Re: How to handle daemon-not-running bugs of debhelper compat level 11?

2019-05-06 Thread Niels Thykier
Michael Biebl:
> Am 30.04.19 um 17:26 schrieb Michael Biebl:
>> Am 29.04.19 um 21:53 schrieb Niels Thykier:
> 
>>> override_dh_installinit:
>>> DH_COMPAT=12 dh_installinit ...
>>>
>>> override_dh_installsystemd:
>>> DH_COMPAT=12 dh_installsystemd ...
>>>
>>> Note the exact runes needed depend on your existing compat level and
>>> package; the above runes are geared towards compat 11 but are untested.
>>>  For compat 10 and earlier you want a similar but slightly different
>>> approach.
>>>
>>> I believe that is the (general) route/path of "least evil/problematic"
>>> for buster (without having looked at the concrete packaging at all).
>>

For reference, I forgot that the packages must have a

Pre-Depends: ${misc:Pre-Depends}

(or an explicit pre dependency on init-system-helpers (>= 1.54~), but
the former is strongly preferred).

>> I picked a package from list.txt at random: uptimed
>> I verified that a "apt install uptimed; apt remove uptimed; apt install
>> uptimed" sequence results in a non-running uptimed.service.
>>
>> I then followed the hints from Niels and tried the attached patch.
>> It seems to fix the issue at hand.
>>

Thanks for confirming. :)

>>
>> I'd be interested to know, how the release team would like to this issue
>> handled.  While I did spot a few false positives when glancing over the
>> list (e.g. packages which use --no-start, so are not affected), I would
>> expect the majority of packages to be affected.
>>
>> I can offer to do a MBF if the release team thinks this issue is
>> important enough to be fixed for buster.
> 
> If the release teams thinks that this should be fixed for buster, I
> wonder if we shouldn't consider a second approach: Updating debhelper to
> use compat mode 12 behaviour for dh_installinit/dh_installsystemd if
> compat mode is set to 11.
> This would avoid a lot of churn. If we basically update all packages to
> use compat mode 12 behaviour explicitly, we might just as well do that
> change in a single package.
> 
> Regards,
> Michael
> 

We would still have to issue binNMUs and we can only do this for
arch:any packages with a "Pre-Depends: ${misc:Pre-Depends}" already
(otherwise, it will cause upgrade issues - or for arch:all, the binNMU
will be rejected).

Do you have an estimate of how many packages can be binNMUed vs. how
many will require a manual upload regardless?

Thanks,
~Niels




Bug#928548: marked as done (unblock: libetpan/1.9.3-2)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Tue, 07 May 2019 05:15:00 +
with message-id <7cad46cd-5493-803d-c789-74010d59c...@thykier.net>
and subject line Re: Bug#928548: unblock: libetpan/1.9.3-2
has caused the Debian Bug report #928548,
regarding unblock: libetpan/1.9.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libetpan

The upload just adds an upstream patch to fix serious bug #927709.

Full debdiff attached, thanks in advance!

unblock libetpan/1.9.3-2

-- System Information:
Debian Release: 9.8
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libetpan-1.9.3/debian/changelog libetpan-1.9.3/debian/changelog
--- libetpan-1.9.3/debian/changelog 2019-01-26 20:49:11.0 +0100
+++ libetpan-1.9.3/debian/changelog 2019-05-06 23:27:54.0 +0200
@@ -1,3 +1,11 @@
+libetpan (1.9.3-2) unstable; urgency=high
+
+  * debian/patches/90_fix_tls_timeout.diff
+  - Add upstream patch to fix TLS timeout (Closes: #927709)
+  * Raised changelog urgency because of serious bug
+
+ -- Ricardo Mones   Mon, 06 May 2019 23:27:54 +0200
+
 libetpan (1.9.3-1) unstable; urgency=medium
 
   * New upstream version 1.9.3
diff -Nru libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff 
libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff
--- libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff   1970-01-01 
01:00:00.0 +0100
+++ libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff   2019-05-06 
23:27:54.0 +0200
@@ -0,0 +1,19 @@
+Origin: 
https://github.com/dinhviethoa/libetpan/commit/4aee22436809af67f23170fe15106b91ff2971e6
+Subject: Fix TLS timeouts with recent versions of GnuTLS
+ gnutls_handshake_set_timeout takes a timeout value in ms, but we were
+ providing a value in seconds. This means that on new-enough platforms
+ that use GnuTLS (e.g., Debian Buster), we would accidentally configure
+ a timeout 1,000 times shorter than requested.
+Bug-Debian: https://bugs.debian.org/927709
+
+--- a/src/data-types/mailstream_ssl.c
 b/src/data-types/mailstream_ssl.c
+@@ -636,7 +636,7 @@ static struct mailstream_ssl_data * ssl_data_new(int fd, 
time_t timeout,
+   timeout_value = mailstream_network_delay.tv_sec * 1000 + 
mailstream_network_delay.tv_usec / 1000;
+   }
+   else {
+-  timeout_value = timeout;
++  timeout_value = timeout * 1000;
+   }
+ #if GNUTLS_VERSION_NUMBER >= 0x030100
+   gnutls_handshake_set_timeout(session, timeout_value);
diff -Nru libetpan-1.9.3/debian/patches/series 
libetpan-1.9.3/debian/patches/series
--- libetpan-1.9.3/debian/patches/series2019-01-26 20:49:11.0 
+0100
+++ libetpan-1.9.3/debian/patches/series2019-05-06 23:27:54.0 
+0200
@@ -1,3 +1,4 @@
 # 10_unnecessary_linkage.diff
 11_use_openjade.diff
 12_add_dummy_readme.diff
+90_fix_tls_timeout.diff
--- End Message ---
--- Begin Message ---
Ricardo Mones:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libetpan
> 
> The upload just adds an upstream patch to fix serious bug #927709.
> 
> Full debdiff attached, thanks in advance!
> 
> unblock libetpan/1.9.3-2
> 
> [...]

Unblocked, thanks.
~Niels--- End Message ---


Bug#928556: stretch-pu: package gocode/20150303-3+deb9u2

2019-05-06 Thread Andreas Beckmann
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

the last stretch-pu update of gocode caused a regression on
jessie->stretch updates. If I make the recently added Pre-Depends
versioned to pull in the version from stretch first, everything seems to
work again as expected.


Andreas
diff -Nru gocode-20150303/debian/changelog gocode-20150303/debian/changelog
--- gocode-20150303/debian/changelog2019-04-05 10:36:56.0 +0200
+++ gocode-20150303/debian/changelog2019-05-07 05:08:04.0 +0200
@@ -1,3 +1,11 @@
+gocode (20150303-3+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * gocode-auto-complete-el: Make Pre-Depends: auto-complete-el versioned to
+fix upgrades from jessie to stretch.
+
+ -- Andreas Beckmann   Tue, 07 May 2019 05:08:04 +0200
+
 gocode (20150303-3+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload.
diff -Nru gocode-20150303/debian/control gocode-20150303/debian/control
--- gocode-20150303/debian/control  2019-04-05 10:36:56.0 +0200
+++ gocode-20150303/debian/control  2019-05-07 03:55:56.0 +0200
@@ -29,7 +29,7 @@
 Package: gocode-auto-complete-el
 Section: editors
 Architecture: all
-Pre-Depends: auto-complete-el,
+Pre-Depends: auto-complete-el (>= 1.3.1-2+deb9u1),
 Depends: ${shlibs:Depends}, ${misc:Depends}, gocode,
 Enhances: gocode
 Description: gocode integration for Emacs


Bug#928553: stretch-pu: package libthrift-java/0.9.1-2.1~deb9u1

2019-05-06 Thread Andreas Beckmann
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

The fix for CVE-2018-1320 was in sid (0.9.1-2.1) before the package got
removed, and is in jessie-lts (0.9.1-2+deb8u1), leaving stretch at an
older version than jessie-lts. So let's get it in stretch to restore
monotonic version ordering.


