Bug#989190: unblock: scrollz/2.2.3-2

[Mike Markley]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package scrollz

This upload fixes a grave bug (#986215) by applying a patch from an
upstream PR targeting that specific issue. I've received exploit code
from upstream and tested that it is able to crash 2.2.3-1 but not 2.2.3-2.

unblock scrollz/2.2.3-2
diff -Nru scrollz-2.2.3/debian/changelog scrollz-2.2.3/debian/changelog
--- scrollz-2.2.3/debian/changelog  2014-11-05 17:37:01.0 -0700
+++ scrollz-2.2.3/debian/changelog  2021-04-29 17:55:12.0 -0600
@@ -1,3 +1,11 @@
+scrollz (2.2.3-2) UNRELEASED; urgency=medium
+
+  * Applied patch to ctcp.c to fix CVE-2021-29376 from
+https://github.com/ScrollZ/ScrollZ/pull/26
+  * Applied minor patch from upstream to the above fix
+
+ -- Mike Markley   Thu, 29 Apr 2021 17:55:12 -0600
+
 scrollz (2.2.3-1) unstable; urgency=low
 
   * New release.
diff -Nru scrollz-2.2.3/debian/patches/CVE-2021-29376.patch 
scrollz-2.2.3/debian/patches/CVE-2021-29376.patch
--- scrollz-2.2.3/debian/patches/CVE-2021-29376.patch   1969-12-31 
17:00:00.0 -0700
+++ scrollz-2.2.3/debian/patches/CVE-2021-29376.patch   2021-04-29 
12:51:47.0 -0600
@@ -0,0 +1,46 @@
+diff --git a/source/ctcp.c b/source/ctcp.c
+index b977f9b..32a496a 100644
+--- a/source/ctcp.c
 b/source/ctcp.c
+@@ -31,7 +31,7 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- * $Id: ctcp.c,v 1.56 2009-12-21 14:39:21 f Exp $
++ * $Id: ctcp.c,v 1.56 2021-04-26 19:57:28 t Exp $
+  */
+ 
+ #include "irc.h"
+@@ -1629,14 +1629,29 @@ do_utc(ctcp, from, to, args)
+   *to,
+   *args;
+ {
+-  time_t  tm;
++  time_t  tm = time(NULL),
++  curtime = time(NULL);
+   char*date = NULL;
+ 
+   if (!args || !*args)
+   return NULL;
+   tm = atol(args);
+-  malloc_strcpy(, ctime());
+-  date[strlen(date)-1] = '\0';
++  curtime = ctime();
++
++  if (curtime)
++  {
++  u_char *s = index(curtime, '\n');
++  if (s)
++  {
++  *s = '\0';
++  }
++  malloc_strcpy(, UP(curtime));
++  }
++  else
++  {
++  /* if we can't find a time, just return the number */
++  malloc_strcpy(, args);
++  }
+   return date;
+ }
+ 
diff -Nru scrollz-2.2.3/debian/patches/CVE-2021-29376-update.patch 
scrollz-2.2.3/debian/patches/CVE-2021-29376-update.patch
--- scrollz-2.2.3/debian/patches/CVE-2021-29376-update.patch1969-12-31 
17:00:00.0 -0700
+++ scrollz-2.2.3/debian/patches/CVE-2021-29376-update.patch2021-04-29 
17:55:12.0 -0600
@@ -0,0 +1,13 @@
+diff --git a/source/ctcp.c b/source/ctcp.c
+index 32a496a..2b661bd 100644
+--- a/source/ctcp.c
 b/source/ctcp.c
+@@ -1630,7 +1630,7 @@ do_utc(ctcp, from, to, args)
+   *args;
+ {
+   time_t  tm = time(NULL),
+-  curtime = time(NULL);
++  curtime;
+   char*date = NULL;
+ 
+   if (!args || !*args)
diff -Nru scrollz-2.2.3/debian/patches/series 
scrollz-2.2.3/debian/patches/series
--- scrollz-2.2.3/debian/patches/series 2014-10-22 16:08:28.0 -0600
+++ scrollz-2.2.3/debian/patches/series 2021-04-29 17:55:12.0 -0600
@@ -4,3 +4,5 @@
 spelling-errors.patch
 rijndael-prototypes.patch
 sys-stat-h.patch
+CVE-2021-29376.patch
+CVE-2021-29376-update.patch

Bug#989187: unblock: geeqie/1.6-9

[Andreas Rönnquist]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package geeqie

[ Reason ]
Geeqie recommends ufraw-batch and suggests ufraw which both has been
removed from bullseye, this update removes these dependencies in
geeqie.

[ Risks ]
Leaf package, just fixing dependencies on packages that are removed.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Debdiff attached.

unblock geeqie/1.6-9

-- Andreas Rönnquist
gus...@debian.org


geeqie_ufraw.debdiff
Description: Binary data

Bug#989172: marked as done (unblock: fai/5.10.3)

[Debian Bug Tracking System]

Your message dated Thu, 27 May 2021 21:13:28 +
with message-id 
and subject line unblock fai
has caused the Debian Bug report #989172,
regarding unblock: fai/5.10.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please approve the following update for src:fai

[ Reason ]
Fixes minor bug 988987 which affects only
VM environment when using raid setup.
Another simple fix in a script in fai-doc.


[ Impact ]
without grub, you cannot boot new system.

[ Tests ]
Several manual tests by me.

[ Risks ]
Very low. All changes are trival and only change examples
scripts in the fai-doc package. They do not change existing user
configuration. No changes in the FAI software itself.


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing




debdiff
Description: Binary data

-- 
viele Grüße Thomas
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Processed: retitle 989172 to unblock: fai/5.10.3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 989172 unblock: fai/5.10.3
Bug #989172 [release.debian.org] please unblock fai/5.10.3
Changed Bug title to 'unblock: fai/5.10.3' from 'please unblock fai/5.10.3'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
989172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 989037 moreinfo
Bug #989037 [release.debian.org] unblock: rails/2:6.0.3.7+dfsg-1
Added tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
989037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989037
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#989037: Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1

[Paul Gevers]

tag 989037 moreinfo
thanks

Hi,

On 24-05-2021 11:35, Utkarsh Gupta wrote:
> On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers  wrote:
>> This new rails version renewed its versioned dependency on ruby-marcel.
>> The new ruby-marcel version doesn't look like a targeted fix, so it
>> doesn't fit the freeze policy. If I read the changelog correctly, this
>> dependency is there to give rails a more relaxed license. I think such 
a
>> change is not really needed at this stage of the freeze, does rails
>> still work with the old version of ruby-marcel and can the version bump
>> be reverted?
> 
> Apologies, I missed (naturally because it wasn't copied) the conversation
> on this bug prior to opening an unblock request for both.
> 
> Whilst I agree that ruby-marcel isn't really a targeted fix, I believe the
> bump was necessary to maintain sanity with future bug-fix releases of rails.
> I've been trying to maintain rails from sid (back to jessie), ensuring that 
> the
> CVEs are at least timely fixed. During that course, I've hit a lot of bumps
> because of the version gaps, et al, so in this release I wanted rails to be
> at par with its supported bug-fix only release (that is, the 6.0.3.x branch).
> 
> 6.0.3.6 brings in an unusual change by bumping ruby-marcel to 1.0.0. But
> after a lot of testing, sanity checking, et al, I found that the changes in
> marcel are a no-op, that is, it doesn't really affect how marcel was before
> and it is now. Marcel wanted to drop mimemagic dependency and so they
> introduced a Magic class (Marcel::Magic) for mime type detection.
> 
> I know that it doesn't go along with the freeze policy atm, but I also believe
> that it's not really something that'd actually cause problems. IIUC, the
> bump doesn't really affect much but just does things differently internally.
> So is this edge case worth giving an exception along those lines?
> 
> The bump shall yield nothing but (really) help in providing support to rails
> for the next couple of years in/for bullseye (at least while it's
> still supported).
> Let me know what you think? Thanks!

