Bug#991845: marked as done (unblock: libx11/2:1.7.2-1)

[Debian Bug Tracking System]

Your message dated Wed, 4 Aug 2021 07:45:07 +0200
with message-id <8412cbc2-1eb4-0fed-7dc4-02f6ce788...@debian.org>
and subject line Re: Bug#991845: unblock: libx11/2:1.7.2-1
has caused the Debian Bug report #991845,
regarding unblock: libx11/2:1.7.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: b...@debian.org mzagr...@d.umn.edu

Please unblock package libx11

[ Reason ]
The new upstream release fixes regressions in the previous CVE release, 
including a segfault in fdesign. (bug 990998)

[ Impact ]
Regressions remain in bullseye release.

[ Tests ]
The new version has a commit that fixes a bug with a similar backtrace as 
990998, Matt can verify here that fdesign works with the new libx11.

[ Risks ]
The upstream changes are small, only three commits, 

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x attach debdiff against the package in testing

[ Other info ]
The diff is filtered to have only changes to the code and packaging, autotools 
changes are removed.

unblock libx11/2:1.7.2-1
diff -Nru libx11-1.7.1/configure.ac libx11-1.7.2/configure.ac
--- libx11-1.7.1/configure.ac   2021-05-18 17:14:20.0 +0300
+++ libx11-1.7.2/configure.ac   2021-06-06 19:48:52.0 +0300
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libX11], [1.7.1],
+AC_INIT([libX11], [1.7.2],
 [https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])
diff -Nru libx11-1.7.1/debian/changelog libx11-1.7.2/debian/changelog
--- libx11-1.7.1/debian/changelog   2021-08-03 11:34:34.0 +0300
+++ libx11-1.7.2/debian/changelog   2021-08-03 11:34:35.0 +0300
@@ -1,3 +1,13 @@
+libx11 (2:1.7.2-1) unstable; urgency=medium
+
+  [ Timo Aaltonen ]
+  * New upstream release. (Closes: #990998)
+
+  [ Julien Cristau ]
+  * Fix Vcs-Git control field.
+
+ -- Timo Aaltonen   Mon, 26 Jul 2021 11:29:39 +0300
+
 libx11 (2:1.7.1-1) unstable; urgency=medium
 
   [ Julien Cristau ]
diff -Nru libx11-1.7.1/debian/control libx11-1.7.2/debian/control
--- libx11-1.7.1/debian/control 2021-08-03 11:34:34.0 +0300
+++ libx11-1.7.2/debian/control 2021-08-03 11:34:35.0 +0300
@@ -17,7 +17,7 @@
  xorg-sgml-doctools (>= 1:1.10),
  w3m,
 Standards-Version: 4.5.0
-Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11
+Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11.git
 Vcs-Browser: https://salsa.debian.org/xorg-team/lib/libx11
 
 Package: libx11-6
diff -Nru libx11-1.7.1/README.md libx11-1.7.2/README.md
--- libx11-1.7.1/README.md  2021-05-18 17:14:20.0 +0300
+++ libx11-1.7.2/README.md  2021-06-06 19:48:52.0 +0300
@@ -31,6 +31,11 @@
 
   https://www.x.org/wiki/Development/Documentation/SubmittingPatches
 
+## Release 1.7.2
+
+This is a bug fix release, correcting a regression introduced by and
+improving the checks from the fix for CVE-2021-31535.
+
 ## Release 1.7.1
 
 This is a bug fix release, including a security fix for
diff -Nru libx11-1.7.1/src/Font.c libx11-1.7.2/src/Font.c
--- libx11-1.7.1/src/Font.c 2021-05-18 17:14:33.0 +0300
+++ libx11-1.7.2/src/Font.c 2021-06-06 19:48:53.0 +0300
@@ -102,7 +102,7 @@
 XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy);
 #endif
 
-if (strlen(name) >= USHRT_MAX)
+if (name != NULL && strlen(name) >= USHRT_MAX)
 return NULL;
 if (_XF86LoadQueryLocaleFont(dpy, name, _result, (Font *)0))
   return font_result;
@@ -656,7 +656,7 @@
XFontStruct **xfp,
Font *fidp)
 {
-int l;
+size_t l;
 const char *charset, *p;
 char buf[256];
 XFontStruct *fs;
@@ -664,7 +664,7 @@
 
 if (!name)
return 0;
-l = (int) strlen(name);
+l = strlen(name);
 if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX)
return 0;
 charset = NULL;
@@ -677,11 +677,11 @@
charset = "ISO8859-1";
p = charset + 7;
 }
-if (l - 2 - (p - charset) < 0)
+if (l - 2 < p - charset)
return 0;
 if (_XlcNCompareISOLatin1(name + l - 2 - (p - charset), charset, p - 
charset))
return 0;
-if (strlen(p + 1) + (size_t) l - 1 >= sizeof(buf) - 1)
+if (strlen(p + 1) + l - 1 >= sizeof(buf) 

Bug#991845: unblock: libx11/2:1.7.2-1

[Cyril Brulebois]

Hi,

Paul Gevers  (2021-08-03):
> The item below needs your ack.
> 
> Paul
> 
> On 03-08-2021 10:54, Timo Aaltonen wrote:
> > Please unblock package libx11
> > 
> > [ Reason ]
> > The new upstream release fixes regressions in the previous CVE
> > release, including a segfault in fdesign. (bug 990998)
> > 
> > [ Impact ]
> > Regressions remain in bullseye release.
> > 
> > [ Tests ]
> > The new version has a commit that fixes a bug with a similar
> > backtrace as 990998, Matt can verify here that fdesign works with
> > the new libx11.
> > 
> > [ Risks ]
> > The upstream changes are small, only three commits, 
> > 
> > [ Checklist ]
> >   [x] all changes are documented in the d/changelog
> >   [x] I reviewed all changes and I approve them
> >   [x attach debdiff against the package in testing
> > 
> > [ Other info ]
> > The diff is filtered to have only changes to the code and packaging,
> > autotools changes are removed.
> > 
> > unblock libx11/2:1.7.2-1

ACK on principle; I can't perform runtime tests right away, but as we
aren't in a hurry to build a new d-i anyway, we could live with some
regression — should that happen! — until it's time to upload. Right now,
I'm hoping the next d-i upload is going to be for 11.1.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#991843: marked as done (unblock: libjdom2-java/2.0.6-1.1)

[Debian Bug Tracking System]

Your message dated Tue, 03 Aug 2021 22:26:06 +
with message-id 
and subject line unblock libjdom2-java
has caused the Debian Bug report #991843,
regarding unblock: libjdom2-java/2.0.6-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991843
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libjdom2-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh
hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libjdom2-java_sid.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#991865: unblock: openjdk-11-jre-dcevm/11.0.12+7-1

[Emmanuel Bourg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package openjdk-11-jre-dcevm

openjdk-11-jre-dcevm is a patched OpenJDK VM with extra debugging features
for developers, it's tighly tied to the openjdk-11 package and often has
to follow the major updates. The openjdk-11/11.0.12+7-2 upload last week
broke openjdk-11-jre-dcevm (#991006), this was fixed with the upload of
openjdk-11-jre-dcevm/11.0.12+7-1 for which I'd like to request an unblock.

Besides rebasing on top of OpenJDK 11.0.12+7, the DCEVM update has no other
changes compared to the previous version 11.0.11+9. I'm adding below the diff
between the DCEVM changes for OpenJDK 11.0.11 and 11.0.12, only the hunk headers
changed, not the content.

Thank you,

Emmanuel Bourg



$ diff dcevm-11.0.11+9.patch dcevm-11.0.12+7.patch
1,8d0
< diff --git a/AdoptOpenJDK.md b/AdoptOpenJDK.md
< new file mode 100644
< index 00..88a0a38ee8
< --- /dev/null
< +++ b/AdoptOpenJDK.md
< @@ -0,0 +1,2 @@
< +AdoptOpenJDK marker file
< +
93c85
< index b9440902d3..111610cb25 100644
---
> index 12a95c5948..ab880836ec 100644
123c115
< index bc2561fb09..9a2d66bdd5 100644
---
> index 211c2acda2..88ccb82937 100644
126c118
< @@ -3784,6 +3784,10 @@ bool GraphBuilder::try_inline_full(ciMethod* callee, 
bool holder_known, bool ign
---
> @@ -3783,6 +3783,10 @@ bool GraphBuilder::try_inline_full(ciMethod* callee, 
> bool holder_known, bool ign
282c274
< index 6d65cca210..7158fdb77d 100644
---
> index 154dab55e4..59dcd44724 100644
413c405
< index f0cf1fb7cb..5713bb9e98 100644
---
> index 03954f5215..c2c8348f74 100644
416c408
< @@ -1501,6 +1501,7 @@ InstanceKlass* ClassLoader::load_class(Symbol* name, 
bool search_append_only, TR
---
> @@ -1498,6 +1498,7 @@ InstanceKlass* ClassLoader::load_class(Symbol* name, 
> bool search_append_only, TR
425c417
< index c58026ae19..f319cca3b2 100644
---
> index 21f8b67d13..e451f5407c 100644
697c689
< index 3ac1ca69ae..6c072407fd 100644
---
> index b949bac8de..a1baaef86f 100644
1223c1215
< index bfd67334f8..3368b74217 100644
---
> index 4509025cf7..1ef4ffc0a2 100644
1346c1338
< @@ -1372,6 +1395,10 @@ InstanceKlass* 
SystemDictionary::load_shared_class(InstanceKlass* ik,
---
> @@ -1374,6 +1397,10 @@ InstanceKlass* 
> SystemDictionary::load_shared_class(InstanceKlass* ik,
1357c1349
< @@ -1553,11 +1580,12 @@ static void post_class_define_event(InstanceKlass* k, 
const ClassLoaderData* def
---
> @@ -1555,11 +1582,12 @@ static void post_class_define_event(InstanceKlass* k, 
> const ClassLoaderData* def
1371c1363
< @@ -1582,7 +1610,13 @@ void 
SystemDictionary::define_instance_class(InstanceKlass* k, TRAPS) {
---
> @@ -1584,7 +1612,13 @@ void 
> SystemDictionary::define_instance_class(InstanceKlass* k, TRAPS) {
1386c1378
< @@ -1616,7 +1650,7 @@ void 
SystemDictionary::define_instance_class(InstanceKlass* k, TRAPS) {
---
> @@ -1618,7 +1652,7 @@ void 
> SystemDictionary::define_instance_class(InstanceKlass* k, TRAPS) {
1395c1387
< @@ -1694,7 +1728,7 @@ InstanceKlass* 
SystemDictionary::find_or_define_instance_class(Symbol* class_nam
---
> @@ -1696,7 +1730,7 @@ InstanceKlass* 
> SystemDictionary::find_or_define_instance_class(Symbol* class_nam
1404c1396
< @@ -1817,6 +1851,19 @@ void SystemDictionary::add_to_hierarchy(InstanceKlass* 
k, TRAPS) {
---
> @@ -1819,6 +1853,19 @@ void SystemDictionary::add_to_hierarchy(InstanceKlass* 
> k, TRAPS) {
1424c1416
< @@ -1941,6 +1988,16 @@ bool SystemDictionary::is_well_known_klass(Symbol* 
class_name) {
---
> @@ -1943,6 +1990,16 @@ bool SystemDictionary::is_well_known_klass(Symbol* 
> class_name) {
1441c1433
< @@ -2113,7 +2170,7 @@ void SystemDictionary::check_constraints(unsigned int 
d_hash,
---
> @@ -2115,7 +2172,7 @@ void SystemDictionary::check_constraints(unsigned int 
> d_hash,
1451c1443
< index 649b321a6a..4220978a02 100644
---
> index a14728df75..aba2780a32 100644
1463c1455
< @@ -302,6 +304,7 @@ public:
---
> @@ -305,6 +307,7 @@ public:
1471c1463
< @@ -310,6 +313,7 @@ public:
---
> @@ -313,6 +316,7 @@ public:
1479c1471
< @@ -318,6 +322,7 @@ public:
---
> @@ -321,6 +325,7 @@ public:
1487c1479
< @@ -462,6 +467,12 @@ public:
---
> @@ -465,6 +470,12 @@ public:
1500c1492
< @@ -655,7 +666,7 @@ protected:
---
> @@ -658,7 +669,7 @@ protected:
1548c1540
< index 8955dd0b36..daaa8d1237 100644
---
> index cef3f530cb..3477a408cb 100644
1551c1543
< @@ -286,6 +286,8 @@
---
> @@ -287,6 +287,8 @@
1560c1552
< @@ -340,6 +342,7 @@
---
> @@ -341,6 +343,7 @@
1568c1560
< @@ -352,6 +355,8 @@
---
> @@ -353,6 +356,8 @@
1577c1569
< @@ -446,6 +451,12 @@
---
> @@ -447,6 +452,12 @@
1604c1596
< index 7838d24677..26d6cd1bc6 100644
---
> index 65eb05efd4..6b7d2aad07 100644
1626c1618
< @@ -55,6 +61,7 @@ void CompiledMethod::init_defaults() {
---
> @@ -62,6 +68,7 @@ void CompiledMethod::init_defaults() {
1635c1627
< index 1dd185dc53..935c295485 100644
---
> index 75ca840bea..725895bdda 100644
1659c1651
< index 60aa462604..bc39e147f2 100644
---
> index 

Bug#991864: unblock: i2c-tools/4.2-2

[Aurelien Jarno]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package i2c-tools

[ Reason ]
During the "transition" from Python 2 to Python 3, I forgot to update
the Suggests: entry from python-smbus to python3-smbus. As a consequence
apt suggests a non-existing package, and users do not get suggested to
install python3-smbus.