Andreas
diff -Nru libthrift-java-0.9.1/debian/changelog 
libthrift-java-0.9.1/debian/changelog
--- libthrift-java-0.9.1/debian/changelog   2014-10-17 00:28:43.0 
+0200
+++ libthrift-java-0.9.1/debian/changelog   2019-05-07 03:44:09.0 
+0200
@@ -1,3 +1,22 @@
+libthrift-java (0.9.1-2.1~deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+ -- Andreas Beckmann   Tue, 07 May 2019 03:44:09 +0200
+
+libthrift-java (0.9.1-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-1320:
+It was discovered that it was possible to bypass SASL negotiation
+isComplete validation in the org.apache.thrift.transport.TSaslTransport
+class. An assert used to determine if the SASL handshake had successfully
+completed could be disabled in production settings making the validation
+incomplete. (Closes: #918736)
+
+ -- Markus Koschany   Wed, 06 Feb 2019 19:04:12 +0100
+
 libthrift-java (0.9.1-2) unstable; urgency=low
 
   * Use 3.0 (quilt) source format.
diff -Nru libthrift-java-0.9.1/debian/patches/CVE-2018-1320.patch 
libthrift-java-0.9.1/debian/patches/CVE-2018-1320.patch
--- libthrift-java-0.9.1/debian/patches/CVE-2018-1320.patch 1970-01-01 
01:00:00.0 +0100
+++ libthrift-java-0.9.1/debian/patches/CVE-2018-1320.patch 2019-02-06 
19:04:12.0 +0100
@@ -0,0 +1,32 @@
+From: Markus Koschany 
+Date: Wed, 6 Feb 2019 18:59:31 +0100
+Subject: CVE-2018-1320
+
+Bug-Debian: https://bugs.debian.org/918736
+Origin: 
https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
+---
+ src/org/apache/thrift/transport/TSaslTransport.java | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/org/apache/thrift/transport/TSaslTransport.java 
b/src/org/apache/thrift/transport/TSaslTransport.java
+index b54746c..2f62016 100644
+--- a/src/org/apache/thrift/transport/TSaslTransport.java
 b/src/org/apache/thrift/transport/TSaslTransport.java
+@@ -268,7 +268,7 @@ abstract class TSaslTransport extends TTransport {
+ if (message.status == NegotiationStatus.COMPLETE &&
+ getRole() == SaslRole.CLIENT) {
+   LOGGER.debug("{}: All done!", getRole());
+-  break;
++  continue;
+ }
+ 
+ sendSaslMessage(sasl.isComplete() ? NegotiationStatus.COMPLETE : 
NegotiationStatus.OK,
+@@ -276,8 +276,6 @@ abstract class TSaslTransport extends TTransport {
+   }
+   LOGGER.debug("{}: Main negotiation loop complete", getRole());
+ 
+-  assert sasl.isComplete();
+-
+   // If we're the client, and we're complete, but the server isn't
+   // complete yet, we need to wait for its response. This will occur
+   // with ANONYMOUS auth, for example, where we send an initial response
diff -Nru libthrift-java-0.9.1/debian/patches/series 
libthrift-java-0.9.1/debian/patches/series
--- libthrift-java-0.9.1/debian/patches/series  1970-01-01 01:00:00.0 
+0100
+++ libthrift-java-0.9.1/debian/patches/series  2019-02-06 19:04:12.0 
+0100
@@ -0,0 +1 @@
+CVE-2018-1320.patch


Bug#928548: unblock: libetpan/1.9.3-2

2019-05-06 Thread Ricardo Mones
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libetpan

The upload just adds an upstream patch to fix serious bug #927709.

Full debdiff attached, thanks in advance!

unblock libetpan/1.9.3-2

-- System Information:
Debian Release: 9.8
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libetpan-1.9.3/debian/changelog libetpan-1.9.3/debian/changelog
--- libetpan-1.9.3/debian/changelog 2019-01-26 20:49:11.0 +0100
+++ libetpan-1.9.3/debian/changelog 2019-05-06 23:27:54.0 +0200
@@ -1,3 +1,11 @@
+libetpan (1.9.3-2) unstable; urgency=high
+
+  * debian/patches/90_fix_tls_timeout.diff
+  - Add upstream patch to fix TLS timeout (Closes: #927709)
+  * Raised changelog urgency because of serious bug
+
+ -- Ricardo Mones   Mon, 06 May 2019 23:27:54 +0200
+
 libetpan (1.9.3-1) unstable; urgency=medium
 
   * New upstream version 1.9.3
diff -Nru libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff 
libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff
--- libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff   1970-01-01 
01:00:00.0 +0100
+++ libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff   2019-05-06 
23:27:54.0 +0200
@@ -0,0 +1,19 @@
+Origin: 
https://github.com/dinhviethoa/libetpan/commit/4aee22436809af67f23170fe15106b91ff2971e6
+Subject: Fix TLS timeouts with recent versions of GnuTLS
+ gnutls_handshake_set_timeout takes a timeout value in ms, but we were
+ providing a value in seconds. This means that on new-enough platforms
+ that use GnuTLS (e.g., Debian Buster), we would accidentally configure
+ a timeout 1,000 times shorter than requested.
+Bug-Debian: https://bugs.debian.org/927709
+
+--- a/src/data-types/mailstream_ssl.c
 b/src/data-types/mailstream_ssl.c
+@@ -636,7 +636,7 @@ static struct mailstream_ssl_data * ssl_data_new(int fd, 
time_t timeout,
+   timeout_value = mailstream_network_delay.tv_sec * 1000 + 
mailstream_network_delay.tv_usec / 1000;
+   }
+   else {
+-  timeout_value = timeout;
++  timeout_value = timeout * 1000;
+   }
+ #if GNUTLS_VERSION_NUMBER >= 0x030100
+   gnutls_handshake_set_timeout(session, timeout_value);
diff -Nru libetpan-1.9.3/debian/patches/series 
libetpan-1.9.3/debian/patches/series
--- libetpan-1.9.3/debian/patches/series2019-01-26 20:49:11.0 
+0100
+++ libetpan-1.9.3/debian/patches/series2019-05-06 23:27:54.0 
+0200
@@ -1,3 +1,4 @@
 # 10_unnecessary_linkage.diff
 11_use_openjade.diff
 12_add_dummy_readme.diff
+90_fix_tls_timeout.diff


Bug#928351: unblock dhcpcd5/7.1.0-2

2019-05-06 Thread Paul Gevers
Control: tags -1 moreinfo confirmed

Hi Scott,

On 06-05-2019 05:30, Scott Leggett wrote:
> On 2019-05-05.20:47, Salvatore Bonaccorso wrote:
>> As for all those CVEs are known (see respective bugs and
>> security-tracker), can you please add the rspective CVE ids as well to
>> the debian/changelog enttries?
> 
> Done, see amended debdiff attached.

Please go ahead and upload. Remove the moreinfo tag when you package is
available in unstable.

Paul



signature.asc
Description: OpenPGP digital signature


Processed: Re: Bug#928351: unblock dhcpcd5/7.1.0-2

2019-05-06 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 moreinfo confirmed
Bug #928351 [release.debian.org] unblock dhcpcd5/7.1.0-2
Added tag(s) confirmed.

-- 
928351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#928401: [pre-approval] unblock: manpages/4.16-2

2019-05-06 Thread Paul Gevers
Control: tags -1 confirmed moreinfo

On 03-05-2019 23:28, Dr. Tobias Quathamer wrote:
> Am 03.05.19 um 22:58 schrieb Dr. Tobias Quathamer:
>> I've attached the .dsc debdiff. I can confirm that the debdiff of the
>> binary packages shows the newly included manpages.
> 
> ... however, the Replaces/Breaks have not been in the correct binary
> package stanza. Please take a look at the new debdiff. Sorry.

Please continue with the upload and remove the moreinfo tag once the
package is available in unstable.

Paul



signature.asc
Description: OpenPGP digital signature


Processed: Re: [pre-approval] unblock: manpages/4.16-2

2019-05-06 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 confirmed moreinfo
Bug #928401 [release.debian.org] [pre-approval] unblock: manpages/4.16-2
Added tag(s) moreinfo and confirmed.

-- 
928401: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928401
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#928527: marked as done (unblock: peek/1.3.1-6)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:26:00 +
with message-id <8db2d61c-d38a-0cb3-6ff3-fa1952293...@thykier.net>
and subject line Re: Bug#928527: unblock: peek/1.3.1-6
has caused the Debian Bug report #928527,
regarding unblock: peek/1.3.1-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928527
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock peek 1.3.1-6. This upload fixes https://bugs.debian.org/926386 ,
which caused the application to crash when recording GIF using the
ffmpeg backend.

The full debdiff is pasted here.

