Bug#863287: unblock: pymssql/2.1.3+dfsg-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi release team! I'd like to get an unblock for pymssql/2.1.3+dfsg-1. This is a new upstream release: the current version in oldstable, stable, and testing is broken against the version of freetds (the underlying C library for talking to MS-SQL servers) in Debian. See https://bugs.debian.org/648230 and https://bugs.debian.org/709210 . It will be more supportable for Stretch to package the new upstream version: it's a rewrite using Cython, and 1.x is unmaintained now. Because of the above problem, I think nobody is using the current Jessie/Stretch package (or if they are, they're modifying it). Meanwhile, I've used this packaging at my previous employer to build pymssql 2.1.1 in November 2015, and that's been working fine in production, so the 2.x package is well-tested. It's also a leaf package (its only reverse-dependencies are as Suggests of python-sqlalchemy, python-sqlobject, and pyrit, alongside other backends for free software databases like MySQL and Postgres) so there shouldn't be a risk of regressions despite it being late in the release cycle. The full debdiff is at https://ldpreload.com/tmp/pymssql_2.1.3+dfsg-1.debdiff (not attaching it because it's 700 kB and debian-python is Cc'd). It's probably easier to browse the full changes via https://anonscm.debian.org/cgit/python-modules/packages/pymssql.git but here's the changelog entry: pymssql (2.1.3+dfsg-1) unstable; urgency=medium * Team upload. [ Ondřej Nový ] * Fixed VCS URL (https) [ Geoffrey Thomas ] * New upstream release (Closes: #648230), with DFSG repack to avoid embedded freetds binaries. - Be compatible with newer versions of freetds (Closes: #709210). - Consistently respect as_dict (Closes: #590548). - setup.py: Don't require setuptools_git. * Packaging cleanups: - Switch from CDBS to dh sequencer, and bump d/compat to 9. - Build for both Python 2 and 3 using pybuild. - Update Standards-Version to 3.9.8 (no changes). - Update copyright and follow machine-readable copyright spec. - Switch to source format 3.0 (quilt). - Use uscan and Files-Excluded in debian/copyright to simplify the DFSG repack target, and drop debian/rules get-orig-source (just call `uscan --rename`). * Add myself to Uploaders. -- Geoffrey ThomasWed, 24 May 2017 14:16:13 -0400 If you don't want to take the new upstream release, I could try applying the random patch on GitHub to the current 1.x package, but I'd probably prefer that we just remove it from Stretch (so that users use the upstream release or something) instead of supporting the 1.x release for the entire Stretch lifecycle. unblock pymssql/2.1.3+dfsg-1 Thanks, -- Geoffrey Thomas https://ldpreload.com geo...@ldpreload.com
Bug#863284: marked as done (unblock: quadrapassel/1:3.22.0-1.1)
Your message dated Wed, 24 May 2017 21:52:18 + with message-idand subject line unblock quadrapassel has caused the Debian Bug report #863284, regarding unblock: quadrapassel/1:3.22.0-1.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Dear Release Team, Please consider unblocking quadrapassel 1:3.22.0-1.1: quadrapassel (1:3.22.0-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix segfault when unpausing a paused game that has finished. (Closes: #863106) The full debdiff is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diffstat for quadrapassel-3.22.0 quadrapassel-3.22.0 changelog|8 + patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff | 16 ++ patches/series |1 3 files changed, 25 insertions(+) diff -Nru quadrapassel-3.22.0/debian/changelog quadrapassel-3.22.0/debian/changelog --- quadrapassel-3.22.0/debian/changelog2016-09-21 22:13:51.0 +0100 +++ quadrapassel-3.22.0/debian/changelog2017-05-23 19:48:01.0 +0100 @@ -1,3 +1,11 @@ +quadrapassel (1:3.22.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix segfault when unpausing a paused game that has finished. +(Closes: #863106) + + -- Chris Lamb Tue, 23 May 2017 19:48:01 +0100 + quadrapassel (1:3.22.0-1) unstable; urgency=medium * New upstream release. diff -Nru quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff --- quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff 1970-01-01 01:00:00.0 +0100 +++ quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff 2017-05-23 19:48:01.0 +0100 @@ -0,0 +1,16 @@ +Description: Fix segfault when unpausing a paused game that has finished +Author: Chris Lamb +Debian-Bug: #863106 +Last-Update: 2017-05-23 + +--- quadrapassel-3.22.0.orig/src/game.vala quadrapassel-3.22.0/src/game.vala +@@ -261,6 +261,8 @@ public class Game : Object + set + { + _paused = value; ++if (game_over) ++return; + if (has_started) + setup_drop_timer (); + pause_changed (); diff -Nru quadrapassel-3.22.0/debian/patches/series quadrapassel-3.22.0/debian/patches/series --- quadrapassel-3.22.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ quadrapassel-3.22.0/debian/patches/series 2017-05-23 19:48:01.0 +0100 @@ -0,0 +1 @@ +0001_fix-segfault-when-unpausing-a-paused-finished-game.diff --- End Message --- --- Begin Message --- Unblocked quadrapassel.--- End Message ---
Bug#863284: unblock: quadrapassel/1:3.22.0-1.1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Dear Release Team, Please consider unblocking quadrapassel 1:3.22.0-1.1: quadrapassel (1:3.22.0-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix segfault when unpausing a paused game that has finished. (Closes: #863106) The full debdiff is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diffstat for quadrapassel-3.22.0 quadrapassel-3.22.0 changelog|8 + patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff | 16 ++ patches/series |1 3 files changed, 25 insertions(+) diff -Nru quadrapassel-3.22.0/debian/changelog quadrapassel-3.22.0/debian/changelog --- quadrapassel-3.22.0/debian/changelog2016-09-21 22:13:51.0 +0100 +++ quadrapassel-3.22.0/debian/changelog2017-05-23 19:48:01.0 +0100 @@ -1,3 +1,11 @@ +quadrapassel (1:3.22.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix segfault when unpausing a paused game that has finished. +(Closes: #863106) + + -- Chris LambTue, 23 May 2017 19:48:01 +0100 + quadrapassel (1:3.22.0-1) unstable; urgency=medium * New upstream release. diff -Nru quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff --- quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff 1970-01-01 01:00:00.0 +0100 +++ quadrapassel-3.22.0/debian/patches/0001_fix-segfault-when-unpausing-a-paused-finished-game.diff 2017-05-23 19:48:01.0 +0100 @@ -0,0 +1,16 @@ +Description: Fix segfault when unpausing a paused game that has finished +Author: Chris Lamb +Debian-Bug: #863106 +Last-Update: 2017-05-23 + +--- quadrapassel-3.22.0.orig/src/game.vala quadrapassel-3.22.0/src/game.vala +@@ -261,6 +261,8 @@ public class Game : Object + set + { + _paused = value; ++if (game_over) ++return; + if (has_started) + setup_drop_timer (); + pause_changed (); diff -Nru quadrapassel-3.22.0/debian/patches/series quadrapassel-3.22.0/debian/patches/series --- quadrapassel-3.22.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ quadrapassel-3.22.0/debian/patches/series 2017-05-23 19:48:01.0 +0100 @@ -0,0 +1 @@ +0001_fix-segfault-when-unpausing-a-paused-finished-game.diff
