Bug#862889: unblock: python-iptables/0.11.0-4

2017-05-17 Thread IOhannes m zmoelnig 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-iptables

fixes a "grave" bug.
the original fix for #860986 (backported from upstream) to support xtables-v12
was incomplete.
therefore, this upload includes another fix backported from upstream, that
should make xtables-v12 support complete.

unblock python-iptables/0.11.0-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru python-iptables-0.11.0/debian/changelog 
python-iptables-0.11.0/debian/changelog
--- python-iptables-0.11.0/debian/changelog 2017-04-28 22:41:39.0 
+0200
+++ python-iptables-0.11.0/debian/changelog 2017-05-18 00:24:18.0 
+0200
@@ -1,3 +1,9 @@
+python-iptables (0.11.0-4) unstable; urgency=medium
+
+  * Backported xtables_match_v12 (Closes: #862741)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Thu, 18 May 2017 
00:24:18 +0200
+
 python-iptables (0.11.0-3) unstable; urgency=medium
 
   * Backported IPv6 mask fix from upstream
diff -Nru python-iptables-0.11.0/debian/.git-dpm 
python-iptables-0.11.0/debian/.git-dpm
--- python-iptables-0.11.0/debian/.git-dpm  2017-04-28 22:41:39.0 
+0200
+++ python-iptables-0.11.0/debian/.git-dpm  2017-05-18 00:24:18.0 
+0200
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-cf0621ca9b7eda22832f0a0a9990e34daa3056d3
-cf0621ca9b7eda22832f0a0a9990e34daa3056d3
+532972c390ceeb2ecaa67a91850348a28e16155a
+532972c390ceeb2ecaa67a91850348a28e16155a
 d1928747ee94401684d6e26211e733b585418e64
 d1928747ee94401684d6e26211e733b585418e64
 python-iptables_0.11.0.orig.tar.gz
diff -Nru 
python-iptables-0.11.0/debian/patches/0005-Backported-xtables_match_v12.patch 
python-iptables-0.11.0/debian/patches/0005-Backported-xtables_match_v12.patch
--- 
python-iptables-0.11.0/debian/patches/0005-Backported-xtables_match_v12.patch   
1970-01-01 01:00:00.0 +0100
+++ 
python-iptables-0.11.0/debian/patches/0005-Backported-xtables_match_v12.patch   
2017-05-18 00:24:18.0 +0200
@@ -0,0 +1,76 @@
+From 532972c390ceeb2ecaa67a91850348a28e16155a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?IOhannes=20m=20zm=C3=B6lnig=20=28Debian/GNU=29?=
+ 
+Date: Thu, 18 May 2017 00:23:15 +0200
+Subject: Backported xtables_match_v12
+
+Closes: #862741
+---
+ iptc/xtables.py | 54 +-
+ 1 file changed, 53 insertions(+), 1 deletion(-)
+
+diff --git a/iptc/xtables.py b/iptc/xtables.py
+index 54ba0e4..4546bc1 100644
+--- a/iptc/xtables.py
 b/iptc/xtables.py
+@@ -411,7 +411,59 @@ class _xtables_match_v10(ct.Structure):
+ 
+ 
+ _xtables_match_v11 = _xtables_match_v10
+-_xtables_match_v12 = _xtables_match_v10
++
++
++class _xtables_match_v12(ct.Structure):
++_fields_ = [("version", ct.c_char_p),
++("next", ct.c_void_p),
++("name", ct.c_char_p),
++("real_name", ct.c_char_p),
++("revision", ct.c_uint8),
++("ext_flags", ct.c_uint8),
++("family", ct.c_uint16),
++("size", ct.c_size_t),
++("userspacesize", ct.c_size_t),
++("help", ct.CFUNCTYPE(None)),
++("init", ct.CFUNCTYPE(None, ct.POINTER(xt_entry_match))),
++# fourth parameter entry is struct ipt_entry for example
++# int (*parse)(int c, char **argv, int invert, unsigned int
++# *flags, const void *entry, struct xt_entry_match **match)
++("parse", ct.CFUNCTYPE(ct.c_int, ct.c_int,
++   ct.POINTER(ct.c_char_p), ct.c_int,
++   ct.POINTER(ct.c_uint), ct.c_void_p,
++   ct.POINTER(ct.POINTER(
++   xt_entry_match,
++("final_check", ct.CFUNCTYPE(None, ct.c_uint)),
++# prints out the match iff non-NULL: put space at end
++# first parameter ip is struct ipt_ip * for example
++("print", ct.CFUNCTYPE(None, ct.c_void_p,
++   ct.POINTER(xt_entry_match), ct.c_int)),
++# saves the match info in parsable form to stdout.
++# first parameter ip is struct ipt_ip * for example
++("save", ct.CFUNCTYPE(None, ct.c_void_p,
++  ct.POINTER(xt_entry_match))),
++# Print match name or alias
++("alias", ct.CFUNCTYPE(ct.c_char_p,
++

Re: Security fix for FlightGear

2017-05-17 Thread Adam D. Barratt 
On Wed, 2017-05-17 at 23:13 +0200, Markus Wanner wrote:
> as per Salvatore Bonaccorso, the current security fix doesn't warrant a
> DSA on its own (see below). Is it okay to upload to 'stable'? Or how
> shall I proceed?

By filing a "pu" bug against release.debian.org, please. That's easier
to track and manage and makes it less likely that things will get lost
in the noise on the list.

Regards,

Adam

Bug#862871: unblock: intel-microcode/3.20170511.1

2017-05-17 Thread Henrique de Moraes Holschuh 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package intel-microcode.


The new upstream release by Intel (dated 2017-05-11) fixes nasty issues
on the recent Intel desktop/mobile/server processors, including some
very-high-end server processors.

It also sets a new baseline microcode for Linux, by the virtue of making
the LAPIC TSC-deadline mode far more reliable on machines where either
the operating system or the BIOS/UEFI wrote to the IA32_TSC_ADJUST MSR
(3BH).  This feature (which is used by Linux) was somewhat broken in
just about every processor of the Core family since (at least) Haswell,
here's a partial list of errata numbers: HSM183/BDM128/SKL142/
KBL092/BDF89/SKW137.

This update is known to fix an issue on some models of the Xeon E7v4
(and possibly also of the Xeon E5v4) that would cause such processors to
sometimes(?) hang during boot if a previous version of the intel-microcode
package is installed.  Erratum BDF90/BDX90.

This Xeon E7v4/E5v4 boot hang would be a severity grave bug, if not for
the fact that the number of users running Debian + intel-microcode on
bare-metal with these very expensive (and still somewhat rare)
processors must be really low right now... but the number of potential
victims of this issue could increase given enough time if those server's
BIOS/UEFI is not updated.  This issue is being tracked in Debian bug
#862606.

The new upstream update also likely fixes several critical errata on
Skylake, including one that I would consider terrifying (SKL150/SKW144),
if not for the fact that this specific erratum must be low-hitting for
some reason, or Skylake would have been dubbed Crashlake.

It likely fixes several other critical and severe errata that result in
unpredictable behavior, system hangs, and iGPU misbehavior at least on
Skylake.


I have attached the abridged source package debdiff between the release
in testing (3.20161104.1) and the release in unstable (3.20170511.1).
The abridged debdiff removes the noise caused by the removal of upstream
file microcode-20161104.dat, and addition of the new upstream file
microcode-20170511.dat.

There are no packaging changes: just an update of the upstream microcode
data file, and the changelogs.

Note: the new upstream "releasenote" file is _not_ shipped in the binary
packages, since it has either incorrect, or mostly useless information.