[ Impact ]
To be honest, if the unblock isn't granted, it is not the end of the
world, and I would totally understand if this bug is just closed.
However given a user bothered to report a bug (initially with severity
important), and that the changes are trivial, I am just giving it a try.

[ Tests ]
Only manual installation of the package has been done to test the
changes.

[ Risks ]
The risks are very very low, as the changes are trivial, do not concern
the shipped code but only the Suggests: entry, and given that apt does
not install suggested packages by default. 

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock i2c-tools/4.2-2
diff -Nru i2c-tools-4.2/debian/changelog i2c-tools-4.2/debian/changelog
--- i2c-tools-4.2/debian/changelog  2020-10-14 18:01:27.0 +0200
+++ i2c-tools-4.2/debian/changelog  2021-07-24 15:17:41.0 +0200
@@ -1,3 +1,9 @@
+i2c-tools (4.2-2) unstable; urgency=medium
+
+  * Suggest python3-smbus instead of python-smbus (closes: #991010).
+
+ -- Aurelien Jarno   Sat, 24 Jul 2021 15:17:41 +0200
+
 i2c-tools (4.2-1) unstable; urgency=medium
 
   * New upstream version:
diff -Nru i2c-tools-4.2/debian/control i2c-tools-4.2/debian/control
--- i2c-tools-4.2/debian/control2020-10-14 18:00:59.0 +0200
+++ i2c-tools-4.2/debian/control2021-07-24 15:16:43.0 +0200
@@ -13,7 +13,7 @@
 Conflicts: lm-sensors (<< 1:3.0.0-1)
 Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}, adduser, udev
 Recommends: read-edid
-Suggests: libi2c-dev, python-smbus
+Suggests: libi2c-dev, python3-smbus
 Description: heterogeneous set of I2C tools for Linux
  This package contains a heterogeneous set of I2C tools for Linux: a bus
  probing tool, a chip dumper, register-level access helpers, EEPROM

Bug#991843: unblock: libjdom2-java/2.0.6-1.1

[Utkarsh Gupta]

Hi Sebastian,

On Tue, Aug 3, 2021 at 10:35 PM Sebastian Ramacher  wrote:
> Unstable and bullseye contain the same version of libjdom2-java. Are you
> sure that the upload reached unstable?

There was a bit of a fiasco and processing delay from dak (see my mail
at -devel for more information) but the new version of libjdom2-java
should now be available in sid.

$ rmadison libjdom2-java
libjdom2-java | 2.0.6-1   | oldoldstable| source, all
libjdom2-java | 2.0.6-1   | oldstable   | source, all
libjdom2-java | 2.0.6-1   | stable  | source, all
libjdom2-java | 2.0.6-1.1 | unstable| source
libjdom2-java | 2.0.6-2   | testing | source, all
libjdom2-java | 2.0.6-2   | unstable| source, all
libjdom2-java | 2.0.6-2.1 | buildd-unstable | source, all
libjdom2-java | 2.0.6-2.1 | unstable| source, all

Please let me know if you need any more information. Thank you!


- u

Bug#991834: unblock: galera-4/26.4.9-1

[Andreas Beckmann]

On 03/08/2021 17.50, Paul Gevers wrote:

+Breaks: galera-3 (<< 26.4)
+Replaces: galera-3 (<< 26.4)

What are these versions? The highest version of galera-3 from
src:galera-3 is 25.3.34-1.


26.4 is galera-4 ==> anything earlier galera-3

Andreas

Bug#990961: marked as done (RM: ognibuild/0.0.1~git20201031.4cbc8df-1.1)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 19:24:12 +0200
with message-id 
and subject line Re: Bug#990961: RM: ognibuild/0.0.1~git20201031.4cbc8df-1.1
has caused the Debian Bug report #990961,
regarding RM: ognibuild/0.0.1~git20201031.4cbc8df-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
990961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Please remove ognibuild from bullseye/testing; the current version
(0.0.1~git20201031.4cbc8df-1.1) there is a very early prerelease that is
unlikely to provide a good experience to users.
--- End Message ---
--- Begin Message ---
On 2021-07-11 21:49:50 +0200, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
> 
> On 2021-07-11 19:02:20 +, Jelmer Vernooij wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: rm
> > 
> > Please remove ognibuild from bullseye/testing; the current version
> > (0.0.1~git20201031.4cbc8df-1.1) there is a very early prerelease that is
> > unlikely to provide a good experience to users.
> 
> % dak rm -Rn -s testing ognibuild
> Will remove the following packages from testing:
> 
>  ognibuild | 0.0.1~git20201031.4cbc8df-1.1 | source, all
> 
> Maintainer: Jelmer Vernooij 
> 
> --- Reason ---
> 
> --
> 
> Checking reverse dependencies...
> # Broken Depends:
> lintian-brush: lintian-brush
> 
> # Broken Build-Depends:
> lintian-brush: ognibuild
> 
> Dependency problem found.
> 
> 
> So that won't be possible without also removing lintian-brush. So is
> that really what you want?

lintian-brush was removed from bullseye. Removal hint added.

Cheers

> 
> Cheers
> -- 
> Sebastian Ramacher



-- 
Sebastian Ramacher


signature.asc
Description: PGP signature
--- End Message ---

Bug#991843: unblock: libjdom2-java/2.0.6-1.1

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2021-08-03 14:11:25 +0530, Utkarsh Gupta wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hey,
> 
> src:libjdom2-java has been affected by CVE-2021-33813 which is fixed
> in sid & stretch. -pu update for buster is also being filed.
> 
> Since this is just a CVE fix, I'd request you to unblock this and let
> it go to bullseye, please? (I am sorry for doing this on the eleventh
> hour :/)
> 
> The debdiff is duly attached. Let me know if you any more information. TIA! 
> \o/

Unstable and bullseye contain the same version of libjdom2-java. Are you
sure that the upload reached unstable?

Cheers

> 
> 
> - u



-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Processed: Re: Bug#991843: unblock: libjdom2-java/2.0.6-1.1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #991843 [release.debian.org] unblock: libjdom2-java/2.0.6-1.1
Added tag(s) moreinfo.

-- 
991843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991843
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991842: marked as done (unblock: libjdom1-java/1.1.3-2.1)

[Debian Bug Tracking System]

Your message dated Tue, 03 Aug 2021 16:58:13 +
with message-id 
and subject line unblock libjdom1-java
has caused the Debian Bug report #991842,
regarding unblock: libjdom1-java/1.1.3-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991842: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991842
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libjdom1-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libjdom1-java_sid.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#991749: unblock: ruby-maven-libs/3.3.9+ds-2

[Nilesh Patra]

control: retitle -1 unblock: ruby-maven-libs/3.3.9+ds-3

Hi Graham,

On Sun, 1 Aug 2021 14:33:35 +0200 Graham Inggs  wrote:
> Control: tags -1 + moreinfo
> 
> Hi Praveen
> 
> On Sat, 31 Jul 2021 at 21:21,  wrote:
> > +  * Bump debhelper from old 10 to 12.
> 
> Please revert this change.  See 'Target fixes' section of the freeze policy 
> [1].

I reverted this debhelper bump and uploaded a -3 to unstable. Debdiff
for both the -3 release v/s -2 release (this one), and -3 v/s -1.1 release (in
testing) can be found attached w/ this email

Since the -2 changelog states inclusion of d/salsa-ci.yml, but the
package did not include it, I added two lines of this file, which should
be absolutely harmless by all metrics.

Thanks a lot for your work on the release :-)

Nilesh
diff -Nru ruby-maven-libs-3.3.9+ds/debian/changelog 
ruby-maven-libs-3.3.9+ds/debian/changelog
--- ruby-maven-libs-3.3.9+ds/debian/changelog   2021-08-01 00:23:32.0 
+0530
+++ ruby-maven-libs-3.3.9+ds/debian/changelog   2021-08-03 22:02:31.0 
+0530
@@ -1,3 +1,10 @@
+ruby-maven-libs (3.3.9+ds-3) unstable; urgency=medium
+
+  * Team Upload.
+  * Revert debhelper bump from 10 to 12 for bullseye release
+
+ -- Nilesh Patra   Tue, 03 Aug 2021 22:02:31 +0530
+
 ruby-maven-libs (3.3.9+ds-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru ruby-maven-libs-3.3.9+ds/debian/compat 
ruby-maven-libs-3.3.9+ds/debian/compat
--- ruby-maven-libs-3.3.9+ds/debian/compat  1970-01-01 05:30:00.0 
+0530
+++ ruby-maven-libs-3.3.9+ds/debian/compat  2021-08-03 21:59:35.0 
+0530
@@ -0,0 +1 @@
+10
diff -Nru ruby-maven-libs-3.3.9+ds/debian/control 
ruby-maven-libs-3.3.9+ds/debian/control
--- ruby-maven-libs-3.3.9+ds/debian/control 2021-08-01 00:23:32.0 
+0530
+++ ruby-maven-libs-3.3.9+ds/debian/control 2021-08-03 22:00:16.0 
+0530
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Debian Ruby Team 

 Uploaders: Miguel Landaeta 
-Build-Depends: debhelper-compat (= 12),
+Build-Depends: debhelper (>= 10~),
gem2deb
 Standards-Version: 4.5.1
 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-maven-libs.git
diff -Nru ruby-maven-libs-3.3.9+ds/debian/salsa-ci.yml 
ruby-maven-libs-3.3.9+ds/debian/salsa-ci.yml
--- ruby-maven-libs-3.3.9+ds/debian/salsa-ci.yml1970-01-01 
05:30:00.0 +0530
+++ ruby-maven-libs-3.3.9+ds/debian/salsa-ci.yml2021-08-03 
21:59:05.0 +0530
@@ -0,0 +1,4 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru ruby-maven-libs-3.3.9+ds/debian/changelog 
ruby-maven-libs-3.3.9+ds/debian/changelog
--- ruby-maven-libs-3.3.9+ds/debian/changelog   2021-01-09 17:39:58.0 
+0530
+++ ruby-maven-libs-3.3.9+ds/debian/changelog   2021-08-03 22:02:31.0 
+0530
@@ -1,9 +1,36 @@
-ruby-maven-libs (3.3.9+ds-1.1) unstable; urgency=medium
+ruby-maven-libs (3.3.9+ds-3) unstable; urgency=medium
 
-  * Non maintainer upload by the Reproducible Builds team.
-  * No source change upload to rebuild on buildd with .buildinfo files.
+  * Team Upload.
+  * Revert debhelper bump from 10 to 12 for bullseye release
 
- -- Holger Levsen   Sat, 09 Jan 2021 13:09:58 +0100
+ -- Nilesh Patra   Tue, 03 Aug 2021 22:02:31 +0530
+
+ruby-maven-libs (3.3.9+ds-2) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Utkarsh Gupta ]
+  * Add salsa-ci.yml
+
+  [ Debian Janitor ]
+  * Use secure copyright file specification URI.
+  * Bump debhelper from old 10 to 12.
+  * Set debhelper-compat version in Build-Depends.
+  * Update Vcs-* headers from URL redirect.
+  * Use canonical URL in Vcs-Git.
+
+  [ Cédric Boutillier ]
+  * Update team name
+  * Add .gitattributes to keep unwanted files out of the source package
+
+  [ Pirate Praveen ]
+  * Add a simple require autopkgtest (to check the version patch)
+  * Fix maven version detection patch (Thanks to Raul Tambre) (Closes: #989175)
+  * Bump Standards-Version to 4.5.1 (no changes needed)
+  * Include NOTICE file in binary package
+  * Move debian/watch to gemwatch.debian.net
+
+ -- Pirate Praveen   Sun, 01 Aug 2021 00:23:32 +0530
 
 ruby-maven-libs (3.3.9+ds-1) unstable; urgency=medium
 
diff -Nru ruby-maven-libs-3.3.9+ds/debian/control 
ruby-maven-libs-3.3.9+ds/debian/control
--- ruby-maven-libs-3.3.9+ds/debian/control 2017-03-10 00:09:43.0 
+0530
+++ ruby-maven-libs-3.3.9+ds/debian/control 2021-08-03 22:00:16.0 
+0530
@@ -1,13 +1,13 @@
 Source: ruby-maven-libs
 Section: ruby
 Priority: optional
-Maintainer: Debian Ruby Extras Maintainers 

+Maintainer: Debian Ruby Team 

 Uploaders: Miguel Landaeta 
 Build-Depends: debhelper (>= 10~),
gem2deb
-Standards-Version: 3.9.8
-Vcs-Git: https://anonscm.debian.org/git/pkg-ruby-extras/ruby-maven-libs.git
-Vcs-Browser: 
https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-maven-libs.git
+Standards-Version: 4.5.1
+Vcs-Git: 

Processed: Re: Bug#991749: unblock: ruby-maven-libs/3.3.9+ds-2

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 unblock: ruby-maven-libs/3.3.9+ds-3
Bug #991749 [release.debian.org] unblock: ruby-maven-libs/3.3.9+ds-2
Changed Bug title to 'unblock: ruby-maven-libs/3.3.9+ds-3' from 'unblock: 
ruby-maven-libs/3.3.9+ds-2'.

