NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_mipsel.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_mipsel.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_mips64el.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_armel.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_armhf.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_mips.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: discover_2.1.2-7.1+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_ppc64el.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: discover_2.1.2-7.1+deb9u1_armel.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_armhf.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_armel.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_armhf.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_mips.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_arm64.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_amd64.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_i386.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_s390x.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_arm64.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_i386.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 2ping_3.2.1-1+deb9u1_all.changes
  ACCEPT
Processing changes file: debian-security-support_2018.01.29~deb9u1_all.changes
  ACCEPT
Processing changes file: disc-cover_1.5.6-2+deb9u1_all.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_amd64.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_arm64.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_i386.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_mips.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_mips64el.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_mipsel.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_s390x.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_all.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_powerpc.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_s390x.changes
  ACCEPT

Bug#892505: transition: openexr

[Emilio Pozuelo Monfort]

Control: tags -1 confirmed

On 10/03/18 20:20, Matteo F. Vescovi wrote:
> Hi!
> 
> On 2018-03-10 at 16:35 (+0100), Emilio Pozuelo Monfort wrote:
> 
> [...]
> 
>>> while vips on some weird missing dependencies where openexr is not
>>> involved, it seems.
>>
>> Can you file a bug for this?
> 
> Gonna do it asap.
> 
>> BTW I see in your changelog:
>>
>> openexr (2.2.1-2) experimental; urgency=medium
>>
>>   * debian/: SONAME bump 22 -> 23
>>   * debian/control: add Breaks and Replaces for library replacement
>>
>> So IIUC, you upgraded 2.2.1-1, which bumped the SONAME, without bumping the
>> binary package name. Then you uploaded 2.2.1-2 with updated package name for 
>> the
>> bumped SONAME. However since both libopenexr22_2.2.1-1 and 
>> libopenexr23_2.2.1-2
>> ship libopenexr.so.23, you had to add some Breaks/Replaces. But you added:
>>
>> Package: libopenexr23
>> Version: 2.2.1-2
>> Replaces: libopenexr22 (<< 2.2.1-2)
>> Breaks: libopenexr22 (<< 2.2.1-2)
>>
>> That's unnecessarily broad, as it breaks against libopenexr22_2.2.0-11.1 
>> that we
>> have in testing, when it shouldn't. That will cause pain during the 
>> transition.
>> Can you instead update the Breaks/Replaces to something like
>>
>>   libopenexr22 (= 2.2.1-1)
>>
>> or
>>
>>   libopenexr22 (>= 2.2.1)
>>
>> That should still conflict against the bad versions but not against the good 
>> ones.
>>
>> Basically if you can install libopenexr22/testing with libopenexr23, then 
>> we're
>> good to go.
> 
> That's what I've done now: I've just uploaded -3 revision that fixes the
> Breaks/Replaces with the first option you provided. And I've tested the
> co-installability of libopenexr22 from testing and libopenexr23 from
> experimental.

Good, that means this can be a 'smooth' transition, i.e. the new library package
can migrate while keeping the old one in testing at the same time, so the two
packages that fail to build are not really blockers (they are in order to finish
the transition, but they are not in order to move the rest of the packages to
testing). Thus please go ahead.

Cheers,
Emilio

Processed: Re: Bug#892505: transition: openexr

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed
Bug #892505 [release.debian.org] transition: openexr
Added tag(s) confirmed.

-- 
892505: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892505
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 2ping_3.2.1-1+deb9u1_source.changes
  ACCEPT
Processing changes file: 
debian-security-support_2018.01.29~deb9u1_source.changes
  ACCEPT
Processing changes file: disc-cover_1.5.6-2+deb9u1_source.changes
  ACCEPT
Processing changes file: discover_2.1.2-7.1+deb9u1_source.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_sourceonly.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_amd64.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_arm64.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_armel.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_armhf.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_i386.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_mips.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_mips64el.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_mipsel.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.5-3+deb9u1_s390x.changes
  ACCEPT
Processing changes file: postgresql-9.6_9.6.8-0+deb9u1_source.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: dovecot_2.2.13-12~deb8u4_amd64.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_arm64.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_armel.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_armhf.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_i386.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_mips.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_mipsel.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_powerpc.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_ppc64el.changes
  ACCEPT
Processing changes file: dovecot_2.2.13-12~deb8u4_s390x.changes
  ACCEPT
Processing changes file: drupal7_7.32-1+deb8u10_amd64.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_amd64.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_arm64.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_armel.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_armhf.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_i386.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_mips.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_mipsel.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_powerpc.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_ppc64el.changes
  ACCEPT
Processing changes file: freexl_1.0.0g-1+deb8u5_s390x.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_allonly.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_amd64.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_arm64.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_armel.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_armhf.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_i386.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_mips.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_mipsel.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_powerpc.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_ppc64el.changes
  ACCEPT
Processing changes file: isc-dhcp_4.3.1-6+deb8u3_s390x.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_amd64.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_arm64.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_armel.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_armhf.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_i386.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_mips.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_mipsel.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_powerpc.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_ppc64el.changes
  ACCEPT
Processing changes file: libvpx_1.3.0-3+deb8u1_s390x.changes
  ACCEPT
Processing changes file: lucene-solr_3.6.2+dfsg-5+deb8u1_amd64.changes
  ACCEPT
Processing changes file: postgresql-9.4_9.4.17-0+deb8u1_amd64.changes
  ACCEPT
Processing changes file: simplesamlphp_1.13.1-2+deb8u1_amd64.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_i386.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_amd64.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_arm64.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_armel.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_armhf.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_mips.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_mipsel.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_powerpc.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_ppc64el.changes
  ACCEPT
Processing changes file: xmltooling_1.5.3-2+deb8u3_s390x.changes
  ACCEPT

Processed: Re: Bug#891576: stretch-pu: package discover/2.1.2-7.1+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #891576 [release.debian.org] stretch-pu: package discover/2.1.2-7.1+deb9u1
Added tag(s) pending.

-- 
891576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891576
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#891576: stretch-pu: package discover/2.1.2-7.1+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2018-03-03 at 14:27 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2018-02-26 at 21:45 +0200, Adrian Bunk wrote:
> >    * Use correct type for the length parameter of the getline()
> > call,
> >  thanks to Anatoly Borodin and Simon Quigley for writing and
> > for
> >  forwarding the patch (Closes: #876388, LP: #1718687).
> 
> Please go ahead.
> 

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#891563: stretch-pu: package disc-cover/1.5.6-2+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2018-03-03 at 14:36 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2018-02-26 at 19:56 +0200, Adrian Bunk wrote:
> >    * Fix perl error when running disc-cover,
> >  thanks to Frédéric Boiteux. (Closes: #879961)
> 
> Please go ahead.
> 

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#891563: stretch-pu: package disc-cover/1.5.6-2+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #891563 [release.debian.org] stretch-pu: package disc-cover/1.5.6-2+deb9u1
Added tag(s) pending.

-- 
891563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#888766: stretch-pu: package debian-security-support/2018.01.29~deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Mon, 2018-03-05 at 17:32 +0100, Guido Günther wrote:
> On Fri, Mar 02, 2018 at 05:38:18PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Mon, 2018-01-29 at 17:36 +0100, Guido Günther wrote:
> > > This update brings debian-security-support in line with unstable.
> > > Most notably in stable this affects swftools since security
> > > support
> > > for it is now limited.
> > > 
> > 
> > --- a/debian/changelog
> > +++ b/debian/changelog
> > @@ -1,3 +1,44 @@
> > +debian-security-support (2018.01.29~deb9u1) stable-proposed-
> > updates; urgency=medium
> > 
> > Please use "stretch" as the changelog distribution and feel free to
> > upload.
> 
> Changed and uploaded now. Thanks
> 

Flagged for acceptance; thanks.

Regards,

Adam

Processed: Re: Bug#888766: stretch-pu: package debian-security-support/2018.01.29~deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #888766 [release.debian.org] stretch-pu: package 
debian-security-support/2018.01.29~deb9u1
Added tag(s) pending.

-- 
888766: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888766
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#891466: stretch-pu: package 2ping/3.2.1-1+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #891466 [release.debian.org] stretch-pu: package 2ping/3.2.1-1+deb9u1
Added tag(s) pending.

-- 
891466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#891466: stretch-pu: package 2ping/3.2.1-1+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2018-03-03 at 14:33 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2018-02-25 at 21:59 +0200, Adrian Bunk wrote:
> >   * Add the missing dependency on python-pkg-resources.
> > (Closes: #855972)
> 
> Please go ahead.
> 

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#888909: stretch-pu: package nvidia-graphics-drivers/384.111-4~deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #888909 [release.debian.org] stretch-pu: package 
nvidia-graphics-drivers/384.111-4~deb9u1
Ignoring request to alter tags of bug #888909 to the same tags previously set

-- 
888909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#888909: stretch-pu: package nvidia-graphics-drivers/384.111-4~deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2018-03-10 at 09:23 +, Adam D. Barratt wrote:
> Control: reopen -1
> 
> On Sat, 2018-03-03 at 21:27 +, Adam D. Barratt wrote:
> > On Sat, 2018-03-03 at 21:36 +0100, Andreas Beckmann wrote:
> > > On 2018-03-03 11:51, Adam D. Barratt wrote:
> > > > Uploaded and flagged for acceptance.
> 
> Actually, it wasn't. I can only assume that I got confused while
> processing the pile of nvidia uploads. :-(

It's now really in p-u.

Regards,

Adam

Bug#892505: transition: openexr

[Matteo F. Vescovi]

Hi!

On 2018-03-10 at 16:35 (+0100), Emilio Pozuelo Monfort wrote:

[...]

>> while vips on some weird missing dependencies where openexr is not
>> involved, it seems.
>
> Can you file a bug for this?

Gonna do it asap.

> BTW I see in your changelog:
>
> openexr (2.2.1-2) experimental; urgency=medium
>
>   * debian/: SONAME bump 22 -> 23
>   * debian/control: add Breaks and Replaces for library replacement
>
> So IIUC, you upgraded 2.2.1-1, which bumped the SONAME, without bumping the
> binary package name. Then you uploaded 2.2.1-2 with updated package name for 
> the
> bumped SONAME. However since both libopenexr22_2.2.1-1 and 
> libopenexr23_2.2.1-2
> ship libopenexr.so.23, you had to add some Breaks/Replaces. But you added:
>
> Package: libopenexr23
> Version: 2.2.1-2
> Replaces: libopenexr22 (<< 2.2.1-2)
> Breaks: libopenexr22 (<< 2.2.1-2)
>
> That's unnecessarily broad, as it breaks against libopenexr22_2.2.0-11.1 that 
> we
> have in testing, when it shouldn't. That will cause pain during the 
> transition.
> Can you instead update the Breaks/Replaces to something like
>
>   libopenexr22 (= 2.2.1-1)
>
> or
>
>   libopenexr22 (>= 2.2.1)
>
> That should still conflict against the bad versions but not against the good 
> ones.
>
> Basically if you can install libopenexr22/testing with libopenexr23, then 
> we're
> good to go.

That's what I've done now: I've just uploaded -3 revision that fixes the
Breaks/Replaces with the first option you provided. And I've tested the
co-installability of libopenexr22 from testing and libopenexr23 from
experimental.

Cheers.

-- 
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A


signature.asc
Description: PGP signature

Bug#892487: transition: gnome-desktop3/mutter 3.27

[Emilio Pozuelo Monfort]

Control: tags -1 confirmed

On 09/03/18 16:06, Jeremy Bicha wrote:
> Oh, I forgot to mention 2 things:
> 
> 1. I would like to do the mutter/gnome-shell transition simultaneously
> with gnome-desktop3:
> 
> https://release.debian.org/transitions/html/auto-mutter.html
> 
> All 3 affected packages need sourceful uploads. I have permission from
> the budgie-desktop maintainer to do its NMU. The others are Debian
> GNOME packages which I will also upload.

Go ahead.

> 2. I will wait to do the libgweather transition requested at
> https://bugs.debian.org/890322 later.

OK.

Cheers,
Emilio

Processed: Re: Bug#892487: transition: gnome-desktop3/mutter 3.27

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed
Bug #892487 [release.debian.org] transition: gnome-desktop3 3.27
Added tag(s) confirmed.

-- 
892487: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892487
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#892505: transition: openexr

[Emilio Pozuelo Monfort]

On 10/03/18 16:05, Matteo F. Vescovi wrote:
> Hi Emilio!
> 
> On 2018-03-10 at 10:27 (+0100), Emilio Pozuelo Monfort wrote:
> 
> [...]
> 
>>> ### Dependency level 3 ###
>>>  * gmic_1.7.9+zart-4 => FTBFS (not openexr related)
>>>  * gst-plugins-bad1.0_1.8.3-1 => FTBFS (not openexr related)
>>
>> unstable has gst-plugins-bad1.0 1.12.4-2.
>> Did you really check with 1.8.3-1?
> 
> Gosh, reverse-depends from ubuntu-dev-tools package brought that version
> in my list, no idea why. Anyway, I've checked gst-plugins-bad1.0
> 1.12.4-2 and:
> 
>  * gst-plugins-bad1.0 1.12.4-2 => OK

Ok, good.

> 
>> Can you also check the other packages that failed to build (gmic and
>> vips)?
> 
> Unfortunately, both were built on the right versions and they fail; gmic
> with:
> 
> = = = = = = = >8 = = = = = =
> dh_install: Cannot find (any matches for) "etc/bash_completion.d/gmic"
> (tried in ., debian/tmp)
> 
> dh_install: gmic missing files: etc/bash_completion.d/gmic
> dh_install: missing files, aborting
> = = = = = = = >8 = = = = = =

That's #892123.

> while vips on some weird missing dependencies where openexr is not
> involved, it seems.

Can you file a bug for this?

BTW I see in your changelog:

openexr (2.2.1-2) experimental; urgency=medium

  * debian/: SONAME bump 22 -> 23
  * debian/control: add Breaks and Replaces for library replacement

So IIUC, you upgraded 2.2.1-1, which bumped the SONAME, without bumping the
binary package name. Then you uploaded 2.2.1-2 with updated package name for the
bumped SONAME. However since both libopenexr22_2.2.1-1 and libopenexr23_2.2.1-2
ship libopenexr.so.23, you had to add some Breaks/Replaces. But you added:

Package: libopenexr23
Version: 2.2.1-2
Replaces: libopenexr22 (<< 2.2.1-2)
Breaks: libopenexr22 (<< 2.2.1-2)

That's unnecessarily broad, as it breaks against libopenexr22_2.2.0-11.1 that we
have in testing, when it shouldn't. That will cause pain during the transition.
Can you instead update the Breaks/Replaces to something like

  libopenexr22 (= 2.2.1-1)

or

  libopenexr22 (>= 2.2.1)

That should still conflict against the bad versions but not against the good 
ones.

Basically if you can install libopenexr22/testing with libopenexr23, then we're
good to go.

Cheers,
Emilio

Bug#888531: transition: ruby2.5 - binNMU round #5, and next steps

[Emilio Pozuelo Monfort]

On 09/03/18 15:53, Antonio Terceiro wrote:
> Hi,
> 
> Please binNMU:
> 
> obexftp
> ruby-bcrypt-pbkdf
> 
> Now we need to discuss what to do wrt the few pending packages.
> 
> weechat: #892072 [S|+|  ] [src:weechat] weechat: build against ruby2.5

That's got a patch, and should be fixed.