You haven't answered my question: "does rails still work with the old
version of ruby-marcel and can the version bump be reverted"

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#987081: unblock: puppet-module-puppetlabs-haproxy/2.1.0-3

[Paul Gevers]

Hi Thomas,

Ping.

Paul
Note: without reply, we'll close the bug without action

On 20-04-2021 11:03, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
> 
> On 2021-04-17 12:02:44 +0200, Thomas Goirand wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package puppet-module-puppetlabs-haproxy
>>
>> This fixes a minor issue in the prerm when removing
>> alternatives (ie: wrong path when removing the alternative).
> 
> Why is update-alternatives run on upgrade and deconfigure in prerm? From
> update-alternatives' manpage:
> 
> update-alternatives is usually called from the following Debian package
> maintainer scripts, postinst (configure) to install the alternative and
> from prerm and postrm (remove) to remove the alternative. Note: in most
> (if not all) cases no other maintainer script actions should call
> update-alternatives, in particular neither of upgrade nor disappear, as
> any other such action can lose the manual state of an alternative, or
> make the alternative temporarily flip-flop, or completely switch when
> several of them have the same priority.
> 
> 
> Cheers
> 
> 
>>
>> (very) small debdiff attached.
>>
>> Please unblock puppet-module-puppetlabs-haproxy/2.1.0-3.
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
> 
>> diff -Nru puppet-module-puppetlabs-haproxy-2.1.0/debian/changelog 
>> puppet-module-puppetlabs-haproxy-2.1.0/debian/changelog
>> --- puppet-module-puppetlabs-haproxy-2.1.0/debian/changelog  2020-03-24 
11:21:33.0 +0100
>> +++ puppet-module-puppetlabs-haproxy-2.1.0/debian/changelog  2021-04-17 
11:58:30.0 +0200
>> @@ -1,3 +1,9 @@
>> +puppet-module-puppetlabs-haproxy (2.1.0-3) unstable; urgency=medium
>> +
>> +  * Fix update-alternatives --remove in prerm.
>> +
>> + -- Thomas Goirand   Sat, 17 Apr 2021 11:58:30 +0200
>> +
>>  puppet-module-puppetlabs-haproxy (2.1.0-2) unstable; urgency=medium
>>  
>>[ Ondřej Nový ]
>> diff -Nru 
>> puppet-module-puppetlabs-haproxy-2.1.0/debian/puppet-module-puppetlabs-haproxy.prerm
>>  
>> puppet-module-puppetlabs-haproxy-2.1.0/debian/puppet-module-puppetlabs-haproxy.prerm
>> --- 
>> puppet-module-puppetlabs-haproxy-2.1.0/debian/puppet-module-puppetlabs-haproxy.prerm
>>  2020-03-24 11:21:33.0 +0100
>> +++ 
>> puppet-module-puppetlabs-haproxy-2.1.0/debian/puppet-module-puppetlabs-haproxy.prerm
>>  2021-04-17 11:58:30.0 +0200
>> @@ -3,7 +3,7 @@
>>  set -e
>>  
>>  if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" ] || [ "${1}" = 
"deconfigure" ] ; then
>> -update-alternatives --remove puppet-module-haproxy 
>> /usr/share/puppet/modules.available/puppet-module-puppetlabs-haproxy
>> +update-alternatives --remove puppet-module-haproxy 
>> /usr/share/puppet/modules.available/puppetlabs-haproxy
>>  fi
>>  
>>  #DEBHELPER#
> 
> 



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989177: unblock: radsecproxy/1.8.2-4

[Sven Hartge]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package radsecproxy

Version 1.8.2-4 fixes a minor CVE in some of the provided example helper
scripts.

There is no change to any other active code in radsecproxy itself. A
full debdiff is attached.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock radsecproxy/1.8.2-4
diff -Nru radsecproxy-1.8.2/debian/changelog radsecproxy-1.8.2/debian/changelog
--- radsecproxy-1.8.2/debian/changelog  2020-11-23 12:09:13.0 +0100
+++ radsecproxy-1.8.2/debian/changelog  2021-05-27 07:58:57.0 +0200
@@ -1,3 +1,9 @@
+radsecproxy (1.8.2-4) unstable; urgency=high
+
+  * Fix CVE-2021-32642
+
+ -- Sven Hartge   Thu, 27 May 2021 07:58:57 +0200
+
 radsecproxy (1.8.2-3) unstable; urgency=medium
 
