Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2

2017-09-27 Thread Salvatore Bonaccorso 
Hi Adam,

On Thu, Sep 28, 2017 at 06:43:59AM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2017-09-28 at 05:02 +0200, Salvatore Bonaccorso wrote:
> > weechat in stretch is affected by CVE-2017-14727, tracked as #876553.
> > 
> > >  * logger: call strftime before replacing buffer local variables
> > >    (CVE-2017-14727) (Closes: #876553)
> > 
> > https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
> > 
> > Attached proposed debdiff for the stretch point release.
> > 
> 
> There's quite a bit of noise in such a small diff. :-( I appreciate
> why, though.

Yes I can understand, you are a bit unahppy with me with that regard.
I followed upstream, which renamed several of the mask_* pointers and
added a new one for one more operation and shuffled around.

I prefered to rather follow upstream here, hope I can convince you.

or did you mean something else?

> Please go ahead.

Done, despite maybe the above raises questions. In case of such, feel
free to reject the upload and we can do a turnaround.

Salvatore

Bug#877045: jessie-pu: package weechat/1.0.1-1+deb8u2

2017-09-27 Thread Salvatore Bonaccorso 
On Thu, Sep 28, 2017 at 06:44:28AM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2017-09-28 at 05:15 +0200, Salvatore Bonaccorso wrote:
> > weechat in jessie is affected by CVE-2017-14727, tracked as #876553.
> > 
> > >  * logger: call strftime before replacing buffer local variables
> > >    (CVE-2017-14727) (Closes: #876553)
> > 
> > https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
> > 
> 
> Please go ahead.

Thank you, uploaded.

Salvatore

Bug#876949: stretch-pu: package postfix/3.1.6-0+deb9u1

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Wed, 2017-09-27 at 01:14 -0400, Scott Kitterman wrote:
> This upload is intended to solve several problems.  While it's
> somewhat
> unusual, since it includes new upstream releases, the upstream
> changes are
> very targetted and all things that I believe are appropriate to fix
> in a
> stable update:
> 
[...]
> Additionally, there's a packaging fix for a bug that broke multi-
> instance.
> 

The latter (#873957) doesn't appear to have been applied in unstable
yet. Are the upstream fixes relevant to unstable and applied there?

Regards,

Adam

Processed: Re: Bug#876949: stretch-pu: package postfix/3.1.6-0+deb9u1

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + moreinfo
Bug #876949 [release.debian.org] stretch-pu: package postfix/3.1.6-0+deb9u1
Added tag(s) moreinfo.

-- 
876949: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876949
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#876706: stretch-pu: package liblouis/3.0.0-3

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #876706 [release.debian.org] stretch-pu: package liblouis/3.0.0-3
Added tag(s) confirmed.

-- 
876706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#876706: stretch-pu: package liblouis/3.0.0-3

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Mon, 2017-09-25 at 01:31 +0200, Samuel Thibault wrote:
> Several CVEs have been reported against liblouis in Bug#874302. The
> upstream fixes have been tested for 6 days in Debian unstable then 5
> days in Debian testing.
> 

It might be nice to have slightly more descriptive changelog entries.
In any case, please feel free to upload.

Regards,

Adam

Bug#877045: jessie-pu: package weechat/1.0.1-1+deb8u2

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2017-09-28 at 05:15 +0200, Salvatore Bonaccorso wrote:
> weechat in jessie is affected by CVE-2017-14727, tracked as #876553.
> 
> >  * logger: call strftime before replacing buffer local variables
> >    (CVE-2017-14727) (Closes: #876553)
> 
> https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#877045: jessie-pu: package weechat/1.0.1-1+deb8u2

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #877045 [release.debian.org] jessie-pu: package weechat/1.0.1-1+deb8u2
Added tag(s) confirmed.

-- 
877045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #877043 [release.debian.org] stretch-pu: package weechat/1.6-1+deb9u2
Added tag(s) confirmed.

-- 
877043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877043
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2017-09-28 at 05:02 +0200, Salvatore Bonaccorso wrote:
> weechat in stretch is affected by CVE-2017-14727, tracked as #876553.
> 
> >  * logger: call strftime before replacing buffer local variables
> >    (CVE-2017-14727) (Closes: #876553)
> 
> https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
> 
> Attached proposed debdiff for the stretch point release.
> 

There's quite a bit of noise in such a small diff. :-( I appreciate
why, though.