--
Thanks,
Boyuan Yang

diff -Nru peek-1.3.1/debian/changelog peek-1.3.1/debian/changelog
--- peek-1.3.1/debian/changelog2019-02-08 13:14:08.0 -0500
+++ peek-1.3.1/debian/changelog2019-05-06 13:27:48.0 -0400
@@ -1,3 +1,10 @@
+peek (1.3.1-6) unstable; urgency=high
+
+  * debian/patches: Add patch 0003 to fix double free crashing when
+passing string array to async function. (Closes: #926386)
+
+ -- Boyuan Yang   Mon, 06 May 2019 13:27:48 -0400
+
 peek (1.3.1-5) unstable; urgency=medium

   * Rebuild for Debian buster.
diff -Nru 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
--- 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
   1969-12-31 19:00:00.0 -0500
+++ 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
   2019-05-06 13:27:48.0 -0400
@@ -0,0 +1,43 @@
+From: Bernhard Übelacker 
+Date: Mon, 6 May 2019 13:29:50 -0400
+Subject: Avoid double free when passing string array to async function
+
+Bug-Debian: https://bugs.debian.org/926386
+Last-Update: 2019-04-20
+Forwarded: https://github.com/phw/peek/issues/419
+---
+ src/post-processing/ffmpeg-post-processor.vala | 20 
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/post-processing/ffmpeg-post-processor.vala
b/src/post-processing/ffmpeg-post-processor.vala
+index c9727c0..1a3d59c 100644
+--- a/src/post-processing/ffmpeg-post-processor.vala
 b/src/post-processing/ffmpeg-post-processor.vala
+@@ -79,15 +79,19 @@ namespace Peek.PostProcessing {
+ var extension = Utils.get_file_extension_for_format
(config.output_format);
+ var output_file = Utils.create_temp_file (extension);
+
+-string[] args = {
+-  "ffmpeg", "-y",
+-  "-i", input_file.get_path (),
+-  "-i", palette_file.get_path (),
+-  "-filter_complex", "fps=%d,paletteuse".printf (config.framerate)
+-};
+-
+ var argv = new Array ();
+-argv.append_vals (args, args.length);
++
++argv.append_val ("ffmpeg");
++argv.append_val ("-y");
++
++argv.append_val ("-i");
++argv.append_val (input_file.get_path ());
++
++argv.append_val ("-i");
++argv.append_val (palette_file.get_path ());
++
++argv.append_val ("-filter_complex");
++argv.append_val ("fps=%d,paletteuse".printf (config.framerate));
+
+ if (config.output_format == OutputFormat.APNG) {
+   argv.append_val ("-plays");
diff -Nru peek-1.3.1/debian/patches/series peek-1.3.1/debian/patches/series
--- peek-1.3.1/debian/patches/series2019-02-08 13:13:19.0 -0500
+++ peek-1.3.1/debian/patches/series2019-05-06 13:27:48.0 -0400
@@ -1,2 +1,3 @@
 0001-src-Backport-upstream-trunk-code-till-20190121.patch
 0002-appdata-Fix-validation-warning-The-summary-tag-must-.patch
+0003-avoid-double-free-when-passing-string-array-to-async-function.patch
--- End Message ---
--- Begin Message ---
Boyuan Yang:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock peek 1.3.1-6. This upload fixes https://bugs.debian.org/926386 
> ,
> which caused the application to crash when recording GIF using the
> ffmpeg backend.
> 
> The full debdiff is pasted here.
> 
> --
> Thanks,
> Boyuan Yang
> 
> [...]
> 


Unblocked, thanks.
~Niels--- End Message ---


Bug#928501: marked as done (unblock: teeworlds/0.7.2-5)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:23:00 +
with message-id <9a0d5fa2-6a82-aace-b144-b0176db47...@thykier.net>
and subject line Re: Bug#928501: unblock: teeworlds/0.7.2-5
has caused the Debian Bug report #928501,
regarding unblock: teeworlds/0.7.2-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928501
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,
Please unblock package teeworlds.

  * Add upstream patches to fix CVE-2019-10877 CVE-2019-10878
CVE-2019-10879 (Closes: #927152).
  * Add upstream patch to fix creation of recursive path. (Closes: #928110)

Thanks.
Best,
Dylan


teeworlds_0.7.2-5.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Dylan Aïssi:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release team,
> Please unblock package teeworlds.
> 
>   * Add upstream patches to fix CVE-2019-10877 CVE-2019-10878
> CVE-2019-10879 (Closes: #927152).
>   * Add upstream patch to fix creation of recursive path. (Closes: #928110)
> 
> Thanks.
> Best,
> Dylan
> 

Unblocked, thanks.
~Niels--- End Message ---


Bug#928496: marked as done (unblock: haveged/1.9.1-7)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:10:00 +
with message-id 
and subject line Re: Bug#928496: unblock: haveged/1.9.1-7
has caused the Debian Bug report #928496,
regarding unblock: haveged/1.9.1-7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928496: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928496
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please review the haveged udeb addition that I've implemented to fix
entropy starvation issues in d-i. There are other changes in d-i
components to leverage this addition (in rootskel and debian-installer)
that I'm fine with vetting myself since they're clearly under the
installer team umbrella (unless you instruct otherwise).

haveged isn't directly maintained by us and even if the maintainer
gave me carte blanche[1], I'd be more content with a review from the
release team.

 1. https://bugs.debian.org/927376#10


Changelog excerpt (full source debdiff attached):

,---
| haveged (1.9.1-7) unstable; urgency=medium
| 
|   [ Cyril Brulebois ]
|   * Add haveged-udeb, for use from the Debian Installer (See: #923675,
| Closes: #927376).
|   * Bundle the daemon and the library in haveged-udeb, since the daemon
| is the only user of the libhavege.so.1 SONAME.
| 
|   [ Ondřej Nový ]
|   * d/control: Set Vcs-* to salsa.debian.org
| 
|  -- Cyril Brulebois   Fri, 19 Apr 2019 18:29:05 +0200
`---


If that looks fine, feel free to:

  unblock haveged/1.9.1-7
  unblock-udeb haveged/1.9.1-7


Thanks for your time!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant
diff -Nru haveged-1.9.1/debian/changelog haveged-1.9.1/debian/changelog
--- haveged-1.9.1/debian/changelog  2017-07-17 16:05:45.0 +
+++ haveged-1.9.1/debian/changelog  2019-04-19 16:29:05.0 +
@@ -1,3 +1,16 @@
+haveged (1.9.1-7) unstable; urgency=medium
+
+  [ Cyril Brulebois ]
+  * Add haveged-udeb, for use from the Debian Installer (See: #923675,
+Closes: #927376).
+  * Bundle the daemon and the library in haveged-udeb, since the daemon
+is the only user of the libhavege.so.1 SONAME.
+
+  [ Ondřej Nový ]
+  * d/control: Set Vcs-* to salsa.debian.org
+
+ -- Cyril Brulebois   Fri, 19 Apr 2019 18:29:05 +0200
+
 haveged (1.9.1-6) unstable; urgency=high
 
   * Start haveged.service after systemd-tmpfiles-setup.service has been run.
diff -Nru haveged-1.9.1/debian/control haveged-1.9.1/debian/control
--- haveged-1.9.1/debian/control2017-07-17 15:42:46.0 +
+++ haveged-1.9.1/debian/control2019-04-18 16:32:42.0 +
@@ -5,8 +5,8 @@
 Build-Depends: debhelper (>= 9), dh-apparmor, dh-autoreconf, dh-systemd
 Standards-Version: 3.9.8
 Homepage: http://issihosts.com/haveged/
-Vcs-Git: https://alioth.debian.org/anonscm/git/collab-maint/haveged.git
-Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/haveged.git
+Vcs-Git: https://salsa.debian.org/debian/haveged.git
+Vcs-Browser: https://salsa.debian.org/debian/haveged
 
 Package: haveged
 Architecture: linux-any
@@ -71,3 +71,11 @@
  http://www.irisa.fr/caps/projects/hipsor/
  .
  This package contains the development files.
+
+Package: haveged-udeb
+Package-Type: udeb
+Section: debian-installer
+Architecture: linux-any
+Depends: ${shlibs:Depends}
+Description: Linux entropy source using the HAVEGE algorithm -- udeb
+ This package is for use in the Debian Installer.
diff -Nru haveged-1.9.1/debian/haveged-udeb.install 
haveged-1.9.1/debian/haveged-udeb.install
--- haveged-1.9.1/debian/haveged-udeb.install   1970-01-01 00:00:00.0 
+
+++ haveged-1.9.1/debian/haveged-udeb.install   2019-04-16 22:25:12.0 
+
@@ -0,0 +1,2 @@
+usr/sbin/haveged
+usr/lib/*/libhavege.so.*
diff -Nru haveged-1.9.1/debian/shlibs.local haveged-1.9.1/debian/shlibs.local
--- haveged-1.9.1/debian/shlibs.local   1970-01-01 00:00:00.0 +
+++ haveged-1.9.1/debian/shlibs.local   2019-04-16 22:45:49.0 +
@@ -0,0 +1,4 @@
+# No need to ship a separate libhavege1-udeb, so bundle the daemon and
+# the library in the same udeb (haveged-udeb), and let shlibs:Depends
+# computation know where libhavege.so.1 is shipped:
+udeb: libhavege 1 haveged-udeb
--- End Message ---
--- Begin Message ---
Cyril Brulebois:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> Please review 

Bug#926878: Bug

2019-05-06 Thread Paul Gevers
Hmm.

