Bug#862783: marked as done (unblock: readline/7.0-3)
Your message dated Wed, 17 May 2017 05:47:00 + with message-id <4390b264-f1e6-be87-36fb-cd4936206...@thykier.net> and subject line Re: Bug#862783: unblock: readline/7.0-3 has caused the Debian Bug report #862783, regarding unblock: readline/7.0-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862783 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking readline/7.0-3, applying two upstream updates, fixing RC issue #852750 by one of them. --- End Message --- --- Begin Message --- Matthias Klose: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please consider unblocking readline/7.0-3, applying two upstream updates, > fixing > RC issue #852750 by one of them. > Unblocked, thanks. ~Niels--- End Message ---
Bug#862784: marked as done (unblock: debian-edu-config/1.927)
Your message dated Wed, 17 May 2017 05:45:00 + with message-id <04bf09a8-2c2a-7b0a-ba2b-0850a3438...@thykier.net> and subject line Re: Bug#862784: unblock: debian-edu-config/1.927 has caused the Debian Bug report #862784, regarding unblock: debian-edu-config/1.927 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862784 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock x-debbugs-cc: debian-...@lists.debian.org Please unblock package debian-edu-config to fix the serious bug #862652 which is a broken exim4 configuration due the security update for CVE-2016-151 in exim4. Additional changes are minor cleanups to our testsuite. unblock debian-edu-config/1.927 The full changelog is: debian-edu-config (1.927) unstable; urgency=medium [ Wolfgang Schweer ] * Fix broken exim4 configuration, enable security. (Closes: #862652). - Add usr/share/debian-edu-config/tools/exim4-create-cert. - Add usr/share/debian-edu-config/tools/exim4-create-environment. - Adjust cf/cf.exim to use both scripts. - Adjust etc/exim4/exim-ldap-server-v4.conf. + Make it work after the exim4 security fix for CVE-2016-1531. + Improve security: create certificate to enable TLS, re-enable identity check via Kerberos; now only system mail to postmaster is enabled unconditionally; see #794602. * Fix typo in testsuite/network to use the correct LTSP-Server profile name. * Drop ddcprobe and ddccontrol related code from testsuite/hardware. - ddcprobe is part of the package xresprobe, not available in stretch. - ddccontrol belongs to package ddccontrol (monitor database unmaintained since > 10 years) which isn't installed by default. -- Holger LevsenMon, 15 May 2017 18:15:45 +0200 $ debdiff debian-edu-config_1.926.dsc debian-edu-config_1.927.dsc|diffstat cf/cf.exim |5 +++ debian/changelog | 20 ++ etc/exim4/exim-ldap-server-v4.conf | 17 +++- share/debian-edu-config/tools/exim4-create-cert| 23 + share/debian-edu-config/tools/exim4-create-environment | 18 + testsuite/hardware |8 - testsuite/network |2 - 7 files changed, 82 insertions(+), 11 deletions(-) The full debdiff is attached. Thanks for your work on Stretch! -- cheers, Holger diff -Nru debian-edu-config-1.926/cf/cf.exim debian-edu-config-1.927/cf/cf.exim --- debian-edu-config-1.926/cf/cf.exim 2017-01-13 13:11:08.0 +0100 +++ debian-edu-config-1.927/cf/cf.exim 2017-05-15 12:24:33.0 +0200 @@ -16,6 +16,11 @@ shellcommands: + debian.server.installation:: + + "/usr/share/debian-edu-config/tools/exim4-create-cert" + "/usr/share/debian-edu-config/tools/exim4-create-environment" + debian.installation:: "/usr/sbin/exim4 -qff" diff -Nru debian-edu-config-1.926/debian/changelog debian-edu-config-1.927/debian/changelog --- debian-edu-config-1.926/debian/changelog 2017-04-27 19:23:11.0 +0200 +++ debian-edu-config-1.927/debian/changelog 2017-05-15 18:15:45.0 +0200 @@ -1,3 +1,23 @@ +debian-edu-config (1.927) unstable; urgency=medium + + [ Wolfgang Schweer ] + * Fix broken exim4 configuration, enable security. (Closes: #862652). +- Add usr/share/debian-edu-config/tools/exim4-create-cert. +- Add usr/share/debian-edu-config/tools/exim4-create-environment. +- Adjust cf/cf.exim to use both scripts. +- Adjust etc/exim4/exim-ldap-server-v4.conf. + + Make it work after the exim4 security fix for CVE-2016-1531. + + Improve security: create certificate to enable TLS, re-enable +identity check via Kerberos; now only system mail to postmaster +is enabled unconditionally; see #794602. + * Fix typo in testsuite/network to use the correct LTSP-Server profile name. + * Drop ddcprobe and ddccontrol related code from testsuite/hardware. +- ddcprobe is part of the package xresprobe, not available in stretch. +- ddccontrol belongs to package ddccontrol (monitor database unmaintained + since > 10 years) which isn't installed by default. + + -- Holger Levsen Mon, 15 May 2017 18:15:45 +0200 + debian-edu-config (1.926) unstable; urgency=medium [ Holger
Bug#862746: marked as done (unblock: simple-cdd/0.6.5)
Your message dated Wed, 17 May 2017 05:41:00 + with message-id <1b92d737-1951-9c2f-3ea2-e8c6881c3...@thykier.net> and subject line Re: Bug#862746: unblock: simple-cdd/0.6.5 has caused the Debian Bug report #862746, regarding unblock: simple-cdd/0.6.5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862746: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862746 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-b...@lists.debian.org, simple-cdd-de...@lists.alioth.debian.org Thanks for all your work on the Release Team! Please unblock package simple-cdd With the recent announcement shutting down public FTP services: https://lists.debian.org/debian-announce/2017/msg1.html This requires some significant changes in simple-cdd, as simple-cdd relied on Debian's FTP mirrors for downloading files discovered by FTP directory listing. Now simple-cdd uses http://deb.debian.org/debian/extrafiles, an inline-signed list of checksums for various content in the archive (notably, tools/*, docs/*). This also allows signature and checksum verification of all downloaded files, which is a huge security improvement. The default mirror is now switched to deb.debian.org using the http protocol. A fix was added to add packages of priority required, important and standard from security, updates and proposed-updates repositories to the locally generated repository. Otherwise packages with strict versioned dependencies would end up uninstallable (e.g. vim-tiny depends on vim-common ( =$version), but only vim-common would get updated, resulting in vim-tiny being uninstallable). Kernel selection for i386 on jessie and stretch also required updating, as the linux-image-486 packages were removed from the archive. No changes were made to the simple-cdd-profiles udeb, so should not have any impact on debian-installer. diff -Nru simple-cdd-0.6.4/build-simple-cdd simple-cdd-0.6.5/build-simple-cdd --- simple-cdd-0.6.4/build-simple-cdd 2017-01-16 13:40:32.0 -0800 +++ simple-cdd-0.6.5/build-simple-cdd 2017-05-15 13:21:24.0 -0700 @@ -235,7 +235,11 @@ for a in self.env.get("ARCHES"): if a == "alpha": self.env.append("kernel_packages", kernel_base + "alpha-generic") elif a == "armhf": self.env.append("kernel_packages", kernel_base + "armmp") -elif a == "i386": self.env.append("kernel_packages", kernel_base + "486") +elif a == "i386": +if self.env.get("CODENAME") == "jessie": +self.env.append("kernel_packages", kernel_base + "586") +else: +self.env.append("kernel_packages", kernel_base + "686") elif a == "sparc": self.env.append("kernel_packages", kernel_base + "sparc64") elif a in ("amd64", "arm64", "sparc64") or a.startswith("powerpc") or a.startswith("s390"): self.env.append("kernel_packages", kernel_base + a) diff -Nru simple-cdd-0.6.4/debian/changelog simple-cdd-0.6.5/debian/changelog --- simple-cdd-0.6.4/debian/changelog 2017-01-17 15:10:07.0 -0800 +++ simple-cdd-0.6.5/debian/changelog 2017-05-15 14:10:37.0 -0700 @@ -1,3 +1,22 @@ +simple-cdd (0.6.5) unstable; urgency=medium + + [ Vagrant Cascadian ] + * Switch to using urllib instead of calling wget. +- Only re-download files if known checksums do not match. +- Explicitly set http_proxy in the environment. +- Verify "mirror_files" to download with archive's "extrafiles", a + signed list of checksums. +- Switch default mirror to deb.debian.org and default protocol to + http (Closes: #861198). +- Many thanks to Enrico Zini for code review and improvements. + * Update kernel package selection for i386. + * Add stanzas to pull in required, important and standard packages for +security, updates and proposed-updates when enabled. + * Fix bug causing tracebacks when checksum or file size verifications +fail. + + -- Vagrant CascadianMon, 15 May 2017 14:10:37 -0700 + simple-cdd (0.6.4) unstable; urgency=medium [ Vagrant Cascadian ] diff -Nru simple-cdd-0.6.4/profiles/ltsp.downloads simple-cdd-0.6.5/profiles/ltsp.downloads --- simple-cdd-0.6.4/profiles/ltsp.downloads2016-07-21 10:03:54.0 -0700 +++ simple-cdd-0.6.5/profiles/ltsp.downloads
Processed: Re: Bug#862693: unblock: postfix/3.1.4-5
Processing control commands: > tags -1 moreinfo Bug #862693 [release.debian.org] unblock: postfix/3.1.4-5 Added tag(s) moreinfo. -- 862693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862693 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862693: unblock: postfix/3.1.4-5