Please go ahead.

Regards,

Adam

Processed: Re: Bug#877045: jessie-pu: package weechat/1.0.1-1+deb8u2

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #877045 [release.debian.org] jessie-pu: package weechat/1.0.1-1+deb8u2
Ignoring request to alter tags of bug #877045 to the same tags previously set

-- 
877045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #867814 [release.debian.org] stretch-pu: package 
ncurses/6.0+20161126-1+deb9u1
Added tag(s) pending.

-- 
867814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#872441: stretch-pu: package gsoap/2.8.35-4+deb9u1

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #872441 [release.debian.org] stretch-pu: package gsoap/2.8.35-4+deb9u1
Added tag(s) pending.

-- 
872441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872441
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872441: stretch-pu: package gsoap/2.8.35-4+deb9u1

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sat, 2017-09-23 at 18:24 +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> On Fri, Aug 18, 2017 at 11:35:09AM +0200, Mattias Ellert wrote:
[...]
> > diff -Nru gsoap-2.8.35/debian/changelog gsoap-
> > 2.8.35/debian/changelog
> > --- gsoap-2.8.35/debian/changelog   2016-12-06
> > 09:32:36.0 +0100
> > +++ gsoap-2.8.35/debian/changelog   2017-08-16
> > 11:58:11.0 +0200
> > @@ -1,3 +1,9 @@
> > +gsoap (2.8.35-4+deb9u1) stretch; urgency=medium
> > +
> > +  * Fix for CVE-2017-9765
> > +
> > + -- Mattias Ellert   Wed, 16 Aug
> > 2017 11:58:11 +0200
> 
> Please go ahead, but a little more detail in your changelog (what is
> CVE-2017-9765 and what changed to fix it?) is always appreciated.
> 

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sun, 2017-09-24 at 09:16 +0200, Sven Joachim wrote:
> On 2017-09-23 19:59 +0100, Adam D. Barratt wrote:
> 
> > Control: tags -1 -moreinfo +confirmed
> > 
> > On Thu, 2017-09-07 at 19:06 +0200, Cyril Brulebois wrote:
> > > Sven Joachim  (2017-09-06):
> > > > Meanwhile seven new CVEs in the tic library and programs have
> > > > been
> > > > reported, and I would like to fix those as well, see the
> > > > attached
> > > > new
> > > > debdiff.  It contains all the library changes from the 20170826
> > > > upstream
> > > > patchlevel and the program fixes of the 20170902 patchlevel.  I
> > > > have
> > > > also attached the test cases for the 13 bugs reported in the
> > > > Red
> > > > Hat
> > > > bugtracker.
> > > > 
> > > > > > > I'd be okay with this, but it will need a kibi-ack due to
> > > > > > > the
> > > > > > > udeb.
> > > > > > 
> > > > > > The changes do not touch the tinfo library which is all
> > > > > > that
> > > > > > shipped in
> > > > > > the udeb.
> > > > > 
> > > > > To elaborate on that, ncurses/tinfo/{alloc,parse}_entry.c are
> > > > > compiled
> > > > > into the tic library while progs/dump_entry.c is for the
> > > > > infocmp
> > > > > and tic
> > > > > programs.  Building 6.0+20161126-1 and 6.0+20161126-1+deb9u1
> > > > > in a
> > > > > stretch chroot produced identical libtinfo.so.5.9 files.
> > > > 
> > > > This is unfortunately no longer the case, since strings.c and
> > > > trim_sgr0.c are compiled into the tinfo library.  However, the
> > > > changes
> > > > to these files are small.
> > > 
> > > I have no straightforward way to double check things still run
> > > smoothly
> > > with stretch's d-i, so I'll follow whatever decision the release
> > > team
> > > makes; if regressions pop up, we'll figure out how to fix them.
> > > 
> > 
> > Let's go with it and keep our fingers crossed that any issues show
> > up
> > quickly.
> 
> Thanks, uploaded.
> 

Flagged for acceptance, thanks.

Regards,

Adam

Processed: Re: Bug#875777: stretch-pu: package ecl/15.3.7+dfsg1-2+deb9u1

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #875777 [release.debian.org] stretch-pu: package ecl/15.3.7+dfsg1-2+deb9u1
Added tag(s) pending.