-- 
991749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991749
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991844: unblock: libpam-tacplus/1.3.8-2.1

[Utkarsh Gupta]

Hi Paul,

On Tue, Aug 3, 2021 at 9:46 PM Paul Gevers  wrote:
> On 03-08-2021 10:46, Utkarsh Gupta wrote:
> > src:libpam-tacplus
>
> ... is not in testing.
>
> closing this bug as there's nothing to do (no, we're not going to let it
> in now).

Ugh, my bad for not checking that. Thanks and of course not letting it
go to bullseye absolutely makes sense! Thank you and sorry for the
noise!


- u

Bug#991844: marked as done (unblock: libpam-tacplus/1.3.8-2.1)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 18:16:48 +0200
with message-id 
and subject line Re: Bug#991844: unblock: libpam-tacplus/1.3.8-2.1
has caused the Debian Bug report #991844,
regarding unblock: libpam-tacplus/1.3.8-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991844
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. -pu update for buster is also being filed. This
update also helps in fixing the versioning problem because as of now,
the version in stretch is greater than that in stable and sid. So this
update will help fix things for sid and bullseye, at least.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh
hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libpam-tacplus_sid.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
Hi Utkarsh,

On 03-08-2021 10:46, Utkarsh Gupta wrote:
> src:libpam-tacplus 

... is not in testing.

closing this bug as there's nothing to do (no, we're not going to let it
in now).

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Processed: Re: Bug#991845: unblock: libx11/2:1.7.2-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed d-i
Bug #991845 [release.debian.org] unblock: libx11/2:1.7.2-1
Added tag(s) d-i and confirmed.

-- 
991845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991845: unblock: libx11/2:1.7.2-1

[Paul Gevers]

Control: tags -1 confirmed d-i

Hi Cyril,

The item below needs your ack.

Paul

On 03-08-2021 10:54, Timo Aaltonen wrote:
> Please unblock package libx11
> 
> [ Reason ]
> The new upstream release fixes regressions in the previous CVE release, 
> including a segfault in fdesign. (bug 990998)
> 
> [ Impact ]
> Regressions remain in bullseye release.
> 
> [ Tests ]
> The new version has a commit that fixes a bug with a similar backtrace as 
> 990998, Matt can verify here that fdesign works with the new libx11.
> 
> [ Risks ]
> The upstream changes are small, only three commits, 
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x attach debdiff against the package in testing
> 
> [ Other info ]
> The diff is filtered to have only changes to the code and packaging, 
> autotools changes are removed.
> 
> unblock libx11/2:1.7.2-1
> 



OpenPGP_signature
Description: OpenPGP digital signature

Bug#991681: marked as done (unblock: telegram-desktop/2.8.10+ds-1 (pre-approval))

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 18:09:25 +0200
with message-id 
and subject line Re: Bug#991681: unblock: telegram-desktop/2.8.10+ds-1 
(pre-approval)
has caused the Debian Bug report #991681,
regarding unblock: telegram-desktop/2.8.10+ds-1 (pre-approval)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991681: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: 991...@bugs.debian.org

Dear release team,

This request is for discuss the present situation with the telegram-desktop
package. On July 16, under CVE-2021-36769 were disclosed some weakness of the
MtProto implementation in Telegram Desktop before 2.8.8. So the version
currently in testing, 2.6.1, has the security issue.

I examined commits from an upstream Git repository which potentially may fix
the issue, and I found they do not apply cleanly on top of 2.6.1 version. Even
if they have applied, or if I have solved merge conflicts with them, I could
not guarantee the efficiency in light of the issue.

So I see two possible options here:

1. Update the package to the latest upstream release. That is what this request
is about. The release brings a lot of new code and many new features which we
will not be able to test carefully on tight deadlines before bullseye. We will
need to update satellite packages also, libtgowt with fresh upstream commit and
libtgvoip with no-source-change rebuild. Approximate size of debdiffes is about
20MB. You can currently view the difference in Git on salsa.d.o.

https://salsa.debian.org/debian/telegram-desktop/-/merge_requests/37
https://salsa.debian.org/debian/libtgowt/-/merge_requests/6

This type of issue is that it is better to have the fix now than not to fix at
all. If you permit the update, I will proceed and properly supplement this bug
report with complete diffes. But on the other hand...

2. We can do nothing at the moment. And fix the issue later for bookworm. And
then backport the update to bullseye and buster. Telegram team assured me the
issue is not too risky in practice and it has only theoretical interest.


[ Reason ]
Fix security issue in implementation of underlying Telegram protocol, MtProto.
CVE-2021-36769.

[ Tests ]
Not fully, only manual smoke-test has been done. The app still starts.

[ Risks ]
Complex code in leaf and related packages. The libtgowt and the libtgvoip
packages carry static libraries. Their update does not affect anything
immediately. We also need to rebuild the telegram-desktop package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing


unblock telegram-desktop/2.8.10+ds-1
unblock libtgowt/0~git20210627.91d836d+dfsg-1
unblock libtgvoip/2.4.4+git20210101.13a5fcb+ds-3



signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Hi Nicholas,

On 30-07-2021 10:49, Nicholas Guriev wrote:
> So I see two possible options here:
> 
> 1. Update the package to the latest upstream release. That is what this 
> request
> is about. The release brings a lot of new code and many new features which we
> will not be able to test carefully on tight deadlines before bullseye. We will
> need to update satellite packages also, libtgowt with fresh upstream commit 
> and
> libtgvoip with no-source-change rebuild. Approximate size of debdiffes is 
> about
> 20MB. You can currently view the difference in Git on salsa.d.o.
> 
> https://salsa.debian.org/debian/telegram-desktop/-/merge_requests/37
> https://salsa.debian.org/debian/libtgowt/-/merge_requests/6
> 
> This type of issue is that it is better to have the fix now than not to fix at
> all. If you permit the update, I will proceed and properly supplement this bug
> report with complete diffes. But on the other hand...

Sorry, your request was not following the freeze guidelines so would
need an exception. We didn't come to a positive conclusion in time and
now the window to include it in bullseye has passed.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Processed: Re: Bug#991834: unblock: galera-4/26.4.9-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #991834 [release.debian.org] unblock: galera-4/26.4.9-1
Added tag(s) moreinfo.

-- 
991834: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991834
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991834: unblock: galera-4/26.4.9-1

[Paul Gevers]

Control: tags -1 moreinfo

Hi

On 02-08-2021 23:00, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package galera-4
> 
> It's a new upstream bugfix release, Otto can probably comment on that.

Yes, please. We want totally targeted fixes at this moment. This doesn't
sound like one.

> Packaging wise it contains the second half of solving the mariadb
> upgrade issues (there is a conflicts cycle between galera-3 and galera-4
> and upgrading from buster to bullseye requires switching from galera-3
> to galera-4 ... sometimes the upgrade outcome is an unexpected removal
> of mariadb-server - #990708)
> 
> Andreas
> 
> unblock galera-4/26.4.9-1

diff -Nru galera-4-26.4.8/debian/control galera-4-26.4.9/debian/control
[...]
-Breaks: galera,
-galera-3
-Replaces: galera
+Breaks: galera-3 (<< 26.4)
+Replaces: galera-3 (<< 26.4)

What are these versions? The highest version of galera-3 from
src:galera-3 is 25.3.34-1.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#991850: marked as done (unblock: tmpreaper/1.6.14+nmu2)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 17:34:59 +0200
with message-id <16776e65-d3b1-d00c-653e-5fe2fc4f7...@debian.org>
and subject line Re: Bug#991850: unblock: tmpreaper/1.6.14+nmu2
has caused the Debian Bug report #991850,
regarding unblock: tmpreaper/1.6.14+nmu2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991850: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991850
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package tmpreaper

  * Apply patch from Mick Switser to fix protect on directory.
(Closes: #636459)

unblock tmpreaper/1.6.14+nmu2
diff -Nru tmpreaper-1.6.14+nmu1/ChangeLog tmpreaper-1.6.14+nmu2/ChangeLog
--- tmpreaper-1.6.14+nmu1/ChangeLog 2019-09-06 16:20:49.0 +0300
+++ tmpreaper-1.6.14+nmu2/ChangeLog 2021-08-03 08:35:41.0 +0300
@@ -1,3 +1,11 @@
+tmpreaper (1.6.14+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from Mick Switser to fix protect on directory.
+(Closes: #636459)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:35:41 +0300
+
 tmpreaper (1.6.14+nmu1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru tmpreaper-1.6.14+nmu1/debian/changelog 
tmpreaper-1.6.14+nmu2/debian/changelog
--- tmpreaper-1.6.14+nmu1/debian/changelog  2019-09-06 16:20:49.0 
+0300
+++ tmpreaper-1.6.14+nmu2/debian/changelog  2021-08-03 08:35:41.0 
+0300
@@ -1,3 +1,11 @@
+tmpreaper (1.6.14+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from Mick Switser to fix protect on directory.
+(Closes: #636459)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:35:41 +0300
+
 tmpreaper (1.6.14+nmu1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru tmpreaper-1.6.14+nmu1/tmpreaper.c tmpreaper-1.6.14+nmu2/tmpreaper.c
--- tmpreaper-1.6.14+nmu1/tmpreaper.c   2019-01-05 17:23:01.0 +0200
+++ tmpreaper-1.6.14+nmu2/tmpreaper.c   2021-08-03 08:35:41.0 +0300
@@ -519,6 +519,21 @@
continue;
}
 
+if (FLAGS_PROTECT_P (flags)) {
+   skip = i = 0;
+   do {
+   if (sb.st_ino == protect_table[i].inode) {
+   message (LOG_VERBOSE,
+"Entry matching `--protect' pattern 
skipped. `%s'\n",
+protect_table[i].name);
+   skip = 1;
+   break;
+   }
+   } while (protect_table[i++].name);
+   if (skip)
+   continue;
+   }
+
if (S_ISDIR (sb.st_mode)) {
 #ifdef HAVE_LIBMOUNT_LIBMOUNT_H
struct mountpoint_control ctl = { NULL };
@@ -565,21 +580,6 @@
 (u_int) getpid(), ent->d_name);
}
 
-   if (FLAGS_PROTECT_P (flags)) {
-   skip = i = 0;
-   do {
-   if (sb.st_ino == protect_table[i].inode) {
-   message (LOG_VERBOSE,
-"Entry matching `--protect' pattern 
skipped. `%s'\n",
-protect_table[i].name);
-   skip = 1;
-   break;
-   }
-   } while (protect_table[i++].name);
-   if (skip)
-   continue;
-   }
-
/* Decide whether to remove the file or not */
/* check for mtime on directory instead of atime if requested */
if ( FLAGS_MTIME_P(flags) ||
--- End Message ---
--- Begin Message ---
Hi Adrian,

On 03-08-2021 13:33, Adrian Bunk wrote:
> Please unblock package tmpreaper

unblock hint added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991849: marked as done (unblock: sctk/2.4.10-20151007-1312Z+dfsg2-3.1)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 17:29:47 +0200
with message-id 
and subject line Re: Bug#991849: unblock: sctk/2.4.10-20151007-1312Z+dfsg2-3.1
has caused the Debian Bug report #991849,
regarding unblock: sctk/2.4.10-20151007-1312Z+dfsg2-3.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package sctk

  * Apply patch by Michael Hudson-Doyle to use pdftoppm instead
of convert to convert pdf to jpg as the latter fails with the
changed security policy of ImageMagick. (Closes: #962439)
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog   2016-04-27 
19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog   2021-08-03 
09:44:24.0 +0300
@@ -1,3 +1,12 @@
+sctk (2.4.10-20151007-1312Z+dfsg2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch by Michael Hudson-Doyle to use pdftoppm instead
+of convert to convert pdf to jpg as the latter fails with the
+changed security policy of ImageMagick. (Closes: #962439)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 09:44:24 +0300
+
 sctk (2.4.10-20151007-1312Z+dfsg2-3) unstable; urgency=medium
 
   * Fix an error in replacement files Makefile.
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/control
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2016-04-27 
19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2021-08-03 
09:44:12.0 +0300
@@ -8,6 +8,7 @@
  dh-buildinfo,
  dpkg-dev (>= 1.16.1~),
  librsvg2-bin,
+ poppler-utils,
  texlive-latex-base,
  texlive-latex-extra,
  imagemagick,
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile  
2016-04-27 19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile  
2021-08-03 09:43:34.0 +0300
@@ -34,7 +34,7 @@
 all: $(OUTPUT)
 
 %.jpg: %.pdf
-   convert -density 300 $< $@
+   pdftoppm -jpeg -singlefile -r 300 $< > $@
 