Full diffstat:
 changelog  |   13 
 debian/changelog   |   42 
 microcode-20161104.dat |61630 
 microcode-20170511.dat |61886 +
 releasenote|   41 
 5 files changed, 61982 insertions(+), 61630 deletions(-)

Abridged diffstat:
 changelog|   13 +
 debian/changelog |   42 ++
 releasenote  |   41 +
 3 files changed, 96 insertions(+)


Thank you!


unblock intel-microcode/3.20170511.1

-- 
  Henrique Holschuh
diff -Nru intel-microcode-3.20161104.1/changelog 
intel-microcode-3.20170511.1/changelog
--- intel-microcode-3.20161104.1/changelog  2016-11-09 20:35:10.0 
-0200
+++ intel-microcode-3.20170511.1/changelog  2017-05-13 20:09:28.0 
-0300
@@ -1,3 +1,16 @@
+2017-05-11:
+  * Updated Microcodes:
+sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
+sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
+sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
+sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
+sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624
+sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+
 2016-11-04:
   * New Microcodes:
 sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x70d, size 20480
diff -Nru intel-microcode-3.20161104.1/debian/changelog 
intel-microcode-3.20170511.1/debian/changelog
--- intel-microcode-3.20161104.1/debian/changelog   2016-11-09 
20:35:57.0 -0200
+++ intel-microcode-3.20170511.1/debian/changelog   2017-05-15 
15:12:25.0 -0300
@@ -1,3 +1,45 @@
+intel-microcode (3.20170511.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20170511
++ Updated Microcodes:
+  sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+  sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+  sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+  sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+  sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size

Re: Security fix for FlightGear

2017-05-17 Thread Markus Wanner 
Dear Release Team,

as per Salvatore Bonaccorso, the current security fix doesn't warrant a
DSA on its own (see below). Is it okay to upload to 'stable'? Or how
shall I proceed?

A debdiff is attached.

Kind Regards

Markus Wanner


On 17.05.2017 08:49, Moritz Muehlenhoff wrote:
> On Wed, May 17, 2017 at 07:20:15AM +0200, Salvatore Bonaccorso wrote:
>> Hi Markus,
>>
>> On Fri, May 12, 2017 at 07:57:23PM +0200, Markus Wanner wrote:
>>> Florent,
>>>
>>> On 05/12/2017 07:33 PM, Florent Rougon wrote:
 We'd like to draw your attention on the following fix for FlightGear:
>>>
>>> thanks for your heads-up, I'll take care of preparing an upload for the
>>> affected Debian packages.
>>
>> Thanks. Filled as well #862689 in the BTS in meanwhile.
>>
>> For stable: We think this does need a DSA on its own, can you schedule
> ^ not
> 
> :-)
> 
> Cheers,
> Moritz
> 

diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog   2016-12-14 09:43:00.0 +
+++ flightgear-3.0.0/debian/changelog   2017-05-17 10:46:18.0 +
@@ -1,3 +1,11 @@
+flightgear (3.0.0-5+deb8u2) stable; urgency=high
+
+  * Add patch restrict-save-flightplan-secu-fix-faf872.patch: prevent
+overriding arbitrary files from the "save-flightplan" FGCommand.
+Closes: #862689 (CVE-2017-8921).
+
+ -- Markus Wanner   Tue, 16 May 2017 21:37:27 +0200
+
 flightgear (3.0.0-5+deb8u1) jessie-security; urgency=high
 
   * Add patch route-manager-secu-fix-280cd5.patch (security fix preventing
diff -Nru 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch
--- 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch  
1970-01-01 00:00:00.0 +
+++ 
flightgear-3.0.0/debian/patches/restrict-save-flightplan-secu-fix-faf872.patch  
2017-05-17 09:16:50.0 +
@@ -0,0 +1,36 @@
+Description: Security fix: don't allow overwriting arbitrary files
+ the previous fix 280cd523 missed commandSaveFlightPlan
+ .
+ backported from faf872e7, fixes CVE-2017-8921.
+Author: Rebecca N. Palmer 
+ Florent Rougon 
+Origin: upstream, 
https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/
+
+--- a/src/Autopilot/route_mgr.cxx
 b/src/Autopilot/route_mgr.cxx
+@@ -75,7 +75,24 @@
+ {
+   FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager");
+   SGPath path(arg->getStringValue("path"));
+-  return self->saveRoute(path);
++  const std::string authorizedPath = fgValidatePath(path.realpath(),
++true /* write */);
++
++  if (!authorizedPath.empty()) {
++return self->saveRoute(SGPath(authorizedPath));
++  } else {
++const SGPath proposedPath = SGPath(globals->get_fg_home()) / "Export";
++std::string msg =
++  "The route manager was asked to write the flightplan to '" +
++  path.str() + "', but this path is not authorized for writing. " +
++  "Please choose another location, for instance in the $FG_HOME/Export "
++  "folder (" + proposedPath.str() + ").";
++
++SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
++modalMessageBox("FlightGear", "Unable to write to the specified file",
++msg);
++return false;
++  }
+ }
+ 
+ static bool commandActivateFlightPlan(const SGPropertyNode* arg)
diff -Nru flightgear-3.0.0/debian/patches/series 
flightgear-3.0.0/debian/patches/series
--- flightgear-3.0.0/debian/patches/series  2016-12-14 09:13:44.0 
+
+++ flightgear-3.0.0/debian/patches/series  2017-05-16 20:18:39.0 
+
@@ -5,3 +5,4 @@
 6a30e7.patch
 route-manager-secu-fix-280cd5.patch
 fix-missing-lX11-in-link-commands.patch
+restrict-save-flightplan-secu-fix-faf872.patch


signature.asc
Description: OpenPGP digital signature

Re: binNMU required for softhsm2 backport

2017-05-17 Thread Niels Thykier 
Adrian Bunk:
> #854610 libsofthsm2 is not installable because of wrong libssl dependency
> 
> This looks like being caused by building in an unclean chroot.
> 
> Who is responsible for backports binNMUs, in this case for libsofthsm2 
> on amd64?
> 
> Thanks
> Adrian
> 

Hi,

I would assume that the -backports admins are responsible for
determining if/when a binNMU in backports should happen.
  Whether they have/can get the technical access to do it directly or
have to delegate the actual action is a separate matter.

The documentation for binNMUs[1] should almost certainly be updated to
reflect that we have a separate handling for binNMUs against -backports.
 @backports team: If you have any concrete wishes here, please do let me
know.

Thanks,
~Niels

[1] https://release.debian.org/wanna-build.html

Source: git clone ssh://respighi.d.o/~release/GITREPO
  - file: www/wanna-build.md

Bug#861715: unblock: php-horde-crypt/2.7.5-2

2017-05-17 Thread Niels Thykier 
Mathieu Parent (Debian):
> [...]
> 
> It is non-functionnal, but IMP is functionnal and it depends on it.
> 
> Alternatively, I can remove this dependency, but I have not tested it.
> 
> Regards
> 

Hi,

I prefer we either fix php-horde-crypt or remove it.  If IMP works
without it, then dropping the dependency be worth it.

Thanks,
~Niels

Re: Permission to update OpenVPN with a patch

2017-05-17 Thread Julien Cristau 
On Wed, May 17, 2017 at 20:12:23 +0200, Alberto Gonzalez Iniesta wrote:

> Hi there,
> 
> I've been contacted by a big Debian & OpenVPN user about a bug present
> in Stretch's OpenVPN version and fixed 2 minor reviews later. The bug
> was reported upstream [1] and results in clients not able to use the VPN
> after several reconnects.
> 
> The patch seems nice and clear [2] (and applies cleanly). The bug
> impact could be substantial.
> 
> Would an upload of OpenVPN with it applied be accepted?
> 
Please use the BTS for such requests (with the unblock usertag, just
mentioning you're requesting pre-upload approval), and attach the
proposed debdiff.

[...]
> ps. Please Cc me on replys, since I'm not subscribed to the list

Then you might want to not use "Mail-Followup-To:
debian-release@lists.debian.org" when sending mail to this list :)

Cheers,
Julien

Re: Bug#862243: Just a kind reminder to release team - unblock linux kernel

2017-05-17 Thread Julien Cristau 
On Tue, May 16, 2017 at 23:12:45 +0200, Julien Aubin wrote:

> Hi,
> 
> Just a kind reminder to release team, as d-i release manager has ack the
> fixes by Salvatore could you please unblock the kernel update ?
> 
> As of now Debian testing users are at risk because of many security issues
> which are fixed in this newer kernel release.
> 
> The fixed security issues are mentionned there :
> https://security-tracker.debian.org/tracker/source-package/linux
> 
Please avoid this kind of email, you're not adding any new information
here.