Bug#863220: marked as done (unblock: screen/4.5.0-6)
Your message dated Wed, 24 May 2017 22:42:50 +0200 with message-id <20170524204248.ga9...@ugent.be> and subject line Re: unblock: screen/4.5.0-6 has caused the Debian Bug report #863220, regarding unblock: screen/4.5.0-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Dear D-I Release Manager, please unblock package screen/4.5.0-6. Daniel Kahn Gillmor (beside others upstream) noticed that in 4.5.0 the -L commandline option was subtly broken in a way that -L is documented to have an optional parameter, but in fact, the parameter becomes non-optional if further commandline options (i.e. parameters are starting with a dash) are given as the next parameter after -L (if existing) is unconditionally treated as log file name and screen bails out if a log file name starts with a dash. This leads to breakage in screen's commandline API: Some option combinations are no more possible (due to potential positional parameters after all options) without explicitly giving an log file name as parameter to -L. But in previous screen versions -L didn't accept any parameter, so any potential parameter would have been treated like a positional parameter. This makes screen behaving severly different with the same parameters depending on the version. Namely it works as expected in all versions except 4.5.0 since upstream has fixed that API breakage in 4.5.1 (already in experimental). So I cherry-picked the first and simplest commit in 4.5.1 targeting this issue. It was later rewritten for the final 4.5.1 release to add additional options and further logic, but it already fixed most of the API breakage. While testing the patch I noticed that upstream forgot to revert anticipatorily incremented/decremented counters (ac, av) if the next argument starts with a dash. I've added two lines ("av--;" and "ac++;") and that's the only difference between the patch in 4.5.0-6 and upstream's variant at http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4=c14e05e7c36c64d85198ed0fc89177427ece48d4 I must admit, I haven't tested it inside D-I, but since I haven't heard of any D-I breakage due to that unplanned CLI API change in 4.5.0, I don't expect any breakage when I'm fixing that API breakage. Full debdiff between 4.5.0-5 in testing and 4.5.0-6 in unstable: diff -Nru screen-4.5.0/debian/changelog screen-4.5.0/debian/changelog --- screen-4.5.0/debian/changelog 2017-04-04 01:14:01.0 +0200 +++ screen-4.5.0/debian/changelog 2017-05-23 01:57:09.0 +0200 @@ -1,3 +1,12 @@ +screen (4.5.0-6) unstable; urgency=low + + * Cherry-pick c14e05e7 to fix -L parsing regression. (Closes: #863095) ++ Modify patch to revert anticipatorily incremented/decremented + counters if next argument starts with a dash. ++ Refresh line-numbers in 80_session_creation_docs.patch. + + -- Axel BeckertTue, 23 May 2017 01:57:09 +0200 + screen (4.5.0-5) unstable; urgency=low * Replace all occurrences of /var/run/ in packaging with /run/. (Closes: diff -Nru screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch --- screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch 1970-01-01 01:00:00.0 +0100 +++ screen-4.5.0/debian/patches/64-cherry-pick-c14e05e7-to-fix-cli-api-regression.patch 2017-05-23 01:56:25.0 +0200 @@ -0,0 +1,65 @@ +Origin: c14e05e7c36c64d85198ed0fc89177427ece48d4 +Author: Alexander Naumov +Description: Ignore logfile's name that begins with the "-" symbol + This fixes the API: + . + To enable logging we use -L option. But in case of + default logfile name (screenlog.0) we will need to + define it anyway. Because screen will try to interpret + next option as a parameter for -L option (which is + logfile name). It will fails ALWAYS, because next + parameter will always start with "-" symbol... + what is not permited for logfile name of course. + . + For example: + . + $ screen -L -D -m ./configure + . + In this case logfile name is screenlog.0, because "-D" + will not be interpreted by screen as a name of logfile. +Bug-Debian: https://bugs.debian.org/863095 +Bug: https://savannah.gnu.org/bugs/?50440 +Reviewd-By: Axel Beckert
Bug#863222: marked as done (unblock: bilibop/0.5.2.1)
Your message dated Wed, 24 May 2017 22:41:47 +0200 with message-id <20170524204145.ga9...@ugent.be> and subject line Re: unblock: bilibop/0.5.2.1 has caused the Debian Bug report #863222, regarding unblock: bilibop/0.5.2.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863222: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863222 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock package bilibop, as it meets the following unblock requirements: Version 0.5.2 (currently in testing) is affected by a bug [1] with severity "important", which now is fixed in version 0.5.2.1 (currently in unstable). The package is optional, and builds fine on all applicable architectures, as shown there [2]. Also please consider the attached debdiff. [1] https://bugs.debian.org/861685 [2] https://buildd.debian.org/status/package.php?p=bilibop unblock bilibop/0.5.2.1 -- System Information: Debian Release: 8.