 %.png: %.svg
convert "$<" "$@"
--- End Message ---
--- Begin Message ---
Hi Adrian,

On 03-08-2021 13:29, Adrian Bunk wrote:
> Please unblock package sctk

unblock hinted added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991848: marked as done (unblock: statsvn/0.7.0.dfsg-10)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 17:27:16 +0200
with message-id <946c03c6-cfb2-60d7-bccb-05e1d201c...@debian.org>
and subject line Re: Bug#991848: unblock: statsvn/0.7.0.dfsg-10
has caused the Debian Bug report #991848,
regarding unblock: statsvn/0.7.0.dfsg-10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991848
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package statsvn

  * Add patch from FreeBSD to disable the version check that broke
with Subversion >= 10. (Closes: #990488)

unblock statsvn/0.7.0.dfsg-10
diff -Nru statsvn-0.7.0.dfsg/debian/changelog 
statsvn-0.7.0.dfsg/debian/changelog
--- statsvn-0.7.0.dfsg/debian/changelog 2018-11-18 13:02:28.0 +0200
+++ statsvn-0.7.0.dfsg/debian/changelog 2021-08-03 08:05:50.0 +0300
@@ -1,3 +1,11 @@
+statsvn (0.7.0.dfsg-10) unstable; urgency=medium
+
+  * QA upload.
+  * Add patch from FreeBSD to disable the version check that broke
+with Subversion >= 10. (Closes: #990488)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:05:50 +0300
+
 statsvn (0.7.0.dfsg-9) unstable; urgency=medium
 
   * QA upload.
diff -Nru statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java 
statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
--- statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
1970-01-01 02:00:00.0 +0200
+++ statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
2021-08-03 08:05:38.0 +0300
@@ -0,0 +1,17 @@
+Skip SVN version check which doesn't work anymore with SVN 1.10.0
+
+--- a/src/net/sf/statsvn/Main.java.orig2018-06-25 06:52:30 UTC
 b/src/net/sf/statsvn/Main.java
+@@ -105,12 +105,6 @@ public final class Main {
+ public static void generate() {
+ try {
+ RepositoryFileManager manager = createRepoManager();
+-String version = 
manager.getProcessor().getVersionProcessor().checkSvnVersionSufficient();
+-final boolean isNewerDiffPossible = 
manager.getProcessor().getVersionProcessor().checkDiffPerRevPossible(version);
+-// fall-back to older option.
+-if (!isNewerDiffPossible) {
+-SvnConfigurationOptions.setLegacyDiff(true);
+-}
+ 
+ 
manager.getProcessor().getInfoProcessor().checkRepoRootAvailable();
+ generateDefaultHTMLSuite(manager);
diff -Nru statsvn-0.7.0.dfsg/debian/patches/series 
statsvn-0.7.0.dfsg/debian/patches/series
--- statsvn-0.7.0.dfsg/debian/patches/series2018-04-20 00:41:58.0 
+0300
+++ statsvn-0.7.0.dfsg/debian/patches/series2021-08-03 08:05:48.0 
+0300
@@ -1,3 +1,4 @@
 10-build-xml-classpath.diff
 15-build-xml-build-jar-only.diff
 20-remove-backport-util-concurrent.diff
+patch-src_net_sf_statsvn_Main.java
--- End Message ---
--- Begin Message ---
Hi Adrian,

On 03-08-2021 13:23, Adrian Bunk wrote:
> Please unblock package statsvn

unblock hint added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991851: marked as done (unblock: piuparts/1.1.4)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 17:22:07 +0200
with message-id 
and subject line Re: Bug#991851: unblock: piuparts/1.1.4
has caused the Debian Bug report #991851,
regarding unblock: piuparts/1.1.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package piuparts

This update prepares the package for stable=bullseye.
It also switches some scripts to the mariadb and postgresql versions we
have in bullseye.
The pkgsummary changes fix some recent breakage observed on piuparts.d.o
and have been deployed there for some days already.

There will probably be a larger update coming for the first
bullseye point release... if I find some time...

unblock piuparts/1.1.4

Andreas

(trying to get the last unblock request in before the deadline :-)


piuparts-1.1.4.diff.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Hi Andreas,

On 03-08-2021 13:44, Andreas Beckmann wrote:
> Please unblock package piuparts

unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991852: marked as done (unblock: debian-edu-doc/2.11.26)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 17:05:48 +0200
with message-id <99afb0d3-82ca-97eb-a2a7-4238edb18...@debian.org>
and subject line Re: Bug#991852: unblock: debian-edu-doc/2.11.26
has caused the Debian Bug report #991852,
regarding unblock: debian-edu-doc/2.11.26
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991852: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991852
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-doc

  * Update Debian Edu Bullseye manual from the wiki.
  [ Translation updates ]
  * Bullseye manual:
- German: Wolfgang Schweer
- Dutch: Frans Spiesschaert
- Portuguese (Brazil): Barbara Tostes and Fred Maranhão
- Polish: Stanisław Stefan Krukowski
- Chinese (Simplified): Ma Yong
  * Buster manual:
- Portuguese (Brazil): Barbara Tostes and Fred Maranhão
- Polish: Stanisław Stefan Krukowski
- Chinese (Simplified): Ma Yong
(changes by Holger Levsen)

Documentation-only change, no debdiff due to size:
 debian/changelog   
  |   18
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml  
  |   27
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po 
  |   61
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po 
  |   83
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |   48
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po 
  | 1798 --
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po 
  | 1802 --
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po 
  |   76
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po  
  |   58
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po 
  | 7847 ++
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po 
  |  343
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot   
  |   45
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po  
  |   95
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po  
  |   80
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po 
  |   80
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po 
  |   49
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po 
  |   49
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml   
  |   27
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po  
  |  117
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po  
  |   47
 
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
 |8
 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po 
  |  135
 documentation/debian-edu-buster/debian-edu-buster-manual.pt-br.po  
  |   20
 documentation/debian-edu-buster/debian-edu-buster-manual.zh-cn.po  
  |   17
 24 files changed, 5972 insertions(+), 6958 deletions(-)


unblock debian-edu-doc/2.11.26
--- End Message ---
--- Begin Message ---
Hi Adrian, Holger,

On 03-08-2021 13:50, Adrian Bunk wrote:
> Please unblock package debian-edu-doc

Unblock hint added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991852: unblock: debian-edu-doc/2.11.26

[Holger Levsen]

On Tue, Aug 03, 2021 at 02:50:27PM +0300, Adrian Bunk wrote:
> Please unblock package debian-edu-doc
[...]
> unblock debian-edu-doc/2.11.26

thanks for filing this unblock request, Adrian!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"A developed country is not a place where the poor have cars. It's where the
rich use public transportation." (quote attributed to several people)


signature.asc
Description: PGP signature

Bug#991852: unblock: debian-edu-doc/2.11.26

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-doc

  * Update Debian Edu Bullseye manual from the wiki.
  [ Translation updates ]
  * Bullseye manual:
- German: Wolfgang Schweer
- Dutch: Frans Spiesschaert
- Portuguese (Brazil): Barbara Tostes and Fred Maranhão
- Polish: Stanisław Stefan Krukowski
- Chinese (Simplified): Ma Yong
  * Buster manual:
- Portuguese (Brazil): Barbara Tostes and Fred Maranhão
- Polish: Stanisław Stefan Krukowski
- Chinese (Simplified): Ma Yong
(changes by Holger Levsen)

Documentation-only change, no debdiff due to size:
 debian/changelog   
  |   18
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml  
  |   27
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po 
  |   61
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po 
  |   83
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |   48
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po 
  | 1798 --
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po 
  | 1802 --
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po 
  |   76
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po  
  |   58
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po 
  | 7847 ++
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po 
  |  343
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot   
  |   45
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po  
  |   95
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po  
  |   80
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po 
  |   80
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po 
  |   49
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po 
  |   49
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml   
  |   27
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po  
  |  117
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po  
  |   47
 
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
 |8
 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po 
  |  135
 documentation/debian-edu-buster/debian-edu-buster-manual.pt-br.po  
  |   20
 documentation/debian-edu-buster/debian-edu-buster-manual.zh-cn.po  
  |   17
 24 files changed, 5972 insertions(+), 6958 deletions(-)


unblock debian-edu-doc/2.11.26

Bug#991851: unblock: piuparts/1.1.4

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package piuparts

This update prepares the package for stable=bullseye.
It also switches some scripts to the mariadb and postgresql versions we
have in bullseye.
The pkgsummary changes fix some recent breakage observed on piuparts.d.o
and have been deployed there for some days already.

There will probably be a larger update coming for the first
bullseye point release... if I find some time...

unblock piuparts/1.1.4

Andreas

(trying to get the last unblock request in before the deadline :-)


piuparts-1.1.4.diff.gz
Description: application/gzip

Bug#991850: unblock: tmpreaper/1.6.14+nmu2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package tmpreaper

  * Apply patch from Mick Switser to fix protect on directory.
(Closes: #636459)

unblock tmpreaper/1.6.14+nmu2
diff -Nru tmpreaper-1.6.14+nmu1/ChangeLog tmpreaper-1.6.14+nmu2/ChangeLog
--- tmpreaper-1.6.14+nmu1/ChangeLog 2019-09-06 16:20:49.0 +0300
+++ tmpreaper-1.6.14+nmu2/ChangeLog 2021-08-03 08:35:41.0 +0300
@@ -1,3 +1,11 @@
+tmpreaper (1.6.14+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from Mick Switser to fix protect on directory.
+(Closes: #636459)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:35:41 +0300
+
 tmpreaper (1.6.14+nmu1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru tmpreaper-1.6.14+nmu1/debian/changelog 
tmpreaper-1.6.14+nmu2/debian/changelog
--- tmpreaper-1.6.14+nmu1/debian/changelog  2019-09-06 16:20:49.0 
+0300
+++ tmpreaper-1.6.14+nmu2/debian/changelog  2021-08-03 08:35:41.0 
+0300
@@ -1,3 +1,11 @@
+tmpreaper (1.6.14+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from Mick Switser to fix protect on directory.
+(Closes: #636459)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:35:41 +0300
+
 tmpreaper (1.6.14+nmu1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru tmpreaper-1.6.14+nmu1/tmpreaper.c tmpreaper-1.6.14+nmu2/tmpreaper.c
--- tmpreaper-1.6.14+nmu1/tmpreaper.c   2019-01-05 17:23:01.0 +0200
+++ tmpreaper-1.6.14+nmu2/tmpreaper.c   2021-08-03 08:35:41.0 +0300
@@ -519,6 +519,21 @@
continue;
}
 
+if (FLAGS_PROTECT_P (flags)) {
+   skip = i = 0;
+   do {
+   if (sb.st_ino == protect_table[i].inode) {
+   message (LOG_VERBOSE,
+"Entry matching `--protect' pattern 
skipped. `%s'\n",
+protect_table[i].name);
+   skip = 1;
+   break;
+   }
+   } while (protect_table[i++].name);
+   if (skip)
+   continue;
+   }
+
if (S_ISDIR (sb.st_mode)) {
 #ifdef HAVE_LIBMOUNT_LIBMOUNT_H
struct mountpoint_control ctl = { NULL };
@@ -565,21 +580,6 @@
 (u_int) getpid(), ent->d_name);
}
 
-   if (FLAGS_PROTECT_P (flags)) {
-   skip = i = 0;
-   do {
-   if (sb.st_ino == protect_table[i].inode) {
-   message (LOG_VERBOSE,
-"Entry matching `--protect' pattern 
skipped. `%s'\n",
-protect_table[i].name);
-   skip = 1;
-   break;
-   }
-   } while (protect_table[i++].name);
-   if (skip)
-   continue;
-   }
-
/* Decide whether to remove the file or not */
/* check for mtime on directory instead of atime if requested */
if ( FLAGS_MTIME_P(flags) ||

Bug#991849: unblock: sctk/2.4.10-20151007-1312Z+dfsg2-3.1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package sctk

  * Apply patch by Michael Hudson-Doyle to use pdftoppm instead
of convert to convert pdf to jpg as the latter fails with the
changed security policy of ImageMagick. (Closes: #962439)
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog   2016-04-27 
19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog   2021-08-03 
09:44:24.0 +0300
@@ -1,3 +1,12 @@
+sctk (2.4.10-20151007-1312Z+dfsg2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch by Michael Hudson-Doyle to use pdftoppm instead
+of convert to convert pdf to jpg as the latter fails with the
+changed security policy of ImageMagick. (Closes: #962439)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 09:44:24 +0300
+
 sctk (2.4.10-20151007-1312Z+dfsg2-3) unstable; urgency=medium
 
   * Fix an error in replacement files Makefile.
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/control
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2016-04-27 
19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2021-08-03 
09:44:12.0 +0300
@@ -8,6 +8,7 @@
  dh-buildinfo,
  dpkg-dev (>= 1.16.1~),
  librsvg2-bin,
+ poppler-utils,
  texlive-latex-base,
  texlive-latex-extra,
  imagemagick,
diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile 
sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile
--- sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile  
2016-04-27 19:42:33.0 +0300
+++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile  
2021-08-03 09:43:34.0 +0300
@@ -34,7 +34,7 @@
 all: $(OUTPUT)
 
