Bug#863689: unblock: cracklib2/2.9.2-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi KiBi (X-CC'ed), I would like to unblock cracklib2 as it fixes #854554. To my knowlegde, it has no changes that affects its udeb, the diff being: """ diff -Nru cracklib2-2.9.2/debian/changelog cracklib2-2.9.2/debian/changelog --- cracklib2-2.9.2/debian/changelog2017-04-08 11:25:28.0 + +++ cracklib2-2.9.2/debian/changelog2017-05-27 09:41:18.0 + @@ -1,3 +1,10 @@ +cracklib2 (2.9.2-5) unstable; urgency=medium + + * Add Breaks: cracklib-runtime (<< 2.9.2-4) to libcrack2 to configure +cracklib-runtime in the correct order (Closes: #854554) + + -- Jan DittbernerSat, 27 May 2017 11:41:18 +0200 + cracklib2 (2.9.2-4) unstable; urgency=medium * Migrate triggers to interest-noawait to avoid trigger-cycles (Closes: diff -Nru cracklib2-2.9.2/debian/control cracklib2-2.9.2/debian/control --- cracklib2-2.9.2/debian/control 2017-04-08 11:25:28.0 + +++ cracklib2-2.9.2/debian/control 2017-05-27 09:06:18.0 + @@ -28,6 +28,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Recommends: cracklib-runtime +Breaks: cracklib-runtime (<< 2.9.2-4) Description: pro-active password checker library Shared library for cracklib2 which contains a C function which may be used in a passwd like program. The idea is simple: try to prevent """ unblock cracklib2/2.9.2-5 I would age it so it migrates before this weekend. Thanks, ~Niels
Bug#863682: jessie-pu: package intel-microcode/3.20170511.1~deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu I'd like to update the intel-microcode package in Debian jessie. Usually, I'd wait for an extra month before sending this request, however I have received word from the OCamn community that this microcode update fixes an extremely serious erratum... and that OCaml code compiled with the gcc backend (including the OCaml compiler itself) could trivially trigger it. The OCaml bug report is here: https://caml.inria.fr/mantis/view.php?id=7452 >From the intel-microcode package changelog: SKL150 - Short loops using both the AH/BH/CH/DH registers and the corresponding wide register *may* result in unpredictable system behavior. Requires both logical processors of the same core (i.e. sibling hyperthreads) to be active to trigger, as well as a "complex set of micro-architectural conditions" This microcode update also fixes other important errata, including one that makes it safe to have intel-microcode installed on some recent high-end models of the E7v4 and possibly E5v4 Xeons (previous versions of intel-microcode are likely to hang these processors during boot, refer to bug #862606 for details[1])... but the SKL150 fix takes the cake. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862606 As usual, I have removed the noise caused by the binary blob changes from upstream from the debdiff output for clarity. The abridged debdiff is attached. Full diffstat: changelog | 13 debian/changelog | 58 microcode-20161104.dat |61630 microcode-20170511.dat |61886 + releasenote| 41 5 files changed, 61998 insertions(+), 61630 deletions(-) Abridged diffstat: changelog| 13 debian/changelog | 58 +++ releasenote | 41 ++ 3 files changed, 112 insertions(+) Other than the microcode blob, the changes are only to documentation and the changelogs. Please note that the new upstream "releasenote" file is not going to be shipped in the binary packages, since it has way too much incorrect information. It is present only in the source package. Thank you! -- Henrique Holschuh diff -Nru intel-microcode-3.20161104.1~deb8u1/changelog intel-microcode-3.20170511.1~deb8u1/changelog --- intel-microcode-3.20161104.1~deb8u1/changelog 2016-12-16 08:53:58.0 -0200 +++ intel-microcode-3.20170511.1~deb8u1/changelog 2017-05-26 08:24:17.0 -0300 @@ -1,3 +1,16 @@ +2017-05-11: + * Updated Microcodes: +sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528 +sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408 +sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768 +sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384 +sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480 +sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576 +sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264 +sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304 +sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624 +sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304 + 2016-11-04: * New Microcodes: sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x70d, size 20480 diff -Nru intel-microcode-3.20161104.1~deb8u1/debian/changelog intel-microcode-3.20170511.1~deb8u1/debian/changelog --- intel-microcode-3.20161104.1~deb8u1/debian/changelog2016-12-16 09:42:12.0 -0200 +++ intel-microcode-3.20170511.1~deb8u1/debian/changelog2017-05-29 19:06:07.0 -0300 @@ -1,3 +1,61 @@ +intel-microcode (3.20170511.1~deb8u1) stable; urgency=high + + * This is the same package as 3.20170511.1 from unstable/testing and +3.20170511.1~bpo8+1, from jessie-backports. It has been present in +unstable since 2017-05-15, testing since 2017-05-26, and jessie-backports +since 2017-05-29. + * Urgency updated to high: ++ Confirmed fix: nightmare-level Skylake erratum SKL150 ++ Confirmed: gcc may generate the code patterns that trigger SKL150 + (unpredictable behavior). The OCaml community was hit by this erratum + and has been investigating the issue since 2017-01. It affected the + OCaml compiler, and OCaml programs when gcc was used as the backend. + https://caml.inria.fr/mantis/view.php?id=7452 + + -- Henrique de Moraes HolschuhMon, 29 May 2017 19:06:06 -0300 + +intel-microcode (3.20170511.1) unstable; urgency=medium + + * New upstream microcode datafile 20170511 ++ Updated Microcodes: + sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528 + sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025,
Processed: sorry I typoed a bug number… (Re: Processed: wishlist)
Processing commands for cont...@bugs.debian.org: > severity 863660 normal Bug #863660 [release.debian.org] unblock: reportbug/7.1.7 Severity set to 'normal' from 'wishlist' > severity 863636 wishlist Bug #863636 [diffoscope] diffoscope: usage of FIFOs causes pair-comparisons to not run in parallel, wasting performance by about 1/2 Severity set to 'wishlist' from 'normal' > # sorry for the noise > thanks Stopping processing here. Please contact me if you need assistance. -- 863636: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863636 863660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: wishlist
Processing commands for cont...@bugs.debian.org: > severity 863660 wishlist Bug #863660 [release.debian.org] unblock: reportbug/7.1.7 Severity set to 'wishlist' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 863660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863660 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863634: unblock (pre-approval): systemd/232-24
Control: tag -1 confirmed moreinfo On 2017-05-29 15:37, Michael Biebl wrote: I'd like to make another upload of systemd if possible. It fixes a remote DoS in resolved (#863277). We don't enable resolved by default in Debian, so this bug is not super critical. But since an (upstream) fix exists, I would prefer to have this fix in stretch. The attached debdiff also has two smaller fixes which have piled up in the stretch branch in the mean time. Please let me know if I can proceed with the upload. If you want me to postpone that for 9.1, I'm fine as well. Uploading it now would have the benefit though of at least some testing in unstable. Please go ahead and remove the moreinfo tag when it is ready to be unblocked. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits
Processed: Re: Bug#863634: unblock (pre-approval): systemd/232-24
Processing control commands: > tag -1 confirmed moreinfo Bug #863634 [release.debian.org] unblock (pre-approval): systemd/232-24 Added tag(s) confirmed and moreinfo. -- 863634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863634 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863634: unblock (pre-approval): systemd/232-24
Michael Biebl(2017-05-29): > I'd like to make another upload of systemd if possible. > It fixes a remote DoS in resolved (#863277). We don't enable resolved > by default in Debian, so this bug is not super critical. > But since an (upstream) fix exists, I would prefer to have this fix in > stretch. The attached debdiff also has two smaller fixes which have > piled up in the stretch branch in the mean time. > > Please let me know if I can proceed with the upload. > If you want me to postpone that for 9.1, I'm fine as well. Uploading it > now would have the benefit though of at least some testing in unstable. > > The changes don't touch d-i, but I've CCed debian-boot@ anyway for an > ack. > > Full debdiff attached. Changes look fine to me, be it for r0 or r1. If that's candidate for r0, it needs to have migrated a few days before the last week, so that d-i can be prepared with all components from testing. KiBi. signature.asc Description: Digital signature
Bug#863667: unblock: hexchat (pre-approval)
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Upstream contact me about sevaral (apparently too many) users having issues with an hexchat external plugin being too noisy [1] and causing other issues for unexperienced users. All considered probably such barely maintained plugin shouldn't be instaled by default indeed, therefore I'm asking for permission to upload the following debdiff and having it in stretch. [1] "OTR: Error saving instance tags: No such file or directory (gcrypt)" for every query started if not configured diff --git a/debian/changelog b/debian/changelog index ea6265b..2052824 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +hexchat (2.12.4-3) UNRELEASED; urgency=medium + + * Demote hexchat-otr from Recommends to Suggests. +It reportely causes noise and problems for unexperienced users, and it's +mostly unmaintained plugin, so don't install it by default. + + -- Mattia RizzoloMon, 29 May 2017 22:45:42 +0200 + hexchat (2.12.4-2) unstable; urgency=medium * Also apply patch 4c178782a779f013fafab476506f7d4dae372b8a.patch on ubuntu. diff --git a/debian/control b/debian/control index a221a8a..bec6ba4 100644 --- a/debian/control +++ b/debian/control @@ -33,11 +33,11 @@ Depends: ${shlibs:Depends}, Recommends: gvfs-bin, - hexchat-otr, hexchat-perl, hexchat-plugins, hexchat-python3, Suggests: + hexchat-otr, unifont, Description: IRC client for X based on X-Chat 2 HexChat is a graphical IRC client with a GTK+ GUI. Features include Python -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#863660: unblock: reportbug/7.1.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package reportbug This is the final upload for stretch: it contains several bugfixes and improvement that would make reportbug in stretch much more robust for our users. A source packages diff is attached unblock reportbug/7.1.7 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru reportbug-7.1.6/bin/querybts reportbug-7.1.7/bin/querybts --- reportbug-7.1.6/bin/querybts2017-04-18 21:12:02.0 -0400 +++ reportbug-7.1.7/bin/querybts2017-05-29 16:00:17.0 -0400 @@ -168,16 +168,16 @@ url = debbugs.get_report_url(options.system, num, options.archived, mbox=True) try: report = urlutils.open_url(url, timeout=options.timeout) -sys.stdout.write(report.read()) -except urlutils.urllib2.URLError as ex: +sys.stdout.write(report) +except NoNetwork as ex: print("Error while accessing mbox report (%s)." % ex, file=sys.stderr) else: num = int(m.group(1)) url = debbugs.get_report_url(options.system, num, options.archived, mbox=True) try: report = urlutils.open_url(url, timeout=options.timeout) -sys.stdout.write(report.read()) -except urlutils.urllib2.URLError as ex: +sys.stdout.write(report) +except NoNetwork as ex: print("Error while accessing mbox report (%s)." % ex, file=sys.stderr) sys.exit(1) return diff -Nru reportbug-7.1.6/bin/reportbug reportbug-7.1.7/bin/reportbug --- reportbug-7.1.6/bin/reportbug 2017-04-18 21:12:02.0 -0400 +++ reportbug-7.1.7/bin/reportbug 2017-05-29 16:00:17.0 -0400 @@ -1051,7 +1051,7 @@ if options.draftpath: options.draftpath = os.path.expanduser(options.draftpath) if not os.path.exists(options.draftpath): -print("The directory % does not exist; exiting." % options.draftpath) +ewrite("The directory %s does not exist; exiting.\n" % options.draftpath) sys.exit(1) if options.mua and not options.template: diff -Nru reportbug-7.1.6/debian/changelog reportbug-7.1.7/debian/changelog --- reportbug-7.1.6/debian/changelog2017-04-18 21:12:02.0 -0400 +++ reportbug-7.1.7/debian/changelog2017-05-29 16:00:17.0 -0400 @@ -1,3 +1,51 @@ +reportbug (7.1.7) unstable; urgency=medium + + * reportbug/utils.py +- fix description regex to match only textual description (and not the MD5); + patch by Nis Martensen; Closes: #863322 +- switch to use apt-cache instead of dpkg --print-avail; patch by Nis + Martensen +- get_command_output() doesnt strip a trailing new-line, so deal with that + behavior when running lsb_release and dpkg --print-architecture; patch by + Nis Martensen; Closes: #861153 +- update suites names: fade out squeeze (wheezy is now oldoldstable) and + introduce buster (testing), bullseye (next-testing); Closes: #862801 +- in search_path_for, split PATH directories using ':'; patch by Kamaraju + Kusumanchi; Closes: #827088 +- strip arch-qualifier when looking up dependencies information; patch by + Nis Martensen; Closes: #749884 +- fix a crash when parsing the config files lines in the package + information; patch by Nis Martensen; Closes: #857013, #846053, #826534 + * reportbug/debbugs.py +- add manpages.debian.org to pseudo-packages list; Closes: #861859 + * debian/control +- update emacs dependencies to emacs24 (default) and emacs25 (alternative) +- remove Chris Lawrence from Uploaders, thanks for all you've done for + reportbug!! +- switch Vcs-* URLs to HTTPS + * remove double imports + * debian/desktop +- add Danish translation to desktop file; patch by scootergrisen; + Closes: #855973 + * reportbug/bugreport.py +- add LANGUAGE env var to locales bugreport section; Closes: #840898 + * bin/querybts +- url_open() now returns a string, no need to read() it anymore; also + replace URLError exception handling with NoNetwork; Closes: #859274 + * reportbug/debbugs.py, reportbug/utils.py +- Finish open_url return type conversion: url_open() now returns a string + and no longer an HTTPRespons object; patch by Nis Martensen; extends the + fix for #859274 + * bin/reportbug
Bug#863645: unblock: cqrlog 2.0.2-1.1
Hi, >> unblock cqrlog/2.0.2-1.1 > >Doesn't seem to be in the archive? this is true, I forgot to mention this is in deferred/2, so you can see it as a pre-approval bug (this is an NMU for an RC I just opened) We might even avoid to pull the compatibility package by cherry-picking this upstream commit https://github.com/ok2cqr/cqrlog/commit/3f2dd3d0025658b57b03715f3cc60919b661eed2#diff-b8baf5712e548bba85056ce31a9d3df9 your choice, probably the upstream fix is better because it pulls one less package from the archive :) G.
