Bug#862523: jessie-pu: package jesred/1.2pl1-19+deb8
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
i've been asked to retrofit the fix for #801907 to the version
in jessie. that bug is fixed in testing. the bug causes jesred to not
interoperate properly with squid versions 3.4 and newer.
changes are as per the attached debdiff: patch 05-squid3 (which makes
jesred work with squid 3 in the first place) was updated, and a small
followup was made to patch 07-ipv6 which was necessary as it
didn't apply properly on top of the updated 05-squid3 patch.
regards
az
diff -Nru jesred-1.2pl1/debian/changelog jesred-1.2pl1/debian/changelog
--- jesred-1.2pl1/debian/changelog 2013-09-29 13:37:11.0 +1000
+++ jesred-1.2pl1/debian/changelog 2017-05-14 13:20:06.0 +1000
@@ -1,3 +1,10 @@
+jesred (1.2pl1-19+deb8) stable; urgency=high
+
+ * fix of #801907 for jessie: squid 3.4 and newer uses an incompatible
+format for interacting with redirectors like jesred.
+
+ -- Alexander Zangerl <a...@debian.org> Sun, 14 May 2017 13:11:36 +1000
+
jesred (1.2pl1-19) unstable; urgency=low
* added support for ipv6 (closes: #714819)
diff -Nru jesred-1.2pl1/debian/patches/05-squid3 jesred-1.2pl1/debian/patches/05-squid3
--- jesred-1.2pl1/debian/patches/05-squid3 2015-10-23 22:50:25.0 +1000
+++ jesred-1.2pl1/debian/patches/05-squid3 2017-05-14 13:26:30.0 +1000
@@ -13,7 +13,7 @@
#ifdef LINUX
#include
#else
-@@ -61,89 +62,77 @@ static int match_accel(char *, char *, i
+@@ -61,89 +62,85 @@ static int match_accel(char *, char *, i
int
parse_buff(char *buff, char **url, char **src_addr, char **ident,
@@ -97,17 +97,20 @@
+ struct in_addr address;
+ char *token;
+ char *next_token = buff;
-+
++ char *errorptr;
+
+ /* az [2015-10-23 Fri 21:20]
-+ goodbye squid2, hello squid3.5
-+
-+ no more url groups; a numeric channel id, a url, space and extra stuff or a newline.
-+ apparently extras was configurable with url_rewrite_extras, but that has been
-+ removed in one of the newest squid versions (the docs re this are pretty damn confused...)
-+
-+ [channel-ID ] URL [ extras]
-+ and extras are supposed to be (adjustable in 3.5, adjustability removed(??) in 4)
++ goodbye squid2..3.3, hello squid3.5
++
++ no more url groups; a numeric channel id, a url, space
++ and extra stuff or a newline.
++ apparently extras was configurable with url_rewrite_extras,
++ but that has been removed in one of the newest squid
++ versions (the docs re this are pretty damn confused...)
++
++ [channel-ID ] URL [ extras]
++ and extras are supposed to be (adjustable in 3.5,
++ adjustability removed(??) in 4)
+ ip/fqdn username method myip= myport=
+ */
+
@@ -117,15 +120,20 @@
+ mylog(ERROR, "invalid input, no extras in (%s)", buff);
+ return 1;
+ }
-+
-+ char *errorptr;
-+
++
+ /* channel-id? must be numeric */
+ j = (int)strtol(buff, , 10);
+ if (!*errorptr) /* conversion successful */
+ {
+ *chanid = j;
+ *url = next_token;
++
++ /* now find end of url/start of ip/fqdn */
++ if (!(token = strsep(_token, " ")))
++ {
++ mylog(ERROR, "invalid input, no ip/fqdn in (%s)", buff);
++ return 1;
++ }
+ }
+ else
+ {
@@ -148,7 +156,7 @@
+ return 1;
+ }
+ *ident = token;
-+
++
+ /* find end of method */
+ if (!(token = strsep(_token, " ")))
+ {
@@ -169,9 +177,35 @@
/* URL with less than 7 char is invalid */
