsQg82XTJ
a8ls6woB6raTIFyP8sP93EtMZsNrK4T9DFncCmf/Ifl9MHH9iXDbHXqyWxmGai2j
Watj43mA83WCz5cM1dOJ9DFcbW4GbGu3SzFXx5SpMcfy68OPlRs+IYUht1Gz4R9h
L25BhajtNcg5NIqr69wKkD/NCCwa3W8wwaq1CQglj1i9mP1JD382HXhTGbIy6wp7
olN+r3VSFJwSLec+ykyUCSlG8M27h7LvXfOEFg5V3MnRvt1+5fqfpWByBw29LcsK
3vzv+MyLI56MK0dmYPtIWNnOnA3tyy5RVaLV2JsR54jWch7O5G3WeALwb/v46kwx
sdEWtXprjnA3udPotR14I86UPbU4s0F6zexcFb9obRo973s5PrOiyujvV/RUClqq
SQSCHdkw6OI2ErOqjrsjIQcB8wS25pMA5k44LMOBLEcVl7AKknuhDVxS7DoTCmbq
E1zqRbHl6xQRXJnZ35ra8Ahd8CXwCjtUDnGtmXmwzQXgJkNxLxBl9DPPM+3bU0+b
f0eo2tv6HxcRyQEOVz7yEbMfeU2mSjMfR3Dn51m9ryp+wJDCZ5Y=
=p3rh
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-1.75/debian/changelog 
libdatetime-timezone-perl-1.75/debian/changelog
--- libdatetime-timezone-perl-1.75/debian/changelog 2017-03-09 
23:26:36.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/changelog 2017-03-24 
20:13:49.0 +0100
@@ -1,3 +1,10 @@
+libdatetime-timezone-perl (1:1.75-2+2017b) UNRELEASED; urgency=medium
+
+  * Update to Olson database version 2017b.
+This update contains contemporary changes for Haiti.
+
+ -- gregor herrmann   Fri, 24 Mar 2017 20:13:49 +0100
+
 libdatetime-timezone-perl (1:1.75-2+2017a) jessie; urgency=medium
 
   * Update to Olson database version 2017a.
diff -Nru libdatetime-timezone-perl-1.75/debian/patches/olson-2017b 
libdatetime-timezone-perl-1.75/debian/patches/olson-2017b
--- libdatetime-timezone-perl-1.75/debian/patches/olson-2017b   1970-01-01 
01:00:00.0 +0100
+++ libdatetime-timezone-perl-1.75/debian/patches/olson-2017b   2017-03-24 
20:13:49.0 +0100
@@ -0,0 +1,10015 @@
+Description: update to olson db 2017b
+Origin: vendor
+Author: gregor herrmann 
+Last-Update: 2017-03-24
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2017a
++# Generated from debian/tzdata/africa.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -39,7 +39,7 @@
+ ],
+ ];
+ 
+-sub olson_version { '2017a' }
++sub olson_version { '2017b' }
+ 
+ sub has_dst_changes { 0 }
+ 
+--- a/lib/DateTime/TimeZone/America/Port_au_Prince.pm
 b/lib/DateTime/TimeZone/America/Port_au_Prince.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2017a
++# Generated from debian/tzdata/northamerica.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -417,18 +417,225 @@
+ ],
+ [
+ 63582040800, #utc_start 2015-11-01 06:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #  utc_end
++63624985200, #  utc_end 2017-03-12 07:00:00 (Sun)
+ 63582022800, #  local_start 2015-11-01 01:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #local_end
++63624967200, #local_end 2017-03-12 02:00:00 (Sun)
+ -18000,
+ 0,
+ 'EST',
+ ],
++[
++63624985200, #utc_start 2017-03-12 07:00:00 (Sun)
++63645544800, #  utc_end 2017-11-05 06:00:00 (Sun)
++63624970800, #  local_start 2017-03-12 03:00:00 (Sun)
++63645530400, #local_end 2017-11-05 02:00:00 (Sun)
++-14400,
++1,
++'EDT',
++],
++[
++63645544800, #utc_start 2017-11-05 06:00:00 (Sun)
++63656434800, #  utc_end 2018-03-11 07:00:00 (Sun)
++63645526800, #  local_start 2017-11-05 01:00:00 (Sun)
++63656416800, #local_end 2018-03-11 02:00:00 (Sun)
++-18000,
++0,
++'EST',
++],
++[
++63656434800, #utc_start 2018-03-11 07:00:00 (Sun)
++63676994400, #  utc_end 2018-11-04 06:00:00 (Sun)
++63656420400, #  local_start 2018-03-11 03:00:00 (Sun)
++6367698, #local_end 2018-11-04 02:00:00 (Sun)
++-14400,
++1,
++'EDT',
++],
++[
++63676994400, #utc_start 2018-11-04 06:00:00 (Sun)
++63687884400, #  utc_end 2019-03-10 07:00:00 (Sun)
++63676976400, #  local_start 2018-11-04 01:00:00 (Sun)
++63687866400, #local_end 2019-03-10 02:00:00 (Sun)
++-18000,
++0,
++'EST',
++],
++[
++63687884400, #utc_start 2019-03-10 07:00:00 (Sun)

Bug#858639: marked as done (unblock: libdatetime-timezone-perl/1:2.09-1+2017b)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 19:21:03 +
with message-id 
and subject line unblock libdatetime-timezone-perl
has caused the Debian Bug report #858639,
regarding unblock: libdatetime-timezone-perl/1:2.09-1+2017b
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858639
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

unblock libdatetime-timezone-perl/1:2.09-1+2017b

I've uploaded libdatetime-timezone-perl 1:2.09-1+2017b to unstable
which incorporates the changes from tzdata 2017b. As usual as a quilt
patch touching only the timezone data files in lib/.

Manually stripped down debdiff attached.


Thanks in advance,
gregor

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAljVbttfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaxMw/9FScziCftw4ofb2+cmL3QDRbpaJAwL23/gXb/cKdyPfmYpkIEdB/xMRd9
XZRf6/2HUi8PiqpjEN68XEv/J96BkW/OHjXkyX0KPw5Pcz8FGOrJW9vJ4m1BngI6
zhNm/rrR61/UDGGC8Bco1srCmGMlRJSx60j71u0VvMSy8VrmtQu7HZsWGTei7ufR
Q5lRjcC0B0UyX2T2h2atBH2NLpgP2LuUdfLw5Dc7kGMYmwcAeXHsQ+mm6egKzIir
HRBwPAJHCD6fUXzZNTzCllxa04QhRiKjgK+MdTVGgs0gDbBVESM+QLhnFljswtzk
/FJk5lNEVLwJ4IqkX7qVV6kkFEbjpOx2UQhXsT6+GSryTOkoziWEjgB1H/X2Schz
oD5Mb2dmvlo8JJQRcfeRMJZvy1fBDeqvpE5dBGr0/cV3ZXO9gk28987UpGwDvWZk
OGJoFGIfn1XDh/jpzYSN0UaKIIrX0RPQEXQWQ9Md4gBu01gv+3Kext49Nyjkb13c
ut4cuVQrYcB8/MXgSeYNddbyTowdjNAVs+dv37CfHs1qGfuJBx82Gd23+F+DVgZe
HagkfND9KObuUDj/xBkw4Xbc2z4qZ8iyxu845gM8KSmDw5FGz+5Xp84cPjI5Hv+m
eVrRGLKJqz1HNy1h1Iqr5vyDX9bBcYTUlrlj4/eKzByZbvccUhA=
=VKz0
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-2.09/debian/changelog 
libdatetime-timezone-perl-2.09/debian/changelog
--- libdatetime-timezone-perl-2.09/debian/changelog 2017-03-03 
00:24:02.0 +0100
+++ libdatetime-timezone-perl-2.09/debian/changelog 2017-03-24 
20:02:23.0 +0100
@@ -1,3 +1,10 @@
+libdatetime-timezone-perl (1:2.09-1+2017b) unstable; urgency=medium
+
+  * Update to Olson database version 2017b.
+This update contains contemporary changes for Haiti.
+
+ -- gregor herrmann   Fri, 24 Mar 2017 20:02:23 +0100
+
 libdatetime-timezone-perl (1:2.09-1+2017a) unstable; urgency=medium
 