On 06-05-2019 21:52, Paul Gevers wrote:
> Also make sure you can help them moving forward with their unblock
> request, by making sure your *targeted* fixes are available in unstable.
> sa-exim would need to be unblocked first or at the same time, so don't
> add unnecessary changes to your package and file an unblock request when
> your package lands in unstable.

While typing the above, it seems that I mis-remembered the situation a
bit. Just to get it clear, is or is not your package currently broken in
buster? In other words, from sa-exim point of view, would you need an
improved exim package in buster?

If the answer to the above is no, the sa-exim package is fine, you want
to remove the "buster" tag from bug 926952 to prevent autoremoval from
buster. You also want to make sure that the severity of the bugs in
sa-exim are correct. As far as I can see at this moment, you only have
severity normal bugs.

Paul



signature.asc
Description: OpenPGP digital signature


Bug#928455: marked as done ([pre-a] unblock: perl6-zef/0.6.2-2)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:12:00 +
with message-id 
and subject line Re: Bug#928455: [pre-a] unblock: perl6-zef/0.6.2-2
has caused the Debian Bug report #928455,
regarding [pre-a] unblock: perl6-zef/0.6.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Robert Lemmen , Dominique Dumont 


Please unblock package perl6-zef

(explain the reason for the unblock here)

As I reported in #928454, the outdated mirror URL list renders zef,
the perl6 package manager nearly unusable:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928454

Luckily we can fix the package for Buster by simply updating the list:
https://github.com/ugexe/zef/blob/master/resources/config.json#L60-L62
I asked upstream author on IRC and they acked that the mirror list is
not likely to be changed for the Buster lifecycle.

(include/attach the debdiff against the package in testing)

```
--- config.json.orig2019-05-05 03:31:08.251673414 +
+++ config.json 2019-05-05 03:32:01.71262 +
@@ -57,10 +57,9 @@
 "name" : "p6c",
 "auto-update" : 1,
 "mirrors" : [
-"http://ecosystem-api.p6c.org/projects1.json";,
-"http://ecosystem-api.p6c.org/projects.json";,
+
"https://raw.githubusercontent.com/ugexe/Perl6-ecosystems/master/p6c1.json";,
 "git://github.com/ugexe/Perl6-ecosystems.git",
-
"https://raw.githubusercontent.com/ugexe/Perl6-ecosystems/master/p6c1.json";
+"http://ecosystem-api.p6c.org/projects1.json";
 ]
 }
 },
```

unblock perl6-zef/0.6.2-2

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Mo Zhou:
> control: tags -1 -moreinfo
> 
> Uploaded to unstable.
> 
> On Sun, May 05, 2019 at 11:51:00AM +, Niels Thykier wrote:
>> Please go ahead with the upload and remove the moreinfo tag when it is
>> in unstable and ready to be unblocked.
> 
> ~/D/perl6 ❯❯❯ debdiff --diffstat perl6-zef_0.6.2-1.dsc perl6-zef_0.6.2-2.dsc
> diffstat for perl6-zef-0.6.2 perl6-zef-0.6.2
> 
> [...]

Unblocked, thanks.
~Niels--- End Message ---


Bug#926992: marked as done (unblock: sia/1.3.0-1.1~deb10u1 [t-p-u])

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:13:00 +
with message-id <9d980682-aa44-e05b-41d0-cf9a746e3...@thykier.net>
and subject line Re: Bug#926992: unblock: sia/1.3.0-1.1
has caused the Debian Bug report #926992,
regarding unblock: sia/1.3.0-1.1~deb10u1 [t-p-u]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
926992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926992
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Control: tag -1 moreinfo

Please unblock package sia

This NMU adds 'missingok' to the logrotate config, fixing piuparts
failures in sid, buster and upgrades to buster, where logrotate
configuration is now being checked by piuparts.

I missed this package in my previous round of NMUs and therefore it only
enetred DELAYED/5 a few minutes ago.

unblock sia/1.3.0-1.1


Thanks for considering,

Andreas
diff -Nru sia-1.3.0/debian/changelog sia-1.3.0/debian/changelog
--- sia-1.3.0/debian/changelog  2017-11-01 00:54:54.0 +0100
+++ sia-1.3.0/debian/changelog  2019-04-13 09:42:04.0 +0200
@@ -1,3 +1,10 @@
+sia (1.3.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add 'missingok' to logrotate config.  (Closes: #910439)
+
+ -- Andreas Beckmann   Sat, 13 Apr 2019 09:42:04 +0200
+
 sia (1.3.0-1) unstable; urgency=medium
 
   [ Bjorn Dolk ]
diff -Nru sia-1.3.0/debian/sia.logrotate sia-1.3.0/debian/sia.logrotate
--- sia-1.3.0/debian/sia.logrotate  2017-11-01 00:54:54.0 +0100
+++ sia-1.3.0/debian/sia.logrotate  2019-04-13 09:32:11.0 +0200
@@ -3,4 +3,5 @@
 copytruncate
 rotate 14
 compress
+missingok
 }
--- End Message ---
--- Begin Message ---
Niels Thykier:
> Andreas Beckmann:
>> Control: reopen -1
>> Control: retitle -1 unblock: sia/1.3.0-1.1~deb10u1 [t-p-u]
>>
>> On 2019-04-29 07:42, Niels Thykier wrote:
>>> Ok, can you prepare a t-p-u upload to fix this directly in testing then?
>>
>> What is the correct (or preferred) distribution for t-p-u uploads ?
>> "buster" or "testing-proposed-updates" ? Attached patch uses the latter.
>>
>>
>> Andreas
>>
> 
> Either way should work.
> 
> I think there is a slight preference for buster-proposed-updates because
> it automatically updates in case buster becomes stable before the upload
> is complete (but it has been a while since someone asked me).
> 
> Please go ahead with the upload, btw. :)
> 
> Thanks,
> ~Niels
> 

Aproved, thanks.
~Niels--- End Message ---


Bug#928502: marked as done (unblock: notmuch/0.28.4-1)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:03:00 +
with message-id <94d23c96-d9f3-a730-bd87-97f4ac8c0...@thykier.net>
and subject line Re: Bug#928502: unblock: notmuch/0.28.4-1
has caused the Debian Bug report #928502,
regarding unblock: notmuch/0.28.4-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please unblock package notmuch

This release fixes a bug discovered by Rob Browning. The version of
notmuch in testing will report an error and exit with status 1 (after
generating the correct output) if the input for "notmuch show
- --format=raw" is a multiple of 4096 bytes. This seems at least
severity important since it breaks people's scripts.

There's one line of code change, to notmuch-show.c. There is some new
tests, which could be disabled if that seemed safer/better.

diff -Nru notmuch-0.28.3/bindings/python/notmuch/version.py 
notmuch-0.28.4/bindings/python/notmuch/version.py
- --- notmuch-0.28.3/bindings/python/notmuch/version.py 2019-03-05 
21:46:41.0 -0400
+++ notmuch-0.28.4/bindings/python/notmuch/version.py   2019-05-05 
08:09:30.0 -0300
@@ -1,3 +1,3 @@
 # this file should be kept in sync with ../../../version
- -__VERSION__ = '0.28.3'
+__VERSION__ = '0.28.4'
 SOVERSION = '5'
diff -Nru notmuch-0.28.3/debian/changelog notmuch-0.28.4/debian/changelog
- --- notmuch-0.28.3/debian/changelog   2019-03-05 15:39:09.0 -0400
+++ notmuch-0.28.4/debian/changelog 2019-05-05 08:08:56.0 -0300
@@ -1,3 +1,12 @@
+notmuch (0.28.4-1) unstable; urgency=medium
+
+  * New upstream bugfix release
+  * Fix for bug in 'notmuch show --raw' that causes spurious errors to be
+reported when the mail file is a multiple of the libc buffer size
+(e.g. 4096 bytes).
+
+ -- David Bremner   Sun, 05 May 2019 08:08:56 -0300
+
 notmuch (0.28.3-1) unstable; urgency=medium
 
   * New upstream bugfix release.
diff -Nru notmuch-0.28.3/NEWS notmuch-0.28.4/NEWS
- --- notmuch-0.28.3/NEWS   2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/NEWS 2019-05-05 08:09:30.0 -0300
@@ -1,3 +1,12 @@
+Notmuch 0.28.4 (2019-05-05)
+===
+
+Command line interface
+--
+
+Fix a spurious error when using `notmuch show --raw` on messages whose
+size is a multiple of the internal buffer size.
+
 Notmuch 0.28.3 (2019-03-05)
 ===
 
diff -Nru notmuch-0.28.3/notmuch-show.c notmuch-0.28.4/notmuch-show.c
- --- notmuch-0.28.3/notmuch-show.c 2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/notmuch-show.c   2019-05-05 08:09:30.0 -0300
@@ -851,7 +851,7 @@
return NOTMUCH_STATUS_FILE_ERROR;
}
 