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) diff -Nru bilibop-0.5.2/debian/changelog bilibop-0.5.2.1/debian/changelog --- bilibop-0.5.2/debian/changelog 2017-01-17 00:29:07.0 +0100 +++ bilibop-0.5.2.1/debian/changelog 2017-05-18 17:20:24.0 +0200 @@ -1,3 +1,11 @@ +bilibop (0.5.2.1) unstable; urgency=high + + * bilibop-common: +- modify underlying_device_from_aufs() to support multiple read-only + branches. Closes: #861685. + + -- Yann AmarThu, 18 May 2017 15:20:24 + + bilibop (0.5.2) unstable; urgency=low * bilibop-rules: add brazilian portuguese translation for debconf templates. diff -Nru bilibop-0.5.2/lib/bilibop/common.sh bilibop-0.5.2.1/lib/bilibop/common.sh --- bilibop-0.5.2/lib/bilibop/common.sh 2015-12-07 17:19:52.0 +0100 +++ bilibop-0.5.2.1/lib/bilibop/common.sh 2017-05-18 17:17:24.0 +0200 @@ -513,24 +513,31 @@ # branch of an aufs mountpoint given as argument. We assume that there is only # and at least one physical device used to build the aufs (but the directory # is not necessarly the mountpoint of this device), other branch(s) being -# virtual fs. +# virtual fs. Note that if there are more than one readonly branch, the first +# block device found wins. underlying_device_from_aufs() { ${DEBUG} && echo "> underlying_device_from_aufs $@" >&2 -local dir="$(aufs_readonly_branch "${1}")" -local dev="$(device_id_of_file "${dir}")" -case "${dev}" in -"") -;; -0:*) -# aufs mounts can't be nested; but this may be btrfs -dev="$(underlying_device_from_file "${dir}")" -;; -*) -dev="$(device_node_from_major_minor "${dev}")" -;; -esac - -[ -b "${dev}" ] && readlink -f "${dev}" +local dev dir +for dir in $(aufs_readonly_branch "${1}"); do +dev="$(device_id_of_file "${dir}")" +case "${dev}" in +"") +continue +;; +0:*) +# aufs mounts can't be nested; but this may be btrfs +dev="$(underlying_device_from_file "${dir}")" +;; +*) +dev="$(device_node_from_major_minor "${dev}")" +;; +esac +if [ -b "${dev}" ]; then +readlink -f "${dev}" +return 0 +fi +done +return 1 } # ===}}} # underlying_device_from_overlayfs() {{{ --- End Message --- --- Begin Message --- Hi, On Tue, May 23, 2017 at 11:47:21PM +0200, quidame wrote: > Subject: unblock: bilibop/0.5.2.1 Unblocked by Niels. Cheers, Ivo--- End Message ---
Bug#862410: marked as done (unblock: mysql-transitional/5.5.9999+default)
Your message dated Wed, 24 May 2017 20:45:00 + with message-id <9e5dbb3d-9b9f-c6b6-bf34-8789d8a80...@thykier.net> and subject line Re: Bug#862410: unblock: mysql-transitional/5.5.+default has caused the Debian Bug report #862410, regarding unblock: mysql-transitional/5.5.+default to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862410 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mysql-transitional Dear release team, as agreed upon in <7f872a85-0d08-6bd1-f731-52e26a769...@thykier.net> the MySQL packaging team needs to upload src:mysql-transitional directly into stretch to fix the smooth upgrade issues. This goes hand in hand with mariadb-10.1_10.1.23-7 update, but I'll update the existing unblock bug separately. unblock mysql-transitional/5.5.+default -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On Sat, 20 May 2017 13:01:20 +0200 =?utf-8?Q?Ond=C5=99ej=20Sur=C3=BD?=wrote: > Control: tags -1 -moreinfo > > Hi Niels, > > uploaded, I didn't want to make the upload without explicit permission > to do so. > > Cheers, > [...] > Unblocked, thanks. ~Niels--- End Message ---
Bug#863184: marked as done (unblock: opendmarc/1.3.2-2)
Your message dated Wed, 24 May 2017 20:12:27 + with message-idand subject line unblock opendmarc has caused the Debian Bug report #863184, regarding unblock: opendmarc/1.3.2-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863184: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863184 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package opendmarc This upload fixes a policy violation about forced conffile removal and I think we would be better off to have the change in stretch. It isn't only a theoretical problem. As it is, if someone is using systemd and then switches to sysv init the daemon will fail to start. Scott K unblock opendmarc/1.3.2-2 diff -u opendmarc-1.3.2/debian/changelog opendmarc-1.3.2/debian/changelog --- opendmarc-1.3.2/debian/changelog +++ opendmarc-1.3.2/debian/changelog @@ -1,3 +1,10 @@ +opendmarc (1.3.2-2) unstable; urgency=medium + + * Do not remove /etc/default/opendkim on upgrade since it is a conffile +because policy 10.7.3 (Closes: #863173) + + -- Scott Kitterman Mon, 22 May 2017 18:11:58 -0400 + opendmarc (1.3.2-1) unstable; urgency=medium * New upstream release diff -u opendmarc-1.3.2/debian/opendmarc.postinst opendmarc-1.3.2/debian/opendmarc.postinst --- opendmarc-1.3.2/debian/opendmarc.postinst +++ opendmarc-1.3.2/debian/opendmarc.postinst @@ -38,9 +38,6 @@ # Upgrade /etc/default to systemd override files if [ -d /run/systemd/system ] && [ -f /etc/default/opendmarc ]; then - if /lib/opendmarc/opendmarc.service.generate; then - rm -f /etc/default/opendmarc - fi if [ -f /etc/tmpfiles.d/opendmarc.conf ]; then systemd-tmpfiles --create /etc/tmpfiles.d/opendmarc.conf fi --- End Message --- --- Begin Message --- Unblocked opendmarc.--- End Message ---
Bug#861668: marked as done (unblock pre-approval: python-jenkins/0.4.11-1)
Your message dated Wed, 24 May 2017 22:04:08 +0200 with message-id <20170524200406.ga9...@ugent.be> and subject line Re: Bug#861668: unblock pre-approval: python-jenkins/0.4.11-1 has caused the Debian Bug report #861668, regarding unblock pre-approval: python-jenkins/0.4.11-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861668: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team, Antoine Musso reported #861656, and claims it is RC. To adress it, he suggested upgrading to upstream release 0.4.12. I checked the diff, which I attached to this mail. If removing the tests, then the change are very small. I have therefore attached 2 diff: one with only the change to the library code, and one diff containing all the changes between 0.4.11 and 0.4.12. At this point, would the release team accept an upgrade to upstream version 0.4.12? Do you agree than #861656 should be considered RC? Cheers, Thomas Goirand (zigo) diff --git a/.gitreview b/.gitreview index fbfb964..1630945 100644 --- a/.gitreview +++ b/.gitreview @@ -1,4 +1,4 @@ [gerrit] host=review.openstack.org port=29418 -project=stackforge/python-jenkins.git +project=openstack/python-jenkins.git diff --git a/README.rst b/README.rst index 6a37401..f87ff22 100644 --- a/README.rst +++ b/README.rst @@ -44,11 +44,11 @@ Bug report: Repository: -* https://git.openstack.org/cgit/stackforge/python-jenkins +* https://git.openstack.org/cgit/openstack/python-jenkins Cloning: -* git clone https://git.openstack.org/stackforge/python-jenkins +* git clone https://git.openstack.org/openstack/python-jenkins Patches are submitted via Gerrit at: diff --git a/doc/source/examples.rst