Bug#975874: buster-pu: package openjdk-11/11.0.9.1+1-1~deb10u1

2020-11-25 Thread tony mancill 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello Release Team:

I propose that openjdk-11 be updated to upstream 11.0.9.1+1 in the
upcoming stable point release.  This update addresses a regression [1]
introduced in upstream release 11.0.9+11, which is present in buster via
a security upload [2].  This keeps Debian on par with other vendors -
e.g. RedHat [3], Ubuntu [4], and AdoptOpenJDK [5] - and introduces the
same upstream version currently available in testing and unstable.

Without this update, users may encounter crashes during bytecode
compilation.  This this is not an optional component of the JVM, there
is no work-around and users would have to downgrade to 11.0.8 (which has
open CVEs).

I have prepared an update and performed basic smoke-testing of the
resulting binaries.  The attached debdiff is based on the version
uploaded by Moritz Mühlenhoff for the DSA, 11.0.9+11-1~deb10u1.  I
checked with the OpenJDK Maintainers [6], where we agreed that this
update for the regression wouldn't follow the DSA process.

Please let me know if you have any questions.

Thank you!
tony

[1] https://bugs.openjdk.java.net/browse/JDK-8250861
[2] 
https://tracker.debian.org/news/1188653/accepted-openjdk-11-110911-1deb10u1-source-amd64-all-into-proposed-updates-stable-new-proposed-updates/
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1895275
[4] https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9.1+1-0ubuntu1
[5] https://github.com/AdoptOpenJDK/TSC/issues/185
[6] https://lists.debian.org/debian-java/2020/11/msg00027.html
diff -Nru openjdk-11-11.0.9+11/debian/changelog 
openjdk-11-11.0.9.1+1/debian/changelog
--- openjdk-11-11.0.9+11/debian/changelog   2020-10-22 07:49:15.0 
-0700
+++ openjdk-11-11.0.9.1+1/debian/changelog  2020-11-25 08:55:48.0 
-0800
@@ -1,8 +1,16 @@
-openjdk-11 (11.0.9+11-1~deb10u1) buster-security; urgency=medium
+openjdk-11 (11.0.9.1+1-1~deb10u1) buster; urgency=medium
 
-  * Rebuild for Buster
+  * Rebuild for Buster (Closes: #975728)
 
- -- Moritz Muehlenhoff   Thu, 22 Oct 2020 14:49:15 +
+ -- tony mancill   Wed, 25 Nov 2020 08:55:48 -0800
+
+openjdk-11 (11.0.9.1+1-1) unstable; urgency=medium
+
+  * OpenJDK 11.0.9.1+1 build (release).
+  * Configure --with-jvm-features=shenandoahgc for hotspot builds.
+LP: #1902029.
+
+ -- Matthias Klose   Thu, 05 Nov 2020 14:32:42 +0100
 
 openjdk-11 (11.0.9+11-1) unstable; urgency=medium
 
diff -Nru openjdk-11-11.0.9+11/debian/control 
openjdk-11-11.0.9.1+1/debian/control
--- openjdk-11-11.0.9+11/debian/control 2020-10-22 07:47:43.0 -0700
+++ openjdk-11-11.0.9.1+1/debian/control2020-11-25 08:55:48.0 
-0800
@@ -7,7 +7,7 @@
   m4, lsb-release, zip, unzip,
   sharutils, gawk, cpio, pkg-config, procps, wdiff, time, fastjar (>= 
2:0.96-0ubuntu2),
   strip-nondeterminism,
-  file,
+  jtreg (>= 4.2-b13-0~) , testng , xvfb , xauth 
, xfonts-base , libgl1-mesa-dri [!x32] , xfwm4 
, x11-xkb-utils , dbus-x11 ,
   autoconf, automake, autotools-dev, ant, ant-optional,
   g++-8 ,
   openjdk-11-jdk-headless:native | openjdk-10-jdk-headless:native,
diff -Nru openjdk-11-11.0.9+11/debian/rules openjdk-11-11.0.9.1+1/debian/rules
--- openjdk-11-11.0.9+11/debian/rules   2020-10-21 10:38:16.0 -0700
+++ openjdk-11-11.0.9.1+1/debian/rules  2020-11-05 05:32:42.0 -0800
@@ -158,7 +158,7 @@
 ifneq (,$(filter $(distrel), precise trusty))
   with_docs =
 endif
-with_check = disabled for this upload
+# with_check = disabled for this upload
 
 with_wqy_zenhai = $(if $(filter $(distrel),lenny),,yes)
 