- - if (fwrite (buf, size, 1, stdout) != 1) {
+   if (size > 0 && fwrite (buf, size, 1, stdout) != 1) {
fprintf (stderr, "Error: Write failed\n");
fclose (file);
return NOTMUCH_STATUS_FILE_ERROR;
diff -Nru notmuch-0.28.3/test/T210-raw.sh notmuch-0.28.4/test/T210-raw.sh
- --- notmuch-0.28.3/test/T210-raw.sh   2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/test/T210-raw.sh 2019-05-05 08:09:30.0 -0300
@@ -30,4 +30,38 @@
 
 This is just a test message (#2)"
 
+test_python < 0:
+line = '.' * min(padding, 72)
+lines.append(line)
+padding = padding - len(line) - 1
+content ='\n'.join(lines)
+msg.set_content(content)
+with open('mail/size-{:07d}'.format(size), 'wb') as f:
+f.write(bytes(msg))
+EOF
+
+notmuch new --quiet
+
+for pow in {10..20}; do
+printf -v size "%07d" $((2**$pow))
+test_begin_subtest "content, message of size $size"
+notmuch show --format=raw subject:$size > OUTPUT
+test_expect_equal_file mail/size-$size OUTPUT
+test_begin_subtest "return value, message of size $size"
+test_expect_success  "notmuch show --format=raw subject:$size > /dev/null"
+done
+
 test_done
diff -Nru notmuch-0.28.3/.travis.yml notmuch-0.28.4/.travis.yml
- --- notmuch-0.28.3/.travis.yml2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/.travis.yml  2019-05-05 08:09:30.0 -0300
@@ -1,7 +1,6 @@
 language: c
 
- -dist: trusty
- -sudo: false
+dist: xenial
 
 addons:
   apt:
diff -Nru notmuch-0.28.3/version notmuch-0.28.4/version
- --- notmuch-0.28.3/version2019-03-05 21:46:4

Bug#928395: marked as done (unblock: apt/1.8.1)

2019-05-06 Thread Debian Bug Tracking System
Your message dated Mon, 06 May 2019 20:00:00 +
with message-id 
and subject line Re: Bug#928395: unblock: apt/1.8.1
has caused the Debian Bug report #928395,
regarding unblock: apt/1.8.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928395
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package apt

I'd like to add systemd inhibitor support to apt in buster, so people
don't shoot each other in the foot, in case one admin reboots a machine
while somebody else is installing patches.

The diff is quite small.

I'd also love to smuggle in some additional kernel package names in
debian/apt.conf.autoremove - they don't really affect, only Ubuntu - we
share the 1.8.y series for like 9 mo, but it's not an invasive change
(there's like 0 potential of a regression), I think they are:

  linux-buildinfo
  linux-image-unsigned
  linux-source

But I have not committed them yet.

unblock apt/1.8.1

-- System Information:
Debian Release: buster/sid
  APT prefers eoan
  APT policy: (991, 'eoan'), (500, 'eoan'), (500, 'cosmic-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.0-13-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en
diff --git a/CMake/FindSystemd.cmake b/CMake/FindSystemd.cmake
new file mode 100644
index 0..1c7a7debf
--- /dev/null
+++ b/CMake/FindSystemd.cmake
@@ -0,0 +1,24 @@
+# - Try to find SYSTEMD
+# Once done, this will define
+#
+#  SYSTEMD_FOUND - system has SYSTEMD
+#  SYSTEMD_INCLUDE_DIRS - the SYSTEMD include directories
+#  SYSTEMD_LIBRARIES - the SYSTEMD library
+find_package(PkgConfig)
+
+pkg_check_modules(SYSTEMD_PKGCONF libsystemd)
+
+find_path(SYSTEMD_INCLUDE_DIRS
+  NAMES systemd/sd-bus.h
+  PATHS ${SYSTEMD_PKGCONF_INCLUDE_DIRS}
+)
+
+find_library(SYSTEMD_LIBRARIES
+  NAMES systemd
+  PATHS ${SYSTEMD_PKGCONF_LIBRARY_DIRS}
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Systemd DEFAULT_MSG SYSTEMD_INCLUDE_DIRS SYSTEMD_LIBRARIES)
+
+mark_as_advanced(SYSTEMD_INCLUDE_DIRS SYSTEMD_LIBRARIES)
diff --git a/CMake/config.h.in b/CMake/config.h.in
index 74d78fdb2..a9528ccfa 100644
--- a/CMake/config.h.in
+++ b/CMake/config.h.in
@@ -20,6 +20,9 @@
 /* Define if we have the zstd library for zst */
 #cmakedefine HAVE_ZSTD
 
+/* Define if we have the systemd library */
+#cmakedefine HAVE_SYSTEMD
+
 /* Define if we have the udev library */
 #cmakedefine HAVE_UDEV
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 60f329078..500186105 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -115,6 +115,11 @@ if (UDEV_FOUND)
   set(HAVE_UDEV 1)
 endif()
 
+find_package(Systemd)
+if (SYSTEMD_FOUND)
+  set(HAVE_SYSTEMD 1)
+endif()
+
 find_package(Seccomp)
 if (SECCOMP_FOUND)
   set(HAVE_SECCOMP 1)
diff --git a/apt-pkg/CMakeLists.txt b/apt-pkg/CMakeLists.txt
index 64709ce34..ce73c6a34 100644
--- a/apt-pkg/CMakeLists.txt
+++ b/apt-pkg/CMakeLists.txt
@@ -46,6 +46,7 @@ target_include_directories(apt-pkg
${LZ4_INCLUDE_DIRS}
$<$:${ZSTD_INCLUDE_DIRS}>
$<$:${UDEV_INCLUDE_DIRS}>
+   $<$:${SYSTEMD_INCLUDE_DIRS}>
${ICONV_INCLUDE_DIRS}
 )
 
@@ -58,6 +59,7 @@ target_link_libraries(apt-pkg
  ${LZ4_LIBRARIES}
  $<$:${ZSTD_LIBRARIES}>
  $<$:${UDEV_LIBRARIES}>
+ $<$:${SYSTEMD_LIBRARIES}>
  ${ICONV_LIBRARIES}
 )
 set_target_properties(apt-pkg PROPERTIES VERSION ${MAJOR}.${MINOR})
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 0c0cb05ea..4f123491b 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -71,6 +71,9 @@
 #ifdef HAVE_ZSTD
 #include 
 #endif
+#ifdef HAVE_SYSTEMD
+#include 
+#endif
 #include 
 #include 
 
@@ -3393,3 +3396,48 @@ bool OpenConfigurationFileFd(std::string const &File, FileFd &Fd) /*{{{*/
return true;
 }

Bug#926878: Bug

2019-05-06 Thread Paul Gevers
Hi Magnus,

On 05-05-2019 23:42, Magnus Holmgren wrote:
> after some investigation, I believe I have the issues in sa-exim under 
> control. The broken spool files were due to a memory corruption that could 
> easily be worked around. The issue with CHUNKING was mainly that SpamAssassin 
> uses CRLF to terminate header lines when the input message uses CRLF line 
> endings, and the CR needs to be stripped. With this taken care of, I don't 
> think SA-Exim is so buggy that it needs be removed from Debian. It does have 
> a 
> couple of advantages over the built-in spam ACL conditions, as outlined in 
> README.Debian.

I expect that for your package to remain useful the exim maintainers
will have to drop the changes that are currently in unstable, am I
right? Please align that with them.

Also make sure you can help them moving forward with their unblock
request, by making sure your *targeted* fixes are available in unstable.
sa-exim would need to be unblocked first or at the same time, so don't
add unnecessary changes to your package and file an unblock request when
your package lands in unstable.

If your changes are acceptable and accepted your package won't be
dropped from buster, but until that happens, autoremoval may still
remove your package and we may remove your package if fixing it stalls
the release process. Please keep the ball rolling.

Paul



signature.asc
Description: OpenPGP digital signature


Bug#928527: unblock: peek/1.3.1-6

2019-05-06 Thread Boyuan Yang
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock peek 1.3.1-6. This upload fixes https://bugs.debian.org/926386 ,
which caused the application to crash when recording GIF using the
ffmpeg backend.

The full debdiff is pasted here.

