Bug#931659: transition: rm python2

[Scott Kitterman]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

The Debian Python teams are working to push early for reduction/removal
of our python(2) packages with the goal of releasing bullseye with
python3 only.  is_bad includes all the binaries in python-defaults and
python2.7 source packages.

A transition tracker would help us track the work.

Scott K

Ben file:

title = "python-defaults";
is_affected = .depends ~ 
/python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg/
 | .depends ~ "''";
is_good = .depends ~ "''";
is_bad = .depends ~ 
/python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg/;

Thawing bullseye

[Jonathan Wiltshire]

I have lifted the freeze on testing, so the first set of migrations to
bullseye will take place very shortly.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Re: Bits from the Release Team: ride like the wind, Bullseye!

[Matthias Klose]

> No binary maintainer uploads for bullseye
> =
> 
> The release of buster also means the bullseye release cycle is about to begin.
> From now on, we will no longer allow binaries uploaded by maintainers to
> migrate to testing. This means that you will need to do source-only uploads if
> you want them to reach bullseye.

[...]

>   Q: I needed to do a binary upload because my upload went to the NEW queue,
>  do I need to do a new (source-only) upload for it to reach bullseye?
>   A: Yes. We also suggest going through NEW in experimental instead of 
> unstable
>  where possible, to avoid disruption in unstable.

I think this is bad advice, because with long running builds, you'll get stuck
in NEW twice, once doing the upload in experimental, and then doing the source
only upload to unstable, because your binary packages got already removed, and
the builds from the buildds land in NEW again.  So if you want to enforce that,
it would be better to avoid that extra work on the FTP team, and the package
uploaders.

Matthias

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: python-django_1.10.7-2+deb9u5_amd64.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_source.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_amd64+buildd.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_arm64.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_armel.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_armhf.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_i386.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_mips.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_mips64el.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_mipsel.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_ppc64el.changes
  ACCEPT
Processing changes file: zeromq3_4.2.1-4+deb9u2_s390x.changes
  ACCEPT

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 931358 - moreinfo
Bug #931358 [release.debian.org] buster-pu (pre-approval): 
musescore/2.3.2+dfsg2-7~deb10u1
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
931358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931358
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931603: marked as done (stretch-pu: package puppet-module-cinder/13.1.0-3+deb10u1)

[Debian Bug Tracking System]

Your message dated Mon, 8 Jul 2019 15:03:19 +0200
with message-id <9bf89519-d553-6fe3-c3a9-8d32e9595...@debian.org>
and subject line Closing this one
has caused the Debian Bug report #931603,
regarding stretch-pu: package puppet-module-cinder/13.1.0-3+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931603
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

While puppet-module-cinder works well if using the LVM backend, I discovered
that it fails in Buster when using Ceph, because it tries to write in
/etc/init (and upstart is gone...). The attached debdiff fixes it. Please
allow me to upload this fix to Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru puppet-module-cinder-13.1.0/debian/changelog 
puppet-module-cinder-13.1.0/debian/changelog
--- puppet-module-cinder-13.1.0/debian/changelog2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/changelog2019-07-04 
14:59:42.0 +0200
@@ -1,3 +1,9 @@
+puppet-module-cinder (13.1.0-3+deb10u1) buster; urgency=medium
+
+  * Add missing Ceph patch: Do_not_attempt_to_write_in_etc_init.patch.
+
+ -- Thomas Goirand   Thu, 04 Jul 2019 14:59:42 +0200
+
 puppet-module-cinder (13.1.0-3) unstable; urgency=medium
 
   * Add 0001-Add-File.expand_path-to-cinder.rb.patch.
diff -Nru 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
--- 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
1970-01-01 01:00:00.0 +0100
+++ 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
2019-07-04 14:59:42.0 +0200
@@ -0,0 +1,29 @@
+Description: Do not attempt to write in /etc/init
+ manifests/backend/rbd.pp attempts to write in /etc/init, when
+ upstart has long gone. The result is that it just fails to run.
+ So let's remove this, as it's broken.
+From: Thomas Goirand 
+Date: Sat, 13 Apr 2019 21:34:37 +0200
+Change-Id: I7666c775f4d269f214d3f853e56d0eb076834164
+Forwarded: https://review.openstack.org/#/c/652209/
+Last-Update: 2019-04-13
+
+Index: puppet-module-cinder/manifests/backend/rbd.pp
+===
+--- puppet-module-cinder.orig/manifests/backend/rbd.pp
 puppet-module-cinder/manifests/backend/rbd.pp
+@@ -144,14 +144,4 @@ define cinder::backend::rbd (
+   fail("unsupported osfamily ${::osfamily}, currently Debian and Redhat 
are the only supported platforms")
+ }
+   }
+-
+-  # Creates an empty file if it doesn't yet exist
+-  ensure_resource('file', $::cinder::params::ceph_init_override, {'ensure' => 
'present'})
+-
+-  file_line { "set initscript env ${name}":
+-line   => $override_line,
+-path   => $::cinder::params::ceph_init_override,
+-notify => Anchor['cinder::service::begin'],
+-  }
+-
+ }
diff -Nru puppet-module-cinder-13.1.0/debian/patches/series 
puppet-module-cinder-13.1.0/debian/patches/series
--- puppet-module-cinder-13.1.0/debian/patches/series   2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/patches/series   2019-07-04 
14:59:42.0 +0200
@@ -1 +1,2 @@
 0001-Add-File.expand_path-to-cinder.rb.patch
+Do_not_attempt_to_write_in_etc_init.patch
--- End Message ---
--- Begin Message ---
This is a duplicate of #931616, which is opened with the correct tags
and subject. So I'm closing this one.

Sorry for the mess, though since I fixed reportbug (and opened a bug
with the matching patch), this wont happen again (my laptop already has
the patched reportbug version:) ).

Cheers,

Thomas Goirand (zigo)--- End Message ---

Bug#931629: nmu: rebuild packages for binutils 2.32.51.x

[Matthias Klose]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Please binNUM these packages for the recent binutils upload to unstable:

boinc-app-eah-brp 0.20170426+dfsg-10
naev 0.7.0-2
tulip 4.8.0dfsg-2
wcc 0.0.2+dfsg-3 (amd64 only)

Re: Applying Dovecot for a large / deep folder-hierarchy archive - BUG REPORTS!