b/doc/source/examples.rst index d20dbb8..812343e 100644 --- a/doc/source/examples.rst +++ b/doc/source/examples.rst @@ -104,6 +104,21 @@ This is an example showing how to add, configure, enable and delete Jenkins node server.disable_node('slave1') server.enable_node('slave1') +# create node with parameters +params = { +'port': '22', +'username': 'juser', +'credentialsId': '10f3a3c8-be35-327e-b60b-a3e5edb0e45f', +'host': 'my.jenkins.slave1' +} +server.create_node( +'slave1', +nodeDescription='my test slave', +remoteFS='/home/juser', +labels='precise', +exclusive=True, +launcher=jenkins.LAUNCHER_SSH, +launcher_params=params) Example 6: Working with Jenkins Build Queue --- diff --git a/jenkins/__init__.py b/jenkins/__init__.py index 65f8b6a..34cae71 100644 --- a/jenkins/__init__.py +++ b/jenkins/__init__.py @@ -240,7 +240,10 @@ class Jenkins(object): def _build_url(self, format_spec, variables=None): if variables: -url_path = format_spec % self._get_encoded_params(variables) +if format_spec == CREATE_NODE: +url_path = format_spec % urlencode(self._get_encoded_params(variables)) +else: +url_path = format_spec % self._get_encoded_params(variables) else: url_path = format_spec @@ -453,7 +456,7 @@ class Jenkins(object): u'name': u'my_job'} """ -url = "/".join((item, INFO)) +url = '/'.join((item, INFO)).lstrip('/') if query: url += query try: diff --git a/setup.cfg b/setup.cfg index 7abf945..0294a71 100644 --- a/setup.cfg +++ b/setup.cfg @@ -7,7 +7,7 @@ maintainer = OpenStack Infrastructure Team maintainer_email = openst...@lists.launchpad.net description-file = README.rst license = BSD -home-page = http://git.openstack.org/cgit/stackforge/python-jenkins +home-page = http://git.openstack.org/cgit/openstack/python-jenkins classifier = Topic :: Utilities Intended Audience :: Developers diff --git a/tests/base.py b/tests/base.py index b5583ca..86a8180 100644 --- a/tests/base.py +++ b/tests/base.py @@ -1,6 +1,7 @@ import sys from six.moves.urllib.request import build_opener +from testscenarios import TestWithScenarios import jenkins @@ -10,18 +11,26 @@ else: import unittest -class JenkinsTestBase(unittest.TestCase): +class JenkinsTestBase(TestWithScenarios, unittest.TestCase): crumb_data = { "crumb": "dab177f483b3dd93483ef6716d8e792d", "crumbRequestField": ".crumb", } +scenarios = [ +
Bug#863183: marked as done (unblock: opendkim/2.11.0~alpha-10)
Your message dated Wed, 24 May 2017 20:11:52 + with message-idand subject line unblock opendkim has caused the Debian Bug report #863183, regarding unblock: opendkim/2.11.0~alpha-10 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package opendkim This upload fixes a policy violation about forced conffile removal and I think we would be better off to have the change in stretch. It isn't only a theoretical problem. As it is, if someone is using systemd and then switches to sysv init the daemon will fail to start. Scott K unblock opendkim/2.11.0~alpha-10 diff -Nru opendkim-2.11.0~alpha/debian/changelog opendkim-2.11.0~alpha/debian/changelog --- opendkim-2.11.0~alpha/debian/changelog 2017-01-25 10:00:10.0 -0500 +++ opendkim-2.11.0~alpha/debian/changelog 2017-05-22 18:10:16.0 -0400 @@ -1,3 +1,10 @@ +opendkim (2.11.0~alpha-10) unstable; urgency=medium + + * Do not remove /etc/default/opendkim on upgrade since it is a conffile +because policy 10.7.3 (Closes: #863055) + + -- Scott Kitterman Mon, 22 May 2017 18:08:41 -0400 + opendkim (2.11.0~alpha-9) unstable; urgency=medium * Set umask to 0007 in opendkim.service so opendkim socket is group readable diff -Nru opendkim-2.11.0~alpha/debian/opendkim.postinst opendkim-2.11.0~alpha/debian/opendkim.postinst --- opendkim-2.11.0~alpha/debian/opendkim.postinst 2016-11-07 09:07:21.0 -0500 +++ opendkim-2.11.0~alpha/debian/opendkim.postinst 2017-05-22 18:08:37.0 -0400 @@ -42,9 +42,6 @@ # Upgrade /etc/default to systemd override files if [ -d /run/systemd/system ] && [ -f /etc/default/opendkim ]; then - if /lib/opendkim/opendkim.service.generate; then - rm -f /etc/default/opendkim - fi if [ -f /etc/tmpfiles.d/opendkim.conf ]; then systemd-tmpfiles --create /etc/tmpfiles.d/opendkim.conf fi --- End Message --- --- Begin Message --- Unblocked opendkim.--- End Message ---
Bug#863085: marked as done (unblock: dante/1.4.1+dfsg-5 [preapproval, RC])
Your message dated Wed, 24 May 2017 19:47:01 + with message-idand subject line unblock dante has caused the Debian Bug report #863085, regarding unblock: dante/1.4.1+dfsg-5 [preapproval, RC] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863085 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, This is a pre-approval request for dante to fix a long-standing bug that makes the first installation of the dante-server binary package fail, since the dante-server service cannot possibly be started with the default config file. The bug - #862988 - was reported as "important", but I raised its priority to "serious", and I should have fixed it a long time ago. I'm attaching the proposed debdiff, a targeted fix that lets the initial installation succeed even though the service fails to start. If it is approved, I'll upload the package and let you know when the time comes to really unblock it. Thanks in advance for your time! G'luck, Peter -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru dante-1.4.1+dfsg/debian/changelog dante-1.4.1+dfsg/debian/changelog --- dante-1.4.1+dfsg/debian/changelog 2017-01-12 13:07:24.0 +0200 +++ dante-1.4.1+dfsg/debian/changelog 2017-05-21 17:23:27.0 +0300 @@ -1,3 +1,12 @@ +dante (1.4.1+dfsg-5) unstable; urgency=medium + + * Add an error handler to the post-install startup of dante-server so +that it doesn't make the package installation fail if danted.conf +has not been customized yet (i.e. always on first installation). +Closes: #862988 + + -- Peter Pentchev Sun, 21 May 2017 17:23:27 +0300 + dante (1.4.1+dfsg-4) unstable; urgency=medium * Add the 25-path-max patch as a temporary band-aid for building Dante diff -Nru dante-1.4.1+dfsg/debian/dante-server.postinst dante-1.4.1+dfsg/debian/dante-server.postinst --- dante-1.4.1+dfsg/debian/dante-server.postinst 1970-01-01 02:00:00.0 +0200 +++ dante-1.4.1+dfsg/debian/dante-server.postinst 2017-05-21 12:20:51.0 +0300 @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +dante_service_error() +{ + local res="$?" conffile='/etc/danted.conf' notfound='' var + for var in internal external; do + if ! egrep -qe '^[[:space:]]*'"$var"'[[:space:]]*:' -- "$conffile"; then + notfound="$notfound $var" + fi + done + if [ -n "$notfound" ]; then + echo "Please edit the Dante server config file $conffile and specify at least the following directives:$notfound" 1>&2 + else + # The required directives are specified, so propagate the error + exit "$res" + fi +} + +#DEBHELPER# diff -Nru dante-1.4.1+dfsg/debian/dante-server.prerm dante-1.4.1+dfsg/debian/dante-server.prerm --- dante-1.4.1+dfsg/debian/dante-server.prerm 1970-01-01 02:00:00.0 +0200 +++ dante-1.4.1+dfsg/debian/dante-server.prerm 2017-05-21 12:21:12.0 +0300 @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +dante_service_error() +{ + exit "$?" +} + +#DEBHELPER# diff -Nru dante-1.4.1+dfsg/debian/rules dante-1.4.1+dfsg/debian/rules --- dante-1.4.1+dfsg/debian/rules 2017-01-09 16:54:21.0 +0200 +++ dante-1.4.1+dfsg/debian/rules 2017-05-21 12:14:31.0 +0300 @@ -53,7 +53,7 @@ dh_installchangelogs NEWS override_dh_installinit: - dh_installinit -pdante-server --init-script=danted + dh_installinit -pdante-server --init-script=danted --error-handler=dante_service_error %: dh '$@' --without systemd signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Unblocked dante.--- End Message ---
Bug#863275: unblock: enigmail/2:1.9.7-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package enigmail enigmail 1.9.7 rolls up some minor upstream bugfixes for the enigmail stable branch and closes #863273, which is an annoying failure mode for one specific workflow. Enigmail upstream has kept the stable branch quite stable -- as a bugfix-only branch -- and tracking that stable release in what will become debian stable seems reasonable to me. debdiff is attached. unblock enigmail/2:1.9.7-2 -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#863272: unblock: tomcat7/7.0.78-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tomcat7. The version 7.0.78-1 has no modification compared to the one in testing (in stretch the package now only builds the Servlet API 3.0 and it never changes), but this update will allow us to refresh the backports for jessie and wheezy. Thank you, Emmanuel Bourg
Bug#863268: marked as done (unblock: samba/2:4.5.8+dfsg-2)
Your message dated Wed, 24 May 2017 16:54:58 + with message-idand subject line unblock samba has caused the Debian Bug report #863268, regarding unblock: samba/2:4.5.8+dfsg-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863268: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863268 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package samba It (only) includes a fix for critical CVE-2017-7494 (rpc_server3: Refuse to open pipe names with / inside) Debdiff attached. Regards Mathieu Parent unblock samba/2:4.5.8+dfsg-2 -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru samba-4.5.8+dfsg/debian/changelog samba-4.5.8+dfsg/debian/changelog --- samba-4.5.8+dfsg/debian/changelog 2017-04-01 20:39:17.0 +0200 +++ samba-4.5.8+dfsg/debian/changelog 2017-05-18 11:53:47.0 +0200 @@ -1,3 +1,9 @@ +samba (2:4.5.8+dfsg-2) unstable; urgency=high + + * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside + + -- Mathieu Parent Thu, 18 May 2017 11:53:47 +0200 + samba (2:4.5.8+dfsg-1) unstable; urgency=high * New upstream version diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch --- samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 1970-01-01 01:00:00.0 +0100 +++ samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 2017-05-18 11:53:47.0 +0200 @@ -0,0 +1,33 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke +Reviewed-by: Jeremy Allison +Reviewed-by: Stefan Metzmacher +--- + source3/rpc_server/srv_pipe.c | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +index 0633b5f..c3f0cd8 100644 +--- a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) + { + NTSTATUS status; + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; +-- +1.9.1 diff -Nru samba-4.5.8+dfsg/debian/patches/series samba-4.5.8+dfsg/debian/patches/series --- samba-4.5.8+dfsg/debian/patches/series 2017-04-01 20:39:17.0 +0200 +++ samba-4.5.8+dfsg/debian/patches/series 2017-05-18 11:53:47.0 +0200 @@ -15,3 +15,4 @@ Add-documentation-to-systemd-Unit-files.patch fix_kill_path_in_units.patch nmbd-requires-a-working-network.patch +CVE-2017-7494.patch --- End Message --- --- Begin Message --- Unblocked samba.--- End Message ---
Bug#863261: marked as done (unblock: lapack/3.7.0-2)
Your message dated Wed, 24 May 2017 16:52:30 + with message-idand subject line unblock lapack has caused the Debian Bug report #863261, regarding unblock: lapack/3.7.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863261: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock lapack 3.7.0-2. This version fixes a regression in libblas.a, which was empty (#863258). By the way, it also updates the metadata of two Debian patches. The debdiff is attached. unblock lapack/3.7.0-2 Thanks, -- .''`.Sébastien Villemot : :' :Debian Developer `. `' http://sebastien.villemot.name `- GPG Key: 4096R/381A7594 diff -Nru lapack-3.7.0/debian/changelog lapack-3.7.0/debian/changelog --- lapack-3.7.0/debian/changelog 2016-12-29 17:26:38.0 +0100 +++ lapack-3.7.0/debian/changelog 2017-05-24 16:24:37.0 +0200 @@ -1,3 +1,14 @@ +lapack (3.7.0-2) unstable; urgency=medium + + * Fix regression in libblas.a, which was empty since 3.6.1-1. +The bug has been introduced in the fix for #813309: the $(shell LC_ALL=C ls +tmp/*.o) construct used to have a consistent ordering of object files is +evaluated too early, and results in an empty list. Replace it by a $$(env …) +construct, which is evaluated after the object files have been created. +(Closes: #863258) + + -- Sébastien Villemot Wed, 24 May 2017 16:24:37 +0200 + lapack (3.7.0-1) unstable; urgency=medium * New upstream version 3.7.0 diff -Nru lapack-3.7.0/debian/patches/fix-typos.patch lapack-3.7.0/debian/patches/fix-typos.patch --- lapack-3.7.0/debian/patches/fix-typos.patch 2016-12-29 16:47:22.0 +0100 +++ lapack-3.7.0/debian/patches/fix-typos.patch 2016-12-29 21:31:55.0 +0100 @@ -1,6 +1,7 @@ Description: Fix various typos Author: Sébastien Villemot Forwarded: https://github.com/Reference-LAPACK/lapack/pull/104 +Applied-Upstream: https://github.com/Reference-LAPACK/lapack/commit/c77258510e861765109d99270f54fecd583a0301 Last-Update: 2016-12-29 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ diff -Nru lapack-3.7.0/debian/patches/test-numbering.patch