--
Thanks,
Boyuan Yang

diff -Nru peek-1.3.1/debian/changelog peek-1.3.1/debian/changelog
--- peek-1.3.1/debian/changelog2019-02-08 13:14:08.0 -0500
+++ peek-1.3.1/debian/changelog2019-05-06 13:27:48.0 -0400
@@ -1,3 +1,10 @@
+peek (1.3.1-6) unstable; urgency=high
+
+  * debian/patches: Add patch 0003 to fix double free crashing when
+passing string array to async function. (Closes: #926386)
+
+ -- Boyuan Yang   Mon, 06 May 2019 13:27:48 -0400
+
 peek (1.3.1-5) unstable; urgency=medium

   * Rebuild for Debian buster.
diff -Nru 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
--- 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
   1969-12-31 19:00:00.0 -0500
+++ 
peek-1.3.1/debian/patches/0003-avoid-double-free-when-passing-string-array-to-async-function.patch
   2019-05-06 13:27:48.0 -0400
@@ -0,0 +1,43 @@
+From: Bernhard Übelacker 
+Date: Mon, 6 May 2019 13:29:50 -0400
+Subject: Avoid double free when passing string array to async function
+
+Bug-Debian: https://bugs.debian.org/926386
+Last-Update: 2019-04-20
+Forwarded: https://github.com/phw/peek/issues/419
+---
+ src/post-processing/ffmpeg-post-processor.vala | 20 
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/post-processing/ffmpeg-post-processor.vala
b/src/post-processing/ffmpeg-post-processor.vala
+index c9727c0..1a3d59c 100644
+--- a/src/post-processing/ffmpeg-post-processor.vala
 b/src/post-processing/ffmpeg-post-processor.vala
+@@ -79,15 +79,19 @@ namespace Peek.PostProcessing {
+ var extension = Utils.get_file_extension_for_format
(config.output_format);
+ var output_file = Utils.create_temp_file (extension);
+
+-string[] args = {
+-  "ffmpeg", "-y",
+-  "-i", input_file.get_path (),
+-  "-i", palette_file.get_path (),
+-  "-filter_complex", "fps=%d,paletteuse".printf (config.framerate)
+-};
+-
+ var argv = new Array ();
+-argv.append_vals (args, args.length);
++
++argv.append_val ("ffmpeg");
++argv.append_val ("-y");
++
++argv.append_val ("-i");
++argv.append_val (input_file.get_path ());
++
++argv.append_val ("-i");
++argv.append_val (palette_file.get_path ());
++
++argv.append_val ("-filter_complex");
++argv.append_val ("fps=%d,paletteuse".printf (config.framerate));
+
+ if (config.output_format == OutputFormat.APNG) {
+   argv.append_val ("-plays");
diff -Nru peek-1.3.1/debian/patches/series peek-1.3.1/debian/patches/series
--- peek-1.3.1/debian/patches/series2019-02-08 13:13:19.0 -0500
+++ peek-1.3.1/debian/patches/series2019-05-06 13:27:48.0 -0400
@@ -1,2 +1,3 @@
 0001-src-Backport-upstream-trunk-code-till-20190121.patch
 0002-appdata-Fix-validation-warning-The-summary-tag-must-.patch
+0003-avoid-double-free-when-passing-string-array-to-async-function.patch



Bug#926594: (no subject)

2019-05-06 Thread Gordon Ball
Since this has been open for a month I have gone ahead and uploaded
5.7.8-1 to unstable, rather than leave the CVEs unfixed there.
Accordingly, please consider this now to be an unblock request.



Re: Handling Japanese new era "令和 (Reiwa)"

2019-05-06 Thread Hideki Yamane
On Tue, 9 Apr 2019 10:18:24 +0900
Hideki Yamane  wrote:
>  I've noticed that Japan renews its era from 平成 (Heisei) to 令和 (Reiwa)
>  (U+32FF) at 1st May and it's necessary to update some packages to deal
>  with it. 

 Status update...

---
needs info
---
 * python
   - https://bugzilla.redhat.com/show_bug.cgi?id=1694518

---
not yet
---
 * openjdk-8: 8u212-b01-2 is NEW
   - https://ftp-master.debian.org/new/openjdk-8_8u212-b01-2.html
   - openjdk-8: Please update to 8u212-b03 to deal with Japanese New ERA "令和 
(Reiwa)"
 https://bugs.debian.org/927857

 * IME (Input Method Editor)
   - anthy: not yet

 * "Natural language processing" Japanese dictionaries
   - juman: not yet
   - ipadic: not yet
   - mecab-ipadic: not yet
   - mecab-jumandic: not yet
   - mecab-naist-jdic: not yet
   - naist-jdic not yet
   - unidic-mecab: not yet

 * poppler-data: upstream have not dealt with it yet


---
done in experimental (= hard to go into buster)
---
 * icu: https://bugs.debian.org/927933


---
done in sid (= needs unblock)
---
 * unicode-data: fixed in unstable 12.1.0~pre1-2
   - 
https://tracker.debian.org/news/1038353/accepted-unicode-data-1210pre1-1-source-all-into-experimental/
   - 
https://tracker.debian.org/news/1038838/accepted-unicode-data-1210pre1-2-source-all-into-unstable/
 + however, it causes some FTBFS and needs patches

 * fonts-ipaexfont: fixed in unstable 00401-1
   - 
https://tracker.debian.org/news/1039012/accepted-fonts-ipaexfont-00401-1-source-into-unstable/

 * openjdk-11: fixed in unstable 11.0.3+7-1 
   - 
https://tracker.debian.org/news/1038318/accepted-openjdk-11-11037-1-source-into-unstable/


---
done for buster
---
 * libreoffice: fixed in buster 1:6.1.5-3 and stretch-backports
   - 
https://tracker.debian.org/news/1037917/accepted-libreoffice-1615-3-source-into-unstable/
   - 
https://tracker.debian.org/news/1038417/accepted-libreoffice-1615-3bpo91-source-into-stretch-backports-backports-policy-stretch-backports/

 * mozc: fixed in buster 2.23.2815.102+dfsg-4
   - 
https://tracker.debian.org/news/1038054/accepted-mozc-2232815102dfsg-4-source-amd64-all-into-unstable/

 * ddskk: fixed in buster 16.2-7
   - 
https://tracker.debian.org/news/1037952/accepted-ddskk-162-7-source-all-into-unstable/

 * skkdic: fixed in buster 20190217-2
   - 
https://tracker.debian.org/news/1037904/accepted-skkdic-20190217-2-source-all-into-unstable/

 * glibc: fixed in unstable 2.28-9
   - 
https://tracker.debian.org/news/1038848/accepted-glibc-228-9-source-into-unstable/
   - unblock request: https://bugs.debian.org/928404

-- 
Regards,

 Hideki Yamane henrich @ debian.org/iijmio-mail.jp



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_armel.changes
  ACCEPT



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_armhf.changes
  ACCEPT



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_all.changes
  ACCEPT



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_amd64.changes
  ACCEPT



Bug#928306: unblock: liblivemedia/2018.11.26-1.1

2019-05-06 Thread Hugo Lefeuvre
Control: tags -1 - moreinfo

> Either way, the diff you attached to this bug look fine, so you can go ahead
> with the upload to unstable and remove the moreinfo tag from this bug once the
> package is in unstable. If you want to add targeted fixes for the two other
> CVEs, you don't need to ask pre-approval for them, you can include them in the
> upload to unstable and send an updated debdiff.

Diff just landed in unstable.

thanks!

cheers,
Hugo

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature


Processed: Re: unblock: liblivemedia/2018.11.26-1.1

2019-05-06 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 - moreinfo
Bug #928306 [release.debian.org] unblock: liblivemedia/2018.11.26-1.1
Removed tag(s) moreinfo.

-- 
928306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928306
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#928395: unblock: apt/1.8.1

2019-05-06 Thread Julian Andres Klode
Control: tags -1 - moreinfo

On Sun, May 05, 2019 at 02:15:00PM +, Niels Thykier wrote:
> Control: tags -1 moreinfo confirmed
> 
> Julian Andres Klode:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package apt
> > 
> > I'd like to add systemd inhibitor support to apt in buster, so people
> > don't shoot each other in the foot, in case one admin reboots a machine
> > while somebody else is installing patches.
> > 
> > The diff is quite small.
> > 
> > I'd also love to smuggle in some additional kernel package names in
> > debian/apt.conf.autoremove - they don't really affect, only Ubuntu - we
> > share the 1.8.y series for like 9 mo, but it's not an invasive change
> > (there's like 0 potential of a regression), I think they are:
> > 
> >   linux-buildinfo
> >   linux-image-unsigned
> >   linux-source
> > 
> > But I have not committed them yet.
> > 
> > unblock apt/1.8.1
> > 
> > [...]
> 
> 
> Hi,
> 
> Please go ahead with the upload and remove the moreinfo tag when it is
> in unstable and ready to be unblocked.

Done.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en



Processed: Re: Bug#928395: unblock: apt/1.8.1

2019-05-06 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 - moreinfo
Bug #928395 [release.debian.org] unblock: apt/1.8.1
Removed tag(s) moreinfo.