[Arnold Opio Oree]

Hello Aki,

Thanks for looking into these.

I will as requested attempt the relevant procedures under Dovecot
2.3.6.

To make the test fair, I will need to fork the relevant production
groupware stack (which is now stable and in operation, with our
enterprise (email) data successfully migrated from Microsoft Exchange)
to a new staging server; given that the current staging server is now
of a materially different configuration to the production server (where
the most controlled observations of these bugs were made).

Kindly give me some time, as I have an urgent internal openstack
deployment project to kick-off, that has been delayed by an overrun of
this internal groupware stack deployment project.

Best regards,

Arnold Opio Oree
Chief Executive Officer
Parallax Digital Technologies

arnoldo...@parallaxdt.com

http://www.parallaxdt.com

tel : +44 (0) 333 577 8587
fax : +44 (0) 20 8711 2477

Parallax Digital Technologies is a trading name of Parallax Global
Limited. U.K. Co. No. 08836288

The contents of this e-mail are confidential. If you are not the
intended recipient you are to delete this e-mail immediately, disregard
its contents and disclose them to no other persons.


-Original Message-
From: Aki Tuomi via dovecot 
Reply-To: Aki Tuomi 
To: arnoldo...@parallaxict.com, Arnold Opio Oree <
arnold.o...@parallaxict.com>, Arnold Opio Oree via dovecot <
dove...@dovecot.org>
Cc: debian-release@lists.debian.org
Subject: Re: Applying Dovecot for a large / deep folder-hierarchy
archive - BUG REPORTS!
Date: Mon, 8 Jul 2019 08:48:08 +0300 (EEST)

Hi!

Thank you for reporting these. We will look into them. In the mean
time, can you see if any of these are fixed in 2.3.6?

Aki
> On 07/07/2019 18:12 Arnold Opio Oree via dovecot  > wrote:
> 
> 
> Dovecot Team,
> 
> I'd like to report a number of bugs, that are to my view all
> critical.
> 
> System: Replicated on multiple Debian 10 (Buster) systems
> Dovecot Version(s): 2.3.4.1
> 
> doveadm-sync -1/general
> 
> 1) If DIRNAMEs are not different between command line and
> mail_location doveadm sync will fail, saying that the source and
> destination directories are the same
> 
> 2) The -n / -N flags do not work, and a sync will fail strangely if
> location is specified in the namespace definition
> 
> 3) Adds mbox to path name under mailbox directory (where syncing from
> an mbox source)
> 
> 4) Not having the mailboxes at source named the same as those at
> destination causes errors and partial sync 
> 
> 5) Not having the target mailboxes formatted to receive the sync
> (//DIRNAME/) will cause sync errors.
> 
> doveadm-sync
> 
> 1) With large synchronizations UIDs are corrupted where multiple
> syncs are executed and the program can no longer synchronize
> 
> dovecot
> 
> 1) Panics and fails to expand ~ to user home: observed cases are
> where multiple namespaces are being used
> 
> Please let me know if you need me to elaborate or to provide any
> further information that you may need to replicate the bugs, or if I
> can help in any other way.
> 
> With regards to the last error that I requested help on i.e.
> \Noselect. This has been resolved more-or-less by the workarounds
> that I have implemented for the bugs reported above.
> 
> I have seen a number of threads whilst researching the \Noselect
> issue where people have been very confused. My finding was that
> \Noselect is a function of the IMAP specification server-side
> implementation RFC3501 ( 
> https://tools.ietf.org/html/rfc3501#section-6.3.6). And for me the
> server was returning directories with \Noselect because the mailboxes
> were malformed on account of dovadm-sync errors. In order to fix this
> I formed a bash command to transverse the mailbox hierarchy and
> create the missing folders critical to the sdbox format, namely
> DIRNAME.
> 
> Kind regards,
> 
> Arnold Opio Oree
> Chief Executive Officer
> Parallax Digital Technologies
> 
> arnoldo...@parallaxdt.com
> 
> http://www.parallaxdt.com
> 
> tel : +44 (0) 333 577 8587
> fax : +44 (0) 20 8711 2477
> 
> Parallax Digital Technologies is a trading name of Parallax Global
> Limited. U.K. Co. No. 08836288
> 
> The contents of this e-mail are confidential. If you are not the
> intended recipient you are to delete this e-mail immediately,
> disregard its contents and disclose them to no other persons.
> 
> -Original Message-
> From: Arnold Opio Oree via dovecot < dove...@dovecot.org>
> Reply-To: arnoldo...@parallaxict.com, Arnold Opio Oree < 
> arnold.o...@parallaxict.com>
> To: dove...@dovecot.org
> Cc: r...@sys4.de, aki.tu...@open-xchange.com
> Subject: Re: Applying Dovecot for a large / deep folder-hierarchy
> archive.
> Date: Thu, 04 Jul 2019 14:52:28 +0100
> 
> 
> Hi all,
> 
> The guidance provided so far has been really helpful, and has helped
> a great deal to bringing down wasted energy on finding and executing
> a viable path. I am now at the final due action to complete our
> Dovecot application to our use-case, but am 

NEW queue and src-only uploads [Re: Bits from the Release Team: ride like the wind, Bullseye!]

[Michael Biebl]

Am 07.07.19 um 15:43 schrieb Ben Hutchings:
> On Sun, 2019-07-07 at 02:47 +0100, Jonathan Wiltshire wrote:
> [...]
>> No binary maintainer uploads for bullseye
>> =
>>
>> The release of buster also means the bullseye release cycle is about to 
>> begin.
>> From now on, we will no longer allow binaries uploaded by maintainers to
>> migrate to testing. This means that you will need to do source-only uploads 
>> if
>> you want them to reach bullseye.
> 
> I support this move in principle, but:
> 
>>   Q: I already did a binary upload, do I need to do a new (source-only) 
>> upload?
>>   A: Yes (preferably with other changes, not just a version bump).
>>
>>   Q: I needed to do a binary upload because my upload went to the NEW queue,
>>  do I need to do a new (source-only) upload for it to reach bullseye?
>>   A: Yes. We also suggest going through NEW in experimental instead of 
>> unstable
>>  where possible, to avoid disruption in unstable.
> [...]
> 
> This is not going to fly for src:linux.  We can't stage ABI bumps in
> experimental as we typically have a different upstream versions in
> unstable and experimental.  We even need to do ABI bumps in stable from
> time to time.
> 
> I think that the requirement to upload binary packages for binary-NEW
> (but not source-NEW) needs to go.

