Bug#859255: binNMU needed for more R packages.

2017-04-30 Thread Charles Plessy 
> On Sat, Apr  1, 2017 at 15:24:53 +0900, Charles Plessy wrote:
> > 
> > as a follow-up to #858183, I looked at which other R Bioconductor
> > packages were broken by R 3.3.3-1, and it seems that the previous round
> > of binNMUs did not repair some of them.
> > 
> > Can you make the followig binNMUs ?
> > 
> > nmu r-bioc-rsamtools_1.26.1-2 . ANY . -m "Rebuild for R 3.3.3." 
> > nmu r-bioc-shortread_1.32.0-1 . ANY . -m "Rebuild for R 3.3.3." 
> > nmu r-bioc-variantannotation_1.20.2-1 . ANY . -m "Rebuild for R 3.3.3." 
> > nmu r-bioc-genomicalignments_1.10.0-1 . ANY . -m "Rebuild for R 3.3.3." 

Le Sun, Apr 30, 2017 at 06:08:46PM +0200, Julien Cristau a écrit :
> > 
> binNMUs are not an acceptable way to deal with silent breakage.  If R
> 3.3.3-1 breaks reverse dependencies, it needs to not be co-installable
> with them.

Hi Julien,

I understand that Debian wants partial upgrades to be supported (even in the
sense of preventing them with Breaks relationships), but with R we are not yet
there.  Please also note that I am not the maintainer of the r-base package.

Jessie ships R 3.1.1 and Stretch will ship R 3.3.3.  In the R ecosystem, users
are expected to rebuild their packages when upgrading R to a new minor version
(for instance from 3.1.x to 3.3.x).  In practice, many packages keep working
and backward incompatibilities are announced in advance.  Unfortunately, in the
case of 3.3.3, it even broke backwards incompatiblity with the previous
patchlevel version 3.3.2, in an unexpected way.  This is what I am trying to
address now.

You can of course open a bug on r-base asking for Breaks declarations to be 
added,
but at the moment I can not tell if something would be missing, as I am focusing
on the issue of making Stretch's r-base work with Stretch's R packages, and not
with Jessie ones or some that can now only be found on snapshots.debian.org.

For the next release cycle, we may be able to prevent Stretch's R packages to
be used with Buster's r-base package, as our build scripts now insert a
dependency on the virtual package 'r-api-3' that r-base provides; we are
actually discussing about bumping it to r-api-4 in 
.

I hope it clarifies my efforts.  Many thanks for the binNMUs, it helped me a 
lot.

Have a nice day,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: base-files_8+deb8u8_arm64.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_armel.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_armhf.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_i386.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_mips.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_mipsel.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_powerpc.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_ppc64el.changes
  ACCEPT
Processing changes file: base-files_8+deb8u8_s390x.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_mipsel.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_mips.changes
  ACCEPT

Bug#861580: (pre-approval) unblock: mysql-connector-python/2.1.6

2017-04-30 Thread Sandro Tosi 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,
BTS 861511 was reported yesterday against mysql-connector-python stating the new
upstream version (2.1.6) fixes CVE-2017-3590.

The upstream versions diff (attached) is quite important, so i would understand
if you decide not to accept a potential upload of this new version aiming for an
unblock to strech, but i would still like you to have a look and decide on it.

Thanks,
Sandro

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/CHANGES.txt b/CHANGES.txt
index 18112d1..6e2c797 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -3,11 +3,23 @@ MySQL Connector/Python 2.1 - Release Notes & Changes
 
 
 MySQL Connector/Python
-Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
 
 Full release notes:
  http://dev.mysql.com/doc/relnotes/connector-python/en/
 
+v2.1.6
+==
+
+- BUG#25726671: Fix compatibility issues with the latest Django versions
+- BUG#25558885: Set default connection timeout to pure connector/python
+- BUG#25397650: Verify server certificate only if ssl_verify_cert is True
+- BUG#25589496: Don't convert to unicode if non-ascii data is present
+- BUG#25383644: Add connection back to pool on exception
+- BUG#22476689: Importing world.sql fails with cext enabled
+- BUG#20736339: Expect multiple include directories from mysql_config
+- BUG#19685386: C extension tests are failing using MySQL 5.7.4
+
 v2.1.5
 ==
 
diff --git a/PKG-INFO b/PKG-INFO
index 4af4d6f..9ab448d 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: mysql-connector-python
-Version: 2.1.5
+Version: 2.1.6
 Summary: MySQL driver written in Python
 Home-page: http://dev.mysql.com/doc/connector-python/en/index.html
 Author: Oracle and/or its affiliates
@@ -27,6 +27,8 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.1
 Classifier: Programming Language :: Python :: 3.2
 Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
 Classifier: Topic :: Database
 Classifier: Topic :: Software Development
 Classifier: Topic :: Software Development :: Libraries :: Application 
Frameworks
diff --git a/README.txt b/README.txt
index 773af0b..46cce18 100644
--- a/README.txt
+++ b/README.txt
@@ -3,7 +3,7 @@ MySQL Connector/Python 2.1
 ==
 
 MySQL Connector/Python
-Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
 
 License information can be found in the LICENSE.txt file.
 
@@ -28,7 +28,7 @@ doubt, this particular copy of the software is released
 under the version 2 of the GNU General Public License.
 MySQL Connector/Python is brought to you by Oracle.
 
-Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
 
 License information can be found in the LICENSE.txt file.
 
diff --git a/lib/cpy_distutils.py b/lib/cpy_distutils.py
index e944ce6..04741ea 100644
--- a/lib/cpy_distutils.py
+++ b/lib/cpy_distutils.py
@@ -1,5 +1,5 @@
 # MySQL Connector/Python - MySQL driver written in Python.
-# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # , like most
@@ -136,21 +136,7 @@ def unix_lib_is64bit(lib_file):
 return False
 
 
-def get_mysql_config_info(mysql_config):
-"""Get MySQL information using mysql_config tool
-
-Returns a dict.
-"""
-options = ['cflags', 'include', 'libs', 'libs_r', 'plugindir', 'version']
-
-cmd = [mysql_config] + [ "--{0}".format(opt) for opt in options ]
-
-try:
-proc = Popen(cmd, stdout=PIPE, universal_newlines=True)
-stdout, _ = proc.communicate()
-except OSError as exc:
-raise DistutilsExecError("Failed executing mysql_config: {0}".format(
-str(exc)))
+def parse_mysql_config_info(options, stdout):
 log.debug("# stdout: {0}".format(stdout))
 info = {}
 for option, line in zip(options, stdout.split('\n')):
@@ -173,7 +159,28 @@ def get_mysql_config_info(mysql_config):
 info['lib_r_dir'] = libs[0].replace('-L', '')

Bug#861578: unblock: cairocffi/0.7.2-2

2017-04-30 Thread Sandro Tosi 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package cairocffi

* it drops all the depencencies on xcffib as that pkg FTBFS
* it updates the VCS url, pointing to the HTTPS version (I consider this
  information begin updated and a valuable fix for stretch lifetime)
* if fixes a random FTBFS in the test_xcb.py tests. Now, test_xcb.py is disabled
  because we removed xcffib from b-d (so for this upload is a no-op) but once
  we'll be able to add it back, it's a valuable contribution (and also it was
  already in git so i was somewhat lazy and left it in the upload)

Source debdiff is attached

unblock cairocffi/0.7.2-2

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru cairocffi-0.7.2/debian/changelog cairocffi-0.7.2/debian/changelog
--- cairocffi-0.7.2/debian/changelog2015-12-10 13:02:02.0 -0500
+++ cairocffi-0.7.2/debian/changelog2017-04-30 20:32:16.0 -0400
@@ -1,3 +1,20 @@
+cairocffi (0.7.2-2) unstable; urgency=medium
+
+  [ Ondřej Nový ]
+  * Fixed VCS URL (https)
+
+  [ Stefano Rivera ]
+  * Fix XCB tests (Closes: #828929)
+
+  [ Christoph Reiter ]
+  * Drop Build-Depends and Recommends on xcffib and skip xcb tests
+(Closes: #861175)
+
+  [ Sandro Tosi ]
+  * Team upload.
+
+ -- Sandro Tosi   Sun, 30 Apr 2017 20:32:16 -0400
+
 cairocffi (0.7.2-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru cairocffi-0.7.2/debian/control cairocffi-0.7.2/debian/control
--- cairocffi-0.7.2/debian/control  2015-12-10 13:02:02.0 -0500
+++ cairocffi-0.7.2/debian/control  2017-04-30 20:32:16.0 -0400
@@ -10,7 +10,6 @@
python3-all,  
python3-setuptools,
python-cffi (>= 1.1.0), python3-cffi (>= 1.1.0),
-   python-xcffib (>= 0.3.2), python3-xcffib (>= 0.3.2),
python-sphinx | python3-sphinx, 
python-pytest, python3-pytest,
xvfb, xauth,
@@ -22,13 +21,12 @@
 X-Python3-Version: >= 3.2
 Standards-Version: 3.9.6
 Homepage: https://pythonhosted.org/cairocffi/
-Vcs-Git: git://anonscm.debian.org/python-modules/packages/cairocffi.git
+Vcs-Git: https://anonscm.debian.org/git/python-modules/packages/cairocffi.git
 Vcs-Browser: 
https://anonscm.debian.org/cgit/python-modules/packages/cairocffi.git
 
 Package: python-cairocffi
 Architecture: all
 Depends: ${misc:Depends}, ${python:Depends}, python-cffi, libcairo2, 
libgdk-pixbuf2.0-0
-Recommends: python-xcffib (>= 0.3.2)
 Suggests: python-cairocffi-doc
 Description: cffi-based cairo bindings for Python 
  cairocffi is a CFFI-based drop-in replacement for Pycairo,
@@ -39,7 +37,6 @@
 Package: python3-cairocffi
 Architecture: all
 Depends: ${misc:Depends}, ${python3:Depends}, python3-cffi, libcairo2, 
libgdk-pixbuf2.0-0
-Recommends: python3-xcffib (>= 0.3.2)
 Suggests: python-cairocffi-doc
 Description: cffi-based cairo bindings for Python (Python3)
  cairocffi is a CFFI-based drop-in replacement for Pycairo,
diff -Nru cairocffi-0.7.2/debian/.git-dpm cairocffi-0.7.2/debian/.git-dpm
--- cairocffi-0.7.2/debian/.git-dpm 2015-12-10 13:02:02.0 -0500
+++ cairocffi-0.7.2/debian/.git-dpm 2017-04-30 20:32:16.0 -0400
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-c60e548d413fe20495a53d6e5059d3805cb8f00b
-c60e548d413fe20495a53d6e5059d3805cb8f00b
+72067bb5a6d92564284f5a6a94369f24cd4405bb
+72067bb5a6d92564284f5a6a94369f24cd4405bb
 442c25e12a2070d915ac16d4daba19575babe9fa
 442c25e12a2070d915ac16d4daba19575babe9fa
 cairocffi_0.7.2.orig.tar.gz
diff -Nru cairocffi-0.7.2/debian/patches/fix-xcb-tests.patch 
cairocffi-0.7.2/debian/patches/fix-xcb-tests.patch
--- cairocffi-0.7.2/debian/patches/fix-xcb-tests.patch  1969-12-31 
19:00:00.0 -0500
+++ cairocffi-0.7.2/debian/patches/fix-xcb-tests.patch  2017-04-30 
20:32:16.0 -0400
@@ -0,0 +1,66 @@
+From 72067bb5a6d92564284f5a6a94369f24cd4405bb Mon Sep 17 00:00:00 2001
+From: Sean Vig 
+Date: Tue, 6 Sep 2016 22:38:14 -0700
+Subject: Fix XCB tests
+
+Make sure XCB objects are free'd, and cffi objects set to None so they
+are gc'd and destroyed before the connection is disconnected.
+
+Origin: https://github.com/Kozea/cairocffi/pull/68
+Bug-Debian: https://bugs.debian.org/828929
+
+Patch-Name: fix-xcb-tests.patch
+---
+ cairocffi/test_xcb.py | 18 --
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/cairocffi/test_xcb.py b/cairocffi/test_xcb.py
+index c8a6e70..1aa5123 100644
+--- a/cairocffi/test_xcb.py
 b/cairocffi/test_xcb.py
+@@ -87,6 +87,10 @@ def create_pixmap(conn, wid,