> uwsgi: #892074 [S  |  ] [src:uwsgi] uwsgi: FTBFS with ruby2.5 as default

I gave a clue about this one on the bug. Easy to fix.

> graphviz: is missing on armel, because guile-2.2-dev is missing on armel. I
> asked on #debian-buildd and Julien told me that guile-2.2-dev brings the
> buildds down.

Yeah, this is a problem.

> ruby-prof: I just uploaded an update that will make it build fine on s390x.

Good.

> ruby-pgplot: it's in contrib and has a dependency on a non-free package,
> so it can't be built on buildds. I could do binary uploads myself now,
> or ask someone who cares about it to do that, but then when it's time to
> drop ruby2.3 I would need to do that again, and I would prefer to do it
> just once. I just reported a serious bugs about this.

Already fixed (thanks Andreas!)

> My suggestion would be to remove weechat, uwsgi and ruby-pgplot from
> testing, remove graphviz from testing on armel, and unblock the
> transition. But, of course, this is your call.

No, we should fix weechat and uwsgi. The only real problem is with guile-2.2 on
armel. I'll see what can be done there.

Cheers,
Emilio

Bug#892505: transition: openexr

[Matteo F. Vescovi]

Hi Emilio!

On 2018-03-10 at 10:27 (+0100), Emilio Pozuelo Monfort wrote:

[...]

>> ### Dependency level 3 ###
>>  * gmic_1.7.9+zart-4 => FTBFS (not openexr related)
>>  * gst-plugins-bad1.0_1.8.3-1 => FTBFS (not openexr related)
>
> unstable has gst-plugins-bad1.0 1.12.4-2.
> Did you really check with 1.8.3-1?

Gosh, reverse-depends from ubuntu-dev-tools package brought that version
in my list, no idea why. Anyway, I've checked gst-plugins-bad1.0
1.12.4-2 and:

 * gst-plugins-bad1.0 1.12.4-2 => OK

> Can you also check the other packages that failed to build (gmic and
> vips)?

Unfortunately, both were built on the right versions and they fail; gmic
with:

= = = = = = = >8 = = = = = =
dh_install: Cannot find (any matches for) "etc/bash_completion.d/gmic"
(tried in ., debian/tmp)

dh_install: gmic missing files: etc/bash_completion.d/gmic
dh_install: missing files, aborting
= = = = = = = >8 = = = = = =

while vips on some weird missing dependencies where openexr is not
involved, it seems.

Hope this helps.

Cheers.


-- 
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #5, and next steps

[Antonio Terceiro]

On Sat, Mar 10, 2018 at 04:26:03AM +0100, Andreas Beckmann wrote:
> On Fri, 9 Mar 2018 11:53:17 -0300 Antonio Terceiro 
> wrote:
> > ruby-pgplot: it's in contrib and has a dependency on a non-free package,
> > so it can't be built on buildds. I could do binary uploads myself now,
> > or ask someone who cares about it to do that, but then when it's time to
> > drop ruby2.3 I would need to do that again, and I would prefer to do it
> > just once. I just reported a serious bugs about this.
> 
> If you have the infrastructure ready to do contrib/non-free binNMUs (and
> some experience with it), this is not really much work. Uploaded a +b1
> binNMU. Please ping me once you need the ruby2.5-only binNMU.

I have neither the infra ready nor the experience, so thank you lot for
your help with this! :-)


signature.asc
Description: PGP signature

Processed: reopening 888909

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Gah automation
> reopen 888909
Bug #888909 {Done: "Adam D. Barratt" } 
[release.debian.org] stretch-pu: package 
nvidia-graphics-drivers/384.111-4~deb9u1
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions 9.4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
888909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: limit package to release.debian.org, closing 886482, closing 886589, closing 886593, closing 886636 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # These updates were all included in today's stretch point release
> limit package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> close 886482 9.4
Bug #886482 [release.debian.org] stretch-pu: package global/6.5.6-2
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #886482 [release.debian.org] stretch-pu: package global/6.5.6-2
Marked Bug as done
> close 886589 9.4
Bug #886589 [release.debian.org] stretch-pu: package mapproxy/1.9.0-3+deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #886589 [release.debian.org] stretch-pu: package mapproxy/1.9.0-3+deb9u1
Marked Bug as done
> close 886593 9.4
Bug #886593 [release.debian.org] stretch-pu: package qtpass/1.1.6-1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #886593 [release.debian.org] stretch-pu: package qtpass/1.1.6-1
Marked Bug as done
> close 886636 9.4
Bug #886636 [release.debian.org] stretch-pu: package gnumail/1.2.2-1.1+deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #886636 [release.debian.org] stretch-pu: package gnumail/1.2.2-1.1+deb9u1
Marked Bug as done
> close 886877 9.4
Bug #886877 [release.debian.org] stretch-pu: package 
gosa-plugin-pwreset/0.99.4-1+deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #886877 [release.debian.org] stretch-pu: package 
gosa-plugin-pwreset/0.99.4-1+deb9u1
Marked Bug as done
> close 887311 9.4
Bug #887311 [release.debian.org] stretch-pu: package 
libperlx-assert-perl/0.904-1+deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887311 [release.debian.org] stretch-pu: package 
libperlx-assert-perl/0.904-1+deb9u1
Marked Bug as done
> close 887352 9.4
Bug #887352 [release.debian.org] stretch-pu: package mpi4py/2.0.0-2.1+deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887352 [release.debian.org] stretch-pu: package mpi4py/2.0.0-2.1+deb9u1
Marked Bug as done
> close 887359 9.4
Bug #887359 [release.debian.org] stretch-pu: package slic3r/1.2.9+dfsg-9~deb9u1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887359 [release.debian.org] stretch-pu: package slic3r/1.2.9+dfsg-9~deb9u1
Marked Bug as done
> close 887589 9.4
Bug #887589 [release.debian.org] stretch-pu: package grilo-plugins/0.3.3-1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887589 [release.debian.org] stretch-pu: package grilo-plugins/0.3.3-1
Marked Bug as done
> close 887855 9.4
Bug #887855 [release.debian.org] stretch-pu: package libvirt/3.0.0-4+deb9u2
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887855 [release.debian.org] stretch-pu: package libvirt/3.0.0-4+deb9u2
Marked Bug as done
> close 887999 9.4
Bug #887999 [release.debian.org] stretch-pu: package 
libhibernate-validator-java/4.3.3-1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #887999 [release.debian.org] stretch-pu: package 
libhibernate-validator-java/4.3.3-1
Marked Bug as done
> close 888006 9.4
Bug #888006 [release.debian.org] stretch-pu: package salt/2016.11.2+ds-1
There is no source info for the package 'release.debian.org' at version '9.4' 
with architecture ''
Unable to make a source version for version '9.4'
Marked as fixed in versions 9.4.
Bug #888006 [release.debian.org] stretch-pu: package salt/2016.11.2+ds-1
Marked Bug as done
> close 888488 9.4
Bug #888488 [release.debian.org] stretch-pu: package w3m/0.5.3-34+deb9u1
There is no source info for the package 'release.debian.org' at version 

Bug#885027: marked as done (stretch-pu: package mosquitto/1.4.10-3+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #885027,
regarding stretch-pu: package mosquitto/1.4.10-3+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885027
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

This patch fixes CVS-2017-0868 for mosquitto. The security team does not
believe it is worthy of a DSA and suggest a point release instead.

-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-97-generic (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff -Nru mosquitto-1.4.10/debian/changelog mosquitto-1.4.10/debian/changelog
--- mosquitto-1.4.10/debian/changelog	2017-05-29 14:38:36.0 +0100
+++ mosquitto-1.4.10/debian/changelog	2017-12-22 21:29:50.0 +
@@ -1,3 +1,12 @@
+mosquitto (1.4.10-3+deb9u1) stretch; urgency=medium
+
+  * SECURITY UPDATE: Mosquitto persistence file is world readable.
+- debian/patches/mosquitto-1.4.x_cve-2017-9868.patch: Set umask to limit
+  read permissions.
+- CVE-2017-9868
+
+ -- Roger A. Light   Fri, 22 Dec 2017 08:19:25 +
+
 mosquitto (1.4.10-3) unstable; urgency=high
 
   * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
diff -Nru mosquitto-1.4.10/debian/patches/mosquitto-1.4.x_cve-2017-9868.patch mosquitto-1.4.10/debian/patches/mosquitto-1.4.x_cve-2017-9868.patch
--- mosquitto-1.4.10/debian/patches/mosquitto-1.4.x_cve-2017-9868.patch	1970-01-01 01:00:00.0 +0100
+++ mosquitto-1.4.10/debian/patches/mosquitto-1.4.x_cve-2017-9868.patch	2017-06-26 09:41:10.0 +0100
@@ -0,0 +1,17 @@
+Description: Fix for CVE-207-9868.
+Author: Roger Light 
+Forwarded: not-needed
+Origin: upstream, https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
+--- a/src/persist.c
 b/src/persist.c
+@@ -362,6 +362,10 @@
+ 		_mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Error saving in-memory database, out of memory.");
+ 		return MOSQ_ERR_NOMEM;
+ 	}
++
++	/* Restrict access to persistence file. */
++	umask(0077);
++
+ 	snprintf(outfile, len, "%s.new", db->config->persistence_filepath);
+ 	outfile[len] = '\0';
+ 
diff -Nru mosquitto-1.4.10/debian/patches/series mosquitto-1.4.10/debian/patches/series
--- mosquitto-1.4.10/debian/patches/series	2017-05-29 13:47:08.0 +0100
+++ mosquitto-1.4.10/debian/patches/series	2017-12-22 08:23:41.0 +
@@ -8,3 +8,4 @@
 hurd-errno.patch
 mosquitto-1.4.10_cve-2017-7650.patch
 allow_ipv6_bridges.patch
+mosquitto-1.4.x_cve-2017-9868.patch
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#884606: marked as done (stretch-pu: package espeakup/1:0.80-5+b2)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #884606,
regarding stretch-pu: package espeakup/1:0.80-5+b2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884606: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884606
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: k...@debian.org

Hello,

Several blind users have reported that the Debian Installer speech
synthesis was not working on their computer, thus making it unusable
for them. It happens that this is due to odd numbering of sound cards
by ALSA on those computers. We have fixed this in buster, it has been
successfully tested on the reported systems, so I propose to include the
fix in Stretch too, I have attached the diff. I'm also Cc-ing Kibi for
his opinion on this.

Samuel

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index a908870..7a19a8d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+espeakup (1:0.80-5+deb9u1) stretch; urgency=medium
+
+  * debian/espeakup-udeb.start: Fix case where card 0 does not have an id or
+where cards have non-contiguous indexes.
+  * debian/espeakup-udeb.finish-install: Use card id in installed system
+to avoid issues with card detection ordering.
+
+ -- Samuel Thibault   Sun, 17 Dec 2017 16:35:19 +0100
+
 espeakup (1:0.80-5) unstable; urgency=medium
 
   * Use canonical anonscm vcs URL.
diff --git a/debian/espeakup-udeb.finish-install 
b/debian/espeakup-udeb.finish-install
index 00e7e84..17c9182 100644
--- a/debian/espeakup-udeb.finish-install
+++ b/debian/espeakup-udeb.finish-install
@@ -12,4 +12,4 @@ apt-install espeakup alsa-utils || true
 
 cp /usr/share/espeakup-udeb/espeakup.default /target/etc/default/espeakup
 sed -i -e "s/^VOICE=.*/VOICE=$VOICE/" /target/etc/default/espeakup
-[ -z "$ALSA_CARD" ] || sed -i -e "s/^# ALSA_CARD=.*/ALSA_CARD=\"$ALSA_CARD\"/" 
/target/etc/default/espeakup
+[ -z "$ALSA_CARD" ] || sed -i -e "s/^# ALSA_CARD=.*/ALSA_CARD=\"`cat 
/sys/class/sound/card$ALSA_CARD/id`\"/" /target/etc/default/espeakup
diff --git a/debian/espeakup-udeb.start b/debian/espeakup-udeb.start
index d187d77..2f5db6a 100644
--- a/debian/espeakup-udeb.start
+++ b/debian/espeakup-udeb.start
@@ -1,7 +1,15 @@
+BASE=/sys/class/sound
+
+strip () {
+   cardid=${1#$BASE/card}
+   echo ${cardid%/id}
+}
+
 if lsmod | grep -q speakup_soft; then
# Give drivers some time to detect boards :/
sleep 2
-   N=$(ls /sys/class/sound/card*/id | wc -l)
+   IDS=$(echo $BASE/card*/id)
+   N=$(echo $IDS | wc -w)
case $N in
0)
echo No sound card detected, can not do software speech 
synthesis... Press enter to continue anyway.
@@ -9,17 +17,18 @@ if lsmod | grep -q speakup_soft; then
;;
1)
# Just one card, can not be wrong
-   echo 0 > /var/run/espeakup.card
-   /usr/bin/espeakup > /var/log/espeakup.log 2>&1
+   echo $(strip $IDS) > /var/run/espeakup.card
+   /usr/bin/espeakup -V en > /var/log/espeakup.log 2>&1
;;
*)
# Several cards, make the user choose
CARD=none
while [ "$CARD" = none ]
do
-   for i in $( seq 0 $(($N-1)) )
+   for ID in $IDS
do
-   ALSA_CARD=$(cat 
/sys/class/sound/card$i/id) /usr/bin/espeakup >> /var/log/espeakup.log 2>&1
+   

Bug#885184: marked as done (stretch-pu: package agenda.app/0.42.2-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #885184,
regarding stretch-pu: package agenda.app/0.42.2-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885184: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885184
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi SRMs,

Would you approve an update for agenda.app to fix #884098?
Proposed change was tested on a stretch machine; debdiff attached.

(Note that jessie is not affected; it has the same agenda.app version
but an older gnustep-gui version that doesn't exhibit the bug.)