@@ -418,8 +418,12 @@
   endif
 endif
 
-ifneq (,$(filter $(DEB_HOST_ARCH), amd64))
-  DEFAULT_CONFIGURE_ARGS += --with-jvm-features=zgc
+ifneq (,$(filter $(DEB_HOST_ARCH),$(hotspot_archs)))
+  ifneq (,$(filter $(DEB_HOST_ARCH), amd64))
+jvm_features = zgc
+  endif
+  jvm_features += shenandoahgc
+  DEFAULT_CONFIGURE_ARGS += --with-jvm-features=$(subst 
$(SPACE),$(COMMA),$(strip $(jvm_features)))
 endif
 
 ifeq ($(distribution),Debian)
@@ -1797,7 +1801,7 @@
 
 is_release = yes
 hg_project = jdk11u
-hg_tag = jdk-11.0.9+11
+hg_tag = jdk-11.0.9.1+1
 package_version= $(subst jdk-,,$(hg_tag))
 ifneq ($(is_release),yes)
   package_version  := $(subst +,~,$(package_version))
diff -Nru openjdk-11-11.0.9+11/debian/watch openjdk-11-11.0.9.1+1/debian/watch
--- openjdk-11-11.0.9+11/debian/watch   2019-05-28 05:25:52.0 -0700
+++ openjdk-11-11.0.9.1+1/debian/watch  2020-11-05 05:32:42.0 -0800
@@ -1,4 +1,4 @@
 version=4
 opts="pagemangle=s{\s*(jdk-11\.[^<\s]*)}{$1}g" \
 https://hg.openjdk.java.net/jdk-updates/jdk11u/tags \
-.*/jdk-(.*).tar.gz
+.*/jdk-([0-9.]*\+[0-9]*).tar.gz
diff -Nru openjdk-11-11.0.9+11/.hg_archival.txt 
openjdk-11-11.0.9.1+1/.hg_archival.txt
--- openjdk-11-11.0.9+11/.hg_archival.txt   2020-09-11 09:12:45.0 
-0700
+++

Bug#975870: buster-pu: package lacme/0.5-1+deb10u1

2020-11-25 Thread Guilhem Moulin 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

[ Reason ]

#975862: Two upcoming changes in the Let's Encrypt chain of trust
severely impact lacme and will break all issuance once they're rolled
out in December / January.

 1. The current issuer CA, namely “Let's Encrypt Authority X3”, which
expires on 2021-03-17, will be phased out in December and
progressively replaced with “Let's Encrypt Authority R3”.
https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
 2. The current trust root, namely “IdenTrust DST Root CA X3”, which
expires on 2021-09-30, will be replaced with ”ISRG Root X1” on
January 11 next year.
https://letsencrypt.org/2020/11/06/own-two-feet.html

[ Impact ]
Once Let's Encrypt roll out their change users won't be able to request /
renew certificates.

[ Tests ]
Tested against the Let's Encrypt staging API, with and without chain, as
well as manual certificate renewal in production.  The new root and
intermediate certificates have not been tested yet though, as Let's
Encrypt hasn't not rolled out the change yet (but will before Debian
10.8 is released).

[ Risks ]
The code is rather simple, instead of manually assembling the chain
using the leaf cert and CAfile we preserve the the chain received (per
RFC8555 7.4.2, unfortunately published after the Buster freeze) and only
use CAfile for trust validation before deploying the certificate.

The only alternative I could think of is to simply change the default
CAfile to https://letsencrypt.org/certs/lets-encrypt-r3.txt once Let's
Encrypt have finalized the transition.  But that means we'd have two
months or so during which certificate requests and renewals would fail.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

Unfortunately the fix isn't simply uploading a new package with the new
certificates, as Let's Encrypt will roll the changes progressively and
thus cause a period of up to two months were all certificate issuance /
renewal using lacme would fail.