Control: tags -1 moreinfo Scott Kitterman: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package postfix > > This upload fixes two significant bugs and makes it possible for a user to > recover from a third without hand editing configuration files: > > 1. Postfix-cdb will no longer fail to work after upgrade from jessie due to > upgrade ordering issues. > > 2. Postfix should wait to start until the network and DNS are actually > available, so it won't fail to start on boot. > > 3. If an upgrade is performed from a not fully updated system and the > dynamic maps locations are incorred in dynamicmaps.cf, dpkg-reconfigure > postfix (and whatever postfix map types are installed) will fix it. > > Note: The last one will be followed by a bug to release-notes to mention this > (it seems way better than a release note explaining how to hand edit files). > > unblock postfix/3.1.4-5 > Hi, Thanks for working on fixing postfix. One remark / question about the following snippet: """ - +if dpkg --compare-versions $new lt 3.1.4-5~; then +# This turned out to be the wrong way to solve the problem. +rm -rf /etc/systemd/system/postfix.service.d +fi """ Given the script only seemed to create /etc/systemd/system/postfix.service.d/override.conf, shouldn't it only remove that file (and possibly the directory iff it is empty)? Also, what if the admin has changed the file locally? Thanks, ~Niels
Bug#862713: marked as done (unblock: nodm/0.13-1.3)
Your message dated Wed, 17 May 2017 05:28:00 + with message-id <5de4c890-844e-d127-eb1d-ebf8e6166...@thykier.net> and subject line Re: Bug#862713: unblock: nodm/0.13-1.3 has caused the Debian Bug report #862713, regarding unblock: nodm/0.13-1.3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862713 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nodm. This fixes RC bug #861771, and also fixes two normal-severity bugs that seemed straightforward and low-risk. unblock nodm/0.13-1.3 Here is a breakdown of the diffstat: > patches/nodm.service-Don-t-respawn-or-fail-if-disabled-in-et.patch | 28 > ++ > patches/series |1¯ Fixes #861771 (grave) on systemd-booted systems > nodm.init |5 - Fixes #861717 (normal, although perhaps should be higher severity) and maybe also #770219 (normal), both on non-systemd-booted systems, by removing dead code > nodm.postinst |2¯ Fixes #861899 (normal) by adding >&2 to one line Thanks for considering, S --- End Message --- --- Begin Message --- Simon McVittie: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package nodm. This fixes RC bug #861771, and also fixes two > normal-severity bugs that seemed straightforward and low-risk. > > unblock nodm/0.13-1.3 > > Here is a breakdown of the diffstat: > >> patches/nodm.service-Don-t-respawn-or-fail-if-disabled-in-et.patch | 28 >> ++ >> patches/series |1¯ > > Fixes #861771 (grave) on systemd-booted systems > >> nodm.init |5 - > > Fixes #861717 (normal, although perhaps should be higher severity) and > maybe also #770219 (normal), both on non-systemd-booted systems, by removing > dead code > >> nodm.postinst |2¯ > > Fixes #861899 (normal) by adding >&2 to one line > > Thanks for considering, > S > Unblocked, thanks. ~Niels--- End Message ---
Bug#862243: marked as done (unblock: linux/4.9.25-1)
Your message dated Wed, 17 May 2017 05:25:00 + with message-id <8a496a67-e98c-74ee-4836-3badfef76...@thykier.net> and subject line Re: Bug#862243: unblock: linux/4.9.25-1 has caused the Debian Bug report #862243, regarding unblock: linux/4.9.25-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862243: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Please unblock package linux The update includes stable releases 4.9.19 up to 4.9.25 with many improvements, bugfixes, security issues fixed. On top of the stable release the following additional changes were made: > [ Ben Hutchings ] > * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975) > * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for > vDSOs (Closes: #859807) > * Bump ABI to 3 > * [s390x] Set NR_CPUS=256 (Closes: #858731) > * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31 > (Closes: #859641) > * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module > * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores > (Closes: #859978) > * udeb: Include all AHCI drivers in sata-modules (Closes: #860335) > * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el > * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage > * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000 > * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890 > * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209) > * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4 > * Move debug symbols back to the main archive, to avoid problems with the > current handling in dak > * linux-image: Disable signing until it's supported in dak > * [rt] Update to 4.9.20-rt16: > - rtmutex: Make lock_killable work > - rtmutex: Provide rt_mutex_lock_state() > - rtmutex: Provide locked slowpath > - rwsem/rt: Lift single reader restriction > * PCI: Enable PCIE_PTM (except on armel/marvell) > * 6lowpan: Enable Generic Header Compression modules > * net/sched: Enable NET_ACT_SKBMOD as module > * ethernet: Enable NFP_NETVF as module > * net/phy: Enable MICROSEMI_PHY as module > * input/tablet: Enable TABLET_USB_PEGASUS as module > * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module > * serial/8250: Enable SERIAL_8250_MOXA as module > * [x86] gpio: Enable GPIO_AMDPT as module > * [x86] thermal: Enable INT3406_THERMAL as module > * watchdog: Enable WATCHDOG_SYSFS > * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE, > IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING > (except on armel/marvell) (Closes: #788290) > * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules > * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as > module > * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio > * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module > * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module > * usbip: Enable USBIP_VUDC as module > * USB/misc: Enable UCSI as module > * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC > * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE > as modules > * [amd64] EDAC: Enable EDAC_SKX as module > * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules > * [x86] platform: Enable INTEL_HID_EVENT as module > * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, > INTEL_TH_MSU, > INTEL_TH_PTI as modules > * [rt] tracing: Enable HWLAT_TRACER > * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X, > CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules > * crypto: Enable CRYPTO_DEV_CHELSIO as module > * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION, > SETEND_EMULATION (Closes: #861384) > * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195) > * leds: Enable LEDS_GPIO as module for all configurations with GPIOs > (Closes: #860569) > * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default. > This may break some old applications if SELinux is enabled, and can be > reverted using the kernel parameter: checkreqprot=1 > * udeb: Move mfd-core to kernel-image, as both input-modules and >
Bug#862220: marked as done (unblock: at-spi2-core/2.22.0-6)
Your message dated Wed, 17 May 2017 05:26:00 + with message-id <4e0f9df4-7401-0464-2563-f56652faf...@thykier.net> and subject line Re: Bug#862220: unblock: at-spi2-core/2.22.0-6 has caused the Debian Bug report #862220, regarding unblock: at-spi2-core/2.22.0-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Upstream of at-spi has released some serious fixes for at-spi2-core, which I have uploaded as at-spi2-core 2.22.0-6, and attached to this mail. git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 is reported to help fixing https://bugzilla.gnome.org/show_bug.cgi?id=767074 Orca would sometimes hang or crash when closing an application, thus leaving blind users without access to the computer, and have to restart Orca blindly. It seems there are still some cases where the crash happens, but only after upgrading at-spi2-atk to version 2.24, which we do not have in Debian yet. git-eba079f3e72e61e6b55d81727ab50c85d505d296 fixes crashes in Orca too when getting the Position property fails. These would probably help with the grave orca Bug#862008 Samuel unblock at-spi2-core/2.22.0-6 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Samuel Battery 1: charging, 90%, charging at zero rate - will never fully charge. -+- acpi - et pourtant, ca monte -+- diff -Nru at-spi2-core-2.22.0/debian/changelog at-spi2-core-2.22.0/debian/changelog --- at-spi2-core-2.22.0/debian/changelog2016-12-27 19:14:48.0 +0100 +++ at-spi2-core-2.22.0/debian/changelog2017-05-09 21:44:08.0 +0200 @@ -1,3 +1,13 @@ +at-spi2-core (2.22.0-6) unstable; urgency=medium + + * patches/git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969: +clear root accessible's ref to the app, fixes Orca sometimes hanging when +apps are