I would go even further and drop the (manual) NEW queue for  binary-NEW
packages.
Is there a good reason why new binary packages need manual processing by
the FTP team? Couldn't this be fully automated?

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#912784: stretch-pu: package davix/0.6.4-1.1+deb9u1

[Mattias Ellert]

mån 2019-07-08 klockan 12:04 +0200 skrev Julien Cristau:
> On Mon, Jul  8, 2019 at 11:54:18 +0200, Mattias Ellert wrote:
> 
> > > Sorry for not getting back to you again sooner.
> > > 
> > > The bug fix sounds OK. What's the d/rules change about? It's not
> > > mentioned in the changelog.
> > > 
> > > + rm -rf debian/tmp/usr/share/doc/davix/html/.doctrees
> > > 
> > > Regards,
> > > 
> > > Adam
> > 
> > Sorry for the delay. This is due to lintian.
> > 
> > $ lintian-info -t package-contains-python-doctree-file
> > W: package-contains-python-doctree-file
> > N:
> > N:   This package appears to contain a pickled cache of
> > reStructuredText
> > N:   (*.rst) documentation in a .doctree file.
> > N:   
> > N:   These are not needed to display the documentation correctly
> > and as
> > N:   they can contain absolute build paths can affect the
> > reproducibility
> > N:   of the package.
> > N:   
> > N:   Either prevent the installation of the .doctree file (or
> > parent
> > N:   doctrees directory if there is one) or pass the -d option to
> > N:   sphinx-build(1) to create the caches elsewhere.
> > 
> That doesn't sound needed nor indeed appropriate for a stable update.
> 
> Cheers,
> Julien

Please elaborate.
Should I interpret your comment as a rejection unless that line is
removed, or was this an invitation for me to argue in favour of it.
I can't see how removing some unwanted files from the documentation
package could be inappropriate.

Mattias



smime.p7s
Description: S/MIME cryptographic signature

Bug#912784: stretch-pu: package davix/0.6.4-1.1+deb9u1

[Julien Cristau]

On Mon, Jul  8, 2019 at 11:54:18 +0200, Mattias Ellert wrote:

> > Sorry for not getting back to you again sooner.
> > 
> > The bug fix sounds OK. What's the d/rules change about? It's not
> > mentioned in the changelog.
> > 
> > +   rm -rf debian/tmp/usr/share/doc/davix/html/.doctrees
> > 
> > Regards,
> > 
> > Adam
> 
> Sorry for the delay. This is due to lintian.
> 
> $ lintian-info -t package-contains-python-doctree-file
> W: package-contains-python-doctree-file
> N:
> N:   This package appears to contain a pickled cache of reStructuredText
> N:   (*.rst) documentation in a .doctree file.
> N:   
> N:   These are not needed to display the documentation correctly and as
> N:   they can contain absolute build paths can affect the reproducibility
> N:   of the package.
> N:   
> N:   Either prevent the installation of the .doctree file (or parent
> N:   doctrees directory if there is one) or pass the -d option to
> N:   sphinx-build(1) to create the caches elsewhere.
> 
That doesn't sound needed nor indeed appropriate for a stable update.

Cheers,
Julien

Bug#912784: stretch-pu: package davix/0.6.4-1.1+deb9u1

[Mattias Ellert]

lör 2019-04-20 klockan 11:27 +0100 skrev Adam D. Barratt:
> On Tue, 2019-01-08 at 09:50 +0100, Mattias Ellert wrote:
> > Davix implements (among other things) a client to a gridsite
> > > service
> > (a
> > SOAP web service based file server protocol). It queries the server
> > for
> > what version it is running in order to know which credential
> > delegation
> > method to use.
> > 
> > The old code used the "getVersion" call to get the version, which
> > returns the software version of the server. However, there exists
> > several different implementations of the server, so the version of
> > the
> > server software is not indicative on what credential delegation
> > method
> > it implements.
> > 
> > What determines which delegation method to use is the interface
> > version implemented by the server, not the version number of the
> > server software. By using the getInterfaceVersion call instead the
> > davix client will use the correct delegation method.
> > 
> > https://its.cern.ch/jira/browse/DMC-1047
> > 
> 
> Sorry for not getting back to you again sooner.
> 
> The bug fix sounds OK. What's the d/rules change about? It's not
> mentioned in the changelog.
> 
> + rm -rf debian/tmp/usr/share/doc/davix/html/.doctrees
> 
> Regards,
> 
> Adam

Sorry for the delay. This is due to lintian.

$ lintian-info -t package-contains-python-doctree-file
W: package-contains-python-doctree-file
N:
N:   This package appears to contain a pickled cache of reStructuredText
N:   (*.rst) documentation in a .doctree file.
N:   
N:   These are not needed to display the documentation correctly and as
N:   they can contain absolute build paths can affect the reproducibility
N:   of the package.
N:   
N:   Either prevent the installation of the .doctree file (or parent
N:   doctrees directory if there is one) or pass the -d option to
N:   sphinx-build(1) to create the caches elsewhere.

Mattias



smime.p7s
Description: S/MIME cryptographic signature

Bug#931616: buster-pu: package puppet-module-cinder/13.1.0-3+deb10u1

[Thomas Goirand]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

It looks like the bug I opened isn't there, so I'm reporting this again,
sorry if there's twice the same p-u bug.

Please allow me to fix puppet-module-cinder in Buster. The attached debdiff
shows that, when using the CEPH backend, puppet-cinder attemps to write in
/etc/init, which fails since we don't have this upstart folder anymore.
I failed to see this bug until I attempted to add a CEPH backend (instead
of the "regular" LVM backend) in my cluster.

Debdiff attached.