   * Update to Olson database version 2017a.
diff -Nru libdatetime-timezone-perl-2.09/debian/patches/olson-2017b 
libdatetime-timezone-perl-2.09/debian/patches/olson-2017b
--- libdatetime-timezone-perl-2.09/debian/patches/olson-2017b   1970-01-01 
01:00:00.0 +0100
+++ libdatetime-timezone-perl-2.09/debian/patches/olson-2017b   2017-03-24 
20:02:23.0 +0100
@@ -0,0 +1,10173 @@
+Description: update to olson db 2017b
+Origin: vendor
+Author: gregor herrmann 
+Last-Update: 2017-03-24
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2017a
++# Generated from debian/tzdata/africa.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -43,7 +43,7 @@
+ ],
+ ];
+ 
+-sub olson_version {'2017a'}
++sub olson_version {'2017b'}
+ 
+ sub has_dst_changes {0}
+ 
+--- a/lib/DateTime/TimeZone/America/Port_au_Prince.pm
 b/lib/DateTime/TimeZone/America/Port_au_Prince.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2017a
++# Generated from debian/tzdata/northamerica.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -421,18 +421,225 @@
+ ],
+ [
+ 63582040800, #utc_start 2015-11-01 06:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #  utc_end
++63624985200, #  utc_end 2017-03-12 07:00:00 (Sun)
+ 63582022800, #  local_start 2015-11-01 01:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #local_end
++63624967200, #local_end 2017-03-12 02:00:00 (Sun)
+ -18000,
+ 0,
+ 'EST',
+ ],
++[
++63624985200, #utc_start 2017-03-12 07:00:00 (Sun)
++63645544800, #  utc_end 2017-11-05 06:00:00 (Sun)
++63624970800, #  local_start 2017-03-12 03:00:00 (Sun)
++63645530400, #local_end 2017-11-05 02:00:00 (Sun)
++-14400,
++1,
++'EDT',
++],
++[
++63645544800, # 

Bug#858639: unblock: libdatetime-timezone-perl/1:2.09-1+2017b

[Emilio Pozuelo Monfort]

On 24/03/17 20:09, gregor herrmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> unblock libdatetime-timezone-perl/1:2.09-1+2017b
> 
> I've uploaded libdatetime-timezone-perl 1:2.09-1+2017b to unstable
> which incorporates the changes from tzdata 2017b. As usual as a quilt
> patch touching only the timezone data files in lib/.
> 
> Manually stripped down debdiff attached.

Yay to governments changing a country's timezones with two days' notice.

Thanks for the update, will unblock it in a moment (once respighi sees the 
update).

Cheers,
Emilio

Bug#858639: unblock: libdatetime-timezone-perl/1:2.09-1+2017b

[gregor herrmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

unblock libdatetime-timezone-perl/1:2.09-1+2017b

I've uploaded libdatetime-timezone-perl 1:2.09-1+2017b to unstable
which incorporates the changes from tzdata 2017b. As usual as a quilt
patch touching only the timezone data files in lib/.

Manually stripped down debdiff attached.


Thanks in advance,
gregor

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAljVbttfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaxMw/9FScziCftw4ofb2+cmL3QDRbpaJAwL23/gXb/cKdyPfmYpkIEdB/xMRd9
XZRf6/2HUi8PiqpjEN68XEv/J96BkW/OHjXkyX0KPw5Pcz8FGOrJW9vJ4m1BngI6
zhNm/rrR61/UDGGC8Bco1srCmGMlRJSx60j71u0VvMSy8VrmtQu7HZsWGTei7ufR
Q5lRjcC0B0UyX2T2h2atBH2NLpgP2LuUdfLw5Dc7kGMYmwcAeXHsQ+mm6egKzIir
HRBwPAJHCD6fUXzZNTzCllxa04QhRiKjgK+MdTVGgs0gDbBVESM+QLhnFljswtzk
/FJk5lNEVLwJ4IqkX7qVV6kkFEbjpOx2UQhXsT6+GSryTOkoziWEjgB1H/X2Schz
oD5Mb2dmvlo8JJQRcfeRMJZvy1fBDeqvpE5dBGr0/cV3ZXO9gk28987UpGwDvWZk
OGJoFGIfn1XDh/jpzYSN0UaKIIrX0RPQEXQWQ9Md4gBu01gv+3Kext49Nyjkb13c
ut4cuVQrYcB8/MXgSeYNddbyTowdjNAVs+dv37CfHs1qGfuJBx82Gd23+F+DVgZe
HagkfND9KObuUDj/xBkw4Xbc2z4qZ8iyxu845gM8KSmDw5FGz+5Xp84cPjI5Hv+m
eVrRGLKJqz1HNy1h1Iqr5vyDX9bBcYTUlrlj4/eKzByZbvccUhA=
=VKz0
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-2.09/debian/changelog 
libdatetime-timezone-perl-2.09/debian/changelog
--- libdatetime-timezone-perl-2.09/debian/changelog 2017-03-03 
00:24:02.0 +0100
+++ libdatetime-timezone-perl-2.09/debian/changelog 2017-03-24 
20:02:23.0 +0100
@@ -1,3 +1,10 @@
+libdatetime-timezone-perl (1:2.09-1+2017b) unstable; urgency=medium
+
+  * Update to Olson database version 2017b.
+This update contains contemporary changes for Haiti.
+
+ -- gregor herrmann   Fri, 24 Mar 2017 20:02:23 +0100
+
 libdatetime-timezone-perl (1:2.09-1+2017a) unstable; urgency=medium
 
   * Update to Olson database version 2017a.
diff -Nru libdatetime-timezone-perl-2.09/debian/patches/olson-2017b 
libdatetime-timezone-perl-2.09/debian/patches/olson-2017b
--- libdatetime-timezone-perl-2.09/debian/patches/olson-2017b   1970-01-01 
01:00:00.0 +0100
+++ libdatetime-timezone-perl-2.09/debian/patches/olson-2017b   2017-03-24 
20:02:23.0 +0100
@@ -0,0 +1,10173 @@
+Description: update to olson db 2017b
+Origin: vendor
+Author: gregor herrmann 
+Last-Update: 2017-03-24
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2017a
++# Generated from debian/tzdata/africa.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -43,7 +43,7 @@
+ ],
+ ];
+ 
+-sub olson_version {'2017a'}
++sub olson_version {'2017b'}
+ 
+ sub has_dst_changes {0}
+ 
+--- a/lib/DateTime/TimeZone/America/Port_au_Prince.pm
 b/lib/DateTime/TimeZone/America/Port_au_Prince.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/northamerica.  Olson data version 2017a
++# Generated from debian/tzdata/northamerica.  Olson data version 2017b
+ #
+ # Do not edit this file directly.
+ #
+@@ -421,18 +421,225 @@
+ ],
+ [
+ 63582040800, #utc_start 2015-11-01 06:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #  utc_end
++63624985200, #  utc_end 2017-03-12 07:00:00 (Sun)
+ 63582022800, #  local_start 2015-11-01 01:00:00 (Sun)
+-DateTime::TimeZone::INFINITY, #local_end
++63624967200, #local_end 2017-03-12 02:00:00 (Sun)
+ -18000,
+ 0,
+ 'EST',
+ ],
++[
++63624985200, #utc_start 2017-03-12 07:00:00 (Sun)
++63645544800, #  utc_end 2017-11-05 06:00:00 (Sun)
++63624970800, #  local_start 2017-03-12 03:00:00 (Sun)
++63645530400, #local_end 2017-11-05 02:00:00 (Sun)
++-14400,
++1,
++'EDT',
++],
++[
++63645544800, #utc_start 2017-11-05 06:00:00 (Sun)
++63656434800, #  utc_end 2018-03-11 07:00:00 (Sun)
++63645526800, #  local_start 2017-11-05 01:00:00 (Sun)
++63656416800, #local_end 2018-03-11 02:00:00 (Sun)
++-18000,
++0,
++'EST',
++],
++[
++63656434800, #utc_start 2018-03-11 07:00:00 (Sun)
++63676994400, #  utc_end 2018-11-04 06:00:00 (Sun)
++63656420400, #  local_start 2018-03-11 03:00:00 (Sun)
++6367698, #local_end 2018-11-04 02:00:00 (Sun)
++-14400,
++1,
++'EDT',
++],
++[
++63676994400, #utc_start 2018-11-04 06:00:00 (Sun)
++63687884400, #  utc_end 2019-03-10 07:00:00 (Sun)
++63676976400, #  local_start 2018-11-04 01:00:00 (Sun)
++63687866400, #local_end 2019-03-10 02:00:00 (Sun)
++-18000,
++0,
++'EST',
++],
++[
++63687884400, #utc_start 2019-03-10 07:00:00 (Sun)
++63708444000, 