quit. + * patches/git-eba079f3e72e61e6b55d81727ab50c85d505d296: +atspi_table_cell_get_position: don't crash on error + + -- Samuel ThibaultTue, 09 May 2017 21:44:08 +0200 + at-spi2-core (2.22.0-5) unstable; urgency=medium * patches/register-client-early: Replace by upstream proposed fix: diff -Nru at-spi2-core-2.22.0/debian/patches/git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 at-spi2-core-2.22.0/debian/patches/git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 --- at-spi2-core-2.22.0/debian/patches/git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 1970-01-01 01:00:00.0 +0100 +++ at-spi2-core-2.22.0/debian/patches/git-329ef2c4ebcb3aec6dcfcac15357fd583a60c969 2017-05-09 21:44:08.0 +0200 @@ -0,0 +1,20 @@ +commit 329ef2c4ebcb3aec6dcfcac15357fd583a60c969 +Author: Mike Gorse +Date: Tue Jan 24 18:10:52 2017 -0600 + +atspi_application_dispose: clear root accessible's ref to the app + +Hoping that this might fix https://bugzilla.gnome.org/show_bug.cgi?id=767074 + +diff --git a/atspi/atspi-application.c b/atspi/atspi-application.c +index 65cabdc..f7dd225 100644 +--- a/atspi/atspi-application.c b/atspi/atspi-application.c +@@ -58,6 +58,7 @@ atspi_application_dispose (GObject *object) + + if (application->root) + { ++g_clear_object (>root->parent.app); + g_object_unref (application->root); + application->root = NULL; + } diff -Nru at-spi2-core-2.22.0/debian/patches/git-eba079f3e72e61e6b55d81727ab50c85d505d296 at-spi2-core-2.22.0/debian/patches/git-eba079f3e72e61e6b55d81727ab50c85d505d296 --- at-spi2-core-2.22.0/debian/patches/git-eba079f3e72e61e6b55d81727ab50c85d505d296 1970-01-01 01:00:00.0 +0100 +++ at-spi2-core-2.22.0/debian/patches/git-eba079f3e72e61e6b55d81727ab50c85d505d296 2017-05-09 21:42:44.0 +0200 @@ -0,0 +1,24 @@ +commit eba079f3e72e61e6b55d81727ab50c85d505d296 +Author: Mike Gorse +Date: Mon Mar 27 12:57:35 2017 -0500 + +atspi_table_cell_get_position: don't crash on error + +diff --git
Bug#862219: marked as done (unblock: at-spi2-atk/2.22.0-2)
Your message dated Wed, 17 May 2017 05:25:00 + with message-id <94cd9eec-7de1-5b94-26ac-febb140dd...@thykier.net> and subject line Re: Bug#862219: unblock: at-spi2-atk/2.22.0-2 has caused the Debian Bug report #862219, regarding unblock: at-spi2-atk/2.22.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862219: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Upstream of at-spi has released some serious fixes for at-spi2-atk, which I have uploaded as at-spi2-atk 2.22.0-2, and attached to this mail. git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 fixes a memory corruption reported by valgrind, which could make basically any application crash when the Orca screen reader is running, when processing events. It does so by just using the right glib function for what the buggy code meant to do. git-8d3cc68f7bc62c7015d986212be0d5d776920ee2 fixes memory references after dropping a refcount from the object (thus potentially freed), also leading to potential crash of any application when the Orca screen reader is running. unblock at-spi2-atk/2.22.0-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Samuel if (argc > 1 && strcmp(argv[1], "-advice") == 0) { printf("Don't Panic!\n"); exit(42); } -- Arnold Robbins in the LJ of February '95, describing RCS diff -Nru at-spi2-atk-2.22.0/debian/changelog at-spi2-atk-2.22.0/debian/changelog --- at-spi2-atk-2.22.0/debian/changelog 2016-10-01 22:09:42.0 +0200 +++ at-spi2-atk-2.22.0/debian/changelog 2017-05-09 21:35:33.0 +0200 @@ -1,3 +1,12 @@ +at-spi2-atk (2.22.0-2) unstable; urgency=medium + + * patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736: Fix GList handling +resulting in memory corruption. + * patches/git-8d3cc68f7bc62c7015d986212be0d5d776920ee2: Fix use after free +when returned objects hold only one ref. + + -- Samuel ThibaultTue, 09 May 2017 21:35:33 +0200 + at-spi2-atk (2.22.0-1) unstable; urgency=medium * New upstream release. diff -Nru at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 --- at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 1970-01-01 01:00:00.0 +0100 +++ at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 2017-05-09 21:35:33.0 +0200 @@ -0,0 +1,101 @@ +commit 7cdc1f91c9802b0b8ecd2afea38c1717b1921736 +Author: Rui Matos +Date: Mon Apr 24 14:39:05 2017 +0200 + +atk-adaptor/bridge: Fix GList handling resulting in memory corruption + +As pointed out by this valgrind log: + +==2809== Thread 1: +==2809== Invalid write of size 8 +==2809==at 0x18FCF001: remove_events (bridge.c:759) +==2809==by 0x18FCF001: handle_event_listener_deregistered (bridge.c:788) +==2809==by 0x18FCF001: signal_filter (bridge.c:827) +==2809==by 0x200ECDFD: dbus_connection_dispatch (dbus-connection.c:4631) +==2809==by 0x1FEBD0F4: ??? (in /usr/lib64/libatspi.so.0.0.1) +==2809==by 0xFD8D4C8: g_main_dispatch (gmain.c:3201) +==2809==by 0xFD8D4C8: g_main_context_dispatch (gmain.c:3854) +==2809==by 0xFD8D817: g_main_context_iterate.isra.21 (gmain.c:3927) +==2809==by 0xFD8DAE9: g_main_loop_run (gmain.c:4123) +==2809==by 0xDFF84B4: gtk_main (in /usr/lib64/libgtk-3.so.0.2200.10) +==2809==by 0x403DE0: main (in /usr/bin/evolution) +==2809== Address 0x29f22540 is 16 bytes inside a block of size 24 free'd +==2809==at 0x4C2ACDD: free (vg_replace_malloc.c:530) +==2809==by 0xFD92BCD: g_free (gmem.c:189) +==2809==by 0xFDAA518: g_slice_free1 (gslice.c:1136) +==2809==by 0xFD89463: g_list_remove (glist.c:521) +==2809==by 0x18FCF000: remove_events
Bug#862746: unblock: simple-cdd/0.6.5
Vagrant Cascadian(2017-05-16): > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: debian-b...@lists.debian.org, > simple-cdd-de...@lists.alioth.debian.org > > Thanks for all your work on the Release Team! > > Please unblock package simple-cdd > > With the recent announcement shutting down public FTP services: > > https://lists.debian.org/debian-announce/2017/msg1.html > > This requires some significant changes in simple-cdd, as simple-cdd > relied on Debian's FTP mirrors for downloading files discovered by FTP > directory listing. > > Now simple-cdd uses http://deb.debian.org/debian/extrafiles, an > inline-signed list of checksums for various content in the archive > (notably, tools/*, docs/*). This also allows signature and checksum > verification of all downloaded files, which is a huge security > improvement. The introduction of this file is indeed great news. […] > No changes were made to the simple-cdd-profiles udeb, so should not > have any impact on debian-installer. ACK. TBF I was surprised to even get this mail in the first place. ;) [Reminds me I really should try simple-cdd one day, but too many birds, too little time.] KiBi. signature.asc Description: Digital signature
Bug#862784: unblock: debian-edu-config/1.927
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock x-debbugs-cc: debian-...@lists.debian.org Please unblock package debian-edu-config to fix the serious bug #862652 which is a broken exim4 configuration due the security update for CVE-2016-151 in exim4. Additional changes are minor cleanups to our testsuite. unblock debian-edu-config/1.927 The full changelog is: debian-edu-config (1.927) unstable; urgency=medium [ Wolfgang Schweer ] * Fix broken exim4 configuration, enable security. (Closes: #862652). - Add usr/share/debian-edu-config/tools/exim4-create-cert. - Add usr/share/debian-edu-config/tools/exim4-create-environment. - Adjust cf/cf.exim to use both scripts. - Adjust etc/exim4/exim-ldap-server-v4.conf. + Make it work after the exim4 security fix for CVE-2016-1531. + Improve security: create certificate to enable TLS, re-enable identity check via Kerberos; now only system mail to postmaster is enabled unconditionally; see #794602. * Fix typo in testsuite/network to use the correct LTSP-Server profile name. * Drop ddcprobe and ddccontrol related code from testsuite/hardware. - ddcprobe is part of the package xresprobe, not available in stretch. - ddccontrol belongs to package ddccontrol (monitor database unmaintained since > 10 years) which isn't installed by default. -- Holger LevsenMon, 15 May 2017 18:15:45 +0200 $ debdiff debian-edu-config_1.926.dsc debian-edu-config_1.927.dsc|diffstat cf/cf.exim |5 +++ debian/changelog | 20 ++ etc/exim4/exim-ldap-server-v4.conf | 17 +++- share/debian-edu-config/tools/exim4-create-cert| 23 + share/debian-edu-config/tools/exim4-create-environment | 18 + testsuite/hardware |8 - testsuite/network |2 - 7 files changed, 82 insertions(+), 11 deletions(-) The full debdiff is attached. Thanks for your work on Stretch! -- cheers, Holger diff -Nru debian-edu-config-1.926/cf/cf.exim debian-edu-config-1.927/cf/cf.exim --- debian-edu-config-1.926/cf/cf.exim 2017-01-13 13:11:08.0 +0100 +++ debian-edu-config-1.927/cf/cf.exim 2017-05-15 12:24:33.0 +0200 @@ -16,6 +16,11 @@ shellcommands: + debian.server.installation:: + + "/usr/share/debian-edu-config/tools/exim4-create-cert" + "/usr/share/debian-edu-config/tools/exim4-create-environment" + debian.installation:: "/usr/sbin/exim4 -qff" diff -Nru debian-edu-config-1.926/debian/changelog debian-edu-config-1.927/debian/changelog --- debian-edu-config-1.926/debian/changelog 