Cheers,

Thomas Goirand (zigo)
diff -Nru puppet-module-cinder-13.1.0/debian/changelog 
puppet-module-cinder-13.1.0/debian/changelog
--- puppet-module-cinder-13.1.0/debian/changelog2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/changelog2019-07-04 
14:59:42.0 +0200
@@ -1,3 +1,9 @@
+puppet-module-cinder (13.1.0-3+deb10u1) buster; urgency=medium
+
+  * Add missing Ceph patch: Do_not_attempt_to_write_in_etc_init.patch.
+
+ -- Thomas Goirand   Thu, 04 Jul 2019 14:59:42 +0200
+
 puppet-module-cinder (13.1.0-3) unstable; urgency=medium
 
   * Add 0001-Add-File.expand_path-to-cinder.rb.patch.
diff -Nru 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
--- 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
1970-01-01 01:00:00.0 +0100
+++ 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
2019-07-04 14:59:42.0 +0200
@@ -0,0 +1,29 @@
+Description: Do not attempt to write in /etc/init
+ manifests/backend/rbd.pp attempts to write in /etc/init, when
+ upstart has long gone. The result is that it just fails to run.
+ So let's remove this, as it's broken.
+From: Thomas Goirand 
+Date: Sat, 13 Apr 2019 21:34:37 +0200
+Change-Id: I7666c775f4d269f214d3f853e56d0eb076834164
+Forwarded: https://review.openstack.org/#/c/652209/
+Last-Update: 2019-04-13
+
+Index: puppet-module-cinder/manifests/backend/rbd.pp
+===
+--- puppet-module-cinder.orig/manifests/backend/rbd.pp
 puppet-module-cinder/manifests/backend/rbd.pp
+@@ -144,14 +144,4 @@ define cinder::backend::rbd (
+   fail("unsupported osfamily ${::osfamily}, currently Debian and Redhat 
are the only supported platforms")
+ }
+   }
+-
+-  # Creates an empty file if it doesn't yet exist
+-  ensure_resource('file', $::cinder::params::ceph_init_override, {'ensure' => 
'present'})
+-
+-  file_line { "set initscript env ${name}":
+-line   => $override_line,
+-path   => $::cinder::params::ceph_init_override,
+-notify => Anchor['cinder::service::begin'],
+-  }
+-
+ }
diff -Nru puppet-module-cinder-13.1.0/debian/patches/series 
puppet-module-cinder-13.1.0/debian/patches/series
--- puppet-module-cinder-13.1.0/debian/patches/series   2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/patches/series   2019-07-04 
14:59:42.0 +0200
@@ -1 +1,2 @@
 0001-Add-File.expand_path-to-cinder.rb.patch
+Do_not_attempt_to_write_in_etc_init.patch

Bug#931615: buster-pu: package python-autobahn/17.10.1+dfsg1-3+deb10u1

[Thomas Goirand]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

Please accept the update of python-autobahn fixing a problem in the
(build-)dependencies. Debdiff attached.

Cheers,

Thomas Goirand (zigo)
diff -Nru python-autobahn-17.10.1+dfsg1/debian/changelog 
python-autobahn-17.10.1+dfsg1/debian/changelog
--- python-autobahn-17.10.1+dfsg1/debian/changelog  2018-07-10 
09:02:46.0 +0200
+++ python-autobahn-17.10.1+dfsg1/debian/changelog  2019-07-08 
11:42:44.0 +0200
@@ -1,3 +1,9 @@
+python-autobahn (17.10.1+dfsg1-3+deb10u1) buster; urgency=medium
+
+  * Fix (build-)dependency on pyqrcode instead of qrcode (Closes: #931612).
+
+ -- Thomas Goirand   Mon, 08 Jul 2019 11:42:44 +0200
+
 python-autobahn (17.10.1+dfsg1-3) unstable; urgency=medium
 
   * Fixed upstream VCS URL in debian/rules.
diff -Nru python-autobahn-17.10.1+dfsg1/debian/control 
python-autobahn-17.10.1+dfsg1/debian/control
--- python-autobahn-17.10.1+dfsg1/debian/control2018-07-10 
09:02:46.0 +0200
+++ python-autobahn-17.10.1+dfsg1/debian/control2019-07-08 
11:42:44.0 +0200
@@ -23,7 +23,7 @@
  python-nacl,
  python-openssl,
  python-pytest,
- python-qrcode,
+ python-pyqrcode,
  python-service-identity,
  python-six,
  python-snappy,
@@ -43,7 +43,7 @@
  python3-nacl,
  python3-openssl,
  python3-pytest,
- python3-qrcode,
+ python3-pyqrcode,
  python3-service-identity,
  python3-six,
  python3-snappy,
@@ -68,7 +68,7 @@
  python-lz4,
  python-nacl,
  python-openssl,
- python-qrcode,
+ python-pyqrcode,
  python-service-identity,
  python-six,
  python-snappy,
@@ -102,7 +102,7 @@
  python3-lz4,
  python3-nacl,
  python3-openssl,
- python3-qrcode,
+ python3-pyqrcode,
  python3-service-identity,
  python3-six,
  python3-snappy,

Processed: reopen 931608

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 931608
Bug #931608 {Done: Thomas Goirand } [release.debian.org] 
buster-pu: package cloudkitty/8.0.0-4
Bug reopened
Ignoring request to alter fixed versions of bug #931608 to the same values 
previously set
> retitle 931608 buster-pu: package cloudkitty/8.0.0-4+deb10u1
Bug #931608 [release.debian.org] buster-pu: package cloudkitty/8.0.0-4
Changed Bug title to 'buster-pu: package cloudkitty/8.0.0-4+deb10u1' from 
'buster-pu: package cloudkitty/8.0.0-4'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
931608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931606: marked as done (buster-pu: package cloudkitty/8.0.0-4+deb10u1)

[Debian Bug Tracking System]

Your message dated Mon, 8 Jul 2019 11:09:37 +0200
with message-id <8a603844-44be-ac2b-83e8-b453ded8b...@debian.org>
and subject line Closing this one
has caused the Debian Bug report #931606,
regarding buster-pu: package cloudkitty/8.0.0-4+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931606: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931606
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