Bug#863645: unblock: cqrlog 2.0.2-1.1
Control: tag -1 moreinfo On Mon, May 29, 2017 at 05:13:01PM +, Gianfranco Costamagna wrote: > Package: release.debian.org > > User: release.debian@packages.debian.org > > Usertags: unblock > Your useragent has done odd things, so the tags didn't work out... > Please unblock package cqrlog > > unblock cqrlog/2.0.2-1.1 Doesn't seem to be in the archive? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#863645: unblock: cqrlog 2.0.2-1.1
Processing control commands: > tag -1 moreinfo Bug #863645 [release.debian.org] unblock: cqrlog/2.0.2-1.1 Added tag(s) moreinfo. -- 863645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863645 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 863645 to unblock: cqrlog/2.0.2-1.1, user release.debian....@packages.debian.org ...
Processing commands for cont...@bugs.debian.org: > retitle 863645 unblock: cqrlog/2.0.2-1.1 Bug #863645 [release.debian.org] unblock: cqrlog 2.0.2-1.1 Changed Bug title to 'unblock: cqrlog/2.0.2-1.1' from 'unblock: cqrlog 2.0.2-1.1'. > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was j...@debian.org). > usertags 863645 unblock There were no usertags set. Usertags are now: unblock. > thanks Stopping processing here. Please contact me if you need assistance. -- 863645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863645 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863522: marked as done (unblock: python-numpy/1:1.12.1-3)
Your message dated Mon, 29 May 2017 18:52:38 +0100 with message-id <20170529175238.l5klg47tt5yf2...@powdarrmonkey.net> and subject line Re: Bug#863522: unblock: python-numpy/1:1.12.1-3 has caused the Debian Bug report #863522, regarding unblock: python-numpy/1:1.12.1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863522: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863522 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-numpy This upload fixes a bug when using numpy.abs() on numpy.nan on some architectures; the bug is minor, but a user noticed nonetheless, the patch comes directly from upstream and it's just a one-liner with extensive tests. Source debdiff is attached unblock python-numpy/1:1.12.1-3 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru python-numpy-1.12.1/debian/changelog python-numpy-1.12.1/debian/changelog --- python-numpy-1.12.1/debian/changelog2017-04-05 06:26:43.0 -0400 +++ python-numpy-1.12.1/debian/changelog2017-05-27 19:44:59.0 -0400 @@ -1,3 +1,10 @@ +python-numpy (1:1.12.1-3) unstable; urgency=medium + + * debian/patches/0007-BUG-Don-t-signal-FP-exceptions-in-np.absolute.patch +- fix RuntimeWarning on numpy.abs(numpy.nan) on some archs; Closes: #863192 + + -- Sandro TosiSat, 27 May 2017 19:44:59 -0400 + python-numpy (1:1.12.1-2) unstable; urgency=medium * Team upload diff -Nru python-numpy-1.12.1/debian/.git-dpm python-numpy-1.12.1/debian/.git-dpm --- python-numpy-1.12.1/debian/.git-dpm 2017-04-04 12:49:56.0 -0400 +++ python-numpy-1.12.1/debian/.git-dpm 2017-05-27 19:44:59.0 -0400 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -4b26915f32eec3afa476d678bc7831ab7b1899c1 -4b26915f32eec3afa476d678bc7831ab7b1899c1 +285b463e037cd9aeaf37ccc90ccf3349cc84b88a +285b463e037cd9aeaf37ccc90ccf3349cc84b88a db9ad0d21c51a5a4983387c232c00bd6f844e406 db9ad0d21c51a5a4983387c232c00bd6f844e406 python-numpy_1.12.1.orig.tar.gz diff -Nru python-numpy-1.12.1/debian/patches/0007-BUG-Don-t-signal-FP-exceptions-in-np.absolute.patch python-numpy-1.12.1/debian/patches/0007-BUG-Don-t-signal-FP-exceptions-in-np.absolute.patch --- python-numpy-1.12.1/debian/patches/0007-BUG-Don-t-signal-FP-exceptions-in-np.absolute.patch 1969-12-31 19:00:00.0 -0500 +++ python-numpy-1.12.1/debian/patches/0007-BUG-Don-t-signal-FP-exceptions-in-np.absolute.patch 2017-05-27 19:44:59.0 -0400 @@ -0,0 +1,89 @@ +From 285b463e037cd9aeaf37ccc90ccf3349cc84b88a Mon Sep 17 00:00:00 2001 +From: James Cowgill +Date: Tue, 7 Mar 2017 11:39:01 + +Subject: BUG: Don't signal FP exceptions in np.absolute + +Fixes #8686 + +This PR centers around this piece of code in `numpy/core/src/umath/loops.c.src`: +```c +UNARY_LOOP { +const @type@ in1 = *(@type@ *)ip1; +const @type@ tmp = in1 > 0 ? in1 : -in1; +/* add 0 to clear -0.0 */ +*((@type@ *)op1) = tmp + 0; +} +``` + +If in1 is `NaN`, the C99 standard requires that the comparison `in1 > 0` +signals `FE_INVALID`, but the usual semantics for the absolute function are +that no FP exceptions should be generated (eg compare to C `fabs` and Python +`abs`). This was probably never noticed due to a bug in GCC x86 where all +floating point comparisons do not signal exceptions, however Clang on x86 and +GCC on other architectures (including ARM and MIPS) do signal an FP exception +here. + +Fix by clearing the floating point exceptions after the loop has +finished. The alternative of rewriting the loop to use `npy_fabs` +instead would also work but has performance issues because that function +is not inlined. The `test_abs_neg_blocked` is adjusted not to ignore +`FE_INVALID` errors because now both absolute and negate should never +produce an FP exceptions. +--- + numpy/core/src/umath/loops.c.src | 1 + + numpy/core/tests/test_umath.py | 30 ++ + 2 files changed, 15 insertions(+), 16 deletions(-) + +diff --git a/numpy/core/src/umath/loops.c.src b/numpy/core/src/umath/loops.c.src +index 3c11908..7e683ab 100644 +---
Bug#863628: unblock: apt-mirror/0.5.4-1
Control: tag -1 moreinfo On Mon, May 29, 2017 at 02:45:31PM +0200, Benjamin Drung wrote: > apt-mirror 0.5.4 is a very small bug-fix release for stretch. It fixes > the warning about the use of uninitialized value $config{"options"} > (which hits most users). That is not all though, is it? Could you provide some background to the other changes? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#863628: unblock: apt-mirror/0.5.4-1
Processing control commands: > tag -1 moreinfo Bug #863628 [release.debian.org] unblock: apt-mirror/0.5.4-1 Added tag(s) moreinfo. -- 863628: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 863573
Processing commands for cont...@bugs.debian.org: > tags 863573 - moreinfo Bug #863573 [release.debian.org] unblock: diamond/4.0.515-4 Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 863573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863573 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863573: marked as done (unblock: diamond/4.0.515-4)
Your message dated Mon, 29 May 2017 18:45:27 +0100 with message-idand subject line Re: Bug#863573: unblock: diamond/4.0.515-4 has caused the Debian Bug report #863573, regarding unblock: diamond/4.0.515-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863573 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package diamond This upload improves (even if only slightly, as a proper solution is still being worked on by upstream) the stop/restart time of diamond, by setting the systemd killmode to mixed. A source debdiff is attached unblock diamond/4.0.515-4 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru diamond-4.0.515/debian/changelog diamond-4.0.515/debian/changelog --- diamond-4.0.515/debian/changelog2017-01-22 17:28:37.0 -0500 +++ diamond-4.0.515/debian/changelog2017-05-28 15:48:29.0 -0400 @@ -1,3 +1,10 @@ +diamond (4.0.515-4) unstable; urgency=medium + + * debian/diamond.service +- set KillMode to `mixed`; Closes: #854842 + + -- Sandro Tosi Sun, 28 May 2017 15:48:29 -0400 + diamond (4.0.515-3) unstable; urgency=medium * debian/control diff -Nru diamond-4.0.515/debian/diamond.service diamond-4.0.515/debian/diamond.service --- diamond-4.0.515/debian/diamond.service 2016-02-16 09:29:38.0 -0500 +++ diamond-4.0.515/debian/diamond.service 2017-05-28 15:48:15.0 -0400 @@ -4,6 +4,7 @@ [Service] ExecStart=/usr/bin/python /usr/bin/diamond --log-stdout --foreground Restart=on-abort +KillMode=mixed [Install] WantedBy=multi-user.target --- End Message --- --- Begin Message --- On 2017-05-29 15:43, Sandro Tosi wrote: On Mon, May 29, 2017 at 8:20 AM, Jonathan Wiltshire wrote: Control: tag -1 moreinfo On Sun, May 28, 2017 at 03:58:13PM -0400, Sandro Tosi wrote: This upload improves (even if only slightly, as a proper solution is still being worked on by upstream) the stop/restart time of diamond, by setting the systemd killmode to mixed. I'm not sure how comfortable I am about this. Is the change to KillMode upstream advice? sorry for not reporting it first, there is a long discussion with upstream at https://github.com/python-diamond/Diamond/issues/595 - their initial solution was to change the internal process management logic and then use KillMode=process but paravoid had better result with `mixed` without changing any code (since that procs mgmt change still isnt 100% completed) Ok, I'll take the workaround for now but it would be nice to fix this properly for buster. Thanks for the additional information. Unblocked and aged to 5. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits--- End Message ---
Processed: severity of 863629 is normal
Processing commands for cont...@bugs.debian.org: > # its unlikely an unblock bug is ever more than normal... > severity 863629 normal Bug #863629 [release.debian.org] unblock: cfengine3/3.9.1-4.2 Severity set to 'normal' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 863629: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863629 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863629: marked as done (unblock: cfengine3/3.9.1-4.2)
Your message dated Mon, 29 May 2017 18:38:19 +0100 with message-id <20170529173819.wvyrc6p2a6bna...@powdarrmonkey.net> and subject line Re: Bug#863629: unblock: cfengine3/3.9.1-4.2 has caused the Debian Bug report #863629, regarding unblock: cfengine3/3.9.1-4.2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863629: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863629 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: important User: release.debian@packages.debian.org Usertags: unblock Please unblock package cfengine3 Hi, cfengine3/3.9.1-4.2, which was uploaded some days ago to unstable fixes release critical bug #852675 and bug #862903. #852675 makes cfengine3 completely unusable because it distributes only the distribution templates and not the local changes to the clients. #862903 reverses the openssl1.1 patch which made cfengine crash when contacted from cfengine3 version 3.6. Upstream says, they have big problems with the openssl1.1 patch and that the patch is not finished. Thanks Christoph -- Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php) diff -Nru cfengine3-3.9.1/debian/changelog cfengine3-3.9.1/debian/changelog --- cfengine3-3.9.1/debian/changelog2017-01-18 15:09:03.0 +0100 +++ cfengine3-3.9.1/debian/changelog2017-05-18 14:14:45.0 +0200 @@ -1,3 +1,11 @@ +cfengine3 (3.9.1-4.2) unstable; urgency=medium + + * fix masterdir configuration (closes: 852675) + * revert ssl1.1 patch which leads to segfaults with older clients +(closes: #862903) + + -- Christoph MartinThu, 18 May 2017 14:14:45 +0200 + cfengine3 (3.9.1-4.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru cfengine3-3.9.1/debian/control cfengine3-3.9.1/debian/control --- cfengine3-3.9.1/debian/control 2017-01-17 01:50:04.0 +0100 +++ cfengine3-3.9.1/debian/control 2017-05-18 14:14:45.0 +0200 @@ -2,7 +2,7 @@ Section: admin Priority: optional Maintainer: Antonio Radici -Build-Depends: debhelper (>= 7.0.50), autotools-dev, libssl-dev (>= 1.1), +Build-Depends: debhelper (>= 7.0.50), autotools-dev, libssl1.0-dev | libssl-dev (<< 1.1), flex, bison, libpcre3-dev, dh-autoreconf, libvirt-dev, libacl1-dev, liblmdb-dev, default-libmysqlclient-dev, libxml2-dev, quilt, libpam0g-dev Standards-Version: 3.9.8 diff -Nru cfengine3-3.9.1/debian/patches/series cfengine3-3.9.1/debian/patches/series --- cfengine3-3.9.1/debian/patches/series 2016-12-01 21:55:30.0 +0100 +++ cfengine3-3.9.1/debian/patches/series 2017-05-18 14:14:45.0 +0200 @@ -6,4 +6,4 @@ 0007-fix_kfreebsd_build.patch 0009_disable_spelling_errors.patch 0010_disable_date_annotation.patch -0011_build_with_openssl_1.1.patch +#0011_build_with_openssl_1.1.patch diff -Nru cfengine3-3.9.1/debian/rules cfengine3-3.9.1/debian/rules --- cfengine3-3.9.1/debian/rules2016-12-01 21:55:30.0 +0100 +++ cfengine3-3.9.1/debian/rules2017-05-18 14:14:45.0 +0200 @@ -20,7 +20,7 @@ --with-libvirt \ --with-lmdb \ --with-libxml2 \ - --with-masterdir=\$${prefix}/share/cfengine3/masterfiles \ + --with-masterdir=/var/lib/cfengine3/masterfiles \ --with-workdir=/var/lib/cfengine3 \ --with-logdir=/var/log/cfengine3 \ --with-piddir=/var/run/cfengine3 \ signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- On Mon, May 29, 2017 at 02:45:03PM +0200, Christoph Martin wrote: > cfengine3/3.9.1-4.2, which was uploaded some days ago to unstable fixes > release critical bug #852675 and bug #862903. Already unblocked, and merely waiting for age. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51--- End Message ---