2017-04-27 19:23:11.0 +0200 +++ debian-edu-config-1.927/debian/changelog 2017-05-15 18:15:45.0 +0200 @@ -1,3 +1,23 @@ +debian-edu-config (1.927) unstable; urgency=medium + + [ Wolfgang Schweer ] + * Fix broken exim4 configuration, enable security. (Closes: #862652). +- Add usr/share/debian-edu-config/tools/exim4-create-cert. +- Add usr/share/debian-edu-config/tools/exim4-create-environment. +- Adjust cf/cf.exim to use both scripts. +- Adjust etc/exim4/exim-ldap-server-v4.conf. + + Make it work after the exim4 security fix for CVE-2016-1531. + + Improve security: create certificate to enable TLS, re-enable +identity check via Kerberos; now only system mail to postmaster +is enabled unconditionally; see #794602. + * Fix typo in testsuite/network to use the correct LTSP-Server profile name. + * Drop ddcprobe and ddccontrol related code from testsuite/hardware. +- ddcprobe is part of the package xresprobe, not available in stretch. +- ddccontrol belongs to package ddccontrol (monitor database unmaintained + since > 10 years) which isn't installed by default. + + -- Holger Levsen Mon, 15 May 2017 18:15:45 +0200 + debian-edu-config (1.926) unstable; urgency=medium [ Holger Levsen ] diff -Nru debian-edu-config-1.926/etc/exim4/exim-ldap-server-v4.conf debian-edu-config-1.927/etc/exim4/exim-ldap-server-v4.conf --- debian-edu-config-1.926/etc/exim4/exim-ldap-server-v4.conf 2016-05-18 19:44:48.0 +0200 +++ debian-edu-config-1.927/etc/exim4/exim-ldap-server-v4.conf 2017-05-15 12:54:29.0 +0200 @@ -7,8 +7,20 @@ # Upgrade from v3 version by Maximilian Wilhelm # -- Sat, 11 Jun 2005 02:44:08 +0200 # +# Adjusted to work after the exim4 security fix for CVE-2016-1531. +# Also improve security some more: enable TLS, re-enable identity check; +# only system mail to postmaster is enabled unconditionally; see #794602. +# -- Wolfgang Schweer , 2017-05-13. ## +keep_environment = KRB5_KTNAME : PWD : ^LDAP +tls_advertise_hosts = * +tls_certificate = /etc/exim4/exim.crt
Bug#862785: unblock: apt/1.4.4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package apt Follow up to 1.4.2 and 1.4.3 that fixes odd shell parsing stuff for the lock file descriptor ($LOCKFD>&- was parsed as $LOCKFD >&- -- see #862567). This caused unattended-upgrades to crash, as it could not write output. You'll find that the locking code is now much nicer to look at than in 1.4.2. (Diff against 1.4.1 with -w, and full against 1.4.3 attached) unblock apt/1.4.4 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -- Debian Developer - deb.li/jak | jak-linux.org - free software dev | Ubuntu Core Developer | When replying, only quote what is necessary, and write each reply directly below the part(s) it pertains to ('inline'). Thank you. diff -Nru -w apt-1.4.1/CMakeLists.txt apt-1.4.4/CMakeLists.txt --- apt-1.4.1/CMakeLists.txt 2017-04-24 18:47:55.0 +0200 +++ apt-1.4.4/CMakeLists.txt 2017-05-16 23:19:50.0 +0200 @@ -172,7 +172,7 @@ # Configure some variables like package, version and architecture. set(PACKAGE ${PROJECT_NAME}) set(PACKAGE_MAIL "APT Development Team") -set(PACKAGE_VERSION "1.4.1") +set(PACKAGE_VERSION "1.4.4") if (NOT DEFINED DPKG_DATADIR) execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;" diff -Nru -w apt-1.4.1/completions/bash/apt apt-1.4.4/completions/bash/apt --- apt-1.4.1/completions/bash/apt 2017-04-24 18:47:55.0 +0200 +++ apt-1.4.4/completions/bash/apt 2017-05-16 23:19:50.0 +0200 @@ -158,7 +158,7 @@ ' -- "$cur" ) ) return 0 ;; -clean|autocleean) +clean|autoclean) COMPREPLY=( $( compgen -W ' -s --simulate --dry-run ' -- "$cur" ) ) diff -Nru -w apt-1.4.1/debian/apt-daily.service apt-1.4.4/debian/apt-daily.service --- apt-1.4.1/debian/apt-daily.service 2017-04-24 18:47:55.0 +0200 +++ apt-1.4.4/debian/apt-daily.service 2017-05-16 23:19:50.0 +0200 @@ -1,9 +1,9 @@ [Unit] -Description=Daily apt activities +Description=Daily apt download activities Documentation=man:apt(8) ConditionACPower=true [Service] Type=oneshot -ExecStart=/usr/lib/apt/apt.systemd.daily +ExecStart=/usr/lib/apt/apt.systemd.daily update diff -Nru -w apt-1.4.1/debian/apt-daily.timer apt-1.4.4/debian/apt-daily.timer --- apt-1.4.1/debian/apt-daily.timer 2017-04-24 18:47:55.0 +0200 +++ apt-1.4.4/debian/apt-daily.timer 2017-05-16 23:19:50.0 +0200 @@ -1,11 +1,11 @@ [Unit] -Description=Daily apt activities +Description=Daily apt download activities After=network-online.target Wants=network-online.target [Timer] -OnCalendar=*-*-* 6:00 -RandomizedDelaySec=60m +OnCalendar=*-*-* 6,18:00 +RandomizedDelaySec=12h Persistent=true [Install] diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.service apt-1.4.4/debian/apt-daily-upgrade.service --- apt-1.4.1/debian/apt-daily-upgrade.service 1970-01-01 01:00:00.0 +0100 +++ apt-1.4.4/debian/apt-daily-upgrade.service 2017-05-16 23:19:50.0 +0200 @@ -0,0 +1,9 @@ +[Unit] +Description=Daily apt upgrade and clean activities +Documentation=man:apt(8) +ConditionACPower=true +After=apt-daily.service + +[Service] +Type=oneshot +ExecStart=/usr/lib/apt/apt.systemd.daily install diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.timer apt-1.4.4/debian/apt-daily-upgrade.timer --- apt-1.4.1/debian/apt-daily-upgrade.timer 1970-01-01 01:00:00.0 +0100 +++ apt-1.4.4/debian/apt-daily-upgrade.timer 2017-05-16 23:19:50.0 +0200 @@ -0,0 +1,11 @@ +[Unit] +Description=Daily apt upgrade and clean activities +After=apt-daily.timer + +[Timer] +OnCalendar=*-*-* 6:00 +RandomizedDelaySec=60m +Persistent=true + +[Install] +WantedBy=timers.target diff -Nru -w apt-1.4.1/debian/apt.systemd.daily apt-1.4.4/debian/apt.systemd.daily --- apt-1.4.1/debian/apt.systemd.daily 2017-04-24 18:47:55.0 +0200 +++ apt-1.4.4/debian/apt.systemd.daily 2017-05-16 23:19:50.0 +0200 @@ -291,6 +291,23 @@ } # main +if [ "$1" = "lock_is_held" ]; then +shift +else +# Maintain a lock on fd 3, so we can't run the script twice at the same +# time. +eval $(apt-config shell StateDir Dir::State/d) +exec 3>${StateDir}/daily_lock +if ! flock -w 3600 3; then +echo "E: Could not acquire lock" >&2 +exit 1 +fi + +# We hold the lock. Rerun this script as a child
Bug#862783: unblock: readline/7.0-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking readline/7.0-3, applying two upstream updates, fixing RC issue #852750 by one of them.
Bug#862243: Just a kind reminder to release team - unblock linux kernel
Hi, Just a kind reminder to release team, as d-i release manager has ack the fixes by Salvatore could you please unblock the kernel update ? As of now Debian testing users are at risk because of many security issues which are fixed in this newer kernel release. The fixed security issues are mentionned there : https://security-tracker.debian.org/tracker/source-package/linux Thanks a lot !
Bug#862414: marked as done (jessie-pu: package ed/1.10-2.1~deb8u1)
Your message dated Tue, 16 May 2017 23:37:30 +0300 with message-id <20170516203729.2vrsikgu6dr76khh@localhost> and subject line Martin is planning an ed jessie-pu update with additional fixes has caused the Debian Bug report #862414, regarding jessie-pu: package ed/1.10-2.1~deb8u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862414: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862414 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu The only patch in the package (that was previously not applied) is the following to fix "ed: ships /usr/share/info/dir.gz on arm64": --- ed~/Makefile.in 2013-05-05 12:43:38.0 +0200 +++ ed/Makefile.in 2013-05-05 13:44:02.841303992 +0200 @@ -57,7 +57,7 @@ check : all @$(VPATH)/testsuite/check.sh $(VPATH)/testsuite $(pkgversion) -install : install-bin install-info install-man +install : install-bin install-man install-bin : all if [ ! -d "$(DESTDIR)$(bindir)" ] ; then $(INSTALL_DIR) "$(DESTDIR)$(bindir)" ; fi changelog | 15 +++ rules |3 +++ 2 files changed, 18 insertions(+) diff -u ed-1.10/debian/changelog ed-1.10/debian/changelog --- ed-1.10/debian/changelog +++ ed-1.10/debian/changelog @@ -1,3 +1,18 @@ +ed (1.10-2.1~deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Rebuild for jessie. + + -- Adrian BunkFri, 12 May 2017 16:17:58 +0300 + +ed (1.10-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/rules: add build-arch target to ensure patches +get applied (Closes: #799702) + + -- Jonathan Wiltshire Sat, 20 Feb 2016 12:49:56 + + ed (1.10-2) unstable; urgency=medium * enable DEB_BUILD_MAINT_OPTIONS = hardening=+all diff -u ed-1.10/debian/rules ed-1.10/debian/rules --- ed-1.10/debian/rules +++ ed-1.10/debian/rules @@ -22,6 +22,9 @@ build: patch-stamp dh build +build-arch: patch-stamp + dh build + clean: unpatch dh clean dh_clean Makefile config.status *.o ed red --- End Message --- --- Begin Message --- Martin is planning an ed jessie-pu update with additional fixes, closing the bug for mine. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed--- End Message ---
Bug#862773: unblock: bash/4.4-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking bash, applying one upstream patch, fixing: When -N is used, the input is not supposed to be split using $IFS, but leading and trailing IFS whitespace was still removed.