Cloudkitty FTBFS is fixed with the attached debdiff.
Please allow me to upload this to Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru cloudkitty-8.0.0/debian/changelog cloudkitty-8.0.0/debian/changelog
--- cloudkitty-8.0.0/debian/changelog   2019-01-24 14:45:39.0 +0100
+++ cloudkitty-8.0.0/debian/changelog   2019-06-28 15:01:45.0 +0200
@@ -1,3 +1,11 @@
+cloudkitty (8.0.0-4+deb10u1) buster; urgency=medium
+
+  * Add upstream patch to fix FTBFS after we updated SQLAlchemy to fix
+CVE-2019-7164 CVE-2019-7548 (SQL injection) (see debian bug 922669 and
+929321 for more info) (Closes: #930996).
+
+ -- Thomas Goirand   Fri, 28 Jun 2019 15:01:45 +0200
+
 cloudkitty (8.0.0-4) unstable; urgency=medium
 
   * Correct default path to metrics.yml in [collect]/metrics_conf.
diff -Nru 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch
--- cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
1970-01-01 01:00:00.0 +0100
+++ cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
2019-06-28 15:01:45.0 +0200
@@ -0,0 +1,39 @@
+Description: Fix sqlalchemy grouping on v1 storage (Fixes FTBFS in Buster)
+ This fixes "CompileError: Can't resolve label reference for
+ ORDER BY / GROUP BY." error messages raised by sqlalchemy when the groupby
+ expression includes a comma.
+Author: Luka Peschke 
+Date: Tue, 4 Jun 2019 15:21:05 +0200
+Change-Id: Ia253175b45b8222aaee415ea535fa4102312be5a
+Bug-Debian: https://bugs.debian.org/930996
+Origin: upstream, https://review.opendev.org/668120
+Last-Update: 2019-06-28
+
+diff --git a/cloudkitty/storage/v1/sqlalchemy/__init__.py 
b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+index 77403e3..7b56da6 100644
+--- a/cloudkitty/storage/v1/sqlalchemy/__init__.py
 b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+@@ -127,7 +127,7 @@ class SQLAlchemyStorage(storage.BaseStorage):
+ self.frame_model.end <= end,
+ self.frame_model.res_type != '_NO_DATA_')
+ if groupby:
+-q = q.group_by(groupby)
++q = q.group_by(sqlalchemy.sql.text(groupby))
+ 
+ # Order by sum(rate)
+ q = q.order_by(sqlalchemy.func.sum(self.frame_model.rate))
+diff --git a/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml 
b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+new file mode 100644
+index 000..02c1e4d
+--- /dev/null
 b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+@@ -0,0 +1,6 @@
++---
++fixes:
++  - |
++``CompileError: Can't resolve label reference for ORDER BY / GROUP BY.``
++errors that were sometimes raised by SQLAlchemy when using the v1 storage
++backend and grouping on ``tenant_id`` and ``res_type`` have been fixed.
+-- 
+2.7.4
+
diff -Nru cloudkitty-8.0.0/debian/patches/series 
cloudkitty-8.0.0/debian/patches/series
--- cloudkitty-8.0.0/debian/patches/series  2019-01-24 14:45:39.0 
+0100
+++ cloudkitty-8.0.0/debian/patches/series  2019-06-28 15:01:45.0 
+0200
@@ -1,3 +1,4 @@
 allow-any-sqla-version.patch
 missing-files.patch
 remove-mathjax-extention-from-sphinx-doc.patch
+Fix_sqlalchemy_grouping_on_v1_storage.patch
--- End Message ---
--- Begin Message ---
Fixing the mess with this bug opened twice.--- End Message ---

Processed: Re: Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #931610 [release.debian.org] stretch-pu: package pound/2.7-1.3+deb9u1
Removed tag(s) moreinfo.

-- 
931610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Carsten Leonhardt]

Control: tags -1 - moreinfo

> On 2019-07-08 09:40, Carsten Leonhardt wrote:
>> pound is affected by non-dsa CVE-2016-10711.
>
> The metadata for #888786 indicates that the issue affects the package
> in unstable, and is not yet fixed there. Is that correct?

No, the package was removed from unstable. I reintroduced it only in
experimental so far.

Regards,

Carsten

Bug#931608: marked as done (buster-pu: package cloudkitty/8.0.0-4)

[Debian Bug Tracking System]

Your message dated Mon, 8 Jul 2019 11:03:28 +0200
with message-id <469a7d36-1f63-9044-f329-f064851d3...@debian.org>
and subject line Closing
has caused the Debian Bug report #931608,
regarding buster-pu: package cloudkitty/8.0.0-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The attached debdiff fixes the FTBS. Details are in the relevant bugs
(as per the debian/changelog). Please allow me to upload the fix to
Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru cloudkitty-8.0.0/debian/changelog cloudkitty-8.0.0/debian/changelog
--- cloudkitty-8.0.0/debian/changelog   2019-01-24 14:45:39.0 +0100
+++ cloudkitty-8.0.0/debian/changelog   2019-06-28 15:01:45.0 +0200
@@ -1,3 +1,11 @@
+cloudkitty (8.0.0-4+deb10u1) buster; urgency=medium
+
+  * Add upstream patch to fix FTBFS after we updated SQLAlchemy to fix
+CVE-2019-7164 CVE-2019-7548 (SQL injection) (see debian bug 922669 and
+929321 for more info) (Closes: #930996).
+
+ -- Thomas Goirand   Fri, 28 Jun 2019 15:01:45 +0200
+
 cloudkitty (8.0.0-4) unstable; urgency=medium
 