-- 
875777: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875777
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#863734: unblock: gnupg2/2.1.18-8

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Tue, 2017-09-26 at 01:11 -0400, Daniel Kahn Gillmor wrote:
> On Sat 2017-09-23 19:46:42 +0100, Adam D. Barratt wrote:
> > On Wed, 2017-09-20 at 23:07 -0400, Daniel Kahn Gillmor wrote:
> > > I've built this against a stretch system and tested it on a
> > > stretch
> > > system, and it still works.
> > > 
> > > Please advise me whether i should make an upload.
> > 
> > With a slightly more definite changelog stanza, please go ahead. :-
> > )
> 
> Thanks, I've uploaded.
> 

Flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#863734: unblock: gnupg2/2.1.18-8

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #863734 [release.debian.org] stretch-pu: gnupg2
Added tag(s) pending.

-- 
863734: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863734
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sun, 2017-09-24 at 18:27 +0200, Salvatore Bonaccorso wrote:
> Hi Jonathan,
> 
> On Sun, Sep 24, 2017 at 02:52:03PM +0100, Jonathan Wiltshire wrote:
> > Control: tag -1 confirmed
> > 
> > Hi,
> > 
> > On Sun, Sep 24, 2017 at 09:52:06AM +0200, Salvatore Bonaccorso
> > wrote:
> > > db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB
> > > reads
> > > DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of
> > > august has not raised any regression reports we would be aware
> > > of. We
> > > though think it's still safer to have it via point release
> > 
> > Please go ahead.
> 
> Thanks, uploaded.
> 

Flagged for acceptance into p-u, thanks.

Regards,

Adam

Processed: Re: Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #876629 [release.debian.org] stretch-pu: package db5.3/5.3.28-12+deb9u1
Added tag(s) pending.

-- 
876629: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876629
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#875777: stretch-pu: package ecl/15.3.7+dfsg1-2+deb9u1

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Mon, 2017-09-25 at 14:05 +0200, Sébastien Villemot wrote:
> On Sat, Sep 23, 2017 at 05:25:15PM +0100, Jonathan Wiltshire wrote:
> 
> > On Thu, Sep 14, 2017 at 02:45:16PM +0200, Sébastien Villemot wrote:
> > > I have prepared a stretch-pu for ecl. The debdiff is attached. It
> > > simply fixes
> > > #873091 by adding the dependency on libffi-dev.
> > 
> > Please go ahead.
> 
> Thanks, uploaded.

Flagged for acceptance.

Regards,

Adam

Bug#866537: stretch-pu: package cross-gcc/113

2017-09-27 Thread Adam D. Barratt 
Control: tags -1 + pending

On Sat, 2017-09-23 at 19:55 +0100, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
> 
> On Sat, 2017-07-22 at 02:06 +0100, Wookey wrote:
> > New patch attached with suggested changes. Is this OK?
> > 
> 
> Please go ahead.
> 
> 

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#866537: stretch-pu: package cross-gcc/113

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #866537 [release.debian.org] stretch-pu: package cross-gcc/113
Added tag(s) pending.

-- 
866537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866537
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877045: jessie-pu: package weechat/1.0.1-1+deb8u2

2017-09-27 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi

weechat in jessie is affected by CVE-2017-14727, tracked as #876553.

>  * logger: call strftime before replacing buffer local variables
>(CVE-2017-14727) (Closes: #876553)

https://weechat.org/news/98/20170923-Version-1.9.1-security-release/

Attached proposed debdiff for the jessie point release.

Regards,
Salvatore
diff -Nru weechat-1.0.1/debian/changelog weechat-1.0.1/debian/changelog
--- weechat-1.0.1/debian/changelog  2017-04-25 07:01:43.0 +0200
+++ weechat-1.0.1/debian/changelog  2017-09-27 21:27:15.0 +0200
@@ -1,3 +1,11 @@
+weechat (1.0.1-1+deb8u2) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * logger: call strftime before replacing buffer local variables
+(CVE-2017-14727) (Closes: #876553)
+
+ -- Salvatore Bonaccorso   Wed, 27 Sep 2017 21:27:15 +0200
+
 weechat (1.0.1-1+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru 
weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch
 
weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch
--- 
weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch
1970-01-01 01:00:00.0 +0100
+++ 
weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch
2017-09-27 21:27:15.0 +0200
@@ -0,0 +1,152 @@
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= 
+Date: Sat, 23 Sep 2017 09:36:09 +0200
+Subject: logger: call strftime before replacing buffer local variables
+Origin: 
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
+Bug-Debian: https://bugs.debian.org/876553
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14727
+
+---
+ src/plugins/logger/logger.c | 88 ++---
+ 2 files changed, 51 insertions(+), 44 deletions(-)
+
+
+--- a/src/plugins/logger/logger.c
 b/src/plugins/logger/logger.c
+@@ -316,71 +316,71 @@ logger_get_mask_for_buffer (struct t_gui
+ char *
+ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ {
+-char *mask2, *mask_decoded, *mask_decoded2, *mask_decoded3, 
*mask_decoded4;
+-char *mask_decoded5;
++char *mask2, *mask3, *mask4, *mask5, *mask6, *mask7;
+ const char *dir_separator;
+ int length;
+ time_t seconds;
+ struct tm *date_tmp;
+ 
+ mask2 = NULL;
+-mask_decoded = NULL;
+-mask_decoded2 = NULL;
+-mask_decoded3 = NULL;
+-mask_decoded4 = NULL;
+-mask_decoded5 = NULL;
++mask3 = NULL;
++mask4 = NULL;
++mask5 = NULL;
++mask6 = NULL;
++mask7 = NULL;
+ 
+ dir_separator = weechat_info_get ("dir_separator", "");
+ if (!dir_separator)
+ return NULL;
+ 
++/* replace date/time specifiers in mask */
++length = strlen (mask) + 256 + 1;
++mask2 = malloc (length);
++if (!mask2)
++goto end;
++seconds = time (NULL);
++date_tmp = localtime ();
++mask2[0] = '\0';
++if (strftime (mask2, length - 1, mask, date_tmp) == 0)
++mask2[0] = '\0';
++
+ /*
+  * we first replace directory separator (commonly '/') by \01 because
+  * buffer mask can contain this char, and will be replaced by replacement
+  * char ('_' by default)
+  */
+-mask2 = weechat_string_replace (mask, dir_separator, "\01");
+-if (!mask2)
++mask3 = weechat_string_replace (mask2, dir_separator, "\01");
++if (!mask3)
+ goto end;
+ 
+-mask_decoded = weechat_buffer_string_replace_local_var (buffer, mask2);
+-if (!mask_decoded)
++mask4 = weechat_buffer_string_replace_local_var (buffer, mask3);
++if (!mask4)
+ goto end;
+ 
+-mask_decoded2 = weechat_string_replace (mask_decoded,
+-dir_separator,
+-weechat_config_string 
(logger_config_file_replacement_char));
+-if (!mask_decoded2)
++mask5 = weechat_string_replace (mask4,
++dir_separator,
++weechat_config_string 
(logger_config_file_replacement_char));
++if (!mask5)
+ goto end;
+ 
+ #ifdef __CYGWIN__
+-mask_decoded3 = weechat_string_replace (mask_decoded2, "\\",
+-weechat_config_string 
(logger_config_file_replacement_char));
++mask6 = weechat_string_replace (mask5, "\\",
++weechat_config_string 
(logger_config_file_replacement_char));
+ #else
+-mask_decoded3 = strdup (mask_decoded2);
++mask6 = strdup (mask5);
+ #endif
+-if (!mask_decoded3)
++if (!mask6)
+ goto end;
+ 
+ /* restore directory separator */
+-mask_decoded4 =

Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2

2017-09-27 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi

weechat in stretch is affected by CVE-2017-14727, tracked as #876553.

>  * logger: call strftime before replacing buffer local variables
>(CVE-2017-14727) (Closes: #876553)

https://weechat.org/news/98/20170923-Version-1.9.1-security-release/

Attached proposed debdiff for the stretch point release.