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), 
LANGUAGE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru agenda.app-0.42.2/debian/changelog agenda.app-0.42.2/debian/changelog
--- agenda.app-0.42.2/debian/changelog  2012-05-29 18:00:21.0 +0300
+++ agenda.app-0.42.2/debian/changelog  2017-12-25 22:09:00.0 +0200
@@ -1,3 +1,11 @@
+agenda.app (0.42.2-1+deb9u1) stretch; urgency=medium
+
+  * debian/patches/fix-editors-exception.patch: New, fixes creation of
+tasks and appointments (Closes: #884098).
+  * debian/patches/series: New file.
+
+ -- Yavor Doganov   Mon, 25 Dec 2017 22:09:00 +0200
+
 agenda.app (0.42.2-1) unstable; urgency=low
 
   * New upstream release:
diff -Nru agenda.app-0.42.2/debian/patches/fix-editors-exception.patch 
agenda.app-0.42.2/debian/patches/fix-editors-exception.patch
--- agenda.app-0.42.2/debian/patches/fix-editors-exception.patch
1970-01-01 02:00:00.0 +0200
+++ agenda.app-0.42.2/debian/patches/fix-editors-exception.patch
2017-12-25 22:09:00.0 +0200
@@ -0,0 +1,40 @@
+Description: Fix NSException when creating a new task or appointment.
+ Upstream is uncertain that this is the right fix; I concur.  It looks
+ like the problem stems from the fact that TaskEditor/AppointmentEditor
+ are window controllers but don't derive from NSWindowController and
+ thus do not inherit the -document method.  Upstream doesn't remember
+ why he opted to subclass NSObject; it's not feasible to change the
+ superclass now.
+Origin: upstream, commit:fa5ccf2
+Bug-Debian: https://bugs.debian.org/884098
+Last-Update: 2017-12-25
+---
+
+--- agenda.app.orig/AppointmentEditor.m
 agenda.app/AppointmentEditor.m
+@@ -38,6 +38,11 @@
+   return self;
+ }
+ 
++- (id)document
++{
++   return nil;
++}
++
+ - (id)initWithEvent:(Event *)event
+ {
+   StoreManager *sm = [StoreManager globalManager];
+--- agenda.app.orig/TaskEditor.m
 agenda.app/TaskEditor.m
+@@ -33,6 +33,11 @@
+   return self;
+ }
+ 
++- (id)document
++{
++   return nil;
++}
++
+ - (id)initWithTask:(Task *)task
+ {
+   StoreManager *sm = [StoreManager globalManager];
diff -Nru agenda.app-0.42.2/debian/patches/series 
agenda.app-0.42.2/debian/patches/series
--- agenda.app-0.42.2/debian/patches/series 1970-01-01 02:00:00.0 
+0200
+++ agenda.app-0.42.2/debian/patches/series 2017-12-25 22:09:00.0 
+0200
@@ -0,0 +1 @@
+fix-editors-exception.patch
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#885531: marked as done (stretch-pu: package soundtouch/1.9.2-2+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #885531,
regarding stretch-pu: package soundtouch/1.9.2-2+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

This soundtouch update fixes 3 no-DSA security bugs: #870854, #870856,
and #870857. I have tested the package on stretch and with the attached
debdiff, soundstretch still works and the proof of concepts for the 3
security issues behave correctly now.

The patch under debian/patches uses DOS line endings because the file it
modifies also uses DOS line endings.

Thanks,
James

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru soundtouch-1.9.2/debian/changelog soundtouch-1.9.2/debian/changelog
--- soundtouch-1.9.2/debian/changelog   2015-09-28 15:13:28.0 +0100
+++ soundtouch-1.9.2/debian/changelog   2017-12-27 16:34:15.0 +
@@ -1,3 +1,13 @@
+soundtouch (1.9.2-2+deb9u1) stretch; urgency=medium
+
+  [ Gabor Karsay ]
+  * Add patch to fix
+- CVE-2017-9258 (Closes: #870854)
+- CVE-2017-9259 (Closes: #870856)
+- CVE-2017-9260 (Closes: #870857)
+
+ -- James Cowgill   Wed, 27 Dec 2017 16:34:15 +
+
 soundtouch (1.9.2-2) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru soundtouch-1.9.2/debian/patches/cve-2017-92xx.patch 
soundtouch-1.9.2/debian/patches/cve-2017-92xx.patch
--- soundtouch-1.9.2/debian/patches/cve-2017-92xx.patch 1970-01-01 
01:00:00.0 +0100
+++ soundtouch-1.9.2/debian/patches/cve-2017-92xx.patch 2017-12-27 
16:34:15.0 +
@@ -0,0 +1,36 @@
+Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
+ Based on an upstream commit, original commit message was: "Added sanity
+ checks against illegal input audio stream parameters e.g. wildly excessive
+ samplerate".
+ . 
+ There is no reference to CVEs or bugs, the commit was made after disclosure
+ of the CVEs and all three proofs of concept (crafted wav files) fail after
+ this commit.
+ . 
+ The commit was made after version 2.0.0, so that version is also vulnerable.
+ .
+ Unrelated changes were stripped away by patch author, upstream commit author
+ is Olli Parviainen .
+Author: Gabor Karsay 
+Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/source/SoundTouch/TDStretch.cpp
 b/source/SoundTouch/TDStretch.cpp
+@@ -128,7 +128,12 @@
+   int aSeekWindowMS, int aOverlapMS)
+ {
+ // accept only positive parameter values - if zero or negative, use old 
values instead
+-if (aSampleRate > 0)   this->sampleRate = aSampleRate;
++if (aSampleRate > 0)
++{
++if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive 
samplerate");
++this->sampleRate = aSampleRate;
++}
++
+ if (aOverlapMS > 0)this->overlapMs = aOverlapMS;
+ 
+ if (aSequenceMS > 0)
diff -Nru soundtouch-1.9.2/debian/patches/series 
soundtouch-1.9.2/debian/patches/series
--- soundtouch-1.9.2/debian/patches/series  1970-01-01 01:00:00.0 
+0100
+++ soundtouch-1.9.2/debian/patches/series  2017-12-27 16:34:15.0 
+
@@ -0,0 +1 @@
+cve-2017-92xx.patch


signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#885086: marked as done (stretch-pu: package kildclient/3.1.0-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #885086,
regarding stretch-pu: package kildclient/3.1.0-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

I'd like to upload an update to kildclient to fix
bug #885007 / CVE-2017-17511:
| KildClient 3.1.0 does not validate strings before launching the program
| specified by the BROWSER environment variable, which might allow remote
| attackers to conduct argument-injection attacks via a crafted URL,
| related to prefs.c and worldgui.c.

This issue is of minimal impact, and the security team considered that a DSA is
not necessary, but there is a simple fix that avoids the use of a user-
specified command or $BROWSER, and I'd like to include it in the next point
release. The debdiff is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
diff -Nru kildclient-3.1.0/debian/changelog kildclient-3.1.0/debian/changelog
--- kildclient-3.1.0/debian/changelog   2016-12-04 20:46:22.0 -0200
+++ kildclient-3.1.0/debian/changelog   2017-12-23 08:40:07.0 -0200
@@ -1,3 +1,10 @@
+kildclient (3.1.0-1+deb9u1) stretch; urgency=low
+
+  * Fix for CVE-2017-17511. New dependency 'gvfs' required in order to use
+GTK+ function for opening URLs. Closes: #885007
+
+ -- Eduardo M Kalinowski   Sat, 23 Dec 2017 
08:40:07 -0200
+
 kildclient (3.1.0-1) unstable; urgency=low
 
   * New upstream version: 3.1.0.
diff -Nru kildclient-3.1.0/debian/control kildclient-3.1.0/debian/control
--- kildclient-3.1.0/debian/control 2016-12-04 20:46:22.0 -0200
+++ kildclient-3.1.0/debian/control 2017-12-17 09:42:44.0 -0200
@@ -10,7 +10,7 @@
 
 Package: kildclient
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libjson-perl
+Depends: ${shlibs:Depends}, ${misc:Depends}, libjson-perl, gvfs
 Suggests: kildclient-doc, libgtk3-perl
 Description: powerful MUD client with a built-in Perl interpreter
  KildClient is a MUD Client written with the GTK+ windowing toolkit.
diff -Nru kildclient-3.1.0/debian/NEWS.Debian 
kildclient-3.1.0/debian/NEWS.Debian
--- kildclient-3.1.0/debian/NEWS.Debian 2016-12-04 20:46:22.0 -0200
+++ kildclient-3.1.0/debian/NEWS.Debian 2017-12-17 09:43:58.0 -0200
@@ -1,3 +1,10 @@
+kildclient (3.1.0-1+deb9u1) stretch-security; urgency=high
+
+  * The option to define the command used to run a web browser has been
+removed; the default browser (as selected by gvfs) is now used.
+
+ -- Eduardo M Kalinowski   Sun, 17 Dec 2017 
09:42:23 -0200
+
 kildclient (2.8.1-1) experimental; urgency=low
 
   The HTML manual is now in the package kildclient-doc.
diff -Nru kildclient-3.1.0/debian/patches/cve-2017-17511.patch 
kildclient-3.1.0/debian/patches/cve-2017-17511.patch
--- kildclient-3.1.0/debian/patches/cve-2017-17511.patch1969-12-31 
21:00:00.0 -0300
+++ kildclient-3.1.0/debian/patches/cve-2017-17511.patch2017-12-17 
09:56:25.0 -0200
@@ -0,0 +1,183 @@
+Description: Fix for CVE-2017-17511
+ Uses a GTK+ function to open URLs, instead of using a command
+ supplied by the user or $BROWSER.
+Author: Eduardo M KALINOWSKI 
+Last-Update: 2017-12-17
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/doc/C/kildclient.xml
 b/doc/C/kildclient.xml
+@@ -1233,20 +1233,16 @@
+   
+ 
+ 
+-In this section you can configure the command that will be run
+-when you right-click in a URL that appears in the MUD window and
+-select Open Link. The command will be executed,
+-with %s replaced with the URL's address. The
+-ampersand () in the end means that the command
+-is to be executed in the background, so that you can continue using
+-KildClient while browsing the URL.
+-
+-You can also set a command used to play audio files (see In this section you can set a command used to play audio files (see 
). Enter the 

Bug#885582: marked as done (stretch-pu: package ncurses/6.0+20161126-1+deb9u2)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #885582,
regarding stretch-pu: package ncurses/6.0+20161126-1+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885582: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885582
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch d-i
User: release.debian@packages.debian.org
Usertags: pu

I would like to fix bug #882620 aka CVE-2017-16879 in stretch, a buffer
overflow in the _nc_write_entry function.

While this touches the tinfo library used in the installer,
_nc_write_entry() is only used by tic as far as I am aware.

Cheers,
   Sven

diff -Nru ncurses-6.0+20161126/debian/changelog ncurses-6.0+20161126/debian/changelog
--- ncurses-6.0+20161126/debian/changelog	2017-09-07 19:05:43.0 +0200
+++ ncurses-6.0+20161126/debian/changelog	2017-12-28 10:47:33.0 +0100
@@ -1,3 +1,11 @@
+ncurses (6.0+20161126-1+deb9u2) stretch; urgency=medium
+
+  * Cherry-pick upstream fix from the 20171125 patchlevel to fix
+a buffer overflow in the _nc_write_entry function
+(CVE-2017-16879, Closes: #882620).
+
+ -- Sven Joachim   Thu, 28 Dec 2017 10:47:33 +0100
+
 ncurses (6.0+20161126-1+deb9u1) stretch; urgency=medium
 
   * Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
diff -Nru ncurses-6.0+20161126/debian/patches/cve-2017-16879.diff ncurses-6.0+20161126/debian/patches/cve-2017-16879.diff
--- ncurses-6.0+20161126/debian/patches/cve-2017-16879.diff	1970-01-01 01:00:00.0 +0100
+++ ncurses-6.0+20161126/debian/patches/cve-2017-16879.diff	2017-12-28 10:32:23.0 +0100
@@ -0,0 +1,44 @@
+Author: Sven Joachim 
+Description: Fix for CVE-2017-16879 in the _nc_write_entry function
+ Fix for CVE-2017-16879 cherry-picked from upstream patchlevel
+ 20171125.
+Bug-Debian: https://bugs.debian.org/882620
+Forwarded: not-needed
+Last-Update: 2017-11-27
+
+---
+ ncurses/tinfo/write_entry.c |   11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/ncurses/tinfo/write_entry.c
 b/ncurses/tinfo/write_entry.c
+@@ -267,6 +267,9 @@ _nc_write_entry(TERMTYPE *const tp)
+ #endif
+ #endif /* USE_SYMLINKS */
+ 
++unsigned limit2 = sizeof(filename) - (2 + LEAF_LEN);
++char saved = '\0';
++
+ static int call_count;
+ static time_t start_time;	/* time at start of writes */
+ 
+@@ -365,12 +368,18 @@ _nc_write_entry(TERMTYPE *const tp)
+ 	start_time = 0;
+ }
+ 
+-if (strlen(first_name) >= sizeof(filename) - (2 + LEAF_LEN))
++if (strlen(first_name) >= sizeof(filename) - (2 + LEAF_LEN)) {
+ 	_nc_warning("terminal name too long.");
++	saved = first_name[limit2];
++	first_name[limit2] = '\0';
++}
+ 
+ _nc_SPRINTF(filename, _nc_SLIMIT(sizeof(filename))
+ 		LEAF_FMT "/%s", first_name[0], first_name);
+ 
++if (saved)
++	first_name[limit2] = saved;
++
+ /*
+  * Has this primary name been written since the first call to
+  * write_entry()?  If so, the newer write will step on the older,
diff -Nru ncurses-6.0+20161126/debian/patches/series ncurses-6.0+20161126/debian/patches/series
--- ncurses-6.0+20161126/debian/patches/series	2017-09-07 19:05:43.0 +0200
+++ ncurses-6.0+20161126/debian/patches/series	2017-12-28 10:32:23.0 +0100
@@ -5,3 +5,4 @@
 termcap-fix.diff
 more-cve-fixes.diff
 cve-2017-13733.diff
+cve-2017-16879.diff
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#886380: marked as done (stretch-pu: package opendmarc/1.3.2-2+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #886380,
regarding stretch-pu: package opendmarc/1.3.2-2+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

As released, opendmarc doesn't read it's configuration file which
substantially limits the packages usefullness as packaged/released.  The
attached debdiff changes the service file so the configuration file is
actually used and adjusts the configuration file to match the option values
previously hard coded in the service file.

This is very similar to a change I needed to make in opendkim that has gone
well as a stable update, so I believe this is very low risk.

The package is built and ready for upload.

Scott K
diff -u opendmarc-1.3.2/debian/changelog opendmarc-1.3.2/debian/changelog
--- opendmarc-1.3.2/debian/changelog
+++ opendmarc-1.3.2/debian/changelog
@@ -1,3 +1,12 @@
+opendmarc (1.3.2-2+deb9u1) stretch; urgency=medium
+
+  * Update opendmarc service file so changes in opendmarc.conf are used and
+update opendmarc.conf to match values previously hard-coded in the service
+file (Closes: #863612)
+- Thanks to Jack Bates for the patch
+
+ -- Scott Kitterman   Thu, 04 Jan 2018 20:47:48 -0500
+
 opendmarc (1.3.2-2) unstable; urgency=medium
 
   * Do not remove /etc/default/opendkim on upgrade since it is a conffile
diff -u opendmarc-1.3.2/debian/opendmarc.conf opendmarc-1.3.2/debian/opendmarc.conf
--- opendmarc-1.3.2/debian/opendmarc.conf
+++ opendmarc-1.3.2/debian/opendmarc.conf
@@ -12,13 +12,28 @@
 ##
 # FailureReports false
 
-PidFile /var/run/opendmarc.pid
+PidFile /var/run/opendmarc/opendmarc.pid
 
 ##  RejectFailures { true | false }
 ##  	default "false"
 ##
 RejectFailures false
 
+##  Socket socketspec
+##  	default (none)
+##
+##  Specifies the socket that should be established by the filter to receive
+##  connections from sendmail(8) in order to provide service.  socketspec is
+##  in one of two forms: local:path, which creates a UNIX domain socket at
+##  the specified path, or inet:port[@host] or inet6:port[@host] which creates
+##  a TCP socket on the specified port for the appropriate protocol family.
+##  If the host is not given as either a hostname or an IP address, the
+##  socket will be listening on all interfaces.  This option is mandatory
+##  either in the configuration file or on the command line.  If an IP
+##  address is used, it must be enclosed in square brackets.
+#
+Socket local:/var/run/opendmarc/opendmarc.sock
+
 ##  Syslog { true | false }
 ##  	default "false"
 ##
@@ -65,7 +80,7 @@
 ##  The process will be assigned all of the groups and primary group ID of
 ##  the named userid unless an alternate group is specified.
 #
-UserID opendmarc:opendmarc
+UserID opendmarc
 
 ## Path to system copy of PSL (needed to determine organizational domain)
 #
diff -u opendmarc-1.3.2/debian/opendmarc.service opendmarc-1.3.2/debian/opendmarc.service
--- opendmarc-1.3.2/debian/opendmarc.service
+++ opendmarc-1.3.2/debian/opendmarc.service
@@ -7,7 +7,7 @@
 Type=forking
 PIDFile=/var/run/opendmarc/opendmarc.pid
 User=opendmarc
-ExecStart=/usr/sbin/opendmarc -p local:/var/run/opendmarc/opendmarc.sock  -u opendmarc -P /var/run/opendmarc/opendmarc.pid
+ExecStart=/usr/sbin/opendmarc
 Restart=on-failure
 ExecReload=/bin/kill -USR1 $MAINPID
 
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#884111: marked as done (stretch-pu: package vdirsyncer/0.14.1-1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #884111,
regarding stretch-pu: package vdirsyncer/0.14.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884111
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

I would like to upload vdirsyncer 0.14.1-2 containing fix for bug #883299
[1][2][3]. This fixes critical issue that's making vdirsyncer 0.14.1 unusable 
for
some users as it's unable to sync Google contacts.