 %.jpg: %.pdf
-   convert -density 300 $< $@
+   pdftoppm -jpeg -singlefile -r 300 $< > $@
 
 %.png: %.svg
convert "$<" "$@"

Bug#991848: unblock: statsvn/0.7.0.dfsg-10

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package statsvn

  * Add patch from FreeBSD to disable the version check that broke
with Subversion >= 10. (Closes: #990488)

unblock statsvn/0.7.0.dfsg-10
diff -Nru statsvn-0.7.0.dfsg/debian/changelog 
statsvn-0.7.0.dfsg/debian/changelog
--- statsvn-0.7.0.dfsg/debian/changelog 2018-11-18 13:02:28.0 +0200
+++ statsvn-0.7.0.dfsg/debian/changelog 2021-08-03 08:05:50.0 +0300
@@ -1,3 +1,11 @@
+statsvn (0.7.0.dfsg-10) unstable; urgency=medium
+
+  * QA upload.
+  * Add patch from FreeBSD to disable the version check that broke
+with Subversion >= 10. (Closes: #990488)
+
+ -- Adrian Bunk   Tue, 03 Aug 2021 08:05:50 +0300
+
 statsvn (0.7.0.dfsg-9) unstable; urgency=medium
 
   * QA upload.
diff -Nru statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java 
statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
--- statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
1970-01-01 02:00:00.0 +0200
+++ statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java
2021-08-03 08:05:38.0 +0300
@@ -0,0 +1,17 @@
+Skip SVN version check which doesn't work anymore with SVN 1.10.0
+
+--- a/src/net/sf/statsvn/Main.java.orig2018-06-25 06:52:30 UTC
 b/src/net/sf/statsvn/Main.java
+@@ -105,12 +105,6 @@ public final class Main {
+ public static void generate() {
+ try {
+ RepositoryFileManager manager = createRepoManager();
+-String version = 
manager.getProcessor().getVersionProcessor().checkSvnVersionSufficient();
+-final boolean isNewerDiffPossible = 
manager.getProcessor().getVersionProcessor().checkDiffPerRevPossible(version);
+-// fall-back to older option.
+-if (!isNewerDiffPossible) {
+-SvnConfigurationOptions.setLegacyDiff(true);
+-}
+ 
+ 
manager.getProcessor().getInfoProcessor().checkRepoRootAvailable();
+ generateDefaultHTMLSuite(manager);
diff -Nru statsvn-0.7.0.dfsg/debian/patches/series 
statsvn-0.7.0.dfsg/debian/patches/series
--- statsvn-0.7.0.dfsg/debian/patches/series2018-04-20 00:41:58.0 
+0300
+++ statsvn-0.7.0.dfsg/debian/patches/series2021-08-03 08:05:48.0 
+0300
@@ -1,3 +1,4 @@
 10-build-xml-classpath.diff
 15-build-xml-build-jar-only.diff
 20-remove-backport-util-concurrent.diff
+patch-src_net_sf_statsvn_Main.java

Bug#991846: unblock: openjdk-17/17~33ea-1

[Matthias Klose]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: secur...@debian.org

Please unblock openjdk-17, the next openjdk-17 snapshot build, also including
security fixes from the last openjdk-11 security release. That could be done as
a security update as well, the unblock would just avoid that extra work.

The only packaging change is to mark the early-access status in the Debian
package versions.

Not attaching a debdiff compared to the version in testing, it's huge.

openjdk-17 (17~33ea-1) unstable; urgency=high

  * OpenJDK 17 snapshot, build 33.
  * Regenerate the control file.

 -- Matthias Klose   Fri, 30 Jul 2021 14:48:42 +0200

openjdk-17 (17~32ea-1) unstable; urgency=high

  * OpenJDK 17 snapshot, build 32.
  * Security fixes:
- JDK-8256157: Improve bytecode assembly.
- JDK-8256491: Better HTTP transport.
- JDK-8258432, CVE-2021-2341: Improve file transfers.
- JDK-8260453: Improve Font Bounding.
- JDK-8260960: Signs of jarsigner signing.
- JDK-8260967, CVE-2021-2369: Better jar file validation.
- JDK-8262380: Enhance XML processing passes.
- JDK-8262403: Enhanced data transfer.
- JDK-8262410: Enhanced rules for zones.
- JDK-8262477: Enhance String Conclusions.
- JDK-8262967: Improve Zip file support.
- JDK-8264066, CVE-2021-2388: Enhance compiler validation.
- JDK-8264079: Improve abstractions.
- JDK-8264460: Improve NTLM support.

 -- Matthias Klose   Mon, 26 Jul 2021 11:25:32 +0200

openjdk-17 (17~31ea-1) unstable; urgency=medium

  * OpenJDK 17 snapshot, build 31.
  * Encode the early-access status into the package version. LP: #1934895.

 -- Matthias Klose   Sat, 17 Jul 2021 14:25:02 +0200

openjdk-17 (17~29-1) unstable; urgency=medium

  * OpenJDK 17 snapshot, build 29.
  * Update watch file.
  * Prepare to build with jtreg6, where available.

 -- Matthias Klose   Thu, 01 Jul 2021 16:42:23 +0200

openjdk-17 (17~27-1) unstable; urgency=medium

  * OpenJDK 17 snapshot, build 27.
  * Only build using lto with GCC 11.
  * Build using GCC 11 in recent distributions.
  * Update VCS attributes.
  * Disable runnning the tests, requires not yet packaged jtreg6.
  * Remove rimd, removed upstream.

 -- Matthias Klose   Fri, 18 Jun 2021 15:06:18 +0200

openjdk-17 (17~24-1) unstable; urgency=medium

  * OpenJDK 17 snapshot, build 24.
  * Drop the work around for JDK 8211105.
  * Remove jaotc (the experimental JIT compiler), removed upstream.
  * Add an (unapplied) patch to replace OASIS header files with ones
imported from NSPR and NSS. See #985765.  Not reviewed, not applying.

 -- Matthias Klose   Thu, 27 May 2021 11:26:59 +0200

Bug#991845: unblock: libx11/2:1.7.2-1

[Timo Aaltonen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: b...@debian.org mzagr...@d.umn.edu

Please unblock package libx11

[ Reason ]
The new upstream release fixes regressions in the previous CVE release, 
including a segfault in fdesign. (bug 990998)

[ Impact ]
Regressions remain in bullseye release.

[ Tests ]
The new version has a commit that fixes a bug with a similar backtrace as 
990998, Matt can verify here that fdesign works with the new libx11.

[ Risks ]
The upstream changes are small, only three commits, 

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x attach debdiff against the package in testing

[ Other info ]
The diff is filtered to have only changes to the code and packaging, autotools 
changes are removed.

unblock libx11/2:1.7.2-1
diff -Nru libx11-1.7.1/configure.ac libx11-1.7.2/configure.ac
--- libx11-1.7.1/configure.ac   2021-05-18 17:14:20.0 +0300
+++ libx11-1.7.2/configure.ac   2021-06-06 19:48:52.0 +0300
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libX11], [1.7.1],
+AC_INIT([libX11], [1.7.2],
 [https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])
diff -Nru libx11-1.7.1/debian/changelog libx11-1.7.2/debian/changelog
--- libx11-1.7.1/debian/changelog   2021-08-03 11:34:34.0 +0300
+++ libx11-1.7.2/debian/changelog   2021-08-03 11:34:35.0 +0300
@@ -1,3 +1,13 @@
+libx11 (2:1.7.2-1) unstable; urgency=medium
+
+  [ Timo Aaltonen ]
+  * New upstream release. (Closes: #990998)
+
+  [ Julien Cristau ]
+  * Fix Vcs-Git control field.
+
+ -- Timo Aaltonen   Mon, 26 Jul 2021 11:29:39 +0300
+
 libx11 (2:1.7.1-1) unstable; urgency=medium
 
   [ Julien Cristau ]
diff -Nru libx11-1.7.1/debian/control libx11-1.7.2/debian/control
--- libx11-1.7.1/debian/control 2021-08-03 11:34:34.0 +0300
+++ libx11-1.7.2/debian/control 2021-08-03 11:34:35.0 +0300
@@ -17,7 +17,7 @@
  xorg-sgml-doctools (>= 1:1.10),
  w3m,
 Standards-Version: 4.5.0
-Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11
+Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11.git
 Vcs-Browser: https://salsa.debian.org/xorg-team/lib/libx11
 
 Package: libx11-6
diff -Nru libx11-1.7.1/README.md libx11-1.7.2/README.md
--- libx11-1.7.1/README.md  2021-05-18 17:14:20.0 +0300
+++ libx11-1.7.2/README.md  2021-06-06 19:48:52.0 +0300
@@ -31,6 +31,11 @@
 
   https://www.x.org/wiki/Development/Documentation/SubmittingPatches
 
+## Release 1.7.2
+
+This is a bug fix release, correcting a regression introduced by and
+improving the checks from the fix for CVE-2021-31535.
+
 ## Release 1.7.1
 
 This is a bug fix release, including a security fix for
diff -Nru libx11-1.7.1/src/Font.c libx11-1.7.2/src/Font.c
--- libx11-1.7.1/src/Font.c 2021-05-18 17:14:33.0 +0300
+++ libx11-1.7.2/src/Font.c 2021-06-06 19:48:53.0 +0300
@@ -102,7 +102,7 @@
 XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy);
 #endif
 
-if (strlen(name) >= USHRT_MAX)
+if (name != NULL && strlen(name) >= USHRT_MAX)
 return NULL;
 if (_XF86LoadQueryLocaleFont(dpy, name, _result, (Font *)0))
   return font_result;
@@ -656,7 +656,7 @@
XFontStruct **xfp,
Font *fidp)
 {
-int l;
+size_t l;
 const char *charset, *p;
 char buf[256];
 XFontStruct *fs;
@@ -664,7 +664,7 @@
 
 if (!name)
return 0;
-l = (int) strlen(name);
+l = strlen(name);
 if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX)
return 0;
 charset = NULL;
@@ -677,11 +677,11 @@
charset = "ISO8859-1";
p = charset + 7;
 }
-if (l - 2 - (p - charset) < 0)
+if (l - 2 < p - charset)
return 0;
 if (_XlcNCompareISOLatin1(name + l - 2 - (p - charset), charset, p - 
charset))
return 0;
-if (strlen(p + 1) + (size_t) l - 1 >= sizeof(buf) - 1)
+if (strlen(p + 1) + l - 1 >= sizeof(buf) - 1)
return 0;
 strcpy(buf, name);
 strcpy(buf + l - 1, p + 1);
diff -Nru libx11-1.7.1/src/FontInfo.c libx11-1.7.2/src/FontInfo.c
--- libx11-1.7.1/src/FontInfo.c 2021-05-18 17:14:33.0 +0300
+++ libx11-1.7.2/src/FontInfo.c 2021-06-06 19:48:53.0 +0300
@@ -58,7 +58,7 @@
 register xListFontsReq *req;
 int j;
 
-if (strlen(pattern) >= USHRT_MAX)
+if (pattern != NULL && strlen(pattern) >= USHRT_MAX)
 return NULL;
 
 LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/FontNames.c libx11-1.7.2/src/FontNames.c
--- libx11-1.7.1/src/FontNames.c2021-05-18 17:14:33.0 +0300
+++ libx11-1.7.2/src/FontNames.c2021-06-06 19:48:53.0 +0300
@@ -51,7 +51,7 @@
 register xListFontsReq *req;
 unsigned long rlen = 0;
 
-if (strlen(pattern) >= USHRT_MAX)
+if 

Bug#991844: unblock: libpam-tacplus/1.3.8-2.1

[Utkarsh Gupta]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. -pu update for buster is also being filed. This
update also helps in fixing the versioning problem because as of now,
the version in stretch is greater than that in stable and sid. So this
update will help fix things for sid and bullseye, at least.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh
hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libpam-tacplus_sid.debdiff
Description: Binary data

Bug#991843: unblock: libjdom2-java/2.0.6-1.1

[Utkarsh Gupta]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libjdom2-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh
hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libjdom2-java_sid.debdiff
Description: Binary data

Bug#991842: unblock: libjdom1-java/1.1.3-2.1

[Utkarsh Gupta]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hey,

src:libjdom1-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.

Since this is just a CVE fix, I'd request you to unblock this and let
it go to bullseye, please? (I am sorry for doing this on the eleventh hour :/)

The debdiff is duly attached. Let me know if you any more information. TIA! \o/


- u


libjdom1-java_sid.debdiff
Description: Binary data

Processed: Retitle

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 991841 unblock: perm/0.4.0-7
Bug #991841 [release.debian.org] perm/0.4.0-7
Changed Bug title to 'unblock: perm/0.4.0-7' from 'perm/0.4.0-7'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
991841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991841
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991841: unblock: perm/0.4.0-6

[Nilesh Patra]

control: retitle -1 perm/0.4.0-7

On Tue, 3 Aug 2021 09:39:04 +0200 Sebastian Ramacher  
wrote:
>> Control: tags -1 moreinfo
>> +-inline char* myStrCpy(char* caBuf, const char* str, int iBufSize)
>> ++inline int myStrCpy(char* caBuf, const char* str, int iBufSize)
>> + {
>> + if (caBuf == NULL) {
>> + ERR;
>> +-return(NULL);
>> ++return(-1);
>> + }
>> + int iBufSizeMinus1 = iBufSize - 1;
>> +-char* returnV = strncpy(caBuf, str, iBufSizeMinus1);
>> ++int returnV = strlcpy(caBuf, str, iBufSizeMinus1);

> The interesting thing about strlcpy is that you don't have to deal with
> this -1 nonsense and the explicit NUL-termination that follows. In fact,
> this patch now makes every buffer 1 byte smaller. strlcpy copies
> iBufSizeMinus1 - 1 characters in this case. Is that intended?