   * Correct default path to metrics.yml in [collect]/metrics_conf.
diff -Nru 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch
--- cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
1970-01-01 01:00:00.0 +0100
+++ cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
2019-06-28 15:01:45.0 +0200
@@ -0,0 +1,39 @@
+Description: Fix sqlalchemy grouping on v1 storage (Fixes FTBFS in Buster)
+ This fixes "CompileError: Can't resolve label reference for
+ ORDER BY / GROUP BY." error messages raised by sqlalchemy when the groupby
+ expression includes a comma.
+Author: Luka Peschke 
+Date: Tue, 4 Jun 2019 15:21:05 +0200
+Change-Id: Ia253175b45b8222aaee415ea535fa4102312be5a
+Bug-Debian: https://bugs.debian.org/930996
+Origin: upstream, https://review.opendev.org/668120
+Last-Update: 2019-06-28
+
+diff --git a/cloudkitty/storage/v1/sqlalchemy/__init__.py 
b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+index 77403e3..7b56da6 100644
+--- a/cloudkitty/storage/v1/sqlalchemy/__init__.py
 b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+@@ -127,7 +127,7 @@ class SQLAlchemyStorage(storage.BaseStorage):
+ self.frame_model.end <= end,
+ self.frame_model.res_type != '_NO_DATA_')
+ if groupby:
+-q = q.group_by(groupby)
++q = q.group_by(sqlalchemy.sql.text(groupby))
+ 
+ # Order by sum(rate)
+ q = q.order_by(sqlalchemy.func.sum(self.frame_model.rate))
+diff --git a/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml 
b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+new file mode 100644
+index 000..02c1e4d
+--- /dev/null
 b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+@@ -0,0 +1,6 @@
++---
++fixes:
++  - |
++``CompileError: Can't resolve label reference for ORDER BY / GROUP BY.``
++errors that were sometimes raised by SQLAlchemy when using the v1 storage
++backend and grouping on ``tenant_id`` and ``res_type`` have been fixed.
+-- 
+2.7.4
+
diff -Nru cloudkitty-8.0.0/debian/patches/series 
cloudkitty-8.0.0/debian/patches/series
--- cloudkitty-8.0.0/debian/patches/series  2019-01-24 14:45:39.0 
+0100
+++ cloudkitty-8.0.0/debian/patches/series  2019-06-28 15:01:45.0 
+0200
@@ -1,3 +1,4 @@
 allow-any-sqla-version.patch
 missing-files.patch
 remove-mathjax-extention-from-sphinx-doc.patch
+Fix_sqlalchemy_grouping_on_v1_storage.patch
--- End Message ---
--- Begin Message ---
I've re-opened a new bug using: https://bugs.debian.org/931606
for buster-p-u.

Cheers,

Thomas Goirand (zigo)--- End Message ---

Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On 2019-07-08 09:40, Carsten Leonhardt wrote:

pound is affected by non-dsa CVE-2016-10711.


The metadata for #888786 indicates that the issue affects the package in 
unstable, and is not yet fixed there. Is that correct?


Regards,

Adam

Processed: Re: Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #931610 [release.debian.org] stretch-pu: package pound/2.7-1.3+deb9u1
Added tag(s) moreinfo.

-- 
931610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1

[Carsten Leonhardt]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

pound is affected by non-dsa CVE-2016-10711. 

Attached is the diff, backported from pound 2.8a, same as the
diff being used by SUSE.
(c.f. https://security-tracker.debian.org/tracker/CVE-2016-10711 )

Thanks!

diff --git a/debian/changelog b/debian/changelog
index d5946a9..d59d80c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pound (2.7-1.3+deb9u1) stretch; urgency=medium
+
+  * Fix request smuggling via crafted headers, CVE-2016-10711
+(Closes: #888786).
+
+ -- Carsten Leonhardt   Sun, 07 Jul 2019 23:44:04 +0200
+
 pound (2.7-1.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/patches/0003-CVE-2016-1071.patch b/debian/patches/0003-CVE-2016-1071.patch
new file mode 100644
index 000..09da940
--- /dev/null
+++ b/debian/patches/0003-CVE-2016-1071.patch
@@ -0,0 +1,210 @@
+Description: Backport fix for CVE-2016-10711
+Author: Robert Segall
+Origin: upstream, http://www.apsis.ch/pound/Pound-2.8a.tgz
+Last-Update: 2019-07-07
+--- a/http.c
 b/http.c
+@@ -31,7 +31,8 @@
+ static char *h500 = "500 Internal Server Error",
+ *h501 = "501 Not Implemented",
+ *h503 = "503 Service Unavailable",
+-*h414 = "414 Request URI too long";
++*h414 = "414 Request URI too long",
++*h400 = "Bad Request";
+ 
+ static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s";
+ 
+@@ -83,7 +84,7 @@
+ safe_url, safe_url);
+ snprintf(rep, sizeof(rep),
+ "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n",
+-code, code_msg, safe_url, strlen(cont));
++code, code_msg, safe_url, (int)strlen(cont));
+ BIO_write(c, rep, strlen(rep));
+ BIO_write(c, cont, strlen(cont));
+ BIO_flush(c);
+@@ -126,11 +127,11 @@
+ get_line(BIO *const in, char *const buf, const int bufsize)
+ {
+ chartmp;
+-int i, n_read;
++int i, n_read, seen_cr;
+ 
+ memset(buf, 0, bufsize);
+-for(n_read = 0;;)
+-switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) {
++for(i = 0, seen_cr = 0; i < bufsize - 1; i++)
++switch(BIO_read(in, , 1)) {
+ case -2:
+ /* BIO_gets not implemented */
+ return -1;
+@@ -138,24 +139,49 @@
+ case -1:
+ return 1;
+ default:
+-for(i = n_read; i < bufsize && buf[i]; i++)
+-if(buf[i] == '\n' || buf[i] == '\r') {
+-buf[i] = '\0';
++if(seen_cr)
++if(tmp != '\n') {
++/* we have CR not followed by NL */
++do {
++if(BIO_read(in, , 1) < 0)
++return 1;
++} while(tmp != '\n');
++return 1;
++} else {
++buf[i - 1] = '\0';
+ return 0;
+ }
+-if(i < bufsize) {
+-n_read = i;
++
++if(!iscntrl(tmp) || tmp == '\t') {
++buf[i] = tmp;
++continue;
++}
++
++if(tmp == '\r') {
++seen_cr = 1;
+ continue;
+ }
+-logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf);
+-/* skip rest of "line" */
+-tmp = '\0';
+-while(tmp != '\n')
+-if(BIO_read(in, , 1) != 1)
++
++if(tmp == '\n') {
++/* line ends in NL only (no CR) */
++buf[i] = 0;
++return 0;
++}
++
++/* all other control characters cause an error */
++do {
++if(BIO_read(in, , 1) < 0)
+ return 1;
+-break;
++} while(tmp != '\n');
++return 1;
+ }
+-return 0;
++
++/* line too long */
++do {
++if(BIO_read(in, , 1) < 0)
++return 1;
++} while(tmp != '\n');
++return 1;
+ }
+ 
+ /*
+@@ -393,22 +419,16 @@
+ 
+ /* HTTP/1.1 allows leading CRLF */
+ memset(buf, 0, MAXBUF);
+-while((res = BIO_gets(in, buf, MAXBUF - 1)) > 0) {
+-has_eol = strip_eol(buf);
++while((res = get_line(in, buf, MAXBUF)) == 0)
+ if(buf[0])
+ break;
+-}
+ 
+-if(res <= 0) {
++if(res < 0) {
+ /* this is expected to occur only on client reads */
+ /* logmsg(LOG_NOTICE, "headers: bad starting read"); */
+ return NULL;
+-} else if(!has_eol) {
+-/* check for request length limit */
+-logmsg(LOG_WARNING, "(%lx) e414 headers: request URI too long", pthread_self());
+-err_reply(cl, h414, lstn->err414);
+-return NULL;
+