Bug#863645: unblock: cqrlog 2.0.2-1.1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi release team Please unblock package cqrlog unblock cqrlog/2.0.2-1.1 I found a bug that was preventing the package from working if the mysql compat library was not installed. The code is doing the pascal "dlopen" call to find libmysqlclient.so, and this is not available anymore since mariadb switch. Using the compat package brings a symlink that makes the program behave correctly. thanks G. diff -Nru cqrlog-2.0.2/debian/changelog cqrlog-2.0.2/debian/changelog --- cqrlog-2.0.2/debian/changelog2016-09-09 14:58:50.0 +0200 +++ cqrlog-2.0.2/debian/changelog2017-05-29 19:06:55.0 +0200 @@ -1,3 +1,13 @@ +cqrlog (2.0.2-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Depent on virtual mysql server implementation (Closes: #848430) + * Depend on default-libmysqlclient-dev, to have the libmysqlclient.so +symlink available at runtime (function TdmData.GetMySQLLib +loads it dynamically Closes: #863644. + + -- Gianfranco CostamagnaMon, 29 May 2017 17:29:07 +0200 + cqrlog (2.0.2-1) unstable; urgency=medium * New upstream bugfix release. diff -Nru cqrlog-2.0.2/debian/control cqrlog-2.0.2/debian/control --- cqrlog-2.0.2/debian/control2016-05-03 10:56:29.0 +0200 +++ cqrlog-2.0.2/debian/control2017-05-29 19:05:57.0 +0200 @@ -13,8 +13,8 @@ Package: cqrlog Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, mysql-client | mariadb-client, libhamlib2 (>= 1.2.10), libhamlib-utils (>= 1.2.10) -Recommends: mysql-server | mariadb-server, xplanet +Depends: ${shlibs:Depends}, ${misc:Depends}, libssl-dev, default-mysql-client | virtual-mysql-client, default-libmysqlclient-dev, libhamlib2 (>= 1.2.10), libhamlib-utils (>= 1.2.10) +Recommends: default-mysql-server | virtual-mysql-server, xplanet Description: Advanced logging program for hamradio operators CQRLOG is an advanced ham radio logger based on MySQL embedded database. Provides radio control based on hamlib libraries (currently support of 140+
Bug#863633: marked as done (unblock: mosquitto/1.4.10-3)
Your message dated Mon, 29 May 2017 16:02:39 + with message-idand subject line unblock mosquitto has caused the Debian Bug report #863633, regarding unblock: mosquitto/1.4.10-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mosquitto Version 1.4.10-2 currently in testing has a security issue CVE-2017-7650. This upload fixes that issue. This upload also fixes #857759, which is a regression against Jessie. unblock mosquitto/1.4.10-3 -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-71-generic (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) *** /home/roger/mosquitto.debdiff diff -Nru mosquitto-1.4.10/debian/changelog mosquitto-1.4.10/debian/changelog --- mosquitto-1.4.10/debian/changelog 2016-11-03 22:38:51.0 + +++ mosquitto-1.4.10/debian/changelog 2017-05-29 14:38:36.0 +0100 @@ -1,3 +1,16 @@ +mosquitto (1.4.10-3) unstable; urgency=high + + * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id +set to '+' or '#'. +- debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive + of messages to/from clients with a '+', '#' or '/' in their + username/client id. +- CVE-2017-7650 + * New patch debian/patches/allow_ipv6_bridges.patch allows bridges to make +IPv6 connections when using TLS (closes: #857759). + + -- Roger A. Light Mon, 29 May 2017 13:43:29 +0100 + mosquitto (1.4.10-2) unstable; urgency=medium * Bumped standards version to 3.9.8. No changes needed. diff -Nru mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch --- mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch1970-01-01 01:00:00.0 +0100 +++ mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch2017-05-29 13:50:12.0 +0100 @@ -0,0 +1,22 @@ +Description: Allow bridges to make IPv6 connections when using TLS. +Author: Roger Light +Forwarded: not-needed +Origin: upstream, https://github.com/eclipse/mosquitto/commit/98ea68490626b1d18aee2004b411294c85e62212 +--- a/lib/net_mosq.c b/lib/net_mosq.c +@@ -281,14 +281,7 @@ + + *sock = INVALID_SOCKET; + memset(, 0, sizeof(struct addrinfo)); +-#ifdef WITH_TLS +- if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk){ +- hints.ai_family = PF_INET; +- }else +-#endif +- { +- hints.ai_family = PF_UNSPEC; +- } ++ hints.ai_family = PF_UNSPEC; + hints.ai_flags = AI_ADDRCONFIG; + hints.ai_socktype = SOCK_STREAM; + diff -Nru mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch --- mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch 1970-01-01 01:00:00.0 +0100 +++ mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch 2017-05-28 23:10:06.0 +0100 @@ -0,0 +1,61 @@ +Description: Fix for CVE-207-7650. +Author: Roger Light +Forwarded: not-needed +Origin: upstream, https://mosquitto.org/files/cve/2017-7650/mosquitto-1.4.x_cve-2017-7650.patch +diff --git a/src/security.c b/src/security.c +index 6ae9fb9..37ce32b 100644 +--- src/security.c b/src/security.c +@@ -233,6 +233,21 @@ + { + username = context->username; + } ++ ++ /* Check whether the client id or username contains a +, # or / and if ++ * so deny access. ++ * ++ * Do this check for every message regardless, we have to protect the ++ * plugins against possible pattern based attacks. ++ */ ++ if(username && strpbrk(username, "+#/")){ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous username \"%s\"", username); ++ return
Bug#863634: unblock (pre-approval): systemd/232-24
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, I'd like to make another upload of systemd if possible. It fixes a remote DoS in resolved (#863277). We don't enable resolved by default in Debian, so this bug is not super critical. But since an (upstream) fix exists, I would prefer to have this fix in stretch. The attached debdiff also has two smaller fixes which have piled up in the stretch branch in the mean time. Please let me know if I can proceed with the upload. If you want me to postpone that for 9.1, I'm fine as well. Uploading it now would have the benefit though of at least some testing in unstable. The changes don't touch d-i, but I've CCed debian-boot@ anyway for an ack. Full debdiff attached. Regards, Michael -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff --git a/debian/changelog b/debian/changelog index 2c670e7..68276b7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +systemd (232-24) unstable; urgency=medium + + [ Felipe Sateler ] + * Specify nobody user and group. +Otherwise nss-systemd will translate to group 'nobody', which doesn't +exist on debian systems. + + [ Michael Biebl ] + * Add Depends: procps to systemd. +It's required by /usr/lib/systemd/user/systemd-exit.service which calls +/bin/kill to stop the systemd --user instance. (Closes: #862292) + * resolved: fix null pointer p->question dereferencing. +This fixes a bug which allowed a remote DoS (daemon crash) via a crafted +DNS response with an empty question section. +Fixes: CVE-2017-9217 (Closes: #863277) + + -- Michael BieblMon, 29 May 2017 16:25:43 +0200 + systemd (232-23) unstable; urgency=medium [ Michael Biebl ] diff --git a/debian/control b/debian/control index b48a50a..c4e7db1 100644 --- a/debian/control +++ b/debian/control @@ -74,6 +74,7 @@ Depends: ${shlibs:Depends}, util-linux (>= 2.27.1), mount (>= 2.26), adduser, + procps, Breaks: lvm2 (<< 2.02.104-1), apparmor (<< 2.9.2-1), systemd-shim (<< 10-3~), diff --git a/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch b/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch new file mode 100644 index 000..0d134c1 --- /dev/null +++ b/debian/patches/resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch @@ -0,0 +1,24 @@ +From: Evgeny Vereshchagin +Date: Wed, 24 May 2017 08:56:48 +0300 +Subject: resolved: bugfix of null pointer p->question dereferencing (#6020) + +See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396 +(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be) +--- + src/resolve/resolved-dns-packet.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 337a8c4..07a761e 100644 +--- a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +@@ -2264,6 +2264,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) { + if (r < 0) + return r; + ++if (!p->question) ++return 0; ++ + if (p->question->n_keys != 1) + return 0; + diff --git a/debian/patches/series b/debian/patches/series index 44daef3..adc86a7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -62,6 +62,7 @@ Adjust-pkgconfig-files-to-point-at-rootlibdir-4584.patch journal-fix-up-syslog-facility-when-forwarding-native-mes.patch machinectl-make-sure-that-inability-to-get-OS-version-isn.patch nspawn-support-ephemeral-boots-from-images.patch +resolved-bugfix-of-null-pointer-p-question-dereferencing-.patch debian/Use-Debian-specific-config-files.patch debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch diff --git a/debian/rules b/debian/rules index 016fc51..d6e984f 100755 --- a/debian/rules +++ b/debian/rules @@ -126,7 +126,9 @@ CONFFLAGS = \ --disable-wheel-group \ --with-ntp-servers="$(DEFAULT_NTP_SERVERS)" \ --with-system-uid-max=999 \ - --with-system-gid-max=999 + --with-system-gid-max=999 \ + --with-nobody-user=nobody \ + --with-nobody-group=nogroup # resolved's DNSSEC support is still not mature enough, don't enable it by # default on stable Debian/Ubuntu releases
Bug#863573: unblock: diamond/4.0.515-4
