Bug#898934: Uploaded
Sorry, forgot to subscribe to the bug. libmygpo-qt uploaded. -- Antiguo proverbio del Viejo Machi: "Prefiero que mi cerebro esté en la cresta de la ola, y mi PC un paso atrás sirviéndolo y no tener mi PC en el 'estado del arte' y mi cerebro un paso atrás asistiéndola." http://www.grulic.org.ar/lurker/message/20090507.020516.ffda0441.es.html Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
Bug#899085: release.debian.org: excuses terminology: replace "Valid Candidate" with "Trying to migrate"?
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: britney In #898329, pochu had to clarify the meaning of "Valid Candidate": Just to clarify things: being a valid candidate means britney will try to migrate that package to testing. That can still fail (and fails in this case) because the package is not installable on i386 (which is a requirement). This comes up a lot in various places, I wonder if replacing "Valid Candidate" with "Trying to migrate" or similar in the excuses output would help clarify the situation for people. "Not Considered" could be replaced with "Not trying to migrate yet" for a smaller clarification. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#899064: nmu: smenu_0.9.12-1
Package: release.debian.org Severity: normal On amd64 only, the smenu package depends on libncurses5. Not the maintainer's fault, since the package is new and has been uploaded before the libncurses6 transition started. nmu smenu_0.9.12-1 . amd64 . unstable . -m "Rebuild against libncurses6."
Bug#899014: stretch-pu: package blktrace/1.1.0-2
Hi! > Please use 1.0.5-1+deb8u1 and as target distribution just 'jessie'. > Use 1.1.0-2+deb9u1 and targeting 'stretch' instead (not > stretch-security). > Fixed. New debdiffs follow: Jessie: diff -Nru blktrace-1.0.5/debian/changelog blktrace- 1.0.5/debian/changelog --- blktrace-1.0.5/debian/changelog 2013-05-05 14:43:17.0 +0200 +++ blktrace-1.0.5/debian/changelog 2018-05-18 21:02:54.0 +0200 @@ -1,3 +1,9 @@ +blktrace (1.0.5-1+deb8u1) jessie; urgency=high + + * Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695) + + -- Bas ZoetekouwFri, 18 May 2018 15:47:57 +0200 + blktrace (1.0.5-1) unstable; urgency=low * New upstream release [February 2012]. diff -Nru blktrace-1.0.5/debian/patches/cve-2018-10689.patch blktrace- 1.0.5/debian/patches/cve-2018-10689.patch --- blktrace-1.0.5/debian/patches/cve-2018-10689.patch 1970-01- 01 01:00:00.0 +0100 +++ blktrace-1.0.5/debian/patches/cve-2018-10689.patch 2018-05- 18 16:05:36.0 +0200 @@ -0,0 +1,18 @@ +Last-Update: 2018-05-16 +Forwarded: yes +Author: Jens Axboe +Description: fix CVE-2018-10689: make device/devno use PATH_MAX to avoid overflow. Patch from https://git.kernel.org/pub/scm/linux/kernel /git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaa c5b7 + +Index: blktrace-1.0.5/btt/devmap.c +=== +--- blktrace-1.0.5.orig/btt/devmap.c blktrace-1.0.5/btt/devmap.c +@@ -23,7 +23,7 @@ + + struct devmap { + struct list_head head; +- char device[32], devno[32]; ++ char device[PATH_MAX], devno[PATH_MAX]; + }; + + LIST_HEAD(all_devmaps); diff -Nru blktrace-1.0.5/debian/patches/series blktrace- 1.0.5/debian/patches/series --- blktrace-1.0.5/debian/patches/series2012-12-23 12:30:03.0 +0100 +++ blktrace-1.0.5/debian/patches/series2018-05-18 15:56:41.0 +0200 @@ -1,2 +1,3 @@ 10_btrace_paths.patch spelling.patch +cve-2018-10689.patch Stretch: diff -Nru blktrace-1.1.0/debian/changelog blktrace- 1.1.0/debian/changelog --- blktrace-1.1.0/debian/changelog 2015-05-17 14:35:07.0 +0200 +++ blktrace-1.1.0/debian/changelog 2018-05-16 16:19:54.0 +0200 @@ -1,3 +1,9 @@ +blktrace (1.1.0-2+deb9u1) stretch; urgency=high + + * Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695) + + -- Bas Zoetekouw Wed, 16 May 2018 16:19:54 +0200 + blktrace (1.1.0-2) unstable; urgency=low * Upload to unstable. diff -Nru blktrace-1.1.0/debian/patches/cve-2018-10689.patch blktrace- 1.1.0/debian/patches/cve-2018-10689.patch --- blktrace-1.1.0/debian/patches/cve-2018-10689.patch 1970-01- 01 01:00:00.0 +0100 +++ blktrace-1.1.0/debian/patches/cve-2018-10689.patch 2018-05- 16 16:19:54.0 +0200 @@ -0,0 +1,18 @@ +Last-Update: 2018-05-16 +Forwarded: yes +Author: Jens Axboe +Description: fix CVE-2018-10689: make device/devno use PATH_MAX to avoid overflow. Patch from https://git.kernel.org/pub/scm/linux/kernel /git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaa c5b7 + +diff --git a/btt/devmap.c b/btt/devmap.c +index 0553a9e..5fc1cb2 100644 +--- a/btt/devmap.c b/btt/devmap.c +@@ -23,7 +23,7 @@ + + struct devmap { + struct list_head head; +- char device[32], devno[32]; ++ char device[PATH_MAX], devno[PATH_MAX]; + }; + + LIST_HEAD(all_devmaps); diff -Nru blktrace-1.1.0/debian/patches/series blktrace- 1.1.0/debian/patches/series --- blktrace-1.1.0/debian/patches/series2015-03-25 08:40:33.0 +0100 +++ blktrace-1.1.0/debian/patches/series2018-05-16 16:19:54.0 +0200 @@ -4,3 +4,4 @@ pdf-date.patch procnum.patch spelling.patch +cve-2018-10689.patch