Bug#858638: unblock: postgis-2.3.1+dfsg-2

[Markus Wanner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Sebastiaan Couwenberg 

Dear release team,

please unblock package postgis, it kind of FTBFS [0]:

When rebuilding on current stretch, the SQL scripts generated start with
an escape character, rather than a backslash. This in turn prevents the
postgis extension from being newly created for a database (existing
instances would still work).

This is due to a bashism in the Makefiles generating the SQL scripts
during the build. The additional patch avoid-bashisms.patch fixes that.

Kind Regards

Markus Wanner


[0]: Debian Issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858610

[1]: Original PgApt Issue:
https://redmine.postgresql.org/issues/2279
diff -Nru postgis-2.3.1+dfsg/debian/changelog 
postgis-2.3.1+dfsg/debian/changelog
--- postgis-2.3.1+dfsg/debian/changelog 2016-11-29 00:32:50.0 +0100
+++ postgis-2.3.1+dfsg/debian/changelog 2017-03-24 19:35:00.0 +0100
@@ -1,3 +1,10 @@
+postgis (2.3.1+dfsg-2) unstable; urgency=medium
+
+  * Add patch avoid-bashisms.patch to fix the generated sql files.
+Closes: #858610.
+
+ -- Markus Wanner   Fri, 24 Mar 2017 19:35:00 +0100
+
 postgis (2.3.1+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru postgis-2.3.1+dfsg/debian/patches/avoid-bashisms.patch 
postgis-2.3.1+dfsg/debian/patches/avoid-bashisms.patch
--- postgis-2.3.1+dfsg/debian/patches/avoid-bashisms.patch  1970-01-01 
01:00:00.0 +0100
+++ postgis-2.3.1+dfsg/debian/patches/avoid-bashisms.patch  2017-03-24 
19:35:00.0 +0100
@@ -0,0 +1,37 @@
+Description: Avoid a few bashisms resulting in invalid SQL files
+ An echo that's supposed to output a backslash works with bash, but not
+ in dash. Use printf, instead.
+Author: Markus Wanner 
+Forwarded: yes, 
https://lists.osgeo.org/pipermail/postgis-devel/2017-March/026135.html
+
+--- a/extensions/postgis/Makefile.in
 b/extensions/postgis/Makefile.in
+@@ -39,7 +39,7 @@
+ 
+ sql/$(EXTENSION).sql: sql_bits/postgis.sql sql_bits/postgis_comments.sql 
sql_bits/rtpostgis.sql sql_bits/spatial_ref_sys_config_dump.sql 
sql_bits/raster_comments.sql sql_bits/spatial_ref_sys.sql
+   mkdir -p sql
+-  echo '\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\quit' > $@
++  printf '\\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\\quit\n' > $@
+   cat $^ >> $@
+ 
+ sql/$(EXTENSION)--$(EXTVERSION).sql: sql/$(EXTENSION).sql
+@@ -94,7 +94,7 @@
+ 
+ #postgis_extension_upgrade_minor.sql is the one that contains both postgis 
AND raster
+ sql_bits/postgis_extension_upgrade_minor.sql: ../postgis_extension_helper.sql 
sql_bits/postgis_upgrade.sql sql_bits/rtpostgis_upgrade.sql 
../../doc/raster_comments.sql ../../doc/postgis_comments.sql 
../postgis_extension_helper_uninstall.sql
+-  echo '\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\quit' > $@
++  printf '\\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\\quit\n' > $@
+   cat $^ >> $@
+ 
+ sql_minor_upgrade: sql_bits/postgis_extension_upgrade_minor.sql
+--- a/extensions/postgis_sfcgal/Makefile.in
 b/extensions/postgis_sfcgal/Makefile.in
+@@ -74,7 +74,7 @@
+ 
+ sql_bits/sfcgal_upgrade_minor.sql: ../postgis_extension_helper.sql 
sql_bits/sfcgal_upgrade.sql ../../doc/sfcgal_comments.sql 
../postgis_extension_helper_uninstall.sql
+   mkdir -p sql_bits
+-  echo '\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\quit' > $@
++  printf '\\echo Use "CREATE EXTENSION $(EXTENSION)" to load this file. 
\\quit\n' > $@
+   cat $^ >> $@
+ 
+ sql_minor_upgrade: sql_bits/sfcgal_upgrade_minor.sql
diff -Nru postgis-2.3.1+dfsg/debian/patches/series 
postgis-2.3.1+dfsg/debian/patches/series
--- postgis-2.3.1+dfsg/debian/patches/series2016-10-21 11:41:00.0 
+0200
+++ postgis-2.3.1+dfsg/debian/patches/series2017-03-24 19:35:00.0 
+0100
@@ -1,2 +1,3 @@
+avoid-bashisms.patch
 link-liblwgeom
 relax-test-timing-constraints.patch


signature.asc
Description: OpenPGP digital signature

Bug#858607: unblock: ocserv/0.11.6-2

[Emilio Pozuelo Monfort]

Control: reopen -1

On 24/03/17 19:17, Emilio Pozuelo Monfort wrote:
> On 24/03/17 12:49, Aron Xu wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock ocserv/0.11.6-2, this update includes four simple
>> patches cherry picked from upstream later releases, used to improve
>> firewall handling and MTU/MSS calculation.
> 
> It's already unblocked.

Actually it's not. I replied to the wrong bug. Reopening.