if(strlen(*url) <= 7) {
mylog(ERROR, "strlen url to short (%d)\n", strlen(*url));
+@@ -159,7 +156,7 @@ parse_buff(char *buff, char **url, char
+it is already loaded, when squid runs - so not much waste of
+memory ;-) */
+ if ( (address.s_addr = inet_addr(*src_addr)) == -1 ) {
+- mylog(ERROR, "client IP address not valid %s\n",
++ mylog(ERROR, "client IP address (%s) not valid\n",
+ *src_addr ? *src_addr : "");
+ if ( token )
+ *token = '/';
+@@ -171,7 +168,7 @@ parse_buff(char *buff, char **url, char
+ /* make sure the IP source address matches that of the ones in our list */
+ if( ip_access_check(address, ip) == IP_DENY ) {
+ #ifdef DEBUG
+- mylog(DEBG, "client IP address %s not matched\n", *src_addr);
++ mylog(DEBG, "client IP address (%s) not matched\n", *src_addr);
+ #endif
+ return 1;
+ }
--- a/main.c
+++ b/main.c
-@@ -75,7 +75,7 @@ int main(int argc, char **argv)
+@@ -23,6 +23,7 @@
+
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -75,7 +76,7 @@ int main(int argc, char **argv)
/*int first_run = 1; */
char buff[BUFSIZE];
char redirect_url[BUFSIZE];
@@ -180,7 +214,7 @@
int finished = 0;
int buff_status = 0;
ip_acl *ip_list = NULL;
-@@ -93,7 +93,7 @@ int main(i
Bug#702933: unblock: duplicity/0.6.20-3
On Tue, 19 Mar 2013 13:24:28 +0100, intrigeri writes:
this problem is solved in the version in unstable (0.6.20-3),
Any particular reason why #702563 is not marked as such, then?
sorry, i overlooked that; closed now.
Would debian/patches/02unicode.dpatch apply to the duplicity version
currently in Wheezy? If not, how hard would it be to extract the
minimal upstream changes needed by this workaround?
both 682837 and 702563 are not hard to retrofit - but isn't that
against the freeze policy?
the way i understand '3. fixes for severity: important bugs in packages
of priority: optional or extra, only when this can be done via unstable'
would mean that only what's in unstable can be considered at this time...
but please correct me if i'm wrong!
So, I recommend you investigate how targeted fixes for the most
serious bugs could go into Wheezy through t-p-u.
i've just completed that and prepared a 0.6.18-7 for tpu; the
much much more manageable debdiff is attached. if nobody complains loudly
about further problems i'll upload that in a day.
regards
az
diff -u duplicity-0.6.18/debian/changelog duplicity-0.6.18/debian/changelog
--- duplicity-0.6.18/debian/changelog
+++ duplicity-0.6.18/debian/changelog
@@ -1,3 +1,31 @@
+duplicity (0.6.18-7) testing-proposed-updates; urgency=low
+
+ * backported fixes for #682837 and #702563 for wheezy
+
+ -- Alexander Zangerl a...@debian.org Wed, 20 Mar 2013 15:37:42 +1000
+
+duplicity (0.6.18-6) unstable; urgency=low
+
+ * fixed WebDAV backend: MKCOL must be iterated for
+nested directories (closes: #693521)
+
+ -- Alexander Zangerl a...@debian.org Mon, 19 Nov 2012 13:02:02 +1000
+
+duplicity (0.6.18-5) unstable; urgency=low
+
+ * Ubuntu One backend: fixed a small programming error,
+added 30s delay for retries.
+
+ -- Alexander Zangerl a...@debian.org Fri, 26 Oct 2012 15:26:26 +1000
+
+duplicity (0.6.18-4) unstable; urgency=low
+
+ * include new standalone/REST backend for Ubuntu One
+ * updated recommends to include oauth and httplib2, which
+are required if the Ubuntu One backend is used.