Processed: tagging 899050
Processing commands for cont...@bugs.debian.org: > tags 899050 + a11y Bug #899050 [release.debian.org] stretch-pu: package accerciser/3.22.0-2 Added tag(s) a11y. > thanks Stopping processing here. Please contact me if you need assistance. -- 899050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#899050: stretch-pu: package accerciser/3.22.0-2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hello, Accerciser is a debugging tool for accessibility (think of it as an accessibility inspector) The version of accerciser currently in stable is actually basically unusable due to bugs #848119 and #875629. The first prevents the python console from working, thus preventing from hardcode debugging. The second prevents from actually selecting a widget to inspect when not using a desktop compositor, thus preventing basically everything. The fixes have been tested for a long time in "testing", and are forwarded upstream. It happens that people needing accerciser are usually using the testing distribution, but it'd be still useful to have these fixed in stable. Here is the proposed cherry-pick debdiff. Samuel -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Samuel Be warned that typing \fBkillall \fIname\fP may not have the desired effect on non-Linux systems, especially when done by a privileged user. (From the killall manual page) diff -Nru accerciser-3.22.0/debian/changelog accerciser-3.22.0/debian/changelog --- accerciser-3.22.0/debian/changelog 2016-11-09 14:05:38.0 +0100 +++ accerciser-3.22.0/debian/changelog 2018-05-18 19:25:43.0 +0200 @@ -1,3 +1,13 @@ +accerciser (3.22.0-2+deb9u1) stretch; urgency=medium + + * Add patches/02_ipython5.patch to fix python console (Closes: #848119) + * Add patches/03_get_image.patch to fix accessing items without a compositor +(Closes: #875629) + * control: Add python3-xlib dependency. + * control: Add python3-xlib runtime dependency (Closes: #880735) + + -- Samuel ThibaultFri, 18 May 2018 19:25:43 +0200 + accerciser (3.22.0-2) unstable; urgency=medium * Add missing Depends on gir1.2-glib-2.0 and gir1.2-rsvg-2.0. diff -Nru accerciser-3.22.0/debian/control accerciser-3.22.0/debian/control --- accerciser-3.22.0/debian/control2016-11-09 14:05:38.0 +0100 +++ accerciser-3.22.0/debian/control2018-05-18 19:25:43.0 +0200 @@ -17,6 +17,7 @@ libgtk-3-dev (>= 3.1.13), pkg-config, python3 (>= 3.2), + python3-xlib, python-gi-dev (>= 3.4.2), python3-pyatspi2 (>= 2.5.2) X-Python3-Version: >= 3.2 @@ -39,6 +40,7 @@ gir1.2-rsvg-2.0, gir1.2-wnck-3.0, python3-cairo, + python3-xlib, python3-pyatspi (>= 2.5.2) Description: interactive Python accessibility explorer for the GNOME desktop It uses AT-SPI to inspect and control widgets, allowing you to check if diff -Nru accerciser-3.22.0/debian/control.in accerciser-3.22.0/debian/control.in --- accerciser-3.22.0/debian/control.in 2016-11-09 14:03:25.0 +0100 +++ accerciser-3.22.0/debian/control.in 2018-05-18 19:24:04.0 +0200 @@ -13,6 +13,7 @@ libgtk-3-dev (>= 3.1.13), pkg-config, python3 (>= 3.2), + python3-xlib, python-gi-dev (>= 3.4.2), python3-pyatspi2 (>= 2.5.2) X-Python3-Version: >= 3.2 @@ -35,6 +36,7 @@ gir1.2-rsvg-2.0, gir1.2-wnck-3.0, python3-cairo, + python3-xlib, python3-pyatspi (>= 2.5.2) Description: interactive Python accessibility explorer for the GNOME desktop It uses AT-SPI to inspect and control widgets, allowing you to check if diff -Nru accerciser-3.22.0/debian/patches/02_ipython5.patch accerciser-3.22.0/debian/patches/02_ipython5.patch --- accerciser-3.22.0/debian/patches/02_ipython5.patch 1970-01-01 01:00:00.0 +0100 +++ accerciser-3.22.0/debian/patches/02_ipython5.patch 2018-05-18 19:21:45.0 +0200 @@ -0,0 +1,33 @@ +diff --git a/plugins/ipython_view.py b/plugins/ipython_view.py +index 04f2d53..ae3d2be 100755 +--- a/plugins/ipython_view.py b/plugins/ipython_view.py +@@ -125,7 +125,8 @@ class IterableIPShell: + self.complete_sep = re.compile('[\s\{\}\[\]\(\)]') + self.updateNamespace({'exit':lambda:None}) + self.updateNamespace({'quit':lambda:None}) +-self.IP.readline_startup_hook(self.IP.pre_readline) ++if parse_version(IPython.release.version) < parse_version("5.0.0"): ++