lapack-3.7.0/debian/patches/test-numbering.patch --- lapack-3.7.0/debian/patches/test-numbering.patch 2016-12-29 16:48:43.0 +0100 +++ lapack-3.7.0/debian/patches/test-numbering.patch 2016-12-29 21:31:31.0 +0100 @@ -2,6 +2,7 @@ The numbering of tests had been broken in commit ed4e95e. Author: Sébastien Villemot Forwarded: https://github.com/Reference-LAPACK/lapack/pull/104 +Applied-Upstream: https://github.com/Reference-LAPACK/lapack/commit/6c3b79b35e83df36e30bd2ceadc9b927a3287740 Last-Update: 2016-12-29 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ diff -Nru lapack-3.7.0/debian/rules lapack-3.7.0/debian/rules --- lapack-3.7.0/debian/rules 2016-12-29 10:16:27.0 +0100 +++ lapack-3.7.0/debian/rules 2017-05-24 16:15:47.0 +0200 @@ -141,7 +141,7 @@ ar d librefblas.a xerbla.o # We want to use the xerbla.o from libcblas.a mkdir -p tmp cd tmp && ar x ../librefblas.a && ar x ../libcblas.a - ar r libblas.a $(shell LC_ALL=C ls tmp/*.o) + ar r libblas.a $$(env LC_ALL=C ls tmp/*.o) rm -rf tmp # Build the test programs, in order to avoid FTBFS if DEB_BUILD_OPTIONS contains nocheck signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Unblocked lapack.--- End Message ---
Bug#863238: marked as done (unblock: mash/1.1.1-2)
Your message dated Wed, 24 May 2017 16:50:12 + with message-idand subject line unblock mash has caused the Debian Bug report #863238, regarding unblock: mash/1.1.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863238: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863238 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock mash. The version currently in unstable fixes an issue with parallel building that sometimes leads to an FTBFS. The changes w.r.t. v1.1.1-1 currently in testing are minimal and only introduce the patch, which was kindly provided by Adrian Bunk. unblock mash/1.1.1-2 Please find attached to this email a debdiff with the relevant changes. Many thanks Sascha diff -Nru mash-1.1.1/debian/changelog mash-1.1.1/debian/changelog --- mash-1.1.1/debian/changelog 2016-08-27 08:48:34.0 + +++ mash-1.1.1/debian/changelog 2017-05-24 08:43:17.0 + @@ -1,3 +1,10 @@ +mash (1.1.1-2) unstable; urgency=medium + + * Fix parallel building FTBFS. Thanks to Adrian Bunk for the patch. +Closes: #863208 + + -- Sascha Steinbiss Wed, 24 May 2017 08:43:17 + + mash (1.1.1-1) unstable; urgency=medium * New upstream release. diff -Nru mash-1.1.1/debian/patches/parallel.patch mash-1.1.1/debian/patches/parallel.patch --- mash-1.1.1/debian/patches/parallel.patch1970-01-01 00:00:00.0 + +++ mash-1.1.1/debian/patches/parallel.patch2017-05-24 08:10:13.0 + @@ -0,0 +1,20 @@ +Description: Fix parallel build failures + "capnp compile" ran twice, and in parallel builds twice in parallel. + This resulted in occasional build failures caused by corrupt output files. + . + Fix the Makefile to only run "capnp compile" once. +Author: Adrian Bunk + +--- mash-1.1.1.orig/Makefile.in mash-1.1.1/Makefile.in +@@ -46,7 +46,9 @@ libmash.a : $(OBJECTS) + %.o : %.c++ + $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) -o $@ $< + +-src/mash/capnp/MinHash.capnp.c++ src/mash/capnp/MinHash.capnp.h : src/mash/capnp/MinHash.capnp ++src/mash/capnp/MinHash.capnp.c++ : src/mash/capnp/MinHash.capnp.h ++ ++src/mash/capnp/MinHash.capnp.h : src/mash/capnp/MinHash.capnp + cd src/mash/capnp;export PATH=@capnp@/bin/:${PATH};capnp compile -I @capnp@/include -oc++ MinHash.capnp + + install : mash diff -Nru mash-1.1.1/debian/patches/series mash-1.1.1/debian/patches/series --- mash-1.1.1/debian/patches/series2016-07-22 08:13:36.0 + +++ mash-1.1.1/debian/patches/series2017-05-24 08:10:13.0 + @@ -2,3 +2,4 @@ use_debian_mathjax.patch drop_memcpy_wrapper.patch link_dynamically_against_capnp.patch +parallel.patch --- End Message --- --- Begin Message --- Unblocked mash.--- End Message ---
Bug#863237: marked as done (unblock: puppet/4.8.2-5)
Your message dated Wed, 24 May 2017 16:47:57 + with message-idand subject line unblock puppet has caused the Debian Bug report #863237, regarding unblock: puppet/4.8.2-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863237 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team, Please unblock package puppet. The version in unstable fixes a security issue (remote code execution), please see #863212 for more details. Full source debdiff attached. Thanks, Apollon unblock puppet/4.8.2-5 diff -Nru puppet-4.8.2/debian/changelog puppet-4.8.2/debian/changelog --- puppet-4.8.2/debian/changelog 2017-04-28 17:38:26.0 +0300 +++ puppet-4.8.2/debian/changelog 2017-05-23 23:17:46.0 +0300 @@ -1,3 +1,10 @@ +puppet (4.8.2-5) unstable; urgency=high + + * master: accept facts only in PSON format (CVE-2017-2295) (Closes: +#863212). + + -- Apollon Oikonomopoulos Tue, 23 May 2017 23:17:46 +0300 + puppet (4.8.2-4) unstable; urgency=medium * Handle creation and removal of /var/cache/puppet/state (Closes: #855923) diff -Nru puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch --- puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch 1970-01-01 02:00:00.0 +0200 +++ puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch 2017-05-22 10:47:55.0 +0300 @@ -0,0 +1,101 @@ +From b29fd533913786ef1e7de421c6128239b839fb5f Mon Sep 17 00:00:00 2001 +From: Josh Cooper +Date: Fri, 28 Apr 2017 12:09:11 -0700 +Subject: [PATCH] (PUP-7483) Reject all fact formats except PSON + +Previously, an authenticated user could cause the master to execute +YAML.load on user-specified input, as well as MessagePack.unpack if the +msgpack gem was installed. + +Since 3.2.2, agents have always sent facts as PSON. There is no reason +to support other formats, so reject all fact formats except PSON. + +(cherry picked from commit 06d8c51367ca932b9da5d9b01958cfc0adf0f2ea) +--- + lib/puppet/indirector/catalog/compiler.rb | 6 +++-- + spec/unit/indirector/catalog/compiler_spec.rb | 36 --- + 2 files changed, 36 insertions(+), 6 deletions(-) + +diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb +index e4e60ce54..16c83533e 100644 +--- a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb +@@ -25,9 +25,11 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code + # in Network::HTTP::Handler will automagically deserialize the value. + if text_facts.is_a?