   * Remove override for no longer existing lintian tag.
diff -Nru radsecproxy-1.8.2/debian/gbp.conf radsecproxy-1.8.2/debian/gbp.conf
--- radsecproxy-1.8.2/debian/gbp.conf   1970-01-01 01:00:00.0 +0100
+++ radsecproxy-1.8.2/debian/gbp.conf   2021-05-27 07:58:57.0 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = bullseye
+
diff -Nru radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 
radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642
--- radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 1970-01-01 
01:00:00.0 +0100
+++ radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 2021-05-27 
07:58:57.0 +0200
@@ -0,0 +1,124 @@
+Author: Fabian Mauchle 
+Last-Update: 2021-05-04
+Description: add result validation to dyndisc example scripts
+
+Original Commit ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af Mon Sep 17 00:00:00 
2001
+reported by Philipp Jeitner and Haya Shulman, Fraunhofer SIT
+
+---
+ tools/naptr-eduroam.sh | 40 ++--
+ tools/radsec-dynsrv.sh | 20 
+ 2 files changed, 42 insertions(+), 18 deletions(-)
+
+diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh
+index e310812..5402d18 100755
+--- a/tools/naptr-eduroam.sh
 b/tools/naptr-eduroam.sh
+@@ -19,41 +19,53 @@ DIGCMD=$(command -v dig)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+ 
++validate_host() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it_srv() {
+ ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
+ while read line; do
+-  set $line ; PORT=$3 ; HOST=$4
+-  $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
++if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++fi
+ done
+ }
+ 
+ dig_it_naptr() {
+ ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k1 
|
+ while read line; do
+-  set $line ; TYPE=$3 ; HOST=$6
+-  if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+-  SRV_HOST=${HOST%.}
+-  dig_it_srv
+-  fi
++set $line ; TYPE=$3 ; HOST=$(validate_host $6)
++if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n 
"${HOST}" ]; then
++SRV_HOST=${HOST%.}
++dig_it_srv
++fi
+ done
+ }
+ 
+ host_it_srv() {
+ ${HOSTCMD} -t srv $SRV_HOST | sort -n -k5 |
+ while read line; do
+-  set $line ; PORT=$7 ; HOST=$8 
+-  $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) 
++if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++fi
+ done
+ }
+ 
+ host_it_naptr() {
+ ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k5 |
+ while read line; do
+-  set $line ; TYPE=$7 ; HOST=${10}
+-  if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+-  SRV_HOST=${HOST%.}
+-  host_it_srv
+-  fi
++set $line ; TYPE=$7 ; HOST=$(validate_host ${10})
++if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n 
"${HOST}" ]; then
++SRV_HOST=${HOST%.}
++host_it_srv
++fi
+ done
+ }
+ 
+diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh
+index 2eff080..68bb5ba 100755
+--- a/tools/radsec-dynsrv.sh
 b/tools/radsec-dynsrv.sh
+@@ -19,19 +19,31 @@ DIGCMD=$(command -v digaaa)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+ 
++validate_host() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it() {
+${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -n -k1 |
+while read line ; do
+-  set $line ; PORT=$3 ; HOST=$4 
+-  $PRINTCMD "\thost 

Processed: block 988494 with 988492

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 988494 with 988492
Bug #988494 [sponsorship-requests] RFS: ircii/20190117-1+deb10u1 [QA] [RC] -- 
Internet Relay Chat client
988494 was not blocked by any bugs.
988494 was not blocking any bugs.
Added blocking bug(s) of 988494: 988492
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
988494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988494
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

[Ben Hutchings]

On Thu, 2021-05-27 at 10:50 +0200, Paul Gevers wrote:
> Control: tags -1 moreinfo
> 
> Hi,
> 
> On 17-05-2021 02:12, Ben Hutchings wrote:
> > Please unblock package broadcom-sta
> > 
> > [ Reason ]
> > Fix the unusable broadcom-sta-source package.
> > 
> > [ Impact ]
> > It is not possible to build a package using module-assistant and the
> > version of broadcom-sta-source in bullseye.  However, dkms and
> > broadcom-sta-dkms can be used as an alternative.
> > 
> > [ Tests ]
> > Only the build processes are being changed.  I tested that:
> > - broadcom-sta can be built from source
> > - module-assistant can build a module package from broadcom-sta-source
> >   for the current kernel version in bullseye (5.10.0-6-amd64)
> > - the resulting binary module package looks like a module package
> >   built from broadcom-sta-source in buster, modulo version changes
> 
> * I wonder, broadcom-sta has seen quite some uploads the last couple of
> years and debhelper is even in oldstable newer than the version
> mentioned. How were all these uploads possible?

broadcom-sta has always properly declared its debhelper compatibility
level.  Earlier it was done through debian/compat, then since version
6.30.223.271-13~exp1 through a versioned B-D on debhelper-compat.

module-assistant creates a source and binary packages for modules using
a template that's included in packages such as broadcom-sta-source. 
That template was not updated along with broadcom-sta itself, so was
missing a debhelper compatibility level since version
6.30.223.271-13~exp1.

This probably wasn't noticed because DKMS is now more popular than
module-assistant.

> * What is/was the behavior of debhelper if the compat level was not
> specified? In the freeze we don't want debhelper compat bumps unless the
> package is proven to have no delta regardless of the old-vs-new level.

It's a fatal error.

Ben.

-- 
Ben Hutchings
Never attribute to conspiracy what can adequately be explained
by stupidity.


signature.asc
Description: This is a digitally signed message part

Bug#989146: marked as done (unblock: node-cpr/3.0.1-4)

[Debian Bug Tracking System]

Your message dated Thu, 27 May 2021 15:42:26 +
with message-id 
and subject line unblock node-cpr
has caused the Debian Bug report #989146,
regarding unblock: node-cpr/3.0.1-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989146
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package node-cpr

[ Reason ]
I did an error when including node-mkdirp (≥1) patch. Here is the fix
which permits to reenable all tests.

[ Impact ]
Maybe node-cpr is unable to copy empty directories

[ Tests ]
Upstream tests are now all enabled and passed (build + autopkgtest)

[ Risks ]
No risk, new patch is verified by tests.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Sorry for this error...

Cheers,
Yadd

unblock node-cpr/3.0.1-4
diff --git a/debian/changelog b/debian/changelog
index b0e6caf..338ddf1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-cpr (3.0.1-4) unstable; urgency=medium
+
+  * Team upload
+  * Fix GitHub tags regex
+  * Fix patch for node-mkdirp ≥ 1
+
+ -- Yadd   Wed, 26 May 2021 21:31:55 +0200
+
 node-cpr (3.0.1-3) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/update-mkdirp.diff 
b/debian/patches/update-mkdirp.diff
index 2e50ece..092902d 100644
--- a/debian/patches/update-mkdirp.diff
+++ b/debian/patches/update-mkdirp.diff
@@ -1,26 +1,27 @@
 Description: update to mkdirp ≥ 1
-Author: Xavier Guimard 
-Forwarded: https://github.com/davglass/cpr/issues/65
+Author: Yadd 
+Forwarded: https://github.com/davglass/cpr/issues/68
 Last-Update: 2020-10-21
 
 --- a/lib/index.js
 +++ b/lib/index.js
-@@ -121,12 +121,12 @@
+@@ -121,12 +121,13 @@
  err.errno = 27;
  options.errors.push(err);
  } else {
 -mkdirp(to, stat.mode, stack.add(function(err) {
-+mkdirp(to, stat.mode).catch((err) => 
{stack.add(function(err) {
++var ef = stack.add(function(err) {
  /*istanbul ignore next*/
  if (err) {
  options.errors.push(err);
  }
 -}));
-+})});
++});
++mkdirp(to, stat.mode).then(ef).catch(ef);
  }
  }));
  }
-@@ -139,7 +139,7 @@
+@@ -139,7 +140,7 @@
  
