Bug#865390: nmu: fonts-fantasque-sans_1.7.1~dfsg-1

[Adam Borowski]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi!
This font has some issues when built with fontforge 20120713, that have been
solved in 20160404.  All it takes is a clean rebuild against the version in
stretch or unstable.  Obviously, it's too late to do it for stretch (the bug
is nowhere near important enough), so let's do so for buster.

#827045 has the details, but you're probably too busy to bother reading. 
I tested a binNMU at home, it worked fine for me.

nmu fonts-fantasque-sans_1.7.1~dfsg-1 . ANY . unstable . -m "Rebuild with new 
fontforge (#827045)."


-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-rc6-debug-00024-gff389e3ae048 (SMP w/6 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#865381: marked as done (unblock: glibc/2.24-12)

[Debian Bug Tracking System]

Your message dated Tue, 20 Jun 2017 23:41:32 +0200
with message-id <83185827-19ae-57ee-8f36-e43d09dee...@debian.org>
and subject line Re: Bug#865381: unblock: glibc/2.24-12
has caused the Debian Bug report #865381,
regarding unblock: glibc/2.24-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

glibc version 2.24-12 includes an important security fix 
(CVE-2017-1000366) that should probably fixed asap in buster. It
contains other changes which should have no impact on
debian-installer. Here is the full changelog:

| glibc (2.24-12) unstable; urgency=high
| 
|   [ Aurelien Jarno ]
|   * debian/patches/git-updates.diff: update from upstream stable branch:
| - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged upstream).
| - Remove wrong assertion on parent PID in fork.
| - Fix 64-bit atomics on m68k.  Closes: #855692.
|   * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
| mention that the support limitation comes from Debian and not from
| upstream.  Closes: #864720.
|   * debian/rules, debian/rules.d/build.mk: do not capture the build path
| when generating glibc-source tarball.  Closes: #861183.
|   * debian/control.in/main: build-depends on gperf.  Closes: #847478.
|   * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
| to fix longjmp on hppa.  Closes: #858738.
|   * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
| GCC ISA level, currently MIPS32R2/MIPS64R2.
|   * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
| patches to protect the dynamic linker against stack clashes
| (CVE-2017-1000366).
|   * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
| from upstream to allow usage of strcspn in ld.so.
|   * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
| upstream to disable HWCAP for AT_SECURE programs.
| 
|   [ John Paul Adrian Glaubitz ]
|   * debian/sysdeps/sh3.mk: copy from sh4.mk.  Closes: #851867.
| 
|  -- Aurelien Jarno   Sun, 18 Jun 2017 20:04:53 +0200

Could you therefore please unblock this package:

unblock glibc/2.24-12

Thanks,
Aurelien

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 20/06/17 22:58, Emilio Pozuelo Monfort wrote:
> On 20/06/17 22:49, Aurelien Jarno wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> glibc version 2.24-12 includes an important security fix 
>> (CVE-2017-1000366) that should probably fixed asap in buster. It
>> contains other changes which should have no impact on
>> debian-installer. Here is the full changelog:
>>
>> | glibc (2.24-12) unstable; urgency=high
>> | 
>> |   [ Aurelien Jarno ]
>> |   * debian/patches/git-updates.diff: update from upstream stable branch:
>> | - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged 
>> upstream).
>> | - Remove wrong assertion on parent PID in fork.
>> | - Fix 64-bit atomics on m68k.  Closes: #855692.
>> |   * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
>> | mention that the support limitation comes from Debian and not from
>> | upstream.  Closes: #864720.
>> |   * debian/rules, debian/rules.d/build.mk: do not capture the build path
>> | when generating glibc-source tarball.  Closes: #861183.
>> |   * debian/control.in/main: build-depends on gperf.  Closes: #847478.
>> |   * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
>> | to fix longjmp on hppa.  Closes: #858738.
>> |   * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
>> | GCC ISA level, currently MIPS32R2/MIPS64R2.
>> |   * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
>> |

Bug#865385: RM: python-django-authority/0.5-2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: rm

As described in #822476, the version of this package in jessie
does not work with the Django 1.7 in jessie.