Thanks,
Julien

Bug#862865: unblock: cross-toolchain-base*

2017-05-17 Thread Matthias Klose 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock cross-toolchain-base/18 and cross-toolchain-base-ports/11, fixing
a build error on i386. The packages are built using gcc-6 6.3.0-18, which is not
yet in testing, however they should build with -16 as well.

Bug#862864: unblock: pixbros/0.6.3+dfsg-0.1

2017-05-17 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock


 debian/changelog|   10 ++
 debian/control  |5 ++---
 debian/rules|9 +
 fpg/enemigos.fpg|binary
 fpg/general.fpg |binary
 fpg/intro-de.fpg|binary
 fpg/intro-en.fpg|binary
 fpg/intro-es.fpg|binary
 fpg/intro-fr.fpg|binary
 fpg/intro-it.fpg|binary
 fpg/items.fpg   |binary
 fpg/jefes.fpg   |binary
 fpg/menu-de.fpg |binary
 fpg/menu-en.fpg |binary
 fpg/menu-es.fpg |binary
 fpg/menu-fr.fpg |binary
 fpg/menu-it.fpg |binary
 fpg/menu.fpg|binary
 fpg/pax.fpg |binary
 fpg/pix.fpg |binary
 fpg/pux.fpg |binary
 pixbros.dcb |binary
 recursos/floors/floor21.png |binary
 recursos/floors/floor22.png |binary
 recursos/floors/floor23.png |binary
 recursos/floors/floor24.png |binary
 recursos/floors/floor25.png |binary
 recursos/floors/floor26.png |binary
 recursos/floors/floor27.png |binary
 recursos/floors/floor28.png |binary
 recursos/floors/floor29.png |binary
 recursos/floors/floor30.png |binary
 recursos/floors/floor31.png |binary
 recursos/floors/floor32.png |binary
 recursos/floors/floor33.png |binary
 recursos/floors/floor34.png |binary
 recursos/floors/floor35.png |binary
 recursos/floors/floor36.png |binary
 recursos/floors/floor37.png |binary
 recursos/floors/floor38.png |binary
 recursos/floors/floor39.png |binary
 recursos/floors/floor40.png |binary
 recursos/floors/floor41.png |binary
 recursos/floors/floor42.png |binary
 recursos/floors/floor43.png |binary
 recursos/floors/floor44.png |binary
 recursos/floors/floor45.png |binary
 recursos/floors/floor46.png |binary
 recursos/floors/floor47.png |binary
 recursos/floors/floor48.png |binary
 recursos/floors/floor49.png |binary
 recursos/floors/floor50.png |binary
 52 files changed, 17 insertions(+), 7 deletions(-)

diff -Nru pixbros-0.6.3/debian/changelog pixbros-0.6.3+dfsg/debian/changelog
--- pixbros-0.6.3/debian/changelog  2017-05-17 09:56:05.0 +0300
+++ pixbros-0.6.3+dfsg/debian/changelog 2017-05-17 09:56:07.0 +0300
@@ -1,3 +1,13 @@
+pixbros (0.6.3+dfsg-0.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Repackaged to remove generated files and copyright violations
+from the upstream sources. (Closes: #861612)
+  * Switch package from binary-all to being built on the architectures
+where fenix is available. (Closes: #534058, #859049)
+
+ -- Adrian Bunk   Tue, 16 May 2017 21:14:57 +0300
+
 pixbros (0.6.3-2) unstable; urgency=low
 
   * Team upload.
diff -Nru pixbros-0.6.3/debian/control pixbros-0.6.3+dfsg/debian/control
--- pixbros-0.6.3/debian/control2017-05-17 09:56:05.0 +0300
+++ pixbros-0.6.3+dfsg/debian/control   2017-05-17 09:56:07.0 +0300
@@ -3,15 +3,14 @@
 Priority: optional
 Maintainer: Debian Games Team 
 Uploaders: Miriam Ruiz , Barry deFreese 

-Build-Depends: debhelper (>= 5), quilt
-Build-Depends-Indep: fenix, fenix-plugins-system
+Build-Depends: debhelper (>= 5), quilt, fenix, fenix-plugins-system
 Standards-Version: 3.8.1
 Homepage: http://www.pixjuegos.com/?q=node/56
 Vcs-Svn: svn://anonscm.debian.org/pkg-games/packages/trunk/pixbros/
 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-games/packages/trunk/pixbros/
 
 Package: pixbros
-Architecture: all
+Architecture: armel armhf hppa hurd-i386 i386 kfreebsd-i386 m68k mips mipsel 
powerpc sh4
 Depends: fenix, fenix-plugins-system, ${misc:Depends}
 Description: 2D game inspired in Bubble Bobble, Snow Bros and Tumble Pop
  PIX Bros is a platform game inspired in three different historical arcade
diff -Nru pixbros-0.6.3/debian/rules pixbros-0.6.3+dfsg/debian/rules
--- pixbros-0.6.3/debian/rules  2017-05-17 09:56:05.0 +0300
+++ pixbros-0.6.3+dfsg/debian/rules 2017-05-17 09:56:07.0 +0300
@@ -41,8 +41,8 @@
dh_installdirs
chmod +x debian/*.sh
 
-# Build architecture-independent files here.
-binary-indep: build install
+# Build architecture-dependent files here.
+binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs 
@@ -61,8 +61,8 @@
dh_md5sums
dh_builddeb
 
-# Build architecture-dependent files here.
-binary-arch:
+# Build architecture-independent files here.
+binary-indep:
 
 binary: binary-indep binary-arch
 
@@ -76,6 +76,7 @@
rm pixbros-0.6.3.tar.bz2 recursospixbros.tar.bz2
rm -f ../pixbros_0.6.3.orig.tar.gz
rm -f `find pixbros -name "Thumbs.db"`
+   rm -rf fpg/* pixbros.dcb recursos/floors
mv pixbros pixbros-0.6.3
tar cvfz ../pixbros_0.6.3.orig.tar.gz pixbros-0.6.3
rm -r

Bug#862863: unblock: pixfrogger/1.0+dfsg-0.1

2017-05-17 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock


 debian/changelog|9 +
 debian/control  |6 ++
 debian/rules|5 -
 debian/source/lintian-overrides |   10 --
 exec.so |binary
 fpg/pixfrogger.fpg  |binary
 pixfrogger  |binary
 pixfrogger.dcb  |binary
 src/exec.so |binary
 src/fxc |binary
 10 files changed, 11 insertions(+), 19 deletions(-)

diff -Nru pixfrogger-1.0/debian/changelog pixfrogger-1.0+dfsg/debian/changelog
--- pixfrogger-1.0/debian/changelog 2016-05-24 08:31:43.0 +0300
+++ pixfrogger-1.0+dfsg/debian/changelog2017-05-16 20:57:04.0 
+0300
@@ -1,3 +1,12 @@
+pixfrogger (1.0+dfsg-0.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Repackaged to remove binary files from upstream sources.
+  * Switch package from binary-all to being built on the architectures
+where fenix is available. (Closes: #859051, #861605)
+
+ -- Adrian Bunk   Tue, 16 May 2017 20:57:04 +0300
+
 pixfrogger (1.0-4) unstable; urgency=medium
 
   * Team upload.
diff -Nru pixfrogger-1.0/debian/control pixfrogger-1.0+dfsg/debian/control
--- pixfrogger-1.0/debian/control   2016-05-24 08:18:03.0 +0300
+++ pixfrogger-1.0+dfsg/debian/control  2017-05-16 20:57:04.0 +0300
@@ -3,16 +3,14 @@
 Priority: optional
 Maintainer: Debian Games Team 
 Uploaders: Miriam Ruiz , Barry deFreese 

-Build-Depends: debhelper (>= 9)
-Build-Depends-Indep: fenix, fenix-plugins-system
+Build-Depends: debhelper (>= 9), fenix, fenix-plugins-system
 Standards-Version: 3.9.8
 Homepage: http://www.pixjuegos.com/?q=node/63
 Vcs-Svn: svn://anonscm.debian.org/pkg-games/packages/trunk/pixfrogger/
 Vcs-Browser: 
https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/pixfrogger/
-XS-Build-Indep-Architecture: i386
 