On Mon, May 29, 2017 at 8:20 AM, Jonathan Wiltshirewrote: > Control: tag -1 moreinfo > > On Sun, May 28, 2017 at 03:58:13PM -0400, Sandro Tosi wrote: >> This upload improves (even if only slightly, as a proper solution is still >> being >> worked on by upstream) the stop/restart time of diamond, by setting the >> systemd >> killmode to mixed. > > I'm not sure how comfortable I am about this. Is the change to KillMode > upstream advice? sorry for not reporting it first, there is a long discussion with upstream at https://github.com/python-diamond/Diamond/issues/595 - their initial solution was to change the internal process management logic and then use KillMode=process but paravoid had better result with `mixed` without changing any code (since that procs mgmt change still isnt 100% completed) -- Sandro "morph" Tosi My website: http://sandrotosi.me/ Me at Debian: http://wiki.debian.org/SandroTosi G+: https://plus.google.com/u/0/+SandroTosi
NEW changes in stable-new
Processing changes file: imagemagick_6.8.9.9-5+deb8u9_amd64.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_arm64.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_armel.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_armhf.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_i386.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_mips.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_mipsel.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_powerpc.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_ppc64el.changes ACCEPT Processing changes file: imagemagick_6.8.9.9-5+deb8u9_s390x.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_amd64.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_arm64.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_armel.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_armhf.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_i386.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_mips.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_mipsel.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_powerpc.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_ppc64el.changes ACCEPT Processing changes file: libtasn1-6_4.2-3+deb8u3_s390x.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_amd64.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_arm64.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_armel.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_armhf.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_i386.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_mips.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_mipsel.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_powerpc.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_ppc64el.changes ACCEPT Processing changes file: rtmpdump_2.4+20150115.gita107cef-1+deb8u1_s390x.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_allonly.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_amd64.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_arm64.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_armel.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_armhf.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_i386.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_mips.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_mipsel.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_powerpc.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_ppc64el.changes ACCEPT Processing changes file: samba_4.2.14+dfsg-0+deb8u6_s390x.changes ACCEPT Processing changes file: squirrelmail_1.4.23~svn20120406-2+deb8u1_amd64.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_amd64.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_arm64.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_armel.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_armhf.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_i386.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_mips.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_mipsel.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_powerpc.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_ppc64el.changes ACCEPT Processing changes file: tiff_4.0.3-12.3+deb8u3_s390x.changes ACCEPT
Bug#863626: unblock: dns-root-data/2017041101
Hi Jonathan, my mistake. Somehow I thought the 2017020200 has been already unblocked for testing. I did the 2017041101 build and unblock bug in parallel, and I have just uploaded the package to unstable. So for the 2015052300+h+1 -> 2017020200 changes: * This fixes FTBFS because: a) ICANN/IANA doesn't provide OpenPGP signatures anymore b) The parsing was broken with introduction of second key This includes changes in d/rules + new parse-root-anchors.sh script. * Several dead-upstream ICANN files were removed from the package: - draft-icann-dnssec-trust-anchor.html - draft-icann-dnssec-trust-anchor.txt - icannbundle.p12 - icann.pgp - root-anchors.p7s (e.g. in fact it was a removal of ICANN-copyright document) The licensing on ICANN files was acked by ftp-masters as OK. $ diffstat dns-root-data_2017020200.debdiff /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/icann.pgp |binary /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/icannbundle.p12 |binary /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/root-anchors.p7s |binary dns-root-data-2017020200/debian/changelog | 14 dns-root-data-2017020200/debian/control | 5 dns-root-data-2017020200/debian/dns-root-data.docs| 2 dns-root-data-2017020200/debian/rules | 18 dns-root-data-2017020200/draft-icann-dnssec-trust-anchor.html | 555 - dns-root-data-2017020200/draft-icann-dnssec-trust-anchor.txt | 560 -- dns-root-data-2017020200/icannbundle.pem | 200 +-- dns-root-data-2017020200/parse-root-anchors.sh| 25 dns-root-data-2017020200/root-anchors.asc | 7 dns-root-data-2017020200/root-anchors.xml | 8 dns-root-data-2017020200/root.hints | 8 dns-root-data-2017020200/root.key | 3 15 files changed, 117 insertions(+), 1288 deletions(-) Cheers, -- Ondřej SurýKnot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver On Mon, May 29, 2017, at 14:47, Jonathan Wiltshire wrote: > Control: tag -1 moreinfo > > On Mon, May 29, 2017 at 02:17:30PM +0200, Ondřej Surý wrote: > > the 2017041101 update of dns-root-data package contains: > > > > - fixes to parse_root_data.sh script to unfail the non-dash > > shells - closes RC bug #862252 (use printf instead of echo command) > > - update root.hints to 2017041101 version (no other change then version > > though) > > - update root.key and d/rules to strip any timestamp, so the build is > > more or less reproducible (the get_orig_source still depends on > > upstream data at the time of the build, but it should be more > > reliable) > > - little fixes to parse_root_data.sh script, as suggested by shellcheck: > > + use read -r instead of read on xml2 output data > > + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument > > + use [ a ] || [ b ] syntax instead of [ a -o b ] > > This does not seem to reflect unstable right now; you have: > > dns-root-data | 2015052300+h+1 | testing | source, all > dns-root-data | 2017020200 | unstable| source, all > > The delta therefore includes many more changes, including addition of an > ICANN-copyright document with no (obvious) distribution license. > > The RC bug that your request fixes is also still open, which will block > migration anyway. > > Thanks, > > -- > Jonathan Wiltshire j...@debian.org > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 > dns-root-data_2017020200.dsc Description: Binary data dns-root-data_2017020200.debdiff Description: Binary data
Bug#863633: unblock: mosquitto/1.4.10-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mosquitto Version 1.4.10-2 currently in testing has a security issue CVE-2017-7650. This upload fixes that issue. This upload also fixes #857759, which is a regression against Jessie. unblock mosquitto/1.4.10-3 -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-71-generic (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) *** /home/roger/mosquitto.debdiff diff -Nru mosquitto-1.4.10/debian/changelog mosquitto-1.4.10/debian/changelog --- mosquitto-1.4.10/debian/changelog 2016-11-03 22:38:51.0 + +++ mosquitto-1.4.10/debian/changelog 2017-05-29 14:38:36.0 +0100 @@ -1,3 +1,16 @@ +mosquitto (1.4.10-3) unstable; urgency=high + + * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id +set to '+' or '#'. +- debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive + of messages to/from clients with a '+', '#' or '/' in their + username/client id. +- CVE-2017-7650 + * New patch debian/patches/allow_ipv6_bridges.patch allows bridges to make +IPv6 connections when using TLS (closes: #857759). + + -- Roger A. LightMon, 29 May 2017 13:43:29 +0100 + mosquitto (1.4.10-2) unstable; urgency=medium * Bumped standards version to 3.9.8. No changes needed. diff -Nru mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch --- mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch1970-01-01 01:00:00.0 +0100 +++ mosquitto-1.4.10/debian/patches/allow_ipv6_bridges.patch2017-05-29 13:50:12.0 +0100 @@ -0,0 +1,22 @@ +Description: Allow bridges to make IPv6 connections when using TLS. +Author: Roger Light +Forwarded: not-needed +Origin: upstream, https://github.com/eclipse/mosquitto/commit/98ea68490626b1d18aee2004b411294c85e62212 +--- a/lib/net_mosq.c b/lib/net_mosq.c +@@ -281,14 +281,7 @@ + + *sock = INVALID_SOCKET; + memset(, 0, sizeof(struct addrinfo)); +-#ifdef WITH_TLS +- if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk){ +- hints.ai_family = PF_INET; +- }else +-#endif +- { +- hints.ai_family = PF_UNSPEC; +- } ++ hints.ai_family = PF_UNSPEC; + hints.ai_flags = AI_ADDRCONFIG; + hints.ai_socktype = SOCK_STREAM; + diff -Nru mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch --- mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch 1970-01-01 01:00:00.0 +0100 +++ mosquitto-1.4.10/debian/patches/mosquitto-1.4.10_cve-2017-7650.patch 2017-05-28 23:10:06.0 +0100 @@ -0,0 +1,61 @@ +Description: Fix for CVE-207-7650. +Author: Roger Light +Forwarded: not-needed +Origin: upstream, https://mosquitto.org/files/cve/2017-7650/mosquitto-1.4.x_cve-2017-7650.patch +diff --git a/src/security.c b/src/security.c +index 6ae9fb9..37ce32b 100644 +--- src/security.c b/src/security.c +@@ -233,6 +233,21 @@ + { + username = context->username; + } ++ ++ /* Check whether the client id or username contains a +, # or / and if ++ * so deny access. ++ * ++ * Do this check for every message regardless, we have to protect the ++ * plugins against possible pattern based attacks. ++ */ ++ if(username && strpbrk(username, "+#/")){ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous username \"%s\"", username); ++ return MOSQ_ERR_ACL_DENIED; ++ } ++ if(context->id && strpbrk(context->id, "+#/")){ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous client id \"%s\"", context->id); ++ return MOSQ_ERR_ACL_DENIED; ++ } + return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, username, topic, access); + } + } +diff --git a/src/security_default.c b/src/security_default.c +index 64ca846..a41c21f 100644 +--- src/security_default.c b/src/security_default.c +@@ -261,6 +261,26 @@ int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *conte + } + + acl_root = db->acl_patterns; ++ ++ if(acl_root){ ++ /* We are using pattern based
Bug#863519: unblock blockdiag/1.5.3+dfsg-2
On 2017-05-29 05:26, Kouhei Maeda wrote: Hi, 2017-05-28 21:50 GMT+09:00 Jonathan Wiltshire: On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote: + * Bumps version debian/compat to 9. +- Fixes package-uses-deprecated-debhelper-compat-version. This isn't OK, please remove it. This means that reverting debian/compat version, and increments debian version? Regards, -- Kouhei Maeda KeyID 4096R/7E37CE41 Yes please. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits
Bug#863626: unblock: dns-root-data/2017041101
Control: tag -1 moreinfo On Mon, May 29, 2017 at 02:17:30PM +0200, Ondřej Surý wrote: > the 2017041101 update of dns-root-data package contains: > > - fixes to parse_root_data.sh script to unfail the non-dash > shells - closes RC bug #862252 (use printf instead of echo command) > - update root.hints to 2017041101 version (no other change then version > though) > - update root.key and d/rules to strip any timestamp, so the build is > more or less reproducible (the get_orig_source still depends on > upstream data at the time of the build, but it should be more > reliable) > - little fixes to parse_root_data.sh script, as suggested by shellcheck: > + use read -r instead of read on xml2 output data > + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument > + use [ a ] || [ b ] syntax instead of [ a -o b ] This does not seem to reflect unstable right now; you have: dns-root-data | 2015052300+h+1 | testing | source, all dns-root-data | 2017020200 | unstable| source, all The delta therefore includes many more changes, including addition of an ICANN-copyright document with no (obvious) distribution license. The RC bug that your request fixes is also still open, which will block migration anyway. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#863626: unblock: dns-root-data/2017041101
Processing control commands: > tag -1 moreinfo Bug #863626 [release.debian.org] unblock: dns-root-data/2017041101 Added tag(s) moreinfo. -- 863626: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863626 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863629: unblock: cfengine3/3.9.1-4.2
Package: release.debian.org Severity: important User: release.debian@packages.debian.org Usertags: unblock Please unblock package cfengine3 Hi, cfengine3/3.9.1-4.2, which was uploaded some days ago to unstable fixes release critical bug #852675 and bug #862903. #852675 makes cfengine3 completely unusable because it distributes only the distribution templates and not the local changes to the clients. #862903 reverses the openssl1.1 patch which made cfengine crash when contacted from cfengine3 version 3.6. Upstream says, they have big problems with the openssl1.1 patch and that the patch is not finished. Thanks Christoph -- Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php) diff -Nru cfengine3-3.9.1/debian/changelog cfengine3-3.9.1/debian/changelog --- cfengine3-3.9.1/debian/changelog2017-01-18 15:09:03.0 +0100 +++ cfengine3-3.9.1/debian/changelog2017-05-18 14:14:45.0 +0200 @@ -1,3 +1,11 @@ +cfengine3 (3.9.1-4.2) unstable; urgency=medium + + * fix masterdir configuration (closes: 852675) + * revert ssl1.1 patch which leads to segfaults with older clients +(closes: #862903) + + -- Christoph MartinThu, 18 May 2017 14:14:45 +0200 + cfengine3 (3.9.1-4.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru cfengine3-3.9.1/debian/control cfengine3-3.9.1/debian/control --- cfengine3-3.9.1/debian/control 2017-01-17 01:50:04.0 +0100 +++ cfengine3-3.9.1/debian/control 2017-05-18 14:14:45.0 +0200 @@ -2,7 +2,7 @@ Section: admin Priority: optional Maintainer: Antonio Radici -Build-Depends: debhelper (>= 7.0.50), autotools-dev, libssl-dev (>= 1.1), +Build-Depends: debhelper (>= 7.0.50), autotools-dev, libssl1.0-dev | libssl-dev (<< 1.1), flex, bison, libpcre3-dev, dh-autoreconf, libvirt-dev, libacl1-dev, liblmdb-dev, default-libmysqlclient-dev, libxml2-dev, quilt, libpam0g-dev Standards-Version: 3.9.8 diff -Nru cfengine3-3.9.1/debian/patches/series cfengine3-3.9.1/debian/patches/series --- cfengine3-3.9.1/debian/patches/series 2016-12-01 21:55:30.0 +0100 +++ cfengine3-3.9.1/debian/patches/series 2017-05-18 14:14:45.0 +0200 @@ -6,4 +6,4 @@ 0007-fix_kfreebsd_build.patch 0009_disable_spelling_errors.patch 0010_disable_date_annotation.patch -0011_build_with_openssl_1.1.patch +#0011_build_with_openssl_1.1.patch diff -Nru cfengine3-3.9.1/debian/rules cfengine3-3.9.1/debian/rules --- cfengine3-3.9.1/debian/rules2016-12-01 21:55:30.0 +0100 +++ cfengine3-3.9.1/debian/rules2017-05-18 14:14:45.0 +0200 @@ -20,7 +20,7 @@ --with-libvirt \ --with-lmdb \ --with-libxml2 \ - --with-masterdir=\$${prefix}/share/cfengine3/masterfiles \ + --with-masterdir=/var/lib/cfengine3/masterfiles \ --with-workdir=/var/lib/cfengine3 \ --with-logdir=/var/log/cfengine3 \ --with-piddir=/var/run/cfengine3 \ signature.asc Description: OpenPGP digital signature
Bug#863628: unblock: apt-mirror/0.5.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package apt-mirror apt-mirror 0.5.4 is a very small bug-fix release for stretch. It fixes the warning about the use of uninitialized value $config{"options"} (which hits most users). unblock apt-mirror/0.5.4-1 -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.dr...@profitbricks.com Web: https://www.profitbricks.com Sitz der Gesellschaft: Berlin. Registergericht: Amtsgericht Charlottenburg, HRB 125506B. Geschäftsführer: Achim Weiss. diff -Nru apt-mirror-0.5.3/apt-mirror apt-mirror-0.5.4/apt-mirror --- apt-mirror-0.5.3/apt-mirror 2017-01-06 17:26:55.0 +0100 +++ apt-mirror-0.5.4/apt-mirror 2017-05-29 13:28:34.0 +0200 @@ -294,7 +294,7 @@ if ( $line =~ $pattern_deb_line ) { $config{'type'} = $+{type}; $config{'arch'} = $+{arch}; -$config{'options'} = $+{options}; +$config{'options'} = $+{options} ? $+{options} : ""; $config{'uri'} = $+{uri}; $config{'components'} = $+{components}; if ( $config{'options'} =~ /arch=((?[\w\-]+)[,]*)/g ) { @@ -666,7 +666,7 @@ if ( @parts == 3 ) { my ( $sha1, $size, $filename ) = @parts; -if ( $filename =~ m{^$component/dep11/(Components-${arch}\.yml|icons-[^./]+\.tar)\.gz$} ) +if ( $filename =~ m{^$component/dep11/(Components-${arch}\.yml|icons-[^./]+\.tar)\.(gz|bz2|xz)$} ) { add_url_to_download( $dist_uri . $filename, $size ); } @@ -729,6 +729,8 @@ open FILES_ALL, ">" . get_variable("var_path") . "/ALL" or die("apt-mirror: can't write to intermediate file (ALL)"); open FILES_NEW, ">" . get_variable("var_path") . "/NEW" or die("apt-mirror: can't write to intermediate file (NEW)"); open FILES_MD5, ">" . get_variable("var_path") . "/MD5" or die("apt-mirror: can't write to intermediate file (MD5)"); +open FILES_SHA1, ">" . get_variable("var_path") . "/SHA1" or die("apt-mirror: can't write to intermediate file (SHA1)"); +open FILES_SHA256, ">" . get_variable("var_path") . "/SHA256" or die("apt-mirror: can't write to intermediate file (SHA256)"); my %stat_cache = (); @@ -813,7 +815,9 @@ {# Packages index $skipclean{ remove_double_slashes( $path . "/" . $lines{"Filename:"} ) } = 1; print FILES_ALL remove_double_slashes( $path . "/" . $lines{"Filename:"} ) . "\n"; -print FILES_MD5 $lines{"MD5sum:"} . " " . remove_double_slashes( $path . "/" . $lines{"Filename:"} ) . "\n"; +print FILES_MD5 $lines{"MD5sum:"} . " " . remove_double_slashes( $path . "/" . $lines{"Filename:"} ) . "\n" if defined $lines{"MD5sum:"}; +print FILES_SHA1 $lines{"SHA1:"} . " " . remove_double_slashes( $path . "/" . $lines{"Filename:"} ) . "\n" if defined $lines{"SHA1:"}; +print FILES_SHA256 $lines{"SHA256:"} . " " . remove_double_slashes( $path . "/" . $lines{"Filename:"} ) . "\n" if defined $lines{"SHA256:"}; if ( need_update( $mirror . "/" . $lines{"Filename:"}, $lines{"Size:"} ) ) { print FILES_NEW remove_double_slashes( $uri . "/" . $lines{"Filename:"} ) . "\n"; @@ -887,6 +891,8 @@ close FILES_ALL; close FILES_NEW; close FILES_MD5; +close FILES_SHA1; +close FILES_SHA256; ## ## Main download diff -Nru apt-mirror-0.5.3/CHANGELOG apt-mirror-0.5.4/CHANGELOG --- apt-mirror-0.5.3/CHANGELOG 2017-01-06 17:36:37.0 +0100 +++ apt-mirror-0.5.4/CHANGELOG 2017-05-29 13:38:52.0 +0200 @@ -1,3 +1,11 @@ +0.5.4 (2017-05-29) + * Add limit_rate to example mirror.list (fixes #72) + * Fix use of uninitialized value $config{"options"} warning (fixes #68, +Debian bug #851979, #859601) + * Fix warning on repository without md5sum (fixes #66) + * Write SHA1 and SHA256 in addition to MD5 + * Also download xz-compressed Components-$arch.yml.xz (fixes #69) + 0.5.3 (2017-01-06) * Add support for 'deb [arch=amd64] ...' format (fixes #32, #65) * Create directories including their parents diff -Nru apt-mirror-0.5.3/debian/changelog apt-mirror-0.5.4/debian/changelog --- apt-mirror-0.5.3/debian/changelog 2017-01-06 17:46:06.0 +0100 +++ apt-mirror-0.5.4/debian/changelog 2017-05-29 14:02:33.0 +0200 @@ -1,3 +1,14 @@ +apt-mirror (0.5.4-1) unstable; urgency=medium + + * New upstream bug-fix release. +- Fix use of uninitialized value $config{"options"} warning + (Closes: #851979, #859601) +- Fix warning on repository without md5sum +- Write SHA1 and SHA256 in addition to MD5 +- Also download xz-compressed Components-$arch.yml.xz + + -- Benjamin DrungMon, 29 May
Bug#863625: marked as done (unblock: botan1.10/1.10.16-1)
Your message dated Mon, 29 May 2017 13:36:13 +0100 with message-id <20170529123613.m4rtm2gho6kxm...@powdarrmonkey.net> and subject line Re: Bug#863625: unblock: botan1.10/1.10.16-1 has caused the Debian Bug report #863625, regarding unblock: botan1.10/1.10.16-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package botan1.10 Dear release team, botan1.10 1.10.16 contains only the fix for the RC bug #860072 (CVE-2017-2801: Incorrect comparison in X.509 DN strings) (+ changelog entry + version bump), so I have decided to upload 1.10.16 directly instead of patching the simple patch on top of 1.10.15. (+ update to d/watch bundled to make it work again) diffstat: botan_version.py |6 +++--- debian/changelog |8 debian/watch |2 +- doc/log.txt | 10 ++ src/alloc/alloc_mmap/mmap_mem.cpp |3 +-- src/utils/parsing.cpp |2 ++ 6 files changed, 25 insertions(+), 6 deletions(-) unblock botan1.10/1.10.16-1 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (quilt) Source: botan1.10 Binary: botan1.10-dbg, libbotan-1.10-1, libbotan1.10-dev Architecture: any Version: 1.10.16-1 Maintainer: Ondřej SurýHomepage: http://botan.randombit.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/?p=pkg-nlnetlabs/botan1.10.git Vcs-Git: git://anonscm.debian.org/pkg-nlnetlabs/botan1.10.git Build-Depends: debhelper (>= 9), libbz2-dev, libgmp3-dev, python, zlib1g-dev Package-List: botan1.10-dbg deb debug extra arch=any libbotan-1.10-1 deb libs optional arch=any libbotan1.10-dev deb libdevel optional arch=any Checksums-Sha1: 697144c34b1bf77c5b2bc1ff4d08f69ee718782b 2711177 botan1.10_1.10.16.orig.tar.gz 44fa04f97f5f5af94757774af5048a69f7a5725d 40872 botan1.10_1.10.16-1.debian.tar.xz Checksums-Sha256: 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 2711177 botan1.10_1.10.16.orig.tar.gz c30b4631e788e6ec8c256c2eb6e572a4a31075e8563cfa7bcb05e68709e054d3 40872 botan1.10_1.10.16-1.debian.tar.xz Files: d0c88b523b5aeaaeaf7a3f39dd9d1f3e 2711177 botan1.10_1.10.16.orig.tar.gz d446e25344b6e0ad20f4ea390d619d97 40872 botan1.10_1.10.16-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksDBdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwel5Q//WXrxeAk/nkyer1wymmhmlZ9mn79CInfKnvPeeT/OVDaljHfbC72X/W7/ Iphzb26ZBgFzbxXoIUarA4LWw9gz5TkIrW4jr8CO2lSShH9vVJ6IENCvYew9mrRe ZctPI8mEkQL0NVsE9F//9p77aeuqM6sFhHEuW5HpuOg3HdrUjaRjrbFN1UHvhf0E YeU3g15pwom6IwWwWpNTTXt/qXz+XGnTrZ6EjAzGX9nFeMUmlOYxZImRJNMW4xIp ++ixgm2AF21buKCqmzpVYe+nltUCcWI6VFC27XFDBZBcAg6kCo+vi2F4671ugRuu bTLJ8r3+vfcaw1Il+zqUOybW5+d0+gxy9zS4DnnGY7zzbiwqtEPPBQP1c4+eXcoY zUMeof3TvjNCcx4aViNRL9XXw5x2qKkdFfxND2MzpEaR+/I3bu3UG1+MIqVb1GaF OqWBa+hx+NN+BhTJWl33LtDCEjw+f17OBKj4mVZgwVCalxSBLC2s7rTrj0DZ2f7L fBhH7VTmjzbfnyudUnS6Joewu4nFqftUbT8eUJ8tg2ezqTiEw29pCgA5vI6mFQYE sga1xfA6J1U3ZMgcyEfF7dlXC2Z4qtYXCmbT4KqS7mEA+r5GP9+TFnoSpEp0LCDU rJBEYF0VnKfWUoQy+2SWKVRgyHSI0/GPhbYd4uP4wVTNjNYlHv0= =Zz4K -END PGP SIGNATURE- diff -Nru botan1.10-1.10.15/botan_version.py botan1.10-1.10.16/botan_version.py --- botan1.10-1.10.15/botan_version.py 2017-01-13 02:48:25.0 +0100 +++ botan1.10-1.10.16/botan_version.py 2017-04-05 03:07:02.0 +0200 @@ -1,11 +1,11 @@ release_major = 1 release_minor = 10 -release_patch = 15 +release_patch = 16 release_so_abi_rev = 1 # These are set by the distribution script -release_vc_rev = 'git:f79e642ab8c09971968abdfe6990df6801711e1f' -release_datestamp = 20170112 +release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' +release_datestamp = 20170404 release_type = 'released' diff -Nru botan1.10-1.10.15/debian/changelog