Attaching debdiff.

Thank you,
Filip

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883299
[2] https://github.com/pimutils/vdirsyncer/issues/551
[3] https://github.com/pimutils/vdirsyncer/pull/564

-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (50, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru vdirsyncer-0.14.1/debian/changelog vdirsyncer-0.14.1/debian/changelog
--- vdirsyncer-0.14.1/debian/changelog  2017-03-27 09:41:21.0 +0200
+++ vdirsyncer-0.14.1/debian/changelog  2017-12-11 15:12:09.0 +0100
@@ -1,3 +1,9 @@
+vdirsyncer (0.14.1-2) stretch; urgency=medium
+
+  * Backport fix for discovering Google contacts (Closes: #883299)
+
+ -- Filip Pytloun   Mon, 11 Dec 2017 15:12:09 +0100
+
 vdirsyncer (0.14.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru 
vdirsyncer-0.14.1/debian/patches/0005-Work-around-Google-Contacts-discovery-bug-564.patch
 
vdirsyncer-0.14.1/debian/patches/0005-Work-around-Google-Contacts-discovery-bug-564.patch
--- 
vdirsyncer-0.14.1/debian/patches/0005-Work-around-Google-Contacts-discovery-bug-564.patch
   1970-01-01 01:00:00.0 +0100
+++ 
vdirsyncer-0.14.1/debian/patches/0005-Work-around-Google-Contacts-discovery-bug-564.patch
   2017-12-11 15:11:33.0 +0100
@@ -0,0 +1,71 @@
+From ac662b5c11223157e8a0df8988a1af63a0a4ce82 Mon Sep 17 00:00:00 2001
+From: Markus Unterwaditzer 
+Date: Mon, 27 Feb 2017 16:06:28 +0100
+Subject: [PATCH] Work around Google Contacts discovery bug (#564)
+
+* Work around Google Contacts discovery bug
+
+* fixup
+
+* changelog
+---
+ vdirsyncer/storage/dav.py| 20 ++--
+ vdirsyncer/storage/google.py |  4 
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/vdirsyncer/storage/dav.py b/vdirsyncer/storage/dav.py
+index 905c8d0..ed6dd61 100644
+--- a/vdirsyncer/storage/dav.py
 b/vdirsyncer/storage/dav.py
+@@ -201,6 +201,23 @@ class Discover(object):
+ dav_logger.debug('Given URL is not a homeset URL')
+ return self._find_collections_impl(self.find_home())
+ 
++def _check_collection_resource_type(self, response):
++if self._resourcetype is None:
++return True
++
++props = _merge_xml(response.findall(
++'{DAV:}propstat/{DAV:}prop'
++))
++if not props:
++dav_logger.debug('Skipping, missing : %s', response)
++return False
++if props.find('{DAV:}resourcetype/' + self._resourcetype) \
++   is None:
++dav_logger.debug('Skipping, not of resource type %s: %s',
++ self._resourcetype, response)
++return False
++return True
++
+ def _find_collections_impl(self, url):
+ headers = self.session.get_default_headers()
+ headers['Depth'] = '1'
+@@ -209,8 +226,7 @@ class Discover(object):
+ root = _parse_xml(r.content)
+ done = set()
+ for response in root.findall('{DAV:}response'):
+-props = _merge_xml(response.findall('{DAV:}propstat/{DAV:}prop'))
+-if props.find('{DAV:}resourcetype/' + self._resourcetype) is None:
++if not self._check_collection_resource_type(response):
+ continue
+ 
+ href = response.find('{DAV:}href')
+diff --git a/vdirsyncer/storage/google.py 

Bug#884452: marked as done (stretch-pu: package python-evtx/0.5.3b-3+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #884452,
regarding stretch-pu: package python-evtx/0.5.3b-3+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884452
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

please consider allowing an update to the python-evtx package in
stretch. It fixes Python3 dependencies (RC bug #867428).

Cheers,
-Hilko
diff -Nru python-evtx-0.5.3b/debian/changelog python-evtx-0.5.3b/debian/changelog
--- python-evtx-0.5.3b/debian/changelog	2017-01-12 01:30:09.0 +0100
+++ python-evtx-0.5.3b/debian/changelog	2017-12-12 10:35:05.0 +0100
@@ -1,3 +1,9 @@
+python-evtx (0.5.3b-3+deb9u1) stretch; urgency=medium
+
+  * Fix Python3 dependencies (Closes: #867428)
+
+ -- Hilko Bengen   Tue, 12 Dec 2017 10:35:05 +0100
+
 python-evtx (0.5.3b-3) unstable; urgency=medium
 
   * Add hexdump.py (Closes: #851056)
diff -Nru python-evtx-0.5.3b/debian/control python-evtx-0.5.3b/debian/control
--- python-evtx-0.5.3b/debian/control	2017-01-12 01:14:08.0 +0100
+++ python-evtx-0.5.3b/debian/control	2017-12-12 10:34:51.0 +0100
@@ -23,7 +23,7 @@
 
 Package: python3-evtx
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: parser for recent Windows Event Log files -- Python 3 version
  This module provides programmatic access to the File and Chunk
  headers, record templates, and event entries from Microsoft Windows
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#884483: marked as done (stretch-pu: package xrdp/0.9.1-9+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #884483,
regarding stretch-pu: package xrdp/0.9.1-9+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I'd like to update xrdp in stretch for two important bugs:

 1. #882463, CVE-2017-16927: Local DoS
Security team says it's not critical enough for stretch-security and I 
should instead
target stretch-pu (although I disagree).

 2. #884453, High CPU load in ssl_tls_accept
Remote users could use up quite a lot or all system resources by keeping 
TLS contexts
in a certain state.

Please find the debdiff attached.

Cheers,
Nik

-BEGIN PGP SIGNATURE-

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlo0F1gxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8paeRA//apbQ6DhlOkmV6C5+bQ3dSPK0BYbV
CAEwhIVSNSsIr7M8726DcoRPIcfdkmU9sE6T84QXf8wShBzoGPTjI9WWIhkwOF2o
UuBWZ68wKnQ7A4wuH9br5TYkeF6TDHpct7PE2N+p/BlihXUuUqReXqa4KSjtmKuj
l5Q2VJUyUUwyNlZWash8wAY+NmRqpF681sMJCol1v3LQ3F5JUije2rayw//2tdYW
HGBYAZEzU/FXZEQyfS6507lyjjiGLWmiwYSGvpvEyr5dg1rJCDNr4P4KH9qbUYLS
4LVpbh8FcsGlnopyjlW9z791upwHUpyyJD2+GTda3zBCTIlTwII7+NJ3L5jpYL//
JDXAigt1H09vb2ZYcfjm/P2gqd6yIP9PZDeBjetgQ2Z+pD8/1BrzG/OUd1glxNXU
kElHUMvJQxv5jm6XKPldcoBN2CQqwm9NOxiQsx/DyEyhAEpL78+sg1hZ+oPUrj4j
I/vX9CGE30mWCEwU6PQqkYS8urN+bvVVFYFO8jM+xYeJZTjwvnjPJkgp89+poGzp
ZeRPYyY9+OxMMJJke3aSvrU5wXXpePvz29/KXzAuOTsLavkeL1RQkW7NPtHWtCYk
qKICivi10AqLY2Ye2PScnUdAdgJ6spye/b2hju1Hzrz3oeUlxBd5ME2v90QsvbVq
CW0Pxt5DlSX9Ir8=
=8FZ1
-END PGP SIGNATURE-
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.0 +0200
+++ xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.0 +0100
@@ -1,3 +1,10 @@
+xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
+
+  * Fix CVE-2017-16927. (Closes: #882463)
+  * Fix high CPU load on ssl_tls_accept. (Closes: #884453)
+
+ -- Dominik George   Fri, 15 Dec 2017 19:28:28 +0100
+
 xrdp (0.9.1-9+deb9u1) stretch; urgency=medium
 
   * Fix high CPU load on SSL shutdown. (Closes: #876976)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch 
xrdp-0.9.1/debian/patches/cve-2017-16927.patch
--- xrdp-0.9.1/debian/patches/cve-2017-16927.patch  1970-01-01 
01:00:00.0 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch  2017-12-15 
19:28:28.0 +0100
@@ -0,0 +1,137 @@
+From: Idan Freiberg
+Subject: sesman: scpv0, accept variable length data fields
+Origin: 
https://github.com/neutrinolabs/xrdp/commit/ebd0510a7d4dab906b6e01570205dfa530d1f7bf.diff
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
+--- a/sesman/libscp/libscp_v0.c
 b/sesman/libscp/libscp_v0.c
+@@ -157,7 +157,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ struct SCP_SESSION *session = 0;
+ tui16 sz;
+ tui32 code = 0;
+-char buf[257];
++char *buf = 0;
+ 
+ if (!skipVchk)
+ {
+@@ -222,27 +222,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ 
+ /* reading username */
+ in_uint16_be(c->in_s, sz);
+-buf[sz] = '\0';
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++buf[sz] = '\0';
+ if (0 != scp_session_set_username(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error 
setting username", __LINE__);
++g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++g_free(buf);
+ 
+ /* reading password */
+ in_uint16_be(c->in_s, sz);
+-buf[sz] = '\0';
++buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++buf[sz] = '\0';
+ if (0 != scp_session_set_password(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error 
setting password", __LINE__);
++g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++g_free(buf);
+ 
+ /* width */
+ in_uint16_be(c->in_s, 

Bug#883959: marked as done (stretch-pu: package cappuccino/0.5.1-6+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883959,
regarding stretch-pu: package cappuccino/0.5.1-6+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883959
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the missing dependency on gir1.2-gtk-3.0, #879848, by
rebuilding the package from sid. This also adds a 
  /usr/games/cappuccino -> ../bin/cappuccino
symlink.


Andreas
diff -u cappuccino-0.5.1/debian/changelog cappuccino-0.5.1/debian/changelog
--- cappuccino-0.5.1/debian/changelog
+++ cappuccino-0.5.1/debian/changelog
@@ -1,3 +1,24 @@
+cappuccino (0.5.1-8~deb9u1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * rebuild for stretch.
+
+ -- Andreas Beckmann   Sat, 09 Dec 2017 20:38:28 +0100
+
+cappuccino (0.5.1-8) unstable; urgency=medium
+
+  * Fixes broken symlink in /usr/games. Closes: #880714
+- Thanks to Chris Lamb.
+
+ -- Breno Leitao   Mon, 06 Nov 2017 14:25:01 -0500
+
+cappuccino (0.5.1-7) unstable; urgency=medium
+
+  * Adding gir1.2-gtk-3.0 as a dependency. Closes: #879848
+  * Adding a link to /usr/games/cappuccino
+
+ -- Breno Leitao   Fri, 03 Nov 2017 07:52:46 -0400
+
 cappuccino (0.5.1-6) unstable; urgency=medium
 
   * Fix python dependency, moving the debian/rules file to
diff -u cappuccino-0.5.1/debian/control cappuccino-0.5.1/debian/control
--- cappuccino-0.5.1/debian/control
+++ cappuccino-0.5.1/debian/control
@@ -3,12 +3,12 @@
 Priority: optional
 Homepage: https://labs.truelite.it/projects/cappuccino
 Maintainer: Breno Leitao 
-Standards-Version: 3.7.2
+Standards-Version: 4.1.0
 Build-Depends: debhelper (>> 5.0.0), python3, python3-gi, polygen
 
 Package: cappuccino
 Architecture: all
-Depends: python3, python3-gi, polygen, ${misc:Depends}
+Depends: python3, python3-gi, polygen, ${misc:Depends},  gir1.2-gtk-3.0
 Description: utility to let your boss think that you're working hard
  Run this software on your computer when you are not motivated to work, and
  enjoy doing something different. If your boss come in your cubicle, he'll
diff -u cappuccino-0.5.1/debian/rules cappuccino-0.5.1/debian/rules
--- cappuccino-0.5.1/debian/rules
+++ cappuccino-0.5.1/debian/rules
@@ -44,6 +44,10 @@
polygen -seed 0 
$(CURDIR)/debian/cappuccino/usr/share/cappuccino/cappuccino.grm > /dev/null
polygen -seed 0 
$(CURDIR)/debian/cappuccino/usr/share/cappuccino/compileline.grm > /dev/null
 
+   # As it is considered a game, put a link at /usr/games
+   mkdir $(CURDIR)/debian/cappuccino/usr/games
+   ln -s /usr/bin/cappuccino 
$(CURDIR)/debian/cappuccino/usr/games/cappuccino
+
 # Build architecture-independent files here.
 binary-indep: build install
dh_testdir
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882827: marked as done (stretch-pu: package python-mimeparse/0.1.4-3.1~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882827,
regarding stretch-pu: package python-mimeparse/0.1.4-3.1~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882827
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the python3 dependencies. #867439

$ debdiff python3-mimeparse_0.1.4-3_all.deb 
python3-mimeparse_0.1.4-3.1~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

{+Depends: python3:any (>= 3.3.2-2~)+}
Installed-Size: [-24-] {+25+}
Version: [-0.1.4-3-] {+0.1.4-3.1~deb9u1+}


Andreas
diff -Nru python-mimeparse-0.1.4/debian/changelog 
python-mimeparse-0.1.4/debian/changelog
--- python-mimeparse-0.1.4/debian/changelog 2016-12-26 20:13:35.0 
+0100
+++ python-mimeparse-0.1.4/debian/changelog 2017-11-27 03:55:15.0 
+0100
@@ -1,3 +1,17 @@
+python-mimeparse (0.1.4-3.1~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 03:55:15 +0100
+
+python-mimeparse (0.1.4-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix the python3-mimeparse dependencies. (Closes: #867439)
+
+ -- Adrian Bunk   Tue, 17 Oct 2017 09:49:45 +0300
+
 python-mimeparse (0.1.4-3) unstable; urgency=medium
 
   [ Mathias Ertl ]
diff -Nru python-mimeparse-0.1.4/debian/control 
python-mimeparse-0.1.4/debian/control
--- python-mimeparse-0.1.4/debian/control   2016-12-26 20:13:35.0 
+0100
+++ python-mimeparse-0.1.4/debian/control   2017-10-17 08:49:28.0 
+0200
@@ -25,7 +25,7 @@
 