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: vlc_2.2.5-1~deb8u1_armel.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_armhf.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_mips.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_mipsel.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: vlc_2.2.5-1~deb8u1_arm64.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_i386.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_powerpc.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_s390x.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_armel.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: base-files_8+deb8u8_amd64.changes
  ACCEPT

Bug#861385: Changelog entries

2017-04-30 Thread Mattia Rizzolo 
On Sun, 30 Apr 2017 22:33:45 +0200 Ondrej Novy  wrote:
> Hi Ivo,
> 
> all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
> 1:0.8.4-4 package.
> 
> I consider mentioning that changes (TZ patch, copyright fix) in
> corresponding changelog entries with version where it was fixed in unstable
> is better. I think merging all this entries to 1:0.8.4-4 is misleading.
> 
> Why we should remove a changelog entry which really existed in unstable?
> Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
> consfused.
> 
> Thanks.
> 
> -- 
> Best regards
>  Ondřej Nový
> 
> Email: n...@ondrej.org
> PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861385: Changelog entries

2017-04-30 Thread Mattia Rizzolo 
On Sun, 30 Apr 2017 22:33:45 +0200 Ondrej Novy  wrote:
> Hi Ivo,
> 
> all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
> 1:0.8.4-4 package.
> 
> I consider mentioning that changes (TZ patch, copyright fix) in
> corresponding changelog entries with version where it was fixed in unstable
> is better. I think merging all this entries to 1:0.8.4-4 is misleading.
> 
> Why we should remove a changelog entry which really existed in unstable?
> Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
> consfused.
> 
> Thanks.
> 
> -- 
> Best regards
>  Ondřej Nový
> 
> Email: n...@ondrej.org
> PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861385: Changelog entries

2017-04-30 Thread Mattia Rizzolo 
On Sun, 30 Apr 2017 22:33:45 +0200 Ondrej Novy  wrote:
> Hi Ivo,
> 
> all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
> 1:0.8.4-4 package.
> 
> I consider mentioning that changes (TZ patch, copyright fix) in
> corresponding changelog entries with version where it was fixed in unstable
> is better. I think merging all this entries to 1:0.8.4-4 is misleading.
> 
> Why we should remove a changelog entry which really existed in unstable?
> Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
> consfused.
> 
> Thanks.
> 
> -- 
> Best regards
>  Ondřej Nový
> 
> Email: n...@ondrej.org
> PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861385: Changelog entries

2017-04-30 Thread Mattia Rizzolo 
On Sun, 30 Apr 2017 22:33:45 +0200 Ondrej Novy  wrote:
> Hi Ivo,
> 
> all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
> 1:0.8.4-4 package.
> 
> I consider mentioning that changes (TZ patch, copyright fix) in
> corresponding changelog entries with version where it was fixed in unstable
> is better. I think merging all this entries to 1:0.8.4-4 is misleading.
> 
> Why we should remove a changelog entry which really existed in unstable?
> Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
> consfused.
> 
> Thanks.
> 
> -- 
> Best regards
>  Ondřej Nový
> 
> Email: n...@ondrej.org
> PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861385: Changelog entries

2017-04-30 Thread Mattia Rizzolo 
On Sun, 30 Apr 2017 22:33:45 +0200 Ondrej Novy  wrote:
> Hi Ivo,
> 
> all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
> 1:0.8.4-4 package.
> 
> I consider mentioning that changes (TZ patch, copyright fix) in
> corresponding changelog entries with version where it was fixed in unstable
> is better. I think merging all this entries to 1:0.8.4-4 is misleading.
> 
> Why we should remove a changelog entry which really existed in unstable?
> Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
> consfused.
> 
> Thanks.
> 
> -- 
> Best regards
>  Ondřej Nový
> 
> Email: n...@ondrej.org
> PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861376: unblock: variety/0.6.3-4 (pre-upload approval)

2017-04-30 Thread Gianfranco Costamagna 
control: tags -1 -moreinfo
> Please go ahead with the upload and remove the moreinfo tag from this bug once
> the package built on all the relevant architectures in unstable.
> 
uploaded a few seconds ago :)

thanks a lot!
G.



signature.asc
Description: OpenPGP digital signature

Processed: Re: unblock: variety/0.6.3-4 (pre-upload approval)

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 -moreinfo
Bug #861376 [release.debian.org] unblock: variety/0.6.3-4 (pre-upload approval)
Removed tag(s) moreinfo.

-- 
861376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861385: Changelog entries

2017-04-30 Thread Ondrej Novy 
Hi Ivo,

all changes from 0.9.5-1 and 0.9.5-2 but new upstream release are in
1:0.8.4-4 package.

I consider mentioning that changes (TZ patch, copyright fix) in
corresponding changelog entries with version where it was fixed in unstable
is better. I think merging all this entries to 1:0.8.4-4 is misleading.

Why we should remove a changelog entry which really existed in unstable?
Users using unstable will "upgrade" 0.9.5-2 -> 1:0.8.4-4 and will be
consfused.

Thanks.

-- 
Best regards
 Ondřej Nový

Email: n...@ondrej.org
PGP: 3D98 3C52 EB85 980C 46A5  6090 3573 1255 9D1E 064B

Bug#861462: unblock: spyder/3.1.4+dfsg1-1 (pre-approval)

2017-04-30 Thread Ghislain Vaillant 
Dear Ivo,

On Sun, 2017-04-30 at 20:01 +0200, Ivo De Decker wrote:
> Hi,
> 
> On Sat, Apr 29, 2017 at 12:41:51PM +0100, Ghislain Antony Vaillant wrote:
> > Please unblock package spyder
> > 
> > A bugfix version of spyder has just been released (version 3.1.4). The
> > comprehensive changelog for this release is available here [1] and the
> > corresponding debdiff will be attached to this report. Packaging-wise,
> > the new release would allow us to drop two upstream patches from the
> > patch queue.
> 
> This diff is huge, with a large number of different changes. There is no way
> this is suitable for an unblock request.

The content of the so-called "huge" diff comes mostly from the first-
time inclusion of the upstream changelog and some translation updates. 

These changes are hardly sensitive as far as package maintenance is
concerned, don't you think?

> I'm closing this request.

That's unfortunate. Then, I guess I was lucky to convince Niels to
unblock spyder/3.1.3+dfsg1-1 a few weeks back.

I actually pinged Niels on IRC to check whether a new request for an
unblock could be potentially met with an approval, to which he replied
that I should give it a try.

> If you want to have targeted fixes for important bugs, please file a new
> request.

As explained in the body of the report, the rationales for the update
are to provide the latest bugfix release (which upstream is obviously
keen on) *and* to drop the patches that had been cherry-picked to close
important bugs affecting vanilla 3.1.3.

There are no important bugs registered in the BTS affecting the current
package as of today, so this update is purely motivated by convenience
from a user and maintainer's perspective.

Anyway, thank you for your time.

Best regards,
Ghis

Bug#858310: jessie-pu: package gtk+2.0/2.24.25-3+deb8u2

2017-04-30 Thread Samuel Thibault 
Hello,

I have now uploaded it.

Samuel

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_armel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_armhf.changes
  ACCEPT

Bug#861287: unblock: dcfldd/1.3.4.1-11

2017-04-30 Thread Eriberto Mota 
Hi Ivo,

This change is important to allow users complete for paths/files via
TAB, improving the functions. I already submitted similar a bug
(#856820). Please, consider this change which will benefit all dcfldd
users and not will compromisse the build.

Thanks for your attention.

Regards,

Eriberto


2017-04-30 14:51 GMT-03:00 Ivo De Decker :
> Hi,
>
> On Wed, Apr 26, 2017 at 10:21:13PM -0300, Joao Eriberto Mota Filho wrote:
>> Please unblock package dcfldd.
>>
>> Some considerations:
>>
>>   * The revision add Bash completion, closing  #771678, and add a newline in
>> final report.
>
> These changes don't seem to be in line with the freeze policy, so I'm closing
> this request.
>
> https://release.debian.org/stretch/freeze_policy.html
>
> Cheers,
>
> Ivo
>

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_armhf.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_arm64.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_i386.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_arm64.changes
  ACCEPT
Processing changes file: linux_3.16.43-2_i386.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_s390x.changes
  ACCEPT

Bug#861287: marked as done (unblock: dcfldd/1.3.4.1-11)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 19:51:03 +0200
with message-id <20170430175101.ga14...@ugent.be>
and subject line Re: unblock: dcfldd/1.3.4.1-11
has caused the Debian Bug report #861287,
regarding unblock: dcfldd/1.3.4.1-11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861287
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dcfldd.

Some considerations:

  * The revision add Bash completion, closing  #771678, and add a newline in
final report.

  * The package was already uploaded to Sid and it builds correctly on all
applicable architectures.

  * There is a debdiff attached.

  * The debian/changelog says:

dcfldd (1.3.4.1-11) unstable; urgency=medium

  * Added a Bash completion scheme. (Closes: #771678)
  - Added bash-completion to Build-Depends field in debian/control.
  - Added the addon bash-completion to dh in debian/rules.
  - Created debian/bash_completion and debian/bash-completion files.
  * debian/patches/70_fix-total-message.patch: created to add a newline to
generate a space between the final summary message and hashes.

Thanks in advance.

Regards,

Eriberto
--- End Message ---
--- Begin Message ---
Hi,

On Wed, Apr 26, 2017 at 10:21:13PM -0300, Joao Eriberto Mota Filho wrote:
> Please unblock package dcfldd.
> 
> Some considerations:
> 
>   * The revision add Bash completion, closing  #771678, and add a newline in
> final report.

These changes don't seem to be in line with the freeze policy, so I'm closing
this request.

https://release.debian.org/stretch/freeze_policy.html

Cheers,

Ivo--- End Message ---

Bug#861376: unblock: variety/0.6.3-4 (pre-upload approval)

2017-04-30 Thread Ivo De Decker 
Control: tags -1 confirmed moreinfo

Hi,

On Thu, Apr 27, 2017 at 11:31:39PM -0700, James Lu wrote:
> Attached is a debdiff between 0.6.3-1 (currently in unstable) and 0.6.3-4,
> which I plan to release if this is okay.

Please go ahead with the upload and remove the moreinfo tag from this bug once
the package built on all the relevant architectures in unstable.