Emilio

Processed: Re: Bug#858607: unblock: ocserv/0.11.6-2

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #858607 {Done: Emilio Pozuelo Monfort } 
[release.debian.org] unblock: ocserv/0.11.6-2
Bug reopened
Ignoring request to alter fixed versions of bug #858607 to the same values 
previously set

-- 
858607: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858607
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#858613: unblock: kwin/4:5.8.6-1

[Emilio Pozuelo Monfort]

Control: tags -1 confirmed moreinfo

On 24/03/17 15:12, Maximiliano Curia wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> 
> KDE Plasma 5.8 is an LTS release that I consider fit to be updated in 
> stretch. 
> This particular request is for kwin 5.8.6.
> 
> The fixes included in the kwin 5.8.6 release are: 
>  translation updates
>  6 bug fixes:
>+ Find minimum required Breeze version instead of current version (cb481b4)
>  This is a somewhat Debian specific fix, noticed by upstream
>+ Avoid a crash on Kwin decoration KCM teardown (70d2fb2) (Closes: 846508)
>  KDE#373628
>+ Support modifier-only-shortcuts when capslock is on (5a87fa3 0acfebd)
>  KDE#375355
>+ Translate the layout name when passing to layout change OSD (a3be3e8e)
>+ Fixed initial graying out options in Cube Effect settings (a43049f)
>+ [TabBox] Remember current model index on SwitcherItem model set (e019c9f)
>   KDE#333511
> 
> Also in the 5.8.5 release there was an extra bug fix:
>+ Align configure button consistently across delegates (d0e0f6c)
>  KDE#372685
> 
> On the Debian side of changes we improve the runtime dependencies (#848523 
> #855410), update the description for kwin wayland (#848524).

Go ahead.

Emilio

Bug#858597: marked as done (unblock: ga/5.4~beta~r10636+dfsg-5)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 18:20:50 +
with message-id 
and subject line unblock ga
has caused the Debian Bug report #858597,
regarding unblock: ga/5.4~beta~r10636+dfsg-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi release team

In order to fix #816699, ga was configured to build against
libarmci-mpi-dev from src:armci-mpi.
Around the same time, armci-mpi was binNMU'd for PIE rebuilds and it
was found that it FTBFS about 50% of the time on 32-bit architectures,
see #816305.

I fixed #816305 with the upload of armci-mpi/0.0~git20160222-2, and
followed it up the next day with the upload of
ga/5.4~beta~r10636+dfsg-5, applying the same fix for #846273 and a fix
for #857177.

Armci-mpi was already unblocked without me even having to ask
(thanks!), so please unblock ga as well.  A full debdiff is attached,

unblock ga/5.4~beta~r10636+dfsg-5

Regards
Graham


ga-unblock.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Processed: Re: Bug#858613: unblock: kwin/4:5.8.6-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed moreinfo
Bug #858613 [release.debian.org] unblock: kwin/4:5.8.6-1
Added tag(s) moreinfo and confirmed.

-- 
858613: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858613
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#858600: marked as done (unblock: gladtex/2.1-2)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 19:19:08 +0100
with message-id <6b64c7e2-3c4c-044d-922b-a230e6d80...@debian.org>
and subject line Re: Bug#858600: unblock: gladtex/2.1-2
has caused the Debian Bug report #858600,
regarding unblock: gladtex/2.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858600: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858600
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gladtex

The version in testing depends on the wrong texlive packages and hence won't
work for users not using a full texlive setup.

Furthermore, the package has issues with the locale, which I believe is fixed
with a minimal patch.

I have tried the new package in a minimal, clean [Stretch] pbuilder chroot and
it works fine.

The (short) debdiff is attached.

Thanks

unblock gladtex/2.1-2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (450, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gladtex-2.1/debian/changelog gladtex-2.1/debian/changelog
--- gladtex-2.1/debian/changelog2016-08-30 17:48:08.0 +0200
+++ gladtex-2.1/debian/changelog2017-03-16 11:35:43.0 +0100
@@ -1,3 +1,10 @@
+gladtex (2.1-2) unstable; urgency=medium
+
+  * correct dependency information for library package (Closes: #857911)
+  * add ability to work in environments without locale set up
+
+ -- Sebastian Humenda   Thu, 16 Mar 2017 11:35:43 +0100
+
 gladtex (2.1-1) unstable; urgency=medium
 
   * new upstream release
diff -Nru gladtex-2.1/debian/control gladtex-2.1/debian/control
--- gladtex-2.1/debian/control  2016-08-30 17:48:08.0 +0200
+++ gladtex-2.1/debian/control  2017-03-16 11:35:43.0 +0100
@@ -10,7 +10,8 @@
 
 Package: python3-gleetex
 Architecture: all
-Depends: ${misc:Depends}, ${python3:Depends}, texlive-latex-base, 
preview-latex-style, dvipng
+Depends: ${misc:Depends}, ${python3:Depends}, texlive-latex-recommended,
+texlive-fonts-recommended, preview-latex-style, dvipng
 Description: Module to embed LaTeX equations in HTML files
  GleeTeX is a python module to create images from formulas. It can parse HTML
  documents and replace all occurrences of some formula through images.
diff -Nru gladtex-2.1/debian/patches/ignore_unset_locale 
gladtex-2.1/debian/patches/ignore_unset_locale
--- gladtex-2.1/debian/patches/ignore_unset_locale  1970-01-01 
01:00:00.0 +0100
+++ gladtex-2.1/debian/patches/ignore_unset_locale  2017-03-16 
11:35:43.0 +0100
@@ -0,0 +1,28 @@
+Description: correctly handle unset locale
+ The program couldn't handle an unset locale and failed to work under such
+ circumstances. The minimal patch corrects this behaviour.
+ It has been applied upstream, too.
+Author: Sebastian Humenda 
+Last-Update: <2017-03-16>
+
+Index: gladtex/gleetex/document.py
+===
+--- gladtex.orig/gleetex/document.py
 gladtex/gleetex/document.py
+@@ -190,12 +190,14 @@ class LaTeXDocument:
+ # try to guess language and hence character set (fontenc)
+ import locale
+ language = locale.getdefaultlocale()
+-if language: # extract just the language code
++if language and language[0]: # extract just the language code
+ language = language[0].split('_')[0]
++if not language or not language[0]:
++language = 'en'
+ # check whether language on computer is within T1 and hence 
whether
+ # it should be loaded; I know that this can be a misleading
+ # assumption, but there's no better way that I know of
+-if language in ['fr', 'es', 'it', 'de', 'nl', 'ro']:
++if language in ['fr', 'es', 'it', 'de', 'nl', 'ro', 'en']:
+ encoding_preamble += '\n\\usepackage[T1]{fontenc}'
+ else:
+ raise ValueError(("Language not supported by T1 fontenc "
diff -Nru gladtex-2.1/debian/patches/series gladtex-2.1/debian/patches/series
--- gladtex-2.1/debian/patches/series   2016-08-30 17:48:08.0 +0200
+++ 

Bug#858607: marked as done (unblock: ocserv/0.11.6-2)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 19:17:03 +0100
with message-id <8bf06993-6ea5-1725-0e04-b30ae6a24...@debian.org>
and subject line Re: Bug#858607: unblock: ocserv/0.11.6-2
has caused the Debian Bug report #858607,
regarding unblock: ocserv/0.11.6-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858607: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858607
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock ocserv/0.11.6-2, this update includes four simple
patches cherry picked from upstream later releases, used to improve
firewall handling and MTU/MSS calculation.

Patches are attached.

Regards,
Aron
From 9f735613c496a17461f60a75caf2f394ae781d4c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos 
Date: Thu, 23 Feb 2017 09:54:05 +0100
Subject: [PATCH 7/7] worker-vpn: use TCP_INFO on linux to obtain accurate MTU
 information

This provides a more accurate value than the one obtained using the
TCP MSS value. The latter is affected by many factors (such as tcp
options), to provide a reliable value.