Instead, the change is two fold:

 * Use the CA chain provided by the ACME v2 endpoint instead of bundling
   our own and hardcoding a possibly obsolete intermediate certificate
 
 * The CAfile option (now only used for verification, not for building
   the chain) points to bundle containing all currently active Let's
   Encrypt certificates (incl. the previous default).  This extends the
   scope of validation function and allows the issuer to smoothly
   transition between intermediate CAs.

[ Other info ]

0.2-1 from oldstable is affected too, however that version doesn't
support ACME v2 which is required for the smooth transition.

I attach the debdiff against 0.5-1+deb10u1 as well as the output of
`diff -ru` to emphasize the code/documentation change an not the
certificate rotation.

Cheers,
-- 
Guilhem.
diffstat for lacme-0.5 lacme-0.5

 changelog   |   23 
 lacme.install   |3 
 patches/0003-Use-upstream-certicate-chain-instead-of-an-hardcoded.patch |  479 
++
 patches/series  |1 
 4 files changed, 505 insertions(+), 1 deletion(-)

diff -Nru lacme-0.5/debian/changelog lacme-0.5/debian/changelog
--- lacme-0.5/debian/changelog  2019-08-22 00:14:42.0 +0200
+++ lacme-0.5/debian/changelog  2020-11-26 01:14:50.0 +0100
@@ -1,3 +1,26 @@
+lacme (0.5-1+deb10u2) buster; urgency=medium
+
+  * Use upstream certificate chain instead of an hardcoded one.
+This is a breaking change.  The certificate indicated by 'CAfile' is no
+longer used as is in 'certificate-chain' (along with the leaf cert).
+The chain returned by the ACME v2 endpoint is used instead.  This allows
+for more flexbility with respect to key/CA rotation, cf.
+https://letsencrypt.org/2020/11/06/own-two-feet.html and
+https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018
+  * Additional current/planned CA certificates can be found under
+/usr/local/share/lacme:
+  - lets-encrypt-e[12].pem
+  - lets-encrypt-r[34]-cross-signed.pem
+  - lets-encrypt-r[34].pem
+  - letsencryptauthorityx[34].pem
+See https://letsencrypt.org/certificates/
+  * Moreover 'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt
+which is a concatenation of all known active CA certificates (which
+includes the previous default).
+Closes: #975862.
+
+ -- Guilhem Moulin   Thu, 26 Nov 2020 01:14:50 +0100
+
 lacme (0.5-1+deb10u1) buster; urgency=medium
 
   * Link to RFC 8555  instead of the
diff -Nru lacme-0.5/debian/lacme.install

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: tor_0.3.5.12-1_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: mutt_1.10.1-2.1+deb10u4_ppc64el-buildd.changes
  ACCEPT
Processing changes file: 
neomutt_20180716+dfsg.1-1+deb10u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_ppc64el-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_ppc64el-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: tor_0.3.5.12-1_mips-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: tor_0.3.5.12-1_mips64el-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: mutt_1.10.1-2.1+deb10u4_mipsel-buildd.changes
  ACCEPT
Processing changes file: 
neomutt_20180716+dfsg.1-1+deb10u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_mipsel-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_mips-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: mutt_1.10.1-2.1+deb10u4_mips64el-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_mips64el-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: efivar_37-2+deb10u1_i386-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_i386-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_s390x.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_i386-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_s390x.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_armhf-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_s390x.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_armel-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_i386-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_s390x.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: efivar_37-2+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_armel-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_mips-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_armel-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_armhf-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_mips-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_armel-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_i386-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_amd64-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_armhf-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: efivar_37-2+deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: efivar_37-2+deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_amd64-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_armhf-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_amd64-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_amd64-buildd.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_arm64-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_arm64-buildd.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: efivar_37-2+deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: iptables-persistent_1.0.11+deb10u1_all-buildd.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_arm64-buildd.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_arm64-buildd.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_all-buildd.changes
  ACCEPT

Bug#974737: marked as done (transition: botan)

2020-11-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Nov 2020 20:58:02 +0100
with message-id 
and subject line Re: Bug#974737: transition: botan
has caused the Debian Bug report #974737,
regarding transition: botan
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
974737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974737
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi RMs,

Last botan 2.x release (botan version 3 is a new upstream project) is
in experimental. It would be good to have it for Bullseye. The only
one reverse dependency is Thunderbird which builds fine with this
version as well.