+
+ -- Alexander Zangerl a...@debian.org Sat, 13 Oct 2012 15:54:50 +1000
+
duplicity (0.6.18-3) unstable; urgency=low
* repaired duplicity's symlink handling for --exclude-if-present
diff -u duplicity-0.6.18/debian/control duplicity-0.6.18/debian/control
--- duplicity-0.6.18/debian/control
+++ duplicity-0.6.18/debian/control
@@ -10,7 +10,7 @@
Architecture: any
Homepage: http://duplicity.nongnu.org/
Depends: ${shlibs:Depends}, ${python:Depends}, ${misc:Depends}, python-gnupginterface (=0.3.2-9.1)
-Recommends: rsync, python-paramiko
+Recommends: rsync, python-paramiko, python-httplib2, python-oauth
Suggests: python-boto, ncftp, python-pexpect (=2.3-1), python-cloudfiles, lftp, python-gdata, tahoe-lafs
Description: encrypted bandwidth-efficient backup
Duplicity backs directories by producing encrypted tar-format volumes
diff -u duplicity-0.6.18/debian/NEWS.Debian duplicity-0.6.18/debian/NEWS.Debian
--- duplicity-0.6.18/debian/NEWS.Debian
+++ duplicity-0.6.18/debian/NEWS.Debian
@@ -1,3 +1,15 @@
+duplicity (0.6.18-4) unstable; urgency=low
+
+ Reworked Ubuntu One backend
+ This version includes a reworked standalone backend for Ubuntu One,
+ which no longer requires Gnome, an X11 session or software that's not
+ packaged for Debian. The backend requires the python-oauth and -httplib2
+ packages and duplicity therefore now recommends them.
+
+ Check the man page for details about Ubuntu One authentication.
+
+ -- Alexander Zangerl a...@debian.org Thu, 18 Oct 2012 13:07:36 +1000
+
duplicity (0.6.17-1) unstable; urgency=low
New sftp/scp backend
diff -u duplicity-0.6.18/debian/patches/01sshbackend.dpatch duplicity-0.6.18/debian/patches/01sshbackend.dpatch
--- duplicity-0.6.18/debian/patches/01sshbackend.dpatch
+++ duplicity-0.6.18/debian/patches/01sshbackend.dpatch
@@ -7,31 +7,99 @@
@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' duplicity-0.6.18~/duplicity/backends/sshbackend.py duplicity-0.6.18/duplicity/backends/sshbackend.py
--- duplicity-0.6.18~/duplicity/backends/sshbackend.py 2012-03-01 05:24:04.0 +1000
-+++ duplicity-0.6.18/duplicity/backends/sshbackend.py 2012-03-11 11:56:10.284325675 +1000
-@@ -2,9 +2,9 @@
- #
duplicity-0.6.18/duplicity/backends/sshbackend.py 2013-03-20 15:53:08.447655360 +1000
+@@ -3,8 +3,9 @@
# Copyright 2002 Ben Escoto b...@emerose.org
# Copyright 2007 Kenneth Loafman kenn...@loafman.com
--# Copyright 2011 Alexander Zangerl a...@snafu.priv.at
-+# Copyright 2011 Alexander Zangerl a...@snafu.priv.at
+ # Copyright 2011 Alexander Zangerl a...@snafu.priv.at
++# Copyright 2012 edso (ssh_config added)