Signed-off-by: Nikos Mavrogiannopoulos 
---
 src/worker-vpn.c | 80 +---
 1 file changed, 48 insertions(+), 32 deletions(-)

diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index ea80ebd..311fc2a 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -48,7 +48,7 @@
 #include 
 #include 
 
-#if defined(__linux__) &&!defined(IPV6_PATHMTU)
+#if defined(__linux__) && !defined(IPV6_PATHMTU)
 # define IPV6_PATHMTU 61
 #endif
 
@@ -942,11 +942,45 @@ void mtu_ok(worker_st * ws)
 			x += r % diff; \
 		}
 
+int get_pmtu_approx(worker_st *ws)
+{
+	socklen_t sl;
+	int ret, e;
+
+#if defined(__linux__) && defined(TCP_INFO)
+	struct tcp_info ti;
+	sl = sizeof(ti);
+
+	ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_INFO, , );
+	if (ret == -1) {
+		e = errno;
+		oclog(ws, LOG_INFO, "error in getting TCP_INFO: %s",
+		  strerror(e));
+		return -1; 
+	} else {
+		return ti.tcpi_pmtu;
+	}
+#else
+	int max = -1;
+
+	sl = sizeof(max);
+	ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
+	if (ret == -1) {
+		e = errno;
+		oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
+		  strerror(e));
+		return -1;
+	} else {
+		MSS_ADJUST(max);
+		return max;
+	}
+#endif
+}
+
 static
 int periodic_check(worker_st * ws, struct timespec *tnow, unsigned dpd)
 {
-	socklen_t sl;
-	int max, e, ret;
+	int max, ret;
 	time_t now = tnow->tv_sec;
 	time_t periodic_check_time = PERIODIC_CHECK_TIME;
 
@@ -1036,20 +1070,11 @@ int periodic_check(worker_st * ws, struct timespec *tnow, unsigned dpd)
 	}
 
 	if (ws->conn_type != SOCK_TYPE_UNIX && ws->udp_state != UP_DISABLED) {
-		sl = sizeof(max);
-		ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
-		if (ret == -1) {
-			e = errno;
-			oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
-			  strerror(e));
-		} else {
-			MSS_ADJUST(max);
-			/*oclog(ws, LOG_DEBUG, "TCP MSS is %u", max); */
-			if (max > 0 && max < ws->link_mtu) {
-oclog(ws, LOG_DEBUG, "reducing MTU due to TCP MSS to %u",
-  max);
-link_mtu_set(ws, max);
-			}
+		max = get_pmtu_approx(ws);
+		if (max > 0 && max < ws->link_mtu) {
+			oclog(ws, LOG_DEBUG, "reducing MTU due to TCP/PMTU to %u",
+			  max);
+			link_mtu_set(ws, max);
 		}
 	}
 
@@ -1571,7 +1596,7 @@ static int connect_handler(worker_st * ws)
 	struct http_req_st *req = >req;
 	struct pollfd pfd[4];
 	unsigned pfd_size;
-	int e, max, ret, t;
+	int max, ret, t;
 	char *p;
 	unsigned rnd;
 #ifdef HAVE_PPOLL
@@ -1580,7 +1605,6 @@ static int connect_handler(worker_st * ws)
 	unsigned tls_pending, dtls_pending = 0, i;
 	struct timespec tnow;
 	unsigned ip6;
-	socklen_t sl;
 	sigset_t emptyset, blockset;
 
 	sigemptyset();
@@ -1693,19 +1717,11 @@ static int connect_handler(worker_st * ws)
 	/* Attempt to use the TCP connection maximum segment size to set a more
 	 * precise MTU. */
 	if (ws->conn_type != SOCK_TYPE_UNIX) {
-		sl = sizeof(max);
-		ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
-		if (ret == -1) {
-			e = errno;
-			oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
-			  strerror(e));
-		} else {
-			MSS_ADJUST(max);
-			if (max > 0 && max < ws->vinfo.mtu) {
-oclog(ws, LOG_INFO,
-  "reducing MTU due to TCP MSS to %u (from %u)", max, ws->vinfo.mtu);
-ws->vinfo.mtu = max;
-			}
+		max = get_pmtu_approx(ws);
+		if (max > 0 && max < ws->vinfo.mtu) 

Bug#858542: marked as done (unblock: kdeplasma-addons/4:5.8.5-2)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 18:14:44 +
with message-id 
and subject line unblock kdeplasma-addons
has caused the Debian Bug report #858542,
regarding unblock: kdeplasma-addons/4:5.8.5-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

KDE Plasma 5.8 is an LTS release that I consider fit to be updated in stretch. 
This particular request is for kdeplasma-addons 5.8.5.

The fixes included in the kdeplasma-addons 5.8.5 release are: 
 translation updates
 1 bug fix:
  + Fix plasmashell crash caused by the comic plasmoid (7195311)

No changes worth mentioning on the Debian side.

The full debdiff is quite large (1.5M), mostly changes in the po files, I've 
published it in:
 https://freak.gnuservers.com.ar/~maxy/debian/kdeplasma-addons_5.8.5_unblock/
I'm attaching a poless version of the debdiff (69K), and the gitlogs of the 
upstream changes.

Currently the version 4:5.8.5-1 is in experimental, and I'll upload the
4:5.8.5-2 version to unstable if this gets approved.

Please unblock package kdeplasma-addons

Happy hacking,

unblock kdeplasma-addons/4:5.8.5-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#858635: unblock (pre-approval): dbus/1.10.18-1 with #857660 fixed

[Simon McVittie]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I would like to check whether the fix for #857660 (fd.o #92832) is
something the release team would be comfortable with seeing in stretch,
or whether it should be deferred to buster. I was recently able to get
it tested and reviewed by SELinux users other than its author.
It is already fixed in experimental (1.11.x, targeted to become 1.12.x in
buster), and I haven't had bug reports about 1.11.x from Fedora (who
adopted it early for some reason).

If the release team approves in principle, I'll either release just
this change as 1.10.18, or include it in a 1.10.18 that fixes some more
serious bug or vulnerability if one comes up. If not, I'll revert it
from the 1.10.x branch, and it can wait for buster. I have no particular
horse in this race: I don't use SELinux, and it's only a normal-severity
bug, so I'm happy to either fix it or revert.

Git diff attached; the actual debdiff would be this, plus debian/changelog,
plus some Autotools noise.

Thanks,
S
diff --git a/NEWS b/NEWS
index 59efcfa7..27fe726d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,12 @@
+D-Bus 1.10.18 (UNRELEASED)
+==
+
+Fixes:
+
+• Re-order dbus-daemon startup so that on SELinux systems, the thread
+  that reads AVC notifications retains the ability to write to the
+  audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
+
 D-Bus 1.10.16 (2017-02-16)
 ==
 
@@ -24,7 +33,7 @@ Fixes:
 
   On Unix systems we strongly recommend using only the unix: and systemd:
   transports, together with EXTERNAL authentication. These are the only
-  transports and authentication mechanisms enabled by default,
+  transports and authentication mechanisms enabled by default.
 
   (fd.o #99828, Simon McVittie)
 
diff --git a/bus/bus.c b/bus/bus.c
index 128ae3c2..fd4ab9e4 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -931,6 +931,27 @@ bus_context_new (const DBusString *config_file,
   !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
 _dbus_pipe_close (print_pid_pipe, NULL);
 
+  /* Here we change our credentials if required,
+   * as soon as we've set up our sockets and pidfile.
+   * This must be done before initializing LSMs, so that the netlink
+   * monitoring thread started by avc_init() will not lose CAP_AUDIT_WRITE
+   * when the main thread calls setuid().
+   * https://bugs.freedesktop.org/show_bug.cgi?id=92832
+   */
+  if (context->user != NULL)
+{
+  if (!_dbus_change_to_daemon_user (context->user, error))
+	{
+	  _DBUS_ASSERT_ERROR_IS_SET (error);
+	  goto failed;
+	}
+}
+
+  /* Auditing should be initialized before LSMs, so that the LSMs are able
+   * to log audit-events that happen during their initialization.
+   */
+  bus_audit_init (context);
+
   if (!bus_selinux_full_init ())
 {
   bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but D-Bus initialization failed; check system log\n");
@@ -950,6 +971,11 @@ bus_context_new (const DBusString *config_file,
  "AppArmor D-Bus mediation is enabled\n");
 }
 