Aw, crap, no. I got sloppy here. I just did another upload on top of it, to
copy right buffer length, retitled accordingly.
Hopefully this should be fine now.
The debdiff is also attached w/ the version in testing

> I agree that this issue should be fixed, but I'm not sure if it is
> necessary to rush a fix now.

IMO, if this fixed is not merged now, I'll have to push it to next
stable point release, creating more work for everyone, and also passing
in this seemingly RC bug to the first release.
Being a leaf package with a relatively low popcon score, I think it is
not going to do a lot of damage, and I think it
would be really really great if you consider to let this in now, than later.
Upstream is not active, and I do not expect much from them.

Ofcourse, I agree that this creates some last minute noise+work for
the release team and I'm really
sorry about this -- it was discovered just yesterday, and I uploaded
after enough ACKs as soon as I found a relevant workaround.
But I'd be obliged if you consider to let this in.

Nilesh
diff -Nru perm-0.4.0/debian/changelog perm-0.4.0/debian/changelog
--- perm-0.4.0/debian/changelog 2020-11-24 14:40:20.0 +0530
+++ perm-0.4.0/debian/changelog 2021-08-03 13:17:48.0 +0530
@@ -1,3 +1,31 @@
+perm (0.4.0-7) unstable; urgency=medium
+
+  * Team Upload.
+  * d/p/fix-buffer-overflow.patch: Do not reduce buffer size by 1
+
+ -- Nilesh Patra   Tue, 03 Aug 2021 13:17:48 +0530
+
+perm (0.4.0-6) unstable; urgency=medium
+
+  * Team Upload.
+  [ Shruti Sridhar ]
+  * d/tests/data: Add testdata
+  * d/tests: Add autopkgtest
+  * d/example: Install test data as example
+  * d/docs: Install d/README.* and d/tests/run-unit-test
+as documents
+  * d/p/hardening.patch: Add CPPFLAGS which helped detect
+buffer overflow
+  * d/copyright: Test data has been written by Shruti, mentioning
+them in copyright for the same
+
+  [ Nilesh Patra ]
+  * d/p/fix-buffer-overflow.patch: Use strlcpy from libbsd-dev
+instead of strncpy in order to fix buffer overflow
+  * d/control: Add B-D on libbsd-dev
+
+ -- Nilesh Patra   Tue, 03 Aug 2021 00:31:10 +0530
+
 perm (0.4.0-5) unstable; urgency=medium
 
   * Standards-Version: 4.5.1 (routine-update)
diff -Nru perm-0.4.0/debian/control perm-0.4.0/debian/control
--- perm-0.4.0/debian/control   2020-11-24 14:40:20.0 +0530
+++ perm-0.4.0/debian/control   2021-08-02 21:22:22.0 +0530
@@ -3,7 +3,7 @@
 Uploaders: Andreas Tille 
 Section: science
 Priority: optional
-Build-Depends: debhelper-compat (= 13)
+Build-Depends: debhelper-compat (= 13), libbsd-dev
 Standards-Version: 4.5.1
 Vcs-Browser: https://salsa.debian.org/med-team/perm
 Vcs-Git: https://salsa.debian.org/med-team/perm.git
diff -Nru perm-0.4.0/debian/copyright perm-0.4.0/debian/copyright
--- perm-0.4.0/debian/copyright 2020-11-24 14:40:20.0 +0530
+++ perm-0.4.0/debian/copyright 2021-08-03 00:41:56.0 +0530
@@ -12,6 +12,10 @@
2014-2017 Andreas Tille 
 License: Apache-2.0
 
+Files: debian/tests/data/*
+Copyright: Shruti Sridhar 
+License: Apache-2.0
+
 License: Apache-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru perm-0.4.0/debian/docs perm-0.4.0/debian/docs
--- perm-0.4.0/debian/docs  1970-01-01 05:30:00.0 +0530
+++ perm-0.4.0/debian/docs  2021-08-02 17:25:32.0 +0530
@@ -0,0 +1,2 @@
+debian/README*
+debian/tests/run-unit-test
\ No newline at end of file
diff -Nru perm-0.4.0/debian/examples perm-0.4.0/debian/examples
--- perm-0.4.0/debian/examples  1970-01-01 05:30:00.0 +0530
+++ perm-0.4.0/debian/examples  2021-08-02 17:25:32.0 +0530
@@ -0,0 +1 @@
+debian/tests/data/*
\ No newline at end of file
diff -Nru perm-0.4.0/debian/patches/fix-buffer-overflow.patch 
perm-0.4.0/debian/patches/fix-buffer-overflow.patch
--- perm-0.4.0/debian/patches/fix-buffer-overflow.patch 1970-01-01 
05:30:00.0 +0530
+++ perm-0.4.0/debian/patches/fix-buffer-overflow.patch 2021-08-03 
13:14:38.0 +0530
@@ -0,0 +1,42 @@
+Description: Use strlcpy from libbsd-dev instead of 

Processed: Re: Bug#991841: unblock: perm/0.4.0-6

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 perm/0.4.0-7
Bug #991841 [release.debian.org] unblock: perm/0.4.0-6
Changed Bug title to 'perm/0.4.0-7' from 'unblock: perm/0.4.0-6'.

-- 
991841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991841
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991636: marked as done (unblock: projectm/3.1.7-1.1 (pre-approval))

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 09:48:43 +0200
with message-id 

and subject line Re: Bug#991636: unblock: projectm/3.1.7-1.1 (pre-approval)
has caused the Debian Bug report #991636,
regarding unblock: projectm/3.1.7-1.1 (pre-approval)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991636
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package projectm

on some upgrade paths the ancient libprojectm2 may have survived, but
projectm-data only has B+R against the later libprojectm2v5, while both
shipped the same files. (The current library name is libprojectm3.)

The fix is not yet uploaded, I intend to 2-day NMU it.

unblock projectm/3.1.7-1.1

Andreas
diff -Nru projectm-3.1.7/debian/changelog projectm-3.1.7/debian/changelog
--- projectm-3.1.7/debian/changelog 2020-08-01 23:02:11.0 +0200
+++ projectm-3.1.7/debian/changelog 2021-07-29 14:14:03.0 +0200
@@ -1,3 +1,10 @@
+projectm (3.1.7-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * projectm-data: Add Breaks+Replaces: libprojectm2 (Closes: #988171)
+
+ -- Andreas Beckmann   Thu, 29 Jul 2021 14:14:03 +0200
+
 projectm (3.1.7-1) unstable; urgency=medium
 
   * New upstream version 3.1.7
diff -Nru projectm-3.1.7/debian/control projectm-3.1.7/debian/control
--- projectm-3.1.7/debian/control   2020-06-29 22:24:24.0 +0200
+++ projectm-3.1.7/debian/control   2021-07-29 14:13:59.0 +0200
@@ -61,8 +61,8 @@
 Multi-Arch: foreign
 Section: libs
 Depends: ${misc:Depends}
-Breaks: libprojectm2v5 (<< 3.1.3-1)
-Replaces: libprojectm2v5 (<< 3.1.3-1)
+Breaks: libprojectm2v5 (<< 3.1.3-1), libprojectm2
+Replaces: libprojectm2v5 (<< 3.1.3-1), libprojectm2
 Description: Advanced Milkdrop-compatible music visualization library - data
  libprojectm is an iterative music visualization library which uses
  OpenGL for hardware acceleration. It is compatible with Milkdrop
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#991832: marked as done (unblock: schleuder/3.6.0-3)

[Debian Bug Tracking System]

Your message dated Tue, 03 Aug 2021 07:44:23 +
with message-id 
and subject line unblock schleuder
has caused the Debian Bug report #991832,
regarding unblock: schleuder/3.6.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

Please unblock schleuder 3.6.0-3.

It ships an upstream patch to fix verifying encapsulated messages: monkeypatch
ruby-mail-gpg to restore the use of the unaltered raw source of the relevant
email part.

This code was removed in a recent release of ruby-mail-gpg for yet unknown
reasons, and uploaded to Debian via 0.4.4-1.

The change is guarded by a test, which contributes a lot to the size of the
diff; autopkgtests look good, no regressions reported.

Histogramm of the diff:

~ debdiff schleuder_3.6.0-2.dsc schleuder_3.6.0-3.dsc | diffstat

 changelog  |   11 
 patches/0030-fix-verifying-encapsulated-messages.patch |  308 +
 patches/series |1 
 3 files changed, 320 insertions(+)

Please find the full debdiff attached.

unblock schleuder/3.6.0-3

Thanks for your work,
cheers,
Georg
diff -Nru schleuder-3.6.0/debian/changelog schleuder-3.6.0/debian/changelog
--- schleuder-3.6.0/debian/changelog	2021-05-23 17:32:19.0 +
+++ schleuder-3.6.0/debian/changelog	2021-07-29 20:36:52.0 +
@@ -1,3 +1,14 @@
+schleuder (3.6.0-3) unstable; urgency=medium
+
+  * debian/patches:
+- Pull in upstream patch to fix verifying encapsulated messages:
+  monkeypatch ruby-mail-gpg to restore the use of the unaltered raw source
+  of the relevant email part.
+  This code was removed in a recent release of ruby-mail-gpg for yet
+  unknown reasons, and uploaded to Debian via 0.4.4-1.
+
+ -- Georg Faerber   Thu, 29 Jul 2021 20:36:52 +
+
 schleuder (3.6.0-2) unstable; urgency=medium
 
   * debian/control:
diff -Nru schleuder-3.6.0/debian/patches/0030-fix-verifying-encapsulated-messages.patch schleuder-3.6.0/debian/patches/0030-fix-verifying-encapsulated-messages.patch
--- schleuder-3.6.0/debian/patches/0030-fix-verifying-encapsulated-messages.patch	1970-01-01 00:00:00.0 +
+++ schleuder-3.6.0/debian/patches/0030-fix-verifying-encapsulated-messages.patch	2021-07-29 20:36:52.0 +
@@ -0,0 +1,308 @@
+Description: Fix verifying encapsulated messages
+ This monkeypatches mail-gpg to restore the use of the unaltered raw 
+ source of the relevant email part.
+ This code was removed in 
+ 
+ for yet unknown reasons.
+ The issue is tracked at .
+Origin: upstream
+Bug: https://0xacab.org/schleuder/schleuder/-/issues/502
+Applied-Upstream: cf9a046436e6a1cfe06565bf9b4a41d6b6eebb0d, 7c049123971bde41b5b9203b45009a40ff667b03
+Reviewed-by: Georg Faerber 
+Last-Update: 2021-07-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: schleuder/lib/schleuder.rb
+===
+--- schleuder.orig/lib/schleuder.rb	2021-07-29 20:07:47.289606627 +
 schleuder/lib/schleuder.rb	2021-07-29 20:07:47.281606517 +
+@@ -31,6 +31,7 @@
+ require 'schleuder/mail/message.rb'
+ require 'schleuder/mail/gpg.rb'
+ require 'schleuder/mail/encrypted_part.rb'
++require 'schleuder/mail/gpg/sign_part.rb'
+ require 'schleuder/gpgme/import_status.rb'
+ require 'schleuder/gpgme/key.rb'
+ require 'schleuder/gpgme/sub_key.rb'
+Index: schleuder/lib/schleuder/mail/gpg/sign_part.rb
+===
+--- /dev/null	1970-01-01 00:00:00.0 +
 schleuder/lib/schleuder/mail/gpg/sign_part.rb	2021-07-29 20:07:47.281606517 +
+@@ -0,0 +1,33 @@
++module Mail
++  module Gpg
++class SignPart < Mail::Part
++  # Copied verbatim from mail-gpg v.0.4.2. This code was changed in
++  # ,
++  # which breaks verifying some encapsulated (signed-then-encrypted)
++  # messages. See
++  #  for
++  # details.
++  def self.verify_signature(plain_part, signature_part, options = {})
++if 

Bug#991787: unblock: ucspi-unix/1.0-2

[Peter Pentchev]

On Tue, Aug 03, 2021 at 09:19:27AM +0200, Sebastian Ramacher wrote:
> On 2021-08-02 01:52:18 +0300, Peter Pentchev wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: r...@debian.org
> > 
> > This is a pre-approval request before I upload ucspi-unix to
> > unstable to fix a FTBFS on architectures where dietlibc is
> > not built; see #991774.
> 
> None of the release architectures are affected by this bug, so this
> sounds like bookworm material to me. It's too late for this type of
> changes, sorry.