#
-# $Id: sshbackend.py,v 1.2 2011/12/31 04:44:12 az Exp $
+# $Id: sshbackend.py,v 1.5 2012/03/11 01:55:46 az Exp $
#
# This file is part of duplicity.
#
-@@ -28,6 +28,7 @@
+@@ -27,14 +28,10
Bug#682736: unblock: vmware-manager/0.2.0-2
On Sat, 18 Aug 2012 12:21:08 +0100, Adam D. Barratt writes: Okay. Assuming an upload could be made fairly quickly, I think I'd prefer a -3 which made the POD changes to the original binary and installed it under the new name. Thanks for working on this. done; i've uploaded vmware-manager 0.2.0-3 an hour ago (and this time debdiff shows only the expected POD changes for vmm/vwm). regards az -- Alexander Zangerl + GnuPG Keys 0x42BD645D or 0x5B586291 + http://snafu.priv.at/ Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -- Groucho Marx signature.asc Description: Digital Signature
Bug#682736: unblock: vmware-manager/0.2.0-2
On Sun, 12 Aug 2012 22:57:41 +0100, Adam D. Barratt writes: Ping? sorry for the late response: after digging through this a few more times i've got an explanation for the debdiff output. in 0.2.0-1 there were some local changes to vmm, precisely the ones that debdiff reports now (in reverse): ie. the change from Number::Bytes::Format to Number::Format and the VMware::VIRuntime loading in eval. for 0.2.0-2 i renamed vmm to vwm, and adjusted the inline pod sections to reflect that name change. nothing else was modified. the problem is that the debian diff doesn't represent file deletions, and that i rather should have left the vmm filename intact and just installed it with its new name via debian/rules (hindsight and all that). net effect: a newly unpacked 0.2.0-2 includes the correct vwm file, but also a superfluous and unused vmm file from the orig tarball, which of course reflects only the state before the -1 changes were made. what's the verdict? upload a new version -3 that avoids the filename changes and concomitant spurious difference reports, or accept the current status with vmm(from -1) identical modulo doc changes to vwm(from -2) and ignore the unnecessary vmm(from orig tarball)? regards az -- Alexander Zangerl + GnuPG Keys 0x42BD645D or 0x5B586291 + http://snafu.priv.at/ When you understand UNIX, you will understand the world. When you understand NTyou will understand NT -- R. Thieme signature.asc Description: Digital Signature
Bug#682736: unblock: vmware-manager/0.2.0-2
On Sat, 28 Jul 2012 15:15:49 +0100, Adam D. Barratt writes:
On Wed, 2012-07-25 at 18:27 +1000, Alexander Zangerl wrote:
Please unblock package vmware-manager
the version in unstable fixes rc bug #680481,
which is a file name conflict between the
packages vmm and vmware-manager: both
provide a program named vmm, and the man page is
causing the clash. the fix consists of vmware-manager
switching to use /usr/bin/vwm (note: w).
Are vwm and vmm supposed to be identical, other than the name
change? The version of vmm shipped in -2 appears to include new
changes which are then not carried over in to vmw:
no, that's not the case but seems a problem invented by debdiff:
the package is git-hosted and -built and for some weird reason
debdiff hands out all kinds of weird deltas here...
attached you'll find a diff -ub between files from the binary packages:
vmm from the 0.2.0-1 and the renamed 0.2.0-2 vwm, which shows that
apart from renaming vmm into vwm in the POD sections nothing
has been changed.
regards
az
--- alt/usr/bin/vmm 2012-05-14 13:00:05.0 +1000
+++ neu/usr/bin/vwm 2012-07-08 19:42:57.0 +1000
@@ -2,32 +2,32 @@
# POD {{{
=head1 NAME
-vmm - Manage VMware virtual machines
+vwm - Manage VMware virtual machines
=head1 SYNOPSIS
- vmm command [options]
+ vwm command [options]
=over
=item BGlobal syntax:
- vmm command [-f] [-v+] [-w seconds] [@profile]
+ vwm command [-f] [-v+] [-w seconds] [@profile]
=item BCommand specific syntax:
- vmm clone [-o pool] [-c count] [-a datastore...] [-l folder] source vm new vm name
- vmm deploy [synonym of 'clone']
- vmm df [-h] [datastore...]
- vmm host [maintenance|restore|restart|shutdown|disconnect|reconnect] hosts...
- vmm list [-d col1,col2... | perl string] [-t title] [vm|datastore|host|pool|template][s] [patterns...]
- vmm migrate [-p low|normal|high] [-o pool] vms... host
- vmm move [-o pool] vms... datastore
- vmm setpool low|normal|high cpu|mem|all pools...
- vmm show [vm|datastore|host|pool] [items...]
- vmm snapshot [-t title] vms...
- vmm state on|off|suspend|reboot|shutdown|restart|standby vms...
- vmm version
+ vwm clone [-o pool] [-c count] [-a datastore...] [-l folder] source vm new vm name
+ vwm deploy [synonym of 'clone']
+ vwm df [-h] [datastore...]
+ vwm host [maintenance|restore|restart|shutdown|disconnect|reconnect] hosts...
+ vwm list [-d col1,col2... | perl string] [-t title] [vm|datastore|host|pool|template][s] [patterns...]
+ vwm migrate [-p low|normal|high] [-o pool] vms... host
+ vwm move [-o pool] vms... datastore
+ vwm setpool low|normal|high cpu|mem|all pools...
+ vwm show [vm|datastore|host|pool] [items...]
+ vwm snapshot [-t title] vms...