Thanks,
Laszlo/GCS
--- End Message ---
--- Begin Message ---
On 2020-11-16 21:04:50 +0100, László Böszörményi wrote:
> On Sun, Nov 15, 2020 at 10:11 PM Sebastian Ramacher
>  wrote:
> > Control: tags -1 + confirmed
> > Control: forwarded -1 
> > https://release.debian.org/transitions/html/auto-botan.html
> >
> > On 2020-11-14 13:37:03 +0100, László Böszörményi wrote:
> > > Last botan 2.x release (botan version 3 is a new upstream project) is
> > > in experimental. It would be good to have it for Bullseye. The only
> > > one reverse dependency is Thunderbird which builds fine with this
> > > version as well.
> >
> > Please go ahead
>  Uploaded and it was built already.

The old binaries were removed from testing. Closing.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature
--- End Message ---

Bug#974982: transition: krb5

2020-11-25 Thread Sebastian Ramacher 
On 2020-11-23 10:22:21 -0500, Sam Hartman wrote:
> I've proposed a patch to libapache-mod-auth-kerb.
> If someone tests the patch, I'll NMU.
> 
> 
> mia-query on the maintainer of libapache-mod-auth-kerb is revealing;
> I'll contact the MIA team and suggest orphaning or removing
> libapache-mod-auth-kerb.

Added a removeal hint for libapache-mod-auth-kerb.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#972479: marked as done (nmu: nvidia-graphics-drivers_450.66-1~bpo10+1)

2020-11-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Nov 2020 20:04:47 +0100
with message-id <6024b924-cb61-91fa-aac4-2ea776890...@debian.org>
and subject line Re: Bug#972479: Acknowledgement (nmu: 
nvidia-graphics-drivers_450.66-1~bpo10+1)
has caused the Debian Bug report #972479,
regarding nmu: nvidia-graphics-drivers_450.66-1~bpo10+1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
972479: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972479
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu nvidia-graphics-drivers_450.66-1~bpo10+1 . amd64 . buster-backports . -m 
"Rebuild in a clean buster environment."

Looks like I accidentally built this in sid instead of buster and therefore
introduced a dependency on libgcc-s1.


Andreas
--- End Message ---
--- Begin Message ---
NVIBPO--- End Message ---

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: ublock-origin_1.30.0+dfsg-1~deb10u1_amd64.changes
  ACCEPT

NEW changes in stable-new

2020-11-25 Thread Debian FTP Masters 
Processing changes file: efivar_37-2+deb10u1_source.changes
  ACCEPT
Processing changes file: iptables-persistent_1.0.11+deb10u1_source.changes
  ACCEPT
Processing changes file: mutt_1.10.1-2.1+deb10u4_source.changes
  ACCEPT
Processing changes file: neomutt_20180716+dfsg.1-1+deb10u2_source.changes
  ACCEPT
Processing changes file: spip_3.2.4-1+deb10u3_source.changes
  ACCEPT
Processing changes file: spip_3.2.4-1+deb10u3_all.changes
  ACCEPT
Processing changes file: tigervnc_1.9.0+dfsg-3+deb10u3_source.changes
  ACCEPT
Processing changes file: tor_0.3.5.12-1_weasel.changes
  ACCEPT

Processed: ublock-origin 1.30.0+dfsg-1~deb10u1 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 973695 = buster pending
Bug #973695 [release.debian.org] buster-pu: package 
ublock-origin/1.22.2+dfsg-1~deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
973695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#973695: ublock-origin 1.30.0+dfsg-1~deb10u1 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 973695 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: ublock-origin
Version: 1.30.0+dfsg-1~deb10u1

Explanation: new upstream version; split plugin to browser-specific packages

Processed: Re: Bug#975086: buster-pu: package dav4tbsync

2020-11-25 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 -moreinfo +confirmed
Bug #975086 [release.debian.org] buster-pu: package dav4tbsync
Removed tag(s) moreinfo.
Bug #975086 [release.debian.org] buster-pu: package dav4tbsync
Added tag(s) confirmed.