Bug#863624: marked as done (unblock: lua-http/0.1-3)
Your message dated Mon, 29 May 2017 13:33:58 +0100 with message-id <20170529123358.wrw4rhfgtyche...@powdarrmonkey.net> and subject line Re: Bug#863624: unblock: lua-http/0.1-3 has caused the Debian Bug report #863624, regarding unblock: lua-http/0.1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863624 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package lua-http Dear release team, the 0.1-3 update fixes two bugs: - 0.1-1 package contained incorrect Breaks, this was fixed in 0.1-2 but never uploaded to unstable - 0.1-3 contains upstream patch to fix RC bug #863286 (HTTP Request string failed in non-comma-as-separator locales) unblock lua-http/0.1-3 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (quilt) Source: lua-http Binary: lua-http Architecture: all Version: 0.1-3 Maintainer: Ondřej SurýHomepage: https://github.com/daurnimator/lua-http Standards-Version: 3.9.8 Vcs-Browser: https://anonscm.debian.org/git/pkg-lua/lua-http.git Vcs-Git: git://anonscm.debian.org/pkg-lua/lua-http.git Build-Depends: debhelper (>= 9), dh-lua, pandoc Package-List: lua-http deb interpreters optional arch=all Checksums-Sha1: b03216bb5c903b07678464664c142ff9c76833c0 116507 lua-http_0.1.orig.tar.gz 36f72780773ad5752ce33568af9b30de0a582664 3452 lua-http_0.1-3.debian.tar.xz Checksums-Sha256: 4ba01edc7f02d49f98cf98883d7ad9b47f5e4c11dd95d5149f980f40ba12e546 116507 lua-http_0.1.orig.tar.gz 537488d3a5d918be5f5b625ca53582e318e66484f58f4d9cf034744219275696 3452 lua-http_0.1-3.debian.tar.xz Files: f5da73665fb3a13cd600e8b17e0c1bb9 116507 lua-http_0.1.orig.tar.gz 2e5cbfb4a8dca99abf5fb33d5d4569fb 3452 lua-http_0.1-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksChtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwej0w//aN0E0k7GSSpB4wY/zaZWAG3x1fzY9diWU6HF7QvE+r4WDunVwXG8trW/ /JA1ilJfvCLkuBG9C0sFIiLWtkRVrGaZzudbEcEZvjMB4Q4QfvAbpG6v0SJzH8jA TGj3YeF6IkSG9qUDB94o4pKTfiGEFIvdAP3UqHeJElsMYTMfN16O/HQ6VLC0C1lr PG8aLnG+dik5eDtu8oopchRTHEj8iD7A0VMPK/7FN6VagaDpWm4F6+cEOq2IEqTj gbrW4yJqHYEvc3OMhpQ9PiO+sJ8zHxD+z2fzHeXTz5AZQFLwWsZaPRZ6pC/mcvfx 91vZ0330zJ2Bm/dtZ7LSlUncB8gHTX16YiLc3uZc/A6wDM3x4i6LGaGYcr1DaVVv hBpM7JoPmPFl31gue/MmY9wPe+JAzVKozPJs2aNoCgsrBFdyT3bUe6ZRkop9ITjb VU0C2uKdxp7xl2+WDbTyKrkpgxVBI9TDwtwQHDIDZB/5qkLvkhHem0YCJZGBLFxa yeNV97mOoinQp9haDHeBrbImSgNFY/hy+X+weDI8PfVp2s8AvM/DyfZQK8YafgJK 5m/YOQ4gMWIhPCPMdXy3onmYJuBAa2MehHlq+ZZGH83BrImIUmFqAN+D876NjnSh MR/uHYAkxZK8njUwc2dRFrHVZ/v2SqAtxahBsXVXlE+nqgD8f+0= =Wpip -END PGP SIGNATURE- diff -Nru lua-http-0.1/debian/changelog lua-http-0.1/debian/changelog --- lua-http-0.1/debian/changelog 2016-12-19 13:13:38.0 +0100 +++ lua-http-0.1/debian/changelog 2017-05-29 13:39:46.0 +0200 @@ -1,3 +1,16 @@ +lua-http (0.1-3) unstable; urgency=medium + + * Fix request building in locales with comma decimal separator +(Closes: #863286) (Courtesy of Daurnimator) + + -- Ondřej Surý Mon, 29 May 2017 13:39:46 +0200 + +lua-http (0.1-2) unstable; urgency=medium + + * New lua-http breaks knot-resolver-module-http and not knot-resolver + + -- Ondřej Surý Tue, 20 Dec 2016 11:39:33 +0100 + lua-http (0.1-1) unstable; urgency=medium * Imported Upstream version 0.1 diff -Nru lua-http-0.1/debian/control lua-http-0.1/debian/control --- lua-http-0.1/debian/control 2016-12-19 13:13:38.0 +0100 +++ lua-http-0.1/debian/control 2017-05-29 13:39:46.0 +0200 @@ -21,7 +21,7 @@ lua-luaossl (>= 20161208), ${misc:Depends}, ${shlibs:Depends} -Breaks: knot-resolver (<< 1.2.0~) +Breaks: knot-resolver-module-http (<< 1.2.0~) Provides: ${lua:Provides} XB-Lua-Versions: ${lua:Versions} Description: HTTP library for Lua diff -Nru
Bug#863575: marked as done (unblock: node-concat-stream/1.5.1-2)
Your message dated Mon, 29 May 2017 13:26:19 +0100 with message-id <20170529122619.gon3efu7dep5b...@powdarrmonkey.net> and subject line Re: Bug#863575: unblock: node-concat-stream/1.5.1-2 has caused the Debian Bug report #863575, regarding unblock: node-concat-stream/1.5.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863575: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863575 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package node-concat-stream Node-concat-stream is vunerable to Uninitialized Memory Exposure (CWE-201). This was reported in bug https://bugs.debian.org/cgi- bin/bugreport.cgi?archive=no=863481. This was fixed upstream, and a version of the fixing commit is included in this version as a patch. The patch has been tested with the upstream testsuite, which unfortunately has to be disabled as the testing framework (node-tape) does not exist in testing. More information can be found in the attached debdiff (between tesing & unstable), in the patch description. unblock node-concat-stream/1.5.1-2 -- System Information: Debian Release: stretch/sid APT prefers yakkety-updates APT policy: (500, 'yakkety-updates'), (500, 'yakkety-security'), (500, 'yakkety'), (100, 'yakkety-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) diff -Nru node-concat-stream-1.5.1/debian/changelog node-concat-stream-1.5.1/debian/changelog --- node-concat-stream-1.5.1/debian/changelog 2015-11-08 17:03:58.0 +0100 +++ node-concat-stream-1.5.1/debian/changelog 2017-05-28 16:19:49.0 +0200 @@ -1,3 +1,12 @@ +node-concat-stream (1.5.1-2) unstable; urgency=high + + * Apply upstream fix for Uninitialized Memory Exposure weakness CWE-201 +(Closes: #863481) + * Use stretch git branch + * Use Ubuntu email address + + -- Ross GammonSun, 28 May 2017 16:19:49 +0200 + node-concat-stream (1.5.1-1) unstable; urgency=low * Initial release (Closes: #796351) diff -Nru node-concat-stream-1.5.1/debian/control node-concat-stream-1.5.1/debian/control --- node-concat-stream-1.5.1/debian/control 2015-11-08 17:03:58.0 +0100 +++ node-concat-stream-1.5.1/debian/control 2017-05-28 16:19:49.0 +0200 @@ -2,13 +2,13 @@ Section: web Priority: optional Maintainer: Debian Javascript Maintainers -Uploaders: Ross Gammon +Uploaders: Ross Gammon Build-Depends: debhelper (>= 9), dh-buildinfo, nodejs Standards-Version: 3.9.6 Homepage: https://github.com/maxogden/concat-stream#readme -Vcs-Git: git://anonscm.debian.org/pkg-javascript/node-concat-stream.git +Vcs-Git: git://anonscm.debian.org/pkg-javascript/node-concat-stream.git -b stretch Vcs-Browser: https://anonscm.debian.org/cgit/pkg-javascript/node-concat-stream.git Package: node-concat-stream diff -Nru node-concat-stream-1.5.1/debian/gbp.conf node-concat-stream-1.5.1/debian/gbp.conf --- node-concat-stream-1.5.1/debian/gbp.conf 2015-11-08 17:03:58.0 +0100 +++ node-concat-stream-1.5.1/debian/gbp.conf 2017-05-28 16:19:49.0 +0200 @@ -6,7 +6,7 @@ # The default name for the Debian branch is "master". # Change it if the name is different (for instance, "debian/unstable"). -debian-branch = master +debian-branch = stretch # git-import-orig uses the following names for the upstream tags. # Change the value if you are not using git-import-orig diff -Nru node-concat-stream-1.5.1/debian/patches/series node-concat-stream-1.5.1/debian/patches/series --- node-concat-stream-1.5.1/debian/patches/series 2015-11-08 17:03:58.0 +0100 +++ node-concat-stream-1.5.1/debian/patches/series 2017-05-28 16:19:49.0 +0200 @@ -1 +1,2 @@ readable-stream.patch +to-string_numbers.patch diff -Nru node-concat-stream-1.5.1/debian/patches/to-string_numbers.patch node-concat-stream-1.5.1/debian/patches/to-string_numbers.patch --- node-concat-stream-1.5.1/debian/patches/to-string_numbers.patch 1970-01-01 01:00:00.0 +0100 +++ node-concat-stream-1.5.1/debian/patches/to-string_numbers.patch 2017-05-28 16:19:49.0 +0200 @@ -0,0 +1,81 @@ +Description: to-string numbers written to the stream + Node-concat-stream is vulnerable to Uninitialized Memory Exposure. This + possible memory disclosure vulnerability exists when a
Bug#863573: unblock: diamond/4.0.515-4
Control: tag -1 moreinfo On Sun, May 28, 2017 at 03:58:13PM -0400, Sandro Tosi wrote: > This upload improves (even if only slightly, as a proper solution is still > being > worked on by upstream) the stop/restart time of diamond, by setting the > systemd > killmode to mixed. I'm not sure how comfortable I am about this. Is the change to KillMode upstream advice? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#863626: unblock: dns-root-data/2017041101
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dns-root-data Dear release team, the 2017041101 update of dns-root-data package contains: - fixes to parse_root_data.sh script to unfail the non-dash shells - closes RC bug #862252 (use printf instead of echo command) - update root.hints to 2017041101 version (no other change then version though) - update root.key and d/rules to strip any timestamp, so the build is more or less reproducible (the get_orig_source still depends on upstream data at the time of the build, but it should be more reliable) - little fixes to parse_root_data.sh script, as suggested by shellcheck: + use read -r instead of read on xml2 output data + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument + use [ a ] || [ b ] syntax instead of [ a -o b ] unblock dns-root-data/2017041101 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (native) Source: dns-root-data Binary: dns-root-data Architecture: all Version: 2017041101 Maintainer: Debian DNS MaintainersUploaders: Ondřej Surý , Robert Edmonds Homepage: https://data.iana.org/root-anchors/ Standards-Version: 3.9.6 Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git Build-Depends: debhelper (>= 8.0.0), unbound-anchor, openssl, ldnsutils, xml2 Package-List: dns-root-data deb misc optional arch=all Checksums-Sha1: 36bfc25763062a4ccc784ced1d821faf8a3f442e 14316 dns-root-data_2017041101.tar.xz Checksums-Sha256: c88bb15f1e16dba1a525928e190999fdc70b16d06e40f2aa9c7b81c4740c30d5 14316 dns-root-data_2017041101.tar.xz Files: 4982844cb0e3b0223fdc93bf9671adc3 14316 dns-root-data_2017041101.