(More recent upstream versions would work, but the package is
 orphaned and the same package is still in unstable.)

Bug#865235: marked as done (nmu: tinc_1.1~pre14-16-g15b868e-1)

[Debian Bug Tracking System]

Your message dated Tue, 20 Jun 2017 22:59:23 +0200
with message-id 
and subject line Re: Bug#865235: nmu: tinc_1.1~pre14-16-g15b868e-1
has caused the Debian Bug report #865235,
regarding nmu: tinc_1.1~pre14-16-g15b868e-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865235
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu tinc_1.1~pre14-16-g15b868e-1 . ANY . experimental . -m "rebuild against 
readline7"


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 20/06/17 05:48, Shengjing Zhu wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> nmu tinc_1.1~pre14-16-g15b868e-1 . ANY . experimental . -m "rebuild against 
> readline7"

Scheduled.

Emilio--- End Message ---

Bug#865383: RM: rant/0.5.8-8

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

#831392 rant: cannot load such file -- rant/rantlib (LoadError)

This error that always happens when just attempting to run rant
is also in jessie, and already led to the removal from unstable
in #831393.

Bug#865381: unblock: glibc/2.24-12

[Emilio Pozuelo Monfort]

On 20/06/17 22:49, Aurelien Jarno wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> glibc version 2.24-12 includes an important security fix 
> (CVE-2017-1000366) that should probably fixed asap in buster. It
> contains other changes which should have no impact on
> debian-installer. Here is the full changelog:
> 
> | glibc (2.24-12) unstable; urgency=high
> | 
> |   [ Aurelien Jarno ]
> |   * debian/patches/git-updates.diff: update from upstream stable branch:
> | - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged 
> upstream).
> | - Remove wrong assertion on parent PID in fork.
> | - Fix 64-bit atomics on m68k.  Closes: #855692.
> |   * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
> | mention that the support limitation comes from Debian and not from
> | upstream.  Closes: #864720.
> |   * debian/rules, debian/rules.d/build.mk: do not capture the build path
> | when generating glibc-source tarball.  Closes: #861183.
> |   * debian/control.in/main: build-depends on gperf.  Closes: #847478.
> |   * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
> | to fix longjmp on hppa.  Closes: #858738.
> |   * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
> | GCC ISA level, currently MIPS32R2/MIPS64R2.
> |   * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
> | debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
> | debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
> | patches to protect the dynamic linker against stack clashes
> | (CVE-2017-1000366).
> |   * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
> | from upstream to allow usage of strcspn in ld.so.
> |   * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
> | upstream to disable HWCAP for AT_SECURE programs.
> | 
> |   [ John Paul Adrian Glaubitz ]
> |   * debian/sysdeps/sh3.mk: copy from sh4.mk.  Closes: #851867.
> | 
> |  -- Aurelien Jarno   Sun, 18 Jun 2017 20:04:53 +0200
> 
> Could you therefore please unblock this package:
> 
> unblock glibc/2.24-12

There is no block in place anymore, so this should migrate on its own once it
builds in all architectures and the age requirements are met.

Perhaps you want us to urgent this instead? For now I have increased the build
priority in armel/armhf.