 Package: pixfrogger
-Architecture: all
+Architecture: armel armhf hppa hurd-i386 i386 kfreebsd-i386 m68k mips mipsel 
powerpc sh4
 Depends: fenix, fenix-plugins-system, ${misc:Depends}
 Description: help the frog cross the street
  PiX Frogger is a clone of the classic game Frogger, in which you must help
diff -Nru pixfrogger-1.0/debian/rules pixfrogger-1.0+dfsg/debian/rules
--- pixfrogger-1.0/debian/rules 2016-05-24 08:15:44.0 +0300
+++ pixfrogger-1.0+dfsg/debian/rules2017-05-16 20:57:04.0 +0300
@@ -3,11 +3,6 @@
 %:
dh $@
 
-override_dh_clean:
-   $(RM) -f pixfrogger.dcb fpg/pixfrogger.fpg
-   $(RM) -f pixfrogger exec.so src/exec.so src/fxc
-   dh_clean
-
 override_dh_auto_build:
cd fpg-sources && cmd="fenix-fpg -n ../fpg/pixfrogger.fpg " ; \
for i in `ls *.png | sort -g` ; \
diff -Nru pixfrogger-1.0/debian/source/lintian-overrides 
pixfrogger-1.0+dfsg/debian/source/lintian-overrides
--- pixfrogger-1.0/debian/source/lintian-overrides  2016-05-24 
08:29:36.0 +0300
+++ pixfrogger-1.0+dfsg/debian/source/lintian-overrides 1970-01-01 
02:00:00.0 +0200
@@ -1,10 +0,0 @@
-# Sources are located in fpg-sources/ and src/.
-# All prebuilt binaries are removed by debian/rules clean prior to building.
-source-is-missing pixfrogger
-source-is-missing exec.so
-source-is-missing src/exec.so
-source-is-missing src/fxc
-source-contains-prebuilt-binary pixfrogger
-source-contains-prebuilt-binary exec.so
-source-contains-prebuilt-binary src/exec.so
-source-contains-prebuilt-binary src/fxc
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/exec.so and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/exec.so differ
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/fpg/pixfrogger.fpg and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/fpg/pixfrogger.fpg differ
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/pixfrogger and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/pixfrogger differ
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/pixfrogger.dcb and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/pixfrogger.dcb differ
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/src/exec.so and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/src/exec.so differ
Binary files /tmp/6d1wSJy2ct/pixfrogger-1.0/src/fxc and 
/tmp/jlVshRGFZB/pixfrogger-1.0+dfsg/src/fxc differ

Bug#862772: marked as done (unblock: imagemagick/8:6.9.7.4+dfsg-8)

2017-05-17 Thread Debian Bug Tracking System 
Your message dated Wed, 17 May 2017 20:07:00 +
with message-id 
and subject line Re: Bug#862772: unblock: imagemagick/8:6.9.7.4+dfsg-8
has caused the Debian Bug report #862772,
regarding unblock: imagemagick/8:6.9.7.4+dfsg-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862772
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package imagemagick

This fix more than 10 security bugs and a RC bug due to built-using

unblock imagemagick/8:6.9.7.4+dfsg-8

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-rt-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Bastien Roucariès:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package imagemagick
> 
> This fix more than 10 security bugs and a RC bug due to built-using
> 
> unblock imagemagick/8:6.9.7.4+dfsg-8
> 
> [...]

Unblocked, thanks.

~Niels--- End Message ---

Bug#862833: marked as done (unblock: haproxy/1.7.5-2)

2017-05-17 Thread Debian Bug Tracking System 
Your message dated Wed, 17 May 2017 19:57:00 +
with message-id <09a25c55-f3a9-6a49-592f-e19ab63f1...@thykier.net>
and subject line Re: Bug#862833: unblock: haproxy/1.7.5-2
has caused the Debian Bug report #862833,
regarding unblock: haproxy/1.7.5-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862833: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package haproxy.

The version in unstable enables the use of getaddrinfo() (instead of 
gethostbyname()) for hostname resolution, thus enabling IPv6 support 
when resolving backend addresses (see #862780). Enabling the use of 
getaddrinfo injects the following code in the hostname resolution path 
(src/standard.c):

 #ifdef USE_GETADDRINFO
 if (global.tune.options & GTUNE_USE_GAI) {
 struct addrinfo hints, *result;
 
 memset(, 0, sizeof(result));
 memset(, 0, sizeof(hints));
 hints.ai_family = sa->ss_family ? sa->ss_family : AF_UNSPEC;
 hints.ai_socktype = SOCK_DGRAM;
 hints.ai_flags = 0;
 hints.ai_protocol = 0;
 
 if (getaddrinfo(str, NULL, , ) == 0) {
 if (!sa->ss_family || sa->ss_family == AF_UNSPEC)
 sa->ss_family = result->ai_family;
 else if (sa->ss_family != result->ai_family)
 goto fail;
 
 switch (result->ai_family) {
 case AF_INET:
 memcpy((struct sockaddr_in *)sa, 
result->ai_addr, result->ai_addrlen);
 set_host_port(sa, port);
 return sa;
 case AF_INET6:
 memcpy((struct sockaddr_in6 *)sa, 
result->ai_addr, result->ai_addrlen);
 set_host_port(sa, port);
 return sa;
 }
 }
 
 if (result)
 freeaddrinfo(result);
 }
 #endif

We would like to have this change migrate to Stretch, as full IPv6 support has
been a long-standing project goal and the change is not expected to have 
any negative side-effects.

Full source debdiff attached.

Thanks,
Apollon

unblock haproxy/1.7.5-2
diff -Nru haproxy-1.7.5/debian/changelog haproxy-1.7.5/debian/changelog
--- haproxy-1.7.5/debian/changelog	2017-04-04 14:25:38.0 +0300
+++ haproxy-1.7.5/debian/changelog	2017-05-17 13:01:45.0 +0300
@@ -1,3 +1,11 @@
+haproxy (1.7.5-2) unstable; urgency=medium
+
+  * Enable getaddrinfo() support, allowing resolution of hostnames to IPv6
+addresses (Closes: #862780). Thanks to Anton Eliasson
+!
+
+ -- Apollon Oikonomopoulos   Wed, 17 May 2017 13:01:45 +0300
+
 haproxy (1.7.5-1) unstable; urgency=medium
 
   * New upstream version release (see CHANGELOG):
diff -Nru haproxy-1.7.5/debian/rules haproxy-1.7.5/debian/rules
--- haproxy-1.7.5/debian/rules	2017-04-04 14:25:27.0 +0300
+++ haproxy-1.7.5/debian/rules	2017-05-17 12:58:07.0 +0300
@@ -12,6 +12,7 @@
 	 USE_OPENSSL=1 \
 	 USE_ZLIB=1 \
 	 USE_LUA=1 \
+	 USE_GETADDRINFO=1 \
 	 LUA_INC=/usr/include/lua5.3
 
 OS_TYPE = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
--- End Message ---
--- Begin Message ---
Apollon Oikonomopoulos:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear Release Team,
> 
> Please unblock package haproxy.
> 
> [...]
> 
> Full source debdiff attached.
> 
> Thanks,
> Apollon
> 
> unblock haproxy/1.7.5-2
> 

Unblocked, thanks.

~Niels--- End Message ---

Bug#862831: marked as done (unblock: tpm-tools/1.3.9.1-0.1)

2017-05-17 Thread Debian Bug Tracking System 
Your message dated Wed, 17 May 2017 19:52:00 +
with message-id 
and subject line Re: Bug#862831: unblock: tpm-tools/1.3.9.1-0.1
has caused the Debian Bug report #862831,
regarding unblock: tpm-tools/1.3.9.1-0.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862831
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package tpm-tools

I've uploaded tpm-tools 1.3.9.1-0.1 to unstable.

This version fixes a segfault in tpm_sealdata command.