Cheers,

Ivo

Processed: Re: unblock: variety/0.6.3-4 (pre-upload approval)

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 confirmed moreinfo
Bug #861376 [release.debian.org] unblock: variety/0.6.3-4 (pre-upload approval)
Added tag(s) moreinfo and confirmed.

-- 
861376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#861385: Acknowledgement (unblock (pre-approval): khal/1:0.8.4-4)

2017-04-30 Thread Ivo De Decker 
Control: tags -1 confirmed moreinfo

Hi,

On Sat, Apr 29, 2017 at 03:24:57PM +0200, Filip Pytloun wrote:
> I see, didn't realized that epoch is not in file names. So new debdiff
> attached and retitling.

> diff -Nru khal-0.8.4/debian/changelog khal-0.8.4/debian/changelog
> --- khal-0.8.4/debian/changelog   2017-01-17 19:30:32.0 +0100
> +++ khal-0.8.4/debian/changelog   2017-04-28 10:28:13.0 +0200
> @@ -1,3 +1,28 @@
> +khal (1:0.8.4-4) unstable; urgency=medium
> +
> +  * Raise epoch to "revert" new upstream version in unstable and pass
> +stretch migration
> +
> + -- Filip Pytloun   Fri, 28 Apr 2017 10:28:13 +0200
> +
> +khal (0.9.5-2) unstable; urgency=medium
> +
> +  * d/copyright: mention presence of
> +0002-Reference-license-from-copyright-file.patch (Closes: #860984)
> +  * d/copyright: add upstream contact
> +  * d/copyright: update copyright year
> +
> + -- Filip Pytloun   Mon, 24 Apr 2017 09:45:57 +0200
> +
> +khal (0.9.5-1) unstable; urgency=medium
> +
> +  * New upstream release
> +  * d/patches: some TZ tests may fail due to Debian's python-tz of older
> +version but with newer TZ definitions, should be removed when 2017.2
> +reaches sid (Closes: #859472)
> +
> + -- Filip Pytloun   Thu, 20 Apr 2017 20:55:06 +0200
> +
>  khal (0.8.4-3) unstable; urgency=medium
>  

Please remove the changes of 0.9.5-1 and 0.9.5-2 from the changelog, as
1:0.8.4-4 doesn't contain these changes. With that change, feel free to upload
to unstable and remove the moreinfo tag from this bug once it's built on all
relevant architectures.

Cheers,

Ivo

Processed: Re: Bug#861385: Acknowledgement (unblock (pre-approval): khal/1:0.8.4-4)

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 confirmed moreinfo
Bug #861385 [release.debian.org] unblock (pre-approval): khal/1:0.8.4-4
Added tag(s) confirmed and moreinfo.

-- 
861385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 852432, tagging 852435, tagging 858086, tagging 858103, tagging 860856, tagging 860914 ...

2017-04-30 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 852432 + pending
Bug #852432 [release.debian.org] RM: cgiemail -- RoST; unmaintained
Ignoring request to alter tags of bug #852432 to the same tags previously set
> tags 852435 + pending
Bug #852435 [release.debian.org] RM: ccache-dbgsym [amd64] -- RoQA; cruft
Ignoring request to alter tags of bug #852435 to the same tags previously set
> tags 858086 + pending
Bug #858086 [release.debian.org] RM: owncloud -- RoM; unsupportable
Added tag(s) pending.
> tags 858103 + pending
Bug #858103 [release.debian.org] RM: owncloud-apps -- RoM; unsupportable
Added tag(s) pending.
> tags 860856 + pending
Bug #860856 [release.debian.org] RM: live-f1 -- RoQA; broken due to third-party 
changes
Added tag(s) pending.
> tags 860914 + pending
Bug #860914 [release.debian.org] RM: libwww-dict-leo-org-perl -- RoM; broken 
due to upstream changes
Added tag(s) pending.
> tags 860973 + pending
Bug #860973 [release.debian.org] RM: libapache2-authenntlm-perl -- RoM; broken 
with Apache 2.4
Added tag(s) pending.
> tags 861399 + pending
Bug #861399 [release.debian.org] RM: grive -- RoQA; broken due to Google API 
changes
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
852432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852432
852435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852435
858086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858086
858103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858103
860856: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860856
860914: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860914
860973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860973
861399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861399
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_mipsel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_ppc64el.changes
  ACCEPT

Bug#860429: marked as done (unblock: golang-go.crypto/1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 19:31:30 +0200
with message-id <20170430173128.ga13...@ugent.be>
and subject line Re: binNMU in unstable
has caused the Debian Bug report #860429,
regarding unblock: 
golang-go.crypto/1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860429
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package golang-go.crypto

About 18 days ago, a security issue was patched [1] in this package. For reasons
not directly related to the CVE [2], an upload to unstable was done about 9 days
after the relevant security update. I have not yet confirmed the fix is in
unstable (haven't had the time available, yet), but believe it's there.

While the patch itself is relatively simple [3], there is a large delta from
testing and the debdiff is quite substantial (~16,000 lines). Unfortunately, I
agree with the severity and RC status... and this package has a very large
number of reverse build dependencies against it. Adding to the headache, this
change introduces an unavoidable breaking change.

I know the current unstable package needs d/NEWS,chglog updated before an
acceptable debdiff could be presented. I now see other security updates [4]
have been resolved since the version in testing.

This is my first time requesting a freeze exception or trying to handle one at
all and the list of reverse dependencies has me a feeling a little uneasy. If
anyone is interested in mentoring (or taking over), please do!

[1] https://github.com/golang/go/issues/19767
[2] https://security-tracker.debian.org/tracker/CVE-2017-3204
[3] 
https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
[4] https://github.com/golang/go/issues?q=label%3ASecurity+is%3Aclosed
[-] https://bugs.debian.org/859655

unblock golang-go.crypto/1:0.0~git20170407.0.55a552f-1

-- System Information:
Debian Release: 9.0 
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Hi,

Closing this request, as golang-go.crypto is now in testing, and the other
issues are done or have separate bugs (see below).

On Fri, Apr 28, 2017 at 06:42:34PM -0500, Michael Lustfield wrote:
> I've requested a rebuild of the reverse build dependencies in unstable [1].

This has been handled in #861432.

> I also rebuilt reverse build dependencies against this package update with the
> following results:
> 
> testing:
>   success: 62,  failed: 2 (being addressed)
> unstable
>   success: 107, failed: 7 (unchecked)
> 
> The first failure in testing was packer (previous comments). Felix contacted 
> me
> about restic and is taking care of any issues.

These have RC bugs, so this issues will be handled through those.

It seems packer is the only package in stretch that has 'built-using' for the
old version of golang-go.crypto.

Cheers,

Ivo--- End Message ---

Bug#861432: closed by Ivo De Decker <iv...@debian.org> (Re: nmu: golang-go.crypto)

2017-04-30 Thread Michael Lustfield 
On Sun, Apr 30, 2017 at 06:55:19PM +0200, Ivo De Decker wrote:
> I scheduled the binNMUs. Please note that we currently cannot schedule
binNMUs
> for arch:all packages. So these are not rebuilt. The other ones should be
ok

> (with the exception of restic, but you already filed #861431 for that).


Thanks! Thinking about it now, "all" was a mistake, for what are now
obvious reasons.

Bug#861432: marked as done (nmu: golang-go.crypto)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 19:16:13 +0200
with message-id <20170430171611.ga13...@ugent.be>
and subject line Re: nmu: golang-go.crypto
has caused the Debian Bug report #861432,
regarding nmu: golang-go.crypto
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861432
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Bug #859655 [3] has been fixed in unstable. This addresses a CVE bug, but also
requires all reverse build dependencies be rebuilt. After this package has
migrated to testing, there will be 62-64 packages that need rebuilding as well.

I have run build tests in both unstable and testing for this update using an
amd64 sbuild environment. For reference, the results:

testing:
  success: 62,  failed: 2 (being addressed)
unstable
  success: 107, failed: 7 (unchecked)


For the moment, I need the 107 packages in this list [1] to rebuilt in unstable.
... wanna build? :)

[1]

nmu mtail_0.0+git20161231.ae129e9-1 . ANY all . unstable . -m 'Rebuild against 
fixed golang-go.crypto; #859655'
nmu tendermint-ed25519_0.0~git20160723.0.1f52c6f-1 . ANY all . unstable . -m 
'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-rsc-letsencrypt_0.0~git20160929.0.76104d2-2 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-docker-leadership_0.1.0-1 . ANY all . unstable . -m 'Rebuild 
against fixed golang-go.crypto; #859655'
nmu sia_1.0.4-1 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu golang-github-samalba-dockerclient_0.0~git20160531.0.a303626-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-golang-x-net-dev_1:0.0+git20160110.4fd4a9f-1 . ANY all . unstable . 
-m 'Rebuild against fixed golang-go.crypto; #859655'
nmu gocryptfs_1.2-2 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu golang-github-aelsabbahy-gonetstat_0.0~git20160428.0.edf89f7-2 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-blevesearch-bleve_0.5.0+git20170324.202.4702785f-1 . ANY all 
. unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-endophage-gotuf_0.0~git20151020.0.2df1c8e-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu cadvisor_0.25.0+dfsg-1 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu dnss_0.0~git20161126.0.162090e-1 . ANY all . unstable . -m 'Rebuild against 
fixed golang-go.crypto; #859655'
nmu golang-gopkg-dancannon-gorethink.v2_2.0.4-1 . ANY all . unstable . -m 
'Rebuild against fixed golang-go.crypto; #859655'
nmu mongo-tools_3.2.11-1 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu golang-github-docker-go-connections_0.2.1+git20161115.12.4ccf312-1 . ANY 
all . unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-fsouza-go-dockerclient_0.0+git20160622-1 . ANY all . unstable 
. -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-go-macaron-macaron_1.2.1+git20170219.2.8be5635-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu rkt_1.21.0+dfsg-1 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu golang-github-coreos-go-systemd_14-1 . ANY all . unstable . -m 'Rebuild 
against fixed golang-go.crypto; #859655'
nmu chasquid_0.01+git20161124.6479138-2 . ANY all . unstable . -m 'Rebuild 
against fixed golang-go.crypto; #859655'
nmu minica_1.0-1 . ANY all . unstable . -m 'Rebuild against fixed 
golang-go.crypto; #859655'
nmu golang-github-pkg-sftp_0.0~git20160930.0.4d0e916-1 . ANY all . unstable . 
-m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-spf13-afero_0.0~git20161226.0.90dd71e-1 . ANY all . unstable 
. -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-azure-go-ntlmssp_0.0~git20160412.e0b63eb-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-opencontainers-image-spec_1.0.0~rc2+dfsg-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu golang-github-couchbase-moss_0.0~git20170330.0.d2258a2-1 . ANY all . 
unstable . -m 'Rebuild against fixed golang-go.crypto; #859655'
nmu tendermint-go-p2p_0.0~git20170113.0.3d98f67-1 . ANY all . unstable . -m 
'Rebuild against fixed golang-go.crypto; #859655'

Re: Stable update request: kernel changes to fix PIE with large stack

2017-04-30 Thread Julien Cristau 
On Sat, Apr 22, 2017 at 21:42:30 +0100, Ben Hutchings wrote:

> On Sat, 2017-04-22 at 20:07 +, Niels Thykier wrote:
> [...]
> > Hi Ben,
> > 
> > Could you please file a pu bug for this?  I fear that otherwise, it
> > might be overlooked for the next time the SRMs review the outstanding
> > stable update requests.
> 
> I already stopped waiting and went ahead and made these changes.