-- 
975086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#975086: buster-pu: package dav4tbsync

2020-11-25 Thread Adam D. Barratt 
Control: tags -1 -moreinfo +confirmed

On Wed, 2020-11-25 at 18:48 +0100, Mechtilde Stehmann wrote:
> Hello Adam
> 
> Am 24.11.20 um 21:38 schrieb Adam D. Barratt:
> > Hi,
> > 
> > On Sat, 2020-11-21 at 15:13 +, Adam D. Barratt wrote:
> > > On Sat, 2020-11-21 at 14:04 +0100, Mechtilde Stehmann wrote:
> > > of which a significant portion appears to be Google Javascript
> > > libraries. I assume the new upstream version is needed
> > > specifically to allow Thunderbird 78 compatibility, rather than
> > > simply adding the manifest.json changes?
> 
> Yes it is.

OK, thanks. Please go ahead.

Regards,

Adam

Processed: neomutt 20180716+dfsg.1-1+deb10u2 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 975616 = buster pending
Bug #975616 [release.debian.org] buster-pu: package 
neomutt/neomutt_20180716+dfsg.1-1+deb10u2
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
975616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tor 0.3.5.12-1 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 975297 = buster pending
Bug #975297 [release.debian.org] buster-pu: package tor/0.3.5.12-1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
975297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975297
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tigervnc 1.9.0+dfsg-3+deb10u3 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 971392 = buster pending
Bug #971392 [release.debian.org] buster-pu: package 
tigervnc/1.9.0+dfsg-3+deb10u3
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
971392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971392
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: mutt 1.10.1-2.1+deb10u4 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 975514 = buster pending
Bug #975514 [release.debian.org] buster-pu: package mutt/1.10.1-2.1+deb10u4
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
975514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975514
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: iptables-persistent 1.0.11+deb10u1 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 963340 = buster pending
Bug #963340 [release.debian.org] buster-pu: package iptables-persistent/1.0.14
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
963340: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963340
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#975616: neomutt 20180716+dfsg.1-1+deb10u2 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 975616 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: neomutt
Version: 20180716+dfsg.1-1+deb10u2

Explanation: ensure IMAP connection is closed after a connection error 
[CVE-2020-28896]

Processed: efivar 37-2+deb10u1 flagged for acceptance

2020-11-25 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 975425 = buster pending
Bug #975425 [release.debian.org] buster-pu: package efivar/32-2+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
975425: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975425
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#975425: efivar 37-2+deb10u1 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 975425 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: efivar
Version: 37-2+deb10u1

Explanation: add support for nvme-fabrics and nvme-subsystem devices; fix 
uninitialized variable in parse_acpi_root, saving possible segfault

Bug#975297: tor 0.3.5.12-1 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 975297 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: tor
Version: 0.3.5.12-1

Explanation: new upstream stable release; multiple security, usability, 
portability, and reliability fixes

Bug#975514: mutt 1.10.1-2.1+deb10u4 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 975514 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: mutt
Version: 1.10.1-2.1+deb10u4

Explanation: ensure IMAP connection is closed after a connection error 
[CVE-2020-28896]

Bug#971392: tigervnc 1.9.0+dfsg-3+deb10u3 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 971392 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: tigervnc
Version: 1.9.0+dfsg-3+deb10u3

Explanation: properly store certificate exceptions in native and java VNC 
viewer [CVE-2020-26117]

Bug#963340: iptables-persistent 1.0.11+deb10u1 flagged for acceptance

2020-11-25 Thread Adam D Barratt 
package release.debian.org
tags 963340 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: iptables-persistent
Version: 1.0.11+deb10u1

Explanation: don't force-load kernel modules; improve rule flushing logic

Bug#975086: buster-pu: package dav4tbsync

2020-11-25 Thread Mechtilde Stehmann 
Hello Adam

Am 24.11.20 um 21:38 schrieb Adam D. Barratt:
> Hi,
> 
> On Sat, 2020-11-21 at 15:13 +, Adam D. Barratt wrote:
>> On Sat, 2020-11-21 at 14:04 +0100, Mechtilde Stehmann wrote:

>> of which a significant portion appears to be Google Javascript
>> libraries. I assume the new upstream version is needed specifically
>> to allow Thunderbird 78 compatibility, rather than simply adding the
>> manifest.json changes?

Yes it is.

kind regards
> 
> Regards,
> 
> Adam
> 

-- 
Mechtilde Stehmann
## Debian Developer
## PGP encryption welcome
## F0E3 7F3D C87A 4998 2899  39E7 F287 7BBA 141A AD7F



OpenPGP_signature
Description: OpenPGP digital signature

Bug#973294: marked as done (transition: scotch mumps petsc slepc)

2020-11-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Nov 2020 13:50:48 +0100
with message-id <20201125125048.ga21...@ramacher.at>
and subject line Re: Bug#973294: transition: scotch mumps petsc slepc
has caused the Debian Bug report #973294,
regarding transition: scotch mumps petsc slepc
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
973294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973294
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I had an oopsie uploading petsc4py 3.14.0-1 to unstable instead of
experimental, and it got accepted immediately from the NEW queue
before the message on IRC was read to reject it.

I'd therefore like to proceed with the transition of the scientific
numerical library stack to get the packages back into consistent
versions.

The source packages are:

scotch
mumps
petsc  (and petsc4py)
slepc  (and slepc4py)


The auto transitions are

https://release.debian.org/transitions/html/auto-scotch.html
https://release.debian.org/transitions/html/auto-mumps.html
https://release.debian.org/transitions/html/auto-petsc.html
https://release.debian.org/transitions/html/auto-slepc.html


The mumps transition is not a "true" transition, it's just simplifying
the ABI version to the minor version 3.13 instead of 3.13.4. So future
mumps upgrades will be simpler.


Ben file:

title = "scotch mumps petsc slepc";
is_affected = .depends ~ "libpetsc-real3.13" | .depends ~ "libpetsc-real3.14";
is_good = .depends ~ "libpetsc-real3.14";
is_bad = .depends ~ "libpetsc-real3.13";


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
On 2020-10-28 19:54:15, Drew Parsons wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> I had an oopsie uploading petsc4py 3.14.0-1 to unstable instead of
> experimental, and it got accepted immediately from the NEW queue
> before the message on IRC was read to reject it.
> 
> I'd therefore like to proceed with the transition of the scientific
> numerical library stack to get the packages back into consistent
> versions.
> 
> The source packages are:
> 
> scotch
> mumps
> petsc  (and petsc4py)
> slepc  (and slepc4py)
> 
> 
> The auto transitions are
> 
> https://release.debian.org/transitions/html/auto-scotch.html
> https://release.debian.org/transitions/html/auto-mumps.html
> https://release.debian.org/transitions/html/auto-petsc.html
> https://release.debian.org/transitions/html/auto-slepc.html

All old binaries have been removed from testing. Closing

Cheers
-- 
Sebastian Ramacher--- End Message ---

Bug#975297: buster-pu: package tor/3.5.12-1

2020-11-25 Thread Peter Palfrader 
On Fri, 20 Nov 2020, Adam D. Barratt wrote:

> Control: tags -1 + confirmed
> 
> Hi,
> 
> On Fri, 2020-11-20 at 07:43 +, Peter Palfrader wrote:
> > Stable currently has Tor 0.3.5.10.
> > 
> > Upstream released 0.3.5.11 and 0.3.5.12 since, which bring some
> > security fixes, update the list of fallback directory servers, and a
> > few things more.
> > 
> > See 
> > https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12
> > for a full list.
> > 
> > I would like to build and upload packages for tor 3.5.12.
> 
> Based on previous updates, I'd be happy with that, but please attach a
> debdiff to this bug log once it's built / uploaded, for completeness.