 Package: python3-mimeparse
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: Parse mime-types and quality parameters - python 3.x
  This module provides basic functions for parsing mime-type names and
  matching them against a list of media-ranges.
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882826: marked as done (stretch-pu: package python-hacking/0.11.0-2.1~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882826,
regarding stretch-pu: package python-hacking/0.11.0-2.1~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882826: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882826
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the python3 dependencies. #867431

$ debdiff python3-hacking_0.11.0-2_all.deb 
python3-hacking_0.11.0-2.1~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: [-pyflakes,-] {+pyflakes3,+} python3-flake8 (>= 3.0.0), python3-pbr 
(>= 1.8), python3-pep8 (>= 1.5.7), python3-six (>= [-1.9.0)-] {+1.9.0), flake8, 
python3-mccabe, python3-pycodestyle, python3-pyflakes, python3:any (>= 
3.3.2-2~)+}
Version: [-0.11.0-2-] {+0.11.0-2.1~deb9u1+}


Andreas
diff -Nru python-hacking-0.11.0/debian/changelog 
python-hacking-0.11.0/debian/changelog
--- python-hacking-0.11.0/debian/changelog  2016-10-04 13:21:49.0 
+0200
+++ python-hacking-0.11.0/debian/changelog  2017-11-27 03:27:47.0 
+0100
@@ -1,3 +1,17 @@
+python-hacking (0.11.0-2.1~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 03:27:47 +0100
+
+python-hacking (0.11.0-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix the python3-hacking dependencies. (Closes: #867431)
+
+ -- Adrian Bunk   Tue, 17 Oct 2017 09:38:55 +0300
+
 python-hacking (0.11.0-2) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru python-hacking-0.11.0/debian/control 
python-hacking-0.11.0/debian/control
--- python-hacking-0.11.0/debian/control2016-10-04 13:21:49.0 
+0200
+++ python-hacking-0.11.0/debian/control2017-10-17 08:38:53.0 
+0200
@@ -55,13 +55,13 @@
 
 Package: python3-hacking
 Architecture: all
-Depends: pyflakes,
+Depends: pyflakes3,
  python3-flake8 (>= 3.0.0),
  python3-pbr (>= 1.8),
  python3-pep8 (>= 1.5.7),
  python3-six (>= 1.9.0),
  ${misc:Depends},
- ${python:Depends},
+ ${python3:Depends},
 Recommends: ${python3:Recommends},
 Description: Flake8 OpenStack Hacking Guidelines Enforcement plugins - Python 
3.x
  Hacking is a set of flake8 plugins that test and enforce the OpenStack Style
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#884451: marked as done (stretch-pu: package libvhdi/20160424-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #884451,
regarding stretch-pu: package libvhdi/20160424-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

please consider allowing an update to the libvhi package in stretch. It
fixes missing Python3 dependencies (RC bug #867409).

Cheers,
-Hilko
diff -Nru libvhdi-20160424/debian/changelog libvhdi-20160424/debian/changelog
--- libvhdi-20160424/debian/changelog	2016-04-25 19:25:17.0 +0200
+++ libvhdi-20160424/debian/changelog	2017-12-12 10:31:06.0 +0100
@@ -1,3 +1,10 @@
+libvhdi (20160424-1+deb9u1) stretch; urgency=medium
+
+  * Add mising Python3 dependency, thanks to Adrian Bunk, Scott Kitterman
+(Closes: #867409, #867610)
+
+ -- Hilko Bengen   Tue, 12 Dec 2017 10:31:06 +0100
+
 libvhdi (20160424-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru libvhdi-20160424/debian/control libvhdi-20160424/debian/control
--- libvhdi-20160424/debian/control	2016-04-25 19:25:17.0 +0200
+++ libvhdi-20160424/debian/control	2017-12-12 10:30:52.0 +0100
@@ -68,7 +68,7 @@
 Package: python3-libvhdi
 Section: python
 Architecture: any
-Depends: libvhdi1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}
+Depends: libvhdi1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}
 Description: Virtual Hard Disk image format access library -- Python 3 bindings
  libvhdi is a library to access the Virtual Hard Disk (VHD) image format.
  .
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#883963: marked as done (stretch-pu: package xchain/1.0.1-9~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883963,
regarding stretch-pu: package xchain/1.0.1-9~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883963
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the dependency problem of xchain in stretch, too. #878090
It calls /usr/bin/wish, therefore it needs to depend on wish and not
tk8.5 (which no longer provides the generic wish binary, that's tk8.6
realm now).

The Standards-Version and Priority bump are metadata only changes.


Andreas
diff -Nru xchain-1.0.1/debian/changelog xchain-1.0.1/debian/changelog
--- xchain-1.0.1/debian/changelog   2017-01-15 23:25:46.0 +0100
+++ xchain-1.0.1/debian/changelog   2017-12-09 21:02:31.0 +0100
@@ -1,3 +1,25 @@
+xchain (1.0.1-9~deb9u1) stretch; urgency=medium
+
+  * QA upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Sat, 09 Dec 2017 21:02:31 +0100
+
+xchain (1.0.1-9) unstable; urgency=medium
+
+  * QA upload.
+  * Revert path change, depend on "wish" only. Re-closes: #878090
+
+ -- Adam Borowski   Thu, 12 Oct 2017 20:12:24 +0200
+
+xchain (1.0.1-8) unstable; urgency=medium
+
+  * QA upload.
+  * Update path to wish (it's /usr/bin/wish8.5 now). Closes: #878090
+  * Priority optional.
+
+ -- Adam Borowski   Thu, 12 Oct 2017 09:14:07 +0200
+
 xchain (1.0.1-7) unstable; urgency=medium
 
   * QA upload.
diff -Nru xchain-1.0.1/debian/control xchain-1.0.1/debian/control
--- xchain-1.0.1/debian/control 2017-01-15 23:25:46.0 +0100
+++ xchain-1.0.1/debian/control 2017-10-12 20:12:19.0 +0200
@@ -1,15 +1,15 @@
 Source: xchain
 Section: games
-Priority: extra
+Priority: optional
 Maintainer: Debian QA Group 
-Standards-Version: 3.9.8
+Standards-Version: 4.1.1
 Build-Depends: debhelper (>= 10)
 Vcs-Browser: https://anonscm.debian.org/git/collab-maint/xchain.git
 Vcs-Git: https://anonscm.debian.org/git/collab-maint/xchain.git
 
 Package: xchain
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, tk8.5 | wish
+Depends: ${shlibs:Depends}, ${misc:Depends}, wish
 Description: strategy game for 2-4 players
  Chain Reaction is a classic strategy game for 2-4 players. Players take turns
  to place tokens on an 8x8 board. When a square exceeds its maximum value, it
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#883124: marked as done (stretch-pu: package golang-github-go-ldap-ldap/2.4.1-1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883124,
regarding stretch-pu: package golang-github-go-ldap-ldap/2.4.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883124
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear stable release managers,

I've prepared a fix for CVE-2017-14623, Debian BTS #876404. The security
team does not intend to publish a DSA for this minor issue, so I'm
asking here if you would accept an upload for stable-proposed-updates.

The source debdiff is attached. Please tell me if I should upload the
package or if you need further changes.

Regards,
Tobias
diff -Nru golang-github-go-ldap-ldap-2.4.1/debian/changelog golang-github-go-ldap-ldap-2.4.1/debian/changelog
--- golang-github-go-ldap-ldap-2.4.1/debian/changelog	2016-08-16 18:19:35.0 +0200
+++ golang-github-go-ldap-ldap-2.4.1/debian/changelog	2017-11-29 23:45:26.0 +0100
@@ -1,3 +1,17 @@
+golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium
+
+  * Team upload.
+  * Require explicit intention for empty password.
+This is normally used for unauthenticated bind, and
+https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
+"Clients SHOULD disallow an empty password input to a Name/Password
+Authentication user interface"
+This is (mostly) a cherry-pick of 95ede12 from upstream, except
+the bit in ldap_test.go, which is unrelated to the security issue.
+This fixes CVE-2017-14623. (Closes: #876404)
+
+ -- Dr. Tobias Quathamer   Wed, 29 Nov 2017 23:45:26 +0100
+
 golang-github-go-ldap-ldap (2.4.1-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru golang-github-go-ldap-ldap-2.4.1/debian/patches/0002-Require-explicit-intention-for-empty-password.patch golang-github-go-ldap-ldap-2.4.1/debian/patches/0002-Require-explicit-intention-for-empty-password.patch
--- golang-github-go-ldap-ldap-2.4.1/debian/patches/0002-Require-explicit-intention-for-empty-password.patch	1970-01-01 01:00:00.0 +0100
+++ golang-github-go-ldap-ldap-2.4.1/debian/patches/0002-Require-explicit-intention-for-empty-password.patch	2017-11-29 23:02:18.0 +0100
@@ -0,0 +1,170 @@
+From: "Dr. Tobias Quathamer" 
+Date: Wed, 29 Nov 2017 14:34:16 +0100
+Subject: Require explicit intention for empty password.
+
+This is normally used for unauthenticated bind, and
+https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
+
+> Clients SHOULD disallow an empty password input to a Name/Password
+> Authentication user interface
+
+This is (mostly) a cherry-pick of 95ede12 from upstream. I've removed
+the bit in ldap_test.go, which is unrelated to the security issue.
+
+This fixes CVE-2017-14623.
+
+https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
+---
+ bind.go  | 80 
+ error.go |  9 +++
+ ldap_test.go | 64 +++-
+ 3 files changed, 77 insertions(+), 76 deletions(-)
+
+diff --git a/bind.go b/bind.go
+index 26b3cc7..432efa7 100644
+--- a/bind.go
 b/bind.go
+@@ -7,7 +7,7 @@ package ldap
+ import (
+ 	"errors"
+ 
+-	"gopkg.in/asn1-ber.v1"
++	ber "gopkg.in/asn1-ber.v1"
+ )
+ 
+ // SimpleBindRequest represents a username/password bind operation
+@@ -18,6 +18,9 @@ type SimpleBindRequest struct {
+ 	Password string
+ 	// Controls are optional controls to send with the bind request
+ 	Controls []Control
++	// AllowEmptyPassword sets whether the client allows binding with an empty password
++	// (normally used for unauthenticated bind).
++	AllowEmptyPassword bool
+ }
+ 
+ // SimpleBindResult contains the response from the server
+@@ -28,9 +31,10 @@ type SimpleBindResult struct {
+ // NewSimpleBindRequest returns a bind request
+ func NewSimpleBindRequest(username string, password string, controls []Control) *SimpleBindRequest {
+ 	return {
+-		Username: username,
+-		Password: password,
+-		Controls: controls,
++		Username:   username,
++		Password:   password,
++		Controls:   controls,
++		AllowEmptyPassword: false,
+ 	}
+ }
+ 
+@@ -47,6 +51,10 @@ func (bindRequest *SimpleBindRequest) encode() *ber.Packet {
+ 
+ // SimpleBind 

Bug#883483: marked as done (stretch-pu: package flatpak/0.8.8-0+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883483,
regarding stretch-pu: package flatpak/0.8.8-0+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

The upstream maintainer of Flatpak has made a 0.8.8 release, which
collects the patches we apply to 0.8.7 in stretch, together with some
more fixes backported from the 0.10.x branch. I would like to update
stretch to this release.

Because we already apply a bunch of patches, the attached diff was made
by unpacking the 0.8.7 and 0.8.8 packages, comparing the two patched
trees, and ignoring the actual patches (together with Autotools noise,
documentation noise and translation updates):

dpkg-source -x flatpak_0.8.7-2~deb9u1.dsc
dpkg-source -x flatpak_0.8.8-0+deb9u1.dsc
diff -Nru flatpak-0.8.7 flatpak-0.8.8 | \
filterdiff -p1 --exclude=.pc/\* --exclude=debian/patches/0.8.8/\* \
--exclude=po/\*.po --exclude=po/\*.pot --exclude=py-compile \
--exclude=INSTALL --exclude=gtk-doc.make --exclude=Makefile.in \
--exclude=doc/reference/Makefile.in --exclude=doc/reference/html/\*.html \
--exclude configure | \
pee diffstat sponge > flatpak_0.8.8-0+deb9u1.diff

Full source debdiff without those filters available here:
https://people.debian.org/~smcv/flatpak_0.8.8-0+deb9u1_full.diff.gz

Annotated changelog below. As usual, please let me know if there is
anything that I should query or get reverted. Debian is the main consumer
of the 0.8.x branch, so if it isn't useful to us, it isn't useful.

Thanks,
smcv



> Add compatibility with ostree ≥ 2017.7 (in Debian, the same
> changes were already in 0.8.7-2)
>
> d/p/0.8.8/: Drop patches that added compatibility with
> ostree ≥ 2017.7, no longer necessary

(debian/patches/series is the only sign of this in the diff)

No practical effect.

> Security: Do not allow legacy eavesdropping on the D-Bus
> session bus (Closes: #880451)

(dbus-proxy/flatpak-proxy.c lines >= 1358)

Sandboxed applications with filtered/proxied access to the D-Bus session
bus could have used this to spy on other applications. Florian Weimer
has indicated that the security team do not consider this DSA-worthy.

> Ensure that LD_LIBRARY_PATH is in the correct order, respecting
> extensions' priorities
> Ensure that extensions are mounted in the correct order even if
> they have differing priorities, fixing Steam

(common/flatpak-run.c, lines < 2500)

Extensions are a way to provide extra "plugins" for an app or runtime.
One of the things they can do is to prepend library directories (for
example the proprietary NVIDIA graphics driver or a newer version of
Mesa) to LD_LIBRARY_PATH, with a concept of priority to determine which
extension "wins". In some cases they were applied in the wrong order,
causing an unintended library to be used.

> Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
> environment given to sandboxed apps

(common/flatpak-run.c @@ -2894,6 +2936,13 @@)

Host-side search paths are rarely right for the sandboxed app,
because they contain entries that have a different meaning inside the
sandbox. Flatpak now scrubs a few more of these from the environment.

> Give each app a persistent cache directory for fontconfig

(common/flatpak-run.c lines >= 3000)

Apps with different runtimes or options might see different fonts, so
they would do the wrong thing if they shared a cache. We need to write
each app's font cache to a different place.

> Make /usr/share/icons available in the sandbox so that sandboxed
> apps can use the host's icon theme

(common/flatpak-run.c lines >= 3000)

If the user has chosen a non-standard theme that isn't present in the
container runtime, we want their chosen icon style to show up.

> Disable debug-level FUSE logging for the document portal

(document-portal/xdp-fuse.c)

This was presumably left over from debugging some issue. It shouldn't
have been enabled in production unless specifically requested.

> Make the * wildcard at the end of a D-Bus filtering rule match
> zero or more components, so --talk="com.example.Foo.*" behaves
> the same as D-Bus' arg0namespace="com.example.Foo". Previously,
> it would only match exactly one component. This matches a proposed
> design for 

Bug#883952: marked as done (stretch-pu: package activity-log-manager/0.8.0-1.2~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883952,
regarding stretch-pu: package activity-log-manager/0.8.0-1.2~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the missing dependency on python-zeitgeist, #881438, by
rebuilding the corresponding fixed package from sid.