Sorry for the lack of reply from SRM here.  And thanks for your work.

Cheers,
Julien

Processed: Re: nmu: golang-go.crypto

2017-04-30 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # cloning the bug, see below
> clone 861432 -1
Bug #861432 [release.debian.org] nmu: golang-go.crypto
Bug 861432 cloned as bug 861546
860429 was blocked by: 861432
860429 was blocking: 859655
Added blocking bug(s) of 860429: 861546
> reassign -1 notary 0.1~ds1-1
Bug #861546 [release.debian.org] nmu: golang-go.crypto
Bug reassigned from package 'release.debian.org' to 'notary'.
Ignoring request to alter found versions of bug #861546 to the same values 
previously set
Ignoring request to alter fixed versions of bug #861546 to the same values 
previously set
Bug #861546 [notary] nmu: golang-go.crypto
Marked as found in versions notary/0.1~ds1-1.
> retitle -1 notary: FTBFS with latest golang-go.crypto
Bug #861546 [notary] nmu: golang-go.crypto
Changed Bug title to 'notary: FTBFS with latest golang-go.crypto' from 'nmu: 
golang-go.crypto'.
> severity -1 serious
Bug #861546 [notary] notary: FTBFS with latest golang-go.crypto
Severity set to 'serious' from 'normal'
> clone 861432 -2
Bug #861432 [release.debian.org] nmu: golang-go.crypto
Bug 861432 cloned as bug 861547
860429 was blocked by: 861546 861432
860429 was blocking: 859655
Added blocking bug(s) of 860429: 861547
> reassign -2 nomad 0.4.0+dfsg-1
Bug #861547 [release.debian.org] nmu: golang-go.crypto
Bug reassigned from package 'release.debian.org' to 'nomad'.
Ignoring request to alter found versions of bug #861547 to the same values 
previously set
Ignoring request to alter fixed versions of bug #861547 to the same values 
previously set
Bug #861547 [nomad] nmu: golang-go.crypto
Marked as found in versions nomad/0.4.0+dfsg-1.
> retitle -2 nomad: FTBFS with latest golang-go.crypto
Bug #861547 [nomad] nmu: golang-go.crypto
Changed Bug title to 'nomad: FTBFS with latest golang-go.crypto' from 'nmu: 
golang-go.crypto'.
> severity -2 serious
Bug #861547 [nomad] nomad: FTBFS with latest golang-go.crypto
Severity set to 'serious' from 'normal'
> clone 861432 -3
Bug #861432 [release.debian.org] nmu: golang-go.crypto
Bug 861432 cloned as bug 861548
860429 was blocked by: 861546 861547 861432
860429 was blocking: 859655
Added blocking bug(s) of 860429: 861548
> reassign -3 packer 0.10.2+dfsg-4
Bug #861548 [release.debian.org] nmu: golang-go.crypto
Bug reassigned from package 'release.debian.org' to 'packer'.
Ignoring request to alter found versions of bug #861548 to the same values 
previously set
Ignoring request to alter fixed versions of bug #861548 to the same values 
previously set
Bug #861548 [packer] nmu: golang-go.crypto
Marked as found in versions packer/0.10.2+dfsg-4.
> retitle -3 packer: FTBFS with latest golang-go.crypto
Bug #861548 [packer] nmu: golang-go.crypto
Changed Bug title to 'packer: FTBFS with latest golang-go.crypto' from 'nmu: 
golang-go.crypto'.
> severity -3 serious
Bug #861548 [packer] packer: FTBFS with latest golang-go.crypto
Severity set to 'serious' from 'normal'
> clone 861432 -4
Bug #861432 [release.debian.org] nmu: golang-go.crypto
Bug 861432 cloned as bug 861549
860429 was blocked by: 861548 861546 861547 861432
860429 was blocking: 859655
Added blocking bug(s) of 860429: 861549
> reassign -4 systemd-docker 0.2.1+dfsg-2
Bug #861549 [release.debian.org] nmu: golang-go.crypto
Bug reassigned from package 'release.debian.org' to 'systemd-docker'.
Ignoring request to alter found versions of bug #861549 to the same values 
previously set
Ignoring request to alter fixed versions of bug #861549 to the same values 
previously set
Bug #861549 [systemd-docker] nmu: golang-go.crypto
Marked as found in versions systemd-docker/0.2.1+dfsg-2.
> retitle -4 systemd-docker: FTBFS with latest golang-go.crypto
Bug #861549 [systemd-docker] nmu: golang-go.crypto
Changed Bug title to 'systemd-docker: FTBFS with latest golang-go.crypto' from 
'nmu: golang-go.crypto'.
> severity -4 serious
Bug #861549 [systemd-docker] systemd-docker: FTBFS with latest golang-go.crypto
Severity set to 'serious' from 'normal'
> clone 861432 -5
Bug #861432 [release.debian.org] nmu: golang-go.crypto
Bug 861432 cloned as bug 861550
860429 was blocked by: 861548 861546 861547 861432 861549
860429 was blocking: 859655
Added blocking bug(s) of 860429: 861550
> reassign -5 docker-swarm 1.2.5+dfsg-2
Bug #861550 [release.debian.org] nmu: golang-go.crypto
Bug reassigned from package 'release.debian.org' to 'docker-swarm'.
Ignoring request to alter found versions of bug #861550 to the same values 
previously set
Ignoring request to alter fixed versions of bug #861550 to the same values 
previously set
Bug #861550 [docker-swarm] nmu: golang-go.crypto
Marked as found in versions docker-swarm/1.2.5+dfsg-2.
> retitle -5 docker-swarm: FTBFS with latest golang-go.crypto
Bug #861550 [docker-swarm] nmu: golang-go.crypto
Changed Bug title to 'docker-swarm: FTBFS with latest golang-go.crypto' from 
'nmu: golang-go.crypto'.
> severity -5 serious
Bug #861550 [docker-swarm] docker-swarm: FTBFS with latest golang-go.crypto
Severity set to

Bug#858180: marked as done (unblock: diaspora-installer/0.6.3.0+debian3)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 19:01:39 +0200
with message-id <20170430170139.xdgg7zm4this3...@betterave.cristau.org>
and subject line Re: Bug#858180: unblock: diaspora-installer/0.6.3.0+debian2
has caused the Debian Bug report #858180,
regarding unblock: diaspora-installer/0.6.3.0+debian3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858180
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package diaspora-installer

This fixes RC bug #856720

migrate-to-0.6.3.0.sh is just used as a note, its not used anywhere and
its not installed.

unblock diaspora-installer/0.6.3.0+debian2

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ml_IN.UTF-8, LC_CTYPE=ml_IN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru diaspora-installer-0.6.3.0+debian1/debian/changelog 
diaspora-installer-0.6.3.0+debian2/debian/changelog
--- diaspora-installer-0.6.3.0+debian1/debian/changelog 2017-01-26 
04:39:32.0 +0530
+++ diaspora-installer-0.6.3.0+debian2/debian/changelog 2017-03-17 
11:43:04.0 +0530
@@ -1,3 +1,12 @@
+diaspora-installer (0.6.3.0+debian2) unstable; urgency=medium
+
+  * Change section to net (Closes: #832219)
+  * Crete public/source.tar.gz only if the file is missing
+  * Fix diaspora backup logic for updates (to remove files removed upstream)
+(Closes: #856720)
+
+ -- Pirate Praveen   Fri, 17 Mar 2017 11:43:04 +0530
+
 diaspora-installer (0.6.3.0+debian1) unstable; urgency=medium
 
   * Install 0.6.3.0 version
diff -Nru diaspora-installer-0.6.3.0+debian1/debian/control 
diaspora-installer-0.6.3.0+debian2/debian/control
--- diaspora-installer-0.6.3.0+debian1/debian/control   2017-01-26 
04:39:32.0 +0530
+++ diaspora-installer-0.6.3.0+debian2/debian/control   2017-03-15 
10:12:32.0 +0530
@@ -1,5 +1,5 @@
 Source: diaspora-installer
-Section: ruby
+Section: net
 Priority: optional
 Maintainer: Debian Ruby Extras Maintainers 

 Uploaders: Pirate Praveen 
@@ -15,7 +15,7 @@
 
 Package: diaspora-installer
 Architecture: all
-Section: contrib/ruby
+Section: contrib/net
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: build-essential,
  diaspora-common (= ${source:Version}),
diff -Nru diaspora-installer-0.6.3.0+debian1/debian/postinst 
diaspora-installer-0.6.3.0+debian2/debian/postinst
--- diaspora-installer-0.6.3.0+debian1/debian/postinst  2017-01-26 
04:39:32.0 +0530
+++ diaspora-installer-0.6.3.0+debian2/debian/postinst  2017-03-17 
11:12:41.0 +0530
@@ -56,8 +56,9 @@
 
echo "Precompiling assets..."
su diaspora -s /bin/sh -c 'bundle exec rake tmp:cache:clear 
assets:precompile'
+# preinst creates backup (to be able to remove files removed upstream)
 echo "Remove backup..."
-rm -rf ${diaspora_home}-backup.*
+rm -rf ${diaspora_home}/.backup.*
 
 # Starting diaspora
 service diaspora start
diff -Nru diaspora-installer-0.6.3.0+debian1/debian/preinst 
diaspora-installer-0.6.3.0+debian2/debian/preinst
--- diaspora-installer-0.6.3.0+debian1/debian/preinst   2017-01-26 
04:39:32.0 +0530
+++ diaspora-installer-0.6.3.0+debian2/debian/preinst   2017-03-17 
11:12:41.0 +0530
@@ -2,6 +2,7 @@
 set -e
 
 diaspora_home=/usr/share/diaspora
+diaspora_symlinks_list="Gemfile.lock log tmp app/assets bin/bundle 
vendor/bundle db/schema.rb config/database.yml config/diaspora/yml"
 
 # Fix bin symlink set by earlier versions
 if test -L ${diaspora_home}/bin
@@ -10,20 +11,21 @@
 fi
 
 # Backup the previous version
-# Just keep the config and vendor/bundle
+# Just keep the modified files/directories
+# We need this to remove files removed upstream
 backup() {
-cp -r ${diaspora_home}/config ${diaspora_home}-config
-cp -r ${diaspora_home}/vendor/bundle ${diaspora_home}-vendor-bundle
-cp -r ${diaspora_home}/.bundle ${diaspora_home}.bundle
 backup_suffix=$(openssl rand -hex 4)
-mv ${diaspora_home} ${diaspora_home}-backup.${backup-suffix}
-mkdir ${diaspora_home}
-mkdir ${diaspora_home}/vendor
-mv ${diaspora_home}-config ${diaspora_home}/config
-mv