Bug#931608: buster-pu: package cloudkitty/8.0.0-4

[Thomas Goirand]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The attached debdiff fixes the FTBS. Details are in the relevant bugs
(as per the debian/changelog). Please allow me to upload the fix to
Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru cloudkitty-8.0.0/debian/changelog cloudkitty-8.0.0/debian/changelog
--- cloudkitty-8.0.0/debian/changelog   2019-01-24 14:45:39.0 +0100
+++ cloudkitty-8.0.0/debian/changelog   2019-06-28 15:01:45.0 +0200
@@ -1,3 +1,11 @@
+cloudkitty (8.0.0-4+deb10u1) buster; urgency=medium
+
+  * Add upstream patch to fix FTBFS after we updated SQLAlchemy to fix
+CVE-2019-7164 CVE-2019-7548 (SQL injection) (see debian bug 922669 and
+929321 for more info) (Closes: #930996).
+
+ -- Thomas Goirand   Fri, 28 Jun 2019 15:01:45 +0200
+
 cloudkitty (8.0.0-4) unstable; urgency=medium
 
   * Correct default path to metrics.yml in [collect]/metrics_conf.
diff -Nru 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch
--- cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
1970-01-01 01:00:00.0 +0100
+++ cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
2019-06-28 15:01:45.0 +0200
@@ -0,0 +1,39 @@
+Description: Fix sqlalchemy grouping on v1 storage (Fixes FTBFS in Buster)
+ This fixes "CompileError: Can't resolve label reference for
+ ORDER BY / GROUP BY." error messages raised by sqlalchemy when the groupby
+ expression includes a comma.
+Author: Luka Peschke 
+Date: Tue, 4 Jun 2019 15:21:05 +0200
+Change-Id: Ia253175b45b8222aaee415ea535fa4102312be5a
+Bug-Debian: https://bugs.debian.org/930996
+Origin: upstream, https://review.opendev.org/668120
+Last-Update: 2019-06-28
+
+diff --git a/cloudkitty/storage/v1/sqlalchemy/__init__.py 
b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+index 77403e3..7b56da6 100644
+--- a/cloudkitty/storage/v1/sqlalchemy/__init__.py
 b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+@@ -127,7 +127,7 @@ class SQLAlchemyStorage(storage.BaseStorage):
+ self.frame_model.end <= end,
+ self.frame_model.res_type != '_NO_DATA_')
+ if groupby:
+-q = q.group_by(groupby)
++q = q.group_by(sqlalchemy.sql.text(groupby))
+ 
+ # Order by sum(rate)
+ q = q.order_by(sqlalchemy.func.sum(self.frame_model.rate))
+diff --git a/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml 
b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+new file mode 100644
+index 000..02c1e4d
+--- /dev/null
 b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+@@ -0,0 +1,6 @@
++---
++fixes:
++  - |
++``CompileError: Can't resolve label reference for ORDER BY / GROUP BY.``
++errors that were sometimes raised by SQLAlchemy when using the v1 storage
++backend and grouping on ``tenant_id`` and ``res_type`` have been fixed.
+-- 
+2.7.4
+
diff -Nru cloudkitty-8.0.0/debian/patches/series 
cloudkitty-8.0.0/debian/patches/series
--- cloudkitty-8.0.0/debian/patches/series  2019-01-24 14:45:39.0 
+0100
+++ cloudkitty-8.0.0/debian/patches/series  2019-06-28 15:01:45.0 
+0200
@@ -1,3 +1,4 @@
 allow-any-sqla-version.patch
 missing-files.patch
 remove-mathjax-extention-from-sphinx-doc.patch
+Fix_sqlalchemy_grouping_on_v1_storage.patch

Bug#931606: buster-pu: package cloudkitty/8.0.0-4+deb10u1

[Thomas Goirand]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

Cloudkitty FTBFS is fixed with the attached debdiff.
Please allow me to upload this to Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru cloudkitty-8.0.0/debian/changelog cloudkitty-8.0.0/debian/changelog
--- cloudkitty-8.0.0/debian/changelog   2019-01-24 14:45:39.0 +0100
+++ cloudkitty-8.0.0/debian/changelog   2019-06-28 15:01:45.0 +0200
@@ -1,3 +1,11 @@
+cloudkitty (8.0.0-4+deb10u1) buster; urgency=medium
+
+  * Add upstream patch to fix FTBFS after we updated SQLAlchemy to fix
+CVE-2019-7164 CVE-2019-7548 (SQL injection) (see debian bug 922669 and
+929321 for more info) (Closes: #930996).
+
+ -- Thomas Goirand   Fri, 28 Jun 2019 15:01:45 +0200
+
 cloudkitty (8.0.0-4) unstable; urgency=medium
 