$ debdiff tpm-tools_1.3.9-0.1.dsc tpm-tools_1.3.9.1-0.1.dsc |diffstat 
 config.h.in~|  114 
 debian/changelog|   10 
 debian/control  |2 
 lib/Makefile.am |2 
 lib/Makefile.in |2 
 lib/tpm_unseal.c|2 
 po/stamp-po |1 
 src/cmds/tpm_sealdata.c |2 
 8 files changed, 15 insertions(+), 120 deletions(-)

unblock tpm-tools/1.3.9.1-0.1

Cheers,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru tpm-tools-1.3.9/config.h.in~ tpm-tools-1.3.9.1/config.h.in~
--- tpm-tools-1.3.9/config.h.in~2016-11-17 20:42:24.0 +0100
+++ tpm-tools-1.3.9.1/config.h.in~  1970-01-01 01:00:00.0 +0100
@@ -1,114 +0,0 @@
-/* config.h.in.  Generated from configure.ac by autoheader.  */
-
-/* Define to 1 if translation of program messages to the user's native
-   language is requested. */
-#undef ENABLE_NLS
-
-/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
-   CoreFoundation framework. */
-#undef HAVE_CFLOCALECOPYCURRENT
-
-/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
-   the CoreFoundation framework. */
-#undef HAVE_CFPREFERENCESCOPYAPPVALUE
-
-/* Define if the GNU dcgettext() function is already present or preinstalled.
-   */
-#undef HAVE_DCGETTEXT
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_DLFCN_H
-
-/* Define if the GNU gettext() function is already present or preinstalled. */
-#undef HAVE_GETTEXT
-
-/* Define if you have the iconv() function. */
-#undef HAVE_ICONV
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you support file names longer than 14 characters. */
-#undef HAVE_LONG_FILE_NAMES
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_MEMORY_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#undef LT_OBJDIR
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Version number of package */
-#undef VERSION
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if  doesn't define. */
-#undef gid_t
-
-/* Define to `__inline__' or `__inline' if that's what the C compiler
-   calls it, or to nothing if 'inline' is not supported under any name.  */
-#ifndef __cplusplus
-#undef

Bug#862832: marked as done (unblock: minissdpd/1.2.20130907-4.1)

2017-05-17 Thread Debian Bug Tracking System 
Your message dated Wed, 17 May 2017 19:54:00 +
with message-id <617aba93-5daf-7405-1c15-08b3c75fb...@thykier.net>
and subject line Re: Bug#862832: unblock: minissdpd/1.2.20130907-4.1
has caused the Debian Bug report #862832,
regarding unblock: minissdpd/1.2.20130907-4.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package minissdpd

In version 1.2.20130907-4, After=network-online.target was added in the
.service file, see #861231.

The problem is that network-online.target is not pulled in the
dependency chain by default, so "Wants=network-online.target" is also
needed.

In the old LSB initscript, there was also a "Should-Start: $network",
After/Wants=network-online.target is the equivalant for systemd.

$ debdiff minissdpd_1.2.20130907-4.dsc minissdpd_1.2.20130907-4.1.dsc
diff -Nru minissdpd-1.2.20130907/debian/changelog 
minissdpd-1.2.20130907/debian/changelog
--- minissdpd-1.2.20130907/debian/changelog 2017-04-26 17:07:25.0 
+0200
+++ minissdpd-1.2.20130907/debian/changelog 2017-05-08 16:12:09.0 
+0200
@@ -1,3 +1,12 @@
+minissdpd (1.2.20130907-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Also add Wants=network-online.target in the .service file,
+network-online.target is not part of the default dependency chain, this
+should really (Closes: #861231)
+
+ -- Laurent Bigonville   Mon, 08 May 2017 16:12:09 +0200
+
 minissdpd (1.2.20130907-4) unstable; urgency=medium
 
   * Add After=network-online.target in the .service file (Closes: #861231).
diff -Nru minissdpd-1.2.20130907/debian/minissdpd.service 
minissdpd-1.2.20130907/debian/minissdpd.service
--- minissdpd-1.2.20130907/debian/minissdpd.service 2017-04-26 
17:07:25.0 +0200
+++ minissdpd-1.2.20130907/debian/minissdpd.service 2017-05-08 
16:12:05.0 +0200
@@ -2,6 +2,7 @@
 Description=keep memory of all UPnP devices that announced themselves
 Documentation=man:minissdpd(1)
 After=network-online.target
+Wants=network-online.target
 
 [Service]
 Type=forking

unblock minissdpd/1.2.20130907-4.1

Thanks,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Laurent Bigonville:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> Please unblock package minissdpd
> 
> In version 1.2.20130907-4, After=network-online.target was added in the
> .service file, see #861231.
> 
> The problem is that network-online.target is not pulled in the
> dependency chain by default, so "Wants=network-online.target" is also
> needed.
> 
> In the old LSB initscript, there was also a "Should-Start: $network",
> After/Wants=network-online.target is the equivalant for systemd.
> 
> [...]
> 
> unblock minissdpd/1.2.20130907-4.1
> 
> Thanks,
> 
> Laurent Bigonville
> 
> [...]


Unblocked, thanks.

~Niels--- End Message ---

Permission to update OpenVPN with a patch

2017-05-17 Thread Alberto Gonzalez Iniesta 
Hi there,

I've been contacted by a big Debian & OpenVPN user about a bug present
in Stretch's OpenVPN version and fixed 2 minor reviews later. The bug
was reported upstream [1] and results in clients not able to use the VPN
after several reconnects.

The patch seems nice and clear [2] (and applies cleanly). The bug
impact could be substantial.

Would an upload of OpenVPN with it applied be accepted?


Thanks,

Alberto


[1] https://community.openvpn.net/openvpn/ticket/879
[2] 
https://community.openvpn.net/openvpn/changeset/03d01f4f69cfc6768343b9f0f2dde2049e4882d2/


ps. Please Cc me on replys, since I'm not subscribed to the list
-- 
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

Bug#862833: unblock: haproxy/1.7.5-2

2017-05-17 Thread Apollon Oikonomopoulos 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package haproxy.

The version in unstable enables the use of getaddrinfo() (instead of 
gethostbyname()) for hostname resolution, thus enabling IPv6 support 
when resolving backend addresses (see #862780). Enabling the use of 
getaddrinfo injects the following code in the hostname resolution path 
(src/standard.c):

 #ifdef USE_GETADDRINFO
 if (global.tune.options & GTUNE_USE_GAI) {
 struct addrinfo hints, *result;
 
 memset(, 0, sizeof(result));
 memset(, 0, sizeof(hints));
 hints.ai_family = sa->ss_family ? sa->ss_family : AF_UNSPEC;
 hints.ai_socktype = SOCK_DGRAM;
 hints.ai_flags = 0;
 hints.ai_protocol = 0;
 
 if (getaddrinfo(str, NULL, , ) == 0) {
 if (!sa->ss_family || sa->ss_family == AF_UNSPEC)
 sa->ss_family = result->ai_family;
 else if (sa->ss_family != result->ai_family)
 goto fail;
 
 switch (result->ai_family) {
 case AF_INET:
 memcpy((struct sockaddr_in *)sa, 
result->ai_addr, result->ai_addrlen);
 set_host_port(sa, port);
 return sa;
 case AF_INET6:
 memcpy((struct sockaddr_in6 *)sa, 
result->ai_addr, result->ai_addrlen);
 set_host_port(sa, port);
 return sa;
 }
 }
 
 if (result)
 freeaddrinfo(result);
 }
 #endif

We would like to have this change migrate to Stretch, as full IPv6 support has
been a long-standing project goal and the change is not expected to have 
any negative side-effects.

Full source debdiff attached.