Bug#861432: nmu: golang-go.crypto

2017-04-30 Thread Ivo De Decker 
# cloning the bug, see below
clone 861432 -1
reassign -1 notary 0.1~ds1-1
retitle -1 notary: FTBFS with latest golang-go.crypto
severity -1 serious
clone 861432 -2
reassign -2 nomad 0.4.0+dfsg-1
retitle -2 nomad: FTBFS with latest golang-go.crypto
severity -2 serious
clone 861432 -3
reassign -3 packer 0.10.2+dfsg-4
retitle -3 packer: FTBFS with latest golang-go.crypto
severity -3 serious
clone 861432 -4
reassign -4 systemd-docker 0.2.1+dfsg-2
retitle -4 systemd-docker: FTBFS with latest golang-go.crypto
severity -4 serious
clone 861432 -5
reassign -5 docker-swarm 1.2.5+dfsg-2
retitle -5 docker-swarm: FTBFS with latest golang-go.crypto
severity -5 serious
clone 861432 -6
reassign -6 grafana 2.6.0+dfsg-3
retitle -6 grafana: FTBFS with latest golang-go.crypto
severity -6 serious
clone 861432 -7
reassign -7 docker.io 1.13.0~ds1-3
retitle -7 docker.io: FTBFS with latest golang-go.crypto
severity -7 serious
thanks

Hi,

On Fri, Apr 28, 2017 at 06:16:04PM -0500, Michael Lustfield wrote:
> Bug #859655 [3] has been fixed in unstable. This addresses a CVE bug, but also
> requires all reverse build dependencies be rebuilt. After this package has
> migrated to testing, there will be 62-64 packages that need rebuilding as 
> well.
> 
> I have run build tests in both unstable and testing for this update using an
> amd64 sbuild environment. For reference, the results:
> 
> testing:
>   success: 62,  failed: 2 (being addressed)
> unstable
>   success: 107, failed: 7 (unchecked)
> 
> 
> For the moment, I need the 107 packages in this list [1] to rebuilt in 
> unstable.
> ... wanna build? :)

[list of wb commands]

I scheduled the binNMUs. Please note that we currently cannot schedule binNMUs
for arch:all packages. So these are not rebuilt. The other ones should be ok
(with the exception of restic, but you already filed #861431 for that).

> [2] failed (not included above):

Thanks for testing all this.

> notary_0.1~ds1-1 (see buildlogs/notary_0.1~ds1-1)
> nomad_0.4.0+dfsg-1 (see buildlogs/nomad_0.4.0+dfsg-1)
> packer_0.10.2+dfsg-4 (see buildlogs/packer_0.10.2+dfsg-4)
> systemd-docker_0.2.1+dfsg-2 (see buildlogs/systemd-docker_0.2.1+dfsg-2)
> docker-swarm_1.2.5+dfsg-2 (see buildlogs/docker-swarm_1.2.5+dfsg-2)
> grafana_2.6.0+dfsg-3 (see buildlogs/grafana_2.6.0+dfsg-3)
> docker.io_1.13.0~ds1-3 (see buildlogs/docker.io_1.13.0~ds1-3)

I cloned this bug for each of them, to track the issue. It looks like only
packer is in testing. It doesn't seem to have any rdeps, so if it cannot be
fixed, we can just remove it. Obviously, a fix would be better :)

Cheers,

Ivo

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_mips.changes
  ACCEPT

Re: Bug#741233: qa.debian.org: send periodic emails for testing migration issues

2017-04-30 Thread Julien Cristau 
On Fri, Mar 17, 2017 at 15:29:10 +0100, Mattia Rizzolo wrote:

> CC-ing d-release.
> 
> On Mon, Mar 10, 2014 at 02:35:13PM +0530, Ritesh Raj Sarraf wrote:
> > There are multiple reasons for packages not migrating to testing.
> > Currently, AFAIK, the maintainer has no automated way of knowing this.
> > 
> > It would be good if an automated email is send whenever a migration is
> > stalled for some reason.
> 
> Ubuntu recently implemented this in their britney instance, see the
> commits starting by
> https://git.launchpad.net/~ubuntu-release/britney/+git/britney2-ubuntu/commit/?id=2775a5435ca04a11f9692054ffdf5bd3bc1982fa
> 
> I also concour this is a great idea, but I wonder if this should rather
> go in britney2 (as Ubuntu did) or somewhere else, and whether it should
> be maintained by the release team or some other team; I already find
> weird that the testing watcher is not run by them.
> 
Patches welcome, I guess?  I would argue there's value in a central
thing sending that sort of mail rather than each service sending its own
separate reminders.  Once upon a time ddpo-by-mail sort of did this, I think?

Cheers,
Julien

Bug#857345: marked as done (jessie-pu: package debootstrap/1.0.72)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 18:47:02 +0200
with message-id <20170430164702.wipykb4orew3y...@betterave.cristau.org>
and subject line Re: Bug#857345: jessie-pu: package debootstrap/1.0.72
has caused the Debian Bug report #857345,
regarding jessie-pu: package debootstrap/1.0.72
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857345: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

The fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757819 needs to be
available in jessie to solve problems with using --foreign with any Stretch
bootstrap operation. Would this be possible to do as an upload to 
proposed-updates
and would this fix be acceptable for the next Jessie point release?

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On Fri, Mar 10, 2017 at 09:32:19 +, Neil Williams wrote:

> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> The fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757819 needs to 
> be
> available in jessie to solve problems with using --foreign with any Stretch
> bootstrap operation. Would this be possible to do as an upload to 
> proposed-updates
> and would this fix be acceptable for the next Jessie point release?
> 
Feels too much of a cornercase to me to warrant a change in stable.

Cheers,
Julien--- End Message ---

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_amd64.changes
  ACCEPT
Processing changes file: linux_3.16.43-2_powerpc.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_powerpc.changes
  ACCEPT

Re: Bug#856603: RFS: arc-theme/20170302-1

2017-04-30 Thread Michael Biebl 
Am 30.04.2017 um 18:39 schrieb Julien Cristau:
> On Fri, Mar 31, 2017 at 16:57:18 +, Gianfranco Costamagna wrote:
> 
>> Hello,
>>
>>
 3.22.9-1 is a whole new upstream release, with changes that actively break
 unrelated packages.  As you just mentioned, it does at least require themes
 to be updated, and, as usual for GTK 3 new releases, probably a bunch of
 gtk-3 using programs as well.
>>>
>>> That's not usual for point releases, in this case a bad change slipped 
>>> through.
>>> That has been fixed in 3.22.9-3.
>>> That bug was introduced in 3.22.9, it doesn't affect 3.22.8. So no, nothing
>>> needs to go through tpu.
>>>
>>> BTW thanks for the notice about this regression.
>>
>>
>> so, now that 3.22.11 is going to go in testing... can we upload this one?
>>
> If something was not appropriate 2 months ago, it is even less so now...

I want to add, that the relevant changes in gtk have been reverted
upstream as well in 3.22.10. So no changes should be necessary for
arc-theme.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: Bug#856603: RFS: arc-theme/20170302-1

2017-04-30 Thread Julien Cristau 
On Fri, Mar 31, 2017 at 16:57:18 +, Gianfranco Costamagna wrote:

> Hello,
> 
> 
> >> 3.22.9-1 is a whole new upstream release, with changes that actively break
> >> unrelated packages.  As you just mentioned, it does at least require themes
> >> to be updated, and, as usual for GTK 3 new releases, probably a bunch of
> >> gtk-3 using programs as well.
> >
> >That's not usual for point releases, in this case a bad change slipped 
> >through.
> >That has been fixed in 3.22.9-3.
> >That bug was introduced in 3.22.9, it doesn't affect 3.22.8. So no, nothing
> >needs to go through tpu.
> >
> >BTW thanks for the notice about this regression.
> 
> 
> so, now that 3.22.11 is going to go in testing... can we upload this one?
> 
If something was not appropriate 2 months ago, it is even less so now...

Cheers,
Julien

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_s390x.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_s390x.changes
  ACCEPT

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: shadow_4.2-3+deb8u2_allonly.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_amd64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_arm64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_armel.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_i386.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_mips.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u2_s390x.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_multi.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_amd64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_arm64.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_armel.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_armhf.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_i386.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_mips.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_mipsel.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_powerpc.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_ppc64el.changes
  ACCEPT
Processing changes file: shadow_4.2-3+deb8u3_s390x.changes
  ACCEPT
Processing changes file: vlc_2.2.5-1~deb8u1_amd64.changes
  ACCEPT

Bug#859255: binNMU needed for more R packages.

2017-04-30 Thread Julien Cristau 
On Sat, Apr  1, 2017 at 15:24:53 +0900, Charles Plessy wrote:

> Package: release.debian.org
> Severity: grave
> X-Debbugs-CC: debian-...@lists.debian.org, debian-scie...@lists.debian.org
> 
> Hello again,
> 
> as a follow-up to #858183, I looked at which other R Bioconductor
> packages were broken by R 3.3.3-1, and it seems that the previous round
> of binNMUs did not repair some of them.
> 
> Can you make the followig binNMUs ?
> 
> nmu r-bioc-rsamtools_1.26.1-2 . ANY . -m "Rebuild for R 3.3.3." 
> nmu r-bioc-shortread_1.32.0-1 . ANY . -m "Rebuild for R 3.3.3." 
> nmu r-bioc-variantannotation_1.20.2-1 . ANY . -m "Rebuild for R 3.3.3." 
> nmu r-bioc-genomicalignments_1.10.0-1 . ANY . -m "Rebuild for R 3.3.3." 
> 
> Note to debian-science: there are also R CRAN packages that fail with R
> 3.3.3, (r-cran-lubridate, r-cran-spam), but I am not yet sure if a
> binNMU is enough.
> 
binNMUs are not an acceptable way to deal with silent breakage.  If R
3.3.3-1 breaks reverse dependencies, it needs to not be co-installable
with them.

Cheers,
Julien

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_ppc64el.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_armel.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_armhf.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_i386.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_mips.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_ppc64el.changes
  ACCEPT

Processed: Re: Bug#859846: jessie-pu: package vlc/2.2.5-1~deb8u1

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #859846 [release.debian.org] jessie-pu: package vlc/2.2.5-1~deb8u1
Added tag(s) pending.

-- 
859846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859846
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859846: jessie-pu: package vlc/2.2.5-1~deb8u1

2017-04-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sun, 2017-04-30 at 13:06 +0200, Sebastian Ramacher wrote:
> On 2017-04-28 17:51:21, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Fri, 2017-04-07 at 19:45 +0200, Sebastian Ramacher wrote:
> > > I'd like to update vlc to the latest upstream bug fix release in jessie. 
> > > It
> > > fixes various integer and buffer overflows, NULL pointer dereferences, 
> > > division
> > > by zero errors, heap corruptions that can be triggered during playback.
> > 
> > Please go ahead, bearing in mind that the window for 8.8 closes during
> > the weekend.
> 
> Thanks, uploaded.

Flagged for acceptance.

Regards,

Adam

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: ndisc6_1.0.1-1+deb8u1_amd64.changes
  REJECT
Processing changes file: ndisc6_1.0.1-1+deb8u1_arm64.changes
  ACCEPT

RFC: Auto-decruft of tpu (NVIT)

2017-04-30 Thread Niels Thykier 
Hi,

I have devised two patches to make dak auto-decruft
testing-proposed-updates.  It uses the same algorithm as the
auto-decruft for experimental with the only difference that it uses ">="
rather than ">" for the "--if-newer-version-in" check.