Cheers,
Emilio

Bug#865381: unblock: glibc/2.24-12

[Aurelien Jarno]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

glibc version 2.24-12 includes an important security fix 
(CVE-2017-1000366) that should probably fixed asap in buster. It
contains other changes which should have no impact on
debian-installer. Here is the full changelog:

| glibc (2.24-12) unstable; urgency=high
| 
|   [ Aurelien Jarno ]
|   * debian/patches/git-updates.diff: update from upstream stable branch:
| - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged upstream).
| - Remove wrong assertion on parent PID in fork.
| - Fix 64-bit atomics on m68k.  Closes: #855692.
|   * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
| mention that the support limitation comes from Debian and not from
| upstream.  Closes: #864720.
|   * debian/rules, debian/rules.d/build.mk: do not capture the build path
| when generating glibc-source tarball.  Closes: #861183.
|   * debian/control.in/main: build-depends on gperf.  Closes: #847478.
|   * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
| to fix longjmp on hppa.  Closes: #858738.
|   * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
| GCC ISA level, currently MIPS32R2/MIPS64R2.
|   * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
| patches to protect the dynamic linker against stack clashes
| (CVE-2017-1000366).
|   * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
| from upstream to allow usage of strcspn in ld.so.
|   * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
| upstream to disable HWCAP for AT_SECURE programs.
| 
|   [ John Paul Adrian Glaubitz ]
|   * debian/sysdeps/sh3.mk: copy from sh4.mk.  Closes: #851867.
| 
|  -- Aurelien Jarno   Sun, 18 Jun 2017 20:04:53 +0200

Could you therefore please unblock this package:

unblock glibc/2.24-12

Thanks,
Aurelien

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Re: Debian 9.0

[Niels Thykier]

sare...@att.net:
> There is something wrong with the Debian 9 iso's. I downloaded the Debian 9.0 
> dvd iso and put it on a flash drive. It boots ,but when I try to install it a 
> dialog pups up asking for a cd. As you know 2 gb will not fit on a CD. I 
> re-downloaded and tried to install Debian again and the same message comes up 
> asking for a CD. What is wrong?
> 

Hi,

I am sorry to hear you have issues.

Could you please post this to debian-u...@lists.debian.org and ask for
their assistance?  Alternatively the relevant language specific support
list from [1], if you prefer that

Thanks,
~Niels

[1] https://lists.debian.org/users.html

Bug#865057: stretch-pu: package open-iscsi/2.0.874-2

[Cyril Brulebois]

Hi,

Cyril Brulebois  (2017-06-19):
> After a quick review, that looks good to me. Thanks for keeping the
> changes minimal in unstable, which indeed can help test this further.
> 
> Also thanks for keeping track of this without my chasing you with my 9.1
> todo list. ;)
> 
> I'll report back once I've tested this change from unstable, just to be
> sure; release team: please wait a bit before letting this go through pu.

Release team: looks good to me.


KiBi.


signature.asc
Description: Digital signature

Bug#863682: jessie-pu: package intel-microcode/3.20170511.1~deb8u1 [v2]: target jessie

[Henrique de Moraes Holschuh]

Attached new debdiff and diffstat files (v2) with the following fixes:
 * target jessie


Full diffstat:
 changelog  |   13 
 debian/changelog   |   58 
 microcode-20161104.dat |61630 
 microcode-20170511.dat |61886 +
 releasenote|   41 
 5 files changed, 61998 insertions(+), 61630 deletions(-)

Abridged diffstat:
 changelog|   13 
 debian/changelog |   58 +++
 releasenote  |   41 ++
 3 files changed, 112 insertions(+)

Thank you!