No worries, thanks for your time!

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Bug#991833: marked as done (unblock: nvidia-cuda-toolkit/11.2.2-3)

[Debian Bug Tracking System]

Your message dated Tue, 03 Aug 2021 07:41:26 +
with message-id 
and subject line unblock nvidia-cuda-toolkit
has caused the Debian Bug report #991833,
regarding unblock: nvidia-cuda-toolkit/11.2.2-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nvidia-cuda-toolkit

Annotated changelog:

  * Use a snapshot of openjdk-8-jre (8u292-b10-3).

currently we use a much older snapshot on ppc64el

  * Tighten library dependencies.

right now it is possible to e.g. use an ancient version of
libcufft10 to satisfy the dependency of libcufftw10:

ii  libcufft10:amd64   10.1.105-1   amd64
NVIDIA cuFFT Library
ii  libcufftw10:amd64  11.1.1+~10.4.1.152~11.2.2-2  amd64
NVIDIA cuFFTW Library

This is not a supported combination, I have no idea if it would actually
work... So better use very strict dependencies if cuda toolkit libraries
depend on each other.

  * Add (tesla-)470 driver as alternate dependency.

we will probably switch to the 470 driver series during the lifetime of
bullseye since 470 will provide security updates for the next three
years. With this change we don't have to update nvidia-cuda-toolkit
at that time again.

  * Update watch file.

fix parsing the version from the changed website

Besides that, there are some documentation updates.
cuda-gdb compile flags have been wrapped for better manageability
but are otherwise unchanged
build-depends are a bit shuffled for consistency (if something is
needed by nvidia-openjdk-8, too, use the -dev package for [!arm64])
(unfortunately we still can't build nvidia-openjdk-8 from source
since it needs itself to boostrap)

unblock nvidia-cuda-toolkit/11.2.2-3

Andreas
diff --git a/debian/changelog b/debian/changelog
index 887afeb..17b52a0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+nvidia-cuda-toolkit (11.2.2-3) unstable; urgency=medium
+
+  * Use a snapshot of openjdk-8-jre (8u292-b10-3).
+  * Tighten library dependencies.
+  * Add (tesla-)470 driver as alternate dependency.
+  * Update watch file.
+
+ -- Andreas Beckmann   Sat, 24 Jul 2021 00:01:52 +0200
+
 nvidia-cuda-toolkit (11.2.2-2) unstable; urgency=medium
 
   * Use a snapshot of openjdk-8-jre (8u292-b10-0+deb9u1) for amd64.
diff --git a/debian/control b/debian/control
index 517d7fb..1e727ce 100644
--- a/debian/control
+++ b/debian/control
@@ -28,8 +28,8 @@ Build-Depends-Arch:
 # for nsight-compute/nsight-systems
  libasound2-dev [!arm64],
  libdbus-1-3 [amd64],
- libegl1 [amd64],
  libfontconfig1 [amd64],
+ libfreetype-dev [!arm64] | libfreetype6-dev [!arm64],
  libgl1 [amd64],
  libgssapi-krb5-2 [amd64],
  libnss3 [amd64],
@@ -37,12 +37,11 @@ Build-Depends-Arch:
  libxcomposite1 [amd64],
  libxcursor1 [amd64],
  libxdamage1 [amd64],
- libxi6 [!arm64],
+ libxi-dev [!arm64],
  libxkbcommon-x11-0 [amd64],
  libxrandr2 [amd64],
- libxtst6 [!arm64],
+ libxtst-dev [!arm64],
 # for nvidia-openjdk-8-jre
- libfreetype-dev [!arm64] | libfreetype6-dev [!arm64],
  libgif-dev [!arm64],
  libjpeg-dev (>= 1:0) [!arm64] | libjpeg62-dev [!arm64],
  liblcms2-dev [!arm64],
@@ -64,8 +63,8 @@ Depends:
  ${nvidia-profiler:eq:Version} [${cuda:arch:has-nvidia-profiler}],
  nvidia-cuda-dev (= ${binary:Version}),
  nvidia-opencl-dev (= ${binary:Version}) | opencl-dev,
- g++-${cuda:gcc:DefaultVersion} | g++-10 | clang-10 | g++-9 | clang-9 | g++-8 
| clang-8 | clang-7 | g++-7 | clang-6.0 | clang (<< 1:11~) | g++-6 | g++-5,
- gcc-${cuda:gcc:DefaultVersion} | gcc-10 | clang-10 | gcc-9 | clang-9 | gcc-8 
| clang-8 | clang-7 | gcc-7 | clang-6.0 | clang (<< 1:11~) | gcc-6 | gcc-5,
+ g++-${cuda:gcc:DefaultVersion} | g++-10 | clang-11 | clang-10 | g++-9 | 
clang-9 | g++-8 | clang-8 | clang-7 | g++-7 | clang-6.0 | clang (<< 1:12~) | 
g++-6,
+ gcc-${cuda:gcc:DefaultVersion} | gcc-10 | clang-11 | clang-10 | gcc-9 | 
clang-9 | gcc-8 | clang-8 | clang-7 | gcc-7 | clang-6.0 | clang (<< 1:12~) | 
gcc-6,
  ${shlibs:Depends}, ${misc:Depends},
 Recommends:
  nvidia-cuda-toolkit-doc (= ${source:Version}),
diff --git a/debian/gbp.conf b/debian/gbp.conf
index aeb749c..b741131 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -10,9 +10,8 @@ component = [
'amd64',
'ppc64el',
'arm64',
-   'openjdk-8-source-8u252-b09-1-d9u1',
-   'openjdk-8-source-8u292-b10-0-d9u1',
-  

Bug#991841: unblock: perm/0.4.0-6

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2021-08-03 11:19:46 +0530, Nilesh Patra wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: nil...@debian.org, debian-med-packag...@lists.alioth.debian.org
> 
> Please unblock package perm
> 
> [ Reason ]
> An autopkgtest was recently added to perm on its git repository, which
> resulted in uncovering a buffer overflow. Here's the log:
> 
> https://salsa.debian.org/med-team/perm/-/jobs/1788156
> 
> AIUI, this is a security issue and such issues are RC
> 
> [ Impact ]
> The users machine will contain a version of perm which can potentially
> cause a buffer overflow
> 
> [ Tests ]
> Autopkgtests have been added for this release
> 
> [ Risks ]
> Perm is a leaf package, I do not see any risks
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> Some stuff like installing docs in d/docs, or installing autopkgtests in
> d/examples might look redundant, but they are needed to run tests in a
> sane fashion. These changes are not too major, and are rather harmless.
> 
> unblock perm/0.4.0-6

> diff -Nru perm-0.4.0/debian/changelog perm-0.4.0/debian/changelog
> --- perm-0.4.0/debian/changelog   2020-11-24 14:40:20.0 +0530
> +++ perm-0.4.0/debian/changelog   2021-08-03 00:31:10.0 +0530
> @@ -1,3 +1,24 @@
> +perm (0.4.0-6) unstable; urgency=medium
> +
> +  * Team Upload.
> +  [ Shruti Sridhar ]
> +  * d/tests/data: Add testdata
> +  * d/tests: Add autopkgtest
> +  * d/example: Install test data as example
> +  * d/docs: Install d/README.* and d/tests/run-unit-test
> +as documents
> +  * d/p/hardening.patch: Add CPPFLAGS which helped detect
> +buffer overflow
> +  * d/copyright: Test data has been written by Shruti, mentioning
> +them in copyright for the same
> +
> +  [ Nilesh Patra ]
> +  * d/p/fix-buffer-overflow.patch: Use strlcpy from libbsd-dev
> +instead of strncpy in order to fix buffer overflow
> +  * d/control: Add B-D on libbsd-dev
> +
> + -- Nilesh Patra   Tue, 03 Aug 2021 00:31:10 +0530
> +
>  perm (0.4.0-5) unstable; urgency=medium
>  
>* Standards-Version: 4.5.1 (routine-update)
> diff -Nru perm-0.4.0/debian/control perm-0.4.0/debian/control
> --- perm-0.4.0/debian/control 2020-11-24 14:40:20.0 +0530
> +++ perm-0.4.0/debian/control 2021-08-02 21:22:22.0 +0530
> @@ -3,7 +3,7 @@
>  Uploaders: Andreas Tille 
>  Section: science
>  Priority: optional
> -Build-Depends: debhelper-compat (= 13)
> +Build-Depends: debhelper-compat (= 13), libbsd-dev
>  Standards-Version: 4.5.1
>  Vcs-Browser: https://salsa.debian.org/med-team/perm
>  Vcs-Git: https://salsa.debian.org/med-team/perm.git
> diff -Nru perm-0.4.0/debian/copyright perm-0.4.0/debian/copyright
> --- perm-0.4.0/debian/copyright   2020-11-24 14:40:20.0 +0530
> +++ perm-0.4.0/debian/copyright   2021-08-03 00:31:10.0 +0530
> @@ -12,6 +12,10 @@
> 2014-2017 Andreas Tille 
>  License: Apache-2.0
>  
> +Files: debian/tests/data/*
> +Copyright: Shruti Sridhar 
> +License: Apache-2.0
> +
>  License: Apache-2.0
>   Unless required by applicable law or agreed to in writing, software
>   distributed under the License is distributed on an "AS IS" BASIS,
> diff -Nru perm-0.4.0/debian/docs perm-0.4.0/debian/docs
> --- perm-0.4.0/debian/docs1970-01-01 05:30:00.0 +0530
> +++ perm-0.4.0/debian/docs2021-08-02 17:25:32.0 +0530
> @@ -0,0 +1,2 @@
> +debian/README*
> +debian/tests/run-unit-test
> \ No newline at end of file
> diff -Nru perm-0.4.0/debian/examples perm-0.4.0/debian/examples
> --- perm-0.4.0/debian/examples1970-01-01 05:30:00.0 +0530
> +++ perm-0.4.0/debian/examples2021-08-02 17:25:32.0 +0530
> @@ -0,0 +1 @@
> +debian/tests/data/*
> \ No newline at end of file
> diff -Nru perm-0.4.0/debian/patches/fix-buffer-overflow.patch 
> perm-0.4.0/debian/patches/fix-buffer-overflow.patch
> --- perm-0.4.0/debian/patches/fix-buffer-overflow.patch   1970-01-01 
> 05:30:00.0 +0530
> +++ perm-0.4.0/debian/patches/fix-buffer-overflow.patch   2021-08-03 
> 00:30:42.0 +0530
> @@ -0,0 +1,42 @@
> +Description: Use strlcpy from libbsd-dev instead of strncpy in order to 
> avoid buffer overflow
> +Author: Nilesh Patra 
> +Last-Update: 2021-08-03
> +--- a/makefile
>  b/makefile
> +@@ -2,7 +2,7 @@
> + CC = g++ -O2 $(CFLAGS)
> + 
> + TARGETS = perm
> +-LIBS = -lm -lstdc++ 
> ++LIBS = -lm -lstdc++ -lbsd 
> +  
> + PER_M = AlignmentsQ.cpp Filename.cpp GenomeNTdata.cpp ReadInBits.cpp 
> PerM.cpp chromosomeNTdata.cpp\
> + bitsOperationUtil.cpp FileOutputBuffer.cpp HashIndexT.cpp ReadInBitsSet.cpp 
> SeedPattern.cpp\
> +--- a/stdafx.h
>  b/stdafx.h
> +@@ -12,6 +12,7 @@
> + #include 
> + #include "time.h"
> + #include "Filename.h"
> ++#include 
> + 

Processed: Re: Bug#991841: unblock: perm/0.4.0-6

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #991841 [release.debian.org] unblock: perm/0.4.0-6
Added tag(s) moreinfo.

-- 
991841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991841
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991821: marked as done (unblock: debian-keyring/2021.07.26)

[Debian Bug Tracking System]

Your message dated Tue, 03 Aug 2021 07:24:57 +
with message-id 
and subject line unblock debian-keyring
has caused the Debian Bug report #991821,
regarding unblock: debian-keyring/2021.07.26
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: keyring-ma...@debian.org

Please unblock package debian-keyring

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]

This is the usual request to unblock debian-keyring so that the most up
to date version of it can be included with the release. There was a
request for 2021.06.25 at the point it looked like we might just miss
this update, but this has got in with enough time to migrate.

[ Impact ]

If not unblocked then bullseye will ship with the June 2021 keyring
update.

[ Tests ]

N/A

[ Risks ]

This is a leaf package and there shouldn't be any risks associated with
including it in the release.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

[ Other info ]

I have not included a debdiff as I do not believe it is useful in any
fashion for this request.

unblock debian-keyring/2021.07.26

J.

-- 
... "For the Limit, I will forgive all." -- David Damerell, afw.
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Bug#991555: marked as done (unblock: wpewebkit/2.32.3-2)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 09:20:42 +0200
with message-id <274e937a-5efd-32ad-7f54-26e39b6d8...@debian.org>
and subject line Re: Bug#991555: unblock: wpewebkit/2.32.3-1
has caused the Debian Bug report #991555,
regarding unblock: wpewebkit/2.32.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991555
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package wpewebkit

Starting from bullseye we are providing security updates to wpewebkit,
in the same way that we are already doing it for webkit2gtk.

wpewebkit 2.32.3 is the most recent stable point release and contains
fixes for 13 security bugs.