Re: Your upload of goldencheetah to stretch
On Thu, May 17, 2018 at 08:10:47PM +0100, Adam D. Barratt wrote: > On Thu, 2018-05-17 at 18:23 +0100, Jonathan Wiltshire wrote: > > Hi, > > > > You uploaded goldencheetah 4.0.0~DEV1607-2+deb9u1 to proposed-updates > > but > > with a target suite of stretch-security. Was that meant to go to the > > security archive? > > It looks like this is part of DSA-4203: Aha, thanks. It confused queue-viewer and me; sorry for the noise. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#899014: stretch-pu: package blktrace/1.1.0-2
Hi Bas, Not a Release Team member, but some suggestions to change: On Fri, May 18, 2018 at 04:15:10PM +0200, Bas Zoetekouw wrote: > +blktrace (1.0.5-2) oldstable-proposed-updates; urgency=high Please use 1.0.5-1+deb8u1 and as target distribution just 'jessie'. Same for Stretch, > +blktrace (1.1.0-3) stretch-security; urgency=high Use 1.1.0-2+deb9u1 and targeting 'stretch' instead (not stretch-security). Regards, Salvatore
Bug#899030: jessie-pu: package intel-microcode/3.20180425.1~deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu This is related to s-p-u bug #899006, and the package for jessie is basically the same as the package for stretch. The differences are only in debian/changelog. I'd like to update the intel-microcode package in Debian jessie. This update adds the microcode-side fix for CVE-2017-5715 aka Spectre v2. It has been very extensibly tested, as noted in the changelog: * RELEASE MANAGER INFORMATION: This update deploys the microcode side fix for CVE-2017-5715 (Spectre v2). On the more recent processors, it also fixes other unspecified errata. This microcode update pack has been extensively tested in Debian unstable, testing, strech-backports and jessie-backports. It has been extensively deployed by other distributions to their stable branches without causing any issues, with one notable exception (a distro-specific kernel bug, already fixed by that distro). The only difference between this package and the ones that have been uploaded (and tested) in jessie-backports, stretch-backports, testing and unstable are in debian/changelog. There is no need to worry about "intel-ucode-with-caveats/06-4f-01", the "caveat" is described in releasenotes: it must be updated using the early microcode update mode. This is irrelevant to Debian, we always use early microcode update mode since jessie, and I had already blacklisted that specific microcode update from any attempts to "late load" a while ago, anyway, because of a documented erratum. Some upstream stuff is irrelevant to Debian and does not get used or shipped in the binary packages, such as the linux-kernel-patches/ directory (our kernel team already has that handled). It can also be ignored. Note that, because Intel switched from text files (".dat" format) to binary format in the upstream microcode distribution, and I use symlinks in the source package, the debdiff ended up *quite big*. The source changes required to support the binary format have been extensively tested, I already had them for a couple (unstable) releases. They are also only relevant during package build. As usual, I have removed the noise caused by the binary blob changes from upstream from the debdiff output for clarity. The abridged debdiff is attached. Full diffstat: /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode-with-caveats/06-4f-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-03-02 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-05-00 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-05-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-05-02 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-05-03 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-06-00 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-06-05 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-06-0a |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-06-0d |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-07-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-07-02 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-07-03 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-08-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-08-03 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-08-06 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-08-0a |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-09-05 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-0a-00 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-0a-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-0b-01 |binary /tmp/wAUU636cM5/intel-microcode-3.20180425.1~deb8u1/intel-ucode/06-0b-04 |binary