Regards,
Salvatore
diff -Nru weechat-1.6/debian/changelog weechat-1.6/debian/changelog
--- weechat-1.6/debian/changelog2017-04-29 16:31:58.0 +0200
+++ weechat-1.6/debian/changelog2017-09-27 20:53:31.0 +0200
@@ -1,3 +1,11 @@
+weechat (1.6-1+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * logger: call strftime before replacing buffer local variables
+(CVE-2017-14727) (Closes: #876553)
+
+ -- Salvatore Bonaccorso   Wed, 27 Sep 2017 20:53:31 +0200
+
 weechat (1.6-1+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload.
diff -Nru 
weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
 
weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
--- 
weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
1970-01-01 01:00:00.0 +0100
+++ 
weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
2017-09-27 20:53:31.0 +0200
@@ -0,0 +1,158 @@
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= 
+Date: Sat, 23 Sep 2017 09:36:09 +0200
+Subject: logger: call strftime before replacing buffer local variables
+Origin: 
https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
+Bug-Debian: https://bugs.debian.org/876553
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14727
+
+---
+ src/plugins/logger/logger.c | 88 ++---
+ 2 files changed, 51 insertions(+), 44 deletions(-)
+
+
+diff --git a/src/plugins/logger/logger.c b/src/plugins/logger/logger.c
+index 1abc3efc7..347f1d5a6 100644
+--- a/src/plugins/logger/logger.c
 b/src/plugins/logger/logger.c
+@@ -295,71 +295,71 @@ logger_get_mask_for_buffer (struct t_gui_buffer *buffer)
+ char *
+ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ {
+-char *mask2, *mask_decoded, *mask_decoded2, *mask_decoded3, 
*mask_decoded4;
+-char *mask_decoded5;
++char *mask2, *mask3, *mask4, *mask5, *mask6, *mask7;
+ const char *dir_separator;
+ int length;
+ time_t seconds;
+ struct tm *date_tmp;
+ 
+ mask2 = NULL;
+-mask_decoded = NULL;
+-mask_decoded2 = NULL;
+-mask_decoded3 = NULL;
+-mask_decoded4 = NULL;
+-mask_decoded5 = NULL;
++mask3 = NULL;
++mask4 = NULL;
++mask5 = NULL;
++mask6 = NULL;
++mask7 = NULL;
+ 
+ dir_separator = weechat_info_get ("dir_separator", "");
+ if (!dir_separator)
+ return NULL;
+ 
++/* replace date/time specifiers in mask */
++length = strlen (mask) + 256 + 1;
++mask2 = malloc (length);
++if (!mask2)
++goto end;
++seconds = time (NULL);
++date_tmp = localtime ();
++mask2[0] = '\0';
++if (strftime (mask2, length - 1, mask, date_tmp) == 0)
++mask2[0] = '\0';
++
+ /*
+  * we first replace directory separator (commonly '/') by \01 because
+  * buffer mask can contain this char, and will be replaced by replacement
+  * char ('_' by default)
+  */
+-mask2 = weechat_string_replace (mask, dir_separator, "\01");
+-if (!mask2)
++mask3 = weechat_string_replace (mask2, dir_separator, "\01");
++if (!mask3)
+ goto end;
+ 
+-mask_decoded = weechat_buffer_string_replace_local_var (buffer, mask2);
+-if (!mask_decoded)
++mask4 = weechat_buffer_string_replace_local_var (buffer, mask3);
++if (!mask4)
+ goto end;
+ 
+-mask_decoded2 = weechat_string_replace (mask_decoded,
+-dir_separator,
+-weechat_config_string 
(logger_config_file_replacement_char));
+-if (!mask_decoded2)
++mask5 = weechat_string_replace (mask4,
++dir_separator,
++weechat_config_string 
(logger_config_file_replacement_char));
++if (!mask5)
+ goto end;
+ 
+ #ifdef __CYGWIN__
+-mask_decoded3 = weechat_string_replace (mask_decoded2, "\\",
+-weechat_config_string 
(logger_config_file_replacement_char));
++mask6 = weechat_string_replace (mask5, "\\",
++weechat_config_string 
(logger_config_file_replacement_char));
+ #else
+-mask_decoded3 = strdup (mask_decoded2);
++mask6 = strdup (mask5);
+ #endif /* __CYGWIN__ */
+-if (!mask_decoded3)
++if (!mask6)
+

Bug#868558: transition: r-api-3.4 [was Re: Bug#868558: nmu: multiple r-* packages]

2017-09-27 Thread Graham Inggs 
On 24 September 2017 at 15:36, Sébastien Villemot  wrote:
> title = "r-api-3.4";
> is_affected = .depends ~ /r-api-3(\.4)?/;
> is_good = .depends ~ /r-api-3\.4/;
> is_bad = .depends ~ /r-api-3\b/;

I had some trouble with this in Ubuntu until Stefano Rivera suggested:
is_bad = .depends ~ /r-api-3(,|$)/;

Interesting thing is that r-cran-nlp doesn't show up in the Debian tracker.
It must have missed a binNMU to pick up a dependency on 'r-api-3' in
the first place.
I wonder if there are other packages like this.