Bug#862772: unblock: imagemagick/8:6.9.7.4+dfsg-8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package imagemagick This fix more than 10 security bugs and a RC bug due to built-using unblock imagemagick/8:6.9.7.4+dfsg-8 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-rt-amd64 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#862186: marked as done (unblock: cryptsetup/2:1.7.3-4)
Your message dated Tue, 16 May 2017 17:21:00 + with message-idand subject line Re: Bug#862186: unblock: cryptsetup/2:1.7.3-4 has caused the Debian Bug report #862186, regarding unblock: cryptsetup/2:1.7.3-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862186 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi there, cryptsetup/2:1.7.3-4 closes RC bug #861074. Quoting myself from Message #15, initramfs-tools 0.130 landed into testing on May 1st, and as of 2:1.7.3-3 the cryptroot hook doesn't detect resume devices with the new logic from initramfs-tools >=0.129: * setting RESUME under in an initramfs-tools configuration file other than /etc/initramfs-tools/conf.d/resume isn't supported * setting RESUME=none yields a (harmless) warning * setting RESUME=auto (or leaving the variable undefined) might result into an unresumable device: the initrd is then configured to resume from the largest swap partition, which might not be unlocked in time 2:1.7.3-4 also closes #861802 (license mismatch) as well as #847620 (drop obsolete update-rc.d parameters). Debdiff attached. Thanks for considering its inclusion in Stretch! Cheers, -- Guilhem. diff -Nru cryptsetup-1.7.3/debian/changelog cryptsetup-1.7.3/debian/changelog --- cryptsetup-1.7.3/debian/changelog 2016-12-09 01:18:17.0 +0100 +++ cryptsetup-1.7.3/debian/changelog 2017-05-09 13:50:59.0 +0200 @@ -1,3 +1,16 @@ +cryptsetup (2:1.7.3-4) unstable; urgency=high + + [ Guilhem Moulin ] + * Drop obsolete update-rc.d parameters. Thanks to Michael Biebl for the +patch. (Closes: #847620) + * debian/copyright: Fix license mismatch (docs/examples/* +lib/crypto_backend/* lib/loopaes/* lib/tcrypt/* lib/verity/* python/* are +LGPL-2.1+ not GPL-2+). (Closes: #861802) + * debian/initramfs/cryptroot-hook: honor RESUME={none,auto} as documented in +initramfs.conf(5) by initramfs-tools >=0.129. (Closes: #861074) + + -- Jonas Meurer Tue, 09 May 2017 13:50:59 +0200 + cryptsetup (2:1.7.3-3) unstable; urgency=medium [ Jonas Meurer ] diff -Nru cryptsetup-1.7.3/debian/control cryptsetup-1.7.3/debian/control --- cryptsetup-1.7.3/debian/control 2016-12-09 01:18:17.0 +0100 +++ cryptsetup-1.7.3/debian/control 2017-05-09 13:50:59.0 +0200 @@ -13,7 +13,7 @@ Package: cryptsetup Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, dmsetup, cryptsetup-bin (>= 2:1.6.0) -Recommends: kbd, console-setup, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox | busybox-static +Recommends: kbd, console-setup, initramfs-tools (>= 0.129) | linux-initramfs-tool, busybox | busybox-static Suggests: dosfstools, liblocale-gettext-perl, keyutils Provides: cryptsetup-luks Conflicts: cryptsetup-luks diff -Nru cryptsetup-1.7.3/debian/copyright cryptsetup-1.7.3/debian/copyright --- cryptsetup-1.7.3/debian/copyright 2016-12-09 01:18:17.0 +0100 +++ cryptsetup-1.7.3/debian/copyright 2017-05-09 13:50:59.0 +0200 @@ -40,6 +40,23 @@ Copyright: © 2005 Canonical Ltd. License: GPL-2+ +Files: docs/examples/* +Copyright: © 2011 Red Hat, Inc. +License: LGPL-2.1+ + +Files: lib/crypto_backend/* lib/loopaes/* lib/tcrypt/* lib/verity/* python/* +Copyright: © 2009-2014 Red Hat, Inc. + © 2010-2015 Milan Broz +License: LGPL-2.1+ + +Files: lib/crypto_backend/crc32.c +Copyright: © 1986 Gary S. Brown +License: public-domain + Gary S. Brown's licence is as follows: + . + You may use this program, or code or tables extracted from it, as + desired without restriction. + License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -57,3 +74,22 @@ . On Debian systems, the complete text of the GNU General Public License v2 can be found in `/usr/share/common-licenses/GPL-2'. + +License: LGPL-2.1+ + This package is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published + by the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even
Bug#862674: marked as done (unblock: libconfig-model-perl/2.097-2)
Your message dated Tue, 16 May 2017 16:45:47 + with message-idand subject line unblock libconfig-model-perl has caused the Debian Bug report #862674, regarding unblock: libconfig-model-perl/2.097-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862674 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello Please unblock package libconfig-model-perl This new version fixes 2 security issues: * add patch to remove 'use lib' (CVE-2017-0373) * add patch to remove '.' in @INC emulation (CVE-2017-0374) debian/rules was modified to add '.' in @INC so the tests don't fail. You can find there the 2 patches in a format slightly more readable than the attached debdiff: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/tree/debian/patches/remove-use-lib?h=debian/2.097-2 https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/tree/debian/patches/remove-inc-dot-emulation?h=debian/2.097-2 Links to the CVEs: https://security-tracker.debian.org/tracker/CVE-2017-0373 https://security-tracker.debian.org/tracker/CVE-2017-0374 Thanks unblock libconfig-model-perl/2.097-2 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru libconfig-model-perl-2.097/debian/changelog libconfig-model-perl-2.097/debian/changelog --- libconfig-model-perl-2.097/debian/changelog 2016-12-22 19:18:27.0 +0100 +++ libconfig-model-perl-2.097/debian/changelog 2017-05-14 18:20:55.0 +0200 @@ -1,3 +1,12 @@ +libconfig-model-perl (2.097-2) unstable; urgency=medium + + * add patch to remove 'use lib' (CVE-2017-0373) + * add patch to remove '.' in @INC emulation (CVE-2017-0374) + * rules: add '.' in @INC for tests + * package for stretch release only + + -- Dominique Dumont Sun, 14 May 2017 18:20:55 +0200 + libconfig-model-perl (2.097-1) unstable; urgency=medium * New upstream version 2.097 diff -Nru libconfig-model-perl-2.097/debian/patches/remove-inc-dot-emulation libconfig-model-perl-2.097/debian/patches/remove-inc-dot-emulation --- libconfig-model-perl-2.097/debian/patches/remove-inc-dot-emulation 1970-01-01 01:00:00.0 +0100 +++ libconfig-model-perl-2.097/debian/patches/remove-inc-dot-emulation 2017-05-14 18:20:55.0 +0200 @@ -0,0 +1,47 @@ +Description: Remove inc dot emulation + Using '.' in @INC while loading models and model snippts allows to + run arbitrary code by specially crafted models placed in the current + working directory (as an aftermath of the fixes for the removal of + '.' in @INC in perl). +. + This patch removes the search in '.' and fixes the collateral + damage. Note that tests must be run with PERL5LIB=. variable so model + files can be searched in '.' only during tests. +Bug: https://security-tracker.debian.org/tracker/CVE-2017-0374 +Author: Dominique Dumont +Origin: upstream +Applied-Upstream: v2.102 +--- a/lib/Config/Model.pm b/lib/Config/Model.pm +@@ -1198,7 +1198,7 @@ + # look for additional model information + my %model_graft_by_name; + my %done; # avoid loading twice the same snippet (where system version may clobber dev version) +-foreach my $inc (@INC,'.') { ++foreach my $inc (@INC) { + foreach my $name ( keys %models_by_name ) { + my $snippet_path = $name; + $snippet_path =~ s/::/\//g; +@@ -1206,6 +1206,13 @@ + get_logger("Model::Loader")->trace("looking for snippet in $snippet_dir"); + if ( -d $snippet_dir ) { + foreach my $snippet_file ( glob("$snippet_dir/*.pl") ) { ++ ++# $snippet_file is constructed from @INC content ++# (i.e. $inc). Since _load_model_in_hash uses 'do' ++# (which searches in @INC), the file path passed ++# to _load_model_in_hash must be relative to $inc. ++$snippet_file = substr $snippet_file, length($inc) + 1; ++ + my $done_key = $name . ':' . $snippet_file; + next if $done{$done_key}; +
Bug#862686: marked as done (unblock: golang-github-armon-go-metrics/0.0~git20160307.0.f303b03-2)