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksENtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwf1vA/9HNXfzN7Z8tUuDm40HsXrCR6vK1KfGpcsoYkqZtyqEnkCSwCjzBCpuXzd IO9bVVzQaUkzvxVK8Gq0hJaKri7BUKmgRTg9v8MmcIoqmmyi3TIxU5NFUbTgFwaj qy47bq/gNVJUrYGQJssSE70fHv1iCwWT3Y3xHNdNJfkjiOqIgqgJwB7RzXcPZjgF ZqzUWelV6vDUE1OsOCo2a8hLRGZa11qK/mbZ8eBhYOwVzf6S/z/tZ7L2y2oUEC3J u2et1PweqCmQPNC2Xs9KRya9XdFBuMRt4x3EPHygG0u8sziioVaHeNgfNP66gU2g FlADNfrgS7KLTwXlfHkJ1JLW5/9Zbce3HFdfNGBwESxWSPLJRhCVcycN3N/71T/h aycV57+hG+rHGOsCdNa9c79KrriikrokBilA31NDmOH77wk6g88EhYtvG7TRbd3S sCAYPdk06aIAz2V8nMOXATag5iLRrtdlcJaqvmpfB2NyrXWXOlgb0mTc912ACY6B seDPD3OAmVG5ubOUkBSMyQj7tabjOKkHu+ioYOs3AEYVyIlFxfvle4GwPb6XLaze gaf5ECU4UdZb/7ARKcX3PEL/UQXxIH3F7CExliqQZ/kqqXD0nWcS16I/BuW+YkwP 86k6ofr1/oxiHbdkFEQvSAocbv2GN74jO2R1Q6p7ptv7K4Ey8Og= =pbH7 -END PGP SIGNATURE- diff -Nru dns-root-data-2017020200/debian/changelog dns-root-data-2017041101/debian/changelog --- dns-root-data-2017020200/debian/changelog 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/debian/changelog 2017-05-29 14:05:37.0 +0200 @@ -1,3 +1,12 @@ +dns-root-data (2017041101) unstable; urgency=medium + + * Fix parse-root-anchors.sh in non-dash shells (Closes: #862252) + * Update to 2017041101 version of root zone + * Remove timestamps from root.key to make the build reproducible + * Shell syntax cleanup + + -- Ondřej Surý Mon, 29 May 2017 14:05:37 +0200 + dns-root-data (2017020200) unstable; urgency=medium * Update to 2016102001 version of the root.zone diff -Nru dns-root-data-2017020200/debian/rules dns-root-data-2017041101/debian/rules --- dns-root-data-2017020200/debian/rules 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/debian/rules 2017-05-29 14:05:37.0 +0200 @@ -32,6 +32,6 @@ /usr/sbin/unbound-anchor \ -a $(CURDIR)/root-auto.key \ -c $(CURDIR)/icannbundle.pem || echo "Check the root-auto.key" - < root-auto.key grep -Ev "^($$|;)" > root.key + < root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > root.key rm root-auto.key wget -O $(CURDIR)/root.hints "http://www.internic.net/domain/named.root; diff -Nru dns-root-data-2017020200/parse-root-anchors.sh dns-root-data-2017041101/parse-root-anchors.sh --- dns-root-data-2017020200/parse-root-anchors.sh 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/parse-root-anchors.sh 2017-05-29 14:05:37.0 +0200 @@ -5,19 +5,19 @@ TTL=172800 export
Processed: Re: Bug#863573: unblock: diamond/4.0.515-4
Processing control commands: > tag -1 moreinfo Bug #863573 [release.debian.org] unblock: diamond/4.0.515-4 Added tag(s) moreinfo. -- 863573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863573 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863453: unblock: acmetool/0.0.59-1
Control: tag -1 moreinfo On Fri, May 26, 2017 at 10:10:57PM -0400, Peter Colberg wrote: > * Validate hostnames in 'acmetool want' [1] > * Allow environment variables to be passed to challenge hooks [2] > * Allow acmeapi to obtain new nonces if nonce pool is depleted [3] > * Don't attempt fdb permission tests on non-cgo builds [4] > * Add read/write timeouts to redirector server [5] > * Allow hidden files within the state directory [6] None of these issues seem to have corresponding BTS bugs. If they did, which severity would you choose? (hint: if they're not at least 'serious'...) Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Processed: Re: Bug#863453: unblock: acmetool/0.0.59-1
Processing control commands: > tag -1 moreinfo Bug #863453 [release.debian.org] unblock: acmetool/0.0.59-1 Added tag(s) moreinfo. -- 863453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863453 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#863625: unblock: botan1.10/1.10.16-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package botan1.10 Dear release team, botan1.10 1.10.16 contains only the fix for the RC bug #860072 (CVE-2017-2801: Incorrect comparison in X.509 DN strings) (+ changelog entry + version bump), so I have decided to upload 1.10.16 directly instead of patching the simple patch on top of 1.10.15. (+ update to d/watch bundled to make it work again) diffstat: botan_version.py |6 +++--- debian/changelog |8 debian/watch |2 +- doc/log.txt | 10 ++ src/alloc/alloc_mmap/mmap_mem.cpp |3 +-- src/utils/parsing.cpp |2 ++ 6 files changed, 25 insertions(+), 6 deletions(-) unblock botan1.10/1.10.16-1 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (quilt) Source: botan1.10 Binary: botan1.10-dbg, libbotan-1.10-1, libbotan1.10-dev Architecture: any Version: 1.10.16-1 Maintainer: Ondřej SurýHomepage: http://botan.randombit.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/?p=pkg-nlnetlabs/botan1.10.git Vcs-Git: git://anonscm.debian.org/pkg-nlnetlabs/botan1.10.git Build-Depends: debhelper (>= 9), libbz2-dev, libgmp3-dev, python, zlib1g-dev Package-List: botan1.10-dbg deb debug extra arch=any libbotan-1.10-1 deb libs optional arch=any libbotan1.10-dev deb libdevel optional arch=any Checksums-Sha1: 697144c34b1bf77c5b2bc1ff4d08f69ee718782b 2711177 botan1.10_1.10.16.orig.tar.gz 44fa04f97f5f5af94757774af5048a69f7a5725d 40872 botan1.10_1.10.16-1.debian.tar.xz Checksums-Sha256: 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52 2711177 botan1.10_1.10.16.orig.tar.gz c30b4631e788e6ec8c256c2eb6e572a4a31075e8563cfa7bcb05e68709e054d3 40872 botan1.10_1.10.16-1.debian.tar.xz Files: d0c88b523b5aeaaeaf7a3f39dd9d1f3e 2711177 botan1.10_1.10.16.orig.tar.gz d446e25344b6e0ad20f4ea390d619d97 40872 botan1.10_1.10.16-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksDBdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwel5Q//WXrxeAk/nkyer1wymmhmlZ9mn79CInfKnvPeeT/OVDaljHfbC72X/W7/ Iphzb26ZBgFzbxXoIUarA4LWw9gz5TkIrW4jr8CO2lSShH9vVJ6IENCvYew9mrRe ZctPI8mEkQL0NVsE9F//9p77aeuqM6sFhHEuW5HpuOg3HdrUjaRjrbFN1UHvhf0E YeU3g15pwom6IwWwWpNTTXt/qXz+XGnTrZ6EjAzGX9nFeMUmlOYxZImRJNMW4xIp ++ixgm2AF21buKCqmzpVYe+nltUCcWI6VFC27XFDBZBcAg6kCo+vi2F4671ugRuu bTLJ8r3+vfcaw1Il+zqUOybW5+d0+gxy9zS4DnnGY7zzbiwqtEPPBQP1c4+eXcoY zUMeof3TvjNCcx4aViNRL9XXw5x2qKkdFfxND2MzpEaR+/I3bu3UG1+MIqVb1GaF OqWBa+hx+NN+BhTJWl33LtDCEjw+f17OBKj4mVZgwVCalxSBLC2s7rTrj0DZ2f7L fBhH7VTmjzbfnyudUnS6Joewu4nFqftUbT8eUJ8tg2ezqTiEw29pCgA5vI6mFQYE sga1xfA6J1U3ZMgcyEfF7dlXC2Z4qtYXCmbT4KqS7mEA+r5GP9+TFnoSpEp0LCDU rJBEYF0VnKfWUoQy+2SWKVRgyHSI0/GPhbYd4uP4wVTNjNYlHv0= =Zz4K -END PGP SIGNATURE- diff -Nru botan1.10-1.10.15/botan_version.py botan1.10-1.10.16/botan_version.py --- botan1.10-1.10.15/botan_version.py 2017-01-13 02:48:25.0 +0100 +++ botan1.10-1.10.16/botan_version.py 2017-04-05 03:07:02.0 +0200 @@ -1,11 +1,11 @@ release_major = 1 release_minor = 10 -release_patch = 15 +release_patch = 16 release_so_abi_rev = 1 # These are set by the distribution script -release_vc_rev = 'git:f79e642ab8c09971968abdfe6990df6801711e1f' -release_datestamp = 20170112 +release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' +release_datestamp = 20170404 release_type = 'released' diff -Nru botan1.10-1.10.15/debian/changelog botan1.10-1.10.16/debian/changelog --- botan1.10-1.10.15/debian/changelog 2017-01-13 09:47:48.0 +0100 +++ botan1.10-1.10.16/debian/changelog 2017-05-29 13:45:02.0 +0200 @@ -1,3 +1,11 @@ +botan1.10 (1.10.16-1) unstable; urgency=high + + * Update d/watch to match new upstream download directory + * New upstream version 1.10.16 ++ [CVE-2017-2801]: Incorrect comparison in X.509 DN strings + + -- Ondřej Surý Mon, 29 May 2017 13:45:02 +0200 + botan1.10 (1.10.15-1) unstable; urgency=medium * New upstream version 1.10.15 diff -Nru botan1.10-1.10.15/debian/watch botan1.10-1.10.16/debian/watch --- botan1.10-1.10.15/debian/watch 2017-01-13 09:47:48.0 +0100 +++ botan1.10-1.10.16/debian/watch 2017-05-29 13:45:02.0 +0200 @@ -1,2 +1,2 @@ version=3
Bug#863624: unblock: lua-http/0.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package lua-http Dear release team, the 0.1-3 update fixes two bugs: - 0.1-1 package contained incorrect Breaks, this was fixed in 0.1-2 but never uploaded to unstable - 0.1-3 contains upstream patch to fix RC bug #863286 (HTTP Request string failed in non-comma-as-separator locales) unblock lua-http/0.1-3 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (quilt) Source: lua-http Binary: lua-http Architecture: all Version: 0.1-3 Maintainer: Ondřej SurýHomepage: https://github.com/daurnimator/lua-http Standards-Version: 3.9.8 Vcs-Browser: https://anonscm.debian.org/git/pkg-lua/lua-http.git Vcs-Git: git://anonscm.debian.org/pkg-lua/lua-http.git Build-Depends: debhelper (>= 9), dh-lua, pandoc Package-List: lua-http deb interpreters optional arch=all Checksums-Sha1: b03216bb5c903b07678464664c142ff9c76833c0 116507 lua-http_0.1.orig.tar.gz 36f72780773ad5752ce33568af9b30de0a582664 3452 lua-http_0.1-3.debian.tar.xz Checksums-Sha256: 4ba01edc7f02d49f98cf98883d7ad9b47f5e4c11dd95d5149f980f40ba12e546 116507 lua-http_0.1.orig.tar.gz 537488d3a5d918be5f5b625ca53582e318e66484f58f4d9cf034744219275696 3452 lua-http_0.1-3.debian.tar.xz Files: f5da73665fb3a13cd600e8b17e0c1bb9 116507 lua-http_0.1.orig.tar.gz 2e5cbfb4a8dca99abf5fb33d5d4569fb 3452 lua-http_0.1-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksChtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwej0w//aN0E0k7GSSpB4wY/zaZWAG3x1fzY9diWU6HF7QvE+r4WDunVwXG8trW/ /JA1ilJfvCLkuBG9C0sFIiLWtkRVrGaZzudbEcEZvjMB4Q4QfvAbpG6v0SJzH8jA TGj3YeF6IkSG9qUDB94o4pKTfiGEFIvdAP3UqHeJElsMYTMfN16O/HQ6VLC0C1lr PG8aLnG+dik5eDtu8oopchRTHEj8iD7A0VMPK/7FN6VagaDpWm4F6+cEOq2IEqTj gbrW4yJqHYEvc3OMhpQ9PiO+sJ8zHxD+z2fzHeXTz5AZQFLwWsZaPRZ6pC/mcvfx 91vZ0330zJ2Bm/dtZ7LSlUncB8gHTX16YiLc3uZc/A6wDM3x4i6LGaGYcr1DaVVv hBpM7JoPmPFl31gue/MmY9wPe+JAzVKozPJs2aNoCgsrBFdyT3bUe6ZRkop9ITjb VU0C2uKdxp7xl2+WDbTyKrkpgxVBI9TDwtwQHDIDZB/5qkLvkhHem0YCJZGBLFxa yeNV97mOoinQp9haDHeBrbImSgNFY/hy+X+weDI8PfVp2s8AvM/DyfZQK8YafgJK 5m/YOQ4gMWIhPCPMdXy3onmYJuBAa2MehHlq+ZZGH83BrImIUmFqAN+D876NjnSh MR/uHYAkxZK8njUwc2dRFrHVZ/v2SqAtxahBsXVXlE+nqgD8f+0= =Wpip -END PGP SIGNATURE- diff -Nru lua-http-0.1/debian/changelog lua-http-0.1/debian/changelog --- lua-http-0.1/debian/changelog 2016-12-19 13:13:38.0 +0100 +++ lua-http-0.1/debian/changelog 2017-05-29 13:39:46.0 +0200 @@ -1,3 +1,16 @@ +lua-http (0.1-3) unstable; urgency=medium + + * Fix request building in locales with comma decimal separator +(Closes: #863286) (Courtesy of Daurnimator) + + -- Ondřej Surý Mon, 29 May 2017 13:39:46 +0200 + +lua-http (0.1-2) unstable; urgency=medium + + * New lua-http breaks knot-resolver-module-http and not knot-resolver + + -- Ondřej Surý Tue, 20 Dec 2016 11:39:33 +0100 + lua-http (0.1-1) unstable; urgency=medium * Imported Upstream version 0.1 diff -Nru lua-http-0.1/debian/control lua-http-0.1/debian/control --- lua-http-0.1/debian/control 2016-12-19 13:13:38.0 +0100 +++ lua-http-0.1/debian/control 2017-05-29 13:39:46.0 +0200 @@ -21,7 +21,7 @@ lua-luaossl (>= 20161208), ${misc:Depends}, ${shlibs:Depends} -Breaks: knot-resolver (<< 1.2.0~) +Breaks: knot-resolver-module-http (<< 1.2.0~) Provides: ${lua:Provides} XB-Lua-Versions: ${lua:Versions} Description: HTTP library for Lua diff -Nru lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch --- lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch 1970-01-01 01:00:00.0 +0100 +++ lua-http-0.1/debian/patches/0001-http-h1_connection-Fix-request-building-in-locales-w.patch 2017-05-29 13:39:46.0 +0200 @@ -0,0 +1,32 @@ +From: daurnimator +Date: Thu, 25 May 2017 11:04:32 +1000 +Subject: http/h1_connection: Fix request building in locales with comma + decimal separator + +Reported at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863286 +--- + http/h1_connection.lua | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/http/h1_connection.lua b/http/h1_connection.lua +index 1dd5def..28db038 100644