-- 
928395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928395
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#928507: unblock: grub2/2.02+dfsg1-18

2019-05-06 Thread Colin Watson
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock grub2 2.02+dfsg1-18.  #927888 is RC; #927269 possibly
should be RC since it entirely breaks one of GRUB's platforms; and
#919915 causes upgrade trouble if you run into it.

(Apologies for the .gitignore/.bzrignore noise, which is the result of
switching to using dgit as of this upload.  But it's easy enough to, er,
ignore.)

I don't remember if it needs to be done separately, but I've included
the -signed versions in this unblock request just in case, since they
should all go in together.

unblock grub2/2.02+dfsg1-18
unblock grub-efi-amd64-signed/1+2.02+dfsg1+18
unblock grub-efi-arm64-signed/1+2.02+dfsg1+18
unblock grub-efi-ia32-signed/1+2.02+dfsg1+18

diff -Nru grub2-2.02+dfsg1/debian/.git-dpm grub2-2.02+dfsg1/debian/.git-dpm
--- grub2-2.02+dfsg1/debian/.git-dpm2019-03-23 13:48:41.0 +
+++ grub2-2.02+dfsg1/debian/.git-dpm2019-05-04 22:58:32.0 +0100
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-3ddfe605a6a472100f529c3d7465bf4eb7fe954d
-3ddfe605a6a472100f529c3d7465bf4eb7fe954d
+9569221816a2a1a832be106440375a612e0121b7
+9569221816a2a1a832be106440375a612e0121b7
 59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
 59aeb1cfaa3d5bfd7bb0f0d37f6d9eed51fe
 grub2_2.02+dfsg1.orig.tar.xz
diff -Nru grub2-2.02+dfsg1/debian/.gitignore grub2-2.02+dfsg1/debian/.gitignore
--- grub2-2.02+dfsg1/debian/.gitignore  1970-01-01 01:00:00.0 +0100
+++ grub2-2.02+dfsg1/debian/.gitignore  2019-05-04 22:58:32.0 +0100
@@ -0,0 +1,110 @@
+*.bash-completion
+*.config
+*.debhelper*
+*.postinst
+*.postrm
+*.preinst
+*.templates
+files
+grub-common
+grub-common.maintscript
+grub-coreboot
+grub-coreboot*.dirs
+grub-coreboot*.install
+grub-coreboot*.links
+grub-coreboot*.maintscript
+grub-coreboot-bin
+grub-coreboot-dbg
+grub-efi
+grub-efi-amd64
+grub-efi-amd64*.dirs
+grub-efi-amd64*.install
+grub-efi-amd64*.links
+grub-efi-amd64*.maintscript
+grub-efi-amd64-bin
+grub-efi-amd64-dbg
+grub-efi-amd64-signed-template
+grub-efi-arm
+grub-efi-arm*.dirs
+grub-efi-arm*.install
+grub-efi-arm*.links
+grub-efi-arm*.maintscript
+grub-efi-arm-bin
+grub-efi-arm-dbg
+grub-efi-arm64
+grub-efi-arm64*.dirs
+grub-efi-arm64*.install
+grub-efi-arm64*.links
+grub-efi-arm64*.maintscript
+grub-efi-arm64-bin
+grub-efi-arm64-dbg
+grub-efi-arm64-signed-template
+grub-efi-ia32
+grub-efi-ia32*.dirs
+grub-efi-ia32*.install
+grub-efi-ia32*.links
+grub-efi-ia32*.maintscript
+grub-efi-ia32-bin
+grub-efi-ia32-dbg
+grub-efi-ia32-signed-template
+grub-efi-ia64
+grub-efi-ia64*.dirs
+grub-efi-ia64*.install
+grub-efi-ia64*.links
+grub-efi-ia64*.maintscript
+grub-efi-ia64-bin
+grub-efi-ia64-dbg
+grub-emu
+grub-emu*.dirs
+grub-emu*.install
+grub-emu*.links
+grub-emu*.maintscript
+grub-emu-dbg
+grub-extras-enabled
+grub-extras/*/conf/*.mk
+grub-firmware-qemu
+grub-ieee1275
+grub-ieee1275*.dirs
+grub-ieee1275*.install
+grub-ieee1275*.links
+grub-ieee1275*.maintscript
+grub-ieee1275-bin
+grub-ieee1275-dbg
+grub-linuxbios
+grub-mount-udeb
+grub-pc
+grub-pc*.dirs
+grub-pc*.install
+grub-pc*.links
+grub-pc*.maintscript
+grub-pc-bin
+grub-pc-dbg
+grub-rescue-pc
+grub-theme-starfield
+grub-uboot
+grub-uboot*.dirs
+grub-uboot*.install
+grub-uboot*.links
+grub-uboot*.maintscript
+grub-uboot-bin
+grub-uboot-dbg
+grub-xen
+grub-xen*.dirs
+grub-xen*.install
+grub-xen*.links
+grub-xen*.maintscript
+grub-xen-bin
+grub-xen-dbg
+grub-xen-host
+grub-yeeloong
+grub-yeeloong*.dirs
+grub-yeeloong*.install
+grub-yeeloong*.links
+grub-yeeloong*.maintscript
+grub-yeeloong-bin
+grub-yeeloong-dbg
+grub2
+grub2-common
+prep-bootdev
+stamps
+tmp-*
diff -Nru grub2-2.02+dfsg1/debian/changelog grub2-2.02+dfsg1/debian/changelog
--- grub2-2.02+dfsg1/debian/changelog   2019-03-23 23:28:17.0 +
+++ grub2-2.02+dfsg1/debian/changelog   2019-05-04 22:58:32.0 +0100
@@ -1,3 +1,24 @@
+grub2 (2.02+dfsg1-18) unstable; urgency=medium
+
+  * Apply patches from Alexander Graf to fix grub-efi-arm crash (closes:
+#927269):
+- arm: Move trampolines into code section
+- arm: Align section alignment with manual relocation offset code
+  * Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work
+around that package shipping colliding configuration file names in
+stretch-backports (closes: #919915).
+  * Apply patch from Peter Jones to forbid the "devicetree" command when
+Secure Boot is enabled (closes: #927888).
+
+ -- Colin Watson   Sat, 04 May 2019 22:58:32 +0100
+
+grub2 (2.02+dfsg1-17) unstable; urgency=medium
+
+  * Make grub-efi-*-bin recommend efibootmgr.  We don't actually use it any
+more, but it's helpful for debugging.
+
+ -- Colin Watson   Mon, 15 Apr 2019 18:38:30 +0100
+
 grub2 (2.02+dfsg1-16) unstable; urgency=medium
 
   * Fix -Wcast-align diagnostics on ARM.
diff -Nru grub2-2.02+dfsg1/debian/control grub2-2.02+dfsg1/debian/control
--- grub2-2.02+dfsg1/debian/control 2019-03-23 13:48:37.

NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_s390x.changes
  ACCEPT



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_i386.changes
  ACCEPT



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_arm64.changes
  ACCEPT



Processed: Re: unblock: salt/2018.3.4+dfsg1-2

2019-05-06 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 - moreinfo
Bug #927348 [release.debian.org] unblock: salt/2018.3.4+dfsg1-4
Removed tag(s) moreinfo.

-- 
927348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#927348: unblock: salt/2018.3.4+dfsg1-2

2019-05-06 Thread Benjamin Drung
Control: tags -1 - moreinfo

Hi,

Am Donnerstag, den 02.05.2019, 21:05 +0200 schrieb Paul Gevers:
> Control: tags -1 moreinfo
> 
> Hi Benjamin,
> 
> On Thu, 18 Apr 2019 13:01:31 +0200 Benjamin Drung
>  wrote:
> > This version fixes the test_xen_virtual test case (bug #922352) and
> > exposes tornado4 as tornado for zmq.eventloop.ioloop (bug #924763).
> > Our
> > salt 2018.3.3+dfsg1-1 package introduced a big patch to use
> > python3-tornado4 (instead of python3-tornado) due to missing
> > support for
> > tornado version 5. Without the fix for #924763,
> > zmq.eventloop.ioloop
> > will import tornado version 5 (if python3-tornado is installed).
> 
> Both bugs have severity normal. Do you really want to bother now or
> is the severity not correct (then please fix that and elaborate)?

Bug #922352 can cause a build failure (and does on Ubuntu). Therefore I
raised it to serious.

Determining the severity of bug #924763 is more complicated. The
reporter stumbled over a warning spit out by salt. The warning message
by itself is more or less harmless, but the underlying problem of the
wrong import might have bad effects. I haven't seen any yet, but they
might be there. IMO we shouldn't release salt with an issue introduced
by one of our patches.

> > I also included fix-various-spelling-mistakes.patch which fixes
> > several
> > spelling mistakes. Because this patch file is long, I excluded it
> > from the
> > attached debdiff.
> 
> Bugs can be introduced that way. I am not going to review that diff,
> fixing spelling mistakes at this moment isn't appropriate unless
> these mistakes are crucial somewhere.