Maybe we need 'r-base-core' in is_affected as well?

Bug#877025: marked as done (nmu: dlib_18.18-2)

2017-09-27 Thread Debian Bug Tracking System 
Your message dated Thu, 28 Sep 2017 00:30:04 +0200
with message-id <2021e0fd-763d-c66b-bd59-8810a732a...@debian.org>
and subject line Re: Bug#877025: nmu: dlib_18.18-2
has caused the Debian Bug report #877025,
regarding nmu: dlib_18.18-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Control: affects -1 src:plastimatch

The latest plastimatch binNMU did FTBFS due to libdlib-dev exposing
the full path to libblas.so in CMake files, which changed with the
recent BLAS multiarchification.

nmu dlib_18.18-2 . ANY . unstable . -m "rebuild with multiarch libblas3"
gb plastimatch_1.6.5+dfsg.1-1 . amd64 i386 . --extra-depends "libdlib-dev (>= 
18.18-2+b1)"
--- End Message ---
--- Begin Message ---
On 27/09/17 22:57, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> Control: affects -1 src:plastimatch
> 
> The latest plastimatch binNMU did FTBFS due to libdlib-dev exposing
> the full path to libblas.so in CMake files, which changed with the
> recent BLAS multiarchification.
> 
> nmu dlib_18.18-2 . ANY . unstable . -m "rebuild with multiarch libblas3"
> gb plastimatch_1.6.5+dfsg.1-1 . amd64 i386 . --extra-depends "libdlib-dev (>= 
> 18.18-2+b1)"

Scheduled.

Emilio--- End Message ---

Processed: Re: Bug#868558: transition: r-api-3.4 [was Re: Bug#868558: nmu: multiple r-* packages]

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> forwarded -1 https://release.debian.org/transitions/html/r-base-3.4.html
Bug #868558 [release.debian.org] transition: r-api-3.4
Set Bug forwarded-to-address to 
'https://release.debian.org/transitions/html/r-base-3.4.html'.
> tags -1 confirmed
Bug #868558 [release.debian.org] transition: r-api-3.4
Added tag(s) confirmed.

-- 
868558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868558
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868558: transition: r-api-3.4 [was Re: Bug#868558: nmu: multiple r-* packages]

2017-09-27 Thread Emilio Pozuelo Monfort 
Control: forwarded -1 
https://release.debian.org/transitions/html/r-base-3.4.html
Control: tags -1 confirmed

On 24/09/17 15:36, Sébastien Villemot wrote:
> Control: reopen -1
> Control: retitle -1 transition: r-api-3.4
> Control: user release.debian@packages.debian.org
> Control: usertags -1 = transition
> 
> On Sun, Sep 10, 2017 at 04:15:00PM +, Niels Thykier wrote:
> 
>> To be perfectly, honest, I would prefer if you did a proper ABI-like
>> transition over the Breaks.  At this scale, Breaks seems too fragile and
>> too likely for people to get wrong.
> 
> The latest upload of r-base, versioned 3.4.1.20170921-1, has bumped the ABI
> pseudo package from "r-api-3" to "r-api-3.4", as requested.
> 
> Please therefore schedule rebuilds as necessary.

Will do so.

Cheers,
Emilio

Bug#875542: marked as done (nmu: slepc_3.7.4+dfsg1-2+b1)

2017-09-27 Thread Debian Bug Tracking System 
Your message dated Thu, 28 Sep 2017 00:28:36 +0200
with message-id <36475e61-e6c9-f4e7-5751-8a4ecc4c3...@debian.org>
and subject line Re: Bug#875542: nmu: slepc_3.7.4+dfsg1-2+b1
has caused the Debian Bug report #875542,
regarding nmu: slepc_3.7.4+dfsg1-2+b1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
875542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Once petsc is rebuilt against scalapack2 on powerpc (binNMU #875407),
slepc will also need to be rebuilt.

dw slepc_3.7.4+dfsg1-2 . powerpc . unstable . -m "libpetsc3.7-dev (>= 
petsc_3.7.6+dfsg1-3+b2)"
nmu slepc_3.7.4+dfsg1-2+b1 . powerpc . unstable . -m "Rebuild for scalapack 
2.0.2."