   * Correct default path to metrics.yml in [collect]/metrics_conf.
diff -Nru 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch
--- cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
1970-01-01 01:00:00.0 +0100
+++ cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 
2019-06-28 15:01:45.0 +0200
@@ -0,0 +1,39 @@
+Description: Fix sqlalchemy grouping on v1 storage (Fixes FTBFS in Buster)
+ This fixes "CompileError: Can't resolve label reference for
+ ORDER BY / GROUP BY." error messages raised by sqlalchemy when the groupby
+ expression includes a comma.
+Author: Luka Peschke 
+Date: Tue, 4 Jun 2019 15:21:05 +0200
+Change-Id: Ia253175b45b8222aaee415ea535fa4102312be5a
+Bug-Debian: https://bugs.debian.org/930996
+Origin: upstream, https://review.opendev.org/668120
+Last-Update: 2019-06-28
+
+diff --git a/cloudkitty/storage/v1/sqlalchemy/__init__.py 
b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+index 77403e3..7b56da6 100644
+--- a/cloudkitty/storage/v1/sqlalchemy/__init__.py
 b/cloudkitty/storage/v1/sqlalchemy/__init__.py
+@@ -127,7 +127,7 @@ class SQLAlchemyStorage(storage.BaseStorage):
+ self.frame_model.end <= end,
+ self.frame_model.res_type != '_NO_DATA_')
+ if groupby:
+-q = q.group_by(groupby)
++q = q.group_by(sqlalchemy.sql.text(groupby))
+ 
+ # Order by sum(rate)
+ q = q.order_by(sqlalchemy.func.sum(self.frame_model.rate))
+diff --git a/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml 
b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+new file mode 100644
+index 000..02c1e4d
+--- /dev/null
 b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml
+@@ -0,0 +1,6 @@
++---
++fixes:
++  - |
++``CompileError: Can't resolve label reference for ORDER BY / GROUP BY.``
++errors that were sometimes raised by SQLAlchemy when using the v1 storage
++backend and grouping on ``tenant_id`` and ``res_type`` have been fixed.
+-- 
+2.7.4
+
diff -Nru cloudkitty-8.0.0/debian/patches/series 
cloudkitty-8.0.0/debian/patches/series
--- cloudkitty-8.0.0/debian/patches/series  2019-01-24 14:45:39.0 
+0100
+++ cloudkitty-8.0.0/debian/patches/series  2019-06-28 15:01:45.0 
+0200
@@ -1,3 +1,4 @@
 allow-any-sqla-version.patch
 missing-files.patch
 remove-mathjax-extention-from-sphinx-doc.patch
+Fix_sqlalchemy_grouping_on_v1_storage.patch

Bug#931603: buster-pu: package puppet-module-cinder/13.1.0-3+deb10u1

[Thomas Goirand]

On 7/8/19 9:37 AM, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hi,
> 
> While puppet-module-cinder works well if using the LVM backend, I discovered
> that it fails in Buster when using Ceph, because it tries to write in
> /etc/init (and upstart is gone...). The attached debdiff fixes it. Please
> allow me to upload this fix to Buster.
> 
> Cheers,
> 
> Thomas Goirand (zigo)
> 

This update is for Buster, not Stretch. I got fooled by reportbug, which
also probably needs an update.

Cheers,

Thomas

Bug#931603: stretch-pu: package puppet-module-cinder/13.1.0-3+deb10u1

[Thomas Goirand]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

While puppet-module-cinder works well if using the LVM backend, I discovered
that it fails in Buster when using Ceph, because it tries to write in
/etc/init (and upstart is gone...). The attached debdiff fixes it. Please
allow me to upload this fix to Buster.

Cheers,

Thomas Goirand (zigo)
diff -Nru puppet-module-cinder-13.1.0/debian/changelog 
puppet-module-cinder-13.1.0/debian/changelog
--- puppet-module-cinder-13.1.0/debian/changelog2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/changelog2019-07-04 
14:59:42.0 +0200
@@ -1,3 +1,9 @@
+puppet-module-cinder (13.1.0-3+deb10u1) buster; urgency=medium
+
+  * Add missing Ceph patch: Do_not_attempt_to_write_in_etc_init.patch.
+
+ -- Thomas Goirand   Thu, 04 Jul 2019 14:59:42 +0200
+
 puppet-module-cinder (13.1.0-3) unstable; urgency=medium
 
   * Add 0001-Add-File.expand_path-to-cinder.rb.patch.
diff -Nru 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
--- 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
1970-01-01 01:00:00.0 +0100
+++ 
puppet-module-cinder-13.1.0/debian/patches/Do_not_attempt_to_write_in_etc_init.patch
2019-07-04 14:59:42.0 +0200
@@ -0,0 +1,29 @@
+Description: Do not attempt to write in /etc/init
+ manifests/backend/rbd.pp attempts to write in /etc/init, when
+ upstart has long gone. The result is that it just fails to run.
+ So let's remove this, as it's broken.
+From: Thomas Goirand 
+Date: Sat, 13 Apr 2019 21:34:37 +0200
+Change-Id: I7666c775f4d269f214d3f853e56d0eb076834164
+Forwarded: https://review.openstack.org/#/c/652209/
+Last-Update: 2019-04-13
+
+Index: puppet-module-cinder/manifests/backend/rbd.pp
+===
+--- puppet-module-cinder.orig/manifests/backend/rbd.pp
 puppet-module-cinder/manifests/backend/rbd.pp
+@@ -144,14 +144,4 @@ define cinder::backend::rbd (
+   fail("unsupported osfamily ${::osfamily}, currently Debian and Redhat 
are the only supported platforms")
+ }
+   }
+-
+-  # Creates an empty file if it doesn't yet exist
+-  ensure_resource('file', $::cinder::params::ceph_init_override, {'ensure' => 
'present'})
+-
+-  file_line { "set initscript env ${name}":
+-line   => $override_line,
+-path   => $::cinder::params::ceph_init_override,
+-notify => Anchor['cinder::service::begin'],
+-  }
+-
+ }
diff -Nru puppet-module-cinder-13.1.0/debian/patches/series 
puppet-module-cinder-13.1.0/debian/patches/series
--- puppet-module-cinder-13.1.0/debian/patches/series   2018-11-28 
15:58:01.0 +0100
+++ puppet-module-cinder-13.1.0/debian/patches/series   2019-07-04 
14:59:42.0 +0200
@@ -1 +1,2 @@
 0001-Add-File.expand_path-to-cinder.rb.patch
+Do_not_attempt_to_write_in_etc_init.patch

Bug#904418: transition: json-c

[Gianfranco Costamagna]

Hello all,

> > So yeah 0.12.1-2 should be alright for sid/buster, and 0.13 will have to 
> > wait
> > for bullseye after the freeze.
> 
> Thank you very much Boyuan  <3
> 
> I will have a look in a moment.
> 

Hello, I fixed all the failing reverse-dependencies in Ubuntu, and completed 
the transition
successfully there (and posted patches on BTS).
The only remaining issue is syslog-ng on i386 and s390x, but the maintainer is 
already working on (and we fixed with a patch in Ubuntu)
I would like to do this one before gcc changes default or something else 
entangles, it should be a trivial one,
I plan to NMU as needed.

thanks

G.