Andreas
diff -Nru activity-log-manager-0.8.0/debian/changelog 
activity-log-manager-0.8.0/debian/changelog
--- activity-log-manager-0.8.0/debian/changelog 2015-08-18 17:28:36.0 
+0200
+++ activity-log-manager-0.8.0/debian/changelog 2017-12-09 20:04:56.0 
+0100
@@ -1,3 +1,17 @@
+activity-log-manager (0.8.0-1.2~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Sat, 09 Dec 2017 20:04:56 +0100
+
+activity-log-manager (0.8.0-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add dependency against python-zeitgeist (Closes: #881438)
+
+ -- Laurent Bigonville   Sun, 12 Nov 2017 18:05:38 +0100
+
 activity-log-manager (0.8.0-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru activity-log-manager-0.8.0/debian/control 
activity-log-manager-0.8.0/debian/control
--- activity-log-manager-0.8.0/debian/control   2015-08-18 17:30:06.0 
+0200
+++ activity-log-manager-0.8.0/debian/control   2017-11-12 18:04:24.0 
+0100
@@ -17,7 +17,8 @@
  python,
  zeitgeist-core (>= 0.7~) | zeitgeist (>= 0.7~),
  python-gtk2,
- python-cairo
+ python-cairo,
+ python-zeitgeist
 Description: blacklist configuration user interface for Zeitgeist
  Zeitgeist is a service which logs the user's activities and events (files
  opened, websites visited, conversations held with other people, etc.) and
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#883066: marked as done (stretch-pu: package waagent/2.2.18-3~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #883066,
regarding stretch-pu: package waagent/2.2.18-3~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
883066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

The Azure agent provides the provisioning part of the Microsoft Azure
platform.  It is necessary to tell the platform about the state of the
systems.  Therefor it is part of the "hardware" support for the Azure
platform.

This updates includes both upstream fixes for sudoer handling, Azure
Stack handling and some Debian fixes for state directory permissions.

The diff still lacks the changelog entry for the above mentioned
version, as no further changes are scheduled and this will be a straight
rebuild for Stretch.

Please accept the updated waagent package into Stretch.

diff --git a/debian/.git-dpm b/debian/.git-dpm
index 38f3e41..c773850 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,8 +1,8 @@
 # see git-dpm(1) from git-dpm package
-687c1cdd6c70d793d393d80a0406d508259d3b54
-687c1cdd6c70d793d393d80a0406d508259d3b54
-eb1e5132bbec8389a1f4df5fb78022e189c69d41
-eb1e5132bbec8389a1f4df5fb78022e189c69d41
-waagent_2.2.14.orig.tar.xz
-b9147e9fd388e3491dea41e09aac98dc9316e5d4
-627124
+d59c00022f4c7d2987a832992c710dd2087e1fec
+d59c00022f4c7d2987a832992c710dd2087e1fec
+ae7855acb37a6964ac53e78f46103d5684983d33
+ae7855acb37a6964ac53e78f46103d5684983d33
+waagent_2.2.18.orig.tar.xz
+e11edff700ee8c6a0d019ce41f92f356da7ada86
+690928
diff --git a/debian/changelog b/debian/changelog
index b8169c3..56bfecc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,21 @@
-waagent (2.2.14-1~deb9u1) stretch; urgency=medium
+waagent (2.2.18-3) unstable; urgency=medium
 
-  * Upload to stretch.
+  * Move udev rules to /lib/udev. (closes: #856065)
+  * Set priority to optional.
 
- -- Bastian Blank   Wed, 27 Sep 2017 09:34:43 +0200
+ -- Bastian Blank   Mon, 27 Nov 2017 09:07:13 +0100
+
+waagent (2.2.18-2) unstable; urgency=medium
+
+  * Create /var/lib/waagent with mode 0700. (closes: #878951)
+
+ -- Bastian Blank   Tue, 21 Nov 2017 09:28:39 +0100
+
+waagent (2.2.18-1) unstable; urgency=medium
+
+  * New upstream version.
+
+ -- Bastian Blank   Wed, 04 Oct 2017 11:51:29 +0200
 
 waagent (2.2.14-1) unstable; urgency=medium
 
diff --git a/debian/control b/debian/control
index 8e74178..1ca8ae2 100644
--- a/debian/control
+++ b/debian/control
@@ -1,6 +1,6 @@
 Source: waagent
 Section: admin
-Priority: extra
+Priority: optional
 Maintainer: Bastian Blank 
 Build-Depends:
  debhelper (>= 9),
diff --git a/debian/patches/agent-command-provision.patch 
b/debian/patches/agent-command-provision.patch
index 66d5d8c..cdd77bc 100644
--- a/debian/patches/agent-command-provision.patch
+++ b/debian/patches/agent-command-provision.patch
@@ -1,4 +1,4 @@
-From 454a3e0b07b420c0f6015fb41028f572456c20ff Mon Sep 17 00:00:00 2001
+From ab767bf1620144df2372dd957c59b01f3ac8e30c Mon Sep 17 00:00:00 2001
 From: Bastian Blank 
 Date: Wed, 4 Jan 2017 18:05:59 +0100
 Subject: Add provision command to agent
@@ -9,10 +9,10 @@ Patch-Name: agent-command-provision.patch
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/azurelinuxagent/agent.py b/azurelinuxagent/agent.py
-index d1ac354..454cc86 100644
+index e99f7be..6144401 100644
 --- a/azurelinuxagent/agent.py
 +++ b/azurelinuxagent/agent.py
-@@ -172,6 +172,8 @@ def parse_args(sys_args):
+@@ -191,6 +191,8 @@ def parse_args(sys_args):
  cmd = "deprovision+user"
  elif re.match("^([-/]*)deprovision", a):
  cmd = "deprovision"
@@ -21,7 +21,7 @@ index d1ac354..454cc86 100644
  elif re.match("^([-/]*)daemon", a):
  cmd = "daemon"
  elif re.match("^([-/]*)start", a):
-@@ -212,7 +214,7 @@ def usage():
+@@ -233,7 +235,7 @@ def usage():
  print("")
  print((("usage: {0} [-verbose] [-force] [-help] "
 "-configuration-path:"
diff --git a/debian/patches/agent-command-resourcedisk.patch 
b/debian/patches/agent-command-resourcedisk.patch
index 879ced4..3f791e5 100644
--- 

Bug#882815: marked as done (stretch-pu: package exam/0.10.5-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882815,
regarding stretch-pu: package exam/0.10.5-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Fixing up the python dependencies.

The debdiff is a bit noisy due to the renaming of the patches ...
but therefore it's just a rebuild of the package from sid.

$ debdiff python3-exam_0.10.5-1_all.deb python3-exam_0.10.5-2~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: [-python-mock-] {+python3-mock, python3:any (>= 3.3.2-2~)+}
Version: [-0.10.5-1-] {+0.10.5-2~deb9u1+}

$ debdiff python-exam_0.10.5-1_all.deb python-exam_0.10.5-2~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Version: [-0.10.5-1-] {+0.10.5-2~deb9u1+}


Andreas
diff -Nru exam-0.10.5/debian/changelog exam-0.10.5/debian/changelog
--- exam-0.10.5/debian/changelog2016-06-14 19:54:12.0 +0200
+++ exam-0.10.5/debian/changelog2017-11-27 01:27:32.0 +0100
@@ -1,3 +1,23 @@
+exam (0.10.5-2~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 01:27:32 +0100
+
+exam (0.10.5-2) unstable; urgency=medium
+
+  * Team upload.
+  * Create DPMT git repository and refresh patches using gbp pq
+  * Correct Vcs-* fields in debian/control to point to the correct package
+name
+  * Use correct substitution varial for python3-exam so python3 interpreter
+depends are correctly generated (Closes: #867404)
+  * Let dh_python determine the mock depends (corrects issue where python-
+exam incorrectly depended on python-mock instead of python3-mock)
+
+ -- Scott Kitterman   Fri, 07 Jul 2017 23:47:09 -0400
+
 exam (0.10.5-1) unstable; urgency=low
 
   * Initial release. (Closes: #825822)
diff -Nru exam-0.10.5/debian/control exam-0.10.5/debian/control
--- exam-0.10.5/debian/control  2016-06-14 19:54:12.0 +0200
+++ exam-0.10.5/debian/control  2017-07-08 05:47:06.0 +0200
@@ -21,12 +21,12 @@
 X-Python-Version: >= 2.6
 X-Python3-Version: >= 3.2
 Homepage: https://github.com/fluxx/exam
-Vcs-Git: https://anonscm.debian.org/git/python-modules/packages/python-exam.git
-Vcs-Browser: 
https://anonscm.debian.org/cgit/python-modules/packages/python-exam.git
+Vcs-Git: https://anonscm.debian.org/git/python-modules/packages/exam.git
+Vcs-Browser: https://anonscm.debian.org/cgit/python-modules/packages/exam.git
 
 Package: python-exam
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}, python-mock
+Depends: ${misc:Depends}, ${python:Depends}
 Description: Python module to help write better tests
  Exam is a Python toolkit for writing better tests.  It aims to remove
  a lot of the boiler plate testing code one often writes, while still
@@ -59,7 +59,7 @@
 
 Package: python3-exam
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}, python-mock
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: Python module to help write better tests
  Exam is a Python toolkit for writing better tests.  It aims to remove
  a lot of the boiler plate testing code one often writes, while still
diff -Nru exam-0.10.5/debian/gbp.conf exam-0.10.5/debian/gbp.conf
--- exam-0.10.5/debian/gbp.conf 1970-01-01 01:00:00.0 +0100
+++ exam-0.10.5/debian/gbp.conf 2017-07-08 05:40:25.0 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch=debian/master
+
diff -Nru 
exam-0.10.5/debian/patches/0001-Upstream-7c3f150a38076b48717cf08567c3e4809bf22a3d.patch
 
exam-0.10.5/debian/patches/0001-Upstream-7c3f150a38076b48717cf08567c3e4809bf22a3d.patch
--- 
exam-0.10.5/debian/patches/0001-Upstream-7c3f150a38076b48717cf08567c3e4809bf22a3d.patch
 1970-01-01 01:00:00.0 +0100
+++ 
exam-0.10.5/debian/patches/0001-Upstream-7c3f150a38076b48717cf08567c3e4809bf22a3d.patch
 2017-07-08 05:39:14.0 +0200
@@ -0,0 +1,23 @@
+From: Debian Python Modules Team 
+Date: Fri, 7 Jul 2017 

Bug#882822: marked as done (stretch-pu: package python-hkdf/0.0.3-3~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882822,
regarding stretch-pu: package python-hkdf/0.0.3-3~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882822
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the python3 dependencies. #867433
(And by just rebuilding the package from sid,
we get some metadata updates as well.)

$ debdiff python3-hkdf_0.0.3-1_all.deb python3-hkdf_0.0.3-3~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

{+Depends: python3:any (>= 3.3.2-2~)+}
 {+http://tools.ietf.org/html/draft-krawczyk-hkdf-01+}
Maintainer: [-Clint Adams -] {+Debian QA Group 
+}
Version: [-0.0.3-1-] {+0.0.3-3~deb9u1+}


Andreas
diff -Nru python-hkdf-0.0.3/debian/changelog python-hkdf-0.0.3/debian/changelog
--- python-hkdf-0.0.3/debian/changelog  2016-06-04 23:06:45.0 +0200
+++ python-hkdf-0.0.3/debian/changelog  2017-11-27 02:15:39.0 +0100
@@ -1,3 +1,24 @@
+python-hkdf (0.0.3-3~deb9u1) stretch; urgency=medium
+
+  * QA upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 02:15:39 +0100
+
+python-hkdf (0.0.3-3) unstable; urgency=medium
+
+  * QA upload.
+  * Fix the python3-hkdf dependencies. (Closes: #867433)
+
+ -- Adrian Bunk   Thu, 06 Jul 2017 19:16:59 +0300
+
+python-hkdf (0.0.3-2) unstable; urgency=medium
+
+  * Add missing URL to package descriptions.  closes: #864149.
+  * Set maintainer to Debian QA Group.
+
+ -- Clint Adams   Sun, 04 Jun 2017 10:59:31 -0400
+
 python-hkdf (0.0.3-1) unstable; urgency=low
 
   * Initial release.
diff -Nru python-hkdf-0.0.3/debian/control python-hkdf-0.0.3/debian/control
--- python-hkdf-0.0.3/debian/control2016-06-04 23:21:51.0 +0200
+++ python-hkdf-0.0.3/debian/control2017-07-06 18:16:52.0 +0200
@@ -1,5 +1,5 @@
 Source: python-hkdf
-Maintainer: Clint Adams 
+Maintainer: Debian QA Group 
 Section: python
 Priority: optional
 Build-Depends: debhelper (>= 9),
@@ -18,6 +18,7 @@
 Depends: ${misc:Depends}, ${python:Depends}
 Description: HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
  This module implements the HMAC Key Derivation function, defined at
+ http://tools.ietf.org/html/draft-krawczyk-hkdf-01
  .
  There are two interfaces: a functional interface, with separate
  extract and expand functions as defined in the draft RFC, and a
@@ -25,9 +26,10 @@
 
 Package: python3-hkdf
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
  This module implements the HMAC Key Derivation function, defined at
+ http://tools.ietf.org/html/draft-krawczyk-hkdf-01
  .
  There are two interfaces: a functional interface, with separate
  extract and expand functions as defined in the draft RFC, and a
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882813: marked as done (stretch-pu: package python-pyperclip/1.5.27-3~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882813,
regarding stretch-pu: package python-pyperclip/1.5.27-3~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

python3-pyperclip misses a proper python3 dependency.