Processed: wrong title
Processing commands for cont...@bugs.debian.org: > retitle 899018 jessie-pu: package blktrace/1.0.5-1 Bug #899018 [release.debian.org] jessie-pu: blktrace/1.0.5-1 Changed Bug title to 'jessie-pu: package blktrace/1.0.5-1' from 'jessie-pu: blktrace/1.0.5-1'. > End of message, stopping processing here. Please contact me if you need assistance. -- 899018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899018 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#899014: stretch-pu: package blktrace/1.1.0-2
clone 899014 -1 tags 899014 = stretch tags-1 = jessie retitle -1 jessie-pu: blktrace/1.0.5-1 Let's split this for jessie en stretch
Processed (with 1 error): Re: stretch-pu: package blktrace/1.1.0-2
Processing commands for cont...@bugs.debian.org: > clone 899014 -1 Bug #899014 [release.debian.org] stretch-pu: package blktrace/1.1.0-2 Bug 899014 cloned as bug 899018 > tags 899014 = stretch Bug #899014 [release.debian.org] stretch-pu: package blktrace/1.1.0-2 Removed tag(s) jessie. > tags-1 = jessie Bug #899018 [release.debian.org] stretch-pu: package blktrace/1.1.0-2 Removed tag(s) stretch. > retitle -1 jessie-pu: blktrace/1.0.5-1 Bug #899018 [release.debian.org] stretch-pu: package blktrace/1.1.0-2 Changed Bug title to 'jessie-pu: blktrace/1.0.5-1' from 'stretch-pu: package blktrace/1.1.0-2'. > Let's split this for jessie en stretch Unknown command or malformed arguments to command. > End of message, stopping processing here. Please contact me if you need assistance. -- 899014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899014 899018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899018 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#899014: stretch-pu: package blktrace/1.1.0-2
Package: release.debian.org Severity: normal Tags: stretch,jessie User: release.debian@packages.debian.org Usertags: pu I would like to update blktrace in Jessie (1.0.5-1) and Stretch (1.1.0-2) to fix a buffer overflow (CVE-2018-10689, see https://security-tracker.debian.org/tracker/CVE-2018-10689). I've already discussed this with the security team, and they feel this issue doesn't warrant a DSA, be should be fixed via proposed-updates instead. My proposed new packages can be found at https://zoetekouw.net/Zooi/blktrace/ The debdiff are as follows: For jessie: diff -Nru blktrace-1.0.5/debian/changelog blktrace-1.0.5/debian/changelog --- blktrace-1.0.5/debian/changelog 2013-05-05 14:43:17.0 +0200 +++ blktrace-1.0.5/debian/changelog 2018-05-18 15:57:31.0 +0200 @@ -1,3 +1,9 @@ +blktrace (1.0.5-2) oldstable-proposed-updates; urgency=high + + * Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695) + + -- Bas ZoetekouwFri, 18 May 2018 15:47:57 +0200 + blktrace (1.0.5-1) unstable; urgency=low * New upstream release [February 2012]. diff -Nru blktrace-1.0.5/debian/patches/cve-2018-10689.patch blktrace-1.0.5/debian/patches/cve-2018-10689.patch --- blktrace-1.0.5/debian/patches/cve-2018-10689.patch 1970-01-01 01:00:00.0 +0100 +++ blktrace-1.0.5/debian/patches/cve-2018-10689.patch 2018-05-18 16:05:36.0 +0200 @@ -0,0 +1,18 @@ +Last-Update: 2018-05-16 +Forwarded: yes +Author: Jens Axboe +Description: fix CVE-2018-10689: make device/devno use PATH_MAX to avoid overflow. Patch from https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7 + +Index: blktrace-1.0.5/btt/devmap.c +=== +--- blktrace-1.0.5.orig/btt/devmap.c blktrace-1.0.5/btt/devmap.c +@@ -23,7 +23,7 @@ + + struct devmap { + struct list_head head; +- char device[32], devno[32]; ++ char device[PATH_MAX], devno[PATH_MAX]; + }; + + LIST_HEAD(all_devmaps); diff -Nru blktrace-1.0.5/debian/patches/series blktrace-1.0.5/debian/patches/series --- blktrace-1.0.5/debian/patches/series2012-12-23 12:30:03.0 +0100 +++ blktrace-1.0.5/debian/patches/series2018-05-18 15:56:41.0 +0200 @@ -1,2 +1,3 @@ 10_btrace_paths.patch spelling.patch +cve-2018-10689.patch For Stretch: diff -Nru