I can drop that patch again when this is the only blocker for getting
the unblock request accepted.

> > This version also switches from the a pre-release git snapshot to
> > the
> > official 2018.3.4 release. The only difference between this
> > snapshot and
> > the release are two commits ("Fix ssh on Windows" and "Update url
> > to
> > libsodium for mac builds") and that the release tarball ships less
> > files
> > than what can be found in git.
> 
> If that was all (salt/modules/ssh.py and
> tests/integration/modules/test_ssh.py), I could except it. But with
> less files, there is also a changes that ...

All previous upstream releases like 2017.7.3, 2017.7.2, and so on did
not contain these additional files that the git snapshot
2018.3.4~git20180207 contained. All these additional, auxiliary files
are not needed for the installation. I should have used the upstream
method to create the release tarball instead of using "git archive"
when creating the 2018.3.4~git20180207 tarball.

> > For that reason, the attached debdiff is created with this command:
> > 
> > debdiff --exclude fix-various-spelling-mistakes.patch
> > salt_2018.3.4~git20180207+dfsg1-1.dsc salt_2018.3.4+dfsg1-2.dsc |
> > filterdiff -i '*/debian/*' -i '*/tests/*/test_ssh.py' -i
> > '*/salt/modules/ssh.py' -i '*/pkg/osx/build_env.sh' >
> > salt_2018.3.4+dfsg1-2.debdiff
> > 
> > Alternatively this more simple git diff command could be used:
> > 
> > git diff --diff-filter=ACM
> > debian/2018.3.4_git20180207+dfsg1-1..debian/2018.3.4+dfsg1-2
> > 
> > You can also look at all the individual commits on salsa:
> > https://salsa.debian.org/salt-team/salt/compare/debian%2F2018.3.4_git20180207+dfsg1-1...debian%2F2018.3.4+dfsg1-2
> > 
> > All 7575 unittest succeeded and I successfully tested this new salt
> > version on Debian unstable with our production environment setup
> > (running the highstate on a salt minion connected to the salt
> > master).
> > 
> > unblock salt/2018.3.4+dfsg1-2
> 
> You didn't even elaborate on all the (at this phase of the release
> inappropriate) changes to the packaging. There is even a newer
> version
> than the one you already mention in a follow up in this bug.

Which changes to the packaging do you refer to?

Running the tests with LC_ALL=C.UTF-8 fixes a build failure in case the
building machine uses an ANSII locale, which would be worth another RC
bug report.

Upload 2018.3.4+dfsg1-3 repairs the documentation in salt-doc. It
ensures that the pre-built minified Javascript and CSS files are not
leaked into the salt-doc binary package and that all created symlink
are correct. Before this version, salt-doc contained broken symlinks
and the search did not work.

systemd 241 broke salt. Upload 2018.3.4+dfsg1-4 fixes that. There were
no bug report opened for it, but it would be worth one RC bug.

The newly opened RC bug #928337 was fixed in 2018.3.4+dfsg1-5.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet



NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_ppc64el.changes
  ACCEPT



Bug#928502: unblock: notmuch/0.28.4-1

2019-05-06 Thread David Bremner
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please unblock package notmuch

This release fixes a bug discovered by Rob Browning. The version of
notmuch in testing will report an error and exit with status 1 (after
generating the correct output) if the input for "notmuch show
- --format=raw" is a multiple of 4096 bytes. This seems at least
severity important since it breaks people's scripts.

There's one line of code change, to notmuch-show.c. There is some new
tests, which could be disabled if that seemed safer/better.

diff -Nru notmuch-0.28.3/bindings/python/notmuch/version.py 
notmuch-0.28.4/bindings/python/notmuch/version.py
- --- notmuch-0.28.3/bindings/python/notmuch/version.py 2019-03-05 
21:46:41.0 -0400
+++ notmuch-0.28.4/bindings/python/notmuch/version.py   2019-05-05 
08:09:30.0 -0300
@@ -1,3 +1,3 @@
 # this file should be kept in sync with ../../../version
- -__VERSION__ = '0.28.3'
+__VERSION__ = '0.28.4'
 SOVERSION = '5'
diff -Nru notmuch-0.28.3/debian/changelog notmuch-0.28.4/debian/changelog
- --- notmuch-0.28.3/debian/changelog   2019-03-05 15:39:09.0 -0400
+++ notmuch-0.28.4/debian/changelog 2019-05-05 08:08:56.0 -0300
@@ -1,3 +1,12 @@
+notmuch (0.28.4-1) unstable; urgency=medium
+
+  * New upstream bugfix release
+  * Fix for bug in 'notmuch show --raw' that causes spurious errors to be
+reported when the mail file is a multiple of the libc buffer size
+(e.g. 4096 bytes).
+
+ -- David Bremner   Sun, 05 May 2019 08:08:56 -0300
+
 notmuch (0.28.3-1) unstable; urgency=medium
 
   * New upstream bugfix release.
diff -Nru notmuch-0.28.3/NEWS notmuch-0.28.4/NEWS
- --- notmuch-0.28.3/NEWS   2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/NEWS 2019-05-05 08:09:30.0 -0300
@@ -1,3 +1,12 @@
+Notmuch 0.28.4 (2019-05-05)
+===
+
+Command line interface
+--
+
+Fix a spurious error when using `notmuch show --raw` on messages whose
+size is a multiple of the internal buffer size.
+
 Notmuch 0.28.3 (2019-03-05)
 ===
 
diff -Nru notmuch-0.28.3/notmuch-show.c notmuch-0.28.4/notmuch-show.c
- --- notmuch-0.28.3/notmuch-show.c 2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/notmuch-show.c   2019-05-05 08:09:30.0 -0300
@@ -851,7 +851,7 @@
return NOTMUCH_STATUS_FILE_ERROR;
}
 
- - if (fwrite (buf, size, 1, stdout) != 1) {
+   if (size > 0 && fwrite (buf, size, 1, stdout) != 1) {
fprintf (stderr, "Error: Write failed\n");
fclose (file);
return NOTMUCH_STATUS_FILE_ERROR;
diff -Nru notmuch-0.28.3/test/T210-raw.sh notmuch-0.28.4/test/T210-raw.sh
- --- notmuch-0.28.3/test/T210-raw.sh   2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/test/T210-raw.sh 2019-05-05 08:09:30.0 -0300
@@ -30,4 +30,38 @@
 
 This is just a test message (#2)"
 
+test_python < 0:
+line = '.' * min(padding, 72)
+lines.append(line)
+padding = padding - len(line) - 1
+content ='\n'.join(lines)
+msg.set_content(content)
+with open('mail/size-{:07d}'.format(size), 'wb') as f:
+f.write(bytes(msg))
+EOF
+
+notmuch new --quiet
+
+for pow in {10..20}; do
+printf -v size "%07d" $((2**$pow))
+test_begin_subtest "content, message of size $size"
+notmuch show --format=raw subject:$size > OUTPUT
+test_expect_equal_file mail/size-$size OUTPUT
+test_begin_subtest "return value, message of size $size"
+test_expect_success  "notmuch show --format=raw subject:$size > /dev/null"
+done
+
 test_done
diff -Nru notmuch-0.28.3/.travis.yml notmuch-0.28.4/.travis.yml
- --- notmuch-0.28.3/.travis.yml2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/.travis.yml  2019-05-05 08:09:30.0 -0300
@@ -1,7 +1,6 @@
 language: c
 
- -dist: trusty
- -sudo: false
+dist: xenial
 
 addons:
   apt:
diff -Nru notmuch-0.28.3/version notmuch-0.28.4/version
- --- notmuch-0.28.3/version2019-03-05 21:46:41.0 -0400
+++ notmuch-0.28.4/version  2019-05-05 08:09:30.0 -0300
@@ -1 +1 @@
- -0.28.3
+0.28.4


unblock notmuch/0.28.4-1

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-proposed-updates-debug'), 
(500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlzQCYYACgkQ8gKXHaSn
niymjwv+LQUpZ7UW

Bug#928501: unblock: teeworlds/0.7.2-5

2019-05-06 Thread Dylan Aïssi
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,
Please unblock package teeworlds.

  * Add upstream patches to fix CVE-2019-10877 CVE-2019-10878
CVE-2019-10879 (Closes: #927152).
  * Add upstream patch to fix creation of recursive path. (Closes: #928110)

Thanks.
Best,
Dylan


teeworlds_0.7.2-5.debdiff
Description: Binary data


NEW changes in stable-new

2019-05-06 Thread Debian FTP Masters
Processing changes file: firefox-esr_60.6.2esr-1~deb9u1_source.changes
  ACCEPT