+  /* When SELinux is used, this must happen after bus_selinux_full_init()
+   * so that it has access to the access vector cache, which is required
+   * to process  elements.
+   * http://lists.freedesktop.org/archives/dbus/2008-October/010491.html
+   */
   if (!process_config_postinit (context, parser, error))
 {
   _DBUS_ASSERT_ERROR_IS_SET (error);
@@ -962,20 +988,6 @@ bus_context_new (const DBusString *config_file,
   parser = NULL;
 }
 
-  /* Here we change our credentials if required,
-   * as soon as we've set up our sockets and pidfile
-   */
-  if (context->user != NULL)
-{
-  if (!_dbus_change_to_daemon_user (context->user, error))
-	{
-	  _DBUS_ASSERT_ERROR_IS_SET (error);
-	  goto failed;
-	}
-}
-
-  bus_audit_init (context);
-
   dbus_server_free_data_slot (_data_slot);
 
   return context;
diff --git a/configure.ac b/configure.ac
index 9ad52fff..db4679d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [10])
-m4_define([dbus_micro_version], [16])
+m4_define([dbus_micro_version], [17])
 m4_define([dbus_version],
   [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])

Please don't remove npm from Stretch

[Thomas Goirand]

Hi,

I very much don't agree with the set of arguments in the #857986 bug
report. Npm can be used for a large amount of things, of which may not
include downloading and installing the very latest version of a
Javascript module. Therefore, the package is still useable for a wide
set of functionalities within the scope of Debian and the set of package
we have (for example, for rebuilding).

Also, removing such a non-leaf package at this point of the release is a
way too late. IMO, a bug should have been opened a long time ago asking
for an upgrade of the package.

Last, at this point in time, I believe we should discuss the issue with
the release team. They may agree, for example, that we upgrade the
package to a newer version (this is unlikely, but it is up to them to
tell). They may don't agree that we "fix" so many source package to
remove the build-dependency. Anyway, the solution should be discuss with
them. Therefore, I'm CC-ing the release team.

In any case, once Stretch is released, we must make sure such an
important package gets better maintenance, and follow upstream closely.

Cheers,

Thomas Goirand (zigo)

Processed: Re: Bug#858542: unblock: kdeplasma-addons/4:5.8.5-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #858542 [release.debian.org] unblock: kdeplasma-addons/4:5.8.5-2
Removed tag(s) moreinfo.

-- 
858542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#858542: unblock: kdeplasma-addons/4:5.8.5-2

[Maximiliano Curia]

Control: tags -1 - moreinfo

¡Hola Emilio!

El 2017-03-23 a las 18:01 +0100, Emilio Pozuelo Monfort escribió:

Control: tags -1 confirmed moreinfo



On 23/03/17 10:23, Maximiliano Curia wrote:
Package: release.debian.org 
Severity: normal 
User: release.debian@packages.debian.org 
Usertags: unblock


KDE Plasma 5.8 is an LTS release that I consider fit to be updated in stretch. 
This particular request is for kdeplasma-addons 5.8.5.



The fixes included in the kdeplasma-addons 5.8.5 release are:
 translation updates 
 1 bug fix:

  + Fix plasmashell crash caused by the comic plasmoid (7195311)



No changes worth mentioning on the Debian side.


The full debdiff is quite large (1.5M), mostly changes in the po files, I've 
published it in:
 https://freak.gnuservers.com.ar/~maxy/debian/kdeplasma-addons_5.8.5_unblock/ 
I'm attaching a poless version of the debdiff (69K), and the gitlogs of the 
upstream changes.


Currently the version 4:5.8.5-1 is in experimental, and I'll upload the 
4:5.8.5-2 version to unstable if this gets approved.



Please unblock package kdeplasma-addons



Go ahead.


Thanks, uploaded and already installed in all the release archs.

Happy hacking,
--
"By definition, when you are investigating the unknown, you do not know what
you will find"
-- The Ultimate Principle
Saludos /\/\ /\ >< `/

Bug#858543: unblock: khotkeys/4:5.8.6-1

[Maximiliano Curia]

Control: tag -1 - moreinfo

¡Hola Emilio!

El 2017-03-23 a las 17:59 +0100, Emilio Pozuelo Monfort escribió:

Control: tags -1 confirmed moreinfo

On 23/03/17 10:41, Maximiliano Curia wrote:
Package: release.debian.org 
Severity: normal 
User: release.debian@packages.debian.org 
Usertags: unblock


KDE Plasma 5.8 is an LTS release that I consider fit to be updated in stretch. 
This particular request is for khotkeys 5.8.6.


The fixes included in the khotkeys 5.8.6 release are:
 translation updates 
 1 bug fixes:

   + Fix build with -fno-operator-names (bf57c78)



No changes worth noting in the Debian side.



Go ahead.


Thanks, uploaded and already installed in all the release archs.

Happy hacking,
--
"The sooner you start to code, the longer the program will take."
-- Roy Carlson
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Processed: Re: Bug#858543: unblock: khotkeys/4:5.8.6-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 - moreinfo
Bug #858543 [release.debian.org] unblock: khotkeys/4:5.8.6-1
Removed tag(s) moreinfo.

-- 
858543: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858543
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: chromium-browser_57.0.2987.98-1~deb8u1_i386.changes
  ACCEPT
Processing changes file: chromium-browser_57.0.2987.98-1~deb8u1_amd64.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_amd64.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_arm64.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_armel.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_armhf.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_i386.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_mips.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_mipsel.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_powerpc.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_ppc64el.changes
  ACCEPT
Processing changes file: icoutils_0.31.0-2+deb8u3_s390x.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_amd64.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_arm64.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_armel.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_armhf.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_i386.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_mips.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_mipsel.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_powerpc.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_ppc64el.changes
  ACCEPT
Processing changes file: imagemagick_6.8.9.9-5+deb8u8_s390x.changes
  ACCEPT
Processing changes file: 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_source+binary.changes
  ACCEPT
Processing changes file: ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_armel.changes
  ACCEPT
Processing changes file: ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_armhf.changes
  ACCEPT
Processing changes file: ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_i386.changes
  ACCEPT
Processing changes file: ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_mips.changes
  ACCEPT
Processing changes file: 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_powerpc.changes
  ACCEPT
Processing changes file: 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_s390x.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_amd64.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_arm64.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_armel.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_armhf.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_i386.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_mips.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_mipsel.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_powerpc.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_ppc64el.changes
  ACCEPT
Processing changes file: pidgin_2.11.0-0+deb8u2_s390x.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_amd64.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_arm64.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_armel.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_armhf.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_i386.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_mips.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_powerpc.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: r-base_3.1.1-1+deb8u1_s390x.changes
  ACCEPT
Processing changes file: sitesummary_0.1.17+deb8u2_amd64.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_amd64.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_arm64.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_armel.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_armhf.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_i386.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_mips.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_mipsel.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_powerpc.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_ppc64el.changes
  ACCEPT
Processing changes file: wireshark_1.12.1+g01b65bf-4+deb8u11_s390x.changes
  ACCEPT

Bug#858607: unblock: ocserv/0.11.6-2

[Aron Xu]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock ocserv/0.11.6-2, this update includes four simple
patches cherry picked from upstream later releases, used to improve
firewall handling and MTU/MSS calculation.

Patches are attached.

Regards,
Aron
From 9f735613c496a17461f60a75caf2f394ae781d4c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos 
Date: Thu, 23 Feb 2017 09:54:05 +0100
Subject: [PATCH 7/7] worker-vpn: use TCP_INFO on linux to obtain accurate MTU
 information

This provides a more accurate value than the one obtained using the
TCP MSS value. The latter is affected by many factors (such as tcp
options), to provide a reliable value.