Thanks,
Apollon

unblock haproxy/1.7.5-2
diff -Nru haproxy-1.7.5/debian/changelog haproxy-1.7.5/debian/changelog
--- haproxy-1.7.5/debian/changelog	2017-04-04 14:25:38.0 +0300
+++ haproxy-1.7.5/debian/changelog	2017-05-17 13:01:45.0 +0300
@@ -1,3 +1,11 @@
+haproxy (1.7.5-2) unstable; urgency=medium
+
+  * Enable getaddrinfo() support, allowing resolution of hostnames to IPv6
+addresses (Closes: #862780). Thanks to Anton Eliasson
+!
+
+ -- Apollon Oikonomopoulos   Wed, 17 May 2017 13:01:45 +0300
+
 haproxy (1.7.5-1) unstable; urgency=medium
 
   * New upstream version release (see CHANGELOG):
diff -Nru haproxy-1.7.5/debian/rules haproxy-1.7.5/debian/rules
--- haproxy-1.7.5/debian/rules	2017-04-04 14:25:27.0 +0300
+++ haproxy-1.7.5/debian/rules	2017-05-17 12:58:07.0 +0300
@@ -12,6 +12,7 @@
 	 USE_OPENSSL=1 \
 	 USE_ZLIB=1 \
 	 USE_LUA=1 \
+	 USE_GETADDRINFO=1 \
 	 LUA_INC=/usr/include/lua5.3
 
 OS_TYPE = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)

Bug#862832: unblock: minissdpd/1.2.20130907-4.1

2017-05-17 Thread Laurent Bigonville 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package minissdpd

In version 1.2.20130907-4, After=network-online.target was added in the
.service file, see #861231.

The problem is that network-online.target is not pulled in the
dependency chain by default, so "Wants=network-online.target" is also
needed.

In the old LSB initscript, there was also a "Should-Start: $network",
After/Wants=network-online.target is the equivalant for systemd.

$ debdiff minissdpd_1.2.20130907-4.dsc minissdpd_1.2.20130907-4.1.dsc
diff -Nru minissdpd-1.2.20130907/debian/changelog 
minissdpd-1.2.20130907/debian/changelog
--- minissdpd-1.2.20130907/debian/changelog 2017-04-26 17:07:25.0 
+0200
+++ minissdpd-1.2.20130907/debian/changelog 2017-05-08 16:12:09.0 
+0200
@@ -1,3 +1,12 @@
+minissdpd (1.2.20130907-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Also add Wants=network-online.target in the .service file,
+network-online.target is not part of the default dependency chain, this
+should really (Closes: #861231)
+
+ -- Laurent Bigonville   Mon, 08 May 2017 16:12:09 +0200
+
 minissdpd (1.2.20130907-4) unstable; urgency=medium
 
   * Add After=network-online.target in the .service file (Closes: #861231).
diff -Nru minissdpd-1.2.20130907/debian/minissdpd.service 
minissdpd-1.2.20130907/debian/minissdpd.service
--- minissdpd-1.2.20130907/debian/minissdpd.service 2017-04-26 
17:07:25.0 +0200
+++ minissdpd-1.2.20130907/debian/minissdpd.service 2017-05-08 
16:12:05.0 +0200
@@ -2,6 +2,7 @@
 Description=keep memory of all UPnP devices that announced themselves
 Documentation=man:minissdpd(1)
 After=network-online.target
+Wants=network-online.target
 
 [Service]
 Type=forking

unblock minissdpd/1.2.20130907-4.1

Thanks,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#862831: unblock: tpm-tools/1.3.9.1-0.1

2017-05-17 Thread Laurent Bigonville 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package tpm-tools

I've uploaded tpm-tools 1.3.9.1-0.1 to unstable.

This version fixes a segfault in tpm_sealdata command.

$ debdiff tpm-tools_1.3.9-0.1.dsc tpm-tools_1.3.9.1-0.1.dsc |diffstat 
 config.h.in~|  114 
 debian/changelog|   10 
 debian/control  |2 
 lib/Makefile.am |2 
 lib/Makefile.in |2 
 lib/tpm_unseal.c|2 
 po/stamp-po |1 
 src/cmds/tpm_sealdata.c |2 
 8 files changed, 15 insertions(+), 120 deletions(-)

unblock tpm-tools/1.3.9.1-0.1

Cheers,

Laurent Bigonville

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru tpm-tools-1.3.9/config.h.in~ tpm-tools-1.3.9.1/config.h.in~
--- tpm-tools-1.3.9/config.h.in~2016-11-17 20:42:24.0 +0100
+++ tpm-tools-1.3.9.1/config.h.in~  1970-01-01 01:00:00.0 +0100
@@ -1,114 +0,0 @@
-/* config.h.in.  Generated from configure.ac by autoheader.  */
-
-/* Define to 1 if translation of program messages to the user's native
-   language is requested. */
-#undef ENABLE_NLS
-
-/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
-   CoreFoundation framework. */
-#undef HAVE_CFLOCALECOPYCURRENT
-
-/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
-   the CoreFoundation framework. */
-#undef HAVE_CFPREFERENCESCOPYAPPVALUE
-
-/* Define if the GNU dcgettext() function is already present or preinstalled.
-   */
-#undef HAVE_DCGETTEXT
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_DLFCN_H
-
-/* Define if the GNU gettext() function is already present or preinstalled. */
-#undef HAVE_GETTEXT
-
-/* Define if you have the iconv() function. */
-#undef HAVE_ICONV
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you support file names longer than 14 characters. */
-#undef HAVE_LONG_FILE_NAMES
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_MEMORY_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the  header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#undef LT_OBJDIR
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Version number of package */
-#undef VERSION
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if  doesn't define. */
-#undef gid_t
-
-/* Define to `__inline__' or `__inline' if that's what the C compiler
-   calls it, or to nothing if 'inline' is not supported under any name.  */
-#ifndef __cplusplus
-#undef inline
-#endif
-
-/* Define to `int' if  does not define. */
-#undef mode_t
-
-/* Define to `long int' if  does not define. */
-#undef off_t
-
-/* Define to `int' if  does not define. */
-#undef pid_t
-
-/* Define to `unsigned int' if  does not define. */
-#undef size_t
-
-/* Define to `int' if  doesn't define. */
-#undef uid_t
diff -Nru tpm-tools-1.3.9/debian/changelog tpm-tools-1.3.9.1/debian/changelog
--- tpm-tools-1.3.9/debian/changelog2017-02-05 23:24:09.0 +0100
+++ tpm-tools-1.3.9.1/debian/changelog  2017-05-13 13:55:08.0 +0200
@@ -1,3 +1,13 @@
+tpm-tools (1.3.9.1-0.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream release
+- Fix segfault in tpm_sealdata (Closes: #854708)
+  * debian/control: Use ${misc:Pre-Depends} instead of (Pre-) depending on
+multiarch-support explicitly
+
+ --

Re: Bug#862801: reportbug should stop offering wheezy-pu

2017-05-17 Thread Sandro Tosi 
> $ reportbug release.debian.org
> ...
> What sort of request is this? (If none of these things mean anything to you, 
> or you are trying to report a bug in an existing package, please
> press Enter to exit reportbug.)
>
> 1 binnmu  binNMU requests
> 2 britney testing migration script bugs
> 3 jessie-pu   jessie proposed updates requests
> 4 other   None of the other options
> 5 rm  Stable/Testing removal requests
> 6 transition  transition tracking
> 7 unblock unblock requests
> 8 wheezy-pu   wheezy proposed updates requests
>
> Choose the request type:
>
>
> wheezy is now maintained by the LTS team, and there are no longer
> any wheezy-pu updates throught the release team.

In principle it makes sense to me, but given this is RT-land, i'd
rather them ack it explicitly (added in CC)

Release team: do you want to add a `stretch-pu` at the same time, so
that we'll have a reportbug in stretch with that option too? (or is it
too early?)