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 12/09/17 06:19, Drew Parsons wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> 
> Once petsc is rebuilt against scalapack2 on powerpc (binNMU #875407),
> slepc will also need to be rebuilt.
> 
> dw slepc_3.7.4+dfsg1-2 . powerpc . unstable . -m "libpetsc3.7-dev (>= 
> petsc_3.7.6+dfsg1-3+b2)"
> nmu slepc_3.7.4+dfsg1-2+b1 . powerpc . unstable . -m "Rebuild for scalapack 
> 2.0.2."

Scheduled.

Emilio--- End Message ---

Bug#877025: nmu: dlib_18.18-2

2017-09-27 Thread Adrian Bunk 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Control: affects -1 src:plastimatch

The latest plastimatch binNMU did FTBFS due to libdlib-dev exposing
the full path to libblas.so in CMake files, which changed with the
recent BLAS multiarchification.

nmu dlib_18.18-2 . ANY . unstable . -m "rebuild with multiarch libblas3"
gb plastimatch_1.6.5+dfsg.1-1 . amd64 i386 . --extra-depends "libdlib-dev (>= 
18.18-2+b1)"

Processed: nmu: dlib_18.18-2

2017-09-27 Thread Debian Bug Tracking System 
Processing control commands:

> affects -1 src:plastimatch
Bug #877025 [release.debian.org] nmu: dlib_18.18-2
Added indication that 877025 affects src:plastimatch

-- 
877025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#873519: jessie-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-4+deb8u2

2017-09-27 Thread Mike Gabriel 

Hi,

On  Mo 28 Aug 2017 19:05:59 CEST, Mike Gabriel wrote:


Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu


This request for accepting a freerdp jessie-pu correlates to
https://bugs.debian.org/871943

Quoting my self from the stretch-pu:


```
We received a helpful patch from FreeRDP upstream for the still support
FreeRDP 1.1 version we ship in Debian.

[PATCH 1/1] enable TLS 1+

Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.

A .debdiff has been attached.

A +/- identical upload could be done for jessie-updates, too. The
upstream versions are the same, the patch level is slightly different.
Shall I file an extra bug report for that?
```


Tiny reminder ping on this one. Any ETA for an ACK or NOACK?

Thanks!
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpCCfRiRbTm6.pgp
Description: Digitale PGP-Signatur

Bug#876958: marked as done (nmu: trilinos_12.10.1-4)

2017-09-27 Thread Debian Bug Tracking System 
Your message dated Wed, 27 Sep 2017 11:32:45 +0200
with message-id <6d4a67c7-d454-36d3-e2f6-551abbb31...@debian.org>
and subject line Re: Bug#876958: nmu: trilinos_12.10.1-4
has caused the Debian Bug report #876958,
regarding nmu: trilinos_12.10.1-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: debian-science-maintain...@lists.alioth.debian.org

Dear Release Team

Lapack recently switched to multiarch and Trilinos needs to be rebuilt
in order to pick up the new locations of liblapack.so and libblas.so.
This causes deal.ii (its only reverse-dependency) to FTBFS (see
#876509).  Please schedule the following binNMU:

nmu trilinos_12.10.1-4 . ANY . -m 'Rebuild against multiarch lapack'

Regards
Graham
--- End Message ---
--- Begin Message ---
On 27/09/17 07:33, Graham Inggs wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> X-Debbugs-Cc: debian-science-maintain...@lists.alioth.debian.org
> 
> Dear Release Team
> 
> Lapack recently switched to multiarch and Trilinos needs to be rebuilt
> in order to pick up the new locations of liblapack.so and libblas.so.
> This causes deal.ii (its only reverse-dependency) to FTBFS (see
> #876509).  Please schedule the following binNMU:
> 
> nmu trilinos_12.10.1-4 . ANY . -m 'Rebuild against multiarch lapack'

Scheduled.

Emilio--- End Message ---