Your message dated Tue, 16 May 2017 16:46:20 + with message-idand subject line unblock golang-github-armon-go-metrics has caused the Debian Bug report #862686, regarding unblock: golang-github-armon-go-metrics/0.0~git20160307.0.f303b03-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862686 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package golang-github-armon-go-metrics This is part of the fix for Debian bug #860608: Go library packages should not use the Built-Using tag at all, and a few packages are still referencing a long-removed broken version of the golang package via a Built-Using tag. Hence, I uploaded a new version without the tag: % debdiff golang-github-armon-go-metrics_0.0~git20160307.0.f303b03-1_amd64.changes golang-github-armon-go-metrics_0.0~git20160307.0.f303b03-2_amd64.changes File lists identical (after any substitutions) Control files: lines which differ (wdiff format) [-Built-Using: golang-1.7 (= 1.7.4-2), golang-github-beorn7-perks (= 0.0~git20160804.0.4c0e845-1), golang-github-datadog-datadog-go (= 0.0~git20150930.0.b050cd8-2), golang-github-prometheus-client-golang (= 0.8.0-1), golang-github-prometheus-client-model (= 0.0.2+git20150212.12.fa8ad6f-2), golang-github-prometheus-common (= 0+git20161002.85637ea-2), golang-goprotobuf (= 0.0~git20161116.0.224aaba-3), golang-procfs (= 0+git20161206.fcdb11c-1), golang-protobuf-extensions (= 1.0.0-2)-] Version: [-0.0~git20160307.0.f303b03-1-] {+0.0~git20160307.0.f303b03-2+} unblock golang-github-armon-go-metrics/0.0~git20160307.0.f303b03-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Unblocked golang-github-armon-go-metrics.--- End Message ---
Bug#862608: marked as done (unblock: golang-github-hashicorp-go-msgpack/0.0~git20150518.0.fa3f638-2)
Your message dated Tue, 16 May 2017 16:41:35 + with message-idand subject line unblock golang-github-hashicorp-go-msgpack has caused the Debian Bug report #862608, regarding unblock: golang-github-hashicorp-go-msgpack/0.0~git20150518.0.fa3f638-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862608 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package golang-github-hashicorp-go-msgpack This is part of the fix for Debian bug #860608: Go library packages should not use the Built-Using tag at all, and a few packages are still referencing a long-removed broken version of the golang package via a Built-Using tag. Hence, I uploaded a new version without the tag: % debdiff golang-github-hashicorp-go-msgpack_0.0~git20150518.0.fa3f638-1_amd64.changes golang-github-hashicorp-go-msgpack_0.0~git20150518.0.fa3f638-2_amd64.changes File lists identical (after any substitutions) Control files: lines which differ (wdiff format) [-Built-Using: golang-1.7 (= 1.7.4-2)-] Version: [-0.0~git20150518.0.fa3f638-1-] {+0.0~git20150518.0.fa3f638-2+} unblock golang-github-hashicorp-go-msgpack/0.0~git20150518.0.fa3f638-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Unblocked golang-github-hashicorp-go-msgpack.--- End Message ---
Bug#862660: marked as done (unblock: smb4k/1.2.1-2)
Your message dated Tue, 16 May 2017 16:44:34 + with message-idand subject line unblock smb4k has caused the Debian Bug report #862660, regarding unblock: smb4k/1.2.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team, I've just uploaded smb4k in order to fix CVE-2017-8849 (#862505). It has already built in all the release architectures, you find the corresponding debdiff attached to this report. Happy hacking, Please unblock package smb4k unblock smb4k/1.2.1-2 [1]: https://security-tracker.debian.org/tracker/CVE-2017-8849 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) diff -Nru smb4k-1.2.1/debian/changelog smb4k-1.2.1/debian/changelog --- smb4k-1.2.1/debian/changelog2016-03-25 16:26:46.0 +0100 +++ smb4k-1.2.1/debian/changelog2017-05-15 12:18:34.0 +0200 @@ -1,3 +1,11 @@ +smb4k (1.2.1-2) unstable; urgency=medium + + * Team upload. + * Cherry pick "Find the mount/umount commands in the helper" +This fixes CVE-2017-8849 (Closes: 862505) + + -- Maximiliano Curia Mon, 15 May 2017 12:18:34 +0200 + smb4k (1.2.1-1) unstable; urgency=medium * Team upload. diff -Nru smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch --- smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch 1970-01-01 01:00:00.0 +0100 +++ smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch 2017-05-15 12:18:34.0 +0200 @@ -0,0 +1,362 @@ +From: Alexander Reinholdt +Date: Wed, 10 May 2017 10:23:34 +0200 +Subject: Find the mount/umount commands in the helper + +Instead of trusting what we get passed in +CVE-2017-8849 +--- + core/smb4kglobal.cpp | 65 +++- + core/smb4kglobal.h | 16 - + core/smb4kmounter_p.cpp | 78 + helpers/CMakeLists.txt | 6 +++- + helpers/smb4kmounthelper.cpp | 51 +++-- + 5 files changed, 139 insertions(+), 77 deletions(-) + +diff --git a/core/smb4kglobal.cpp b/core/smb4kglobal.cpp +index 172016f..818a78a 100644 +--- a/core/smb4kglobal.cpp b/core/smb4kglobal.cpp +@@ -2,7 +2,7 @@ + smb4kglobal - This is the global namespace for Smb4K. + --- + begin: Sa Apr 2 2005 +-copyright: (C) 2005-2014 by Alexander Reinholdt ++copyright: (C) 2005-2017 by Alexander Reinholdt + email: alexander.reinho...@kdemail.net + ***/ + +@@ -851,3 +851,66 @@ QStringList Smb4KGlobal::whitelistedMountArguments() + #endif + + ++const QString Smb4KGlobal::findMountExecutable() ++{ ++ QString mount; ++ QStringList paths; ++ paths << "/bin"; ++ paths << "/sbin"; ++ paths << "/usr/bin"; ++ paths << "/usr/sbin"; ++ paths << "/usr/local/bin"; ++ paths << "/usr/local/sbin"; ++ ++ for (int i = 0; i < paths.size(); ++i) ++ { ++#if defined(Q_OS_LINUX) ++mount = KGlobal::dirs()->findExe("mount.cifs", paths.at(i)); ++#elif defined(Q_OS_FREEBSD) || defined(Q_OS_NETBSD) ++mount = KGlobal::dirs()->findExe("mount_smbfs", paths.at(i)); ++#endif ++ ++if (!mount.isEmpty()) ++{ ++ break; ++} ++else ++{ ++ continue; ++} ++ } ++ ++ return mount; ++} ++ ++ ++const QString Smb4KGlobal::findUmountExecutable() ++{ ++ // Find the umount program. ++ QString umount; ++ QStringList paths; ++ paths << "/bin"; ++ paths << "/sbin"; ++ paths << "/usr/bin"; ++ paths << "/usr/sbin"; ++ paths << "/usr/local/bin"; ++ paths << "/usr/local/sbin"; ++ ++ for ( int i = 0; i < paths.size(); ++i ) ++ { ++umount =
Bug#862614: marked as done (unblock: linux-latest/80)
Your message dated Tue, 16 May 2017 16:43:40 + with message-idand subject line unblock linux-latest has caused the Debian Bug report #862614, regarding unblock: linux-latest/80 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862614 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Please unblock package linux-latest Together with an unblock of src:linux since there is an ABI bump there should be an unblock fof linux-latest as well. I'm attaching the complete debdiff for reference against the version 79 in testing. unblock linux-latest/80 Regards, Salvatore diff -Nru linux-latest-79/debian/bin/gencontrol.py linux-latest-80/debian/bin/gencontrol.py --- linux-latest-79/debian/bin/gencontrol.py 2016-12-18 03:31:55.0 +0100 +++ linux-latest-80/debian/bin/gencontrol.py 2017-03-07 16:26:27.0 +0100 @@ -99,10 +99,6 @@ desc.append(config_description['part-long-' + part]) desc.append_short(config_description.get('part-short-' + part, '')) -if self.config.merge('xen', arch, featureset, flavour): -makeflags['XEN'] = True -templates.extend(self.templates["control.xen-linux-system.latest"]) - packages_flavour = [] packages_flavour.append(self.process_real_image(templates[0], image_fields, vars)) diff -Nru linux-latest-79/debian/changelog linux-latest-80/debian/changelog --- linux-latest-79/debian/changelog 2017-02-18 18:03:12.0 +0100 +++ linux-latest-80/debian/changelog 2017-05-04 17:33:51.0 +0200 @@ -1,3 +1,11 @@ +linux-latest (80) unstable; urgency=medium + + * Re-introduce xen-linux-system-amd64 *again* as transitional package +(Closes: #857039) + * Update to 4.9.0-3 + + -- Ben Hutchings Thu, 04 May 2017 16:33:51 +0100 + linux-latest (79) unstable; urgency=medium * Update to 4.9.0-2 diff -Nru linux-latest-79/debian/control linux-latest-80/debian/control --- linux-latest-79/debian/control 2017-02-18 18:03:12.0 +0100 +++ linux-latest-80/debian/control 2017-05-04 17:33:51.0 +0200 @@ -4,7 +4,7 @@ Maintainer: Debian Kernel Team Uploaders: Bastian Blank , Frederik Schüler , Ben Hutchings Standards-Version: 3.9.8 -Build-Depends: debhelper (>= 9), linux-support-4.9.0-2, linux-headers-4.9.0-2-all +Build-Depends: debhelper (>= 9), linux-support-4.9.0-3, linux-headers-4.9.0-3-all Vcs-Browser: https://anonscm.debian.org/cgit/kernel/linux-latest.git Vcs-Git: https://anonscm.debian.org/git/kernel/linux-latest.git @@ -32,8 +32,8 @@ Package: linux-image-alpha-generic Architecture: alpha -Provides: linux-latest-modules-4.9.0-2-alpha-generic -Depends: linux-image-4.9.0-2-alpha-generic, ${misc:Depends} +Provides: linux-latest-modules-4.9.0-3-alpha-generic +Depends: linux-image-4.9.0-3-alpha-generic, ${misc:Depends} Description: Linux for Alpha (meta-package) This package depends on the latest Linux kernel and modules for use on DEC Alpha systems with extended kernel start address (Wildfire, Titan, @@ -41,7 +41,7 @@ Package: linux-headers-alpha-generic Architecture: alpha -Depends: linux-headers-4.9.0-2-alpha-generic, ${misc:Depends} +Depends: linux-headers-4.9.0-3-alpha-generic, ${misc:Depends} Description: Header files for Linux alpha-generic configuration (meta-package) This package depends on the architecture-specific header files for the latest Linux kernel alpha-generic configuration. @@ -51,15 +51,15 @@ Section: debug Priority: extra Provides: linux-latest-image-dbg -Depends: linux-image-4.9.0-2-alpha-generic-dbgsym, ${misc:Depends} +Depends: linux-image-4.9.0-3-alpha-generic-dbgsym, ${misc:Depends} Description: Debug symbols for Linux alpha-generic configuration (meta-package) This package depends on the detached debugging symbols for the latest Linux kernel alpha-generic configuration. Package: linux-image-alpha-smp Architecture: alpha -Provides: linux-latest-modules-4.9.0-2-alpha-smp -Depends: linux-image-4.9.0-2-alpha-smp, ${misc:Depends} +Provides: linux-latest-modules-4.9.0-3-alpha-smp +Depends: linux-image-4.9.0-3-alpha-smp, ${misc:Depends} Description: Linux for Alpha SMP (meta-package) This package depends on the latest Linux kernel and modules for use on DEC Alpha SMP systems