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi

Bug#861900:

2017-05-17 Thread PICCA Frederic-Emmanuel 
Hello,

I just wanted to send a ping and to add the information that this patch was 
provided by the upstream of sardana.

thanks

Frédéric

Bug#862811: jessie-pu: package libevhtp/1.2.9-1+deb8u1

2017-05-17 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu


 changelog |8 
 control   |3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff -Nru libevhtp-1.2.9/debian/changelog libevhtp-1.2.9/debian/changelog
--- libevhtp-1.2.9/debian/changelog 2014-05-25 14:54:39.0 +0300
+++ libevhtp-1.2.9/debian/changelog 2017-05-17 14:27:08.0 +0300
@@ -1,3 +1,11 @@
+libevhtp (1.2.9-1+deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Make libevhtp-dev depend on libonig-dev. (Closes: #788862)
+  * Suggest libevhtp-doc when installing libevhtp-dev. (Closes: #849603)
+
+ -- Adrian Bunk   Wed, 17 May 2017 14:22:39 +0300
+
 libevhtp (1.2.9-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libevhtp-1.2.9/debian/control libevhtp-1.2.9/debian/control
--- libevhtp-1.2.9/debian/control   2014-05-25 14:54:39.0 +0300
+++ libevhtp-1.2.9/debian/control   2017-05-17 14:26:37.0 +0300
@@ -32,7 +32,8 @@
 Package: libevhtp-dev
 Section: libdevel
 Architecture: any
-Depends: libevhtp0 (= ${binary:Version}), ${misc:Depends}
+Depends: libevhtp0 (= ${binary:Version}), libonig-dev, ${misc:Depends}
+Suggests: libevhtp-doc
 Description: Libevent based HTTP API - development files
  Libevent's http interface was created as a JIT server, never meant to
  be a full-fledged HTTP service.  This library attempts to improve on

Bug#862810: unblock: sssd/1.15.2-1

2017-05-17 Thread Timo Aaltonen 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package sssd

1.15.2 bugfix release has been in unstable for roughly two months now
without any new bugs filed against it. While it also adds new features,
we do not enable any of the new stuff by default, so the actual diff
(bugfixes) is much smaller.

Snippets from upstream release notes:

SSSD 1.15.1
===
Tickets Fixed
-
 * https://pagure.io/SSSD/sssd/issue/3112 - When sssd.conf is missing, create 
one with id_provider=files 
 * https://pagure.io/SSSD/sssd/issue/3220 - Improve successful Dynamic DNS 
update log messages
 * https://pagure.io/SSSD/sssd/issue/3227 - sssd doesn't update PTR records if 
A/PTR zones are configured as non-secure and secure 
 * https://pagure.io/SSSD/sssd/issue/3230 - Use the same logic for matching GC 
results in initgroups and user lookups 
 * https://pagure.io/SSSD/sssd/issue/3260 - handle default_domain_suffix for 
ssh requests with default_domain_suffix 
 * https://pagure.io/SSSD/sssd/issue/3262 - Implement a files provider to 
mirror the contents of /etc/passwd and /etc/groups 
 * https://pagure.io/SSSD/sssd/issue/3270 - [RFE] Add PKINIT support to SSSD 
Kerberos proivder 
 * https://pagure.io/SSSD/sssd/issue/3298 - Socket activation of SSSD doesn't 
work and leads to chaos 
 * https://pagure.io/SSSD/sssd/issue/3299 - SSSD does not start if using only 
the local provider and services line is empty 
 * https://pagure.io/SSSD/sssd/issue/3300 - Avoid running two instances of the 
same service 
 * https://pagure.io/SSSD/sssd/issue/3309 - Coverity warns about an unused 
value in IPA sudo code 
 * https://pagure.io/SSSD/sssd/issue/3313 - cache_req should use an negative 
cache entry for UPN based lookups 
 * https://pagure.io/SSSD/sssd/issue/2984 - Don't prompt for password if there 
is already one on the stack 
 * https://pagure.io/SSSD/sssd/issue/1126 - Reuse cache_req() in responder code 

SSSD 1.15.2
===
Tickets Fixed
-
 *  - Newline characters (\n) must be 
sanitized before LDAP requests take place
 *  - sssd-secrets doesn't exit on idle 
 *  - sssd ignores entire groups from 
proxy provider if one member is listed twice 
 *  - when group is invalidated using 
sss_cache dataExpireTimestamp entry in the domain and timestamps cache are 
inconsistent 
 *  - [RFE] Add more flexible 
templating for override_homedir config option 
 *  - Make it possible to configure AD 
subdomain in the server mode 
 *  - chown in ExecStartPre of 
sssd-nss.service hangs forever 
 *   - Login time increases strongly if 
more than one domain is configured 
 *  - use the sss_parse_inp request in 
other responders than dbus 


packaging debdiff explained:
- adcli got added to Recommends to work around a bug, which has since
  been fixed upstream, so can be demoted to Suggests
  https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1590471
- krb5 locator plugin path was wrong, oops
  https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1664566
- upstream switched to pagure.io
- add packaging for the new stuff, still not enabled by default so is
  risk-free to add

diff --git a/debian/changelog b/debian/changelog
index 4ac67c9..8bc5099 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+sssd (1.15.2-1) unstable; urgency=medium
+
+  * New upstream release.
+  * control: Demote adcli to sssd-ad suggests.
+  * rules, common.install: Fix sssd_krb5_locator_plugin install path.
+(LP: #1664566)
+  * control, copyright, watch: Update upstream URLs.
+  * common.install: Add libsss_files and socket activation helper.
+
+ -- Timo Aaltonen   Mon, 20 Mar 2017 15:17:19 +0200
+
 sssd (1.15.0-3) unstable; urgency=medium
 
   * rules, install: Remove responder service and socket files for now, the
diff --git a/debian/control b/debian/control
index ea5f673..cf628d9 100644
--- a/debian/control
+++ b/debian/control
@@ -66,7 +66,7 @@ X-Python3-Version: >= 3.3
 Standards-Version: 3.9.6
 Vcs-Git: git://anonscm.debian.org/pkg-sssd/sssd.git
 Vcs-Browser: http://anonscm.debian.org/cgit/pkg-sssd/sssd.git
-Homepage: https://fedorahosted.org/sssd/
+Homepage: https://pagure.io/SSSD/sssd/
 
 Package: sssd
 Section: metapackages
@@ -121,7 +121,7 @@ Depends:
  sssd-krb5-common (= ${binary:Version}),
  ${misc:Depends},
  ${shlibs:Depends}
-Recommends:
+Suggests:
  adcli,
 Breaks: sssd (<< 1.10.0~beta2-1)
 Replaces: sssd (<< 1.10.0~beta2-1)
diff --git a/debian/copyright b/debian/copyright
index aba62b8..4a80961 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,7 +1,7 @@

Bug#862801: reportbug should stop offering wheezy-pu

2017-05-17 Thread Adrian Bunk 
Package: reportbug
Version: 7.1.6
Severity: normal

$ reportbug release.debian.org
...
What sort of request is this? (If none of these things mean anything to you, or 
you are trying to report a bug in an existing package, please
press Enter to exit reportbug.)

1 binnmu  binNMU requests
2 britney testing migration script bugs
3 jessie-pu   jessie proposed updates requests
4 other   None of the other options
5 rm  Stable/Testing removal requests
6 transition  transition tracking
7 unblock unblock requests
8 wheezy-pu   wheezy proposed updates requests

Choose the request type:


wheezy is now maintained by the LTS team, and there are no longer
any wheezy-pu updates throught the release team.