} iweasel@orinoco:~/projects/debian/debian/tor/0.3.5.X/0.3.5.12-1$ debdiff 
../0.3.5.10-1/tor_0.3.5.10-1_source.changes tor_0.3.5.12-1_source.changes
} File lists identical (after any substitutions)


} weasel@orinoco:~/projects/debian/debian/tor/0.3.5.X/0.3.5.12-1$ debdiff 
../0.3.5.10-1/tor_0.3.5.10-1_amd64.changes tor_0.3.5.12-1_amd64.changes
} [The following lists of changes regard files as different if they have
} different names, permissions or owners.]
}
} Files in second .changes but not in first
} -
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/18/bd700da967b9476719cb90673f0f4583c8a6a7.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/45/2e6cbd2fb513558a8cd34c7c4f3976187558de.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/e0/7c60e61bff7a6889d4ec421b7bed8cf26d0791.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/ea/4bdaf3cfd226cd4d215276517548b9f34ba5b9.debug
}
} Files in first .changes but not in second
} -
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/02/7122fe11c07cce9682d43c677dc1e072b35e5a.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/0b/6fdffb0e845324489080a83d64f683c156d2ac.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/a1/ece546e7fe6bd69b13ed10faaee7ab7067144d.debug
} -rw-r--r--  root/root   
/usr/lib/debug/.build-id/cb/fd02ab0ee4b42164806ad4c3176679cc7077d3.debug
}
} Control files of package tor: lines which differ (wdiff format)
} ---
} Installed-Size: [-5071-] {+5074+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}
}
} Control files of package tor-dbgsym: lines which differ (wdiff format)
} --
} Build-Ids: [-027122fe11c07cce9682d43c677dc1e072b35e5a 
0b6fdffb0e845324489080a83d64f683c156d2ac 
a1ece546e7fe6bd69b13ed10faaee7ab7067144d 
cbfd02ab0ee4b42164806ad4c3176679cc7077d3-] 
{+18bd700da967b9476719cb90673f0f4583c8a6a7 
452e6cbd2fb513558a8cd34c7c4f3976187558de 
e07c60e61bff7a6889d4ec421b7bed8cf26d0791 
ea4bdaf3cfd226cd4d215276517548b9f34ba5b9+}
} Depends: tor (= [-0.3.5.10-1)-] {+0.3.5.12-1)+}
} Installed-Size: [-5367-] {+5368+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}
}
} Control files of package tor-geoipdb: lines which differ (wdiff format)
} ---
} Depends: tor (>= [-0.3.5.10-1)-] {+0.3.5.12-1)+}
} Installed-Size: [-8358-] {+8361+}
} Version: [-0.3.5.10-1-] {+0.3.5.12-1+}

(I'll only upload the source one)

Source diffs attached.

Cheers,
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/
diff -u tor-0.3.5.10/debian/changelog tor-0.3.5.12/debian/changelog
--- tor-0.3.5.10/debian/changelog
+++ tor-0.3.5.12/debian/changelog
@@ -1,3 +1,9 @@
+tor (0.3.5.12-1) buster; urgency=medium
+
+  * New upstream version, updating Tor in stable (cf. #975297).
+
+ -- Peter Palfrader   Wed, 25 Nov 2020 08:44:12 +0100
+
 tor (0.3.5.10-1) buster-security; urgency=medium
 
   * New upstream version.
diff -u tor-0.3.5.10/debian/micro-revision.i tor-0.3.5.12/debian/micro-revision.i
--- tor-0.3.5.10/debian/micro-revision.i
+++ tor-0.3.5.12/debian/micro-revision.i
@@ -1 +1 @@
-"48bd3fbaa3edb9b0"
+"d02a75ee30269081"
diff -u tor-0.3.5.10/debian/misc/backport tor-0.3.5.12/debian/misc/backport
--- tor-0.3.5.10/debian/misc/backport
+++ tor-0.3.5.12/debian/misc/backport
@@ -77,6 +77,7 @@
 disco		disco		1
 eoan		eoan		1
 focal		focal		1
+groovy		groovy		1
 EOF
 )
 	if [ -z "$result" ] ; then
diff -u tor-0.3.5.10/debian/misc/build-tor-sources tor-0.3.5.12/debian/misc/build-tor-sources
--- tor-0.3.5.10/debian/misc/build-tor-sources
+++ tor-0.3.5.12/debian/misc/build-tor-sources
@@ -221,6 +221,11 @@
 	bp1 $pkg $dir $sid_debian_version focal
 	bp2 $pkg $dir $origtar
 
+	# groovy (EOL: 2021-07)
+	#
+	bp1 $pkg $dir $sid_debian_version groovy
+	bp2 $pkg $dir $origtar
+
 	#
 	## BPO
 	#


upstream.diff.xz