-- 
  Henrique Holschuh
diff -Nru intel-microcode-3.20161104.1~deb8u1/changelog 
intel-microcode-3.20170511.1~deb8u1/changelog
--- intel-microcode-3.20161104.1~deb8u1/changelog   2016-12-16 
08:53:58.0 -0200
+++ intel-microcode-3.20170511.1~deb8u1/changelog   2017-05-29 
19:28:58.0 -0300
@@ -1,3 +1,16 @@
+2017-05-11:
+  * Updated Microcodes:
+sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
+sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
+sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
+sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
+sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624
+sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+
 2016-11-04:
   * New Microcodes:
 sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x70d, size 20480
diff -Nru intel-microcode-3.20161104.1~deb8u1/debian/changelog 
intel-microcode-3.20170511.1~deb8u1/debian/changelog
--- intel-microcode-3.20161104.1~deb8u1/debian/changelog2016-12-16 
09:42:12.0 -0200
+++ intel-microcode-3.20170511.1~deb8u1/debian/changelog2017-06-20 
14:13:40.0 -0300
@@ -1,3 +1,61 @@
+intel-microcode (3.20170511.1~deb8u1) jessie; urgency=high
+
+  * This is the same package as 3.20170511.1 from unstable/testing and
+3.20170511.1~bpo8+1, from jessie-backports.  It has been present in
+unstable since 2017-05-15, testing since 2017-05-26, and jessie-backports
+since 2017-05-29.
+  * Urgency updated to high:
++ Confirmed fix: nightmare-level Skylake erratum SKL150
++ Confirmed: gcc may generate the code patterns that trigger SKL150
+  (unpredictable behavior).  The OCaml community was hit by this erratum
+  and has been investigating the issue since 2017-01.  It affected the
+  OCaml compiler, and OCaml programs when gcc was used as the backend.
+  https://caml.inria.fr/mantis/view.php?id=7452
+
+ -- Henrique de Moraes Holschuh   Tue, 20 Jun 2017 14:13:38 
-0300
+
+intel-microcode (3.20170511.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20170511
++ Updated Microcodes:
+  sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+  sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+  sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+  sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+  sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
+  sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
+  sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
+  sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
+  sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb21, size 26624
+  sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
++ This release fixes undisclosed errata on the desktop, mobile and
+  server processor models from the Haswell, Broadwell, and Skylake
+  families, including even the high-end multi-socket server Xeons
++ Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
+  similar) on several processor families
++ Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
++ Likely fix serious or critical Skylake errata: SKL138/144,
+  SKL137/145, SLK149
+* Likely fix nightmare-level Skylake erratum SKL150.  Fortunately,
+  either this erratum is very-low-hitting, or gcc/clang/icc/msvc
+  won't usually issue the affected opcode pattern and it ends up
+  being rare.
+  SKL150 - Short loops using both the AH/BH/CH/DH registers and
+  the corresponding wide register *may* result in unpredictable
+  system behavior.  Requires both logical processors of the same
+  core (i.e. sibling hyperthreads) to be active to trigger, as
+  well as a "complex set of micro-architectural conditions"
+  * source: remove unneeded intel-ucode/ directory
+ 

Debian 9.0

[sarez45]

There is something wrong with the Debian 9 iso's. I downloaded the Debian 9.0 
dvd iso and put it on a flash drive. It boots ,but when I try to install it a 
dialog pups up asking for a cd. As you know 2 gb will not fit on a CD. I 
re-downloaded and tried to install Debian again and the same message comes up 
asking for a CD. What is wrong?

Bug#865355: stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u1

[James Cowgill]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

This update contains a number of security fixes to libopenmpt which
upstream has specifically asked me to get into stretch. Upstream asked
me to fix these earlier this month and since none of them looked
"critical" I decided to wait and file a stretch-pu bug (although maybe I
was a little lazy...) The worst bugs fixed here are NULL pointer
dereferences - I don't think there is any remote code execution here.

Upstream kindly backported all the fixes to the version Debian has in
stretch and they were taken from this announcement:
https://lib.openmpt.org/libopenmpt/md_announce-2017-06-02.html

I omitted 2 patches which seem to be impossible to exploit or which only
have minor cosmetic effects.

Debdiff attached.