 * These changes would make dak clean up tpu for us automatically once
   a tpu candidate migrates.  (\o/ for less manual work)

 * It is not going to replace our manual removal trigger.  Sometimes we
   need to reject an upload.

 * This would main that the removals end up in the removal log.  I am
   not sure if that matters.

The patches are also available on ssh://respighi.d.o:~nthykier/dak from
the "auto-decruft-for-tpu" branch, where the commits have been signed by
my gpg key.

Thanks,
~Niels



0001-dak-auto-decruft-Support-decrufting-equal-versions-f.patch
Description: application/mbox


0002-dinstall-Auto-decruft-tpu.patch
Description: application/mbox

Bug#861541: jessie-pu: package kedpm/1.0

2017-04-30 Thread Antoine Beaupre 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

A security issue came up in kedpm as shipped in stable (CVE-2017-8296,
#860817). It was marked "no-dsa" by the security team, to be fixed in
the next point release.

This is therefore my attempt at shipping that update. Unfortunately, I
will be offline very soon, for all of may, so it is unlikely that I
will be able to perform the upload myself, but hopefully someone can
take this and run if I don't respond in time to your permission. :)

Attached is the debdiff, I hope that covers it all...

A.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru kedpm-1.0/debian/changelog kedpm-1.0+deb8u1/debian/changelog
--- kedpm-1.0/debian/changelog  2012-11-30 15:45:14.0 -0500
+++ kedpm-1.0+deb8u1/debian/changelog   2017-04-26 20:44:11.0 -0400
@@ -1,3 +1,10 @@
+kedpm (1.0+deb8u1) jessie; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * fix information leak via command history file (Closes: #860817)
+
+ -- Antoine Beaupré   Wed, 26 Apr 2017 20:44:11 -0400
+
 kedpm (1.0) unstable; urgency=low
 
   * New upstream release.
diff -Nru 
kedpm-1.0/debian/patches/0001-always-prompt-for-password-and-do-not-save-to-databa.patch
 
kedpm-1.0+deb8u1/debian/patches/0001-always-prompt-for-password-and-do-not-save-to-databa.patch
--- 
kedpm-1.0/debian/patches/0001-always-prompt-for-password-and-do-not-save-to-databa.patch
1969-12-31 19:00:00.0 -0500
+++ 
kedpm-1.0+deb8u1/debian/patches/0001-always-prompt-for-password-and-do-not-save-to-databa.patch
 2017-04-26 20:43:55.0 -0400
@@ -0,0 +1,61 @@
+From b8f7e8b3b2cb37425cb89b205c9836c6ac02a048 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
+Date: Wed, 26 Apr 2017 16:58:56 -0400
+Subject: [PATCH 1/2] always prompt for password and do not save to database
+
+---
+ kedpm/frontends/cli.py | 38 +++---
+ 1 file changed, 15 insertions(+), 23 deletions(-)
+
+diff --git a/kedpm/frontends/cli.py b/kedpm/frontends/cli.py
+index c343138..27cfb70 100644
+--- a/kedpm/frontends/cli.py
 b/kedpm/frontends/cli.py
+@@ -591,29 +591,21 @@ def complete_rename(self, text, line, begidx, endidx):
+ return self.complete_dirs(text, line, begidx, endidx)
+ 
+ def do_passwd(self, arg):
+-"""Change master password for opened database
+-
+-Syntax:
+-password [new password]
+-
+-If new password is not provided with command, you will be promted to enter new
+-one.
+-"""
+-
+-if not arg:
+-# Password is not provided with command. Ask user for it
+-pass1 = getpass(_("New password: "))
+-pass2 = getpass(_("Repeat password: "))
+-if pass1 == '':
+-print _("Empty passwords are really insecure. You should " \
+-"create one.")
+-return
+-if pass1!=pass2:
+-print _("Passwords don't match! Please repeat.")
+-return
+-new_pass = pass1
+-else:
+-new_pass = arg
++"""Change master password for opened database"""
++
++# remove possibly master password from history file
++readline.remove_history_item(readline.get_current_history_length()-1)
++# Password is not provided with command. Ask user for it
++pass1 = getpass(_("New password: "))
++pass2 = getpass(_("Repeat password: "))
++if pass1 == '':
++print _("Empty passwords are really insecure. You should " \
++"create one.")
++return
++if pass1!=pass2:
++print _("Passwords don't match! Please repeat.")
++return
++new_pass = pass1
+ 
+ self.pdb.changePassword(new_pass)
+ self.printMessage(_("Password changed."))
+-- 
+2.11.0
+
diff -Nru kedpm-1.0/debian/patches/series kedpm-1.0+deb8u1/debian/patches/series
--- kedpm-1.0/debian/patches/series 1969-12-31 19:00:00.0 -0500
+++ kedpm-1.0+deb8u1/debian/patches/series  2017-04-26 20:43:55.0 
-0400
@@ -0,0 +1 @@
+0001-always-prompt-for-password-and-do-not-save-to-databa.patch

Re: Bug#857296: [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k

2017-04-30 Thread Helmut Grohne 
severity -1 serious
thanks

On Tue, Mar 21, 2017 at 01:32:55PM -0400, Camm Maguire wrote:
> Greetings and thanks for your report!  Am looking into this now

It seems your looking takes longer than expected and you didn't give any
reason for downgrading the severity. I don't think stretch should
release with such a broken hol88-library. This bug is release-critical
for two reasons:

 * The arm64 package is completely useless (actually qualifies for
   grave).
 * It violates policy by not checking for build failures.

So given little maintainer interest, I hereby ask the autoremover to do
its work.

Helmut

Bug#859255: binNMU needed for more R packages.

2017-04-30 Thread Niels Thykier 
Charles Plessy:
> Le Sat, Apr 22, 2017 at 11:25:23PM +0900, Charles Plessy a écrit :
>>
>> Actually the rebuild was not enough and today I finally understood that
>> r-bioc-xvector also needs a rebuild (despite its own regression tests
>> did not fail).  Unfortunately R in Sid is now ahead of Testing, and the
>> Debian build system that we use will force a dependency on Sid's version
>> if it goes on the usuall buildds.
>>
>> Is it possible to binNMU in Testing, or shall I upload a source update to
>> testing-proposed-updates ?
> 
> Hello Niels and everybody,
> 
> I just uploaded r-bioc-xvector to testing-proposed-updates.  I checked
> in a clean chroot that the amd64 package that I built resolves the
> breakage of its downstream dependency r-bioc-rsamtools (whose autopkg
> tests fail with the current r-bioc-xvector).
> 
> Cheers,
> 
> Charles
> 

Hi Charles,

Thanks for following up on this issue.

We need unstable to have higher version than testing.  Therefore we
cannot use the tpu upload (as-is) because it would violate that rule.  I
will try to solve this with some binNMU magic.  Failing that, we will
need an upload of r-bioc-xvector to ensure that the versions align
correctly.

I will be in touch. :)

Thanks,
~Niels

Bug#861535: unblock: file/1:5.30-1 (was: Seeking pre-approval to upload new file upstream version for stretch)

2017-04-30 Thread Christoph Biedl 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Hello,

please unblock file 1:5.30-1 I've uploaded to unstable.

Short version:

This upload

* fixes several issues in 1:5.29-3, including an assertion failure
  triggerable from certain files,
* includes more than twenty(!) commits from the upstream git since the
  5.30 release that, by their description, seem prudent to include
  security-wise, and
* otherwise tries hard to not change the detection of files.


A bit longer:

There are a few issues in the stretch version of file (1:5.29-3) that
in my opinion make it unfit for release. The most important one is an
easily triggerable crash (assertion failure) I found a while ago,
upstream was alerted in private. This issue was introduced in version
1:5.29-1 and is not public yet, at least not from my side.

The delta between 1:5.29-3 and upstream's 5.30 release is pretty small:
These are bug fixes like for the one mentioned above, several changes
that seem to address issues, some documentation and/or not affecting the
execution. There are two changes that introduce new features, I've
reverted them to reduce the impact (also, they looked somewhat fishy).
Initially, forwarding to 5.30 promised a smaller and better arranged
debian/patches/.

Since upstream's 5.30 release however, there have been a lot of commits
that address more issues, usually they contain a remark "oss-fuzz", so
appearently somebody has spent quite some time searching for flawed
code. One commit contains a remark "Although I can't reproduce it"
which implies at least some of the other commits fix an exploitable
issue. So I decided the cherry-pick *all* of them plus prerequisites in
the hope this will avoid some security uploads during the stretch life
cycle. They all can be found in debian/patches/, one patch per commit.


As with every upload of file, I ran a test on a huge collection of
files in order to detect unexpected changes. I have to admit there are
some minor ones: For some files not all the gory details are shown any
longer, basic detection still works. These were introduced by the
changes that should fix issues in the code.

Additional details, like discussion of every single change between
1:5.29-3 and 1:5.30-1 available upon request.

Regards,

Christoph


signature.asc
Description: Digital signature

NEW changes in stable-new

2017-04-30 Thread Debian FTP Masters 
Processing changes file: linux_3.16.43-2_multi.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_multi.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_amd64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_arm64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_armel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_armhf.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_i386.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_mips.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.28-0+deb8u1_s390x.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_amd64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_arm64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_armel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_armhf.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_i386.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_mips.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.29-0+deb8u1_s390x.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_amd64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_arm64.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_armel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_armhf.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_i386.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_mips.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u1_s390x.changes
  ACCEPT
Processing changes file: mariadb-10.0_10.0.30-0+deb8u2_amd64.changes
  ACCEPT
Processing changes file: ndisc6_1.0.1-1+deb8u1_amd64.changes
  ACCEPT

Bug#858996: jessie-pu: package mariadb-10.0/10.0.30-0+deb8u2

2017-04-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sat, 2017-04-29 at 21:12 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-04-29 at 22:00 +0200, Ondřej Surý wrote:
> > Control: tags 858996 -moreinfo
> > 
> > JFTR mariadb-server-10.1 10.1.22-3 that contained the same change has
> > migrade to testing on 2017-04-06 and nobody has complained since, so I
> > am humbly asking for review of this change in jessie.
> 
> Please feel free to upload, but bear in mind that the window for 8.8 is
> closing during this weekend.

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#858996: jessie-pu: package mariadb-10.0/10.0.30-0+deb8u2

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #858996 [release.debian.org] jessie-pu: package 
mariadb-10.0/10.0.30-0+deb8u2
Added tag(s) pending.

-- 
858996: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858996
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#859475: jessie-pu: package ndisc6/1.0.1-1+deb8u1

2017-04-30 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #859475 [release.debian.org] jessie-pu: package ndisc6/1.0.1-1+deb8u1
Added tag(s) pending.