Bug#862800: jessie-pu: package etherpuppet/0.3-3~deb8u1

2017-05-17 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu


 changelog |   14 ++
 patches/fix-char-signedness.patch |   15 +++
 patches/series|1 +
 3 files changed, 30 insertions(+)

diff -Nru etherpuppet-0.3/debian/changelog etherpuppet-0.3/debian/changelog
--- etherpuppet-0.3/debian/changelog2012-04-01 11:23:32.0 +0300
+++ etherpuppet-0.3/debian/changelog2017-05-17 12:33:06.0 +0300
@@ -1,3 +1,17 @@
+etherpuppet (0.3-3~deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for jessie.
+
+ -- Adrian Bunk   Wed, 17 May 2017 12:32:33 +0300
+
+etherpuppet (0.3-3) unstable; urgency=low
+
+  * Apply upstream fix to make package usable on systems with unsigned
+char. Patch from Peter Michael Green. Closes: #861366.
+
+ -- Vincent Bernat   Sat, 29 Apr 2017 12:56:45 +0200
+
 etherpuppet (0.3-2) unstable; urgency=low
 
   * Fix "build-arch" target being empty. Closes: #666313.
diff -Nru etherpuppet-0.3/debian/patches/fix-char-signedness.patch 
etherpuppet-0.3/debian/patches/fix-char-signedness.patch
--- etherpuppet-0.3/debian/patches/fix-char-signedness.patch1970-01-01 
02:00:00.0 +0200
+++ etherpuppet-0.3/debian/patches/fix-char-signedness.patch2017-04-29 
13:56:45.0 +0300
@@ -0,0 +1,15 @@
+Description: Apply upstream fix to make package usable on systems with 
unsigned char.
+Author: Peter Michael Green 
+
+--- etherpuppet-0.3.orig/etherpuppet.c
 etherpuppet-0.3/etherpuppet.c
+@@ -227,7 +227,8 @@ int main(int argc, char *argv[])
+   struct sigaction sa;
+ 
+ 
+-  char c, *p, *ip, *manual_bpf_arg;
++int c;
++  char *p, *ip, *manual_bpf_arg;
+   unsigned char buf[MTU+4];
+   char *iface = NULL;
+   fd_set readset;
diff -Nru etherpuppet-0.3/debian/patches/series 
etherpuppet-0.3/debian/patches/series
--- etherpuppet-0.3/debian/patches/series   1970-01-01 02:00:00.0 
+0200
+++ etherpuppet-0.3/debian/patches/series   2017-04-29 13:56:45.0 
+0300
@@ -0,0 +1 @@
+fix-char-signedness.patch

Processed: tagging 862693

2017-05-17 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 862693 - moreinfo
Bug #862693 [release.debian.org] unblock: postfix/3.1.4-5
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
862693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862693
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862693: unblock: postfix/3.1.4-5

2017-05-17 Thread Scott Kitterman 
On Wednesday, May 17, 2017 05:33:00 AM Niels Thykier wrote:
> Control: tags -1 moreinfo
> 
> Scott Kitterman:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package postfix
> > 
> > This upload fixes two significant bugs and makes it possible for a user to
> > recover from a third without hand editing configuration files:
> > 
> > 1.  Postfix-cdb will no longer fail to work after upgrade from jessie due
> > to> 
> > upgrade ordering issues.
> > 
> > 2.  Postfix should wait to start until the network and DNS are actually
> > 
> > available, so it won't fail to start on boot.
> > 
> > 3.  If an upgrade is performed from a not fully updated system and the
> > 
> > dynamic maps locations are incorred in dynamicmaps.cf,
> > dpkg-reconfigure
> > postfix (and whatever postfix map types are installed) will fix it.
> > 
> > Note: The last one will be followed by a bug to release-notes to mention
> > this (it seems way better than a release note explaining how to hand edit
> > files).
> > 
> > unblock postfix/3.1.4-5
> 
> Hi,
> 
> Thanks for working on fixing postfix.
> 
> One remark / question about the following snippet:
> 
> """
> -
> +if dpkg --compare-versions $new lt 3.1.4-5~; then
> +# This turned out to be the wrong way to solve the problem.
> +rm -rf /etc/systemd/system/postfix.service.d
> +fi
> """
> 
> 
> Given the script only seemed to create
> /etc/systemd/system/postfix.service.d/override.conf, shouldn't it only
> remove that file (and possibly the directory iff it is empty)?  Also,
> what if the admin has changed the file locally?

I see your point.  The directory would only exist (unless manually created) 
based on the old postinst, so I considered it ~safe to remove.  As is, it's  
harmless, just not very pretty.  Given the closeness of release, small risk of 
harm of leaving it, and the uncertainties around removing it due to the chance 
it's there for some other user created reason, perhaps it's best to leave it 
be for now.

If I did another upload reverting that change, would you be good with 
unblocking?

Scott K

Bug#862785: marked as done (unblock: apt/1.4.4)

2017-05-17 Thread Debian Bug Tracking System 
Your message dated Wed, 17 May 2017 05:43:00 +
with message-id <5a56ef0b-22c9-2c32-3c44-3ab0d6619...@thykier.net>
and subject line Re: Bug#862785: unblock: apt/1.4.4
has caused the Debian Bug report #862785,
regarding unblock: apt/1.4.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package apt

Follow up to 1.4.2 and 1.4.3 that fixes odd shell parsing
stuff for the lock file descriptor ($LOCKFD>&- was parsed
as $LOCKFD >&- -- see #862567). This caused unattended-upgrades
to crash, as it could not write output.

You'll find that the locking code is now much nicer to look
at than in 1.4.2.

(Diff against 1.4.1 with -w, and full against 1.4.3
 attached)

unblock apt/1.4.4

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (900, 'unstable'), (500, 'unstable-debug'), (500, 
'buildd-unstable'), (500, 'testing'), (100, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.
diff -Nru -w apt-1.4.1/CMakeLists.txt apt-1.4.4/CMakeLists.txt
--- apt-1.4.1/CMakeLists.txt	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.4/CMakeLists.txt	2017-05-16 23:19:50.0 +0200
@@ -172,7 +172,7 @@
 # Configure some variables like package, version and architecture.
 set(PACKAGE ${PROJECT_NAME})
 set(PACKAGE_MAIL "APT Development Team ")
-set(PACKAGE_VERSION "1.4.1")
+set(PACKAGE_VERSION "1.4.4")
 
 if (NOT DEFINED DPKG_DATADIR)
   execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;"
diff -Nru -w apt-1.4.1/completions/bash/apt apt-1.4.4/completions/bash/apt
--- apt-1.4.1/completions/bash/apt	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.4/completions/bash/apt	2017-05-16 23:19:50.0 +0200
@@ -158,7 +158,7 @@
 ' -- "$cur" ) )
 return 0
 ;;
-clean|autocleean)
+clean|autoclean)
 COMPREPLY=( $( compgen -W '
 -s --simulate --dry-run
 ' -- "$cur" ) )
diff -Nru -w apt-1.4.1/debian/apt-daily.service apt-1.4.4/debian/apt-daily.service
--- apt-1.4.1/debian/apt-daily.service	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.4/debian/apt-daily.service	2017-05-16 23:19:50.0 +0200
@@ -1,9 +1,9 @@
 [Unit]
-Description=Daily apt activities
+Description=Daily apt download activities
 Documentation=man:apt(8)
 ConditionACPower=true
 
 [Service]
 Type=oneshot
-ExecStart=/usr/lib/apt/apt.systemd.daily
+ExecStart=/usr/lib/apt/apt.systemd.daily update
 
diff -Nru -w apt-1.4.1/debian/apt-daily.timer apt-1.4.4/debian/apt-daily.timer
--- apt-1.4.1/debian/apt-daily.timer	2017-04-24 18:47:55.0 +0200
+++ apt-1.4.4/debian/apt-daily.timer	2017-05-16 23:19:50.0 +0200
@@ -1,11 +1,11 @@
 [Unit]
-Description=Daily apt activities
+Description=Daily apt download activities
 After=network-online.target
 Wants=network-online.target
 
 [Timer]
-OnCalendar=*-*-* 6:00
-RandomizedDelaySec=60m
+OnCalendar=*-*-* 6,18:00
+RandomizedDelaySec=12h
 Persistent=true
 
 [Install]
diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.service apt-1.4.4/debian/apt-daily-upgrade.service
--- apt-1.4.1/debian/apt-daily-upgrade.service	1970-01-01 01:00:00.0 +0100
+++ apt-1.4.4/debian/apt-daily-upgrade.service	2017-05-16 23:19:50.0 +0200
@@ -0,0 +1,9 @@
+[Unit]
+Description=Daily apt upgrade and clean activities
+Documentation=man:apt(8)
+ConditionACPower=true
+After=apt-daily.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/lib/apt/apt.systemd.daily install
diff -Nru -w apt-1.4.1/debian/apt-daily-upgrade.timer apt-1.4.4/debian/apt-daily-upgrade.timer
--- apt-1.4.1/debian/apt-daily-upgrade.timer	1970-01-01 01:00:00.0 +0100
+++ apt-1.4.4/debian/apt-daily-upgrade.timer	2017-05-16 23:19:50.0 +0200
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily apt upgrade and clean activities