Thanks,
James

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libopenmpt-0.2.7386~beta20.3/debian/changelog 
libopenmpt-0.2.7386~beta20.3/debian/changelog
--- libopenmpt-0.2.7386~beta20.3/debian/changelog   2017-01-12 
17:17:13.0 +
+++ libopenmpt-0.2.7386~beta20.3/debian/changelog   2017-06-20 
08:58:50.0 +0100
@@ -1,3 +1,14 @@
+libopenmpt (0.2.7386~beta20.3-3+deb9u1) stretch; urgency=medium
+
+  * Add various security patches (Closes: #864195).
+- up1: Division by zero in temp calculation.
+- up2: Infinite loop with cyclic plugin routing.
+- up3: Excessive CPU consumption on malformed DMF and MDL files.
+- up5: Excessive CPU consumption on malformed AMS files.
+- up6: Invalid memory read when applying NNAs to effect plugins.
+
+ -- James Cowgill   Tue, 20 Jun 2017 08:58:50 +0100
+
 libopenmpt (0.2.7386~beta20.3-3) unstable; urgency=medium
 
   * debian/tests:
diff -Nru libopenmpt-0.2.7386~beta20.3/debian/patches/series 
libopenmpt-0.2.7386~beta20.3/debian/patches/series
--- libopenmpt-0.2.7386~beta20.3/debian/patches/series  2017-01-12 
17:09:08.0 +
+++ libopenmpt-0.2.7386~beta20.3/debian/patches/series  2017-06-20 
08:58:50.0 +0100
@@ -1 +1,6 @@
 01_libmodplug_symver.patch
+up1-division-by-zero-in-tempo-calculation.patch
+up2-infinite-loop-in-plugin-routing.patch
+up3-excessive-cpu-consumption-on-malformed-files-dmf-mdl.patch
+up5-excessive-cpu-consumption-on-malformed-files-ams.patch
+up6-invalid-memory-read-when-applying-nnas-to-effect-plugins.patch
diff -Nru 
libopenmpt-0.2.7386~beta20.3/debian/patches/up1-division-by-zero-in-tempo-calculation.patch
 
libopenmpt-0.2.7386~beta20.3/debian/patches/up1-division-by-zero-in-tempo-calculation.patch
--- 
libopenmpt-0.2.7386~beta20.3/debian/patches/up1-division-by-zero-in-tempo-calculation.patch
 1970-01-01 01:00:00.0 +0100
+++ 
libopenmpt-0.2.7386~beta20.3/debian/patches/up1-division-by-zero-in-tempo-calculation.patch
 2017-06-20 08:58:50.0 +0100
@@ -0,0 +1,51 @@
+Description: Guard against division by zero in tempo calculation
+ See https://lib.openmpt.org/libopenmpt/md_announce-2017-06-02.html
+Origin: upstream, 
https://source.openmpt.org/browse/openmpt?op=revision=8235
+Bug-Debian: https://bugs.debian.org/864195
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/soundlib/Sndfile.cpp
 b/soundlib/Sndfile.cpp
+@@ -1542,15 +1542,15 @@ void CSoundFile::RecalculateSamplesPerTi
+   {
+   case tempoModeClassic:
+   default:
+-  m_PlayState.m_nSamplesPerTick = 
Util::muldiv(m_MixerSettings.gdwMixingFreq, 5 * TEMPO::fractFact, 
m_PlayState.m_nMusicTempo.GetRaw() << 1);
++  m_PlayState.m_nSamplesPerTick = 
Util::muldiv(m_MixerSettings.gdwMixingFreq, 5 * TEMPO::fractFact, 
std::max(TEMPO::store_t(1), m_PlayState.m_nMusicTempo.GetRaw() << 1));
+   break;
+ 
+   case tempoModeModern:
+-  m_PlayState.m_nSamplesPerTick = 
static_cast((Util::mul32to64_unsigned(m_MixerSettings.gdwMixingFreq, 60 
* TEMPO::fractFact) * Util::mul32to64_unsigned(m_PlayState.m_nMusicSpeed, 
m_PlayState.m_nCurrentRowsPerBeat)) / m_PlayState.m_nMusicTempo.GetRaw());
++  m_PlayState.m_nSamplesPerTick = 
static_cast((Util::mul32to64_unsigned(m_MixerSettings.gdwMixingFreq, 60 
* TEMPO::fractFact) / std::max(uint64(1),  
Util::mul32to64_unsigned(m_PlayState.m_nMusicSpeed, 
m_PlayState.m_nCurrentRowsPerBeat) * m_PlayState.m_nMusicTempo.GetRaw(;
+   break;
+ 
+   case tempoModeAlternative:
+-  m_PlayState.m_nSamplesPerTick = 
Util::muldiv(m_MixerSettings.gdwMixingFreq, TEMPO::fractFact, 
m_PlayState.m_nMusicTempo.GetRaw());
++