(Puppet::Node::Facts) + facts = text_facts +- else ++ elsif format == 'pson' + # We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes +-facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts)) ++facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts)) ++ else ++raise ArgumentError, "Unsupported facts format" + end + + unless facts.name == request.key +diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb +index b134c9094..d31eaeeef 100644 +--- a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb +@@ -255,10 +255,10 @@ describe Puppet::Resource::Catalog::Compiler do + @facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386") + end + +-def a_request_that_contains(facts) ++def a_request_that_contains(facts, format = :pson) + request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil) +- request.options[:facts_format] = "pson" +- request.options[:facts] = CGI.escape(facts.render(:pson)) ++ request.options[:facts_format] = format.to_s ++ request.options[:facts] = CGI.escape(facts.render(format)) + request + end + +@@ -277,7 +277,7 @@ describe Puppet::Resource::Catalog::Compiler do + expect(facts.timestamp).to eq(time) + end + +-it "should convert the facts into a fact instance and save it" do ++it "accepts PSON facts" do + request = a_request_that_contains(@facts) + + options = { +@@ -289,6 +289,34 @@ describe Puppet::Resource::Catalog::Compiler
Bug#863268: unblock: samba/2:4.5.8+dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package samba It (only) includes a fix for critical CVE-2017-7494 (rpc_server3: Refuse to open pipe names with / inside) Debdiff attached. Regards Mathieu Parent unblock samba/2:4.5.8+dfsg-2 -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru samba-4.5.8+dfsg/debian/changelog samba-4.5.8+dfsg/debian/changelog --- samba-4.5.8+dfsg/debian/changelog 2017-04-01 20:39:17.0 +0200 +++ samba-4.5.8+dfsg/debian/changelog 2017-05-18 11:53:47.0 +0200 @@ -1,3 +1,9 @@ +samba (2:4.5.8+dfsg-2) unstable; urgency=high + + * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside + + -- Mathieu ParentThu, 18 May 2017 11:53:47 +0200 + samba (2:4.5.8+dfsg-1) unstable; urgency=high * New upstream version diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch --- samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 1970-01-01 01:00:00.0 +0100 +++ samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 2017-05-18 11:53:47.0 +0200 @@ -0,0 +1,33 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke +Reviewed-by: Jeremy Allison +Reviewed-by: Stefan Metzmacher +--- + source3/rpc_server/srv_pipe.c | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +index 0633b5f..c3f0cd8 100644 +--- a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) + { + NTSTATUS status; + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; +-- +1.9.1 diff -Nru samba-4.5.8+dfsg/debian/patches/series samba-4.5.8+dfsg/debian/patches/series --- samba-4.5.8+dfsg/debian/patches/series 2017-04-01 20:39:17.0 +0200 +++ samba-4.5.8+dfsg/debian/patches/series 2017-05-18 11:53:47.0 +0200 @@ -15,3 +15,4 @@ Add-documentation-to-systemd-Unit-files.patch fix_kill_path_in_units.patch nmbd-requires-a-working-network.patch +CVE-2017-7494.patch
Bug#863261: unblock: lapack/3.7.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please unblock lapack 3.7.0-2. This version fixes a regression in libblas.a, which was empty (#863258). By the way, it also updates the metadata of two Debian patches. The debdiff is attached. unblock lapack/3.7.0-2 Thanks, -- .''`.Sébastien Villemot : :' :Debian Developer `. `' http://sebastien.villemot.name `- GPG Key: 4096R/381A7594 diff -Nru lapack-3.7.0/debian/changelog lapack-3.7.0/debian/changelog --- lapack-3.7.0/debian/changelog 2016-12-29 17:26:38.0 +0100 +++ lapack-3.7.0/debian/changelog 2017-05-24 16:24:37.0 +0200 @@ -1,3 +1,14 @@ +lapack (3.7.0-2) unstable; urgency=medium + + * Fix regression in libblas.a, which was empty since 3.6.1-1. +The bug has been introduced in the fix for #813309: the $(shell LC_ALL=C ls +tmp/*.o) construct used to have a consistent ordering of object files is +evaluated too early, and results in an empty list. Replace it by a $$(env …) +construct, which is evaluated after the object files have been created. +(Closes: #863258) + + -- Sébastien VillemotWed, 24 May 2017 16:24:37 +0200 + lapack (3.7.0-1) unstable; urgency=medium * New upstream version 3.7.0 diff -Nru lapack-3.7.0/debian/patches/fix-typos.patch lapack-3.7.0/debian/patches/fix-typos.patch --- lapack-3.7.0/debian/patches/fix-typos.patch 2016-12-29 16:47:22.0 +0100 +++ lapack-3.7.0/debian/patches/fix-typos.patch 2016-12-29 21:31:55.0 +0100 @@ -1,6 +1,7 @@ Description: Fix various typos Author: Sébastien Villemot Forwarded: https://github.com/Reference-LAPACK/lapack/pull/104 +Applied-Upstream: https://github.com/Reference-LAPACK/lapack/commit/c77258510e861765109d99270f54fecd583a0301 Last-Update: 2016-12-29 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ diff -Nru lapack-3.7.0/debian/patches/test-numbering.patch lapack-3.7.0/debian/patches/test-numbering.patch --- lapack-3.7.0/debian/patches/test-numbering.patch 2016-12-29 16:48:43.0 +0100 +++ lapack-3.7.0/debian/patches/test-numbering.patch 2016-12-29 21:31:31.0 +0100 @@ -2,6 +2,7 @@ The numbering of tests had been broken in commit ed4e95e. Author: Sébastien Villemot Forwarded: https://github.com/Reference-LAPACK/lapack/pull/104 +Applied-Upstream: https://github.com/Reference-LAPACK/lapack/commit/6c3b79b35e83df36e30bd2ceadc9b927a3287740 Last-Update: 2016-12-29 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ diff -Nru lapack-3.7.0/debian/rules lapack-3.7.0/debian/rules --- lapack-3.7.0/debian/rules 2016-12-29 10:16:27.0 +0100 +++ lapack-3.7.0/debian/rules 2017-05-24 16:15:47.0 +0200 @@ -141,7 +141,7 @@ ar d librefblas.a xerbla.o # We want to use the xerbla.o from libcblas.a mkdir -p tmp cd tmp && ar x ../librefblas.a && ar x ../libcblas.a - ar r libblas.a $(shell LC_ALL=C ls tmp/*.o) + ar r libblas.a $$(env LC_ALL=C ls tmp/*.o) rm -rf tmp # Build the test programs, in order to avoid FTBFS if DEB_BUILD_OPTIONS contains nocheck signature.asc Description: PGP signature