-- 
859475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859475
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859475: jessie-pu: package ndisc6/1.0.1-1+deb8u1

2017-04-30 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sun, 2017-04-30 at 00:05 +0200, Bernhard Schmidt wrote:
> On Fri, Apr 28, 2017 at 05:45:17PM +0100, Adam D. Barratt wrote:
> 
> Hi Adam,
> 
> > On Tue, 2017-04-04 at 00:40 +0200, Bernhard Schmidt wrote:
> > > the package rdnssd (from src:ndisc6) provides a daemon that listens to 
> > > IPv6 RA
> > > messages containing RDNSS (recursive DNS servers) information, and adds 
> > > this
> > > information to /etc/resolv.conf. It is automatically installed by d-i if 
> > > this
> > > information is found during installation.
> > > 
> > > If resolvconf is installed managing and merging of /etc/resolv.conf is 
> > > handed
> > > over to it. However, if it is not installed the version in Jessie simply
> > > overwrites /etc/resolv.conf, which drops all search list information as 
> > > well as
> > > IPv4 nameservers. This often leads to severe breakage of the installed 
> > > system.
> > > This is tracked in Bug#767071
> > > 
> > > The proposed fix for Jessie will adjust the merge script to be the same 
> > > as in
> > > current upstream and Stretch.
> > 
> > Please go ahead, bearing in mind that the window for the 8.8 point
> > release closes during the weekend.
> 
> Thanks, uploaded and accepted.

Flagged for acceptance into p-u.

Regards,

Adam

Bug#859846: jessie-pu: package vlc/2.2.5-1~deb8u1

2017-04-30 Thread Sebastian Ramacher 
On 2017-04-28 17:51:21, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2017-04-07 at 19:45 +0200, Sebastian Ramacher wrote:
> > I'd like to update vlc to the latest upstream bug fix release in jessie. It
> > fixes various integer and buffer overflows, NULL pointer dereferences, 
> > division
> > by zero errors, heap corruptions that can be triggered during playback.
> 
> Please go ahead, bearing in mind that the window for 8.8 closes during
> the weekend.

Thanks, uploaded.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#861014: marked as done (unblock: python-pyelftools/0.24-2)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 10:19:00 +
with message-id <3742747b-eabe-93a7-a758-faf698a72...@thykier.net>
and subject line Re: Bug#861014: unblock: python-pyelftools/0.24-2
has caused the Debian Bug report #861014,
regarding unblock: python-pyelftools/0.24-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861014: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-pyelftools

The package FTBFSes on i386. The version in unstable fixes it.

unblock python-pyelftools/0.24-2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
diff -Nru python-pyelftools-0.24/debian/changelog 
python-pyelftools-0.24/debian/changelog
--- python-pyelftools-0.24/debian/changelog 2016-08-09 00:29:51.0 
+0200
+++ python-pyelftools-0.24/debian/changelog 2017-04-23 19:43:10.0 
+0200
@@ -1,3 +1,11 @@
+python-pyelftools (0.24-2) unstable; urgency=medium
+
+  * d/control: use debhelper 10
+  * d/watch: use watch version 4
+  * d/patches: disable readelf tests (Closes: #860630)
+
+ -- Tomasz Buchert   Sun, 23 Apr 2017 19:43:10 +0200
+
 python-pyelftools (0.24-1) unstable; urgency=medium
 
   * Imported Upstream version 0.24
diff -Nru python-pyelftools-0.24/debian/compat 
python-pyelftools-0.24/debian/compat
--- python-pyelftools-0.24/debian/compat2016-08-09 00:29:51.0 
+0200
+++ python-pyelftools-0.24/debian/compat2017-04-23 19:43:10.0 
+0200
@@ -1 +1 @@
-9
+10
diff -Nru python-pyelftools-0.24/debian/control 
python-pyelftools-0.24/debian/control
--- python-pyelftools-0.24/debian/control   2016-08-09 00:29:51.0 
+0200
+++ python-pyelftools-0.24/debian/control   2017-04-23 19:43:10.0 
+0200
@@ -2,7 +2,7 @@
 Section: python
 Priority: extra
 Maintainer: Tomasz Buchert 
-Build-Depends: debhelper (>= 9), dh-python, python, python3
+Build-Depends: debhelper (>= 10), dh-python, python, python3
 Standards-Version: 3.9.8
 Homepage: https://github.com/eliben/pyelftools
 Vcs-Git: git://anonscm.debian.org/collab-maint/python-pyelftools.git
diff -Nru 
python-pyelftools-0.24/debian/patches/0001-Don-t-run-readelf-tests-because-they-are-fragile-and.patch
 
python-pyelftools-0.24/debian/patches/0001-Don-t-run-readelf-tests-because-they-are-fragile-and.patch
--- 
python-pyelftools-0.24/debian/patches/0001-Don-t-run-readelf-tests-because-they-are-fragile-and.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-pyelftools-0.24/debian/patches/0001-Don-t-run-readelf-tests-because-they-are-fragile-and.patch
   2017-04-23 19:43:10.0 +0200
@@ -0,0 +1,21 @@
+From: Tomasz Buchert 
+Date: Sun, 23 Apr 2017 19:40:32 +0200
+Subject: Don't run readelf tests, because they are fragile and arch-specific.
+
+---
+ test/all_tests.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/all_tests.py b/test/all_tests.py
+index 4cb8e3c..6467af8 100755
+--- a/test/all_tests.py
 b/test/all_tests.py
+@@ -22,7 +22,7 @@ def main():
+ return 1
+ run_test_script('test/run_all_unittests.py')
+ run_test_script('test/run_examples_test.py')
+-run_test_script('test/run_readelf_tests.py')
++# run_test_script('test/run_readelf_tests.py')
+ 
+ if __name__ == '__main__':
+ sys.exit(main())
diff -Nru python-pyelftools-0.24/debian/patches/series 
python-pyelftools-0.24/debian/patches/series
--- python-pyelftools-0.24/debian/patches/series1970-01-01 
01:00:00.0 +0100
+++ python-pyelftools-0.24/debian/patches/series2017-04-23 
19:43:10.0 +0200
@@ -0,0 +1 @@
+0001-Don-t-run-readelf-tests-because-they-are-fragile-and.patch
diff -Nru python-pyelftools-0.24/debian/watch 
python-pyelftools-0.24/debian/watch
--- python-pyelftools-0.24/debian/watch 2016-08-09 00:29:51.0 +0200
+++ python-pyelftools-0.24/debian/watch 2017-04-23 19:43:10.0 +0200
@@ -1,3 +1,3 @@
-version=3
+version=4
 opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/python-pyelftools-$1\.tar\.gz/ \
   https://github.com/eliben/pyelftools/tags .*/v?(\d\S*)\.tar\.gz
--- End Message ---
--- Begin Message ---
Tomasz

Bug#861014: unblock: python-pyelftools/0.24-2

2017-04-30 Thread Tomasz Buchert 
On 29/04/17 12:26, Niels Thykier wrote:
> [...]
>
> Yes please.  Upload a -3 to unstable reverting just the debhelper compat
> bump from -2.
>
> Thanks,
> ~Niels

Yep, I've just uploaded -3.

Tomasz


signature.asc
Description: PGP signature

Bug#861525: marked as done (unblock: lintian/2.5.50.2)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 09:05:50 +
with message-id 
and subject line unblock lintian
has caused the Debian Bug report #861525,
regarding unblock: lintian/2.5.50.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861525
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package lintian

The 2.5.50.2 unload works around a "perl stack" corruption (not to be
confused with perl's C stack) and makes a gnuplot file compability
with gnuplot 5 (so it works with the version we are shipping in
stretch).

I will expand on the stack corruption below in case it is relevant for
your understanding of the issue and the fix[1]. That said, the fix is
shorter than my explanation, so you may just want to skip ahead to the
debdiff.

unblock lintian/2.5.50.2

Thanks,
~Niels

[1]
Perl stack corruption
=

For most runs, "perl stack" corruption occurs but perl never notices
it until it has to unwind the stack to the point of the corruption.
On a successful run, the lintian tools will always exit from their
main sub and therefore avoid the issue.  To reproduce this bug, you
will have to cause the tool to throw an exception that generates a
stack trace (or unwinds past the main sub).

That is very trivial to do with the reporting framework (but could in
theory happen in lintian-info and lintian-lab-tool).  It cannot be
reproduced in lintian itself.  Lintian 2.5.50.2 is started via an
"exec" call after the stack corruption, so lintian cannot unwind to
the corrupted stack.

To reproduce, install lintian 2.5.50.1 and run:

"""
$ mkdir empty-dir
$ /usr/share/lintian/frontend/dplint reporting-sync-state \
  --state-dir empty-dir \
  --mirror-path /value-does-not-matter \
  --distributions value-does-not-matter \
  --architectures value-does-not-matter \
  --mirror-areas value-does-not-matter \
  --desired-version 2.5.50.1
Can't locate object method "errno" via package "Bizarre copy of ARRAY in list 
assignment at /usr/share/perl/5.24/Carp.pm line 229.
" (perhaps you forgot to load "Bizarre copy of ARRAY in list assignment at 
/usr/share/perl/5.24/Carp.pm line 229.
"?) at /usr/share/perl5/Lintian/Util.pm line 1614.
"""

The output here is a "double fault".  First, perl notices the
corruption and throws a string exception with the text:

  "Bizarre copy of ARRAY in list assignment at /usr/share/perl/5.24/Carp.pm 
line 229.\n"

Lintian catches this assuming it is an autodie exception and then
tries to call the "errno" method on it.  Obviously this fails again
leading to the weird error message.

The work around for this is to avoid passing the "@ARGV" variable on
the stack (i.e. passing as an argument to a perl sub).  That way, the
perl stack is not corrupted when Getopt::Long parses the options.


Thanks,
~Niels
--- End Message ---
--- Begin Message ---
Unblocked lintian.--- End Message ---

Bug#861526: unblock: freetype/2.6.3-3.2

2017-04-30 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi

Please unblock package freetype. It actually has already but it needs
an ack as well for d-i.

The update fixes two CVEs,

 - CVE-2017-8105, #861220
 - CVE-2017-8287, #861308

and adressed in a DSA for stable. Would thus be great to have the
fixes as well in stretch to avoid a regression.