Signed-off-by: Nikos Mavrogiannopoulos 
---
 src/worker-vpn.c | 80 +---
 1 file changed, 48 insertions(+), 32 deletions(-)

diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index ea80ebd..311fc2a 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -48,7 +48,7 @@
 #include 
 #include 
 
-#if defined(__linux__) &&!defined(IPV6_PATHMTU)
+#if defined(__linux__) && !defined(IPV6_PATHMTU)
 # define IPV6_PATHMTU 61
 #endif
 
@@ -942,11 +942,45 @@ void mtu_ok(worker_st * ws)
 			x += r % diff; \
 		}
 
+int get_pmtu_approx(worker_st *ws)
+{
+	socklen_t sl;
+	int ret, e;
+
+#if defined(__linux__) && defined(TCP_INFO)
+	struct tcp_info ti;
+	sl = sizeof(ti);
+
+	ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_INFO, , );
+	if (ret == -1) {
+		e = errno;
+		oclog(ws, LOG_INFO, "error in getting TCP_INFO: %s",
+		  strerror(e));
+		return -1; 
+	} else {
+		return ti.tcpi_pmtu;
+	}
+#else
+	int max = -1;
+
+	sl = sizeof(max);
+	ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
+	if (ret == -1) {
+		e = errno;
+		oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
+		  strerror(e));
+		return -1;
+	} else {
+		MSS_ADJUST(max);
+		return max;
+	}
+#endif
+}
+
 static
 int periodic_check(worker_st * ws, struct timespec *tnow, unsigned dpd)
 {
-	socklen_t sl;
-	int max, e, ret;
+	int max, ret;
 	time_t now = tnow->tv_sec;
 	time_t periodic_check_time = PERIODIC_CHECK_TIME;
 
@@ -1036,20 +1070,11 @@ int periodic_check(worker_st * ws, struct timespec *tnow, unsigned dpd)
 	}
 
 	if (ws->conn_type != SOCK_TYPE_UNIX && ws->udp_state != UP_DISABLED) {
-		sl = sizeof(max);
-		ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
-		if (ret == -1) {
-			e = errno;
-			oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
-			  strerror(e));
-		} else {
-			MSS_ADJUST(max);
-			/*oclog(ws, LOG_DEBUG, "TCP MSS is %u", max); */
-			if (max > 0 && max < ws->link_mtu) {
-oclog(ws, LOG_DEBUG, "reducing MTU due to TCP MSS to %u",
-  max);
-link_mtu_set(ws, max);
-			}
+		max = get_pmtu_approx(ws);
+		if (max > 0 && max < ws->link_mtu) {
+			oclog(ws, LOG_DEBUG, "reducing MTU due to TCP/PMTU to %u",
+			  max);
+			link_mtu_set(ws, max);
 		}
 	}
 
@@ -1571,7 +1596,7 @@ static int connect_handler(worker_st * ws)
 	struct http_req_st *req = >req;
 	struct pollfd pfd[4];
 	unsigned pfd_size;
-	int e, max, ret, t;
+	int max, ret, t;
 	char *p;
 	unsigned rnd;
 #ifdef HAVE_PPOLL
@@ -1580,7 +1605,6 @@ static int connect_handler(worker_st * ws)
 	unsigned tls_pending, dtls_pending = 0, i;
 	struct timespec tnow;
 	unsigned ip6;
-	socklen_t sl;
 	sigset_t emptyset, blockset;
 
 	sigemptyset();
@@ -1693,19 +1717,11 @@ static int connect_handler(worker_st * ws)
 	/* Attempt to use the TCP connection maximum segment size to set a more
 	 * precise MTU. */
 	if (ws->conn_type != SOCK_TYPE_UNIX) {
-		sl = sizeof(max);
-		ret = getsockopt(ws->conn_fd, IPPROTO_TCP, TCP_MAXSEG, , );
-		if (ret == -1) {
-			e = errno;
-			oclog(ws, LOG_INFO, "error in getting TCP_MAXSEG: %s",
-			  strerror(e));
-		} else {
-			MSS_ADJUST(max);
-			if (max > 0 && max < ws->vinfo.mtu) {
-oclog(ws, LOG_INFO,
-  "reducing MTU due to TCP MSS to %u (from %u)", max, ws->vinfo.mtu);
-ws->vinfo.mtu = max;
-			}
+		max = get_pmtu_approx(ws);
+		if (max > 0 && max < ws->vinfo.mtu) {
+			oclog(ws, LOG_DEBUG, "reducing MTU due to TCP/PMTU to %u",
+			  max);
+			link_mtu_set(ws, max);
 		}
 	}
 
-- 
2.1.4

From 1233f67c3f89bce5f8300c22de8c745d2ae7e9dd Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos 
Date: Wed, 22 Feb 2017 16:22:55 +0100
Subject: [PATCH 6/7] worker-vpn: corrected calculation for MTU via TCP MSS

Signed-off-by: Nikos Mavrogiannopoulos 
---
 src/worker-vpn.c | 16 +---
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 2a00ef9..ea80ebd 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -74,6 +74,13 @@
 #define CSTP_DTLS_OVERHEAD 1
 #define CSTP_OVERHEAD 8
 
+#define IP_HEADER_SIZE 20
+#define IPV6_HEADER_SIZE 40
+#define TCP_HEADER_SIZE 20
+#define UDP_HEADER_SIZE 8
+
+#define 

Bug#858600: unblock: gladtex/2.1-2

[Sebastian Humenda]

Hi again

I forgot to mention that it closes #857911 in Testing.

Thanks
Sebastian


signature.asc
Description: PGP signature

Bug#858600: unblock: gladtex/2.1-2

[Sebastian Humenda]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gladtex

The version in testing depends on the wrong texlive packages and hence won't
work for users not using a full texlive setup.

Furthermore, the package has issues with the locale, which I believe is fixed
with a minimal patch.

I have tried the new package in a minimal, clean [Stretch] pbuilder chroot and
it works fine.

The (short) debdiff is attached.

Thanks

unblock gladtex/2.1-2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (450, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gladtex-2.1/debian/changelog gladtex-2.1/debian/changelog
--- gladtex-2.1/debian/changelog2016-08-30 17:48:08.0 +0200
+++ gladtex-2.1/debian/changelog2017-03-16 11:35:43.0 +0100
@@ -1,3 +1,10 @@
+gladtex (2.1-2) unstable; urgency=medium
+
+  * correct dependency information for library package (Closes: #857911)
+  * add ability to work in environments without locale set up
+
+ -- Sebastian Humenda   Thu, 16 Mar 2017 11:35:43 +0100
+
 gladtex (2.1-1) unstable; urgency=medium
 
   * new upstream release
diff -Nru gladtex-2.1/debian/control gladtex-2.1/debian/control
--- gladtex-2.1/debian/control  2016-08-30 17:48:08.0 +0200
+++ gladtex-2.1/debian/control  2017-03-16 11:35:43.0 +0100
@@ -10,7 +10,8 @@
 