Re: [pkg-boost-devel] boost1.61 1.61.0+dfsg-3 MIGRATED to testing

[Emilio Pozuelo Monfort]

On 20/06/17 16:42, Steve M. Robbins wrote:
> On Tue, Jun 20, 2017 at 10:57:11AM +0100, Dimitri John Ledkov wrote:
>> Hm, this makes no sense. I thought we want to _remove_ 1.61, not
>> re-introduce it?!
> 
> 
> Agreed.  I did not request this, FWIW.
> 
> The previous removal message 
> https://packages.qa.debian.org/b/boost1.61/news/20170202T163914Z.html was for
> a transition to 1.62.  I thought this would make it stay out, but maybe we 
> forgot to request a removal
> from "unstable" (?).  I keep forgetting the rules for these things.  Or maybe 
> it was a simple oversight.
> 
> Dear Release Team: can you reverse this reintroduction of boost 1.61, please?

For as long as the package is in unstable, britney will try to migrate the
package if there are no blockers. So either get it removed from sid (assuming
that's possible due to rdeps) or file an RC bug against the package to keep it
out of testing.

Cheers,
Emilio

Re: [pkg-boost-devel] boost1.61 1.61.0+dfsg-3 MIGRATED to testing

[Steve M. Robbins]

On Tue, Jun 20, 2017 at 10:57:11AM +0100, Dimitri John Ledkov wrote:
> Hm, this makes no sense. I thought we want to _remove_ 1.61, not
> re-introduce it?!


Agreed.  I did not request this, FWIW.

The previous removal message 
https://packages.qa.debian.org/b/boost1.61/news/20170202T163914Z.html was for
a transition to 1.62.  I thought this would make it stay out, but maybe we 
forgot to request a removal
from "unstable" (?).  I keep forgetting the rules for these things.  Or maybe 
it was a simple oversight.

Dear Release Team: can you reverse this reintroduction of boost 1.61, please?

Thanks,
-Steve


signature.asc
Description: PGP signature

Bug#865270: stretch-pu: package osinfo-db/0.20170225-3+deb9u1

[Guido Günther]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,
this update makes stretch DVDs detectable by libosinfo (used by
virt-manager, gnome-boxes, ...) and adjusts the installer links to the
current locations.
It also updates the Jessie ones now that things moved for stretch.
Cheers,
 -- Guido


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 9bd6632..7060abe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+osinfo-db (0.20170225-3+deb9u1) stretch; urgency=medium
+
+  * [17d85a0] Adjust gbp.conf for stretch
+
+ -- Guido Günther   Tue, 20 Jun 2017 08:26:19 +0200
+
+osinfo-db (0.20170225-3) unstable; urgency=medium
+
+  * [c058963] Update Jessie DVD links.
+  * [745d2f5] Add Debian Stretch (Closes: #864923)
+
+ -- Guido Günther   Mon, 19 Jun 2017 19:34:55 +0200
+
 osinfo-db (0.20170225-2) unstable; urgency=medium
 
   * [7016785] Fix Stretch URL for i386.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 760033d..a57e359 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch=upstream/latest
-debian-branch=debian/sid
+debian-branch=debian/stretch
 