Bug#862610: marked as done (unblock: golang-pty/0.0~git20151007.0.f7ee69f-2)
Your message dated Tue, 16 May 2017 16:42:44 + with message-idand subject line unblock golang-pty has caused the Debian Bug report #862610, regarding unblock: golang-pty/0.0~git20151007.0.f7ee69f-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862610 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package golang-pty This is part of the fix for Debian bug #860608: Go library packages should not use the Built-Using tag at all, and a few packages are still referencing a long-removed broken version of the golang package via a Built-Using tag. Hence, I uploaded a new version without the tag: % debdiff golang-pty_0.0\~git20151007.0.f7ee69f-1_amd64.changes golang-pty_0.0\~git20151007.0.f7ee69f-2_amd64.changes File lists identical (after any substitutions) Control files of package golang-github-kr-pty-dev: lines which differ (wdiff format) [-Built-Using: golang-1.7 (= 1.7.4-2)-] Version: [-0.0~git20151007.0.f7ee69f-1-] {+0.0~git20151007.0.f7ee69f-2+} Control files of package golang-pty-dev: lines which differ (wdiff format) -- Version: [-0.0~git20151007.0.f7ee69f-1-] {+0.0~git20151007.0.f7ee69f-2+} unblock golang-pty/0.0~git20151007.0.f7ee69f-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Unblocked golang-pty.--- End Message ---
Bug#862609: marked as done (unblock: golang-objx/0.0~git20150928.0.1a9d0bb-2)
Your message dated Tue, 16 May 2017 16:42:08 + with message-idand subject line unblock golang-objx has caused the Debian Bug report #862609, regarding unblock: golang-objx/0.0~git20150928.0.1a9d0bb-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package golang-objx This is part of the fix for Debian bug #860608: Go library packages should not use the Built-Using tag at all, and a few packages are still referencing a long-removed broken version of the golang package via a Built-Using tag. Hence, I uploaded a new version without the tag: % debdiff golang-objx_0.0\~git20150928.0.1a9d0bb-1_amd64.changes golang-objx_0.0\~git20150928.0.1a9d0bb-2_amd64.changes File lists identical (after any substitutions) Control files of package golang-github-stretchr-objx-dev: lines which differ (wdiff format) --- [-Built-Using: golang-1.7 (= 1.7.4-2)-] Version: [-0.0~git20150928.0.1a9d0bb-1-] {+0.0~git20150928.0.1a9d0bb-2+} Control files of package golang-objx-dev: lines which differ (wdiff format) --- Version: [-0.0~git20150928.0.1a9d0bb-1-] {+0.0~git20150928.0.1a9d0bb-2+} unblock golang-objx/0.0~git20150928.0.1a9d0bb-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel, arm64 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Unblocked golang-objx.--- End Message ---
Bug#862565: marked as done (unblock: packer/0.10.2+dfsg-5)
Your message dated Tue, 16 May 2017 16:15:07 + with message-idand subject line unblock packer has caused the Debian Bug report #862565, regarding unblock: packer/0.10.2+dfsg-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package packer This release add a patch to handle ABI change of golang-golang-x-crypto-dev, which result FTBFS in all ARCHs. After the patch, build is fixed. Enclosed is the debdiff against the package in testing. Thanks! unblock packer/0.10.2+dfsg-5 diff -Nru packer-0.10.2+dfsg/debian/changelog packer-0.10.2+dfsg/debian/changelog --- packer-0.10.2+dfsg/debian/changelog 2017-04-05 15:18:59.0 +0900 +++ packer-0.10.2+dfsg/debian/changelog 2017-05-15 00:51:19.0 +0900 @@ -1,3 +1,15 @@ +packer (0.10.2+dfsg-5) unstable; urgency=medium + + * Team upload. + * deb/patches: ++ Add patch to handle ABI change of golang-golang-x-crypto-dev, + due to CVE security fix. (Closes: #861282) + * deb/control: ++ Bump up version of golang-golang-x-crypto-dev in Build-Depends + and Depends. + + -- Roger Shimizu Mon, 15 May 2017 00:51:19 +0900 + packer (0.10.2+dfsg-4) unstable; urgency=medium * deb/rules: disable a flaky test in packer/rpc/mux_broker_test.go diff -Nru packer-0.10.2+dfsg/debian/control packer-0.10.2+dfsg/debian/control --- packer-0.10.2+dfsg/debian/control 2016-11-16 02:14:02.0 +0900 +++ packer-0.10.2+dfsg/debian/control 2017-05-15 00:34:39.0 +0900 @@ -36,7 +36,7 @@ golang-github-pkg-sftp-dev, golang-github-rackspace-gophercloud-dev (>= 1.0.0+git20160416.884.c54bbac~), golang-github-ugorji-go-codec-dev, - golang-golang-x-crypto-dev, + golang-golang-x-crypto-dev (>= 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782), golang-golang-x-oauth2-dev (>= 0.0~git20161103.0.36bc617-2), golang-golang-x-oauth2-google-dev, golang-google-api-dev (>= 0.0~git20160408~), @@ -84,7 +84,7 @@ golang-github-pkg-sftp-dev, golang-github-rackspace-gophercloud-dev (>= 1.0.0+git20160416.884.c54bbac~), golang-github-ugorji-go-codec-dev, - golang-golang-x-crypto-dev, + golang-golang-x-crypto-dev (>= 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782), golang-golang-x-oauth2-dev (>= 0.0~git20161103.0.36bc617-2), golang-golang-x-oauth2-google-dev, golang-google-api-dev (>= 0.0~git20160408~), diff -Nru packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch --- packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch 1970-01-01 09:00:00.0 +0900 +++ packer-0.10.2+dfsg/debian/patches/handle-ABI-change-of-golang-golang-x-crypto-dev.patch 2017-05-15 00:46:25.0 +0900 @@ -0,0 +1,42 @@ +From: Roger Shimizu +Date: Sun, 14 May 2017 23:54:04 +0900 +Subject: handle ABI change of golang-golang-x-crypto-dev + +That ABI change was due to CVE security fix + +Fix is picked from upstream of golang-golang-x-crypto-dev: + https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 + +Closes: #861282 +--- + communicator/ssh/communicator_test.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/communicator/ssh/communicator_test.go b/communicator/ssh/communicator_test.go +index b0bc035..7010800 100644 +--- a/communicator/ssh/communicator_test.go b/communicator/ssh/communicator_test.go +@@ -132,6 +132,7 @@ func TestNew_Invalid(t *testing.T) { + Auth: []ssh.AuthMethod{ + ssh.Password("i-am-invalid"), + }, ++ HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } + + address := newMockLineServer(t) +@@ -160,6 +161,7 @@ func TestStart(t *testing.T) { + Auth: []ssh.AuthMethod{ + ssh.Password("pass"), + }, ++ HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } + + address := newMockLineServer(t) +@@ -195,6 +197,7 @@ func TestHandshakeTimeout(t *testing.T) { +
Bug#862746: unblock: simple-cdd/0.6.5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-b...@lists.debian.org, simple-cdd-de...