+ vwm state on|off|suspend|reboot|shutdown|restart|standby vms...
+ vwm version
=back
@@ -108,7 +108,7 @@
=item Bversion
Display various version informaiton about the connected vServer and local API.
-This command is the default if no actual command is specified (i.e. just running 'vmm' with nothing else specified).
+This command is the default if no actual command is specified (i.e. just running 'vwm' with nothing else specified).
=back
@@ -134,16 +134,16 @@
Specifies which profile to use when addressing the vServer.
This can be an entry within the config file or the URL (with optional login details) e.g.
- vmm version @cluster1
- vmm version @cluster2
- vmm version @https://cluster1.acme.edu
- vmm version @https://usern...@cluster1.acme.edu
- vmm version @https://username:passw...@cluster1.acme.edu
+ vwm version @cluster1
+ vwm version @cluster2
+ vwm version @https://cluster1.acme.edu
+ vwm version @https://usern...@cluster1.acme.edu
+ vwm version @https://username:passw...@cluster1.acme.edu
Examples 1 and two assume 'custer1' and 'customer2' have been defined in the examples file (see EXAMPLES). The further examples specify the connection information on the command line.
Specifying the password from the command line is exceptionally silly and should be avoided.
-If username and/or password is omitted (such as in examples 3 and 4 above) they will be prompted for when vmm is run.
+If username and/or password is omitted (such as in examples 3 and 4 above) they will be prompted for when vwm is run.
=item B-c
@@ -228,8 +228,8 @@
=back
Force continue if an error occurs.
-Normaly if an error occurs vmm will stop processing any operations specified on the command line.
-If this flag is enabled vmm will continue operation as if no error occured.
+Normaly if an error occurs vwm will stop processing any operations specified on the command line.
+If this flag is enabled vwm will continue operation as if no error occured.
=item B--human
@@ -268,7 +268,7 @@
=back
Dry run mode.
-When enabled vmm will continue as normal but no actual call to the VMware VServer is made.
+When enabled vwm will continue as normal but no actual call to the VMware VServer is made.
=item B--folder
@@ -414,69 +414,69 @@
=over
-=item Bvmm
Bug#682736: unblock: vmware-manager/0.2.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vmware-manager the version in unstable fixes rc bug #680481, which is a file name conflict between the packages vmm and vmware-manager: both provide a program named vmm, and the man page is causing the clash. the fix consists of vmware-manager switching to use /usr/bin/vwm (note: w). regards az unblock vmware-manager/0.2.0-2 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120725082745.31689.24039.report...@cft.snafu.priv.at
unblock request for jesred 1.2pl1-16: fix for grave #505199
[EMAIL PROTECTED] found out today that jesred doesn't work with squid 3 at all, only squid 2.x. the cause is that squid 3 changed the format of redirector messages sent to things like jesred. i've just fixed the problem: jesred now groks both squid 2 and 3 message formats. the patch is fairly minimal, 70 lines dpatch. regards az -- + Alexander Zangerl + DSA 42BD645D + (RSA 5B586291) In German, a young lady has no sex, while a turnip has. Think what overwrought reverence that shows for the turnip, and what callous disrespect for the girl. -- Mark Twain signature.asc Description: Digital Signature
Re: duplicity stable update for CVE-2007-5201
On Sun, 13 Jan 2008 19:03:23 +0100, Nico Golde writes: the following CVE (Common Vulnerabilities Exposures) id was published for duplicity some time ago. CVE-2007-5201[0]: | The FTP backend for Duplicity sends the password as a command line | argument when calling ncftp, which might allow local users to read the | password by listing the process and its arguments. sorry for the late response; been a tad busy. the cve entry actually doesn't apply to duplicity versions before 0.4.3, because those implemented ftp directly, without using ncftp or the like. the version in etch is 0.4.2-10.1 and hence doesn't contain the problematic code. You can see the status of this vulnerability on: http://security-tracker.debian.net/tracker/CVE-2007-5201 can you update that info to show that we're in the green? regards az -- + Alexander Zangerl + DSA 42BD645D + (RSA 5B586291) If USENET is anarchy, IRC is a paranoid schizophrenic after 6 days on speed. -- Chris Saundo Saunderson signature.asc Description: Digital Signature