Bug#863238: unblock: mash/1.1.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock mash. The version currently in unstable fixes an issue with parallel building that sometimes leads to an FTBFS. The changes w.r.t. v1.1.1-1 currently in testing are minimal and only introduce the patch, which was kindly provided by Adrian Bunk. unblock mash/1.1.1-2 Please find attached to this email a debdiff with the relevant changes. Many thanks Sascha diff -Nru mash-1.1.1/debian/changelog mash-1.1.1/debian/changelog --- mash-1.1.1/debian/changelog 2016-08-27 08:48:34.0 + +++ mash-1.1.1/debian/changelog 2017-05-24 08:43:17.0 + @@ -1,3 +1,10 @@ +mash (1.1.1-2) unstable; urgency=medium + + * Fix parallel building FTBFS. Thanks to Adrian Bunk for the patch. +Closes: #863208 + + -- Sascha SteinbissWed, 24 May 2017 08:43:17 + + mash (1.1.1-1) unstable; urgency=medium * New upstream release. diff -Nru mash-1.1.1/debian/patches/parallel.patch mash-1.1.1/debian/patches/parallel.patch --- mash-1.1.1/debian/patches/parallel.patch1970-01-01 00:00:00.0 + +++ mash-1.1.1/debian/patches/parallel.patch2017-05-24 08:10:13.0 + @@ -0,0 +1,20 @@ +Description: Fix parallel build failures + "capnp compile" ran twice, and in parallel builds twice in parallel. + This resulted in occasional build failures caused by corrupt output files. + . + Fix the Makefile to only run "capnp compile" once. +Author: Adrian Bunk + +--- mash-1.1.1.orig/Makefile.in mash-1.1.1/Makefile.in +@@ -46,7 +46,9 @@ libmash.a : $(OBJECTS) + %.o : %.c++ + $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) -o $@ $< + +-src/mash/capnp/MinHash.capnp.c++ src/mash/capnp/MinHash.capnp.h : src/mash/capnp/MinHash.capnp ++src/mash/capnp/MinHash.capnp.c++ : src/mash/capnp/MinHash.capnp.h ++ ++src/mash/capnp/MinHash.capnp.h : src/mash/capnp/MinHash.capnp + cd src/mash/capnp;export PATH=@capnp@/bin/:${PATH};capnp compile -I @capnp@/include -oc++ MinHash.capnp + + install : mash diff -Nru mash-1.1.1/debian/patches/series mash-1.1.1/debian/patches/series --- mash-1.1.1/debian/patches/series2016-07-22 08:13:36.0 + +++ mash-1.1.1/debian/patches/series2017-05-24 08:10:13.0 + @@ -2,3 +2,4 @@ use_debian_mathjax.patch drop_memcpy_wrapper.patch link_dynamically_against_capnp.patch +parallel.patch
Bug#863237: unblock: puppet/4.8.2-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release team, Please unblock package puppet. The version in unstable fixes a security issue (remote code execution), please see #863212 for more details. Full source debdiff attached. Thanks, Apollon unblock puppet/4.8.2-5 diff -Nru puppet-4.8.2/debian/changelog puppet-4.8.2/debian/changelog --- puppet-4.8.2/debian/changelog 2017-04-28 17:38:26.0 +0300 +++ puppet-4.8.2/debian/changelog 2017-05-23 23:17:46.0 +0300 @@ -1,3 +1,10 @@ +puppet (4.8.2-5) unstable; urgency=high + + * master: accept facts only in PSON format (CVE-2017-2295) (Closes: +#863212). + + -- Apollon OikonomopoulosTue, 23 May 2017 23:17:46 +0300 + puppet (4.8.2-4) unstable; urgency=medium * Handle creation and removal of /var/cache/puppet/state (Closes: #855923) diff -Nru puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch --- puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch 1970-01-01 02:00:00.0 +0200 +++ puppet-4.8.2/debian/patches/0008-CVE-2017-2295.patch 2017-05-22 10:47:55.0 +0300 @@ -0,0 +1,101 @@ +From b29fd533913786ef1e7de421c6128239b839fb5f Mon Sep 17 00:00:00 2001 +From: Josh Cooper +Date: Fri, 28 Apr 2017 12:09:11 -0700 +Subject: [PATCH] (PUP-7483) Reject all fact formats except PSON + +Previously, an authenticated user could cause the master to execute +YAML.load on user-specified input, as well as MessagePack.unpack if the +msgpack gem was installed. + +Since 3.2.2, agents have always sent facts as PSON. There is no reason +to support other formats, so reject all fact formats except PSON. + +(cherry picked from commit 06d8c51367ca932b9da5d9b01958cfc0adf0f2ea) +--- + lib/puppet/indirector/catalog/compiler.rb | 6 +++-- + spec/unit/indirector/catalog/compiler_spec.rb | 36 --- + 2 files changed, 36 insertions(+), 6 deletions(-) + +diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb +index e4e60ce54..16c83533e 100644 +--- a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb +@@ -25,9 +25,11 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code + # in Network::HTTP::Handler will automagically deserialize the value. + if text_facts.is_a?(Puppet::Node::Facts) + facts = text_facts +- else ++ elsif format == 'pson' + # We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes +-facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts)) ++facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts)) ++ else ++raise ArgumentError, "Unsupported facts format" + end + + unless facts.name == request.key +diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb +index b134c9094..d31eaeeef 100644 +--- a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb +@@ -255,10 +255,10 @@ describe Puppet::Resource::Catalog::Compiler do + @facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386") + end + +-def a_request_that_contains(facts) ++def a_request_that_contains(facts, format = :pson) + request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil) +- request.options[:facts_format] = "pson" +- request.options[:facts] = CGI.escape(facts.render(:pson)) ++ request.options[:facts_format] = format.to_s ++ request.options[:facts] = CGI.escape(facts.render(format)) + request + end + +@@ -277,7 +277,7 @@ describe Puppet::Resource::Catalog::Compiler do + expect(facts.timestamp).to eq(time) + end + +-it "should convert the facts into a fact instance and save it" do ++it "accepts PSON facts" do + request = a_request_that_contains(@facts) + + options = { +@@ -289,6 +289,34 @@ describe Puppet::Resource::Catalog::Compiler do + + @compiler.extract_facts_from_request(request) + end ++ ++it "rejects YAML facts" do ++ request = a_request_that_contains(@facts, :yaml) ++ ++ options = { ++:environment => request.environment, ++:transaction_uuid => request.options[:transaction_uuid], ++ } ++ ++ expect { ++@compiler.extract_facts_from_request(request) ++ }.to raise_error(ArgumentError, /Unsupported facts format/) ++end ++ ++it "rejects unknown fact formats" do ++ request = a_request_that_contains(@facts) ++ request.options[:facts_format] = 'unknown-format' ++ ++ options = { ++:environment => request.environment, ++:transaction_uuid => request.options[:transaction_uuid], ++ } ++ ++ expect { ++
Bug#863222: unblock: bilibop/0.5.2.1
Hi, quidame: > Version 0.5.2 (currently in testing) is affected > by a bug [1] with severity "important", which now > is fixed in version 0.5.2.1 (currently in unstable). FWIW, this bug was discovered as it affected Tails, and we're shipping the proposed diff there; it works fine for us :) Cheers, -- intrigeri