@lists.alioth.debian.org Thanks for all your work on the Release Team! Please unblock package simple-cdd With the recent announcement shutting down public FTP services: https://lists.debian.org/debian-announce/2017/msg1.html This requires some significant changes in simple-cdd, as simple-cdd relied on Debian's FTP mirrors for downloading files discovered by FTP directory listing. Now simple-cdd uses http://deb.debian.org/debian/extrafiles, an inline-signed list of checksums for various content in the archive (notably, tools/*, docs/*). This also allows signature and checksum verification of all downloaded files, which is a huge security improvement. The default mirror is now switched to deb.debian.org using the http protocol. A fix was added to add packages of priority required, important and standard from security, updates and proposed-updates repositories to the locally generated repository. Otherwise packages with strict versioned dependencies would end up uninstallable (e.g. vim-tiny depends on vim-common ( =$version), but only vim-common would get updated, resulting in vim-tiny being uninstallable). Kernel selection for i386 on jessie and stretch also required updating, as the linux-image-486 packages were removed from the archive. No changes were made to the simple-cdd-profiles udeb, so should not have any impact on debian-installer. diff -Nru simple-cdd-0.6.4/build-simple-cdd simple-cdd-0.6.5/build-simple-cdd --- simple-cdd-0.6.4/build-simple-cdd 2017-01-16 13:40:32.0 -0800 +++ simple-cdd-0.6.5/build-simple-cdd 2017-05-15 13:21:24.0 -0700 @@ -235,7 +235,11 @@ for a in self.env.get("ARCHES"): if a == "alpha": self.env.append("kernel_packages", kernel_base + "alpha-generic") elif a == "armhf": self.env.append("kernel_packages", kernel_base + "armmp") -elif a == "i386": self.env.append("kernel_packages", kernel_base + "486") +elif a == "i386": +if self.env.get("CODENAME") == "jessie": +self.env.append("kernel_packages", kernel_base + "586") +else: +self.env.append("kernel_packages", kernel_base + "686") elif a == "sparc": self.env.append("kernel_packages", kernel_base + "sparc64") elif a in ("amd64", "arm64", "sparc64") or a.startswith("powerpc") or a.startswith("s390"): self.env.append("kernel_packages", kernel_base + a) diff -Nru simple-cdd-0.6.4/debian/changelog simple-cdd-0.6.5/debian/changelog --- simple-cdd-0.6.4/debian/changelog 2017-01-17 15:10:07.0 -0800 +++ simple-cdd-0.6.5/debian/changelog 2017-05-15 14:10:37.0 -0700 @@ -1,3 +1,22 @@ +simple-cdd (0.6.5) unstable; urgency=medium + + [ Vagrant Cascadian ] + * Switch to using urllib instead of calling wget. +- Only re-download files if known checksums do not match. +- Explicitly set http_proxy in the environment. +- Verify "mirror_files" to download with archive's "extrafiles", a + signed list of checksums. +- Switch default mirror to deb.debian.org and default protocol to + http (Closes: #861198). +- Many thanks to Enrico Zini for code review and improvements. + * Update kernel package selection for i386. + * Add stanzas to pull in required, important and standard packages for +security, updates and proposed-updates when enabled. + * Fix bug causing tracebacks when checksum or file size verifications +fail. + + -- Vagrant CascadianMon, 15 May 2017 14:10:37 -0700 + simple-cdd (0.6.4) unstable; urgency=medium [ Vagrant Cascadian ] diff -Nru simple-cdd-0.6.4/profiles/ltsp.downloads simple-cdd-0.6.5/profiles/ltsp.downloads --- simple-cdd-0.6.4/profiles/ltsp.downloads2016-07-21 10:03:54.0 -0700 +++ simple-cdd-0.6.5/profiles/ltsp.downloads2017-04-28 15:46:08.0 -0700 @@ -2,4 +2,3 @@ xorg udev ltsp-server-standalone -linux-image-486 diff -Nru simple-cdd-0.6.4/setup.py simple-cdd-0.6.5/setup.py --- simple-cdd-0.6.4/setup.py 2016-11-27 17:05:05.0 -0800 +++ simple-cdd-0.6.5/setup.py 2017-05-15 13:59:12.0 -0700 @@ -3,7 +3,7 @@ from setuptools import setup setup(name="simple-cdd", - version="0.6.1", + version="0.6.5", description="create custom debian-installer CDs", long_description="""simple-cdd is a limited though relatively easy tool to create a customized debian-installer CD. diff -Nru simple-cdd-0.6.4/simple_cdd/gnupg.py simple-cdd-0.6.5/simple_cdd/gnupg.py --- simple-cdd-0.6.4/simple_cdd/gnupg.py2016-11-27 17:05:05.0 -0800 +++ simple-cdd-0.6.5/simple_cdd/gnupg.py2017-05-15
Re: Coordinating Debian Stretch & Tails 3.0 releases?
Hi, here's one (and last) gentle ping about what follows: > Tails 3.0 will be the first Tails release based on Stretch. > It's currently scheduled for June 13, but we are somewhat flexible > and would love to try and coordinate with the release of Debian > Stretch: this would be interesting for communication and publicity, > both for Debian and for Tails IMO. More precisely, if Debian Stretch > is going to be release between June 10 and July 2, then we can > probably release Tails 3.0 at the same time. > I understand that Debian release date is not announced publicly in > advance, and I think I understand why. So I guess this discussion > needs to happen privately. On the Tails side, the only people who > really need to be in the loop are ano...@riseup.net (my fellow Tails > release manager) and myself. If that's fine with you, then I'll have > anonym swear secrecy, and we will do our best to avoid leaking the > info any further. > If you prefer not to add this variable to the Debian release schedule > equation: understood, don't bother, fine :) > I also understand that this proposal may be premature at this point, > and I can come back to it in a month if you prefer. Cheers, -- intrigeri
Bug#862186: unblock: cryptsetup/2:1.7.3-4
Niels Thykier(2017-05-12): > Guilhem Moulin: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > Hi there, > > > > cryptsetup/2:1.7.3-4 closes RC bug #861074. Quoting myself from Message > > #15, > > > > initramfs-tools 0.130 landed into testing on May 1st, and as of > > 2:1.7.3-3 the cryptroot hook doesn't detect resume devices with the > > new logic from initramfs-tools >=0.129: > > > > * setting RESUME under in an initramfs-tools configuration file > > other than /etc/initramfs-tools/conf.d/resume isn't supported > > * setting RESUME=none yields a (harmless) warning > > * setting RESUME=auto (or leaving the variable undefined) might > > result into an unresumable device: the initrd is then configured > > to resume from the largest swap partition, which might not be > > unlocked in time > > > > 2:1.7.3-4 also closes #861802 (license mismatch) as well as #847620 > > (drop obsolete update-rc.d parameters). Debdiff attached. > > > > Thanks for considering its inclusion in Stretch! > > Cheers, > > > > Ack from here, CC'ing KiBi for a d-i ack. No objections, sorry for the lag. KiBi. signature.asc Description: Digital signature
Bug#862713: unblock: nodm/0.13-1.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nodm. This fixes RC bug #861771, and also fixes two normal-severity bugs that seemed straightforward and low-risk. unblock nodm/0.13-1.3 Here is a breakdown of the diffstat: > patches/nodm.service-Don-t-respawn-or-fail-if-disabled-in-et.patch | 28 > ++ > patches/series |1¯ Fixes #861771 (grave) on systemd-booted systems > nodm.init |5 - Fixes #861717 (normal, although perhaps should be higher severity) and maybe also #770219 (normal), both on non-systemd-booted systems, by removing dead code > nodm.postinst |2¯ Fixes #861899 (normal) by adding >&2 to one line Thanks for considering, S
Processed: retitle 862598 to unblock: udfclient/0.8.8-1
Processing commands for cont...@bugs.debian.org: > retitle 862598 unblock: udfclient/0.8.8-1 Bug #862598 [release.debian.org] unblock: udfclient/0.8.7-1 Changed Bug title to 'unblock: udfclient/0.8.8-1' from 'unblock: udfclient/0.8.7-1'. > thanks Stopping processing here. Please contact me if you need assistance. -- 862598: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862598 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#860608: [pkg-golang-devel] Bug#860608: Bug#860608: golang: FTBFS: Go version is "go1.6.1", ignoring -next /<>/api/next.txt
On Tue, May 16, 2017 at 6:46 AM, Steve Langasekwrote: > On Mon, May 15, 2017 at 03:17:03PM -0700, Steve Langasek wrote: > > On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote: > > > >> Package: golang-github-gosexy-gettext-dev > > > > > vorlon, can we file for removal of this package? It wasn’t touched > since > > > > 2013 and has no rdepends. > > > > Done: https://bugs.debian.org/862612 > > > Thanks for filing, 100% agreed. > > So, I double checked and: > > $ dak rm -R -n -s unstable golang-github-gosexy-gettext > Will remove the following packages from unstable: > > golang-github-gosexy-gettext | 0~git20130221-1 | source > golang-github-gosexy-gettext-dev | 0~git20130221-1 | all > > Maintainer: Steve Langasek > > --- Reason --- > > -- > > Checking reverse dependencies... > # Broken Build-Depends: > snapd: golang-github-gosexy-gettext-dev > Thanks for checking. I just realized I only checked using “apt rdepends”, which of course won’t consider build-deps. Doh. > > Dependency problem found. > > $ > > It certainly appears that we are still using this package, so I'm closing > the bug report. (I wouldn't expect the ftpmasters to act on it in its > current state anyway.) > > And I've uploaded a no-change rebuild of golang-github-gosexy-gettext-dev. > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developerhttp://www.debian.org/ > slanga...@ubuntu.com vor...@debian.org > -- Best regards, Michael
Processed: tagging 861580
Processing commands for cont...@bugs.debian.org: > # maintainer replied with more information > tags 861580 - moreinfo Bug #861580 [release.debian.org] (pre-approval) unblock: mysql-connector-python/2.1.6 Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 861580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861580 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems