Bug#1070689: transition: msgpack-c
Package: release.debian.org Severity: normal X-Debbugs-Cc: msgpac...@packages.debian.org Control: affects -1 + src:msgpack-c User: release.debian@packages.debian.org Usertags: transition The msgpack-c upstream renamed their C library from libmsgpackc.so to libmsgpack-c.so. I've renamed the binary packages accordingly (libmsgpack-dev -> libmsgpack-c-dev, libmsgpackc2 -> libmsgpack-c2) and the former "Provides: libmsgpack-dev" to help ease the transition. The following build dependencies will need fixes to build against the new msgpack-c version: * libdata-messagepack-stream-perl * tmate * tmate-ssh-server * webdis This is just related to how the packages detect whether msgpack is available, since the APIs/ABIs themselves did not change. Ben file: title = "msgpack-c"; is_affected = .depends ~ "libmsgpackc2" | .depends ~ "libmsgpack-c2"; is_good = .depends ~ "libmsgpack-c2"; is_bad = .depends ~ "libmsgpackc2";
Bug#1063308: transition: libvterm
On Mon, Mar 04, 2024 at 06:40:46AM -0500, James McCoy wrote: > On Mon, Feb 05, 2024 at 10:54:12PM -0500, James McCoy wrote: > > libvterm doesn't have a stable API/ABI yet, so although the SONAME > > didn't change, this is a breaking update. > > > > There are 3 packages which use libvterm: > > * pangoterm: I've filed #1063196 to RM the package, so it shouldn't > > block > > * emacs-libvterm: It supports building against either 0.1 or 0.3, so it > > just needs a binNMU > > * neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in > > experimental) supports 0.3. > > > > Ben file: > > > > title = "libvterm 0.1 -> 0.3"; > > is_affected = .build-depends ~ "libvterm-dev"; > > is_good = .depends ~ /libvterm0 \(>= 0\.[23]/; > > is_bad = .depends ~ /libvterm0 \(>= 0\.1/; > > This was ACKed on IRC, so I've uploaded libvterm and neovim. Now that cmake is available on arm* again, emacs-libvterm just needs a binNMU to finish this transition. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#1063308: transition: libvterm
On Mon, Feb 05, 2024 at 10:54:12PM -0500, James McCoy wrote: > libvterm doesn't have a stable API/ABI yet, so although the SONAME > didn't change, this is a breaking update. > > There are 3 packages which use libvterm: > * pangoterm: I've filed #1063196 to RM the package, so it shouldn't > block > * emacs-libvterm: It supports building against either 0.1 or 0.3, so it > just needs a binNMU > * neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in > experimental) supports 0.3. > > Ben file: > > title = "libvterm 0.1 -> 0.3"; > is_affected = .build-depends ~ "libvterm-dev"; > is_good = .depends ~ /libvterm0 \(>= 0\.[23]/; > is_bad = .depends ~ /libvterm0 \(>= 0\.1/; This was ACKed on IRC, so I've uploaded libvterm and neovim. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#1063308: transition: libvterm
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: libvt...@packages.debian.org Control: affects -1 + src:libvterm libvterm doesn't have a stable API/ABI yet, so although the SONAME didn't change, this is a breaking update. There are 3 packages which use libvterm: * pangoterm: I've filed #1063196 to RM the package, so it shouldn't block * emacs-libvterm: It supports building against either 0.1 or 0.3, so it just needs a binNMU * neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in experimental) supports 0.3. Ben file: title = "libvterm 0.1 -> 0.3"; is_affected = .build-depends ~ "libvterm-dev"; is_good = .depends ~ /libvterm0 \(>= 0\.[23]/; is_bad = .depends ~ /libvterm0 \(>= 0\.1/;
Bug#1061565: nmu: rust-alacritty_0.12.2-2
On Fri, Jan 26, 2024 at 10:16:50AM -0500, James McCoy wrote: > nmu rust-alacritty_0.12.2-2 . ANY . unstable . -m "Rebuild against > rust-smithay-client-toolkit 0.16.1" > > This is needed to fix #1061563 (crash with recent sway versions). Ping? It'd be nice to get this fixed, since other things are blocking an update of alacritty. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#1061565: nmu: rust-alacritty_0.12.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: rust-alacri...@packages.debian.org Control: affects -1 + src:rust-alacritty nmu rust-alacritty_0.12.2-2 . ANY . unstable . -m "Rebuild against rust-smithay-client-toolkit 0.16.1" This is needed to fix #1061563 (crash with recent sway versions).
Bug#1036027: unblock: kitty/0.26.5-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ki...@packages.debian.org Control: affects -1 + src:kitty Please unblock package kitty [ Reason ] Kitty registers itself as a handler for various MIME types (via kitty-open.desktop), but some of those (e.g., application/x-sh) are unexpectedly executed instead of viewed. This upload removes the installation of the desktop file, instead providing it as an example. README.Debian is updated to explain how to enable the functionality as well as warning about the implications. [ Impact ] Untrusted files may be executed rather than viewed (e.g., trying to view a shell script attached to an email). [ Tests ] n/a [ Risks ] Trivial change in a leaf package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock kitty/0.26.5-5
Bug#1035509: [pre-approval] unblock: vim/2:9.0.1378-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: v...@packages.debian.org Control: affects -1 + src:vim Please unblock package vim [ Reason ] - Fix for CVE-2023-2426 (using uninitialized memory) - Minor fix for indenting of Perl scripts (regression from bullseye) [ Impact ] - Shipping with a known CVE, whose fix was requested by the security team - Thousands of wasted keystrokes indenting Perl scripts [ Tests ] - New test was added upstream for the CVE, but its mainly useful for running under valgrind [ Risks ] Fixes are small and straight forward. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock vim/2:9.0.1378-2 diffstat for vim-9.0.1378 vim-9.0.1378 changelog| 7 patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch | 22 + patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch | 2 patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch | 147 ++ patches/series | 2 5 files changed, 179 insertions(+), 1 deletion(-) diff -Nru vim-9.0.1378/debian/changelog vim-9.0.1378/debian/changelog --- vim-9.0.1378/debian/changelog 2023-03-04 14:41:33.0 -0500 +++ vim-9.0.1378/debian/changelog 2023-05-04 06:24:44.0 -0400 @@ -1,3 +1,10 @@ +vim (2:9.0.1378-2) unstable; urgency=medium + + * Backport 9.0.1499 to fix CVE-2023-2426 (Closes: #1035323) + * Backport fix for indenting of Perl subroutines (Closes: #1034529) + + -- James McCoy Thu, 04 May 2023 06:24:44 -0400 + vim (2:9.0.1378-1) unstable; urgency=medium * Merge upstream patch v9.0.1378 diff -Nru vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch --- vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch 2023-03-04 14:41:33.0 -0500 +++ vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch 2023-05-04 06:24:44.0 -0400 @@ -86,7 +86,7 @@ # define SYS_VIMRC_FILE "$VIM/vimrc" #endif diff --git a/src/structs.h b/src/structs.h -index d020449..dbbecb4 100644 +index 46a71cb..ac661a6 100644 --- a/src/structs.h +++ b/src/structs.h @@ -4468,6 +4468,9 @@ typedef struct diff -Nru vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch --- vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch 1969-12-31 19:00:00.0 -0500 +++ vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch 2023-05-04 06:24:44.0 -0400 @@ -0,0 +1,22 @@ +From: Andy Lester +Date: Tue, 26 Apr 2022 20:07:43 -0500 +Subject: Fix GH#267 where indent after a sub would not work + +Closes: #1034529 +Signed-off-by: James McCoy +--- + runtime/indent/perl.vim | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/runtime/indent/perl.vim b/runtime/indent/perl.vim +index 4c91fa1..bd2a1a9 100644 +--- a/runtime/indent/perl.vim b/runtime/indent/perl.vim +@@ -133,6 +133,7 @@ function! GetPerlIndent() + \ || synid == "perlHereDoc" + \ || synid == "perlBraces" + \ || synid == "perlStatementIndirObj" ++\ || synid == "perlSubDeclaration" + \ || synid =~ "^perlFiledescStatement" + \ || synid =~ '^perl\(Sub\|Block\|Package\)Fold' + let brace = strpart(line, bracepos, 1) diff -Nru vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch --- vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch 1969-12-31 19:00:00.0 -0500 +++ vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch 2023-05-04 06:24:44.0 -0400 @@ -0,0 +1,147 @@ +From: Bram Moolenaar +Date: Sat, 29 Apr 2023 21:38:04 +0100 +Subject: patch 9.0.1499: using uninitialized memory with fuzzy matching + +Problem:Using uninitialized memory with fuzzy matching. +Solution: Initialize the arrays used to store match positions. + +Closes: #1035323 +--- + src/quickfix.c | 5 - + src/search.c| 17 +++-- + src/testdir/test_matchfuzzy.vim | 27 +
Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
On Sat, Mar 19, 2022 at 10:02:07AM +, Adam D. Barratt wrote: > On Sat, 2021-12-25 at 10:53 -0500, James McCoy wrote: > > On Sat, Dec 25, 2021 at 11:41:29AM +, Adam D. Barratt wrote: > [...] > > > Unfortunately the builds failed everywhere with a test suite issue: > > > > My apologies. I uploaded with an additional patch for another issue > > (#996593), which ended up not being relevant to the Buster version of > > Vim. This wasn't part of the originally proposed changes, but I had > > the > > source packge still present locally. I should have double checked > > the > > changes before uploading. > > > > Attached is a debdiff reverting that additional patch, back to what I > > had originally prepared. > > > > Apologies, I'm not sure how this got missed and managed to stay under > the radar for so long. > > Please feel free to go ahead, bearing in mind that the upload for > getting the fixes into 10.12 closes this weekend. Uploaded. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
On Sat, Dec 25, 2021 at 11:41:29AM +, Adam D. Barratt wrote: > On Sat, 2021-12-04 at 17:36 +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote: > > > Various "non DSA" CVEs have accumulated in Vim, and it seemed like > > > a > > > good idea to get a new upload addressing those. > > > > > > [ Impact ] > > > * CVE-2019-20807 - Shell commands can be executed from rvim > > > (restricted > > > vim) via the bindings to other programming languages > > > * CVE-2021-3770 / #994076 - Invalid memory access when a very large > > > number is given to :retab command > > > * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid > > > utf-8 character is encountered > > > * CVE-2021-3796 / #994497 - Using freed memory in replace mode > > > > > > > Please go ahead, thanks. > > Unfortunately the builds failed everywhere with a test suite issue: My apologies. I uploaded with an additional patch for another issue (#996593), which ended up not being relevant to the Buster version of Vim. This wasn't part of the originally proposed changes, but I had the source packge still present locally. I should have double checked the changes before uploading. Attached is a debdiff reverting that additional patch, back to what I had originally prepared. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB diffstat for vim-8.1.0875 vim-8.1.0875 changelog | 11 + patches/series | 1 patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch | 62 -- 3 files changed, 8 insertions(+), 66 deletions(-) diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog --- vim-8.1.0875/debian/changelog 2021-10-19 21:56:40.0 -0400 +++ vim-8.1.0875/debian/changelog 2021-12-25 10:48:51.0 -0500 @@ -1,3 +1,10 @@ +vim (2:8.1.0875-5+deb10u2) buster; urgency=medium + + * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim +8.2.3110 and later. + + -- James McCoy Sat, 25 Dec 2021 10:48:51 -0500 + vim (2:8.1.0875-5+deb10u1) buster; urgency=medium * Change gbp.conf and salsa config to use buster @@ -13,10 +20,8 @@ + 8.2.3409: reading beyond end of line with invalid utf-8 character * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497) + 8.2.3428: using freed memory when replacing - * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593) -+ 8.2.3489: ml_get error after search with range - -- James McCoy Tue, 19 Oct 2021 21:56:40 -0400 + -- James McCoy Sun, 26 Sep 2021 09:29:21 -0400 vim (2:8.1.0875-5) unstable; urgency=medium diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series --- vim-8.1.0875/debian/patches/series 2021-10-19 21:56:40.0 -0400 +++ vim-8.1.0875/debian/patches/series 2021-12-25 10:48:51.0 -0500 @@ -21,4 +21,3 @@ upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch -upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch diff -Nru vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch --- vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch 2021-10-19 21:56:40.0 -0400 +++ vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch 1969-12-31 19:00:00.0 -0500 @@ -1,62 +0,0 @@ -From: Bram Moolenaar -Date: Sat, 9 Oct 2021 13:58:55 +0100 -Subject: patch 8.2.3489: ml_get error after search with range - -Problem:ml_get error after search with range. -Solution: Limit the line number to the buffer line count. -(cherry picked from commit 35a319b77f897744eec1155b736e9372c9c5575f) - src/ex_docmd.c | 6 -- - src/testdir/test_search.vim | 12 - src/version.c | 1 + - 3 files changed, 17 insertions(+), 2 deletions(-) - -diff --git a/src/ex_docmd.c b/src/ex_docmd.c -index ccca2f9..b550af6 100644 a/src/ex_docmd.c -+++ b/src/ex_docmd.c -@@ -4589,8 +4589,10 @@ get_address( - - // When '/' or '?' follows another address, start from - // there. -- if (lnum != MAXLNUM) -- curwin->w_cursor.lnum = lnum; -+ if (lnum > 0 && lnum != MAXLNUM) -+ curwin->w_cursor.ln
Bug#995494: bullseye-pu: package vim/2:8.2.2434-3+deb11u1
On Fri, Dec 03, 2021 at 04:45:57PM +, Adam D. Barratt wrote: > It might be clearer for the alternatives bug to have a fixed version to > indicate that it doesn't affect the package in testing/unstable in > practice, although I'm not quite sure what it should be - maybe the > first upload after buster's version? Would applying the "bullseye" tag to the bug achieve be enough? > Please go ahead, thanks. Will do, thanks. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org [ Reason ] Various "non DSA" CVEs have accumulated in Vim, and it seemed like a good idea to get a new upload addressing those. [ Impact ] * CVE-2019-20807 - Shell commands can be executed from rvim (restricted vim) via the bindings to other programming languages * CVE-2021-3770 / #994076 - Invalid memory access when a very large number is given to :retab command * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid utf-8 character is encountered * CVE-2021-3796 / #994497 - Using freed memory in replace mode [ Tests ] Upstream tests accompany all of the fixes for the CVEs [ Risks ] The changes are pretty targeted and have had time to "soak" upstream. Patches for subsequent issues in initial fixes are included. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] attached vim_8.1.0875-5+deb10u1.diff Description: Binary data
Bug#995494: bullseye-pu: package vim/2:8.2.2434-3+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org [ Reason ] * Vim has some recent "no DSA" CVEs which, although unlikely to hit, would be good to fix (#994497, #994498, #994076) * In the buster -> bullseye upgrade, vim-gtk becomes a transitional package, switching to vim-gtk3. The vim-gtk alternatives weren't cleaned up, so there's a lot of noise during the upgrade about dangling links for alternatives and a window where the symlinks may not exist (#993766). [ Impact ] * Off chance that Vim crashes or twiddles some bits in memory it shouldn't be. [ Tests ] * The CVE fixes all come with tests from upstream. * I've manually tested the upgrade scenario described in #993766. The scary warnings about dangling links are fixed, but the scenario encountered (conffile editing needed with no alternative link in place) isn't something I see an obvious way to fix. I've also tested upgrading from current bullseye to the proposed changes. The most likely reason to encounter the bug is if /etc/vim/vimrc, which is a conffile, is modified, since it will cause dpkg's conffile prompt to happen. At this point, buster vim-gtk's files have been removed but vim-common is being configured before vim-gtk3, so the new alternatives haven't been established. The binaries are already in place, so the user can run vim.gtk3, but it's not what their fingers (or possibly $VISUAL/$EDITOR) expects to use. [ Risks ] Low risk. CVE fixes are pretty small and covered by new tests. The alternatives issue is targeted [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable * Aside from the vim-gtk -> vim-gtk3 change, which is buster -> bullseye specific. [ Changes ] attached [ Other info ] n/a vim_8.2.2434-3+deb11u1.diff Description: Binary data
Bug#987964: unblock: vim-scripts/20210124.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim-scripts [ Reason ] The filesystem layout of the package was reorganized, but the default setting of the VimSokoban files was not updated accordingly. [ Impact ] Users of VimSokoban will get an error and have to figure out how to change the path in their config. [ Tests ] Manual tests verified the installed package can start VimSokoban without any config changes. [ Risks ] None. Single line change to update the default location for VimSokoban. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock vim-scripts/20210124.1 diffstat for vim-scripts-20210124 vim-scripts-20210124.1 changelog |7 +++ patches/sokoboan_path.diff |2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff -Nru vim-scripts-20210124/debian/changelog vim-scripts-20210124.1/debian/changelog --- vim-scripts-20210124/debian/changelog 2021-01-24 18:58:45.0 -0500 +++ vim-scripts-20210124.1/debian/changelog 2021-04-27 07:44:43.0 -0400 @@ -1,3 +1,10 @@ +vim-scripts (20210124.1) unstable; urgency=medium + + * Fix path for VimSokoban levels. Thanks to Darshaka Pathirana for the +report. (Closes: #987498) + + -- James McCoy Tue, 27 Apr 2021 07:44:43 -0400 + vim-scripts (20210124) unstable; urgency=medium * color_sampler_pack: diff -Nru vim-scripts-20210124/debian/patches/sokoboan_path.diff vim-scripts-20210124.1/debian/patches/sokoboan_path.diff --- vim-scripts-20210124/debian/patches/sokoboan_path.diff 2021-01-24 18:58:45.0 -0500 +++ vim-scripts-20210124.1/debian/patches/sokoboan_path.diff2021-04-27 07:44:43.0 -0400 @@ -10,7 +10,7 @@ finish endif let loaded_VimSokoban = 1 -+let g:SokobanLevelDirectory = "/usr/share/vim-scripts/sokoban-levels/" ++let g:SokobanLevelDirectory = "/usr/share/vim-scripts/VimSokoban/plugin/VimSokoban/" " Allow the user to specify the location of the sokoban levels if (!exists("g:SokobanLevelDirectory"))
Bug#953881: Bug#954866: Bug#953881: transition: ruby2.7 only
On Thu, Apr 23, 2020 at 02:09:35PM +0200, Paul Gevers wrote: > I > suggest you apply the same fix you already did here [2] and stop > building the python package for now if that works. Done and uploaded, however that now makes mercurial FTBFS, as I had notified them earlier this month (#956007). I've now raised that bug to serious. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#953881: Bug#954866: Bug#953881: transition: ruby2.7 only
On Thu, Apr 23, 2020 at 10:13:15AM +0200, Paul Gevers wrote: > It seems the ruby2.5 removal transition [1] is stalled by subversion > [2]. Can the fix for 954866 please be uploaded to unstable such that > subversion can migrate and we can finish the removal of ruby2.5 in testing? I'd rather not upload an RC. The ETA for the actual release is May 27th. There don't seem to be any users of ruby-svn in the archive, so maybe it's best to remove that from testing in the interim? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#931143: unblock: neovim/0.3.4-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package neovim This upload contains the rest of the fixes needed to address CVE-2019-12735/#930024. unblock neovim/0.3.4-3 -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for neovim-0.3.4 neovim-0.3.4 changelog | 28 patches/0001-debcherry-fixup-patch.patch| 1066 ++ patches/0001-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch | 36 patches/0002-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch | 36 patches/0003-vim-patch-8.1.0177-defining-function-in-sandbox-is-i.patch | 104 patches/0004-vim-patch-8.1.0189-function-defined-in-sandbox-not-t.patch | 41 patches/0005-vim-patch-8.1.0206-duplicate-test-function-name.patch | 35 patches/0006-vim-patch-8.1.1382-error-when-editing-test-file.patch | 59 patches/0007-eval-api-don-t-allow-the-API-to-be-called-in-the-san.patch | 57 patches/series |8 10 files changed, 1433 insertions(+), 37 deletions(-) diff -Nru neovim-0.3.4/debian/changelog neovim-0.3.4/debian/changelog --- neovim-0.3.4/debian/changelog 2019-06-05 21:38:14.0 -0400 +++ neovim-0.3.4/debian/changelog 2019-06-26 21:21:33.0 -0400 @@ -1,3 +1,31 @@ +neovim (0.3.4-3) unstable; urgency=high + + * Backport additional changes to address CVE-2019-12735 (Closes: #930024) ++ vim-patch:8.1.0177: defining function in sandbox is inconsistent ++ vim-patch:8.1.0189: function defined in sandbox not tested ++ vim-patch:8.1.0538: evaluating a modeline might invoke using a shell + command ++ vim-patch:8.1.0539: cannot build without the sandbox ++ vim-patch:8.1.0540: may evaluate insecure value when appending to option ++ vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error ++ vim-patch:8.1.0613: when executing an insecure function the secure flag + is stuck ++ vim-patch:8.1.1046: the "secure" variable is used inconsistently ++ vim-patch:8.1.0205: invalid memory access with invalid modeline ++ vim-patch:8.1.0206: duplicate test function name ++ vim-patch:8.1.0506: modeline test fails when run by root ++ vim-patch:8.1.0546: modeline test with keymap fails ++ vim-patch:8.1.0547: modeline test with keymap still fails ++ vim-patch:8.1.1366: using expressions in a modeline is unsafe ++ vim-patch:8.1.1367: can set 'modelineexpr' in modeline ++ vim-patch:8.1.1368: modeline test fails with python but without + pythonhome ++ vim-patch:8.1.1382: error when editing test file ++ vim-patch:8.1.1401: misspelled mkspellmem as makespellmem + * Backport patch to prevent use of nvim's API within the sandbox + + -- James McCoy Wed, 26 Jun 2019 21:21:33 -0400 + neovim (0.3.4-2) unstable; urgency=high [ Efraim Flashner ] diff -Nru neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch --- neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch 1969-12-31 19:00:00.0 -0500 +++ neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch 2019-06-26 21:21:33.0 -0400 @@ -0,0 +1,1066 @@ +From d39c384696e94bd8cb4a8830f0ec2e801619a970 Mon Sep 17 00:00:00 2001 +From: James McCoy +Date: Wed, 26 Jun 2019 21:32:44 -0400 +Subject: [PATCH 1/7] debcherry fixup patch + +ed179f931 vim-patch:8.1.1401: misspelled mkspellmem as makespellmem +- no changes against upstream or conflicts +41a3ff9fe vim-patch:8.1.1368: modeline test fails with python but without pythonhome +- no changes against upstream or conflicts +12c5b6885 vim-patch:8.1.1367: can set 'modelineexpr' in modeline +- no changes against upstream or conflicts +cffc3f5f8 vim-patch:8.1.1366: using expressions in a modeline is unsafe +- extra changes or conflicts +a15defc3c vim-patch:8.1.0547: modeline test with keymap still fails +- extra changes or conflicts +c550a5e94 vim-patch:8.1.0546: modeline test with keymap fails +- no changes against upstream or conflicts +0605eb856 vim-patch:8.1.0506: modeline test fails when run by root +- no changes against upstream or conflicts +cbec04e98 vim-patch:8.1.0205: invalid memory access with invalid modeline +- extra changes or conflicts +ed7ca8f1e vim-patch:8.1.1046: the "secure&qu
Bug#930616: unblock: vim/2:8.1.0875-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim This is a follow up to the previous fixes for CVE-2019-12735. Upstream added a new option (disabled by default) to control whether expressions can be evaluated in modelines, so that modelines are further restricted. unblock vim/2:8.1.0875-5 -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for vim-8.1.0875 vim-8.1.0875 changelog | 12 gbp.conf|2 patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch | 588 ++ patches/patch-8.1.1367-can-set-modelineexpr-in-modeline.patch | 54 patches/patch-8.1.1368-modeline-test-fails-with-python-but-withou.patch | 42 patches/patch-8.1.1382-error-when-editing-test-file.patch | 71 + patches/patch-8.1.1401-misspelled-mkspellmem-as-makespellmem.patch | 69 + patches/series |5 8 files changed, 842 insertions(+), 1 deletion(-) diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog --- vim-8.1.0875/debian/changelog 2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/changelog 2019-06-15 12:41:15.0 -0400 @@ -1,3 +1,15 @@ +vim (2:8.1.0875-5) unstable; urgency=medium + + * gbp.conf: Set debian-tag to debian/%(version)s + * Backport 'modelineexpr' patches to further restrict modelines ++ 8.1.1366: Using expressions in a modeline is unsafe ++ 8.1.1367: can set 'modelineexpr' in modeline ++ 8.1.1368: Modeline test fails with python but without pythonhome ++ 8.1.1382: Error when editing test file ++ 8.1.1401: misspelled mkspellmem as makespellmem (test fix) + + -- James McCoy Sat, 15 Jun 2019 12:41:15 -0400 + vim (2:8.1.0875-4) unstable; urgency=high * Backport 8.1.1046 and 8.1.1365 to fix CVE-2019-12735 (Closes: #930020) diff -Nru vim-8.1.0875/debian/gbp.conf vim-8.1.0875/debian/gbp.conf --- vim-8.1.0875/debian/gbp.conf2019-06-07 06:49:19.0 -0400 +++ vim-8.1.0875/debian/gbp.conf2019-06-15 12:41:15.0 -0400 @@ -1,6 +1,6 @@ [DEFAULT] upstream-tag = v%(version)s -debian-tag = v%(version)s +debian-tag = debian/%(version)s debian-branch = debian/sid [pq] diff -Nru vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch --- vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch 2019-06-15 12:41:15.0 -0400 @@ -0,0 +1,588 @@ +From: Bram Moolenaar +Date: Thu, 23 May 2019 15:38:06 +0200 +Subject: patch 8.1.1366: using expressions in a modeline is unsafe + +Problem:Using expressions in a modeline is unsafe. +Solution: Disallow using expressions in a modeline, unless the +'modelineexpr' option is set. Update help, add more tests. + +(cherry picked from commit 110289e78195b6d01e1e6ad26ad450de476d41c1) + +Signed-off-by: James McCoy +--- + runtime/doc/options.txt | 69 +++- + src/option.c | 35 ++-- + src/option.h | 1 + + src/testdir/test49.in | 2 +- + src/testdir/test_modeline.vim | 93 +++ + src/version.c | 2 + + 6 files changed, 169 insertions(+), 33 deletions(-) + +diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt +index c269fea..7b25f20 100644 +--- a/runtime/doc/options.txt b/runtime/doc/options.txt +@@ -1,4 +1,4 @@ +-*options.txt* For Vim version 8.1. Last change: 2019 Feb 03 ++*options.txt* For Vim version 8.1. Last change: 2019 May 23 + + + VIM REFERENCE MANUALby Bram Moolenaar +@@ -588,14 +588,17 @@ backslash in front of the ':' will be removed. Example: +/* vi:set dir=c\:\tmp: */ ~ + This sets the 'dir' option to "c:\tmp". Only a single backslash before the + ':' is removed. Thus to include "\:" you have to specify "\\:". +- ++ *E992* + No other commands than "set" are supported, for security reasons (somebody + might create a Trojan horse text file wit
Bug#928630: unblock: vim/2:8.1.0875-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim This upload updates the Debian/Ubuntu release names in a couple syntax highlighting files to include buster, bullseye, and bookworm (for Debian) and eoan (for Ubuntu). unblock vim/2:8.1.0875-3 -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for vim-8.1.0875 vim-8.1.0875 changelog|7 +++ patches/series |1 patches/upstream/deb-release-names.patch | 58 +++ 3 files changed, 66 insertions(+) diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog --- vim-8.1.0875/debian/changelog 2019-02-22 07:55:04.0 -0500 +++ vim-8.1.0875/debian/changelog 2019-05-05 23:41:10.0 -0400 @@ -1,3 +1,10 @@ +vim (2:8.1.0875-3) unstable; urgency=medium + + * syntax/deb{changelog,sources}: Update release names for Debian/Ubuntu +(Closes: #927167) + + -- James McCoy Sun, 05 May 2019 23:41:10 -0400 + vim (2:8.1.0875-2) unstable; urgency=medium * Backport 8.1.0878 and 8.1.0884 to fix test failures on kFreeBSD. diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series --- vim-8.1.0875/debian/patches/series 2019-02-22 07:55:04.0 -0500 +++ vim-8.1.0875/debian/patches/series 2019-05-05 23:41:10.0 -0400 @@ -6,3 +6,4 @@ patch-8.1.0878-test-for-has-bsd-fails-on-some-BSD-systems.patch patch-8.1.0884-double-check-for-bsd-systems.patch patch-8.1.0948-when-built-without-eval-Vim-clean-produces.patch +upstream/deb-release-names.patch diff -Nru vim-8.1.0875/debian/patches/upstream/deb-release-names.patch vim-8.1.0875/debian/patches/upstream/deb-release-names.patch --- vim-8.1.0875/debian/patches/upstream/deb-release-names.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.1.0875/debian/patches/upstream/deb-release-names.patch 2019-05-05 23:41:10.0 -0400 @@ -0,0 +1,58 @@ +From: James McCoy +Date: Sun, 21 Apr 2019 23:12:18 -0400 +Subject: Add Ubuntu's eoan and Debian's buster, bullseye, bookworm releases + +Signed-off-by: James McCoy +--- + runtime/syntax/debchangelog.vim | 4 ++-- + runtime/syntax/debsources.vim | 7 --- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim +index 4ca4c29..9d6dfe9 100644 +--- a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim +@@ -3,7 +3,7 @@ + " Maintainer: Debian Vim Maintainers + " Former Maintainers: Gerfried Fuchs + " Wichert Akkerman +-" Last Change: 2019 Jan 26 ++" Last Change: 2019 Apr 21 + " URL: https://salsa.debian.org/vim-team/vim-debian/blob/master/syntax/debchangelog.vim + + " Standard syntax initialization +@@ -21,7 +21,7 @@ let s:binNMU='binary-only=yes' + syn match debchangelogNamecontained "^[[:alnum:]][[:alnum:].+-]\+ " + exe 'syn match debchangelogFirstKVcontained "; \('.s:urgency.'\|'.s:binNMU.'\)"' + exe 'syn match debchangelogOtherKVcontained ", \('.s:urgency.'\|'.s:binNMU.'\)"' +-syn match debchangelogTarget contained "\v %(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|squeeze-%(backports%(-sloppy)=|volatile|lts|security)|%(wheezy|jessie)%(-backports%(-sloppy)=|-security)=|stretch%(-backports|-security)=|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco)%(-%(security|proposed|updates|backports|commercial|partner))=)+" ++syn match debchangelogTarget contained "\v %(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|%(squeeze|wheezy|jessie)-%(backports%(-sloppy)=|lts|security)|stretch%(-backports%(-sloppy)=|-security)=|buster%(-backports|-security)=|bullseye|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco|eoan)%(-%(security|proposed|updates|backports|commercial|partner))=)+" + syn match debchangelogVersion contained "(.\{-})" + syn match debchangelogCloses contained "closes:\_s*\(bug\)\=#\=\_s\=\d\+\(,\_s*\(bug\)\=#\=\_s\=\d\+\)*" + syn match debchangelogLP contained "\clp:\s\+#\d\+\(,\s*#\d\+\)*" +diff --git a/runtime/syntax/debsources.vim b/runtime/syntax/debsources.vim +index 4b21941..f90476f 100644 +--- a/runtime/syntax/debsources.vim b/runtime/syntax/debsources.vim +@@ -2,7 +2,7 @@ + " Language: Debian sources.list + " Maintainer: Debian Vim Ma
Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)
On Fri, Jan 25, 2019 at 08:23:52AM -0500, James McCoy wrote: > On Thu, Jan 24, 2019 at 03:00:22PM +0100, Dr. Tobias Quathamer wrote: > > Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort: > > > On 24/01/2019 08:58, Michael Stapelberg wrote: > > >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you > > >> be > > >> able to help this time, too? > > > > > > Sure. Can you give me a list of source packages to binNMU in unstable? If > > > this > > > is public already, can you do that through a binNMU bug against > > > release.debian.org? > > > > > > Emilio > > > > Hi all, > > > > there is already an outdated binNMU list as bug report available, so > > I'm reusing that report. Please ignore the previously attached > > binNMU list of that bug report. > > > > This should be a complete and current list of needed binNMUs: > > > > > > [‥] > > nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current > > golang-1.11 (CVE-2019-6486)' > > This is a (common) mistake. src:serf does not use golang. > src:golang-github-hashicorp-serf is the golang package, which producees > bin:serf, however I just saw that src:serf was binNMUed. Ping. nmu golang-github-hashicorp-serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current golang-1.11 (CVE-2019-6486)' Tobias, your tool should be updated to ensure it's using the source pacakge name, not the binary package name. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)
On Thu, Jan 24, 2019 at 03:00:22PM +0100, Dr. Tobias Quathamer wrote: > Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort: > > On 24/01/2019 08:58, Michael Stapelberg wrote: > >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you be > >> able to help this time, too? > > > > Sure. Can you give me a list of source packages to binNMU in unstable? If > > this > > is public already, can you do that through a binNMU bug against > > release.debian.org? > > > > Emilio > > Hi all, > > there is already an outdated binNMU list as bug report available, so > I'm reusing that report. Please ignore the previously attached > binNMU list of that bug report. > > This should be a complete and current list of needed binNMUs: > > > [‥] > nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current > golang-1.11 (CVE-2019-6486)' This is a (common) mistake. src:serf does not use golang. src:golang-github-hashicorp-serf is the golang package, which producees bin:serf, however I just saw that src:serf was binNMUed. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#912191: stretch-pu: package serf/1.3.9-3+deb9u1
On Sun, Oct 28, 2018 at 08:21:55PM -0400, James McCoy wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu > > Serf's testsuite uses some pre-generated SSL certs, which have an expiry > of 3 years. The timebomb has gone off, and serf is currently FTBFS > (#911714). The pending upstream release now has a script which > generates the certs, so I've backported that and run it every build. > > Since an upload was needed, I also included a NULL pointer dereference > fix (#893688). > > The package has already been uploaded. Attached debdiff. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB diffstat for serf_1.3.9-3 serf_1.3.9-3+deb9u1 debian/create_certs.py | 262 debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list | 34 + debian/patches/r1792234-expired-certs| 324 -- debian/serfclientcert.p12.b64| 65 -- serf-1.3.9/debian/changelog |9 serf-1.3.9/debian/control|3 serf-1.3.9/debian/patches/series |2 serf-1.3.9/debian/rules | 14 8 files changed, 320 insertions(+), 393 deletions(-) diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog --- serf-1.3.9/debian/changelog +++ serf-1.3.9/debian/changelog @@ -1,3 +1,12 @@ +serf (1.3.9-3+deb9u1) stretch; urgency=medium + + * Backport r1712790 from upstream to fix NULL pointer dereference. +Thanks to Colin Watson for investigation and report (Closes: #893688) + * Backport create_certs.py from upstream to generate certs at test time +(Closes: #911714) + + -- James McCoy Sun, 28 Oct 2018 19:52:35 -0400 + serf (1.3.9-3) unstable; urgency=medium * Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control --- serf-1.3.9/debian/control +++ serf-1.3.9/debian/control @@ -7,7 +7,8 @@ # CFLAGS as of 1.12.1+dfsg-9 scons (>= 2.3.1-2), quilt, libapr1-dev, libaprutil1-dev, chrpath, libkrb5-dev, zlib1g-dev, - libssl-dev + libssl-dev, + python-openssl Standards-Version: 3.9.8 Homepage: https://serf.apache.org/ Vcs-Git: https://anonscm.debian.org/git/collab-maint/pkg-serf.git reverted: --- serf-1.3.9/debian/patches/r1792234-expired-certs +++ serf-1.3.9.orig/debian/patches/r1792234-expired-certs @@ -1,324 +0,0 @@ - -r1792234 | astieger | 2017-04-21 15:03:06 -0400 (Fri, 21 Apr 2017) | 12 lines - -On the 1.3.x branch: Copy test certificates from trunk r1704177 - -The test were failing due to recently expired certificates. - -* test/server/serfcacert.pem, - test/server/serfclientcert.p12, - test/server/serfrootcacert.pem, - test/server/serfserver_expired_cert.pem, - test/server/serfserver_future_cert.pem, - test/server/serfservercert.pem: copy from trunk test/certs -* test/server/serfserverkey.pem: copy from trunk test/certs/private - - -Index: 1.3.x/test/server/serfserverkey.pem -=== 1.3.x/test/server/serfserverkey.pem(revision 1792233) -+++ 1.3.x/test/server/serfserverkey.pem(revision 1792234) -@@ -1,30 +1,30 @@ - -BEGIN ENCRYPTED PRIVATE KEY- --MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEVWBqG6vECoCAggA --MBQGCCqGSIb3DQMHBAiAagREZjJEQQSCBMgpHbLBzmAyx9f4YHhRnDdUm4ftQ7bR --6fF7sKxOD7fdJ+jgEB6xYBIlG9Y4+DDDbz3IvZgXIsweauV+WNscxnTHyJequoFL --qKFPY5bEc2hskZYsi/+LfvvguZLFm1vjK08sORYK2Kdy2hwmk3sTPQmgD2T/jZpg --vI1AkB+hXA/6AVJUVqSyAFH8u3WGr8Dxjz69YCQ+K9cPqYXJdWZzAVq/0ibSRkzL --mSLN8VoF810AXkFxCC7DKxg+mgp9dBdR8uuBXZ9fBOz5YCI92thZwd1iYsTetmWa --LoIS8xLMvuBaalAV8oQ7e0xuow6Cx9IjxlQ/sd8N1Xg+Z2vWTwnj9AOFIHU3s/N8 --e9L51Q9p6igZgmNm2N2+pUQ1Y5mest7gfJ1ka07ypSr0yzOnK7L41VCIposZuzyX --psTRy+zpGULsK0lG5mH0r1CZ88G8puwyUOaOk/yUhHgc4ZSOsDbeWdQ8UohHElUA --ZLkxwt2xWgcd8mG+FQnbXQZhDFII/aP/RBe7xfEwSQr8hhyP8fsyRmbuq5YZrkRw --mMyp6kxX8USKmeXxBEm364RdilFgPUN3djf7ljKCPOJ1y5OTzmBQacMbXGhbqBGY --PZUKE6szzsM1IYnrvUwP7Gf5wksR/VYMr1VnnpeBofaOJ0brXNF/MFiBE13afNT7 --JLUjA3QcAfmdYocfBTVQSM7umSBOrM7H6qsX67ye5ccAK9x1HikgxXRoqV/TxFgI --snrXEtiDrve+nvmPYlmgP5RGyl+bAxtGGjT6TZPlfGACb7xytCpNiOK5bNsgMx7F --ukOMiVE+sQJT95WnOJMXSmiSw2HmSBXwjpnEKNOYe+Cram64Vjaa8dFqIZSvUDMW --ihyWAYZrHro4hKmSdeCmrk4rkYH97BxG2Gm/6oRsEDCTgTUn7OYGm5bAmxz0WPSZ --/TQ7oYSQ3jUlX8q8NPhVPeHizjNwGWyYovmAyAzi3uPTIBsaIdeMiENyyZTXnSHq --IkfAGekcQ/IX6VWpZGiS3ilgSqxInSVfByM2gs2thdIQ1WEcDitGsAJxFPjnimjX --1WFk08/6aUDGK30Q9Mm2X3WjSTvCKq8ccd/bwjvQRepvzjRSl1vt6Ngvv88UPH1e --/0GrKcXNkBEoGqZSk4D60BFz0rpyDplaZLFVEj7ET85sHP+h5JYnKCpjqkHKQUuj --VVhVhjk6IGpVQZnbGf4PSoij61NUfwpKS4zfAHg7
Bug#912191: stretch-pu: package serf/1.3.9-3+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Serf's testsuite uses some pre-generated SSL certs, which have an expiry of 3 years. The timebomb has gone off, and serf is currently FTBFS (#911714). The pending upstream release now has a script which generates the certs, so I've backported that and run it every build. Since an upload was needed, I also included a NULL pointer dereference fix (#893688). The package has already been uploaded. Cheers, James -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#904196: stretch-pu: package subversion/1.9.5-1+deb9u3
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu The SHA1/shattered fixes in the previous upload introduced a small regression where the commit fails if the delta is a multiple of 16K. I had meant to include the upstream patch for this last time but accidentally overlooked it. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for subversion_1.9.5-1+deb9u2 subversion_1.9.5-1+deb9u3 debian/patches/shattered_r1827688 | 26 ++ subversion-1.9.5/debian/changelog |8 subversion-1.9.5/debian/patches/series |1 + 3 files changed, 35 insertions(+) diff -u subversion-1.9.5/debian/changelog subversion-1.9.5/debian/changelog --- subversion-1.9.5/debian/changelog +++ subversion-1.9.5/debian/changelog @@ -1,3 +1,11 @@ +subversion (1.9.5-1+deb9u3) stretch; urgency=medium + + * Backport r1827688, fixing a regression introduced in the fixes for SHA1 +collisions, where commits would incorrectly fail with a "Filesystem is +corrupt" error if the delta length is a multiple of 16K. + + -- James McCoy Fri, 20 Jul 2018 22:35:40 -0400 + subversion (1.9.5-1+deb9u2) stretch; urgency=medium * Backport r1759116, working around an issue in APR's trunc API. This is a diff -u subversion-1.9.5/debian/patches/series subversion-1.9.5/debian/patches/series --- subversion-1.9.5/debian/patches/series +++ subversion-1.9.5/debian/patches/series @@ -21,0 +22 @@ +shattered_r1827688 only in patch2: unchanged: --- subversion-1.9.5.orig/debian/patches/shattered_r1827688 +++ subversion-1.9.5/debian/patches/shattered_r1827688 @@ -0,0 +1,26 @@ + +r1827688 | svn-role | 2018-03-25 00:00:08 -0400 (Sun, 25 Mar 2018) | 10 lines + +Merge the 1.9.x-issue4722 branch: + + * r1826272 + Fix issue #4722: commits that fail when a file DELTA is a multiple of 16K. + Justification: + Commits fail with a false "Filesystem is corrupt" error. + Branch: ^/subversion/branches/1.9.x-issue4722 + Votes: + +1: philip, stsp, stefan2 + + +Index: 1.9.x/subversion/libsvn_fs_fs/cached_data.c +=== +--- 1.9.x/subversion/libsvn_fs_fs/cached_data.c(revision 1827687) 1.9.x/subversion/libsvn_fs_fs/cached_data.c(revision 1827688) +@@ -2199,6 +2199,7 @@ + next_rep.revision = rh->base_revision; + next_rep.item_index = rh->base_item_index; + next_rep.size = rh->base_length; ++ next_rep.expanded_size = rep->expanded_size; + svn_fs_fs__id_txn_reset(_rep.txn_id); + + SVN_ERR(build_rep_list(>rs_list, >base_window,
Bug#902758: stretch-pu: package subversion/1.9.5-1+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu It recently came up in discussion with upstream that Stretch only had 1.9.5 and although that had seen an update for a CVE, there hadn't been any for shattered -- big oversight on my part. I have uploaded 1.9.5-1+deb9u2 to address the SHA-1 collision/shattered issues with subversion. These are the same patches that were included in the official upstream release of 1.9.6 to address the issue. The delta isn't small, but it does include new test coverage and there have been no further changes in the 1.9.x release upstream related to this. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for subversion_1.9.5-1+deb9u1 subversion_1.9.5-1+deb9u2 debian/patches/apr_file_trunc_r1759116 | 141 debian/patches/no-dir-rep-sharing_r1794527 | 157 + debian/patches/no-dir-rep-sharing_r1796725 | 29 + debian/patches/shattered_r1795993 | 491 + debian/patches/shattered_r1796470 | 127 +++ subversion-1.9.5/debian/changelog | 12 subversion-1.9.5/debian/patches/series |5 7 files changed, 962 insertions(+) diff -u subversion-1.9.5/debian/changelog subversion-1.9.5/debian/changelog --- subversion-1.9.5/debian/changelog +++ subversion-1.9.5/debian/changelog @@ -1,3 +1,15 @@ +subversion (1.9.5-1+deb9u2) stretch; urgency=medium + + * Backport r1759116, working around an issue in APR's trunc API. This is a +prerequisite for the SHA1/shattered fixes. + * Backport r1794527 and r1796725 to prevent the possibility of rep-sharing +between a directory rep and a file/prop rep. + * Backport r1795993 and r1796470 to reject commits which would introduce +hash collisions with existing data, thus addressing the SHA1/shattered +issue. + + -- James McCoy Sat, 30 Jun 2018 09:44:22 -0400 + subversion (1.9.5-1+deb9u1) stretch-security; urgency=high * patches/CVE-2017-9800: Arbitrary code execution on clients through diff -u subversion-1.9.5/debian/patches/series subversion-1.9.5/debian/patches/series --- subversion-1.9.5/debian/patches/series +++ subversion-1.9.5/debian/patches/series @@ -16,0 +17,5 @@ +apr_file_trunc_r1759116 +no-dir-rep-sharing_r1794527 +no-dir-rep-sharing_r1796725 +shattered_r1795993 +shattered_r1796470 only in patch2: unchanged: --- subversion-1.9.5.orig/debian/patches/apr_file_trunc_r1759116 +++ subversion-1.9.5/debian/patches/apr_file_trunc_r1759116 @@ -0,0 +1,141 @@ + +r1759116 | stefan2 | 2016-09-03 13:47:56 -0400 (Sat, 03 Sep 2016) | 16 lines + +Add a workaround for yet another issue with APR's apr_file_trunc. + +The previous workaround is ineffective if the last file access had been +a read. Now, we force it into to "write mode" internally to have the +existing workaround kick in. + +Luckily, this only affects 'svnadmin pack' for FSFS format 7 and FSX. +The other functions using trunc should have no problem with the added +overhead. + +* subversion/libsvn_subr/io.c + (svn_io_file_trunc): Admend the existing workaround with a dummy-write. + +* subversion/tests/libsvn_subr/io-test.c + (test_apr_trunc_workaround): New test demonstrating the problem. + (test_funcs): Register the new test. + +Index: trunk/subversion/libsvn_subr/io.c +=== +--- trunk/subversion/libsvn_subr/io.c (revision 1759115) trunk/subversion/libsvn_subr/io.c (revision 1759116) +@@ -4064,6 +4064,26 @@ + svn_error_t * + svn_io_file_trunc(apr_file_t *file, apr_off_t offset, apr_pool_t *pool) + { ++ /* Workaround for yet another APR issue with trunc. ++ ++ If the APR file internally is in read mode, the current buffer pointer ++ will not be clipped to the valid data range. get_file_offset may then ++ return an invalid position *after* new data was written to it. ++ ++ To prevent this, write 1 dummy byte just after the OFFSET at which we ++ will trunc it. That will force the APR file into write mode ++ internally and the flush() work-around below becomes affective. */ ++ apr_off_t position = 0; ++ ++ /* A frequent usage is OFFSET==0, in which case we don't need to preserve ++ any file content or file pointer. */ ++ if (offset) ++{ ++ SVN_ERR(svn_io_file_seek(file, APR_CUR, , pool)); ++ SVN_ERR(svn_io_file_seek(file, APR_SET, , pool)); ++} ++ SVN_ERR(svn_io_file_pu
Bug#891611: jessie-pu: package subversion/1.8.10-6+deb8u6
On Mon, Feb 26, 2018 at 10:12:15PM -0500, James McCoy wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > This upload would fix crashes that are seen when using subversion's Perl > bindings. In particular, git-svn has been a common victim since its > memory usage patterns tend to cause the right conditions. > > I've verified this against the originally reported issue[0] and > Salvatore Bonaccorso, who prodded me to prepare the upload, has verified > it against their problematic repository. Uploaded, per the workflow changes described in <1523909491.2872.15.ca...@adam-barratt.org.uk>. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#891611: jessie-pu: package subversion/1.8.10-6+deb8u6
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu This upload would fix crashes that are seen when using subversion's Perl bindings. In particular, git-svn has been a common victim since its memory usage patterns tend to cause the right conditions. I've verified this against the originally reported issue[0] and Salvatore Bonaccorso, who prodded me to prepare the upload, has verified it against their problematic repository. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diffstat for subversion_1.8.10-6+deb8u5 subversion_1.8.10-6+deb8u6 debian/patches/perl-swig-crash | 244 subversion-1.8.10/debian/changelog |7 subversion-1.8.10/debian/patches/series |1 3 files changed, 252 insertions(+) diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog --- subversion-1.8.10/debian/changelog +++ subversion-1.8.10/debian/changelog @@ -1,3 +1,10 @@ +subversion (1.8.10-6+deb8u6) jessie; urgency=medium + + * Backport patches/perl-swig-crash from upstream to fix crashes with Perl +bindings, commonly seen when using git-svn (Closes: #780246, #534763). + + -- James McCoy <james...@debian.org> Mon, 26 Feb 2018 22:00:47 -0500 + subversion (1.8.10-6+deb8u5) jessie-security; urgency=high * patches/CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients diff -u subversion-1.8.10/debian/patches/series subversion-1.8.10/debian/patches/series --- subversion-1.8.10/debian/patches/series +++ subversion-1.8.10/debian/patches/series @@ -33,0 +34 @@ +perl-swig-crash only in patch2: unchanged: --- subversion-1.8.10.orig/debian/patches/perl-swig-crash +++ subversion-1.8.10/debian/patches/perl-swig-crash @@ -0,0 +1,244 @@ + +r1668618 | philip | 2015-03-23 08:33:22 -0400 (Mon, 23 Mar 2015) | 6 lines + +* subversion/bindings/swig/include/svn_types.swg: Change the + SWIG Perl binding code that was marked "clearly buggy" so + that svn_swig_pl_from_md5 follows the same pattern as + svn_swig_pl_from_stream. This may fix a SEGV reported + via Debian: https://bugs.debian.org/780246 + + +Index: trunk/subversion/bindings/swig/include/svn_types.swg +=== +--- trunk/subversion/bindings/swig/include/svn_types.swg (revision 1668617) trunk/subversion/bindings/swig/include/svn_types.swg (revision 1668618) +@@ -1116,11 +1116,7 @@ + } + + %typemap(argout) unsigned char *result_digest { +- /* FIXME: This code is clearly buggy. The return value of sv_newmortal() +- is immediately overwritten by the return value +- of svn_swig_pl_from_md5(). */ +-ST(argvi) = sv_newmortal(); +-ST(argvi++) = svn_swig_pl_from_md5($1); ++%append_output(svn_swig_pl_from_md5($1)); + } + #endif + + + +r1671388 | rschupp | 2015-04-05 08:48:45 -0400 (Sun, 05 Apr 2015) | 6 lines + +* subversion/bindings/swig/include/svn_types.swg: Following r1668618 + fix two more instances where the Perl argument stack pointer + was bumped without checking if there's enough space allocated. + While we're at it, reduce the size of the temp array - 30 bytes + are more than enough to hold a decimal representation of a 64-bit integer. + + +Index: trunk/subversion/bindings/swig/include/apr.swg +=== +--- trunk/subversion/bindings/swig/include/apr.swg (revision 1671387) trunk/subversion/bindings/swig/include/apr.swg (revision 1671388) +@@ -31,23 +31,21 @@ + */ + #ifdef SWIGPERL + %typemap(out) long long { +-char temp[256]; ++char temp[30]; + sprintf(temp, "%" APR_INT64_T_FMT, (apr_int64_t) $1); +-ST(argvi) = sv_newmortal(); +-sv_setpv((SV*)ST(argvi++), temp); ++%append_output(sv_2mortal(newSVpv(temp, 0))); + } + + %typemap(out) unsigned long long { +-char temp[256]; ++char temp[30]; + sprintf(temp, "%" APR_UINT64_T_FMT, (apr_uint64_t) $1); +-ST(argvi) = sv_newmortal(); +-sv_setpv((SV*)ST(argvi++), temp); ++%append_output(sv_2mortal(newSVpv(temp, 0))); + } + + %typemap(in, numinputs=0) long long *OUTPUT (apr_int64_t temp) + "$1 = "; + %typemap(argout) long long *OUTPUT { +- char temp[256]; ++ char temp[30]; + sprintf(temp, "%" APR_INT64_T_FMT, (apr_in
Bug#890897: transition: unibilium
On Fri, Feb 23, 2018 at 08:17:31AM -0500, James McCoy wrote: > On Fri, Feb 23, 2018 at 10:11:42AM +0100, Emilio Pozuelo Monfort wrote: > > Control: tags -1 confirmed > > > > On 20/02/18 13:16, James McCoy wrote: > > > Package: release.debian.org > > > Severity: normal > > > User: release.debian@packages.debian.org > > > Usertags: transition > > > > > > There is an upstream SONAME bump due to support for terminfo's new wide > > > format. The dependency chain revolves around neovim and everything > > > rebuilds and tests fine with the new unibilium. > > > > Go ahead. > > Thanks. Uploaded. Could libtickit be binNMUed? That would be the last bit to finish rebuilding against the new unibilium. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#890897: transition: unibilium
On Fri, Feb 23, 2018 at 10:11:42AM +0100, Emilio Pozuelo Monfort wrote: > Control: tags -1 confirmed > > On 20/02/18 13:16, James McCoy wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > There is an upstream SONAME bump due to support for terminfo's new wide > > format. The dependency chain revolves around neovim and everything > > rebuilds and tests fine with the new unibilium. > > Go ahead. Thanks. Uploaded. -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#890897: transition: unibilium
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition There is an upstream SONAME bump due to support for terminfo's new wide format. The dependency chain revolves around neovim and everything rebuilds and tests fine with the new unibilium. Ben file: title = "unibilium"; is_affected = .depends ~ "libunibilium0" | .depends ~ "libunibilium4"; is_good = .depends ~ "libunibilium4"; is_bad = .depends ~ "libunibilium0"; -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1
On Sat, Sep 30, 2017 at 09:42:14PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2017-09-30 at 14:48 -0400, James McCoy wrote: > > * Backport upstream patches to fix CVE-2017-11109 (Closes: #867720) > > + 8.0.0703: Illegal memory access with empty :doau command > > + 8.0.0706: Crash when cancelling the cmdline window in Ex mode > > + 8.0.0707: Freeing wrong memory when manipulating buffers in > > autocommands > > > > Please go ahead, bearing in mind that the window for 9.2 closes during > this weekend. Thanks! Uploaded. -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Backport upstream patches to fix CVE-2017-11109 (Closes: #867720) + 8.0.0703: Illegal memory access with empty :doau command + 8.0.0706: Crash when cancelling the cmdline window in Ex mode + 8.0.0707: Freeing wrong memory when manipulating buffers in autocommands -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for vim-8.0.0197 vim-8.0.0197 changelog |9 + patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch |2 patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch |2 patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch |2 patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch |6 patches/series |3 patches/upstream/Add-Zesty-Zapus-to-deb-changelog-sources-syntax-files.patch |4 patches/upstream/Support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch |6 patches/upstream/debcontrol.vim-Add-sections-for-Rust-and-JavaScript.patch |2 patches/upstream/patch-8.0.0703-illegal-memory-access-with-empty-doau-comm.patch | 69 ++ patches/upstream/patch-8.0.0706-crash-when-cancelling-the-cmdline-window-i.patch | 42 ++ patches/upstream/patch-8.0.0707-freeing-wrong-memory-with-certain-autocomm.patch | 40 + 12 files changed, 175 insertions(+), 12 deletions(-) diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog --- vim-8.0.0197/debian/changelog 2017-04-23 08:10:29.0 -0400 +++ vim-8.0.0197/debian/changelog 2017-09-30 14:21:38.0 -0400 @@ -1,3 +1,12 @@ +vim (2:8.0.0197-4+deb9u1) stretch; urgency=medium + + * Backport upstream patches to fix CVE-2017-11109 (Closes: #867720) ++ 8.0.0703: Illegal memory access with empty :doau command ++ 8.0.0706: Crash when cancelling the cmdline window in Ex mode ++ 8.0.0707: Freeing wrong memory when manipulating buffers in autocommands + + -- James McCoy <james...@debian.org> Sat, 30 Sep 2017 14:21:38 -0400 + vim (2:8.0.0197-4) unstable; urgency=medium * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for diff -Nru vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch --- vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch 2017-04-23 08:10:29.0 -0400 +++ vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch 2017-09-30 14:21:38.0 -0400 @@ -13,7 +13,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime/filetype.vim b/runtime/filetype.vim -index 9c9c808b4..13e2c0479 100644 +index 9c9c808..13e2c04 100644 --- a/runtime/filetype.vim +++ b/runtime/filetype.vim @@ -2227,7 +2227,7 @@ func! s:FTtex() diff -Nru vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch --- vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch 2017-04-23 08:10:29.0 -0400 +++ vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch 2017-09-30 14:21:38.0 -0400 @@ -8,7 +8,7 @@ 1 file changed, 8 insertions(+) diff --git a/runtime/scripts.vim b/runtime/scripts.vim -index 276382808..d3101c6b7 100644 +index 2763828..d3101c6 100644 --- a/runtime/scripts.vim +++ b/runtime/scripts.vim @@ -332,6 +332,14 @@ else diff -Nru vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch --- vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch 2017-04-23 08:10:29.0 -0400 +++ vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch 2017-09-30 14:21:38.0 -0400 @@ -15,7 +15,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime/doc/options.txt b/runti
Bug#871444: transition: msgpack-c
On Tue, Aug 15, 2017 at 10:11:36PM +0200, Emilio Pozuelo Monfort wrote: > On 08/08/17 03:56, James McCoy wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > I'd like to upload the new msgpack-c to unstable. I did a test rebuild > > in July and filed bugs[0] against the packages which fail to build with > > the new API changes. > > > > [0]: > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=msgpac...@packages.debian.org;tag=msgpack-c-2.x;dist=unstable > > > > The below Ben settings will detect the packages using the C library > > which need to be rebuilt, but the C++ library is header-only. I'm not > > sure the how that should be tracked, other than FTBFS bugs. > > > is_affected = .depends ~ "libmsgpackc2"; > > is_good = .depends ~ /libmsgpackc2 \(>= 2\.1\.0)/ | .depends ~ > > /libmsgpackc2 \(>= 0\.5\.7); > > is_bad = .depends ~ /libmsgpackc2 \(>= 1\.0\.0\)/; > > Why do the C library rdeps need to be rebuilt if the SONAME didn't change? Hmm, you have a good point there. :) There are incompatible API changes for the (header only) C++ library, but no ABI changes for the C library. Maybe I need to split the C++ headers out into their own APIv1 and APIv2 packages. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#871444: transition: msgpack-c
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to upload the new msgpack-c to unstable. I did a test rebuild in July and filed bugs[0] against the packages which fail to build with the new API changes. [0]: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=msgpac...@packages.debian.org;tag=msgpack-c-2.x;dist=unstable The below Ben settings will detect the packages using the C library which need to be rebuilt, but the C++ library is header-only. I'm not sure the how that should be tracked, other than FTBFS bugs. Ben file: title = "msgpack-c"; is_affected = .depends ~ "libmsgpackc2"; is_good = .depends ~ /libmsgpackc2 \(>= 2\.1\.0)/ | .depends ~ /libmsgpackc2 \(>= 0\.5\.7); is_bad = .depends ~ /libmsgpackc2 \(>= 1\.0\.0\)/; -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#868102: stretch-pu: package devscripts/2.17.6+deb9u1
On Thu, Jul 13, 2017 at 10:09:46AM +0100, Adam D. Barratt wrote: > On 2017-07-12 3:27, James McCoy wrote: > > * debchange: > > + Target stretch-backports with --bpo. Closes: #867662 > > + Support $codename{,-{proposed-updates,security}} as well. > > I think there's a bug (or two?) that could be closed there? Indeed. Add the bug reference to the changelog. > > * bts: > > + Add support for the new 'a11y' tag. Closes: #867416 > > Please go ahead. Done. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#868102: stretch-pu: package devscripts/2.17.6+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * debchange: + Target stretch-backports with --bpo. Closes: #867662 + Support $codename{,-{proposed-updates,security}} as well. * bts: + Add support for the new 'a11y' tag. Closes: #867416 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for devscripts-2.17.6 devscripts-2.17.6+deb9u1 debian/changelog | 12 scripts/bts.pl |2 +- scripts/debchange.pl | 17 ++--- test/test_debchange |7 +++ 4 files changed, 30 insertions(+), 8 deletions(-) diff -Nru devscripts-2.17.6/debian/changelog devscripts-2.17.6+deb9u1/debian/changelog --- devscripts-2.17.6/debian/changelog 2017-06-03 14:29:24.0 -0400 +++ devscripts-2.17.6+deb9u1/debian/changelog 2017-07-11 22:06:17.0 -0400 @@ -1,3 +1,15 @@ +devscripts (2.17.6+deb9u1) stretch; urgency=medium + + [ Mattia Rizzolo ] + * debchange: ++ Target stretch-backports with --bpo. Closes: #867662 ++ Support $codename{,-{proposed-updates,security}} as well. + * bts: ++ Add patch from Samuel Thibault <sthiba...@debian.org> to add support for + the new 'a11y' tag. Closes: #867416 + + -- James McCoy <james...@debian.org> Tue, 11 Jul 2017 22:06:17 -0400 + devscripts (2.17.6) unstable; urgency=medium [ Osamu Aoki ] diff -Nru devscripts-2.17.6/scripts/bts.pl devscripts-2.17.6+deb9u1/scripts/bts.pl --- devscripts-2.17.6/scripts/bts.pl2017-06-03 14:29:24.0 -0400 +++ devscripts-2.17.6+deb9u1/scripts/bts.pl 2017-07-11 22:06:17.0 -0400 @@ -160,7 +160,7 @@ "potato", "woody", "sid", "help", "security", "upstream", "pending", "sarge", "sarge-ignore", "experimental", "d-i", "confirmed", "ipv6", "lfs", "fixed-in-experimental", - "fixed-upstream", "l10n", "newcomer", "etch", "etch-ignore", + "fixed-upstream", "a11y", "l10n", "newcomer", "etch", "etch-ignore", "lenny", "lenny-ignore", "squeeze", "squeeze-ignore", "wheezy", "wheezy-ignore", "jessie", "jessie-ignore", "stretch", "stretch-ignore", "buster", "buster-ignore", diff -Nru devscripts-2.17.6/scripts/debchange.pl devscripts-2.17.6+deb9u1/scripts/debchange.pl --- devscripts-2.17.6/scripts/debchange.pl 2017-06-03 14:29:24.0 -0400 +++ devscripts-2.17.6+deb9u1/scripts/debchange.pl 2017-07-11 22:06:17.0 -0400 @@ -161,7 +161,7 @@ distribution name --bpo Increment the Debian release number for a backports upload - to "jessie-backports" + to "stretch-backports" -l, --local Add a suffix to the Debian version number for a local build -b, --force-bad-version @@ -472,7 +472,7 @@ # Check the distro name given. if (defined $opt_D) { if ($vendor eq 'Debian') { - unless ($opt_D =~ /^(experimental|unstable|UNRELEASED|((old)?stable|testing)(-proposed-updates)?|proposed-updates|(wheezy|jessie|stretch|buster|bullseye)-security)$/) { + unless ($opt_D =~ /^(experimental|unstable|sid|UNRELEASED|((old){0,2}stable|testing|wheezy|jessie|stretch|buster|bullseye)(-proposed-updates|-security)?|proposed-updates)$/) { my $deb_info = get_debian_distro_info(); my ($oldstable_backports, $stable_backports) = ("", ""); if ($deb_info == 0) { @@ -487,9 +487,12 @@ if ($deb_info == 0 || $opt_D !~ m/^(\Q$stable_backports\E|\Q$oldstable_backports\E)$/) { $stable_backports = ", " . $stable_backports if $stable_backports; $oldstable_backports = ", " . $oldstable_backports if $oldstable_backports; - warn "$progname warning: Recognised distributions are: unstable, testing, stable,\n" -. "oldstable, experimental, {testing-,stable-,oldstable-,}proposed-updates,\n" -. "{testing,stable,oldstable}-security$oldstable_backports$stable_backports and UNRELEASED.\n" + warn "$progname warning: Rec
Bug#864399: unblock: serf/1.3.9-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package serf libserf-dev was missing a Depends on libssl-dev. This caused pkg-config to error when querying information for serf unless libssl-dev happened to be installed. diffstat for serf_1.3.9-2 serf_1.3.9-3 changelog |7 +++ control |3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog --- serf-1.3.9/debian/changelog +++ serf-1.3.9/debian/changelog @@ -1,3 +1,10 @@ +serf (1.3.9-3) unstable; urgency=medium + + * Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't +provide information about serf. Thanks to Daniel Shahaf for noticing! + + -- James McCoy <james...@debian.org> Wed, 07 Jun 2017 23:09:48 -0400 + serf (1.3.9-2) unstable; urgency=medium * Remove Peter Samuelson as maintainer, at request of MIA team. Thanks for diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control --- serf-1.3.9/debian/control +++ serf-1.3.9/debian/control @@ -28,7 +28,8 @@ Package: libserf-dev Section: libdevel Architecture: any -Depends: libserf-1-1 (= ${binary:Version}), ${misc:Depends}, libapr1-dev, libaprutil1-dev +Depends: libserf-1-1 (= ${binary:Version}), ${misc:Depends}, libapr1-dev, + libaprutil1-dev, libssl-dev Description: high-performance asynchronous HTTP client library headers serf library is a C-based HTTP client library built upon the Apache Portable Runtime (APR) library. It multiplexes connections, running the unblock serf/1.3.9-3 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#863521: unblock: devscripts/2.17.6
On Tue, Jun 06, 2017 at 11:49:36PM +0100, Jonathan Wiltshire wrote: > On Sat, Jun 03, 2017 at 03:01:40PM -0400, James McCoy wrote: > > This has now been uploaded. Updated debdiffs attached. > > Thanks, and sorry about the delay. No worries. I know you all have a lot to deal with. > Unblocked. Thanks! Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#863521: unblock: devscripts/2.17.6 (pre-approval)
On Sun, May 28, 2017 at 12:57:57AM -0400, James McCoy wrote: > On Sat, May 27, 2017 at 09:38:39PM -0400, James McCoy wrote: > > Additionally, there are changes to various scripts to make them work > > better when $HOME isn't set by using Perl's File::HomeDir, a new > > Depends (56e38636, 3ff2f9db). > > And Build-Depends (7f47730a). Ping? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#863521: unblock: devscripts/2.17.6 (pre-approval)
On Sat, May 27, 2017 at 09:38:39PM -0400, James McCoy wrote: > Additionally, there are changes to various scripts to make them work > better when $HOME isn't set by using Perl's File::HomeDir, a new > Depends (56e38636, 3ff2f9db). And Build-Depends (7f47730a). Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#863521: unblock: devscripts/2.17.6 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts There are a few changes sitting in git right now that would be useful to make it into Stretch. The full log is https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=v2.17.5..master uscan/debdiff: Typos/documentation improvements (7f07b7bc, f447aafb) chdist: Support running aptitude (f722bf62) debcheckout: Understand cgit URLs (4e1867dc) debrepro: Check for and inform user of missing runtime dependencies (ad90af3a) debsign: Fix regression when signing a dsc file (51e909fd) Additionally, there are changes to various scripts to make them work better when $HOME isn't set by using Perl's File::HomeDir, a new Depends (56e38636, 3ff2f9db). The $HOME handling is the most disruptive, so I'd be willing to drop that. unblock devscripts/2.17.6 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) debian/changelog | 30 ++ debian/control | 1 + scripts/bts.pl | 2 ++ scripts/chdist.bash_completion | 6 +++--- scripts/chdist.pl | 12 ++-- scripts/debcheckout.pl | 5 +++-- scripts/debcommit.pl | 3 ++- scripts/debdiff.pl | 2 +- scripts/debrepro.pod | 4 scripts/debrepro.sh| 21 + scripts/debsign.sh | 2 +- scripts/dscverify.pl | 2 ++ scripts/grep-excuses.pl| 3 ++- scripts/namecheck.pl | 8 +++- scripts/rc-alert.pl| 2 ++ scripts/svnpath.pl | 7 +-- scripts/uscan.pl | 18 +++--- scripts/wnpp-alert.sh | 2 +- 18 files changed, 112 insertions(+), 18 deletions(-) diff --git a/debian/changelog b/debian/changelog index 0c32aaac..e436d4be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,33 @@ +devscripts (2.17.6) UNRELEASED; urgency=medium + + [ Osamu Aoki ] + * uscan: ++ Update manpage on the github.com behavior and the alternative + shorthand form. (Closes: #836507, #859089) + + [ Adam D. Barratt ] + * uscan: fix a typo in the manpage + * debdiff: fix a typo + + [ Paul Wise ] + * chdist: ++ add support for running aptitude + * debcheckout: ++ handle cgit URLs too. Thanks to Rhonda for the suggestion. + * Make various scripts work when HOME is unset: +bts chdist debcommit dscverify grep-excuses +namecheck rc-alert svnpath wnpp-alert + + [ Antonio Terceiro ] + * debrepro: ++ check for dependencies before doing any builds (Closes: #862586) + + [ James Clarke ] + * debsign: ++ Fix signing a dsc directly. (Closes: #863497) + + -- Osamu AokiFri, 31 Mar 2017 02:03:30 +0900 + devscripts (2.17.5) unstable; urgency=medium * Create GNUPGHOME in /tmp to fix CI failures due to long path names. diff --git a/debian/control b/debian/control index 52b774e9..3a2994a8 100644 --- a/debian/control +++ b/debian/control @@ -46,6 +46,7 @@ Package: devscripts Architecture: any Multi-Arch: foreign Depends: dpkg-dev (>= 1.17.6), + libfile-homedir-perl, ${misc:Depends}, ${perl:Depends}, ${python3:Depends}, diff --git a/scripts/bts.pl b/scripts/bts.pl index 2a650d10..a2a64c51 100755 --- a/scripts/bts.pl +++ b/scripts/bts.pl @@ -47,6 +47,7 @@ use strict; use warnings; use File::Basename; use File::Copy; +use File::HomeDir; use File::Path qw(make_path rmtree); use File::Spec; use File::Temp qw/tempfile/; @@ -173,6 +174,7 @@ my @valid_severities=qw(wishlist minor normal important my $browser; # Will set if necessary +$ENV{HOME} = File::HomeDir->my_home; my $cachedir = $ENV{XDG_CACHE_HOME} || File::Spec->catdir($ENV{HOME}, '.cache'); $cachedir = File::Spec->catdir($cachedir, 'devscripts', 'bts'); diff --git a/scripts/chdist.bash_completion b/scripts/chdist.bash_completion index 89773313..51dbf499 100644 --- a/scripts/chdist.bash_completion +++ b/scripts/chdist.bash_completion @@ -6,7 +6,7 @@ _chdist () { local cur=$2 prev=$3 local options='--help -h --data-dir -d --arch -a' - local commands='create apt apt-get apt-cache apt-rdepends + local commands='create apt apt-get apt-cache apt-rdepends aptitude src2bin bin2src compare-packages compare-bin-packages compare-versions compare-bin-versions @@ -14,7 +14,7 @@ _chdist () list' # Sync'd with buildd.debian.org on 2016-04-02: local archs="all alpha amd64 arm64 armel armhf hppa hurd-i386 i386 ia64
Bug#860999: unblock: vim/2:8.0.0197-4 (pre-approval)
Control: tags -1 - moreinfo On Sun, Apr 23, 2017 at 03:57:05PM +0200, Ivo De Decker wrote: > On Sun, Apr 23, 2017 at 08:29:50AM -0400, James McCoy wrote: > > * Update Ubuntu release names in syntax highlighting files > > + Additionally, require word boundaries around release names, so > > stretch isn't mishighlighted as (unsupported) etch. (#859247) > > If you are updating this, maybe you could also add support for > jessie-backports-sloppy, stretch-backports and stretch-security. Done. > > * Fix a regression in parsing ctags-generated TAGS files (#859426) > > * Set $TERM to a sane value before running tests. This fixes test > > failures when $TERM is an atypical value (like "unknown" in the > > reproducible builds environment). > > Please go ahead with the upload and remove the moreinfo tag from this bug once > the upload is in unstable. Done. Updated debdiff attached, too. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB diffstat for vim-8.0.0197 vim-8.0.0197 changelog | 13 + patches/series |2 patches/upstream/Update-releases-in-deb-changelog-sources-syntax-files.patch | 92 patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch | 103 ++ rules |3 5 files changed, 212 insertions(+), 1 deletion(-) diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog --- vim-8.0.0197/debian/changelog 2017-03-06 22:33:23.0 -0500 +++ vim-8.0.0197/debian/changelog 2017-04-23 08:10:29.0 -0400 @@ -1,3 +1,16 @@ +vim (2:8.0.0197-4) unstable; urgency=medium + + * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for +ctags-generated emacs style tags files. (Closes: #859426) + * Add Artful Aardvark, jessie-backports-sloppy, and +stretch-backports/security to deb{changelog,sources} syntax files. + * debsources.vim: Require word boundaries around distribution name. +(Closes: #859247) + * Set $TERM to a known sane value when running tests to avoid test failures +due to an unknown $TERM. + + -- James McCoy <james...@debian.org> Sun, 23 Apr 2017 08:10:29 -0400 + vim (2:8.0.0197-3) unstable; urgency=high * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows diff -Nru vim-8.0.0197/debian/patches/series vim-8.0.0197/debian/patches/series --- vim-8.0.0197/debian/patches/series 2017-03-06 22:33:23.0 -0500 +++ vim-8.0.0197/debian/patches/series 2017-04-23 08:10:29.0 -0400 @@ -8,3 +8,5 @@ upstream/patch-8.0.0322-possible-overflow-with-corrupted-spell-fil.patch upstream/patch-8.0.0377-possible-overflow-when-reading-corrupted-u.patch upstream/patch-8.0.0378-possible-overflow-when-reading-corrupted-u.patch +upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch +upstream/Update-releases-in-deb-changelog-sources-syntax-files.patch diff -Nru vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch --- vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch 2017-04-23 08:10:29.0 -0400 @@ -0,0 +1,103 @@ +From: Bram Moolenaar <b...@vim.org> +Date: Fri, 7 Apr 2017 20:30:29 +0200 +Subject: patch 8.0.0550: cannot parse some etags format tags file + +Problem:Some etags format tags file use 0x01, breaking the parsing. +Solution: Use 0x02 for TAG_SEP. (James McCoy, closes #1614) + +Signed-off-by: James McCoy <james...@debian.org> +--- + src/tag.c| 13 +++-- + src/testdir/test_taglist.vim | 39 +++ + src/version.c| 2 ++ + 3 files changed, 48 insertions(+), 6 deletions(-) + create mode 100644 src/testdir/test_taglist.vim + +diff --git a/src/tag.c b/src/tag.c +index a80a362..80b21c1 100644 +--- a/src/tag.c b/src/tag.c +@@ -2335,18 +2335,19 @@ parse_line: + } + else + { +-#define TAG_SEP 0x01 ++#define TAG_SEP 0x02 + size_t tag_fname_len = STRLEN(tag_fname); + #ifdef FEAT_EMACS_TAGS + size_t ebuf_len = 0; + #endif + + /* Save the tag in a buffer. +- * Use 0x01 to separate fields (Can't use NUL, because the +- * hash key is terminated by NUL). +- * Emacs tag: <0x01><0x01> +- * other tag: <0x
Bug#860999: unblock: vim/2:8.0.0197-4 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim * Update Ubuntu release names in syntax highlighting files + Additionally, require word boundaries around release names, so stretch isn't mishighlighted as (unsupported) etch. (#859247) * Fix a regression in parsing ctags-generated TAGS files (#859426) * Set $TERM to a sane value before running tests. This fixes test failures when $TERM is an atypical value (like "unknown" in the reproducible builds environment). (include/attach the debdiff against the package in testing) unblock vim/2:8.0.0197-4 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for vim-8.0.0197 vim-8.0.0197 changelog | 12 + patches/series |2 patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch | 76 +++ patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch | 103 ++ rules |3 5 files changed, 195 insertions(+), 1 deletion(-) diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog --- vim-8.0.0197/debian/changelog 2017-03-06 22:33:23.0 -0500 +++ vim-8.0.0197/debian/changelog 2017-04-23 08:10:29.0 -0400 @@ -1,3 +1,15 @@ +vim (2:8.0.0197-4) unstable; urgency=medium + + * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for +ctags-generated emacs style tags files. (Closes: #859426) + * Add Artful Aardvark to deb{changelog,sources} syntax files. + * debsources.vim: Require word boundaries around distribution name. +(Closes: #859247) + * Set $TERM to a known sane value when running tests to avoid test failures +due to an unknown $TERM. + + -- James McCoy <james...@debian.org> Sun, 23 Apr 2017 08:10:29 -0400 + vim (2:8.0.0197-3) unstable; urgency=high * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows diff -Nru vim-8.0.0197/debian/patches/series vim-8.0.0197/debian/patches/series --- vim-8.0.0197/debian/patches/series 2017-03-06 22:33:23.0 -0500 +++ vim-8.0.0197/debian/patches/series 2017-04-23 08:10:29.0 -0400 @@ -8,3 +8,5 @@ upstream/patch-8.0.0322-possible-overflow-with-corrupted-spell-fil.patch upstream/patch-8.0.0377-possible-overflow-when-reading-corrupted-u.patch upstream/patch-8.0.0378-possible-overflow-when-reading-corrupted-u.patch +upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch +upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch diff -Nru vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch --- vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch 1969-12-31 19:00:00.0 -0500 +++ vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch 2017-04-23 08:10:29.0 -0400 @@ -0,0 +1,76 @@ +From: James McCoy <james...@debian.org> +Date: Sat, 22 Apr 2017 13:43:32 -0400 +Subject: Add Artful Aardvark to deb{changelog,sources} syntax files + +Require word boundary around distribution name. + +Closes: #859247 +Signed-off-by: James McCoy <james...@debian.org> +--- + runtime/syntax/debchangelog.vim | 4 ++-- + runtime/syntax/debsources.vim | 10 +- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim +index eb02aaf..691420f 100644 +--- a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim +@@ -3,7 +3,7 @@ + " Maintainer: Debian Vim Maintainers <pkg-vim-maintain...@lists.alioth.debian.org> + " Former Maintainers: Gerfried Fuchs <al...@ist.org> + " Wichert Akkerman <wakke...@debian.org> +-" Last Change: 2016 Nov 12 ++" Last Change: 2017 Apr 22 + " URL: https://anonscm.debian.org/cgit/pkg-vim/vim.git/plain/runtime/syntax/debchangelog.vim + + " Standard syntax initialization +@@ -21,7 +21,7 @@ let binNMU='binary-only=yes' + syn match debchangelogNamecontained "^[[:alnum:]][[:alnum:].+-]\+ " + exe 'syn match debchangelogFirstKVcontained "; \('.urg
Bug#860242: unblock: neovim/0.1.7-4
On Thu, Apr 13, 2017 at 08:13:31AM -0400, James McCoy wrote: > Please unblock package neovim > > This upload includes fixes for CVE-2017-{5953,6349,6350}. > > unblock neovim/0.1.7-4 Ping? > diffstat for neovim-0.1.7 neovim-0.1.7 > > changelog |9 ++ > patches/0001-debcherry-fixup-patch.patch| 32 > +++- > patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch |4 - > patches/0003-tui-backpressure-Drop-messages-to-avoid-flooding.patch |4 - > patches/0004-vim-patch-8.0.0377.patch | 38 > ++ > patches/0005-vim-patch-8.0.0378.patch | 37 > + > patches/series |2 > 7 files changed, 118 insertions(+), 8 deletions(-) > > diff -Nru neovim-0.1.7/debian/changelog neovim-0.1.7/debian/changelog > --- neovim-0.1.7/debian/changelog 2017-01-16 07:18:35.0 -0500 > +++ neovim-0.1.7/debian/changelog 2017-04-10 08:15:38.0 -0400 > @@ -1,3 +1,12 @@ > +neovim (0.1.7-4) unstable; urgency=high > + > + * Cherry-pick b338bb9d & 4af6c608 from upstream to fix buffer overflow if a > +spellfile has an invalid length in it. (CVE-2017-5953) > + * Cherry-pick fb66a7c6 & ad66826a from upstream to fix buffer overflows > when > +reading corrupted undo files. (CVE-2017-6349 & CVE-2017-6350) > + > + -- James McCoy <james...@debian.org> Mon, 10 Apr 2017 08:15:38 -0400 > + > neovim (0.1.7-3) unstable; urgency=medium > >* Disable global_spec.lua since it's rather flaky. > diff -Nru neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch > neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch > --- neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch > 2017-01-16 07:18:35.0 -0500 > +++ neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch > 2017-04-10 08:15:38.0 -0400 > @@ -1,8 +1,12 @@ > -From 2ef123279cbff7afeb5546992dc34c902664b4db Mon Sep 17 00:00:00 2001 > +From 5a06ba6f8d7c464ec319eac1a805575849203371 Mon Sep 17 00:00:00 2001 > From: James McCoy <james...@jamessan.com> > -Date: Mon, 16 Jan 2017 07:19:41 -0500 > -Subject: [PATCH 1/3] debcherry fixup patch > +Date: Mon, 10 Apr 2017 08:16:34 -0400 > +Subject: [PATCH 1/5] debcherry fixup patch > > +53bde37a vim-patch:8.0.0376 > + - no changes against upstream or conflicts > +aa0c704e vim-patch:8.0.0322 > + - extra changes or conflicts > 7b3fc809 out_data_decide_throttle(): timeout instead of hard limit. >- no changes against upstream or conflicts > 443f0387 out_data_decide_throttle(): Avoid too-small final chunk. > @@ -22,11 +26,12 @@ > src/nvim/main.c | 2 +- > src/nvim/memory.c | 31 --- > src/nvim/os/shell.c | 147 > -- > + src/nvim/spell.c | 6 +- > test/functional/eval/execute_spec.lua | 17 ++-- > test/functional/terminal/helpers.lua | 1 + > test/functional/ui/output_spec.lua| 21 + > test/functional/ui/screen.lua | 47 --- > - 10 files changed, 235 insertions(+), 49 deletions(-) > + 11 files changed, 240 insertions(+), 50 deletions(-) > > diff --git a/runtime/doc/various.txt b/runtime/doc/various.txt > index a1bf379d..3c147244 100644 > @@ -353,6 +358,25 @@ > if (cnt) { > rbuffer_consumed(buf, cnt); > } > +diff --git a/src/nvim/spell.c b/src/nvim/spell.c > +index 7119ac6d..7dc9eb05 100644 > +--- a/src/nvim/spell.c > b/src/nvim/spell.c > +@@ -3589,9 +3589,13 @@ spell_read_tree ( > + > + // The tree size was computed when writing the file, so that we can > + // allocate it as one long block. > +- int len = get4c(fd); > ++ long len = get4c(fd); > + if (len < 0) > + return SP_TRUNCERROR; > ++ if ((size_t)len >= SIZE_MAX / sizeof(int)) { > ++// Invalid length, multiply with sizeof(int) would overflow. > ++return SP_FORMERROR; > ++ } > + if (len > 0) { > + // Allocate the byte array. > + bp = xmalloc(len); > diff --git a/test/functional/eval/execute_spec.lua > b/test/functional/eval/execute_spec.lua > index b5b48143..fc13c0a7 100644 > --- a/test/functional/eval/execute_spec.lua > diff -Nru > neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch > neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch > --- > neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch > 2017-0
Bug#860242: unblock: neovim/0.1.7-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package neovim This upload includes fixes for CVE-2017-{5953,6349,6350}. unblock neovim/0.1.7-4 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for neovim-0.1.7 neovim-0.1.7 changelog |9 ++ patches/0001-debcherry-fixup-patch.patch| 32 +++- patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch |4 - patches/0003-tui-backpressure-Drop-messages-to-avoid-flooding.patch |4 - patches/0004-vim-patch-8.0.0377.patch | 38 ++ patches/0005-vim-patch-8.0.0378.patch | 37 + patches/series |2 7 files changed, 118 insertions(+), 8 deletions(-) diff -Nru neovim-0.1.7/debian/changelog neovim-0.1.7/debian/changelog --- neovim-0.1.7/debian/changelog 2017-01-16 07:18:35.0 -0500 +++ neovim-0.1.7/debian/changelog 2017-04-10 08:15:38.0 -0400 @@ -1,3 +1,12 @@ +neovim (0.1.7-4) unstable; urgency=high + + * Cherry-pick b338bb9d & 4af6c608 from upstream to fix buffer overflow if a +spellfile has an invalid length in it. (CVE-2017-5953) + * Cherry-pick fb66a7c6 & ad66826a from upstream to fix buffer overflows when +reading corrupted undo files. (CVE-2017-6349 & CVE-2017-6350) + + -- James McCoy <james...@debian.org> Mon, 10 Apr 2017 08:15:38 -0400 + neovim (0.1.7-3) unstable; urgency=medium * Disable global_spec.lua since it's rather flaky. diff -Nru neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch --- neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch 2017-01-16 07:18:35.0 -0500 +++ neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch 2017-04-10 08:15:38.0 -0400 @@ -1,8 +1,12 @@ -From 2ef123279cbff7afeb5546992dc34c902664b4db Mon Sep 17 00:00:00 2001 +From 5a06ba6f8d7c464ec319eac1a805575849203371 Mon Sep 17 00:00:00 2001 From: James McCoy <james...@jamessan.com> -Date: Mon, 16 Jan 2017 07:19:41 -0500 -Subject: [PATCH 1/3] debcherry fixup patch +Date: Mon, 10 Apr 2017 08:16:34 -0400 +Subject: [PATCH 1/5] debcherry fixup patch +53bde37a vim-patch:8.0.0376 +- no changes against upstream or conflicts +aa0c704e vim-patch:8.0.0322 +- extra changes or conflicts 7b3fc809 out_data_decide_throttle(): timeout instead of hard limit. - no changes against upstream or conflicts 443f0387 out_data_decide_throttle(): Avoid too-small final chunk. @@ -22,11 +26,12 @@ src/nvim/main.c | 2 +- src/nvim/memory.c | 31 --- src/nvim/os/shell.c | 147 -- + src/nvim/spell.c | 6 +- test/functional/eval/execute_spec.lua | 17 ++-- test/functional/terminal/helpers.lua | 1 + test/functional/ui/output_spec.lua| 21 + test/functional/ui/screen.lua | 47 --- - 10 files changed, 235 insertions(+), 49 deletions(-) + 11 files changed, 240 insertions(+), 50 deletions(-) diff --git a/runtime/doc/various.txt b/runtime/doc/various.txt index a1bf379d..3c147244 100644 @@ -353,6 +358,25 @@ if (cnt) { rbuffer_consumed(buf, cnt); } +diff --git a/src/nvim/spell.c b/src/nvim/spell.c +index 7119ac6d..7dc9eb05 100644 +--- a/src/nvim/spell.c b/src/nvim/spell.c +@@ -3589,9 +3589,13 @@ spell_read_tree ( + + // The tree size was computed when writing the file, so that we can + // allocate it as one long block. +- int len = get4c(fd); ++ long len = get4c(fd); + if (len < 0) + return SP_TRUNCERROR; ++ if ((size_t)len >= SIZE_MAX / sizeof(int)) { ++// Invalid length, multiply with sizeof(int) would overflow. ++return SP_FORMERROR; ++ } + if (len > 0) { + // Allocate the byte array. + bp = xmalloc(len); diff --git a/test/functional/eval/execute_spec.lua b/test/functional/eval/execute_spec.lua index b5b48143..fc13c0a7 100644 --- a/test/functional/eval/execute_spec.lua diff -Nru neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch --- neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch 2017-01-16 07:18:35.0 -0500 +++ neovim-0.1.7/debia
Bug#857041: jessie-pu: package vim/2:7.4.488-7+deb8u3
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu This upload would fix two no-dsa CVEs (CVE-2017-6349, CVE-2017-6350) for Vim. Debdiff attached. -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for vim-7.4.488 vim-7.4.488 changelog|8 + patches/series |2 + patches/upstream/v8-0-0377.patch | 45 patches/upstream/v8-0-0378.patch | 54 +++ 4 files changed, 109 insertions(+) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2017-02-12 20:02:50.0 -0500 +++ vim-7.4.488/debian/changelog2017-03-06 23:52:28.0 -0500 @@ -1,3 +1,11 @@ +vim (2:7.4.488-7+deb8u3) jessie; urgency=medium + + * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows +when reading corrupted undo files. (Closes: #856266, CVE-2017-6349, +CVE-2017-6350) + + -- James McCoy <james...@debian.org> Mon, 06 Mar 2017 23:52:28 -0500 + vim (2:7.4.488-7+deb8u2) jessie-security; urgency=high * Backport patch 8.0.0322 to fix a buffer overflow if a spellfile has an diff -Nru vim-7.4.488/debian/patches/series vim-7.4.488/debian/patches/series --- vim-7.4.488/debian/patches/series 2017-02-12 19:59:43.0 -0500 +++ vim-7.4.488/debian/patches/series 2017-03-06 23:46:47.0 -0500 @@ -10,3 +10,5 @@ debian/extra-tex-detection.patch upstream/v8-0-0056.patch upstream/v8-0-0322.patch +upstream/v8-0-0377.patch +upstream/v8-0-0378.patch diff -Nru vim-7.4.488/debian/patches/upstream/v8-0-0377.patch vim-7.4.488/debian/patches/upstream/v8-0-0377.patch --- vim-7.4.488/debian/patches/upstream/v8-0-0377.patch 1969-12-31 19:00:00.0 -0500 +++ vim-7.4.488/debian/patches/upstream/v8-0-0377.patch 2017-03-06 23:51:37.0 -0500 @@ -0,0 +1,45 @@ +commit 3eb1637b1bba19519885dd6d377bd5596e91d22c +Author: Bram Moolenaar <b...@vim.org> +Date: Sun Feb 26 18:11:36 2017 +0100 + +patch 8.0.0377: possible overflow when reading corrupted undo file + +Problem:Possible overflow when reading corrupted undo file. +Solution: Check if allocated size is not too big. (King) + +diff --git a/src/undo.c b/src/undo.c +index b69f31872..ba7c0b83c 100644 +--- a/src/undo.c b/src/undo.c +@@ -1836,7 +1836,7 @@ u_read_undo(char_u *name, char_u *hash, char_u *orig_name) + linenr_T line_lnum; + colnr_T line_colnr; + linenr_T line_count; +-int num_head = 0; ++long num_head = 0; + long old_header_seq, new_header_seq, cur_header_seq; + long seq_last, seq_cur; + long last_save_nr = 0; +@@ -2023,7 +2023,8 @@ u_read_undo(char_u *name, char_u *hash, char_u *orig_name) + * When there are no headers uhp_table is NULL. */ + if (num_head > 0) + { +- uhp_table = (u_header_T **)U_ALLOC_LINE( ++ if (num_head < LONG_MAX / (long)sizeof(u_header_T *)) ++ uhp_table = (u_header_T **)U_ALLOC_LINE( +num_head * sizeof(u_header_T *)); + if (uhp_table == NULL) + goto error; +diff --git a/src/version.c b/src/version.c +index 8d1454197..c79020b21 100644 +--- a/src/version.c b/src/version.c +@@ -1733,6 +1733,8 @@ static char *(features[]) = + static char *(extra_patches[]) = + { /* Add your patch description below this line */ + /**/ ++"8.0.0377", ++/**/ + "8.0.0322", + /**/ + "8.0.0056", diff -Nru vim-7.4.488/debian/patches/upstream/v8-0-0378.patch vim-7.4.488/debian/patches/upstream/v8-0-0378.patch --- vim-7.4.488/debian/patches/upstream/v8-0-0378.patch 1969-12-31 19:00:00.0 -0500 +++ vim-7.4.488/debian/patches/upstream/v8-0-0378.patch 2017-03-06 23:52:12.0 -0500 @@ -0,0 +1,54 @@ +commit 0c8485f0e4931463c0f7986e1ea84a7d79f10c75 +Author: Bram Moolenaar <b...@vim.org> +Date: Sun Feb 26 18:17:10 2017 +0100 + +patch 8.0.0378: possible overflow when reading corrupted undo file + +Problem:Another possible overflow when reading corrupted undo file. +Solution: Check if allocated size is not too big. (King) + +diff --git a/src/undo.c b/src/undo.c +index ba7c0b83c..5b953795e 100644 +--- a/src/undo.c b/src/undo.c +@@ -1423,7 +1423,7 @@ unserialize_uep(bufinfo_T *bi, int *error, char_u *file_name) + { + int i; + u_entry_T *uep; +-char_u**array; ++char_u**array = NUL
Bug#857007: unblock: devscripts/2.17.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts devscripts (2.17.2) unstable; urgency=medium [ James McCoy ] * deb-reversion: + Correct parsing of long-form --new-version switch. (Closes: #853919) * grep-excuses: + Improve robustness of HTML parsing to avoid issues like #856104, until grep-excuses is converted to consume YAML. * debsign: + Add support for *.buildinfo files. Thanks to Ximin Luo and Guillem Jover for the patches! (Closes: #855282) * debian/tests/control: Add mozilla-devscripts to Depends, as needed by mk-origtargz's tests. [ Antonio Terceiro ] * rc-alert: + Add bug URL to the output. [ Guillem Jover ] * wrap-and-sort: + Deal with Build-Conflicts-{Arch,Indep}, Build-Depends-Arch and Built-Using fields. (Closes: #855433) [ Mattia Rizzolo ] * Remove Ryan Niebur from Uploaders after a request from the MIA Team. Thank you for all your past contributions! (Closes: #856374) -- James McCoy <james...@debian.org> Sun, 05 Mar 2017 22:23:37 -0500 #853919, #855433, and #856104 are minor fixes, both in impact and churn. The latter, in particular, is just preventative since britney has been fixed. #855282 is a fair amount of churn, but I think having buildinfo support is important for Stretch. Adrian Bunk also noted[0] that debarchiver was rejecting package uploads signed by debsign since dscverify's support for buildinfo was uploaded in 2.17.1. The individual commits may be easier to review: - https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=e1a18a8f..1a3304ab - https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=51b5e50e The debdiff is attached. unblock devscripts/2.17.2 [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855282#42 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for devscripts-2.17.1 devscripts-2.17.2 debian/changelog| 29 ++ debian/control |3 debian/tests/control|2 po4a/po/de.po | 232 +-- po4a/po/devscripts.pot | 112 - po4a/po/fr.po | 206 +++-- scripts/deb-reversion.sh|2 scripts/debsign.1 | 64 ++--- scripts/debsign.bash_completion |1 scripts/debsign.sh | 484 +--- scripts/dscverify.pl|8 scripts/grep-excuses.pl |4 scripts/rc-alert.pl |1 scripts/wrap-and-sort |4 test/test_package_lifecycle | 48 +++ 15 files changed, 784 insertions(+), 416 deletions(-) diff -Nru devscripts-2.17.1/debian/changelog devscripts-2.17.2/debian/changelog --- devscripts-2.17.1/debian/changelog 2017-02-01 21:25:00.0 -0500 +++ devscripts-2.17.2/debian/changelog 2017-03-05 22:23:37.0 -0500 @@ -1,3 +1,32 @@ +devscripts (2.17.2) unstable; urgency=medium + + [ James McCoy ] + * deb-reversion: ++ Correct parsing of long-form --new-version switch. (Closes: #853919) + * grep-excuses: ++ Improve robustness of HTML parsing to avoid issues like #856104, until + grep-excuses is converted to consume YAML. + * debsign: ++ Add support for *.buildinfo files. Thanks to Ximin Luo and Guillem + Jover for the patches! (Closes: #855282) + * debian/tests/control: Add mozilla-devscripts to Depends, as needed by +mk-origtargz's tests. + + [ Antonio Terceiro ] + * rc-alert: ++ Add bug URL to the output. + + [ Guillem Jover ] + * wrap-and-sort: ++ Deal with Build-Conflicts-{Arch,Indep}, Build-Depends-Arch and + Built-Using fields. (Closes: #855433) + + [ Mattia Rizzolo ] + * Remove Ryan Niebur from Uploaders after a request from the MIA Team. +Thank you for all your past contributions! (Closes: #856374) + + -- James McCoy <james...@debian.org> Sun, 05 Mar 2017 22:23:37 -0500 + devscripts (2.17.1) unstable; urgency=medium [ Osamu Aoki ] diff -Nru devscripts-2.17.1/debian/control devscripts-2.17.2/debian/control --- devscripts-2.17.1/debian/control2017-02-01 21:25:00.0 -0500 +++ devscripts-2.17.2/debian/control2017-03-05 22:23:37.0 -0500 @@ -5,7 +5,6 @@ Uploaders: James McCoy <james...@debian.org>, Martin Zobel-Helas <zo...@debian.org>, Patrick Schoenfeld <schoenf...@debian.org>, - Ryan Niebur <ryanrya...@gmail.com>, Benjamin Drung <bdr...@debian.org>
Re: Bug#855644: devscripts: grep-excuses doesn't work with maintainer name
Control: clone -1 -2 Control: retitle -2 [britney] Add an EOL to the verdict summary line in HTML output Control: tag -2 patch Control: retitle -1 grep-excuses: Use excuses.yaml instead of update_excuses.html.gz Control: severity -1 normal On Mon, Feb 20, 2017 at 10:42:17PM +0100, Christian Marillat wrote: > $ grep-excuses sawfish-merlin-ugliness > sawfish-merlin-ugliness (- to 1.3.1-1) > Migration status: BLOCKED: Rejected/introduces a regression (please see > below) > Maintainer: Christian Marillat > 4589 days old (needed 10 days) > Not touching package due to block request by freeze (check > https://release.debian.org/testing/freeze_policy.html if update is needed) > sawfish-merlin-ugliness has new bugs! > Updating sawfish-merlin-ugliness introduces new bugs: #800278 > Piuparts tested OK - > https://piuparts.debian.org/sid/source/s/sawfish-merlin-ugliness.html > > When 'grep-excuses Marillat' or grep-excuses 'Christian Marillat' return > nothing. This is due to a recent change in the script that generates the update_excuses.html page, which breaks grep-excuses' parsing. I'm splitting this bug into two pieces. One, for the release team, to fix the generation of the HTML so grep-excuses is fixed now, and another for grep-excuses to start consuming YAML instead of parsing HTML. I have patches for both bugs, but the YAML one will need to wait until Buster, since it's essentially a rewrite of that part of grep-excuses. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB >From a04d730bb7ba63df17117c3bfc4afd93bab9f37c Mon Sep 17 00:00:00 2001 From: James McCoy <james...@debian.org> Date: Fri, 24 Feb 2017 23:43:57 -0500 Subject: [PATCH] excuse: Add an EOL to the verdict summary line in HTML output devscripts' grep-excuses expects each to be on its own line. When d7a676d0741729bb643e0b8c54b989cb747c6a4b added the verdict summary, without an EOL, it broke grep-excuses' ability to search by maintainer. Signed-off-by: James McCoy <james...@debian.org> --- britney2/excuse.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/britney2/excuse.py b/britney2/excuse.py index 4dbd703..e301cfe 100644 --- a/britney2/excuse.py +++ b/britney2/excuse.py @@ -182,7 +182,7 @@ class Excuse(object): """Render the excuse in HTML""" res = "%s (%s to %s)\n\n" % \ (self.name, self.name, self.name, self.ver[0], self.ver[1]) -res += "Migration status: %s" % self._format_verdict_summary() +res += "Migration status: %s\n" % self._format_verdict_summary() if self.maint: res = res + "Maintainer: %s\n" % (self.maint) if self.section and self.section.find("/") > -1: -- 2.11.0
Bug#853920: unblock: devscripts/2.17.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts * Fix FTBFS (test failure) due to recent debhelper changes (#852918) * Add .buildinfo support to dscverify * Documentation/translation updates debdiff attached. unblock devscripts/2.17.1 -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for devscripts-2.17.0 devscripts-2.17.1 debian/changelog| 27 +++ debian/tests/control|2 po4a/po/de.po | 100 +++- po4a/po/devscripts.pot | 77 + po4a/po/fr.po | 91 scripts/dscverify.1 | 15 +++--- scripts/dscverify.pl| 10 ++-- scripts/uscan.pl|2 test/test_package_lifecycle |8 ++- 9 files changed, 205 insertions(+), 127 deletions(-) diff -Nru devscripts-2.17.0/debian/changelog devscripts-2.17.1/debian/changelog --- devscripts-2.17.0/debian/changelog 2017-01-10 23:21:45.0 -0500 +++ devscripts-2.17.1/debian/changelog 2017-02-01 21:25:00.0 -0500 @@ -1,3 +1,30 @@ +devscripts (2.17.1) unstable; urgency=medium + + [ Osamu Aoki ] + * uscan: ++ PyPI packages location change. (Closes: #851590) + + [ Guillem Jover ] + * dscverify: ++ Add support for .buildinfo files. (Closes: #852801) + + [ Mattia Rizzolo ] + * dscverify: ++ Remove reference to the long gone debian-maintainers package. + * test_package_lifecycle: ++ Import patch from Ubuntu to have the test pass on their builders too: + filter out output from pkg-create-dbgsym's dh_gencontrol wrapper, pass + --set-envvar=NO_PKG_MANGLE=1 to debuild, and pass -U to debchange. + * debian/tests/control: ++ Depend on build-essential. + + [ James McCoy ] + * test_package_lifecycle: ++ Ignore debhelper's new "create-stamp" output to fix the test failure. + (Closes: #852918) + + -- James McCoy <james...@debian.org> Wed, 01 Feb 2017 21:25:00 -0500 + devscripts (2.17.0) unstable; urgency=medium [ Sean Whitton ] diff -Nru devscripts-2.17.0/debian/tests/control devscripts-2.17.1/debian/tests/control --- devscripts-2.17.0/debian/tests/control 2017-01-10 23:21:45.0 -0500 +++ devscripts-2.17.1/debian/tests/control 2017-02-01 21:25:00.0 -0500 @@ -1,3 +1,3 @@ Tests: shunit2 -Depends: devscripts, libdistro-info-perl, zip, shunit2, gcc +Depends: devscripts, libdistro-info-perl, zip, shunit2, gcc, build-essential Restrictions: allow-stderr needs-recommends diff -Nru devscripts-2.17.0/po4a/po/de.po devscripts-2.17.1/po4a/po/de.po --- devscripts-2.17.0/po4a/po/de.po 2017-01-10 23:21:45.0 -0500 +++ devscripts-2.17.1/po4a/po/de.po 2017-02-01 21:25:00.0 -0500 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: devscripts 2.16.4\n" "Report-Msgid-Bugs-To: devscri...@packages.debian.org\n" -"POT-Creation-Date: 2017-01-11 04:24+\n" +"POT-Creation-Date: 2017-02-02 02:29+\n" "PO-Revision-Date: 2016-09-25 18:56+0200\n" "Last-Translator: Chris Leick <c.le...@vollbio.de>\n" "Language-Team: de <debian-l10n-ger...@lists.debian.org>\n" @@ -252,7 +252,7 @@ #: ../scripts/annotate-output.1:19 ../scripts/debchange.1:389 #: ../scripts/debclean.1:90 ../scripts/debrelease.1:102 #: ../scripts/debsign.1:103 ../scripts/dep3changelog.1:19 -#: ../scripts/dscverify.1:39 ../scripts/nmudiff.1:76 +#: ../scripts/dscverify.1:40 ../scripts/nmudiff.1:76 #: ../scripts/pts-subscribe.1:31 ../scripts/uupdate.1:104 #: ../scripts/who-uploads.1:47 msgid "Display a help message and exit successfully." @@ -344,7 +344,7 @@ #: ../scripts/debuild.1:445 ../scripts/dep3changelog.1:28 #: ../scripts/dget.pl:717 ../scripts/diff2patches.1:45 #: ../scripts/dpkg-depcheck.1:118 ../scripts/dpkg-genbuilddeps.1:30 -#: ../scripts/dscverify.1:75 ../scripts/git-deborig.pl:52 +#: ../scripts/dscverify.1:76 ../scripts/git-deborig.pl:52 #: ../scripts/grep-excuses.1:45 ../scripts/list-unreleased.1:19 #: ../scripts/mk-origtargz.pl:181 ../scripts/nmudiff.1:108 #: ../scripts/origtargz.pl:158 ../scripts/plotchangelog.1:124 @@ -395,7 +395,7 @@ #: ../scripts/desktop2menu.pl:52 ../scripts/dep3changelog.1:26 #: ../scripts/dget.pl:709 ../scripts/diff2patches.1:48 #: ../scripts/dpkg-genbuilddeps.1:36 ../scripts/dscextract.1:32 -#: ../scripts/dscverify.1:80 ../scripts/getbuildlog.1:41 +#: ../scripts/dscver
iptables transition (was Re: Bug#844755: fixed in iptables 1.6.0+snapshot20161117-2)
On Tue, Nov 22, 2016 at 02:00:47AM +, Arturo Borrero Gonzalez wrote: > Changes: > iptables (1.6.0+snapshot20161117-2) unstable; urgency=medium > . >* [146c602] libxtables: bump from libxtables11 to libxtables12 (Closes: > #844755) As noted in the last Release Update[0], November 5th was the close for library transitions. Not only is this a late transition, but it seems to be uncoordinated with the release team. This may need to be reverted. [0]: https://lists.debian.org/debian-devel-announce/2016/11/msg2.html Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#815036: transition: msgpack-c
On Sun, Sep 25, 2016 at 11:23:43AM +0200, Emilio Pozuelo Monfort wrote: > On 24/09/16 22:52, James McCoy wrote: > > On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote: > >> On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote: > >>> Upload msgpack-c to unstable, then you bump the remaining bugs to RC. > >> > >> Done. The tmate maintainer is going to move the compatible version from > >> experimental to unstable today. > > > > It looks like everything's transitioned. > > Should src:msgpack be removed from the archive now? libmsgpack3 has no rdeps. Yes, it should. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#815036: transition: msgpack-c
On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote: > On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote: > > Upload msgpack-c to unstable, then you bump the remaining bugs to RC. > > Done. The tmate maintainer is going to move the compatible version from > experimental to unstable today. It looks like everything's transitioned. Thanks! -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#815036: transition: msgpack-c
On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote: > On 27/08/16 04:39, James McCoy wrote: > > On Sat, Aug 13, 2016 at 10:10:29AM -0400, James McCoy wrote: > >> On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote: > >>> + libdata-messagepack-perl has a fix upstream but no "stable" release > >>> including it > > > > There is now an actual upstream release with the msgpack-c changes. > > > >>> + libdata-messagepack-stream-perl could be NMUed once > >>> libdata-messagepack-perl is available. > >> > >> No activity on either of these. > >> > >> They're only used by libcatmandu-store-lucy-perl and > >> libtext-xslate-perl, which have no rdeps. Should I bump the severity of > >> these bugs or suggest removing them? > > > > I've pinged these bugs and got responses that the Perl folks would be ok > > with those two packages being removed from testing (not unstable since > > packaging was done in response to an RFP) to help the transition and > > possibly bring visibility to the needed maintenance. > > > > Given that there's been some activity upstream around these packages, > > I'm a little more confident about performing NMUs than I had been. > > > > Thoughts on how to proceed? > > Upload msgpack-c to unstable, then you bump the remaining bugs to RC. Done. The tmate maintainer is going to move the compatible version from experimental to unstable today. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#815036: transition: msgpack-c
On Sat, Aug 13, 2016 at 10:10:29AM -0400, James McCoy wrote: > On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote: > > + libdata-messagepack-perl has a fix upstream but no "stable" release > > including it There is now an actual upstream release with the msgpack-c changes. > > + libdata-messagepack-stream-perl could be NMUed once > > libdata-messagepack-perl is available. > > No activity on either of these. > > They're only used by libcatmandu-store-lucy-perl and > libtext-xslate-perl, which have no rdeps. Should I bump the severity of > these bugs or suggest removing them? I've pinged these bugs and got responses that the Perl folks would be ok with those two packages being removed from testing (not unstable since packaging was done in response to an RFP) to help the transition and possibly bring visibility to the needed maintenance. Given that there's been some activity upstream around these packages, I'm a little more confident about performing NMUs than I had been. Thoughts on how to proceed? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#815036: transition: msgpack-c
On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote: > On Tue, Jun 14, 2016 at 07:43:27PM +0200, Emilio Pozuelo Monfort wrote: > > How is this progressing? > > To summarize: > > + Will NMU webdis with my proposed patch and send it upstream Done > + tmate is fixed in experimental > + libdata-messagepack-perl has a fix upstream but no "stable" release > including it > + libdata-messagepack-stream-perl could be NMUed once > libdata-messagepack-perl is available. No activity on either of these. They're only used by libcatmandu-store-lucy-perl and libtext-xslate-perl, which have no rdeps. Should I bump the severity of these bugs or suggest removing them? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#831699: release.debian.org: urgency is sticky across dists - low urgency on sid upload ignored after previous experimental medium-urgency upload
Control: reopen -1 Control: clone -1 -2 Control: reassign -2 ftp.debian.org Control: retitle -2 [dak] Include suite information in UrgencyLog Control: block -1 by -2 On Tue, Jul 19, 2016 at 07:53:00PM +, Niels Thykier wrote: > Adam D. Barratt: > > On Tue, 2016-07-19 at 15:40 +0200, Goswin von Brederlow wrote: > >> On Mon, Jul 18, 2016 at 07:41:54PM +0200, Andreas Metzler wrote: > > [...] > >>> Testing has 2016.0.0+dfsg-1, which was followed by > >>> [2016-07-16] 2016.2.0~rc1+dfsg-2 in unstable (low) > >>> [2016-07-11] 2016.2.0~rc1+dfsg-1 in experimental (low) > >>> [2016-06-04] 2016.2.0~beta1+dfsg-1 in experimental (medium) > >>> > >>> britney seems to have remembered that 2016.2.0~beta1+dfsg-1 had medium > >>> urgency and chose to consider this urgency for sid->testing migration. > > [...] > >> Does it remember or does it parse the changelog and use the highest > >> priority since the version in testing? The hugin changelog contains > >> the urgency=medium entry so this seems a valid urgency to use. > > > > britney knows nothing about changelogs. The input is a strictly > > chronological (in terms of when dak accepted the package) list of source > > package name, version and urgency tuples for all uploads to the main > > archive. > > > > Regards, > > > > Adam > > > > For the people interested, the input data is available from [1]. If you > want it changed, it will need to be fixed in dak (producer) and Britney > (as the consumer). I think that's the proper fix for this and I would prefer to avoid adding even more special-casing code to dch. > From my PoV: Patches welcome and will gladly help people, who are > interested in it. I don't expect to have time to fix it myself any time > soon - but as I said; I will gladly help people getting started. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB signature.asc Description: PGP signature
Bug#815036: transition: msgpack-c
On Tue, Jun 14, 2016 at 07:43:27PM +0200, Emilio Pozuelo Monfort wrote: > On 25/02/16 02:28, James McCoy wrote: > > On Mon, Feb 22, 2016 at 07:39:44PM +0100, Emilio Pozuelo Monfort wrote: > >> On 21/02/16 16:54, James McCoy wrote: > >>> On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote: > >>>> FTBFS: > >>>> > >>>> * webdis: > >>>> + #811343 filed with patch No action seen on this. I can try to push this upstream. The package hasn't seen any activity in almost a year (even with an upstream release in the interim). I could NMU this. > >>>> * tmate: > >>>> + New upstream version is needed > >>>> + Will file a bug for this > >>> > >>> Filed #815381. Fixed in experimental. > >>>> * kumofs: > >>>> + configure script expects the C++ library (libmsgpack) and therefore > >>>> fails > >>>> + Trivial patch to remove that expectation leads to a compile failure > >>>> due to mixing code with C and C++ linkage > >>>> + No upstream activity in 5+ years > >>>> + Debian maintainer MIA > >>> > >>> Given the above and a popcon of 5, should an RM bug be filed? > >> > >> Yeah I'd say so. > > > > #815845 filed. This has been removed from the archive. libdata-messagepack-perl has an upstream pre-release which works with the new msgpack-c. I've poked them to see if they're ready to make an official release. There's still been no reaction to my patch against libdata-messagepack-stream-perl upstream. I can poke them again. > How is this progressing? To summarize: + Will NMU webdis with my proposed patch and send it upstream + tmate is fixed in experimental + libdata-messagepack-perl has a fix upstream but no "stable" release including it + libdata-messagepack-stream-perl could be NMUed once libdata-messagepack-perl is available. Also, a new package has appeared in the interim which needs the new msgpack-c. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3
On Fri, Mar 11, 2016 at 09:49:25PM +, Adam D. Barratt wrote: > On Sun, 2016-02-28 at 21:38 -0500, James McCoy wrote: > > I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a > > crash when running svn and using kwallet to store credentials. > [...] > > + * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to > > +store authentication information. (Closes: #736879) > > Please go ahead. Uploaded. Thanks, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org> signature.asc Description: PGP signature
Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3
On Sun, Feb 28, 2016 at 09:38:23PM -0500, James McCoy wrote: > I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a > crash when running svn and using kwallet to store credentials. Ping. > $ debdiff subversion_1.8.10-6+deb8u{2,3}.dsc > diffstat for subversion_1.8.10-6+deb8u2 subversion_1.8.10-6+deb8u3 > > debian/patches/r1701440-kwallet-segfault | 145 > +++ > subversion-1.8.10/debian/changelog |7 + > subversion-1.8.10/debian/patches/series |1 > 3 files changed, 153 insertions(+) > > diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog > --- subversion-1.8.10/debian/changelog > +++ subversion-1.8.10/debian/changelog > @@ -1,3 +1,10 @@ > +subversion (1.8.10-6+deb8u3) UNRELEASED; urgency=medium > + > + * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to > +store authentication information. (Closes: #736879) > + > + -- James McCoy <james...@debian.org> Sat, 27 Feb 2016 14:08:40 -0500 > + > subversion (1.8.10-6+deb8u2) jessie-security; urgency=high > >* patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with > diff -u subversion-1.8.10/debian/patches/series > subversion-1.8.10/debian/patches/series > --- subversion-1.8.10/debian/patches/series > +++ subversion-1.8.10/debian/patches/series > @@ -28,0 +29 @@ > +r1701440-kwallet-segfault > only in patch2: > unchanged: > --- subversion-1.8.10.orig/debian/patches/r1701440-kwallet-segfault > +++ subversion-1.8.10/debian/patches/r1701440-kwallet-segfault > @@ -0,0 +1,145 @@ > + > +r1701440 | svn-role | 2015-09-06 00:00:12 -0400 (Sun, 06 Sep 2015) | 9 lines > + > +Merge the r1700740 group from trunk: > + > + * r1700740, r1700951 > + Fix registration of kwallet to avoid double free on close > + Justification: > + Fixes segfault on kwallet close. User reported problem. > + Votes: > + +1: rhuijben, stsp, brane > + > + > +Index: 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp > +=== > +--- 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701439) > 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701440) > +@@ -47,6 +47,7 @@ > + #include "svn_auth.h" > + #include "svn_config.h" > + #include "svn_error.h" > ++#include "svn_hash.h" > + #include "svn_io.h" > + #include "svn_pools.h" > + #include "svn_string.h" > +@@ -135,35 +136,37 @@ > + return wid; > + } > + > ++/* Forward definition */ > ++static apr_status_t > ++kwallet_terminate(void *data); > ++ > + static KWallet::Wallet * > + get_wallet(QString wallet_name, > +apr_hash_t *parameters) > + { > + KWallet::Wallet *wallet = > +-static_cast (apr_hash_get(parameters, > +- "kwallet-wallet", > +- APR_HASH_KEY_STRING)); > +- if (! wallet && ! apr_hash_get(parameters, > +- "kwallet-opening-failed", > +- APR_HASH_KEY_STRING)) > ++static_cast (svn_hash_gets(parameters, > ++ "kwallet-wallet")); > ++ if (! wallet && ! svn_hash_gets(parameters, "kwallet-opening-failed")) > + { > + wallet = KWallet::Wallet::openWallet(wallet_name, get_wid(), > +KWallet::Wallet::Synchronous); > ++ > ++ if (wallet) > ++{ > ++ svn_hash_sets(parameters, "kwallet-wallet", wallet); > ++ > ++ apr_pool_cleanup_register(apr_hash_pool_get(parameters), > ++parameters, kwallet_terminate, > ++apr_pool_cleanup_null); > ++ > ++ svn_hash_sets(parameters, "kwallet-initialized", ""); > ++} > ++ else > ++{ > ++ svn_hash_sets(parameters, "kwallet-opening-failed", ""); > ++} > + } > +- if (wallet) > +-{ > +- apr_hash_set(parameters, > +- "kwallet-wallet", > +- APR_HASH_KEY_STRING, > +- wallet); > +-} > +- else > +-{ > +- apr_hash_set(parameters, > +- "kwallet-opening-failed", > +- APR_HASH_KEY_STRING, > +- ""); > +-} > +
Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a crash when running svn and using kwallet to store credentials. $ debdiff subversion_1.8.10-6+deb8u{2,3}.dsc diffstat for subversion_1.8.10-6+deb8u2 subversion_1.8.10-6+deb8u3 debian/patches/r1701440-kwallet-segfault | 145 +++ subversion-1.8.10/debian/changelog |7 + subversion-1.8.10/debian/patches/series |1 3 files changed, 153 insertions(+) diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog --- subversion-1.8.10/debian/changelog +++ subversion-1.8.10/debian/changelog @@ -1,3 +1,10 @@ +subversion (1.8.10-6+deb8u3) UNRELEASED; urgency=medium + + * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to +store authentication information. (Closes: #736879) + + -- James McCoy <james...@debian.org> Sat, 27 Feb 2016 14:08:40 -0500 + subversion (1.8.10-6+deb8u2) jessie-security; urgency=high * patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with diff -u subversion-1.8.10/debian/patches/series subversion-1.8.10/debian/patches/series --- subversion-1.8.10/debian/patches/series +++ subversion-1.8.10/debian/patches/series @@ -28,0 +29 @@ +r1701440-kwallet-segfault only in patch2: unchanged: --- subversion-1.8.10.orig/debian/patches/r1701440-kwallet-segfault +++ subversion-1.8.10/debian/patches/r1701440-kwallet-segfault @@ -0,0 +1,145 @@ + +r1701440 | svn-role | 2015-09-06 00:00:12 -0400 (Sun, 06 Sep 2015) | 9 lines + +Merge the r1700740 group from trunk: + + * r1700740, r1700951 + Fix registration of kwallet to avoid double free on close + Justification: + Fixes segfault on kwallet close. User reported problem. + Votes: + +1: rhuijben, stsp, brane + + +Index: 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp +=== +--- 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701439) 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701440) +@@ -47,6 +47,7 @@ + #include "svn_auth.h" + #include "svn_config.h" + #include "svn_error.h" ++#include "svn_hash.h" + #include "svn_io.h" + #include "svn_pools.h" + #include "svn_string.h" +@@ -135,35 +136,37 @@ + return wid; + } + ++/* Forward definition */ ++static apr_status_t ++kwallet_terminate(void *data); ++ + static KWallet::Wallet * + get_wallet(QString wallet_name, +apr_hash_t *parameters) + { + KWallet::Wallet *wallet = +-static_cast (apr_hash_get(parameters, +- "kwallet-wallet", +- APR_HASH_KEY_STRING)); +- if (! wallet && ! apr_hash_get(parameters, +- "kwallet-opening-failed", +- APR_HASH_KEY_STRING)) ++static_cast (svn_hash_gets(parameters, ++ "kwallet-wallet")); ++ if (! wallet && ! svn_hash_gets(parameters, "kwallet-opening-failed")) + { + wallet = KWallet::Wallet::openWallet(wallet_name, get_wid(), +KWallet::Wallet::Synchronous); ++ ++ if (wallet) ++{ ++ svn_hash_sets(parameters, "kwallet-wallet", wallet); ++ ++ apr_pool_cleanup_register(apr_hash_pool_get(parameters), ++parameters, kwallet_terminate, ++apr_pool_cleanup_null); ++ ++ svn_hash_sets(parameters, "kwallet-initialized", ""); ++} ++ else ++{ ++ svn_hash_sets(parameters, "kwallet-opening-failed", ""); ++} + } +- if (wallet) +-{ +- apr_hash_set(parameters, +- "kwallet-wallet", +- APR_HASH_KEY_STRING, +- wallet); +-} +- else +-{ +- apr_hash_set(parameters, +- "kwallet-opening-failed", +- APR_HASH_KEY_STRING, +- ""); +-} + return wallet; + } + +@@ -171,14 +174,12 @@ + kwallet_terminate(void *data) + { + apr_hash_t *parameters = static_cast (data); +- if (apr_hash_get(parameters, "kwallet-initialized", APR_HASH_KEY_STRING)) ++ if (svn_hash_gets(parameters, "kwallet-initialized")) + { + KWallet::Wallet *wallet = get_wallet(NULL, parameters); + delete wallet; +- apr_hash_set(parameters, +- "kwallet-initialized", +- APR_HASH_KEY_STRING, +- NU