See #991554 for more details because the list of bugs is the same one,
as both wpewebkit and webkit2gtk share most of the code and the same
comments apply.

The only difference is that there won't be a security update for
buster because wpewebkit is not covered by security support in that
distribution.

unblock wpewebkit/2.32.3-1
diff -Nru wpewebkit-2.32.1/debian/changelog wpewebkit-2.32.3/debian/changelog
--- wpewebkit-2.32.1/debian/changelog   2021-05-08 16:53:58.0 +0200
+++ wpewebkit-2.32.3/debian/changelog   2021-07-25 00:45:03.0 +0200
@@ -1,3 +1,28 @@
+wpewebkit (2.32.3-1) unstable; urgency=high
+
+  * New upstream release.
+  * The WPE WebKit security advisory WSA-2021-0004 lists the following
+security fixes in the latest versions of WPE WebKit:
++ CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0).
++ CVE-2021-30762 (fixed in 2.28.0).
++ CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826,
+  CVE-2021-30661 (fixed in 2.30.0).
++ CVE-2021-21806 (fixed in 2.30.6).
++ CVE-2021-30682 (fixed in 2.32.0).
++ CVE-2021-30758 (fixed in 2.32.2).
++ CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665,
+  CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744,
+  CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799
+  (fixed in 2.32.3).
+
+ -- Alberto Garcia   Sun, 25 Jul 2021 00:45:03 +0200
+
+wpewebkit (2.32.2-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Alberto Garcia   Mon, 12 Jul 2021 22:06:41 +0200
+
 wpewebkit (2.32.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch 
wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch
--- wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch2021-05-08 
16:53:58.0 +0200
+++ wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch2021-07-25 
00:45:03.0 +0200
@@ -196,3 +196,19 @@
  
  bool CSSValue::isImplicitInitialValue() const
  {
+Index: webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+===
+--- webkitgtk.orig/Source/WebCore/rendering/InlineFlowBox.cpp
 webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+@@ -53,7 +53,11 @@ struct SameSizeAsInlineFlowBox : public
+ void* pointers[5];
+ };
+ 
++#if defined(__m68k__)
++COMPILE_ASSERT(sizeof(InlineFlowBox) >= sizeof(SameSizeAsInlineFlowBox), 
InlineFlowBox_should_stay_small);
++#else
+ COMPILE_ASSERT(sizeof(InlineFlowBox) == sizeof(SameSizeAsInlineFlowBox), 
InlineFlowBox_should_stay_small);
++#endif
+ 
+ #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+ 
--- End Message ---
--- Begin Message ---
Hi Alberto,

On 03-08-2021 01:44, Alberto Garcia wrote:
> I uploaded 2.32.3-2 that can be installed in bullseyed with the
> current version of wpebackend-fdo

Thanks, unblock hints added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#991787: marked as done (unblock: ucspi-unix/1.0-2)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 09:19:27 +0200
with message-id 
and subject line Re: Bug#991787: unblock: ucspi-unix/1.0-2
has caused the Debian Bug report #991787,
regarding unblock: ucspi-unix/1.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991787
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: r...@debian.org

This is a pre-approval request before I upload ucspi-unix to
unstable to fix a FTBFS on architectures where dietlibc is
not built; see #991774.

[ Reason ]
See #991774 for more details: the way ucspi-unix runs the upstream build
twice is not fully conditional on the presence of the dietlibc build
helpers.

[ Impact ]
The ucspi-unix package is not built at all on architectures that
dietlibc does not support, thus Debian users are currently missing
the ucspi-unix functionality for these architectures.

[ Tests ]
None; it does not currently build at all.

[ Risks ]
Leaf package, not widely used. The risk that exposing Debian users to
the functionality of ucspi-unix would do them harm is, IMHO, negligible.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I based my fix on Dmitry Bogatov's already existing Salsa repository for
ucspi-unix. There was already a Salsa-specific commit there that is not
directly related to this bugfix, but does not affect the package at all.
Still, if you'd prefer me to prepare a new, bullseye-specific branch
that will only include this fix and not the Salsa CI definition, let me
know.

unblock ucspi-unix/1.0-2
diff -Nru ucspi-unix-1.0/debian/changelog ucspi-unix-1.0/debian/changelog
--- ucspi-unix-1.0/debian/changelog 2018-11-28 06:26:16.0 +0200
+++ ucspi-unix-1.0/debian/changelog 2021-08-02 01:36:27.0 +0300
@@ -1,3 +1,14 @@
+ucspi-unix (1.0-2) unstable; urgency=medium
+
+  [ Dmitry Bogatov ]
+  * Add a Gitlab CI config file.
+
+  [ Peter Pentchev ]
+  * New maintainer. Closes: #983804
+  * Only run the dietlibc build if possible. Closes: #991774
+
+ -- Peter Pentchev   Mon, 02 Aug 2021 01:36:27 +0300
+
 ucspi-unix (1.0-1) unstable; urgency=medium
 
   * New maintainer (Closes: #907084)
diff -Nru ucspi-unix-1.0/debian/control ucspi-unix-1.0/debian/control
--- ucspi-unix-1.0/debian/control   2018-11-28 06:26:16.0 +0200
+++ ucspi-unix-1.0/debian/control   2021-08-02 00:59:30.0 +0300
@@ -1,7 +1,7 @@
 Source: ucspi-unix
 Section: net
 Priority: optional
-Maintainer: Dmitry Bogatov 
+Maintainer: Peter Pentchev 
 Build-Depends:
  debhelper-compat (= 11),
  dh-buildinfo (>= 0.11+nmu1),
diff -Nru ucspi-unix-1.0/debian/.gitlab-ci.yml 
ucspi-unix-1.0/debian/.gitlab-ci.yml
--- ucspi-unix-1.0/debian/.gitlab-ci.yml1970-01-01 02:00:00.0 
+0200
+++ ucspi-unix-1.0/debian/.gitlab-ci.yml2021-08-02 00:57:09.0 
+0300
@@ -0,0 +1,5 @@
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+variables:
+  RELEASE: experimental
diff -Nru ucspi-unix-1.0/debian/rules ucspi-unix-1.0/debian/rules
--- ucspi-unix-1.0/debian/rules 2018-11-28 06:26:16.0 +0200
+++ ucspi-unix-1.0/debian/rules 2021-08-02 00:59:38.0 +0300
@@ -41,7 +41,9 @@
echo 'diet gcc $(LDFLAGS)' > diet/conf-ld
 
 override_dh_auto_build:
+ifeq (${HAVE_DIETLIBC},yes)
$(MAKE) -C diet
+endif
$(MAKE) -C glibc
 
 override_dh_auto_install:


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 2021-08-02 01:52:18 +0300, Peter Pentchev wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: r...@debian.org
> 
> This is a pre-approval request before I upload ucspi-unix to
> unstable to fix a FTBFS on architectures where dietlibc is
> not built; see #991774.

None of the release architectures are affected by this bug, so this
sounds like bookworm material to me. It's too late for this type of
changes, sorry.

Cheers

> 
> [ Reason ]
> See #991774 for more details: the way ucspi-unix runs the upstream build
> twice is not fully conditional on the presence of the dietlibc build
> helpers.
> 
> [ Impact ]
> The ucspi-unix package is not built at all on architectures 

Bug#991830: unblock: linux/5.10.46-4

[Salvatore Bonaccorso]

Control: tags -1 - moreinfo

Hi Paul,

On Mon, Aug 02, 2021 at 10:53:00PM +0200, Paul Gevers wrote:
> Control: tags -1 confirmed moreinfo
> 
> Hi Salvatore,
> 
> On 02-08-2021 22:19, Salvatore Bonaccorso wrote:
> > Upstream added in 5.13-rc4 a new kconfig know to diable unprivilged
> > bpf by default, but without making it irreversible. I cherry-picked
> > this commit as well, and set BPF_UNPRIV_DEFAULT_OFF, closing #990411.
> 
> I wonder if this would warrant a NEWS item and if you have time left to
> squeeze it in.

Yes, I have added a NEWS entry accordingly describing the default in
Debian staring with the 5.10.46-4 upload. Thanks for raising this.

> > Would you agree on such a very short timed upload still to be
> > targetting for bullseye?
> 
> If all (including magic of signing) can be build and ready for Saturday
> I think this issue is worth it. Normally you kernel people know very
> well what you're doing.

Thank you for the ack, this is very much appreciated. The full set of
changes, for the record were (but not adding a debdiff now):

   * bpf: Introduce BPF nospec instruction for mitigating Spectre v4
 (CVE-2021-34556, CVE-2021-35477)
   * bpf: Fix leakage due to insufficient speculative store bypass mitigation
 (CVE-2021-34556, CVE-2021-35477)
   * bpf: Remove superfluous aux sanitation on subprog rejection
   * Ignore ABI changes for bpf_offload_dev_create and bpf_verifier_log_write
   * bpf: Add kconfig knob for disabling unpriv bpf by default
   * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411)
   * linux-image: Add NEWS entry documenting that unprivileged calls to bpf() 
are
 disabled by default in Debian.
   * bpf: verifier: Allocate idmap scratch in verifier env
   * bpf: Fix pointer arithmetic mask tightening under state pruning

Regards,
Salvatore

Processed: Re: Bug#991830: unblock: linux/5.10.46-4

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #991830 [release.debian.org] unblock: linux/5.10.46-4
Removed tag(s) moreinfo.

-- 
991830: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991830
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#991600: marked as done (unblock: bind9-libs/1:9.11.19+dfsg-2.1)

[Debian Bug Tracking System]

Your message dated Tue, 3 Aug 2021 07:58:57 +0200
with message-id 
and subject line Re: Bug#991600: unblock: bind9-libs/1:9.11.19+dfsg-2.1
has caused the Debian Bug report #991600,
regarding unblock: bind9-libs/1:9.11.19+dfsg-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991600: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991600
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package bind9-libs

  * Add patch from Jorge Niedbalski to stop redundant DHCP servers
from crashing. (Closes: #968298)

isc-dhcp is only user of the bind9-libs libraries.

This patch is in Ubuntu LTS since August 2020.

unblock bind9-libs/1:9.11.19+dfsg-2.1
diff -Nru bind9-libs-9.11.19+dfsg/debian/changelog 
bind9-libs-9.11.19+dfsg/debian/changelog
--- bind9-libs-9.11.19+dfsg/debian/changelog2021-02-16 10:35:53.0 
+0200
+++ bind9-libs-9.11.19+dfsg/debian/changelog2021-07-25 23:22:48.0 
+0300
@@ -1,3 +1,11 @@
+bind9-libs (1:9.11.19+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch from Jorge Niedbalski to stop redundant DHCP servers
+from crashing. (Closes: #968298)
+
+ -- Adrian Bunk   Sun, 25 Jul 2021 23:22:48 +0300
+
 bind9-libs (1:9.11.19+dfsg-2) unstable; urgency=high
 
   * Although none of these CVEs affect the ISC DHCP, it's better to have
diff -Nru bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch 
bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch
--- bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch   
1970-01-01 02:00:00.0 +0200
+++ bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch   
2021-07-25 23:22:48.0 +0300
@@ -0,0 +1,22 @@
+Description: Check if sock->pending_send is set
+before calling dispatch_send(). This would prevent
+the assertion failure in cases where a socket is not dead (closed)
+and its still pending to send data and the process_fd
+event gets triggered due a wakeup.
+
+Author: Jorge Niedbalski 
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1872118
+Forwarded: no
+Last-Update: 2020-08-03
+
+--- bind9-libs-9.11.16+dfsg.orig/lib/isc/unix/socket.c
 bind9-libs-9.11.16+dfsg/lib/isc/unix/socket.c
+@@ -4050,7 +4050,7 @@ check_write:
+   if (!SOCK_DEAD(sock)) {
+   if (sock->connecting)
+   dispatch_connect(sock);
+-  else
++  else if (!sock->pending_send)
+   dispatch_send(sock);
+   }
+   unwatch_write = true;
diff -Nru bind9-libs-9.11.19+dfsg/debian/patches/series 
bind9-libs-9.11.19+dfsg/debian/patches/series
--- bind9-libs-9.11.19+dfsg/debian/patches/series   2021-02-16 
10:35:53.0 +0200
+++ bind9-libs-9.11.19+dfsg/debian/patches/series   2021-07-25 
23:22:48.0 +0300
@@ -10,3 +10,4 @@
 0010-Always-keep-a-copy-of-the-message.patch
 0011-Update-policy-subdomain-was-incorrectly-treated-as-z.patch
 0012-ISC-BIND-TKEY-Query-Heap-based-Buffer-Overflow-RCE-V.patch
+0013-fix-1872118.patch
--- End Message ---
--- Begin Message ---
Hi Adrian,

On 03-08-2021 01:54, Cyril Brulebois wrote:
> Paul Gevers  (2021-08-02):
>>> unblock bind9-libs/1:9.11.19+dfsg-2.1
>>
>> This needs your ack.
> 
> No objections, thanks.

unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---