 [pq]
 patch-numbers = False
diff --git a/debian/patches/Add-Debian-Stretch-RCs.patch b/debian/patches/Add-Debian-Stretch-RCs.patch
deleted file mode 100644
index 620e5b2..000
--- a/debian/patches/Add-Debian-Stretch-RCs.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: =?utf-8?q?Guido_G=C3=BCnther?= 
-Date: Mon, 13 Mar 2017 19:20:33 +0100
-Subject: Add Debian Stretch RCs
-
-Closes: #856667

- data/os/debian.org/debian-9.xml.in  | 64 +
- debian/patches/Add-Debian-Stretch-RCs.patch |  4 +-
- 2 files changed, 66 insertions(+), 2 deletions(-)
- create mode 100644 data/os/debian.org/debian-9.xml.in
-
-diff --git a/data/os/debian.org/debian-9.xml.in b/data/os/debian.org/debian-9.xml.in
-new file mode 100644
-index 000..4200f45
 /dev/null
-+++ b/data/os/debian.org/debian-9.xml.in
-@@ -0,0 +1,64 @@
-+
-+
-+  http://debian.org/debian/9;>
-+debian9
-+debianstretch
-+<_name>Debian Stretch
-+9
-+<_vendor>Debian Project
-+linux
-+debian
-+http://debian.org/debian/8"/>
-+http://debian.org/debian/8"/>
-+
-+2017-02-02
-+
-+
-+  http://pcisig.com/pci/1af4/1041"/>
-+  http://pcisig.com/pci/1af4/1042"/>
-+  http://pcisig.com/pci/1af4/1043"/>
-+  http://pcisig.com/pci/1af4/1044"/>
-+  http://pcisig.com/pci/1af4/1045"/>
-+  http://pcisig.com/pci/1af4/1048"/>
-+  http://pcisig.com/pci/1af4/1049"/>
-+  http://pcisig.com/pci/1af4/1052"/>
-+
-+
-+
-+  
-+10
-+1
-+1073741824
-+10737418240
-+  
-+  
-+10
-+1073741824
-+21474836480
-+  
-+
-+
-+
-+  http://cdimage.debian.org/cdimage/stretch_di_rc3/i386/iso-dvd/debian-stretch-DI-rc3-i386-DVD-1.iso
-+  
-+Debian stretch-DI-rc\d i386 1
-+  
-+  install.386/vmlinuz
-+  install.386/initrd.gz
-+
-+
-+  http://cdimage.debian.org/cdimage/stretch_di_rc3/amd64/iso-dvd/debian-stretch-DI-rc3-amd64-DVD-1.iso
-+  
-+	Debian stretch-DI-rc\d amd64 1
-+  
-+  install.amd/vmlinuz
-+  install.amd/initrd.gz
-+
-+
-+
-+  
-+  
-+
-+  
-+
diff --git a/debian/patches/Add-Debian-Stretch.patch b/debian/patches/Add-Debian-Stretch.patch
new file mode 100644
index 000..f03bd32
--- /dev/null
+++ b/debian/patches/Add-Debian-Stretch.patch
@@ -0,0 +1,145 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= 
+Date: Mon, 13 Mar 2017 19:20:33 +0100
+Subject: Add Debian Stretch
+
+---
+ data/os/debian.org/debian-9.xml.in | 130 +
+ 1 file changed, 130 insertions(+)
+ create mode 100644 data/os/debian.org/debian-9.xml.in
+
+diff --git a/data/os/debian.org/debian-9.xml.in b/data/os/debian.org/debian-9.xml.in
+new file mode 100644
+index 000..e0b9085
+--- /dev/null
 b/data/os/debian.org/debian-9.xml.in
+@@ -0,0 +1,130 @@
++
++
++  http://debian.org/debian/9;>
++debian9
++debianstretch
++<_name>Debian Stretch
++9
++<_vendor>Debian Project
++linux
++debian
++http://debian.org/debian/8"/>
++http://debian.org/debian/8"/>
++
++2017-06-17
++
++
++  http://pcisig.com/pci/1af4/1041"/>
++