Bug#815036: transition: msgpack-c
On Mon, Feb 22, 2016 at 07:39:44PM +0100, Emilio Pozuelo Monfort wrote: > Tracker at https://release.debian.org/transitions/html/msgpack-c.html Thanks! > On 21/02/16 16:54, James McCoy wrote: > > On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote: > >> FTBFS: > >> > >> * webdis: > >> + #811343 filed with patch > >> * tmate: > >> + New upstream version is needed > >> + Will file a bug for this > > > > Filed #815381. > > > >> * kumofs: > >> + configure script expects the C++ library (libmsgpack) and therefore > >> fails > >> + Trivial patch to remove that expectation leads to a compile failure > >> due to mixing code with C and C++ linkage > >> + No upstream activity in 5+ years > >> + Debian maintainer MIA > > > > Given the above and a popcon of 5, should an RM bug be filed? > > Yeah I'd say so. #815845 filed. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
Bug#815036: transition: msgpack-c
On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote: > FTBFS: > > * webdis: > + #811343 filed with patch > * tmate: > + New upstream version is needed > + Will file a bug for this Filed #815381. > * kumofs: > + configure script expects the C++ library (libmsgpack) and therefore > fails > + Trivial patch to remove that expectation leads to a compile failure > due to mixing code with C and C++ linkage > + No upstream activity in 5+ years > + Debian maintainer MIA Given the above and a popcon of 5, should an RM bug be filed? > * libdata-messagepack-stream-perl: > + This likely needs a newer version of libdata-messagepack-perl, which > hasn't been uploaded yet Confirmed that a newer libdata-messagepack-perl is needed. There is a patch in the Debian repo which helps, but a more complete patch is proposed upstream[0]. [0]: https://github.com/msgpack/msgpack-perl/pull/22 > + Needs to be adapted to new msgpack-c API. I have some patches I can > send in that regard. I've provided patches for this upstream[1] and opened bug #815433 to track this. [1]: https://github.com/typester/Data-MessagePack-Stream/issues/6 Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
Bug#815036: transition: msgpack-c
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I'd like to start discussion of a msgpack-c (formerly msgpack) transition. msgpack-c 1.4.0-2 is in experimental and I'm ready to start trying to get it into unstable & testing. I don't know of any outstanding issues other than it tickling a possible G++6 bug[0], but there's a possible workaround already being looked at upstream[1]. [0]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69853 [1]: https://github.com/redboltz/msgpack-c/commit/d1a9ddf80307c7fd8aa5bb060792523cf3e50482 Although there isn't an ABI bump, the 1.4.0 implements the new version of the msgpack format and has some related API changes. The old libmsgpackc2 doesn't understand the new msgpack format, so packages built against the new library won't run properly if they try to use some of the newer types. The libmsgpack3 packge is no longer relevant as the C++ interface is now header-only. I've done some test rebuilds of the reverse depends and here's the breakdown: FTBFS: * webdis: + #811343 filed with patch * tmate: + New upstream version is needed + Will file a bug for this * kumofs: + configure script expects the C++ library (libmsgpack) and therefore fails + Trivial patch to remove that expectation leads to a compile failure due to mixing code with C and C++ linkage + No upstream activity in 5+ years + Debian maintainer MIA * libdata-messagepack-stream-perl: + This likely needs a newer version of libdata-messagepack-perl, which hasn't been uploaded yet + Needs to be adapted to new msgpack-c API. I have some patches I can send in that regard. Good: * groonga I'll update this as I file bugs against the FTBFS packages, but I wanted to get on the radar and see what feedback the team had. I'm not quite sure about the Ben file, but I think it should be sufficient. From what I see, most current packages ended up getting dependencies on libmsgpack3 so seeing them switch to libmsgpackc2 should be good enough. I don't think enforcing a minimum version of the libmsgpackc2 dependency is accurate, since that depends on what part of the API is being used. Although it's most likely that anything build depending on libmsgpack-dev has *some* binary package that will get a dependency on libmsgpackc2 >= 1.0.0, not necessarily all of their binary packages will. For example, groonga's groonga-bin package has Depends libmsgpackc2 (>= 0.5.1) after a rebuild but groonga-plugin-suggest gets libmsgpackc2 (>= 1.0.0). Cheers, James Ben file: title = "msgpack-c"; is_affected = .build-depends ~ "libmsgpack-dev" is_good = .depends ~ "libmsgpackc2"; is_bad = .depends ~ "libmsgpack3" -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Re: Bug#807128: gcc-5-base: Differing changelog.Debian.gz between :i386 and :amd64
Control: reassign -1 release.debian.org Control: retitle -1 nmu: gcc-5_5.3.0-3 Control: user release.debian@packages.debian.org Control: usertag -1 binnmu nmu gcc-5_5.3.0-3 . amd64 . unstable . -m "Rebuild to fix M-A installability" On Sat, Dec 05, 2015 at 01:00:20PM -0500, James McCoy wrote: > Unpacking gcc-5-base:amd64 (5.3.0-3) over (5.2.1-27) ... > Preparing to unpack .../gcc-5-base_5.3.0-3_i386.deb ... > Unpacking gcc-5-base:i386 (5.3.0-3) over (5.2.1-27) ... > dpkg: error processing archive > /var/cache/apt/archives/gcc-5-base_5.3.0-3_i386.deb (--unpack): > trying to overwrite shared '/usr/share/doc/gcc-5-base/changelog.Debian.gz', > which is different from other instances of package gcc-5-base:i386 > > The :amd64 package (built on the buildd) has unstable as the target > distribution in the changelog, but the (maintainer built) :i386 package > has experimental, thus causing the mismatch between the two. Where :i386 and :amd64 were built is reversed, but the end result is the same. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
Re: Bug#807128: gcc-5-base: Differing changelog.Debian.gz between :i386 and :amd64
On Sat, Dec 05, 2015 at 08:37:15PM +0100, Matthias Klose wrote: > no binNMU please. Why? Are you planning to do a sourceful upload? If not, that would resolve the installability issues that people are going to encounter. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
Bug#795447: stretch-pu: package subversion/1.8.13-1+deb9u1
Package: release.debian.org Severity: normal The recent upstream Subversion releases included fixes for 2 CVEs (CVE-2015-3184 and CVE-2015-3187). The sid upload got caught up in the libstdc++ transition, so I've uploaded an updated package for stretch. Attached is the debdiff. It's large, but a good chunk of that is added testing for the security fix. Cheers, James diffstat for subversion_1.8.13-1 subversion_1.8.13-1+deb9u1 debian/patches/CVE-2015-3184| 2165 debian/patches/CVE-2015-3187| 404 + subversion-1.8.13/debian/changelog | 10 subversion-1.8.13/debian/control|4 subversion-1.8.13/debian/patches/series |2 5 files changed, 2583 insertions(+), 2 deletions(-) -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diffstat for subversion_1.8.13-1 subversion_1.8.13-1+deb9u1 debian/patches/CVE-2015-3184| 2165 debian/patches/CVE-2015-3187| 404 + subversion-1.8.13/debian/changelog | 10 subversion-1.8.13/debian/control|4 subversion-1.8.13/debian/patches/series |2 5 files changed, 2583 insertions(+), 2 deletions(-) diff -u subversion-1.8.13/debian/changelog subversion-1.8.13/debian/changelog --- subversion-1.8.13/debian/changelog +++ subversion-1.8.13/debian/changelog @@ -1,3 +1,13 @@ +subversion (1.8.13-1+deb9u1) stretch; urgency=medium + + * Add (Build-)Depends on apache2 packages necessary for security fixes. + * patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with +httpd 2.4 + * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals path +hidden by authz + + -- James McCoy james...@debian.org Wed, 12 Aug 2015 20:31:26 -0400 + subversion (1.8.13-1) unstable; urgency=medium * New upstream release. Refresh patches. diff -u subversion-1.8.13/debian/control subversion-1.8.13/debian/control --- subversion-1.8.13/debian/control +++ subversion-1.8.13/debian/control @@ -6,7 +6,7 @@ James McCoy james...@debian.org Build-Depends: debhelper (= 8), libserf-dev (= 1.2), zlib1g-dev, libapr1-dev, libaprutil1-dev, libdb5.3-dev, - libsasl2-dev, apache2-dev, dh-apache2, + libsasl2-dev, apache2-dev (= 2.4.16), dh-apache2, libsqlite3-dev (= 3.7.12), libgnome-keyring-dev, libdbus-1-dev, kdelibs5-dev, quilt, doxygen, autotools-dev, autoconf, libtool-bin, swig, python-all-dev, perl, libperl-dev, ruby, ruby-dev, @@ -83,7 +83,7 @@ Package: libapache2-mod-svn Section: httpd Architecture: any -Depends: apache2-api-20120211, libsvn1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Depends: apache2-bin (= 2.4.16), apache2-api-20120211, libsvn1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Breaks: libapache2-svn ( 1.7.9-1+nmu5) Replaces: libapache2-svn ( 1.7.9-1+nmu5) Suggests: db5.3-util diff -u subversion-1.8.13/debian/patches/series subversion-1.8.13/debian/patches/series --- subversion-1.8.13/debian/patches/series +++ subversion-1.8.13/debian/patches/series @@ -19,0 +20,2 @@ +CVE-2015-3187 +CVE-2015-3184 only in patch2: unchanged: --- subversion-1.8.13.orig/debian/patches/CVE-2015-3184 +++ subversion-1.8.13/debian/patches/CVE-2015-3184 @@ -0,0 +1,2165 @@ + Mixed anonymous/authenticated path-based authz with Apache httpd 2.4. + +Summary +=== + + Subversion's mod_authz_svn does not properly restrict anonymous + access in some mixed anonymous/authenticated environments when using + Apache httpd 2.4. The result is that anonymous access may be possible + to files for which only authenticated access should be possible. + +Known vulnerable + + + Apache httpd 2.4.0 to 2.4.12 + Apache Subversion 1.8.0 to 1.8.13 + Apache Subversion 1.7.0 to 1.7.20 + + Servers are vulnerable if either httpd or Subversion is as listed. + + Subversion 1.6 does not build with httpd 2.4 and servers using + httpd 2.2 are not vulnerable. Servers that are configured to deny + anonymous access are not vulnerable. + +Known fixed +=== + + Apache httpd 2.4.16 + Apache Subversion 1.8.14 and 1.7.21 + + Both httpd and Subversion need to be updated. Subversion must + be built with a fixed httpd. + +Details +=== + + If you have a Subversion repository configured for anonymous read + that has mod_authz_svn configured such that some portion of the + repository is hidden from an anonymous user, then in certain cases + when Subversion is used with Apache httpd 2.4.x the file contents of + the repository may be exposed to someone who knows
Bug#789077: ruby2.2 transition: about to switch the default in unstable
On Tue, Jul 28, 2015 at 06:23:57PM -0300, Antonio Terceiro wrote: Hello release team. We are not at a point where it makes sense to switch the default ruby now? -^ in unstable. […] These packages FTBFS and we will need to look at them individually: korundum kross-interpreters subversion At least subversion is due to ruby2.2 not including or depending on ruby-test-unit, even though upstream ruby's tarball does (#791925). Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Re: release goal idea: namespace for users and groups
On Tue, Jun 30, 2015 at 03:49:08AM +0200, Christoph Anton Mitterer wrote: Hey. The following probably doesn't qualify yet for a proper release goal proposal (I haven't written a wikipage yet)... further as non-DD I'm not sure how far I could actually coordinate that. So take that rather as presenting and idea[0] and asking for commentsfeedback than a commitment to spend an FTE on it ;-) Nevertheless it may be found useful, so here it is for discussion: I think there should be a reserved namespace for users and groups, created by Debian packages. Maybe even further namespaces for other use cases (e.g. 3rd party packages). This has been discussed various times over the years on debian-devel ([0] looks like the most recent). There's even an open bug[1] against debian-policy about it. There's been plenty of discussion, with a general concensus on _-prefixed names, but not much else. [0]: https://lists.debian.org/debian-devel/2014/02/msg00187.html [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248809 Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150630034446.gc1...@freya.jamessan.com
Bug#782053: unblock: devscripts/2.15.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts Update debchange to understand the versioning for jessie-backports and make that the default release when using “dch --bpo”. The release is (relatively) imminent and I'd rather have this ready at release time rather than wait for a stable upload, even though that means sid users creating new backports will have to manually adjust the changelog header. $ debdiff devscripts_2.15.1.dsc devscripts_2.15.3.dsc diffstat for devscripts-2.15.1 devscripts-2.15.3 debian/changelog | 13 + po4a/po/de.po |4 ++-- po4a/po/devscripts.pot |2 +- po4a/po/fr.po |4 ++-- scripts/debchange.1|2 +- scripts/debchange.pl |6 +++--- 6 files changed, 22 insertions(+), 9 deletions(-) diff -Nru devscripts-2.15.1/debian/changelog devscripts-2.15.3/debian/changelog --- devscripts-2.15.1/debian/changelog 2015-01-01 09:51:28.0 -0500 +++ devscripts-2.15.3/debian/changelog 2015-04-03 21:48:02.0 -0400 @@ -1,3 +1,16 @@ +devscripts (2.15.3) unstable; urgency=medium + + * debchange: Use bpo8 instead of bpo80 for jessie-backports, per +https://lists.debian.org/debian-backports/2014/11/msg00031.html. + + -- James McCoy james...@debian.org Fri, 03 Apr 2015 21:47:54 -0400 + +devscripts (2.15.2) unstable; urgency=medium + + * debchange: Make jessie default backports release. + + -- James McCoy james...@debian.org Thu, 02 Apr 2015 21:37:39 -0400 + devscripts (2.15.1) unstable; urgency=medium [ Julien Cristau ] diff -Nru devscripts-2.15.1/po4a/po/de.po devscripts-2.15.3/po4a/po/de.po --- devscripts-2.15.1/po4a/po/de.po 2015-01-01 09:51:28.0 -0500 +++ devscripts-2.15.3/po4a/po/de.po 2015-04-03 21:48:02.0 -0400 @@ -7086,10 +7086,10 @@ #. type: Plain text #: ../scripts/debchange.1:256 msgid -Increment the Debian release number for an upload to wheezy-backports, and +Increment the Debian release number for an upload to jessie-backports, and add a backport upload changelog comment. msgstr -erhöht die Debian-Veröffentlichungsnummer für ein Hochladen nach wheezy- +erhöht die Debian-Veröffentlichungsnummer für ein Hochladen nach jessie- backports und fügt einen Changelog-Kommentar »backport upload« hinzu. #. type: TP diff -Nru devscripts-2.15.1/po4a/po/devscripts.pot devscripts-2.15.3/po4a/po/devscripts.pot --- devscripts-2.15.1/po4a/po/devscripts.pot2015-01-01 09:53:59.0 -0500 +++ devscripts-2.15.3/po4a/po/devscripts.pot2015-04-03 21:53:13.0 -0400 @@ -5354,7 +5354,7 @@ #. type: Plain text #: ../scripts/debchange.1:256 msgid -Increment the Debian release number for an upload to wheezy-backports, and +Increment the Debian release number for an upload to jessie-backports, and add a backport upload changelog comment. msgstr diff -Nru devscripts-2.15.1/po4a/po/fr.po devscripts-2.15.3/po4a/po/fr.po --- devscripts-2.15.1/po4a/po/fr.po 2015-01-01 09:51:28.0 -0500 +++ devscripts-2.15.3/po4a/po/fr.po 2015-04-03 21:48:02.0 -0400 @@ -7075,11 +7075,11 @@ #. type: Plain text #: ../scripts/debchange.1:256 msgid -Increment the Debian release number for an upload to wheezy-backports, and +Increment the Debian release number for an upload to jessie-backports, and add a backport upload changelog comment. msgstr Incrémenter le numéro de publication de Debian pour un envoi d'un -rétroportage pour Wheezy, et ajouter un commentaire pour l'envoi du +rétroportage pour Jessie, et ajouter un commentaire pour l'envoi du rétroportage dans le changelog. #. type: TP diff -Nru devscripts-2.15.1/scripts/debchange.1 devscripts-2.15.3/scripts/debchange.1 --- devscripts-2.15.1/scripts/debchange.1 2015-01-01 09:51:28.0 -0500 +++ devscripts-2.15.3/scripts/debchange.1 2015-04-03 21:48:02.0 -0400 @@ -251,7 +251,7 @@ distribution. Increment the Debian version. .TP .B \-\-bpo -Increment the Debian release number for an upload to wheezy-backports, +Increment the Debian release number for an upload to jessie-backports, and add a backport upload changelog comment. .TP .BR \-\-local , \-l \fIsuffix\fR diff -Nru devscripts-2.15.1/scripts/debchange.pl devscripts-2.15.3/scripts/debchange.pl --- devscripts-2.15.1/scripts/debchange.pl 2015-01-01 09:51:28.0 -0500 +++ devscripts-2.15.3/scripts/debchange.pl 2015-04-03 21:48:02.0 -0400 @@ -179,7 +179,7 @@ distribution name --bpo Increment the Debian release number for a backports upload - to wheezy-backports + to jessie-backports -l, --local suffix Add a suffix to the Debian version number for a local build -b, --force-bad-version @@ -624,8 +624,8 @@ my $EMAIL = 'EMAIL'; my $DISTRIBUTION = 'UNRELEASED'; my $bpo_dist = ''; -my %bpo_dists = ( 60, 'squeeze', 70, 'wheezy', 80, 'jessie