$ debdiff python3-pyperclip_1.5.27-2_all.deb 
python3-pyperclip_1.5.27-3~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: {+python3:any (>= 3.4~),+} xclip | xsel | python3-pyqt4
Version: [-1.5.27-2-] {+1.5.27-3~deb9u1+}


Andreas
diff -Nru python-pyperclip-1.5.27/debian/changelog 
python-pyperclip-1.5.27/debian/changelog
--- python-pyperclip-1.5.27/debian/changelog2016-07-01 17:47:10.0 
+0200
+++ python-pyperclip-1.5.27/debian/changelog2017-11-27 00:41:48.0 
+0100
@@ -1,3 +1,16 @@
+python-pyperclip (1.5.27-3~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 00:41:48 +0100
+
+python-pyperclip (1.5.27-3) unstable; urgency=medium
+
+  * Fix typo in Depends for python3 package (Closes: #867450)
+
+ -- Sebastien Delafond   Fri, 07 Jul 2017 10:38:02 +0200
+
 python-pyperclip (1.5.27-2) unstable; urgency=medium
 
   * Relax dependencies on python QT libraries (Closes: #816821)
diff -Nru python-pyperclip-1.5.27/debian/control 
python-pyperclip-1.5.27/debian/control
--- python-pyperclip-1.5.27/debian/control  2016-07-01 17:47:10.0 
+0200
+++ python-pyperclip-1.5.27/debian/control  2017-07-07 10:38:02.0 
+0200
@@ -20,7 +20,7 @@
 
 Package: python3-pyperclip
 Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, xclip | xsel | 
python3-pyqt4
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, xclip | xsel 
| python3-pyqt4
 Description: Cross-platform clipboard module for Python3
  This module is a cross-platform Python3 module for copy and paste clipboard
  functions. Currently only handles plaintext.
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882819: marked as done (stretch-pu: package python-spake2/0.7-3~deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882819,
regarding stretch-pu: package python-spake2/0.7-3~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the python3 dependencies. #867457

$ debdiff python3-spake2_0.7-2_all.deb python3-spake2_0.7-3~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

{+Depends: python3-hkdf, python3:any (>= 3.3.2-2~)+}
Maintainer: [-Clint Adams -] {+Debian QA Group 
+}
Version: [-0.7-2-] {+0.7-3~deb9u1+}

Andreas
diff -Nru python-spake2-0.7/debian/changelog python-spake2-0.7/debian/changelog
--- python-spake2-0.7/debian/changelog  2016-06-08 19:05:58.0 +0200
+++ python-spake2-0.7/debian/changelog  2017-11-27 01:45:57.0 +0100
@@ -1,3 +1,18 @@
+python-spake2 (0.7-3~deb9u1) stretch; urgency=medium
+
+  * QA upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 01:45:57 +0100
+
+python-spake2 (0.7-3) unstable; urgency=high
+
+  * QA upload.
+  * Set maintainer to Debian QA Group. (see #833947)
+  * Fix the python3-spake2 dependencies. (Closes: #867457)
+
+ -- Adrian Bunk   Thu, 06 Jul 2017 20:32:40 +0300
+
 python-spake2 (0.7-2) unstable; urgency=medium
 
   * Add src/spake2/six.py to debian/copyright.
diff -Nru python-spake2-0.7/debian/control python-spake2-0.7/debian/control
--- python-spake2-0.7/debian/control2016-06-05 01:34:25.0 +0200
+++ python-spake2-0.7/debian/control2017-07-06 19:32:40.0 +0200
@@ -1,5 +1,5 @@
 Source: python-spake2
-Maintainer: Clint Adams 
+Maintainer: Debian QA Group 
 Section: python
 Priority: optional
 Build-Depends: debhelper (>= 9),
@@ -40,7 +40,7 @@
 
 Package: python3-spake2
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: SPAKE2 password-authenticated key exchange (pure python)
  This library implements the SPAKE2 password-authenticated key
  exchange ("PAKE") algorithm. This allows two parties, who share a
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882773: marked as done (stretch-pu: package auto-apt-proxy/2+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882773,
regarding stretch-pu: package auto-apt-proxy/2+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882773: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882773
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

This fixes a RC bug that has been reported recently, and was just fixed
in unstable.

Diff attached

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 805de64..49a56cd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+auto-apt-proxy (2+deb9u1) stretch; urgency=medium
+
+  * Move apt configuration away on removal (Closes: #881751)
+
+ -- Antonio Terceiro   Sun, 26 Nov 2017 14:14:31 -0200
+
 auto-apt-proxy (2) unstable; urgency=medium
 
   * specify `--shell dash` to shellcheck (Closes: #834976)
diff --git a/debian/postrm b/debian/postrm
new file mode 100644
index 000..e39b370
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,25 @@
+#! /bin/sh
+
+set -e
+aptconf=/etc/apt/apt.conf.d/auto-apt-proxy.conf
+
+case "$1" in
+purge)
+rm -f "$aptconf".disabled
+;;
+
+remove|abort-install)
+if [ -f "$aptconf" ]; then
+mv "$aptconf" "$aptconf".disabled
+fi
+;;
+
+upgrade|failed-upgrade|abort-upgrade|disappear)
+;;
+
+*)
+echo "postrm called with unknown argument \`$1'" >&2
+exit 1
+esac
+
+##DEBHELPER##
diff --git a/debian/tests/control b/debian/tests/control
index 79b3cde..8f25fd8 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,6 @@
 Test-Command: clitest debian/tests/apt-cacher-ng.txt
 Depends: @, clitest, apt-cacher-ng
+
+Tests: remove
+Restrictions: needs-root
+Depends: @, clitest
diff --git a/debian/tests/remove b/debian/tests/remove
new file mode 100755
index 000..b40d4e9
--- /dev/null
+++ b/debian/tests/remove
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+exec 2>&1
+
+action="$(basename "$0")"
+
+set -x
+apt-get "$action" -qy auto-apt-proxy
+apt-get update


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882697: marked as done (stretch-pu: package apparmor/2.11.0-3+deb9u2)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882697,
regarding stretch-pu: package apparmor/2.11.0-3+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882697: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882697
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi!

this update avoids breakage for Stretch users who have enabled AppArmor and run
Linux 4.14+ (e.g. from backports once it's there), by pinning the AppArmor
feature set in the kernel to the Stretch kernel's feature set, i.e. the feature
set the AppArmor policy shipped in Stretch supports (it's not ready to deal with
new AppArmor mediation features brought in recent kernels).

We already have exactly the same thing in current testing/sid, albeit with Linux
4.13's feature set for now.

Cheers!
diff -Nru apparmor-2.11.0/debian/apparmor.install 
apparmor-2.11.0/debian/apparmor.install
--- apparmor-2.11.0/debian/apparmor.install 2017-03-28 12:23:08.0 
+0200
+++ apparmor-2.11.0/debian/apparmor.install 2017-11-25 19:01:04.0 
+0100
@@ -1,4 +1,5 @@
 debian/apport/source_apparmor.py /usr/share/apport/package-hooks/
+debian/features /etc/apparmor/
 debian/lib/apparmor/functions /lib/apparmor/
 debian/lib/apparmor/profile-load /lib/apparmor/
 etc/apparmor/parser.conf
diff -Nru apparmor-2.11.0/debian/changelog apparmor-2.11.0/debian/changelog
--- apparmor-2.11.0/debian/changelog2017-03-28 12:29:15.0 +0200
+++ apparmor-2.11.0/debian/changelog2017-11-25 19:04:05.0 +0100
@@ -1,3 +1,14 @@
+apparmor (2.11.0-3+deb9u1) stretch; urgency=medium
+
+  * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
+This ensures Stretch systems, even when running a newer kernel (e.g.
+from backports), have their AppArmor feature set pinned to the one
+supported by the AppArmor policy shipped in Stretch. Otherwise they
+would experience breakage due to new AppArmor mediation features
+introduced in recent kernels.
+
+ -- intrigeri   Sat, 25 Nov 2017 18:04:05 +
+
 apparmor (2.11.0-3) unstable; urgency=medium
 
   * Fix CVE-2017-6507: don't unload unknown profiles during package
diff -Nru apparmor-2.11.0/debian/features apparmor-2.11.0/debian/features
--- apparmor-2.11.0/debian/features 1970-01-01 01:00:00.0 +0100
+++ apparmor-2.11.0/debian/features 2017-11-25 18:55:55.0 +0100
@@ -0,0 +1,23 @@
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid 
setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw 
ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct 
sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease 
audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm 
block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks 
sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xff
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+}
diff -Nru apparmor-2.11.0/debian/patches/pin-feature-set.patch 
apparmor-2.11.0/debian/patches/pin-feature-set.patch
--- apparmor-2.11.0/debian/patches/pin-feature-set.patch1970-01-01 
01:00:00.0 +0100
+++ apparmor-2.11.0/debian/patches/pin-feature-set.patch2017-11-25 
18:59:40.0 +0100
@@ -0,0 +1,18 @@
+Description: pin the AppArmor feature set to the one shipped by the apparmor 
package
+ .
+ Let's smooth UX on kernel upgrades and allow ourselves to update the AppArmor
+ policy in a relaxed manner.
+Bug-Debian: https://bugs.debian.org/879585 
+Forwarded: not-needed
+Author: intrigeri 
+
+--- a/parser/parser.conf
 b/parser/parser.conf
+@@ -59,3 +59,7 @@
+ ## Adjust compression
+ #Optimize=compress-small
+ #Optimize=compress-fast
++
++## Pin feature set (avoid regressions when policy is lagging behind
++## the kernel)
++features-file=/etc/apparmor/features
diff -Nru apparmor-2.11.0/debian/patches/series 
apparmor-2.11.0/debian/patches/series
--- apparmor-2.11.0/debian/patches/series   2017-03-28 12:24:44.0 
+0200
+++ 

Bug#882821: marked as done (stretch-pu: package cerealizer/0.8.1-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882821,
regarding stretch-pu: package cerealizer/0.8.1-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Let's fix the python3 dependencies. #867396

There is a bit patch noise due to the maintainer switch from svn to git,
but therefore it's just a rebuild of the package from sid.

$ debdiff python3-cerealizer_0.8.1-1_all.deb 
python3-cerealizer_0.8.1-2~deb9u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

{+Depends: python3:any (>= 3.3.2-2~)+}
Installed-Size: [-72-] {+45+}
Version: [-0.8.1-1-] {+0.8.1-2~deb9u1+}


Andreas
diff -Nru cerealizer-0.8.1/debian/.git-dpm cerealizer-0.8.1/debian/.git-dpm
--- cerealizer-0.8.1/debian/.git-dpm1970-01-01 01:00:00.0 +0100
+++ cerealizer-0.8.1/debian/.git-dpm2017-07-06 19:59:17.0 +0200
@@ -0,0 +1,11 @@
+# see git-dpm(1) from git-dpm package
+2c500bf453a9238eeae70464c073e0a7c0e0dfd7
+2c500bf453a9238eeae70464c073e0a7c0e0dfd7
+c5ae87a78bb4accb78e16e01b1d9157dc1554c8f
+c5ae87a78bb4accb78e16e01b1d9157dc1554c8f
+cerealizer_0.8.1.orig.tar.bz2
+a261b97169799c90be322e5d86bb44eaac652aaf
+12520
+debianTag="debian/%e%v"
+patchedTag="patched/%e%v"
+upstreamTag="upstream/%e%u"
diff -Nru cerealizer-0.8.1/debian/changelog cerealizer-0.8.1/debian/changelog
--- cerealizer-0.8.1/debian/changelog   2013-08-15 14:51:29.0 +0200
+++ cerealizer-0.8.1/debian/changelog   2017-11-27 02:02:05.0 +0100
@@ -1,3 +1,20 @@
+cerealizer (0.8.1-2~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Mon, 27 Nov 2017 02:02:05 +0100
+
+cerealizer (0.8.1-2) unstable; urgency=medium
+
+  [ Ondřej Nový ]
+  * Fixed VCS URL (https)
+
+  [ Vincent Bernat ]
+  * Fix python3-cerealizer Depends field. Closes: #867396.
+
+ -- Vincent Bernat   Thu, 06 Jul 2017 19:59:17 +0200
+
 cerealizer (0.8.1-1) unstable; urgency=low
 
   [ Jakub Wilk ]
diff -Nru cerealizer-0.8.1/debian/control cerealizer-0.8.1/debian/control
--- cerealizer-0.8.1/debian/control 2013-08-15 14:48:38.0 +0200
+++ cerealizer-0.8.1/debian/control 2017-07-06 19:59:17.0 +0200
@@ -6,8 +6,8 @@
 Build-Depends: debhelper (>= 7.0.50~), dh-python, python-all, python3-all
 Standards-Version: 3.9.4
 Homepage: http://home.gna.org/oomadness/en/cerealizer/
-Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/cerealizer/trunk/
-Vcs-Browser: 
http://anonscm.debian.org/viewvc/python-modules/packages/cerealizer/trunk/
+Vcs-Git: https://anonscm.debian.org/git/python-modules/packages/cerealizer.git
+Vcs-Browser: 
https://anonscm.debian.org/cgit/python-modules/packages/cerealizer.git
 
 Package: python-cerealizer
 Architecture: all
@@ -23,7 +23,7 @@
 
 Package: python3-cerealizer
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends}
+Depends: ${python3:Depends}, ${misc:Depends}
 Description: secure pickle-like module for Python 3
  It support basic types (int, string, unicode, tuple, list,
  dict, set,...), old and new-style classes (you need to
diff -Nru cerealizer-0.8.1/debian/patches/no_bytecompilation.patch 
cerealizer-0.8.1/debian/patches/no_bytecompilation.patch
--- cerealizer-0.8.1/debian/patches/no_bytecompilation.patch2011-05-12 
21:04:09.0 +0200
+++ cerealizer-0.8.1/debian/patches/no_bytecompilation.patch2017-07-06 
19:59:17.0 +0200
@@ -1,6 +1,18 @@
+From 7b0f643e5e9aaef77c9485a892b93848e8777a7d Mon Sep 17 00:00:00 2001
+From: SVN-Git Migration 
+Date: Thu, 8 Oct 2015 08:37:35 -0700
+Subject: no_bytecompilation
+
 Don't do bytecompilation. This will be done by python-support.
 editobj-0.5.7.orig/setup.cfg   2006-04-27 15:27:46.666091448 +0200
-+++ editobj-0.5.7/setup.cfg2006-04-27 15:27:55.391764944 +0200
+Patch-Name: no_bytecompilation.patch
+---
+ setup.cfg | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/setup.cfg b/setup.cfg
+index beaa04f..aa96fbe 100644
+--- a/setup.cfg
 b/setup.cfg
 @@ -1,6 +1,6 @@
  

Bug#877593: marked as done (stretch-pu: package ocfs2-tools/1.8.4-4+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #877593,
regarding stretch-pu: package ocfs2-tools/1.8.4-4+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877593: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

Attached diff fixes an upgrade issue reported in #876195:
ocfs2 services are not started on boot after upgrade
because the service links are were not automatically
migrated from /etc/rcS.d to /etc/rc2.d.

Please approve upload to stretch-pu.

Thanks,
Valentin
diff --git a/debian/changelog b/debian/changelog
index 9e4381ce..04afd0ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ocfs2-tools (1.8.4-4+deb9u1) stretch; urgency=medium
+
+  * Migrate from using rcS to standard runlevels (Closes: #876195)
+
+ -- Valentin Vidic   Mon, 02 Oct 2017 22:28:27 +0200
+
 ocfs2-tools (1.8.4-4) unstable; urgency=medium
 
   * Add fix for sysfs filename (Closes: #858623)
diff --git a/debian/ocfs2-tools.postinst b/debian/ocfs2-tools.postinst
index 4c151b69..e9a2027a 100644
--- a/debian/ocfs2-tools.postinst
+++ b/debian/ocfs2-tools.postinst
@@ -48,4 +48,10 @@ EOF
 
 fi
 
+# Migrate from using rcS to standard runlevels
+if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt-nl 
"1.8.4-4+deb9u1"; then
+[ -L /etc/rcS.d/S??ocfs2 ] && update-rc.d -f ocfs2 remove >/dev/null
+[ -L /etc/rcS.d/S??o2cb  ] && update-rc.d -f o2cb  remove >/dev/null
+fi
+
 #DEBHELPER#
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#882434: marked as done (stretch-pu: package ust/2.9.0-2+deb9u1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #882434,
regarding stretch-pu: package ust/2.9.0-2+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882434: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882434
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The attached diff fixes a bug that makes the python3-lttngust package
completely broken unless the corresponding liblttng-ust-dev is also
installed.

The original python code load the library using ctypes without specifying a
soname. This fix was reported and merged upstream.