  var copyFile = function(from, to, options, callback) {
  var dir = path.dirname(to);
@@ -29,32 +30,3 @@ Last-Update: 2020-10-21
  fs.stat(to, function(statError) {
  var err;
  if(!statError && options.overwrite !== true) {
 a/tests/full.js
-+++ b/tests/full.js
-@@ -343,6 +343,7 @@
- 
- describe('validations', function() {
- 
-+/*
- it('should copy empty directory', function(done) {
- mkdirp.sync(path.join(to, 'empty-src'));
- cpr(path.join(to, 'empty-src'), path.join(to, 'empty-dest'), 
function() {
-@@ -351,6 +352,7 @@
- done();
- });
- });
-+*/
- 
- it('should not delete existing folders in out dir', function(done) {
- mkdirp.sync(path.join(to, 'empty-src', 'a'));
-@@ -359,8 +361,8 @@
- var stat = fs.statSync(path.join(to, 'empty-dest'));
- assert.ok(stat.isDirectory());
- var dirs = fs.readdirSync(path.join(to, 'empty-dest'));
--assert.equal(dirs[0], 'a');
--assert.equal(dirs[1], 'b');
-+assert.equal(dirs[0], 'b');
-+//assert.equal(dirs[1], 'a');
- done();
- });
- });
diff --git a/debian/watch b/debian/watch
index 3e3a8e7..1b77a15 100644
--- a/debian/watch
+++ b/debian/watch
@@ -2,4 +2,4 @@ version=3
 opts=\
 dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//,\
 filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/node-cpr-$1.tar.gz/ \
- https://github.com/davglass/cpr/tags .*/archive/v?([\d\.]+).tar.gz
+ https://github.com/davglass/cpr/tags .*/archive/.*/v?([\d\.]+).tar.gz
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#989121: marked as done (unblock: adminer/4.7.9-2)

[Debian Bug Tracking System]

Your message dated Thu, 27 May 2021 15:40:26 +
with message-id 
and subject line unblock adminer
has caused the Debian Bug report #989121,
regarding unblock: adminer/4.7.9-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package adminer. Per the security team advice, the updated
version contains a fix for:

CVE-2021-29625: XSS in doc_link

diff -Nru adminer-4.7.9/debian/changelog adminer-4.7.9/debian/changelog
--- adminer-4.7.9/debian/changelog  2021-02-08 09:30:28.0 +0100
+++ adminer-4.7.9/debian/changelog  2021-05-26 09:13:52.0 +0200
@@ -1,3 +1,9 @@
+adminer (4.7.9-2) unstable; urgency=medium
+
+  * fix CVE-2021-29625: XSS in doc_link (Closes: #96)
+
+ -- Alexandre Rossi   Wed, 26 May 2021 09:13:52 
+0200
+
 adminer (4.7.9-1) unstable; urgency=medium
 
   * New upstream version 4.7.9
diff -Nru adminer-4.7.9/debian/patches/CVE-2021-29625.patch 
adminer-4.7.9/debian/patches/CVE-2021-29625.patch
--- adminer-4.7.9/debian/patches/CVE-2021-29625.patch   1970-01-01 
01:00:00.0 +0100
+++ adminer-4.7.9/debian/patches/CVE-2021-29625.patch   2021-05-26 
09:08:59.0 +0200
@@ -0,0 +1,18 @@
+From: 4043092ec2c0de2258d60a99d0c5958637d051a7
+Author: Jakub Vrana 
+Date:   Fri May 14 06:39:01 2021 +0200
+Subject: Escape link in doc_link (bug #797)
+
+diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
+index 88d66d44..5556b014 100644
+--- a/adminer/include/editing.inc.php
 b/adminer/include/editing.inc.php
+@@ -542,7 +542,7 @@ function doc_link($paths, $text = "?") {
+   $urls['sql'] = "https://mariadb.com/kb/en/library/;;
+   $paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : 
str_replace(".html", "/", $paths['sql']));
+   }
+-  return ($paths[$jush] ? "$text" : "");
++  return ($paths[$jush] ? "$text" : "");
+ }
+ 
+ /** Wrap gzencode() for usage in ob_start()
diff -Nru adminer-4.7.9/debian/patches/series 
adminer-4.7.9/debian/patches/series
--- adminer-4.7.9/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ adminer-4.7.9/debian/patches/series 2021-05-26 09:08:59.0 +0200
@@ -0,0 +1 @@
+CVE-2021-29625.patch

unblock adminer/4.7.9-2

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#989172: please unblock fai/5.10.3

[Thomas Lange]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please approve the following update for src:fai

[ Reason ]
Fixes minor bug 988987 which affects only
VM environment when using raid setup.
Another simple fix in a script in fai-doc.


[ Impact ]
without grub, you cannot boot new system.

[ Tests ]
Several manual tests by me.

[ Risks ]
Very low. All changes are trival and only change examples
scripts in the fai-doc package. They do not change existing user
configuration. No changes in the FAI software itself.


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing




debdiff
Description: Binary data

-- 
viele Grüße Thomas

Bug#988627: marked as done (unblock: broadcom-sta/6.30.223.271-17)

[Debian Bug Tracking System]

Your message dated Thu, 27 May 2021 13:50:09 +0200
with message-id 
and subject line Re: Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1
has caused the Debian Bug report #988627,
regarding unblock: broadcom-sta/6.30.223.271-17
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
988627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: bl...@debian.org, clac...@easter-eggs.com, r...@debian.org

Please unblock package broadcom-sta

[ Reason ]
Fix the unusable broadcom-sta-source package.

[ Impact ]
It is not possible to build a package using module-assistant and the
version of broadcom-sta-source in bullseye.  However, dkms and
broadcom-sta-dkms can be used as an alternative.

[ Tests ]
Only the build processes are being changed.  I tested that:
- broadcom-sta can be built from source
- module-assistant can build a module package from broadcom-sta-source
  for the current kernel version in bullseye (5.10.0-6-amd64)
- the resulting binary module package looks like a module package
  built from broadcom-sta-source in buster, modulo version changes

[ Risks ]
This seems like a low-risk change.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]

unblock broadcom-sta/6.30.223.271-16.1
diff -Nru broadcom-sta-6.30.223.271/debian/changelog 
broadcom-sta-6.30.223.271/debian/changelog
--- broadcom-sta-6.30.223.271/debian/changelog  2021-05-04 11:11:49.0 
+0200
+++ broadcom-sta-6.30.223.271/debian/changelog  2021-05-17 01:06:42.0 
+0200
@@ -1,3 +1,14 @@
+broadcom-sta (6.30.223.271-16.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * debian/control.modules.in:
+- Declare debhelper compat level through a build-dependency
+  (Closes: #988562)
+  * debian/rules:
+- Fix copying of Debian files in install-source rule
+
+ -- Ben Hutchings   Mon, 17 May 2021 01:06:42 +0200
+
 broadcom-sta (6.30.223.271-16) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru broadcom-sta-6.30.223.271/debian/control.modules.in 
broadcom-sta-6.30.223.271/debian/control.modules.in
--- broadcom-sta-6.30.223.271/debian/control.modules.in 2021-05-04 
11:11:49.0 +0200
+++ broadcom-sta-6.30.223.271/debian/control.modules.in 2021-05-17 
00:56:52.0 +0200
@@ -2,7 +2,7 @@
 Section: non-free/kernel
 Priority: optional
 Maintainer: Cyril Lacoux 
-Build-Depends: debhelper (>= 8)
+Build-Depends: debhelper-compat (= 12)
 Standards-Version: 3.9.4
 Homepage: http://www.broadcom.com/support/802.11/linux_sta.php
 
diff -Nru broadcom-sta-6.30.223.271/debian/rules 
broadcom-sta-6.30.223.271/debian/rules
--- broadcom-sta-6.30.223.271/debian/rules  2021-05-04 11:11:49.0 
+0200
+++ broadcom-sta-6.30.223.271/debian/rules  2021-05-17 00:56:28.0 
+0200
@@ -45,8 +45,8 @@