 Package: python3-gleetex
 Architecture: all
-Depends: ${misc:Depends}, ${python3:Depends}, texlive-latex-base, 
preview-latex-style, dvipng
+Depends: ${misc:Depends}, ${python3:Depends}, texlive-latex-recommended,
+texlive-fonts-recommended, preview-latex-style, dvipng
 Description: Module to embed LaTeX equations in HTML files
  GleeTeX is a python module to create images from formulas. It can parse HTML
  documents and replace all occurrences of some formula through images.
diff -Nru gladtex-2.1/debian/patches/ignore_unset_locale 
gladtex-2.1/debian/patches/ignore_unset_locale
--- gladtex-2.1/debian/patches/ignore_unset_locale  1970-01-01 
01:00:00.0 +0100
+++ gladtex-2.1/debian/patches/ignore_unset_locale  2017-03-16 
11:35:43.0 +0100
@@ -0,0 +1,28 @@
+Description: correctly handle unset locale
+ The program couldn't handle an unset locale and failed to work under such
+ circumstances. The minimal patch corrects this behaviour.
+ It has been applied upstream, too.
+Author: Sebastian Humenda 
+Last-Update: <2017-03-16>
+
+Index: gladtex/gleetex/document.py
+===
+--- gladtex.orig/gleetex/document.py
 gladtex/gleetex/document.py
+@@ -190,12 +190,14 @@ class LaTeXDocument:
+ # try to guess language and hence character set (fontenc)
+ import locale
+ language = locale.getdefaultlocale()
+-if language: # extract just the language code
++if language and language[0]: # extract just the language code
+ language = language[0].split('_')[0]
++if not language or not language[0]:
++language = 'en'
+ # check whether language on computer is within T1 and hence 
whether
+ # it should be loaded; I know that this can be a misleading
+ # assumption, but there's no better way that I know of
+-if language in ['fr', 'es', 'it', 'de', 'nl', 'ro']:
++if language in ['fr', 'es', 'it', 'de', 'nl', 'ro', 'en']:
+ encoding_preamble += '\n\\usepackage[T1]{fontenc}'
+ else:
+ raise ValueError(("Language not supported by T1 fontenc "
diff -Nru gladtex-2.1/debian/patches/series gladtex-2.1/debian/patches/series
--- gladtex-2.1/debian/patches/series   2016-08-30 17:48:08.0 +0200
+++ gladtex-2.1/debian/patches/series   2017-03-16 11:35:43.0 +0100
@@ -1 +1,2 @@
 fix_clean_command
+ignore_unset_locale


signature.asc
Description: PGP signature

Bug#858597: unblock: ga/5.4~beta~r10636+dfsg-5

[Graham Inggs]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Hi release team

In order to fix #816699, ga was configured to build against
libarmci-mpi-dev from src:armci-mpi.
Around the same time, armci-mpi was binNMU'd for PIE rebuilds and it
was found that it FTBFS about 50% of the time on 32-bit architectures,
see #816305.

I fixed #816305 with the upload of armci-mpi/0.0~git20160222-2, and
followed it up the next day with the upload of
ga/5.4~beta~r10636+dfsg-5, applying the same fix for #846273 and a fix
for #857177.

Armci-mpi was already unblocked without me even having to ask
(thanks!), so please unblock ga as well.  A full debdiff is attached,

unblock ga/5.4~beta~r10636+dfsg-5

Regards
Graham


ga-unblock.debdiff
Description: Binary data

Bug#858582: marked as done (unblock: iptables-persistent/1.0.4+nmu2)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 07:44:28 +
with message-id 
and subject line unblock iptables-persistent
has caused the Debian Bug report #858582,
regarding unblock: iptables-persistent/1.0.4+nmu2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858582: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858582
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock


Hello release team,

Please unblock iptables-persistent, it has a critical bug 857301
(merged with 857304), if this bug is not fixed iptables-persistent will
be deleted from testing.

The bug is very simple, ip{,6}-(save|restore) is not called using the
full path so it fails when it done from the crontab.

The fix simply adds the full path to those commands

PS: I'm aware the changelog doesn't close the bug correctly, so I'll do
it manually after (if) the unblock is processed.

thanks!


unblock iptables-persistent/1.0.4+nmu2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru iptables-persistent-1.0.4+nmu1/debian/changelog 
iptables-persistent-1.0.4+nmu2/debian/changelog
--- iptables-persistent-1.0.4+nmu1/debian/changelog 2016-08-23 
16:34:23.0 +0800
+++ iptables-persistent-1.0.4+nmu2/debian/changelog 2017-03-18 
21:11:49.0 +0800
@@ -1,3 +1,12 @@
+iptables-persistent (1.0.4+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Use the full path to executables when saving and restoring firewall
+rules for both IP and IPv6. Thanks G.W. Haywood for the patch.
+Closes (#857301)
+
+ -- gustavo panizzo   Sat, 18 Mar 2017 21:11:49 +0800
+
 iptables-persistent (1.0.4+nmu1) unstable; urgency=low
 
   [ Jonathan Wiltshire ]
diff -Nru iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables 
iptables-persistent-1.0.4+nmu2/plugins/15-ip4tables
--- iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables 2016-08-23 
16:34:23.0 +0800
+++ iptables-persistent-1.0.4+nmu2/plugins/15-ip4tables 2017-03-18 
21:11:49.0 +0800
@@ -20,7 +20,7 @@
if [ ! -f /etc/iptables/rules.v4 ]; then
echo "Warning: skipping IPv4 (no rules to load)"
else
-   iptables-restore < /etc/iptables/rules.v4 2> /dev/null
+   /sbin/iptables-restore < /etc/iptables/rules.v4 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
@@ -37,7 +37,7 @@
elif [ -x /sbin/iptables-save ]; then
touch /etc/iptables/rules.v4
chmod 0640 /etc/iptables/rules.v4
-   iptables-save > /etc/iptables/rules.v4
+   /sbin/iptables-save > /etc/iptables/rules.v4
if [ $? -ne 0 ]; then
rc=1
fi
diff -Nru iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables 
iptables-persistent-1.0.4+nmu2/plugins/25-ip6tables
--- iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables 2016-08-23 
16:34:23.0 +0800
+++ iptables-persistent-1.0.4+nmu2/plugins/25-ip6tables 2017-03-18 
21:11:49.0 +0800
@@ -20,7 +20,7 @@
if [ ! -f /etc/iptables/rules.v6 ]; then
echo "Warning: skipping IPv6 (no rules to load)"
else
-   ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null
+   /sbin/ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
@@ -37,7 +37,7 @@
elif [ -x /sbin/ip6tables-save ]; then
touch /etc/iptables/rules.v6
chmod 0640 /etc/iptables/rules.v6
-   ip6tables-save > /etc/iptables/rules.v6
+   /sbin/ip6tables-save > /etc/iptables/rules.v6
if [ $? -ne 0 ]; then
rc=1
fi
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Re: [request-tracker-maintainers] Bug#857748: Please package current version - 1.02

[Emilio Pozuelo Monfort]

On 23/03/17 07:09, Satoru KURASHIKI wrote:
> hi,
> 
> Release team,
> 
> In the later stage of freeze, are there any chance to upload newer
> upstream version (into testing) to fix RC bugs?
> If it can, I will finish staged git chages as soon as I can.
> 
> (This package is leaf plugin for request-tracker, so any other
> r/depeds will not affect.)

Please open an unblock bug (reportbug release.debian.org) and attach a proposed
debdiff, and we'll consider it.

Cheers,
Emilio

> 
> regards,
> 
> On Fri, Mar 17, 2017 at 7:12 AM, Dominic Hargreaves  wrote:
>> Control: severity -1 serious
>>
>> On Tue, Mar 14, 2017 at 07:25:32PM +0300, Max Kosmach wrote:
>>> X-Debbugs-CC: pkg-request-tracker-maintain...@lists.alioth.debian.org
>>> Package: rt4-extension-customfieldsonupdate
>>> Version: 0.01-1.1
>>>
>>> Please package current version (1.02) which is compatible with RT 4.2 and 
>>> RT 4.4
>>
>> Hi Max,
>>
>> Thanks for raising this issue. From the changelog I take it that 0.0.1
>> doesn't support 4.2 or 4.4 at all. Is that your understanding too?
>>
>> As such this is RC for both jessie and stretch, so raising the
>> severity appropriately.
>>
>> Dominic.
> 
> 
>