blktrace-1.1.0/debian/changelog blktrace-1.1.0/debian/changelog --- blktrace-1.1.0/debian/changelog 2015-05-17 14:35:07.0 +0200 +++ blktrace-1.1.0/debian/changelog 2018-05-16 16:19:54.0 +0200 @@ -1,3 +1,9 @@ +blktrace (1.1.0-3) stretch-security; urgency=high + + * Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695) + + -- Bas Zoetekouw Wed, 16 May 2018 16:19:54 +0200 + blktrace (1.1.0-2) unstable; urgency=low * Upload to unstable. diff -Nru blktrace-1.1.0/debian/patches/cve-2018-10689.patch blktrace-1.1.0/debian/patches/cve-2018-10689.patch --- blktrace-1.1.0/debian/patches/cve-2018-10689.patch 1970-01-01 01:00:00.0 +0100 +++ blktrace-1.1.0/debian/patches/cve-2018-10689.patch 2018-05-16 16:19:54.0 +0200 @@ -0,0 +1,18 @@ +Last-Update: 2018-05-16 +Forwarded: yes +Author: Jens Axboe +Description: fix CVE-2018-10689: make device/devno use PATH_MAX to avoid overflow. Patch from https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7 + +diff --git a/btt/devmap.c b/btt/devmap.c +index 0553a9e..5fc1cb2 100644 +--- a/btt/devmap.c b/btt/devmap.c +@@ -23,7 +23,7 @@ + + struct devmap { + struct list_head head; +- char device[32], devno[32]; ++ char device[PATH_MAX], devno[PATH_MAX]; + }; + + LIST_HEAD(all_devmaps); diff -Nru blktrace-1.1.0/debian/patches/series blktrace-1.1.0/debian/patches/series --- blktrace-1.1.0/debian/patches/series2015-03-25 08:40:33.0 +0100 +++ blktrace-1.1.0/debian/patches/series2018-05-16 16:19:54.0 +0200 @@ -4,3 +4,4 @@ pdf-date.patch procnum.patch spelling.patch +cve-2018-10689.patch -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (620, 'stable'), (500, 'stable-updates'), (20, 'unstable'), (10, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#899006: stretch-pu: package intel-microcode/3.20180425.1~deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu I'd like to update the intel-microcode package in Debian stretch. This update adds the microcode-side fix for CVE-2017-5715 aka Spectre v2. It has been very extensibly tested, as noted in the changelog: * RELEASE MANAGER INFORMATION: This update deploys the microcode side fix for CVE-2017-5715 (Spectre v2). On the more recent processors, it also fixes other unspecified errata. This microcode update pack has been extensively tested in Debian unstable, testing, strech-backports and jessie-backports. It has been extensively deployed by other distributions to their stable branches without causing any issues, with one notable exception (a distro-specific kernel bug, already fixed by that distro). The only difference between this package and the ones that have been uploaded (and tested) in jessie-backports, stretch-backports, testing and unstable are in debian/changelog. There is no need to worry about "intel-ucode-with-caveats/06-4f-01", the "caveat" is described in releasenotes: it must be updated using the early microcode update mode. This is irrelevant to Debian, we always use early microcode update mode since jessie, and I had already blacklisted that specific microcode update from any attempts to "late load" a while ago, anyway, because of a documented erratum. Some upstream stuff is irrelevant to Debian and does not get used or shipped in the binary packages, such as the linux-kernel-patches/ directory (our kernel team already has that handled). It can also be ignored. Note that, because Intel switched from text files (".dat" format) to binary format in the upstream microcode distribution, and I use symlinks in the source package, the debdiff ended up *quite big*. The source changes required to support the binary format have been extensively tested, I already had them for a couple (unstable) releases. They are also only relevant during package build. As usual, I have removed the noise caused by the binary blob changes from upstream from the debdiff output for clarity. The abridged debdiff is attached. Full diffstat: /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode-with-caveats/06-4f-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-03-02 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-05-00 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-05-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-05-02 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-05-03 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-06-00 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-06-05 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-06-0a |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-06-0d |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-07-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-07-02 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-07-03 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-08-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-08-03 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-08-06 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-08-0a |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-09-05 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0a-00 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0a-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0b-01 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0b-04 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0d-06 |binary /tmp/RcYbLwjZ1B/intel-microcode-3.20180425.1~deb9u1/intel-ucode/06-0e-08
Processed: tagging 892770
Processing commands for cont...@bugs.debian.org: > tags 892770 + jessie Bug #892770 [release.debian.org] RM: dolibarr/3.5.5+dfsg1-1+deb8u1 Added tag(s) jessie. > thanks Stopping processing here. Please contact me if you need assistance. -- 892770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#898566: transition: gdal
Processing control commands: > forwarded -1 http://release.debian.org/transitions/html/gdal-2.3.0.html Bug #898566 [release.debian.org] transition: gdal Set Bug forwarded-to-address to 'http://release.debian.org/transitions/html/gdal-2.3.0.html'. -- 898566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#898566: transition: gdal
Control: forwarded -1 http://release.debian.org/transitions/html/gdal-2.3.0.html On 13/05/18 18:48, Bas Couwenberg wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > Control: block -1 by 896577 > > For the Debian GIS team I'd like to transition to GDAL 2.3.0. > > Like the previous transition to GDAL 2.2.3 (#884504), there is no SONAME > bump, only the virtual ABI package changed to account for the C++ symbol > changes. > > All reverse dependencies rebuilt successfully with GDAL 2.3.0 from > experimental as summarized below, except mysql-workbench. It does build > successfully with the patch from #896577. > > libgdal-grass doesn't need a binNMU as the 2.3.0 version will be > uploaded to unstable instead. liblas likewise doesn't need a binNMU, > the version is experimental will be moved to unstable instead. Let's wait for icu to migrate to testing, at the very least. Emilio
Bug#898329: marked as done (release.debian.org: bpfcc not migrating to testing)
Your message dated Fri, 18 May 2018 14:43:02 +0200 with message-idand subject line Re: Bug#898329: release.debian.org: bpfcc not migrating to testing has caused the Debian Bug report #898329, regarding release.debian.org: bpfcc not migrating to testing to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 898329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898329 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal As quoted in Debian Bug #898151 bpfcc didn't migrate to testing. I see you have tried to request RoM but still not migrated. After consulting on #debian-dev 12:18 I think it is because arch-all packages are depending on packages that only exist on some arches https://qa.debian.org/excuses.php?package=bpfcc 12:19 IIRC the release team requires those deps to be satisfiable on i386, so I think bpfcc will need hinting into testing 12:19 I got this in an i386 chroot: python3-bpfcc : Depends: libbpfcc (>= 0.5.0-5) but it is not installable 12:19 oddly, https://qa.debian.org/excuses.php?package=bpfcc says "Migration status: OK: Will attempt migration (Any information below is purely informational)" -- "Valid candidate" 12:20 so not everything is playing by the same rules if it still isn't :) 12:20 yeah, testing migration is sometimes confusing. the log link usually explains things 12:21 Maybe that's it 12:21 https://release.debian.org/doc/britney/short-intro-to-migrations.html#migration-phase-2-installability-regression-testing 12:22 I'd suggest reportbug release.debian.org, chose other, request hinting pabs suggests to request britney hints to get the bpfcc migrated. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (100, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 10/05/18 12:17, Ritesh Raj Sarraf wrote: > Package: release.debian.org > Severity: normal > > > As quoted in Debian Bug #898151 > > bpfcc didn't migrate to testing. I see you have tried to request RoM > but still not migrated. After consulting on #debian-dev > > 12:18 I think it is because arch-all packages are depending on > packages that only exist on some arches > https://qa.debian.org/excuses.php?package=bpfcc > 12:19 IIRC the release team requires those deps to be satisfiable > on i386, so I think bpfcc will need hinting into testing > 12:19 I got this in an i386 chroot: python3-bpfcc : Depends: > libbpfcc (>= 0.5.0-5) but it is not installable > 12:19 oddly, https://qa.debian.org/excuses.php?package=bpfcc says > "Migration status: OK: Will attempt migration (Any information below is > purely informational)" -- "Valid candidate" > 12:20 so not everything is playing by the same rules if it still > isn't :) Just to clarify things: being a valid candidate means britney will try to migrate that package to testing. That can still fail (and fails in this case) because the package is not installable on i386 (which is a requirement). I'm overriding that in this case with a force-hint hint. Emilio > 12:20 yeah, testing migration is sometimes confusing. the log link > usually explains things > 12:21 Maybe that's it > 12:21 > https://release.debian.org/doc/britney/short-intro-to-migrations.html#migration-phase-2-installability-regression-testing > 12:22 I'd suggest reportbug release.debian.org, chose other, > request hinting > > > pabs suggests to request britney hints to get the bpfcc migrated. > > -- System Information: > Debian Release: buster/sid > APT prefers testing > APT policy: (900, 'testing'), (500, 'unstable-debug'), (500, > 'testing-debug'), (500, 'unstable'), (100, 'experimental'), (1, > 'experimental-debug') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > --- End Message ---
Processed: Re: Bug#898188: RM: undertow/1.4.8-1+deb9u1
Processing commands for cont...@bugs.debian.org: > tags 898188 + stretch Bug #898188 [release.debian.org] RM: undertow/1.4.8-1+deb9u1 Added tag(s) stretch. > thanks Stopping processing here. Please contact me if you need assistance. -- 898188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898188 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Scheduling 9.5
Hello Sorry for the delay in answering El 14/05/18 a las 19:19, Jonathan Wiltshire escribió: > Hi, > > We're due a point release any day now. Please indicate your availablility > out of: > > - May 26th (meaning freeze this coming weekend, which might be a big ask) > - Jun 2nd (which may require an unusual SRM) > - Jun 9th (getting quite a way out of cadence, but maybe that can't be >helped) We (publicity) are available any of the above weekends. Thanks -- Laura Arjona Reina https://wiki.debian.org/LauraArjona
Re: Scheduling final Jessie point release, 8.11
Hello El 14/05/18 a las 19:26, Jonathan Wiltshire escribió: > Hi, > > According to my records main security support for Jessie can end any time > after 17th June. > > So to the security team: do you have a date in mind? > > I also presume that LTS will take over the existing security suites as > before. [1] lists the current delta between security and o-p-u-new which > would ideally be as short as possible before the EOL date. > > For everyone else, assuming it'll be soon after that date please > indicate your availability from: > > - 23rd Jun Publicity available > - (30th Jun I already know is impossible, for the sake of completeness) Publicity we can't > - 7th July > Publicity available. > or adjacent Sundays. > Sundays we are available, with some difficulty if we decide 1 July, but do-able. Thanks -- Laura Arjona Reina https://wiki.debian.org/LauraArjona
Bug#876944: jessie-pu: package bwm-ng/0.6-3.1
On Sat, Nov 18, 2017 at 10:39:47PM -0200, Samuel Henrique wrote: > 2017-11-18 17:03 GMT-02:00 Adam D. Barratt: > > > On Wed, 2017-09-27 at 00:53 -0300, Samuel Henrique wrote: > > > This is a small change on d/rules passing "--without-libstatgrab" > > > (as advised by upstream on a duplicate bug report[1]) to fix > > > #855215[2]. > > > > > > > While I assume the end result is sane, passing both --with-libstatgrab > > and --without-libstatgrab to the same configure invocation is at best > > confusing... > > > > Thanks for catching that, it was my mistake. > > There's an updated debdiff attached, already pushed to git. For the avoidance of doubt, a confirmed tag means you can go ahead and upload. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51