Fixed in unstable:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882366

Regards,

Michael

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru ust-2.9.0/debian/changelog ust-2.9.0/debian/changelog
--- ust-2.9.0/debian/changelog  2017-03-08 12:04:25.0 -0500
+++ ust-2.9.0/debian/changelog  2017-11-22 14:45:44.0 -0500
@@ -1,3 +1,10 @@
+ust (2.9.0-2+deb9u1) stable; urgency=medium
+
+  * [5ffa17d] Set gbp branch config
+  * [8e770e4] Fix python3-lttngust load un-versioned library (Closes: #882366)
+
+ -- Michael Jeanson   Wed, 22 Nov 2017 14:45:44 -0500
+
 ust (2.9.0-2) unstable; urgency=medium
 
   * [b8d4e77] Add missing liblttng-ust-fd.so.* (Closes: #857166)
diff -Nru ust-2.9.0/debian/gbp.conf ust-2.9.0/debian/gbp.conf
--- ust-2.9.0/debian/gbp.conf   1969-12-31 19:00:00.0 -0500
+++ ust-2.9.0/debian/gbp.conf   2017-11-22 14:44:31.0 -0500
@@ -0,0 +1,3 @@
+[DEFAULT]
+upstream-branch=upstream/2.9.0
+debian-branch=debian/stretch
diff -Nru 
ust-2.9.0/debian/patches/fix-specify-soname-in-python-lttngust-loadlibrary.patch
 
ust-2.9.0/debian/patches/fix-specify-soname-in-python-lttngust-loadlibrary.patch
--- 
ust-2.9.0/debian/patches/fix-specify-soname-in-python-lttngust-loadlibrary.patch
1969-12-31 19:00:00.0 -0500
+++ 
ust-2.9.0/debian/patches/fix-specify-soname-in-python-lttngust-loadlibrary.patch
2017-11-22 14:45:15.0 -0500
@@ -0,0 +1,30 @@
+From 00ee1adfe1e34d43494227781f6662b0a21b7c4b Mon Sep 17 00:00:00 2001
+From: Michael Jeanson 
+Date: Tue, 21 Nov 2017 11:11:15 -0500
+Subject: [PATCH] Fix: specify SONAME in python-lttngust LoadLibrary
+
+When loading the python agent library with ctypes in the python
+bindings, specify the SONAME. This will make sure we load the proper
+library in the event of a SONAME bump and the bindings will work without
+having to install the "dev" package which in most distros contains the
+non-versionned ".so".
+
+Signed-off-by: Michael Jeanson 
+Signed-off-by: Mathieu Desnoyers 
+---
+ python-lttngust/lttngust/loghandler.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python-lttngust/lttngust/loghandler.py 
b/python-lttngust/lttngust/loghandler.py
+index e82cf5c5..6f144cac 100644
+--- a/python-lttngust/lttngust/loghandler.py
 b/python-lttngust/lttngust/loghandler.py
+@@ -22,7 +22,7 @@
+ 
+ 
+ class _Handler(logging.Handler):
+-_LIB_NAME = 'liblttng-ust-python-agent.so'
++_LIB_NAME = 'liblttng-ust-python-agent.so.0'
+ 
+ def __init__(self):
+ super(self.__class__, self).__init__(level=logging.NOTSET)
diff -Nru ust-2.9.0/debian/patches/series ust-2.9.0/debian/patches/series
--- ust-2.9.0/debian/patches/series 2016-11-29 18:21:51.0 -0500
+++ ust-2.9.0/debian/patches/series 2017-11-22 14:45:15.0 -0500
@@ -1,3 +1,4 @@
 fix-incompatible-java-bytecode-format.patch
 use-python3.patch
 javah-doesnt-generate-class-files.patch
+fix-specify-soname-in-python-lttngust-loadlibrary.patch
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#877934: marked as done (stretch-pu: package cron/3.0pl1-128.1)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 10:57:46 +
with message-id <1520679466.2744.57.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.4
has caused the Debian Bug report #877934,
regarding stretch-pu: package cron/3.0pl1-128.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877934
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The version of cron currently in stretch is not properly transitioning
the system jobs to the correct SELinux context (See: #857662).

This is breaking cron for the people using SELinux on debian.

The root cause of this is a change in the SELinux policy.

The attached patch (that has been pushed to unstable) is fixing this and
is also avoiding hardcoding identifiers and detect them at runtime
instead. This is a more complete patch than the one proposed on the
original bugreport.

All the changes are only affecting the code path when SELinux is
enabled.

Regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
--- cron-3.0pl1/debian/changelog
+++ cron-3.0pl1/debian/changelog
@@ -1,3 +1,11 @@
+cron (3.0pl1-128+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Properly transition system jobs to system_cronjob_t SELinux context and
+stop relying on refpolicy specific identifiers (Closes: #857662)
+
+ -- Laurent Bigonville   Sat, 07 Oct 2017 15:38:27 +0200
+
 cron (3.0pl1-128) unstable; urgency=medium
 
   * d/cron.service: Use KillMode=process to kill only the daemon.
diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c
--- cron-3.0pl1/user.c
+++ cron-3.0pl1/user.c
@@ -47,22 +47,31 @@
 char *level = NULL;
 int i;
 
+if(getcon(_con)) {
+log_it(name, getpid(), "Can't get current context", tabname);
+return -1;
+}
+
 if (name != NULL) {
 if (getseuserbyname(name, , )) {
 log_it(name, getpid(), "getseuserbyname FAILED", tabname);
+freecon(current_con);
 return (security_getenforce() > 0);
 }
 }
 else
 {
-seuser = strdup("system_u");
+context_t temp_con = context_new(current_con);
+if (temp_con == NULL) {
+log_it(name, getpid(), "context_new FAILED", tabname);
+freecon(current_con);
+return (security_getenforce() > 0);
+}
+seuser = strdup(context_user_get(temp_con));
+context_free(temp_con);
 }
 
 *rcontext = NULL;
-if(getcon(_con)) {
-log_it(name, getpid(), "Can't get current context", tabname);
-return -1;
-}
 list_count = get_ordered_context_list_with_level(seuser, level, 
current_con, _list);
 freecon(current_con);
 free(seuser);
@@ -215,7 +224,7 @@
 if (is_selinux_enabled() > 0) {
 char *sname=uname;
 if (pw==NULL) {
-sname="system_u";
+sname=NULL;
 }
 if (get_security_context(sname, crontab_fd, 
  >scontext, tabname) != 0 ) {
--- End Message ---
--- Begin Message ---
Version: 9.4

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam--- End Message ---

Bug#892505: transition: openexr

[Emilio Pozuelo Monfort]

On 09/03/18 21:43, Matteo F. Vescovi wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> X-Debbugs-CC: pkg-phototools-de...@lists.alioth.debian.org, ma...@debian.org
> 
> Dear Release Team,
> 
> I'm filing this bug for a new transition of openexr package.
> 
> On March 8, 2018 a fixed testing-purpose package (2.2.1-2) has been
> uploaded to experimental.
> 
> So, following the auto-openexr checklist[1], here is the list of source
> packages depending on openexr and the results of the test builds
> (honoring the dependency levels as reported in the checklist, as
> relevant for the correct order):
> 
> ### Dependency level 2 ###
>  * aqsis_1.8.2-8 => OK
>  * darktable_2.4.0-1 => OK
>  * exactimage_1.0.1-1 => OK
>  * freeimage_3.17.0+ds1-5 => OK
>  * gegl_0.3.28-2 => OK
>  * imagemagick_8:6.9.9.34+dfsg-3 => OK
>  * kde-runtime_4:17.08.3-1 => OK
>  * kimageformats_5.42.0-2 => OK
>  * kio-extras_4:17.08.3-2 => OK
>  * krita_1:3.3.3+dfsg-1 => OK
>  * libvigraimpex_1.10.0+git20160211.167be93+dfsg-5 => OK
>  * luminance-hdr_2.5.1+dfsg-3 => OK
>  * mia_2.4.6-2 => OK
>  * nvidia-texture-tools_2.0.8-1+dfsg-8.1 => OK
>  * opencv_3.2.0+dfsg-4 => OK
>  * openexr-viewers_1.0.1-6 => OK
>  * openvdb_5.0.0-1 => OK
>  * povray_1:3.7.0.4-2 => OK
> 
> ### Dependency level 3 ###
>  * gmic_1.7.9+zart-4 => FTBFS (not openexr related)
>  * gst-plugins-bad1.0_1.8.3-1 => FTBFS (not openexr related)

unstable has gst-plugins-bad1.0 1.12.4-2. Did you really check with 1.8.3-1? Can
you also check the other packages that failed to build (gmic and vips)?

Cheers,
Emilio

>  * hugin_2018.0.0+dfsg-1 => OK
>  * k3d_0.8.0.6-6 => OK
>  * openimageio_1.8.9~dfsg0-1 => OK
>  * pfstools_2.1.0-3 => OK
>  * synfig_1.0.2-1 => OK
>  * vips_8.4.5-1 => FTBFS (not openexr related)
> 
> ### Dependency level 4 ###
>   blender_2.79+dfsg0-3 => OK
> 
> Thanks for your time and patience.
> 
> mfv

Processed: Re: Bug#888909: stretch-pu: package nvidia-graphics-drivers/384.111-4~deb9u1

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #888909 [release.debian.org] stretch-pu: package 
nvidia-graphics-drivers/384.111-4~deb9u1
Bug 888909 is not marked as done; doing nothing.

-- 
888909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#888909: stretch-pu: package nvidia-graphics-drivers/384.111-4~deb9u1

[Adam D. Barratt]

Control: reopen -1

On Sat, 2018-03-03 at 21:27 +, Adam D. Barratt wrote:
> On Sat, 2018-03-03 at 21:36 +0100, Andreas Beckmann wrote:
> > On 2018-03-03 11:51, Adam D. Barratt wrote:
> > > Uploaded and flagged for acceptance.

Actually, it wasn't. I can only assume that I got confused while
processing the pile of nvidia uploads. :-(

> > Thanks. Please don't forget to decruft stretch during the point
> > release
> > to remove the old packages that have been renamed and are no longer
> > built.
> > 
> 
> ftp-master's point release script usually includes a decruft run near
> the end, so that shouldn't be a problem.

In fact, that's why I spotted the problem.

The new packages mean it ended up in NEW and no-one noticed; apologies
for the confusion / inconvenience.

Regards,

Adam

Bug#892024: marked as done (RM: dolibarr -- RoM; too much work to maintain it properly in Debian)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 08:53:55 +
with message-id 
and subject line Bug#892024: Removed package(s) from stable
has caused the Debian Bug report #892024,
regarding RM: dolibarr -- RoM; too much work to maintain it properly in Debian
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
892024: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Removed from unstable and the maintainer suggested to also remove it from 
stable:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890598#20 

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

  dolibarr | 4.0.2+dfsg4-2 | source, all

--- Reason ---
RoM; too much work to maintain it properly in Debian
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 892...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/892024

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#891403: marked as done (RM: jirc -- RoQA; broken with stretch's libpoe-filter-xml-perl)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 08:53:15 +
with message-id 
and subject line Bug#891403: Removed package(s) from stable
has caused the Debian Bug report #891403,
regarding RM: jirc -- RoQA; broken with stretch's libpoe-filter-xml-perl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891403: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891403
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie stretch
User: release.debian@packages.debian.org
Usertags: rm

I confirmed the information in #800450 that jirc
works with the version of libpoe-filter-xml-perl
in wheezy (sic).

With the version of libpoe-filter-xml-perl in jessie
and stretch it fails pretty early even on --help.
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

  jirc |  1.0-1 | source, all

--- Reason ---
RoQA; broken with version of libpoe-filter-xml-perl in stretch
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/891403

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#891120: marked as done (RM: pgmodeler -- RoM; incompatible with stretch's Postgresql)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 08:52:27 +
with message-id 
and subject line Bug#891120: Removed package(s) from stable
has caused the Debian Bug report #891120,
regarding RM: pgmodeler -- RoM; incompatible with stretch's Postgresql
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891120
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

As by #891049 the pgmodeler version in stretch is incompatible with
the PostgreSQL version in stretch. (It doesn't even connect, but
outright refuses to talk to the server.)

Please remove pgmodeler from stretch.

Christoph


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

 pgmodeler |0.8.2-1 | source
 pgmodeler | 0.8.2-1+b1 | amd64, arm64, armel, armhf, i386, mips, mips64el, 
mipsel, ppc64el, s390x
pgmodeler-common |0.8.2-1 | all
pgmodeler-dbg | 0.8.2-1+b1 | amd64, arm64, armel, armhf, i386, mips, mips64el, 
mipsel, ppc64el, s390x

--- Reason ---
RoM; incompatible with version of postgresql in stretch
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/891120

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#886017: marked as done (RM: seelablet -- RoM; abandoned upstream; broken)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 08:47:20 +
with message-id 
and subject line Bug#886017: Removed package(s) from stable
has caused the Debian Bug report #886017,
regarding RM: seelablet -- RoM; abandoned upstream; broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886017
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm


abandoned upstream, and other bugs (#885875,
#885876, #885877)

---8<
Here is an exerpt of a message related to #885875:
I contacted Seelablet's author: he will not maintain this package in a
foreseeable future. On reason is that the hardware addressed by the
package seelablet is discontinued, and that he developped an new
hardware, known as expeyes17, with similar features, and which already
has received a noticeable success.

As expeyes17 is supported by the debian package eyes17, which I
maintain, I think that the bes solution would be to ask for the removal
of seelablet from debian/sid and debian/buster.

As there are less than a hundred users of Seelablet box in the world,
its author says me that he can support these users with a custom
package, while a package in debian/stretch would be less useful. So this
package may be removed from debian/stretch too.
---8<

Thank you in advance.

-- System Information:
Debian Release: buster/sid
  APT prefers stable
  APT policy: (500, 'stable'), (499, 'testing'), (400, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

python-seelablet |1.0.6-2 | all
python3-seelablet |1.0.6-2 | all
 seelablet |1.0.6-2 | source, all
seelablet-common |1.0.6-2 | all
seelablet-doc |1.0.6-2 | all

--- Reason ---
RoM: abandoned upstream; broken
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/886017

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#887412: marked as done (RM: electrum -- RoM; security issues; broken due to upstream changes)

[Debian Bug Tracking System]

Your message dated Sat, 10 Mar 2018 08:48:03 +
with message-id 
and subject line Bug#887412: Removed package(s) from stable
has caused the Debian Bug report #887412,
regarding RM: electrum -- RoM; security issues; broken due to upstream changes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
887412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887412
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Unfortunately due to protocol changes Electrum 2.7.9 (the version in stretch)
is unable to connect to the Electrum servers. Backporting the changes would
require extensive/invasive changes to the code, and this version is also
subject to a security vulnerability (#886683), so I think we should remove the
package from stable, unless including a newer upstream wholesale would be
acceptable.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_ZA.utf8, LC_CTYPE=en_ZA.utf8 (charmap=UTF-8), 
LANGUAGE=en_ZA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

  electrum |2.7.9-1 | source, all
python-electrum |2.7.9-1 | all

--- Reason ---
RoM; security issues; broken due to upstream changes
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 887...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/887412

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Archive Administrator (the ftpmaster behind the curtain)--- End Message ---

Bug#873758: stretch-pu: package memcached/1.4.33-1

[Salvatore Bonaccorso]

Hi Guillaume,

On Thu, Mar 08, 2018 at 02:10:10PM +0100, Guillaume Delacour wrote:
> Hi,
> 
> I'm sorry i haven't find a sponsor to upload the security fix for
> CVE-2017-9951 yet.  There is another fix that need to be uploaded to
> security: CVE-2018-1000115:

I'm sorry to hear that was blocked on not finding a sponsor. If you
get an ack from SRM for the updated change and you cannot do the
upload via your regular sponsors please ping me directly.

It's now to late for 9.4 but preferably we should have it updated for
the next point release.

Regards,
Salvatore