unblock freetype/2.6.3-3.2

Regards,
Salvatore
diff -u freetype-2.6.3/debian/changelog freetype-2.6.3/debian/changelog
--- freetype-2.6.3/debian/changelog
+++ freetype-2.6.3/debian/changelog
@@ -1,3 +1,12 @@
+freetype (2.6.3-3.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
+  * t1_builder_close_contour: Add safety guard (CVE-2017-8287)
+(Closes: #861308)
+
+ -- Salvatore Bonaccorso   Thu, 27 Apr 2017 20:57:40 +0200
+
 freetype (2.6.3-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u freetype-2.6.3/debian/patches-freetype/series 
freetype-2.6.3/debian/patches-freetype/series
--- freetype-2.6.3/debian/patches-freetype/series
+++ freetype-2.6.3/debian/patches-freetype/series
@@ -6,0 +7,2 @@
+CVE-2017-8105-psaux-Better-protect-flex-handling.patch
+CVE-2017-8287-src-psaux-psobjs.c-t1_builder_close_contour-Add-safe.patch
only in patch2:
unchanged:
--- 
freetype-2.6.3.orig/debian/patches-freetype/CVE-2017-8105-psaux-Better-protect-flex-handling.patch
+++ 
freetype-2.6.3/debian/patches-freetype/CVE-2017-8105-psaux-Better-protect-flex-handling.patch
@@ -0,0 +1,43 @@
+From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg 
+Date: Fri, 24 Mar 2017 09:15:10 +0100
+Subject: [PATCH] [psaux] Better protect `flex' handling.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
+
+* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+: Since there is not a single flex operator but a
+series of subroutine calls, malformed fonts can call arbitrary other
+operators after the start of a flex, possibly adding points.  For
+this reason we have to check the available number of points before
+inserting a point.
+---
+diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
+index af7b465..7dd4513 100644
+--- a/src/psaux/t1decode.c
 b/src/psaux/t1decode.c
+@@ -780,10 +780,19 @@
+ /* point without adding any point to the outline*/
+ idx = decoder->num_flex_vectors++;
+ if ( idx > 0 && idx < 7 )
++{
++  /* in malformed fonts it is possible to have other */
++  /* opcodes in the middle of a flex (which don't*/
++  /* increase `num_flex_vectors'); we thus have to   */
++  /* check whether we can add a point*/
++  if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
++goto Syntax_Error;
++
+   t1_builder_add_point( builder,
+ x,
+ y,
+ (FT_Byte)( idx == 3 || idx == 6 ) );
++}
+   }
+   break;
+ 
+-- 
+2.1.4
+
only in patch2:
unchanged:
--- 
freetype-2.6.3.orig/debian/patches-freetype/CVE-2017-8287-src-psaux-psobjs.c-t1_builder_close_contour-Add-safe.patch
+++ 
freetype-2.6.3/debian/patches-freetype/CVE-2017-8287-src-psaux-psobjs.c-t1_builder_close_contour-Add-safe.patch
@@ -0,0 +1,32 @@
+From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg 
+Date: Sun, 26 Mar 2017 08:32:09 +0200
+Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
+ guard.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
+---
+diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
+index d18e821..0baf836 100644
+--- a/src/psaux/psobjs.c
 b/src/psaux/psobjs.c
+@@ -1718,6 +1718,14 @@
+ first = outline->n_contours <= 1
+ ? 0 : outline->contours[outline->n_contours - 2] + 1;
+ 
++/* in malformed fonts it can happen that a contour was started */
++/* but no points were added*/
++if ( outline->n_contours && first == outline->n_points )
++{
++  outline->n_contours--;
++  return;
++}
++
+ /* We must not include the last point in the path if it */
+ /* is located on the first point.   */
+ if ( outline->n_points > 1 )
+-- 
+2.1.4
+

Bug#861525: unblock: lintian/2.5.50.2

2017-04-30 Thread Niels Thykier 
Niels Thykier:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package lintian
> 
> The 2.5.50.2 unload works around a "perl stack" corruption (not to be
> confused with perl's C stack) and makes a gnuplot file compability
> with gnuplot 5 (so it works with the version we are shipping in
> stretch).
> 
> I will expand on the stack corruption below in case it is relevant for
> your understanding of the issue and the fix[1]. That said, the fix is
> shorter than my explanation, so you may just want to skip ahead to the
> debdiff.
> 
> unblock lintian/2.5.50.2
> 
> Thanks,
> ~Niels
> 
> [...]


Fumble-fingered reportbug, here is the debdiff.  The upload is in the
queue and should be ACCEPTed soon. :)

Thanks,
~Niels

diff -Nru lintian-2.5.50.1/debian/changelog lintian-2.5.50.2/debian/changelog
--- lintian-2.5.50.1/debian/changelog   2017-02-04 16:05:07.0 +0100
+++ lintian-2.5.50.2/debian/changelog   2017-04-30 09:40:24.0 +0200
@@ -1,3 +1,16 @@
+lintian (2.5.50.2) unstable; urgency=medium
+
+  * frontend/dplint:
++ [NT] Work around a "Bizarre Copy" bug in perl that could trigger
+  on errors.  Notably, this bug causes the reporting framework in
+  lintian to break with a very non-informative error when the
+  "state-cache" is not present.
+
+  * reporting/graphs/tags.gpi:
++ [NT] Tweak tags.gpi so it works with gnuplot 5.
+
+ -- Niels Thykier   Sun, 30 Apr 2017 07:40:24 +
+
 lintian (2.5.50.1) unstable; urgency=medium
 
   * debian/copyright:
diff -Nru lintian-2.5.50.1/frontend/dplint lintian-2.5.50.2/frontend/dplint
--- lintian-2.5.50.1/frontend/dplint2017-01-29 21:00:48.0 +0100
+++ lintian-2.5.50.2/frontend/dplint2017-04-30 09:34:30.0 +0200
@@ -82,7 +82,7 @@
 }
 
 sub run_tool {
-my ($truename, $tool, @args) = @_;
+my ($truename, $tool) = @_;
 for my $include_dir (@INCLUDE_DIRS) {
 my $tool_path = "$include_dir/commands/${tool}";
 my $tool_pm_path = "${tool_path}.pm";
@@ -92,12 +92,12 @@
 }
 {
 # Scope here it to avoid a warning about exec not returning.
-exec {$tool_path} $truename, @args;
+exec {$tool_path} $truename, @ARGV;
 }
 local $" = ' ';
 error(
 "Running $tool failed!",
-"  Command: $tool_path @args",
+"  Command: $tool_path @ARGV",
 "  Error from exec: $!"
 );
 }
@@ -273,7 +273,7 @@
 error("Built-in $cmd returned unexpectedly");
 }
 $truename //= $cmd;
-run_tool($truename, $cmd, @ARGV);
+run_tool($truename, $cmd);
 error('run_tool returned unexpectedly');
 }
 
diff -Nru lintian-2.5.50.1/frontend/lintian lintian-2.5.50.2/frontend/lintian
--- lintian-2.5.50.1/frontend/lintian   2017-01-29 21:00:48.0 +0100
+++ lintian-2.5.50.2/frontend/lintian   2017-04-30 09:34:30.0 +0200
@@ -82,7 +82,7 @@
 }
 
 sub run_tool {
-my ($truename, $tool, @args) = @_;
+my ($truename, $tool) = @_;
 for my $include_dir (@INCLUDE_DIRS) {
 my $tool_path = "$include_dir/commands/${tool}";
 my $tool_pm_path = "${tool_path}.pm";
@@ -92,12 +92,12 @@
 }
 {
 # Scope here it to avoid a warning about exec not returning.
-exec {$tool_path} $truename, @args;
+exec {$tool_path} $truename, @ARGV;
 }
 local $" = ' ';
 error(
 "Running $tool failed!",
-"  Command: $tool_path @args",
+"  Command: $tool_path @ARGV",
 "  Error from exec: $!"
 );
 }
@@ -273,7 +273,7 @@
 error("Built-in $cmd returned unexpectedly");
 }
 $truename //= $cmd;
-run_tool($truename, $cmd, @ARGV);
+run_tool($truename, $cmd);
 error('run_tool returned unexpectedly');
 }
 
diff -Nru lintian-2.5.50.1/frontend/lintian-info 
lintian-2.5.50.2/frontend/lintian-info
--- lintian-2.5.50.1/frontend/lintian-info  2017-01-29 21:00:48.0 
+0100
+++ lintian-2.5.50.2/frontend/lintian-info  2017-04-30 09:34:30.0 
+0200
@@ -82,7 +82,7 @@
 }
 
 sub run_tool {
-my ($truename, $tool, @args) = @_;
+my ($truename, $tool) = @_;
 for my $include_dir (@INCLUDE_DIRS) {
 my $tool_path = "$include_dir/commands/${tool}";
 my $tool_pm_path = "${tool_path}.pm";
@@ -92,12 +92,12 @@
 }
 {
 # Scope here it to avoid a warning about exec not returning.
-exec {$tool_path} $truename, @args;
+exec {$tool_path} $truename, @ARGV;
 }
 local $" = ' ';
 error(
 "Running $tool failed!",
-"  Command: $tool_path @args",
+"  Command:

Bug#861485: marked as done (unblock: espeak-ng/1.49.0+dfsg-10)

2017-04-30 Thread Debian Bug Tracking System 
Your message dated Sun, 30 Apr 2017 05:58:00 +
with message-id <301bdd7a-2e7d-6841-8fea-d1a3f5f13...@thykier.net>
and subject line Re: Bug#861485: unblock: espeak-ng/1.49.0+dfsg-10
has caused the Debian Bug report #861485,
regarding unblock: espeak-ng/1.49.0+dfsg-10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
861485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861485
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

It was reported in Bug#860891 that the espeak-ng synthesis does
not work any more with at least some mbrola voices, making mbrola
voices useless since mbrola by itself does not take text directly,
but phonemes produced by espeak-ng.  Upstream already fixed it just
by increasing the buffer size to 60ms, which I have now uploaded as
espeak-ng=1.49.0+dfsg-10 (see attached debdiff)

Samuel

unblock espeak-ng/1.49.0+dfsg-10

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Samuel
 je la connaissais pas celle la : "make: Entering an unknown directory"
 -+- #ens-mim -+-
diff -Nru espeak-ng-1.49.0+dfsg/debian/changelog 
espeak-ng-1.49.0+dfsg/debian/changelog
--- espeak-ng-1.49.0+dfsg/debian/changelog  2017-04-09 23:05:00.0 
+0200
+++ espeak-ng-1.49.0+dfsg/debian/changelog  2017-04-29 16:32:54.0 
+0200
@@ -1,3 +1,10 @@
+espeak-ng (1.49.0+dfsg-10) unstable; urgency=medium
+
+  * patches/bufsize: Increase buffersize to 60ms like upstream did, to fix 
using
+MBROLA voices (Closes: Bug#860891).
+
+ -- Samuel Thibault   Sat, 29 Apr 2017 16:32:54 +0200
+
 espeak-ng (1.49.0+dfsg-9) unstable; urgency=medium
 
   * control: Add version to libespeak-ng-libespeak1 Provides
diff -Nru espeak-ng-1.49.0+dfsg/debian/patches/bufsize 
espeak-ng-1.49.0+dfsg/debian/patches/bufsize
--- espeak-ng-1.49.0+dfsg/debian/patches/bufsize2017-01-12 
03:40:37.0 +0100
+++ espeak-ng-1.49.0+dfsg/debian/patches/bufsize2017-04-29 
16:32:54.0 +0200
@@ -5,7 +5,7 @@
// buflength is in mS, allocate 2 bytes per sample
if ((buffer_length == 0) || (output_mode & ENOUTPUT_MODE_SPEAK_AUDIO))
 -  buffer_length = 200;
-+  buffer_length = 50;
++  buffer_length = 60;
  
outbuf_size = (buffer_length * samplerate)/500;
out_start = (unsigned char *)realloc(outbuf, outbuf_size);
--- End Message ---
--- Begin Message ---
Cyril Brulebois:
> Niels Thykier  (2017-04-29):
>> Samuel Thibault:
>>> Package: release.debian.org
>>> Severity: normal
>>> User: release.debian@packages.debian.org
>>> Usertags: unblock
>>>
>>> Hello,
>>>
>>> It was reported in Bug#860891 that the espeak-ng synthesis does
>>> not work any more with at least some mbrola voices, making mbrola
>>> voices useless since mbrola by itself does not take text directly,
>>> but phonemes produced by espeak-ng.  Upstream already fixed it just
>>> by increasing the buffer size to 60ms, which I have now uploaded as
>>> espeak-ng=1.49.0+dfsg-10 (see attached debdiff)
>>>
>>> Samuel
>>>
>>> unblock espeak-ng/1.49.0+dfsg-10
>>>
>>> [...]
>>
>> Ack with me, CC'ing KiBi for a d-i ack.
> 
> Sure, please go ahead.
> 
> 
> KiBi.
> 

Unblocked, thanks.

~Niels--- End Message ---