# Copy Debian files
install -D -m 0755 debian/rules.modules $(source_debdir)/rules
-   for file in changelog compat control control.modules.in copyright; do \
-   install -m 644 debian/$$file $(source_debdir); \
+   for file in changelog control control.modules.in copyright; do \
+   install -m 644 debian/$$file $(source_debdir) || exit; \
done

# Make suitable tarball for module-assisant and kernel-package
--- End Message ---
--- Begin Message ---
Hi,

On 27-05-2021 12:55, Roger Shimizu wrote:
>> On 17-05-2021 02:12, Ben Hutchings wrote:
>>> Please unblock package broadcom-sta

unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#989168: unblock: ceph/14.2.21-1 (CVE-2021-3509, CVE-2021-3524, CVE-2021-3531)

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ceph,

I've upgraded the package to upstream release 14.2.21, which contains the
subject's CVE fixes. The Ceph release notes are over here:

https://docs.ceph.com/en/latest/releases/nautilus/

As you can see, the upstream point release only contains the 3 CVE fixes,
and one minor fix reversion.

[ Reason ]
CVE fixes.

[ Impact ]
CVE holes...

[ Tests ]
As discussed when unblocking 14.2.20, Ceph upstream has a full unit and
functional test suite that they run regularly.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

Note that I have stripped-away the compiled JS code in the debdiff, as
otherwise, the debdiff would be too big.

Cheers,

Thomas Goirand (zigo)

unblock ceph/14.2.21-1
diff -Nru ceph-14.2.20/alpine/APKBUILD ceph-14.2.21/alpine/APKBUILD
--- ceph-14.2.20/alpine/APKBUILD2021-04-19 16:13:23.0 +0200
+++ ceph-14.2.21/alpine/APKBUILD2021-05-13 19:25:52.0 +0200
@@ -1,7 +1,7 @@
 # Contributor: John Coyle 
 # Maintainer: John Coyle 
 pkgname=ceph
-pkgver=14.2.20
+pkgver=14.2.21
 pkgrel=0
 pkgdesc="Ceph is a distributed object store and file system"
 pkgusers="ceph"
@@ -64,7 +64,7 @@
xmlstarlet
yasm
 "
-source="ceph-14.2.20.tar.bz2"
+source="ceph-14.2.21.tar.bz2"
 subpackages="
$pkgname-base
$pkgname-common
@@ -117,7 +117,7 @@
 _udevrulesdir=/etc/udev/rules.d
 _python_sitelib=/usr/lib/python2.7/site-packages
 
-builddir=$srcdir/ceph-14.2.20
+builddir=$srcdir/ceph-14.2.21
 
 build() {
export CEPH_BUILD_VIRTUALENV=$builddir
diff -Nru ceph-14.2.20/ceph.spec ceph-14.2.21/ceph.spec
--- ceph-14.2.20/ceph.spec  2021-04-19 16:13:23.0 +0200
+++ ceph-14.2.21/ceph.spec  2021-05-13 19:25:52.0 +0200
@@ -109,7 +109,7 @@
 # main package definition
 
#
 Name:  ceph
-Version:   14.2.20
+Version:   14.2.21
 Release:   0%{?dist}
 %if 0%{?fedora} || 0%{?rhel}
 Epoch: 2
@@ -125,7 +125,7 @@
 Group: System/Filesystems
 %endif
 URL:   http://ceph.com/
-Source0:   %{?_remote_tarball_prefix}ceph-14.2.20.tar.bz2
+Source0:   %{?_remote_tarball_prefix}ceph-14.2.21.tar.bz2
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@@ -1142,7 +1142,7 @@
 # common
 
#
 %prep
-%autosetup -p1 -n ceph-14.2.20
+%autosetup -p1 -n ceph-14.2.21
 
 %build
 # LTO can be enabled as soon as the following GCC bug is fixed:
diff -Nru ceph-14.2.20/CMakeLists.txt ceph-14.2.21/CMakeLists.txt
--- ceph-14.2.20/CMakeLists.txt 2021-04-19 16:11:15.0 +0200
+++ ceph-14.2.21/CMakeLists.txt 2021-05-13 19:23:08.0 +0200
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.5.1)
 
 project(ceph CXX C ASM)
-set(VERSION 14.2.20)
+set(VERSION 14.2.21)
 
 if(POLICY CMP0028)
   cmake_policy(SET CMP0028 NEW)
diff -Nru ceph-14.2.20/debian/changelog ceph-14.2.21/debian/changelog
--- ceph-14.2.20/debian/changelog   2021-04-21 10:02:07.0 +0200
+++ ceph-14.2.21/debian/changelog   2021-05-27 12:04:21.0 +0200
@@ -1,3 +1,13 @@
+ceph (14.2.21-1) unstable; urgency=high
+
+  * New upstream release, resolving these:
+- CVE-2021-3509: Cross Site Scripting via token Cookie (Closes: #98).
+- CVE-2021-3524: injection of HTTP headers via a CORS ExposeHeader tag in
+  the Ceph Storage RadosGW (Closes: #99).
+- CVE-2021-3531: RadosGW denial of service (crash) (Closes: #988890).
+
+ -- Thomas Goirand   Thu, 27 May 2021 12:04:21 +0200
+
 ceph (14.2.20-2) unstable; urgency=medium
 
   * Add allow-bgp-to-host.patch.
diff -Nru ceph-14.2.20/src/.git_version ceph-14.2.21/src/.git_version
--- ceph-14.2.20/src/.git_version   2021-04-19 16:13:23.0 +0200
+++ ceph-14.2.21/src/.git_version   2021-05-13 19:25:52.0 +0200
@@ -1,2 +1,2 @@
-36274af6eb7f2a5055f2d53ad448f2694e9046a0
-v14.2.20
+5ef401921d7a88aea18ec7558f7f9374ebd8f5a6
+v14.2.21
diff -Nru ceph-14.2.20/src/pybind/mgr/dashboard/controllers/docs.py 
ceph-14.2.21/src/pybind/mgr/dashboard/controllers/docs.py
--- ceph-14.2.20/src/pybind/mgr/dashboard/controllers/docs.py   2021-04-19 
16:11:15.0 +0200
+++ ceph-14.2.21/src/pybind/mgr/dashboard/controllers/docs.py   2021-05-13 
19:23:08.0 +0200
@@ -3,8 +3,7 @@
 
 import cherrypy
 
-from . import Controller, BaseController, Endpoint, ENDPOINT_MAP, \
-allow_empty_body
+from . import Controller, BaseController, Endpoint, ENDPOINT_MAP
 from .. import logger, mgr
 
 from ..tools import str_to_bool
@@ -366,31 +365,13 @@
 def api_all_json(self):
 return self._gen_spec(True, "/api")
 
-def 

Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)

[Cyril Brulebois]

Paul Gevers  (2021-05-27):
> Control: tags -1 confirmed d-i
> 
> @boot: needs d-i ACK. As I believe you are aware of, the upload has
> already happened.
> 
> @kibi: feel free to age it if/when you see fit

We've just discussed that (with Salvatore) on IRC minutes ago, and it
seems like this unblock request will be withdrawn/recycled for another
version, that version needs fixing.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

[Roger Shimizu]

control: tags -1 -moreinfo

Dear Paul,

Thanks for your checking!