Bug#863590: marked as done (unblock: libsndfile/1.0.27-3)
Your message dated Mon, 29 May 2017 10:37:00 + with message-id <6b85364d-4118-7e20-0ac2-99560b6bf...@thykier.net> and subject line Re: Bug#863590: unblock: libsndfile/1.0.27-3 has caused the Debian Bug report #863590, regarding unblock: libsndfile/1.0.27-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863590: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863590 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libsndfile this upload backports fixes for a number of security-related bugs (CVE-2017-7742, CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365) from upstream. since libsndfile is a widely used library for reading/writing soundfiles of many formats, security issues affect quite a number of ordinary desktops. unblock libsndfile/1.0.27-3 -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru libsndfile-1.0.27/debian/changelog libsndfile-1.0.27/debian/changelog --- libsndfile-1.0.27/debian/changelog 2017-04-04 15:33:45.0 +0200 +++ libsndfile-1.0.27/debian/changelog 2017-05-28 22:52:39.0 +0200 @@ -1,3 +1,24 @@ +libsndfile (1.0.27-3) unstable; urgency=medium + + * Mentioned CVEs fixed by fix_bufferoverflows.patch +(CVE-2017-7741, CVE-2017-7586, CVE-2017-7585) + * Backported patch for error handling of malicious/broken FLAC files +(CVE-2017-7742, CVE-2017-7741, CVE-2017-7585) +(Closes: #860255) + * Backported patch to fix buffer read overflow in FLAC code +(CVE-2017-8362) +(Closes: #862204) + * Backported patches to fix memory leaks in FLAC code +(CVE-2017-8363) +(Closes: #862203) + * Backported patch to fix buffer overruns in FLAC-code +(CVE-2017-8365, CVE-2017-8363, CVE-2017-8361) +(Closes: #862205, #862203, #862202) + + * Added Vcs-* stanzas to d/control + + -- IOhannes m zmölnig (Debian/GNU)Sun, 28 May 2017 22:52:39 +0200 + libsndfile (1.0.27-2) unstable; urgency=medium * Backported fixes for buffer-write overflows from 1.0.28. diff -Nru libsndfile-1.0.27/debian/control libsndfile-1.0.27/debian/control --- libsndfile-1.0.27/debian/control2017-04-04 15:33:45.0 +0200 +++ libsndfile-1.0.27/debian/control2017-05-28 22:52:39.0 +0200 @@ -9,6 +9,8 @@ libasound2-dev [linux-any] Standards-Version: 3.9.8 Homepage: http://www.mega-nerd.com/libsndfile/ +Vcs-Git: https://anonscm.debian.org/git/collab-maint/libsndfile.git +Vcs-Browser: https://anonscm.debian.org/git/collab-maint/libsndfile.git Package: libsndfile1-dev Section: libdevel diff -Nru libsndfile-1.0.27/debian/patches/CVE-2017-7742.patch libsndfile-1.0.27/debian/patches/CVE-2017-7742.patch --- libsndfile-1.0.27/debian/patches/CVE-2017-7742.patch1970-01-01 01:00:00.0 +0100 +++ libsndfile-1.0.27/debian/patches/CVE-2017-7742.patch2017-05-28 22:52:39.0 +0200 @@ -0,0 +1,89 @@ +Description: more fixes for FLAC error handling + fixes CVE-2017-7742, CVE-2017-7741, CVE-2017-7585 +Author: Eric de Castro Lopo +Origin: upstream +Applied-Upstream: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 +Last-Update: 2017-05-28 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libsndfile.orig/src/flac.c libsndfile/src/flac.c +@@ -68,9 +68,9 @@ + unsigned bufferpos ; + + const FLAC__Frame *frame ; +- FLAC__bool bufferbackup ; + + unsigned compression ; ++ + } FLAC_PRIVATE ; + + typedef struct +@@ -187,10 +187,9 @@ + + if (pflac->ptr == NULL) + { /* +- ** Not sure why this code is here and not elsewhere. +- ** Removing it causes valgrind errors. ++ ** This pointer is reset to NULL each time the current frame has been ++ ** decoded. Somehow its used during encoding and decoding. + */ +- pflac->bufferbackup = SF_TRUE ; + for (i = 0 ; i < channels ; i++) + { + if (pflac->rbuffer [i] == NULL) +@@ -206,6 +205,11 @@ + + len = SF_MIN (pflac->len, frame->header.blocksize) ; + ++
Bug#863320: Acknowledgement ((pre-approval) unblock: ganeti/2.15.2-8)
Control: retitle -1 unblock: ganeti/2.15.2-8 Since we are near the release deadline, I uploaded 2.15.2-8 (including two new fixes, see below) to unstable, to gain some time and clear piuparts and CI tests. The upload includes two additional fixes for issues found while migrating part of our cluster to Stretch: - A fix for a bug in a pre-migration check when migrating between different hypervisor versions. These migrations would always fail on Debian, because of code running on the master node as non-root unintentionally. - A fix for instance import/export/move, because of a wrong socat parameter. Instead of renaming the parameter to the new name as upstream did[1], I opted to completely remove it and let socat/OpenSSL pick the best protocol version available (instead of hard-coding good old TLSv1). Full debdiff attached, interdiff follows. Regards, Apollon [1] https://github.com/ganeti/ganeti/commit/d5d747d5e9273e2fbbf99e7f83b313f56f8656bb Interdiff: diff -u ganeti-2.15.2/debian/changelog ganeti-2.15.2/debian/changelog --- ganeti-2.15.2/debian/changelog 2017-05-23 15:49:40.0 +0300 +++ ganeti-2.15.2/debian/changelog 2017-05-23 15:49:40.0 +0300 @@ -11,6 +11,13 @@ key type/length parameters without running cfgupgrade. * Document the new SSH key support in d/NEWS. * Update project Homepage (Closes: #862829) + * Fix pre-migration check bug causing failure when migrating between different +hypervisor versions and running luxid as non-root. Note that this does not +mean that migrations between different hypervisor versions are safe and/or +suppported. + * Fix instance import/export/move with current socat versions, by dropping +the SSL method= socat option and letting socat/OpenSSL pick the best +available. * d/copyright: bump years -- Apollon OikonomopoulosTue, 23 May 2017 15:49:40 +0300 diff -u ganeti-2.15.2/debian/patches/series ganeti-2.15.2/debian/patches/series --- ganeti-2.15.2/debian/patches/series 2017-05-23 15:49:40.0 +0300 +++ ganeti-2.15.2/debian/patches/series 2017-05-23 15:49:40.0 +0300 @@ -15,0 +16,2 @@ +use-hv-class-to-check-for-migration.patch +do-not-specify-socat-ssl-method.patch only in patch2: unchanged: --- ganeti-2.15.2/debian/patches/do-not-specify-socat-ssl-method.patch 1970-01-01 02:00:00.0 +0200 +++ ganeti-2.15.2/debian/patches/do-not-specify-socat-ssl-method.patch 2017-05-23 15:49:40.0 +0300 @@ -0,0 +1,30 @@ +From f8cfc917a890de1d2489ab89775780c41b68a651 Mon Sep 17 00:00:00 2001 +From: Apollon Oikonomopoulos +Date: Fri, 26 May 2017 12:45:41 +0300 +Subject: [PATCH 3/3] impexpd: do not specify SSL method + +Recent versions of socat have changed the OpenSSL method name from TLSv1 +to TLS1, making instance import/export fail. Since there is no reason to +force a specific (old) TLS version now that SSLv3 support has been removed +from OpenSSL, it makes sense to just let socat choose. +--- + lib/impexpd/__init__.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/impexpd/__init__.py b/lib/impexpd/__init__.py +index f40db31e4..97a9716cc 100644 +--- a/lib/impexpd/__init__.py b/lib/impexpd/__init__.py +@@ -88,8 +88,7 @@ BUFSIZE = 1024 * 1024 + + # Common options for socat + SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"] +-SOCAT_OPENSSL_OPTS = ["verify=1", "method=TLSv1", +- "cipher=%s" % constants.OPENSSL_CIPHERS] ++SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=%s" % constants.OPENSSL_CIPHERS] + + if constants.SOCAT_USE_COMPRESS: + # Disables all compression in by OpenSSL. Only supported in patched versions +-- +2.11.0 + only in patch2: unchanged: --- ganeti-2.15.2/debian/patches/use-hv-class-to-check-for-migration.patch 1970-01-01 02:00:00.0 +0200 +++ ganeti-2.15.2/debian/patches/use-hv-class-to-check-for-migration.patch 2017-05-23 15:49:40.0 +0300 @@ -0,0 +1,31 @@ +From 93000ef9b540a243e420e73eb860c62a1322d5d8 Mon Sep 17 00:00:00 2001 +From: Apollon Oikonomopoulos +Date: Thu, 25 May 2017 16:13:30 +0300 +Subject: [PATCH 2/3] Do not instantiate an HV object to query for migration + safety + +hv.VersionsSafeForMigration is a static method. There is no reason to +instatiate hypervisor objects to query for migration safety, just get +the class and call the static method. Without this change, hypervisors +are initialized on the master, causing side-effects (e.g. EnsureDirs) +that might fail on systems where jobs are not run as root. +--- + lib/cmdlib/instance_migration.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/cmdlib/instance_migration.py b/lib/cmdlib/instance_migration.py +index ca64afb35..1e500fdbc 100644 +--- a/lib/cmdlib/instance_migration.py b/lib/cmdlib/instance_migration.py +@@ -738,7 +738,7 @@ class TLMigrateInstance(Tasklet): +
Processed: Re: Bug#863320: Acknowledgement ((pre-approval) unblock: ganeti/2.15.2-8)
Processing control commands: > retitle -1 unblock: ganeti/2.15.2-8 Bug #863320 [release.debian.org] (pre-approval) unblock: ganeti/2.15.2-8 Changed Bug title to 'unblock: ganeti/2.15.2-8' from '(pre-approval) unblock: ganeti/2.15.2-8'. -- 863320: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863320 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Last chance for d-i changes in stretch
Le samedi, 27 mai 2017, 17.17:10 h CEST Didier 'OdyX' Raboud a écrit : > win32-loader should be arch:all-rebuilt (aka uploaded) with a versionned > Build-Depends on the latest debian-archive-keyring. It would therefore > also embed the latest versions of all the other binaries its standalone > version embeds. For all packages with the same version in unstable and testing, it's not an issue (and doesn't need an explicit B-D version); it's the case for all but one of the packages win32-loader has a Built-Using value for: src:gnupg2 is currently in 2.1.18-8 version in unstable and -6 in testing. If I upload win32-loader now, it will embed gpgv-win32 2.1.18-8, no matter which gnupg2 version will be part of stretch. There are three alternatives, in decreasing order of preference: * get gnupg2 in testing, upload win32-loader to unstable, migrate it * upload win32-loader to unstable, upload it _too_ (with a different version?) in testing-proposed-updates to get rid of the version discrepancy * upload win32-loader to unstable, migrate it (and too bad for the version difference) > It also currently uses httpredir.debian.org as only mirror, so we should > decide if it makes sense to consolidate onto deb.debian.org for win32- > loader too. I've staged a change of all mirror references to deb.debian.org. The previously-discussed source compression change away from .bz2 would also be part of that upload. I'm waiting for directions regarding gnupg2 :-) Cheers, OdyX -- OdyX signature.asc Description: This is a digitally signed message part.
Re: Coordinating Debian Stretch & Tails 3.0 releases?
Hi Niels & others, Niels Thykier: > intrigeri: > Apologies for the late reply on our part. That's totally fine; thanks for caring! :) > At this point we have now announced our planned release date as June > 17th (https://lists.debian.org/debian-devel-announce/2017/05/msg2.html) > I hope that date (still) works for you. :) Tails 3.0 will be released either on June 13 or on June 17. In any case, the Debian & Tails releases will be very close to each other :) I'll let the release + publicity teams know as soon as we've reached a conclusion on Tails' side: https://mailman.boum.org/pipermail/tails-dev/2017-May/011451.html Cheers, -- intrigeri