On Thu, May 27, 2021 at 5:50 PM Paul Gevers  wrote:
>
> Control: tags -1 moreinfo
>
> Hi,
>
> On 17-05-2021 02:12, Ben Hutchings wrote:
> > Please unblock package broadcom-sta
> >
> > [ Reason ]
> > Fix the unusable broadcom-sta-source package.
> >
> > [ Impact ]
> > It is not possible to build a package using module-assistant and the
> > version of broadcom-sta-source in bullseye.  However, dkms and
> > broadcom-sta-dkms can be used as an alternative.
> >
> > [ Tests ]
> > Only the build processes are being changed.  I tested that:
> > - broadcom-sta can be built from source
> > - module-assistant can build a module package from broadcom-sta-source
> >   for the current kernel version in bullseye (5.10.0-6-amd64)
> > - the resulting binary module package looks like a module package
> >   built from broadcom-sta-source in buster, modulo version changes
>
> * I wonder, broadcom-sta has seen quite some uploads the last couple of
> years and debhelper is even in oldstable newer than the version
> mentioned. How were all these uploads possible?

I think "some uploads" means uploading "src:broadcom-sta", which
states debhelper version in debian/control.
And debian/control is not updated in this unblock request.

The source updated in this upload is: debian/control.modules.in
which is not used for upload, and will be explained below.

> * What is/was the behavior of debhelper if the compat level was not
> specified? In the freeze we don't want debhelper compat bumps unless the
> package is proven to have no delta regardless of the old-vs-new level.

The issue resolved in this upload is: after installing
broadcom-sta-source, when user try to build their own deb files by
using tool module-assistant, the deb build would fail.

The user built deb is not for upload to debian archive, but for
private use only.
Personally I don't install and use broadcom-sta-source, so I didn't
notice this issue for years.

I hope things get clear now. Thank you!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Processed: Re: Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 -moreinfo
Bug #988627 [release.debian.org] unblock: broadcom-sta/6.30.223.271-17
Removed tag(s) moreinfo.

-- 
988627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #988627 [release.debian.org] unblock: broadcom-sta/6.30.223.271-17
Added tag(s) moreinfo.

-- 
988627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

[Paul Gevers]

Control: tags -1 moreinfo

Hi,

On 17-05-2021 02:12, Ben Hutchings wrote:
> Please unblock package broadcom-sta
> 
> [ Reason ]
> Fix the unusable broadcom-sta-source package.
> 
> [ Impact ]
> It is not possible to build a package using module-assistant and the
> version of broadcom-sta-source in bullseye.  However, dkms and
> broadcom-sta-dkms can be used as an alternative.
> 
> [ Tests ]
> Only the build processes are being changed.  I tested that:
> - broadcom-sta can be built from source
> - module-assistant can build a module package from broadcom-sta-source
>   for the current kernel version in bullseye (5.10.0-6-amd64)
> - the resulting binary module package looks like a module package
>   built from broadcom-sta-source in buster, modulo version changes

* I wonder, broadcom-sta has seen quite some uploads the last couple of
years and debhelper is even in oldstable newer than the version
mentioned. How were all these uploads possible?

* What is/was the behavior of debhelper if the compat level was not
specified? In the freeze we don't want debhelper compat bumps unless the
package is proven to have no delta regardless of the old-vs-new level.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#988578: unblock: dmidecode/3.3-2

[Jörg Frings-Fürst]

tags 988578 - moreinfo
thanks

Hello Sebastian,

dmidecode is now in unstable.

CU
Jörg


Am Mittwoch, dem 19.05.2021 um 20:28 +0200 schrieb Sebastian Ramacher:
> Control: tags -1 moreinfo confirmed
> 
> On 2021-05-17 19:04:20 +0200, Jörg Frings-Fürst wrote:
> > Control: tags 988578 - moreinfo
> > thanks
> > 
> > 
> > Hello Sebastian,
> > 
> > thanks for your review. I have revert the remove of unused patches.
> 
> Again, please remove the moreinfo tag once the new version is
> available
> in unstable.
> 
> Cheers
> 
> > 
> > The new debdiff is attached.
> > 
> > CU
> > Jörg
> > 
> > -- 
> > New:
> > GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
> > GPG key (long) : 09F89F3C8CA1D25D
> > GPG Key    : 8CA1D25D
> > CAcert Key S/N : 0E:D4:56
> > 
> > Old pgp Key: BE581B6E (revoked since 2014-12-31).
> > 
> > Jörg Frings-Fürst
> > D-54470 Lieser
> > 
> > 
> > git:  https://jff.email/cgit/
> > 
> > Threema: SYR8SJXB
> > Wire: @joergfringsfuerst
> > Skype: joergpenguin
> > Ring: jff
> > Telegram: @joergfringsfuerst
> > 
> > 
> > My wish list: 
> >  - Please send me a picture from the nature at your home.
> > 
> > 
> > Am Sonntag, dem 16.05.2021 um 14:56 +0200 schrieb Sebastian
> > Ramacher:
> > > Control: tags -1 moreinfo
> > > 
> > > On 2021-05-16 10:01:26, Jörg Frings-Fürst wrote:
> > > > Package: release.debian.org
> > > > Severity: normal
> > > > User: release.debian@packages.debian.org
> > > > Usertags: unblock
> > > > X-Debbugs-Cc: Adrian Bunk 
> > > > 
> > > > Please unblock package dmidecode
> > > > 
> > > > [ Reason ]
> > > > This release fixes the bug that causes a segmentation fault
> > > > (Debian
> > > > Bug
> > > > #987033).
> > > > 
> > > > [ Impact ]
> > > > Dmidecode terminates with a segmentation fault when certain
> > > > parameters are
> > > > used.
> > > > 
> > > > [ Tests ]
> > > > Before the fix dmidecode -u fails.
> > > > After the fix, dmidecode -u runs as expected.
> > > > 
> > > > [ Risks ]
> > > > The changes aree trival.
> > > > 
> > > > [ Checklist ]
> > > >   [X] all changes are documented in the d/changelog
> > > >   [X] I reviewed all changes and I approve them
> > > >   [X] attach debdiff against the package in testing
> > > > 
> > > > [ Other info ]
> > > > I ask about the unblock after a hint from Adrian Bunk.
> > > > 
> > > > 
> > > > unblock dmidecode/3.3-2
> > > 
> > > > diff -Nru dmidecode-3.3/debian/changelog dmidecode-
> > > > 3.3/debian/changelog
> > > > --- dmidecode-3.3/debian/changelog  2020-10-17
> > > > 10:31:23.0 +0200
> > > > +++ dmidecode-3.3/debian/changelog  2021-05-07
> > > > 09:13:05.0 +0200
> > > > @@ -1,3 +1,15 @@
> > > > +dmidecode (3.3-2) unstable; urgency=medium
> > > > +
> > > > +  * Add upstream recommended patches (Closes: #987033):
> > > > +    - New debian/patches/0145-
> > > > Fix_condition_error_in_ascii_filter.patch.
> > > > +    - New debian/patches/0150-Fix_crash.patch.
> > > > +  * Declare compliance with Debian Policy 4.5.1 (No changes
> > > > needed).
> > > > +  * debian/copyright:
> > > > +    - Add year 2021 to myself.
> > > > +  * Remove longer not used patches.
> > > 
> > > I'd prefer an upload without the additional noise.
> > > 
> > > Please remove the moreinfo tag once the new version is available
> > > in
> > > unstable.
> > > 
> > > Cheers
> > > 
> > [...]
> > 
> > 
> 
> > diff -Nru dmidecode-3.3/debian/changelog dmidecode-
> > 3.3/debian/changelog
> > --- dmidecode-3.3/debian/changelog  2020-10-17
> > 10:31:23.0 +0200
> > +++ dmidecode-3.3/debian/changelog  2021-05-17
> > 18:53:43.0 +0200
> > @@ -1,3 +1,14 @@
> > +dmidecode (3.3-2) unstable; urgency=medium
> > +
> > +  * Add upstream recommended patches (Closes: #987033):
> > +    - New debian/patches/0145-
> > Fix_condition_error_in_ascii_filter.patch.
> > +    - New debian/patches/0150-Fix_crash.patch.
> > +  * Declare compliance with Debian Policy 4.5.1 (No changes
> > needed).
> > +  * debian/copyright:
> > +    - Add year 2021 to myself.
> > +
> > + -- Jörg Frings-Fürst   Mon, 17 May 2021
> > 18:53:43 +0200
> > +
> >  dmidecode (3.3-1) unstable; urgency=medium
> >  
> >    * New upstream release.
> > diff -Nru dmidecode-3.3/debian/control dmidecode-3.3/debian/control
> > --- dmidecode-3.3/debian/control2020-10-17
> > 09:58:18.0 +0200
> > +++ dmidecode-3.3/debian/control2021-05-07
> > 08:54:34.0 +0200
> > @@ -3,7 +3,7 @@
> >  Priority: optional
> >  Maintainer: Jörg Frings-Fürst 
> >  Build-Depends: debhelper-compat (= 13)
> > -Standards-Version: 4.5.0
> > +Standards-Version: 4.5.1
> >  Rules-Requires-Root: no
> >  Vcs-Git: git://jff.email/opt/git/dmidecode.git
> >  Vcs-Browser: https://jff.email/cgit/dmidecode.git/
> > diff -Nru dmidecode-3.3/debian/copyright dmidecode-
> > 3.3/debian/copyright
> > --- dmidecode-3.3/debian/copyright  2020-10-17
> > 10:14:51.0 +0200
> > +++ dmidecode-3.3/debian/copyright  2021-05-07
> > 08:56:16.0 +0200

Processed: Re: Bug#988578: unblock: dmidecode/3.3-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 988578 - moreinfo
Bug #988578 [release.debian.org] unblock: dmidecode/3.3-2
Ignoring request to alter tags of bug #988578 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
988578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988578
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)

[Paul Gevers]

Control: tags -1 confirmed d-i

@boot: needs d-i ACK. As I believe you are aware of, the upload has
already happened.

@kibi: feel free to age it if/when you see fit

Paul

On 19-05-2021 17:27, Salvatore Bonaccorso wrote:
> Control: retitle -1 unblock: linux/5.10.38-1 (pre-approval checking)
> 
> On Thu, May 13, 2021 at 09:30:29AM +0200, Salvatore Bonaccorso wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>> X-Debbugs-Cc: car...@debian.org
>>
>> Dear release team,
>>
>> As you know we follow the respective stable series as well in a stable
>> release, and usually this is then done in point releases
>> (exceptionally as well via a DSA). Now I know the time for bullseye is
>> tight, but I would still like to followup with a stable series import
>> in unstable, but wanted to double check with you in aprticular if
>> there are ny timing issues with d-i.
>>
>> I would plan to upload based ideally on 5.10.37 because it will cover
>> a big amount of bufixes but particularly recent CVEs which are
>> important to have covered in bullseye already soon. Currently already
>> covered in the imports done in git and in the packaging pending are
>> CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-3489,
>> CVE-2021-3490, CVE-2021-3491, CVE-2021-3493, CVE-2021-3501,
>> CVE-2021-3506, CVE-2021-23133, CVE-2021-23134, CVE-2021-29155,
>> CVE-2021-31829, but I would want do cover as well the recent
>> FragAttack fixes (not yet worked on).
>>
>> In the packaging itself there will be additional changes pending
>> currently they are:
>>
>>[ Vincent Blut ]
>>* [x86] sound/soc/intel: Enable SND_SOC_INTEL_CATPT as module
>>  (Closes: #986822)
>>* [x86] sound/soc/intel/boards: Enable SND_SOC_INTEL_BDW_RT5650_MACH as
>>  module
>>* drivers/input/rmi4: Enable RMI4_F3A (Closes: #986848)
>>* [armhf] drivers/gpio: Enable GPIO_MXC as module (Closes: #987019)
>>* [x86] drivers/misc/mei: Enable INTEL_MEI_TXE, INTEL_MEI_HDCP as modules
>>  (Closes: #987281)
>>
>> All of those are for better hardware support.
>>
>>[ Uwe Kleine-König ]
>>* [arm64] Enable more options for NXP's i.MX8 (Closes: #985862)
>>
>> Samewise.
>>
>>[ Salvatore Bonaccorso ]
>>* vfs: move cap_convert_nscap() call into vfs_setxattr() (CVE-2021-3493)
>>* Refresh "Makefile: Do not check for libelf when building OOT module"
>>* [rt] Drop "xfrm: Use sequence counter with associated spinlock"
>>* Bump ABI to 7
>>* Refresh "tools/include/uapi: Fix "
>>* Revert "net/sctp: fix race condition in sctp_destroy_sock"
>>* sctp: delay auto_asconf init until binding the first addr 
>> (CVE-2021-23133)
>>* net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134)
>>* bpf, ringbuf: Deny reserve of buffers larger than ringbuf 
>> (CVE-2021-3489)
>>* bpf: Prevent writable memory-mapping of read-only ringbuf pages
>>* bpf: Fix alu32 const subreg bound tracking on bitwise operations
>>  (CVE-2021-3490)
>>* io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
>>  (CVE-2021-3491)
>>
>> Various CVE fixes (which will though go as well partially in 5.10.37 
>> directly),
>> the FragAttack CVEs are not yet included.
>>
>> The RT patch which can be dropped after checking with Sebastian
>> Andrzej Siewior. An ABI bump included, note that the changes are quite
>> massive up to 5.10.37, (5.10.37 will contain approximately 530
>> upstream commits, 5.10.36 was as well with 300 a bigger one). I
>> realize this might scary, but in the end this is the stragegy we
>> necessarily need to follow to keep up with upstream stable releases.
>>
>>[ Vagrant Cascadian ]
>>* [arm64] Disable USB type-C DisplayPort in pinebook pro device-tree.
>>* [arm64] Enable TYPEC_FUSB302, SND_SOC_ES8316, TYPEC and TYPEC_TCPM as
>>  modules. (Closes: #987638)
>>
>>[ Michal Simek ]
>>* [arm64] Enable clock driver for Xilinx ZynqMP SoC
>>
>> Additional support for hardware in the arm64 area.
>>
>>[ Valentin Vidic ]
>>* [s390x] udeb: Include standard scsi-modules containing the virtio_blk
>>  module (Closes: #988005)
>>
>> "Acked"/wished by KiBi, to align s390x installer support to the other
>> architectures.
>>
>> The current state is at https://salsa.debian.org/kernel-team/linux/-/tree/sid
>>
>> Let me know what you think of it, I would in any case send the usual
>> "Upload announcement" to the various involved teams before the upload
>> summarizing again the changes.
> 
> For the record, this will be 5.10.38 based. I delayed on purpose given
> the size which was forseen. 
> 
> If anybody has concern on the upload, please raise a flag.
> 
> Regards,
> Salvatore
> 



OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed d-i
Bug #988442 [release.debian.org] unblock: linux/5.10.38-1
Added tag(s) d-i and confirmed.

-- 
988442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#989161: [pre-approval] unblock: cups/2.3.3op2-3+deb11u1

[Didier 'OdyX' Raboud]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: c...@packages.debian.org

Please approve the following update for src:cups

[ Reason ]
Mikko Rapeli reported a USB printing regression in #989073, which, lukily
enough, was already reported and fixed upstream. It matters for Bullseye's
quality to ensure smooth USB printing.

[ Impact ]
Failure to print without comprehensible error messages nor configurable ways
to fix USB printing.

[ Tests ]
There are none, but as you'll see, these patches merely extend timeouts; also,
they have been reviewed and merged upstream, by the long-term upstream author,
Michael Sweet.

[ Risks ]
Given the trivialness of the patches as well as the extended review, I
consider the risks to be negligible.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I'm also attaching the "direct" patches, as my use of git debrebase produces a
noisy debdiff. I have also picked the 2.3.3op2-3+deb11u1 version, as
2.3.3op2-4 was already uploaded in experimental; please advise if a change is
needed.

Many thanks for your work!

unblock cups/2.3.3op2-3+deb11u1
From: Zdenek Dohnal 
Date: Tue, 13 Apr 2021 15:44:14 +0200
Subject: backend/usb-libusb.c: Use 60s timeout for reading at backchannel

Some older models malfunction if timeout is too short.

Origin: upstream, https://github.com/OpenPrinting/cups/pull/174
Bug: https://github.com/OpenPrinting/cups/issues/160
Bug-Debian: https://bugs.debian.org/989073
---
 backend/usb-libusb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
index d6b0eb4..fbb0d9d 100644
--- a/backend/usb-libusb.c
+++ b/backend/usb-libusb.c
@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference)
 readstatus = libusb_bulk_transfer(g.printer->handle,
  g.printer->read_endp,
  readbuffer, rbytes,
- , 250);
+ , 6);
 if (readstatus == LIBUSB_SUCCESS && rbytes > 0)
 {
   fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", 
(int)rbytes);
From: Zdenek Dohnal 
Date: Tue, 13 Apr 2021 15:47:37 +0200
Subject: backend/usb-libusb.c: Revert enforcing read limits

This commit reverts the change introduced by 2.2.12 [1] - its
implementation caused a regression with Lexmark filters.

[1] 
https://github.com/apple/cups/commit/35e927f83529cd9b4bc37bcd418c50e307fced35

Origin: upstream, https://github.com/OpenPrinting/cups/pull/174
Bug: https://github.com/OpenPrinting/cups/issues/72
---
 backend/usb-libusb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
index fbb0d9d..89b5182 100644
--- a/backend/usb-libusb.c
+++ b/backend/usb-libusb.c
@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference)
 * Make sure this loop executes no more than once every 250 miliseconds...
 */
 
-if ((g.wait_eof || !g.read_thread_stop))
+if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) &&
+(g.wait_eof || !g.read_thread_stop))
   usleep(25);
   }
   while (g.wait_eof || !g.read_thread_stop);
diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog  2021-02-12 14:09:29.0 +0100
+++ cups-2.3.3op2/debian/changelog  2021-05-27 08:49:36.0 +0200
@@ -1,3 +1,12 @@
+cups (2.3.3op2-3+deb11u1) unstable; urgency=medium
+
+  * Backport 2 upstream USB backend fixes:
+- Revert enforcing read limits (caused a regression with Lexmark filters)
+- Use 60s timeout (instead of 250ms) for reading at backchannel, as some
+  older models malfunction if timeout is too short (Closes: #989073)
+
+ -- Didier Raboud   Thu, 27 May 2021 08:49:36 +0200
+
 cups (2.3.3op2-3) unstable; urgency=medium
 
   [ Helge Kreutzmann ]
diff -Nru 
cups-2.3.3op2/debian/patches/0001-backend-usb-libusb.c-Use-60s-timeout-for-reading-at-.patch
 
cups-2.3.3op2/debian/patches/0001-backend-usb-libusb.c-Use-60s-timeout-for-reading-at-.patch
--- 
cups-2.3.3op2/debian/patches/0001-backend-usb-libusb.c-Use-60s-timeout-for-reading-at-.patch
1970-01-01 01:00:00.0 +0100
+++ 
cups-2.3.3op2/debian/patches/0001-backend-usb-libusb.c-Use-60s-timeout-for-reading-at-.patch
2021-05-27 08:49:36.0 +0200
@@ -0,0 +1,26 @@
+From: Zdenek Dohnal 
+Date: Tue, 13 Apr 2021 15:44:14 +0200
+Subject: backend/usb-libusb.c: Use 60s timeout for reading at backchannel
+
+Some older models malfunction if timeout is too short.
+
+Origin: upstream, https://github.com/OpenPrinting/cups/pull/174
+Bug: https://github.com/OpenPrinting/cups/issues/160
+Bug-Debian: https://bugs.debian.org/989073
+---
+ backend/usb-libusb.c | 2 +-
+ 1 file changed, 1