Bug#781718: unblock: subversion/1.8.10-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package subversion This uploaded backports fixes for 3 recent CVEs. $ debdiff subversion_1.8.10-5.dsc subversion_1.8.10-6.dsc diffstat for subversion_1.8.10-5 subversion_1.8.10-6 debian/patches/CVE-2015-0202| 474 debian/patches/CVE-2015-0248| 105 +++ debian/patches/CVE-2015-0251| 62 subversion-1.8.10/debian/changelog | 11 subversion-1.8.10/debian/patches/series |3 5 files changed, 655 insertions(+) diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog --- subversion-1.8.10/debian/changelog +++ subversion-1.8.10/debian/changelog @@ -1,3 +1,14 @@ +subversion (1.8.10-6) unstable; urgency=high + + * patches/CVE-2015-0202: Excessive memory use with certain REPORT requests +against mod_dav_svn with FSFS repositories + * patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn +and svnserve requests with dynamically evaluated revision numbers + * patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property +values for new revisions + + -- James McCoy james...@debian.org Tue, 31 Mar 2015 22:51:18 -0400 + subversion (1.8.10-5) unstable; urgency=medium * patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual diff -u subversion-1.8.10/debian/patches/series subversion-1.8.10/debian/patches/series --- subversion-1.8.10/debian/patches/series +++ subversion-1.8.10/debian/patches/series @@ -21,0 +22,3 @@ +CVE-2015-0251 +CVE-2015-0248 +CVE-2015-0202 only in patch2: unchanged: --- subversion-1.8.10.orig/debian/patches/CVE-2015-0202 +++ subversion-1.8.10/debian/patches/CVE-2015-0202 @@ -0,0 +1,474 @@ +Index: subversion/libsvn_fs_fs/tree.c +=== +--- a/subversion/libsvn_fs_fs/tree.c (revision 1655679) b/subversion/libsvn_fs_fs/tree.c (working copy) +@@ -127,7 +127,6 @@ typedef struct fs_txn_root_data_t + static svn_error_t * get_dag(dag_node_t **dag_node_p, + svn_fs_root_t *root, + const char *path, +- svn_boolean_t needs_lock_cache, + apr_pool_t *pool); + + static svn_fs_root_t *make_revision_root(svn_fs_t *fs, svn_revnum_t rev, +@@ -178,34 +177,10 @@ typedef struct cache_entry_t + */ + enum { BUCKET_COUNT = 256 }; + +-/* Each pool that has received a DAG node, will hold at least on lock on +- our cache to ensure that the node remains valid despite being allocated +- in the cache's pool. This is the structure to represent the lock. +- */ +-typedef struct cache_lock_t +-{ +- /* pool holding the lock */ +- apr_pool_t *pool; +- +- /* cache being locked */ +- fs_fs_dag_cache_t *cache; +- +- /* next lock. NULL at EOL */ +- struct cache_lock_t *next; +- +- /* previous lock. NULL at list head. Only then this==cache-first_lock */ +- struct cache_lock_t *prev; +-} cache_lock_t; +- + /* The actual cache structure. All nodes will be allocated in POOL. +When the number of INSERTIONS (i.e. objects created form that pool) +exceeds a certain threshold, the pool will be cleared and the cache +with it. +- +- To ensure that nodes returned from this structure remain valid, the +- cache will get locked for the lifetime of the _receiving_ pools (i.e. +- those in which we would allocate the node if there was no cache.). +- The cache will only be cleared FIRST_LOCK is 0. + */ + struct fs_fs_dag_cache_t + { +@@ -221,47 +196,8 @@ struct fs_fs_dag_cache_t + /* Property lookups etc. have a very high locality (75% re-hit). + Thus, remember the last hit location for optimistic lookup. */ + apr_size_t last_hit; +- +- /* List of receiving pools that are still alive. */ +- cache_lock_t *first_lock; + }; + +-/* Cleanup function to be called when a receiving pool gets cleared. +- Unlocks the cache once. +- */ +-static apr_status_t +-unlock_cache(void *baton_void) +-{ +- cache_lock_t *lock = baton_void; +- +- /* remove lock from chain. Update the head */ +- if (lock-next) +-lock-next-prev = lock-prev; +- if (lock-prev) +-lock-prev-next = lock-next; +- else +-lock-cache-first_lock = lock-next; +- +- return APR_SUCCESS; +-} +- +-/* Cleanup function to be called when the cache itself gets destroyed. +- In that case, we must unregister all unlock requests. +- */ +-static apr_status_t +-unregister_locks(void *baton_void) +-{ +- fs_fs_dag_cache_t *cache = baton_void; +- cache_lock_t *lock; +- +- for (lock = cache-first_lock; lock; lock = lock-next) +-apr_pool_cleanup_kill(lock-pool, +- lock, +- unlock_cache); +- +- return APR_SUCCESS; +-} +- + fs_fs_dag_cache_t* + svn_fs_fs__create_dag_cache(apr_pool_t *pool) + { +@@ -268,59 +204,15
Bug#781562: [preapproval] unblock: vim/2:7.4.488-7
Control: tags -1 - moreinfo Control: retitle -1 unblock: vim/2:7.4.488-7 On Tue, Mar 31, 2015 at 07:39:03AM +0100, Adam D. Barratt wrote: On 2015-03-31 2:39, James McCoy wrote: Please unblock package vim The 'linebreak' patch in this upload addresses a very distracting bug where the visual formatting of blocks of text changes every time the user starts insert mode using Vim's c command. The NetRW patch fixes an error that will make any callers of the function fail. Please go ahead, and remove the moreinfo tag once the package is in unstable. Uploaded. Thanks. -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#781562: [preapproval] unblock: vim/2:7.4.488-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim The 'linebreak' patch in this upload addresses a very distracting bug where the visual formatting of blocks of text changes every time the user starts insert mode using Vim's c command. The NetRW patch fixes an error that will make any callers of the function fail. $ debdiff vim_7.4.488-6.dsc vim_7.4.488-7.dsc diffstat for vim-7.4.488 vim-7.4.488 changelog|9 ++ patches/series |2 patches/upstream/netrwSavePosn.patch | 11 ++ patches/upstream/v7-4-576.patch | 148 +++ 4 files changed, 170 insertions(+) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2015-03-21 14:24:12.0 -0400 +++ vim-7.4.488/debian/changelog2015-03-30 20:53:46.0 -0400 @@ -1,3 +1,12 @@ +vim (2:7.4.488-7) UNRELEASED; urgency=medium + + * Backport patch 7.4.576 to fix jarring toggling of 'linebreak' option when +using the c command to change the buffer. (Closes: #774492) + * Backport upstream fix for call to unknown function in NetRW plugin. +(Closes: #768467) + + -- James McCoy james...@debian.org Mon, 30 Mar 2015 20:48:28 -0400 + vim (2:7.4.488-6) unstable; urgency=medium * Build vim logo from the eps instead of pdf so the svg has the correct diff -Nru vim-7.4.488/debian/patches/series vim-7.4.488/debian/patches/series --- vim-7.4.488/debian/patches/series 2014-11-04 19:41:11.0 -0500 +++ vim-7.4.488/debian/patches/series 2015-03-30 20:44:15.0 -0400 @@ -3,6 +3,8 @@ upstream/pythoncomplete-autoload-init.patch upstream/debcontrol-syntax-vcs-git.patch upstream/debian-runtime-versions.patch +upstream/v7-4-576.patch +upstream/netrwSavePosn.patch debian/vim-tiny.patch debian/disabled-modelines.patch debian/extra-tex-detection.patch diff -Nru vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch --- vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch 1969-12-31 19:00:00.0 -0500 +++ vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch 2015-03-30 20:46:43.0 -0400 @@ -0,0 +1,11 @@ +--- a/runtime/autoload/netrwSettings.vim b/runtime/autoload/netrwSettings.vim +@@ -31,7 +31,7 @@ + NetrwSettings: {{{1 + fun! netrwSettings#NetrwSettings() +this call is here largely just to insure that netrw has been loaded +- call netrw#NetrwSavePosn() ++ call netrw#SavePosn() + if !exists(g:loaded_netrw) +echohl WarningMsg | echomsg ***sorry*** netrw needs to be loaded prior to using NetrwSettings | echohl None +return diff -Nru vim-7.4.488/debian/patches/upstream/v7-4-576.patch vim-7.4.488/debian/patches/upstream/v7-4-576.patch --- vim-7.4.488/debian/patches/upstream/v7-4-576.patch 1969-12-31 19:00:00.0 -0500 +++ vim-7.4.488/debian/patches/upstream/v7-4-576.patch 2015-03-30 20:43:31.0 -0400 @@ -0,0 +1,148 @@ +changeset: 6888:749fc929da45 +tag: v7-4-576 +user:Bram Moolenaar b...@vim.org +date:Wed Jan 14 17:52:30 2015 +0100 +files: src/normal.c src/version.c +description: +updated for version 7.4.576 +Problem:Redrawing problem with 'relativenumber' and 'linebreak'. +Solution: Temporarily reset 'linebreak' and restore it in more places. + (Christian Brabandt) + + +diff --git a/src/normal.c b/src/normal.c +--- a/src/normal.c b/src/normal.c +@@ -1393,10 +1393,6 @@ + int include_line_break = FALSE; + #endif + +-#ifdef FEAT_LINEBREAK +-curwin-w_p_lbr = FALSE; /* Avoid a problem with unwanted linebreaks in +- * block mode. */ +-#endif + #if defined(FEAT_CLIPBOARD) + /* + * Yank the visual area into the GUI selection register before we operate +@@ -1420,6 +1416,10 @@ + */ + if ((finish_op || VIsual_active) oap-op_type != OP_NOP) + { ++#ifdef FEAT_LINEBREAK ++ /* Avoid a problem with unwanted linebreaks in block mode. */ ++ curwin-w_p_lbr = FALSE; ++#endif + oap-is_VIsual = VIsual_active; + if (oap-motion_force == 'V') + oap-motion_type = MLINE; +@@ -1819,7 +1819,13 @@ + || oap-op_type == OP_FUNCTION + || oap-op_type == OP_FILTER) +oap-motion_force == NUL) ++ { ++#ifdef FEAT_LINEBREAK ++ /* make sure redrawing is correct */ ++ curwin-w_p_lbr = lbr_saved; ++#endif + redraw_curbuf_later(INVERTED); ++ } + } + } + +@@ -1863,7 +1869,12 @@ + || oap-op_type == OP_FOLD + #endif + )) ++ { ++#ifdef FEAT_LINEBREAK ++ curwin-w_p_lbr = lbr_saved; ++#endif + redraw_curbuf_later(INVERTED
Bug#780985: unblock: vim/2:7.4.488-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim The -5 upload finished off the changes from the previous couple uploads such that the scalable icons are installed in the proper places. It also drops our custom icons in favor of using upstream's. The -6 upload fixes an issue with generating the svg from upstream's pdf and includes recognition of jessie(-backports)/sid and binary-only=yes in the debchangelog syntax file. Generating the svg from the pdf resulted in a bad bounding box which made applications that honored the bounding box display a lot of dead space, so I changed to generating the svg from the eps file which resolves the issue. $ debdiff vim_7.4.488-4.dsc vim_7.4.488-6.dsc diffstat for vim-7.4.488 vim-7.4.488 changelog | 19 + control|2 icons/vim-16.xpm | 30 -- icons/vim-32.xpm | 43 --- icons/vim.svg | 284 - patches/upstream/debian-runtime-versions.patch | 35 ++- rules | 15 + vim-common.dirs|5 vim-common.install.in |4 9 files changed, 71 insertions(+), 366 deletions(-) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2014-12-29 23:13:20.0 -0500 +++ vim-7.4.488/debian/changelog2015-03-21 14:24:12.0 -0400 @@ -1,3 +1,22 @@ +vim (2:7.4.488-6) unstable; urgency=medium + + * Build vim logo from the eps instead of pdf so the svg has the correct +bounding box. Thanks to Simon McVittie for the idea! (Closes: #778477) + * syntax/debchangelog.vim: ++ Recognize jessie, jessie-backports, and sid targets ++ Recognize binary-only=yes key value in debchangelogHeader + + -- James McCoy james...@debian.org Sat, 21 Mar 2015 14:24:01 -0400 + +vim (2:7.4.488-5) unstable; urgency=medium + + * Install icons to the proper directory. dh_install doesn't rename files, +even though the last upload pretended it does. +- Use upstream's icons and remove the ones in debian/ +- Add Build-Depends: pdf2svg to create a scalable icon + + -- James McCoy james...@debian.org Wed, 11 Feb 2015 21:38:10 -0500 + vim (2:7.4.488-4) unstable; urgency=medium * Move vim icon from vim-gui-common to vim-common since both vim.desktop and diff -Nru vim-7.4.488/debian/control vim-7.4.488/debian/control --- vim-7.4.488/debian/control 2014-12-29 21:14:50.0 -0500 +++ vim-7.4.488/debian/control 2015-03-21 11:25:06.0 -0400 @@ -5,6 +5,8 @@ Uploaders: James McCoy james...@debian.org Standards-Version: 3.9.5 Build-Depends: libacl1-dev, libgpmg1-dev [linux-any], autoconf, +# Building Vim's svg icons + pdf2svg, ghostscript, # B-D for dh_bugfiles debhelper (= 7.2.3~), libtinfo-dev | libncurses5-dev, libselinux1-dev [linux-any], diff -Nru vim-7.4.488/debian/icons/vim-16.xpm vim-7.4.488/debian/icons/vim-16.xpm --- vim-7.4.488/debian/icons/vim-16.xpm 2014-10-22 21:01:13.0 -0400 +++ vim-7.4.488/debian/icons/vim-16.xpm 1969-12-31 19:00:00.0 -0500 @@ -1,30 +0,0 @@ -/* XPM */ -static char *magick[] = { -/* columns rows colors chars-per-pixel */ -16 16 8 1, - c Gray0, -. c #80, -X c #008000, -o c Green, -O c #808080, -+ c #c0c0c0, -@ c Gray100, -# c None, -/* pixels */ -## o ###, -# @ X #, -# +O O , -## +++O X @++O #, -## +++O @++O ##, -## +++O @++O ##, -#o +++O@++O XX #, -oX +++@++O , - X + .#, -# + X ##, -## ++ + #, -## +++ ++ + , -## ++O + + + + , -## +O X + + + + , -### # ++ + + + , -### # # # # -}; diff -Nru vim-7.4.488/debian/icons/vim-32.xpm vim-7.4.488/debian/icons/vim-32.xpm --- vim-7.4.488/debian/icons/vim-32.xpm 2014-10-22 21:01:13.0 -0400 +++ vim-7.4.488/debian/icons/vim-32.xpm 1969-12-31 19:00:00.0 -0500 @@ -1,43 +0,0 @@ -/* XPM */ -static char * vim32x32[] = { -32 32 8 1, - c None, -. c #00, -+ c #7f, -@ c #007f00, -# c #00FF00, -$ c #7f7f7f, -% c #CC, - c #FF
Bug#774462: unblock: devscripts/2.15.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts David Prévot updated French translations and there was a small URL update for grep-excuses. Debdiffs, with and without translations, attached. unblock devscripts/2.15.1 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150103013242.27266.69469.report...@freya.jamessan.com
Bug#774305: unblock: vim/2:7.4.488-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim A vim.desktop file is shipped by vim-common (for non-GUI versions of Vim), but the icons it and gvim.desktop reference are only in vim-gui-common. This upload moves the icons to vim-common, which all vim variants Depend on. $ debdiff vim_7.4.488-3.dsc vim_7.4.488-4.dsc diffstat for vim-7.4.488 vim-7.4.488 changelog |7 +++ control |3 +++ vim-common.install.in |4 vim-gui-common.install.in |4 4 files changed, 14 insertions(+), 4 deletions(-) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2014-11-30 15:08:12.0 -0500 +++ vim-7.4.488/debian/changelog2014-12-29 23:13:20.0 -0500 @@ -1,3 +1,10 @@ +vim (2:7.4.488-4) unstable; urgency=medium + + * Move vim icon from vim-gui-common to vim-common since both vim.desktop and +gvim.desktop use it. (Closes: #773930) + + -- James McCoy james...@debian.org Mon, 29 Dec 2014 23:13:17 -0500 + vim (2:7.4.488-3) unstable; urgency=medium * Install icons to /usr/share/icons/hicolor to work around #765069. diff -Nru vim-7.4.488/debian/control vim-7.4.488/debian/control --- vim-7.4.488/debian/control 2014-11-04 21:10:48.0 -0500 +++ vim-7.4.488/debian/control 2014-12-29 21:14:50.0 -0500 @@ -29,6 +29,9 @@ Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Recommends: vim | vim-gnome | vim-gtk | vim-athena | vim-nox | vim-tiny +# Move vim icon from vim-gui-common to vim-common +Breaks: vim-gui-common ( 2:7.4.488-4~) +Replaces: vim-gui-common ( 2:7.4.488-4~) Description: Vi IMproved - Common files Vim is an almost compatible version of the UNIX editor Vi. . diff -Nru vim-7.4.488/debian/vim-common.install.in vim-7.4.488/debian/vim-common.install.in --- vim-7.4.488/debian/vim-common.install.in2014-11-04 19:41:11.0 -0500 +++ vim-7.4.488/debian/vim-common.install.in2014-12-29 21:13:22.0 -0500 @@ -1,6 +1,10 @@ debian/tmp/usr/bin/xxd usr/bin/ debian/helpztags usr/bin/ debian/vim.desktop usr/share/applications/ +debian/icons/* usr/share/pixmaps/ +debian/icons/vim.svg usr/share/icons/hicolor/scalable/apps/ +debian/icons/vim-16.xpm usr/share/icons/hicolor/16x16/apps/vim.xpm +debian/icons/vim-32.xpm usr/share/icons/hicolor/32x32/apps/vim.xpm debian/runtime/vimrc etc/vim/ debian/runtime/debian.vimusr/share/vim/@VIMCUR@/ debian/tmp/usr/share/man/man1/xxd.1 usr/share/man/man1/ diff -Nru vim-7.4.488/debian/vim-gui-common.install.in vim-7.4.488/debian/vim-gui-common.install.in --- vim-7.4.488/debian/vim-gui-common.install.in2014-11-30 14:34:27.0 -0500 +++ vim-7.4.488/debian/vim-gui-common.install.in2014-12-29 21:13:26.0 -0500 @@ -1,9 +1,5 @@ debian/tmp/usr/bin/gvimtutor usr/bin/ debian/gvim.desktopusr/share/applications/ -debian/icons/* usr/share/pixmaps/ -debian/icons/vim.svg usr/share/icons/hicolor/scalable/apps/ -debian/icons/vim-16.xpm usr/share/icons/hicolor/16x16/apps/vim.xpm -debian/icons/vim-32.xpm usr/share/icons/hicolor/32x32/apps/vim.xpm debian/runtime/gvimrc etc/vim/ debian/tmp/usr/share/man/man1/evim.1 usr/share/man/man1/ debian/lintian/vim-gui-common usr/share/lintian/overrides/ unblock vim/2:7.4.488-4 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141231135650.19593.76876.report...@freya.jamessan.com
Bug#771758: unblock (pre-approval): serf/1.3.8-1
Control: tags -1 - moreinfo Control: retitle -1 unblock: serf/1.3.8-1 On Thu, Dec 04, 2014 at 07:58:20AM +, Adam D. Barratt wrote: On 2014-12-02 3:38, James McCoy wrote: Please unblock package serf Please go ahead, and remove the moreinfo tag once the package has been accepted. Uploaded and accepted. Thanks. -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141205005517.gf13...@freya.jamessan.com
Bug#771758: unblock (pre-approval): serf/1.3.8-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package serf The upstream 1.3.8 release is a minor bug fix release. One of the three functional changes is to disable use of SSLv2/SSLv3. I'd like to include all the changes, but the SSL changes seem most relevant, so if needed I can instead backport just that patch. Attached are the full debdiff and a debdiff excluding the changes to the test directory. unblock serf/1.3.8-1 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diffstat for serf-1.3.7 serf-1.3.8 CHANGES|8 auth/auth_spnego_sspi.c|4 buckets/deflate_buckets.c | 37 ++- buckets/ssl_buckets.c |2 debian/changelog | 10 debian/patches/comment-style_r2443 | 19 + debian/patches/series |2 debian/patches/test-memory-usage_r2445 | 61 + serf.h |2 test/test_buckets.c| 350 + test/test_serf.h |3 11 files changed, 485 insertions(+), 13 deletions(-) diff -Nru serf-1.3.7/auth/auth_spnego_sspi.c serf-1.3.8/auth/auth_spnego_sspi.c --- serf-1.3.7/auth/auth_spnego_sspi.c 2014-02-04 14:41:14.0 -0500 +++ serf-1.3.8/auth/auth_spnego_sspi.c 2014-10-19 14:38:11.0 -0400 @@ -95,8 +95,8 @@ } if (SecIsValidHandle(ctx-sspi_credentials)) { -FreeCredentialsHandle(ctx-sspi_context); -SecInvalidateHandle(ctx-sspi_context); +FreeCredentialsHandle(ctx-sspi_credentials); +SecInvalidateHandle(ctx-sspi_credentials); } return APR_SUCCESS; diff -Nru serf-1.3.7/buckets/deflate_buckets.c serf-1.3.8/buckets/deflate_buckets.c --- serf-1.3.7/buckets/deflate_buckets.c 2011-06-23 22:03:57.0 -0400 +++ serf-1.3.8/buckets/deflate_buckets.c 2014-10-19 14:38:11.0 -0400 @@ -141,7 +141,6 @@ const char **data, apr_size_t *len) { deflate_context_t *ctx = bucket-data; -unsigned long compCRC, compLen; apr_status_t status; const char *private_data; apr_size_t private_len; @@ -186,17 +185,25 @@ ctx-state++; break; case STATE_VERIFY: +{ +unsigned long compCRC, compLen, actualLen; + /* Do the checksum computation. */ compCRC = getLong((unsigned char*)ctx-hdr_buffer); if (ctx-crc != compCRC) { return SERF_ERROR_DECOMPRESSION_FAILED; } compLen = getLong((unsigned char*)ctx-hdr_buffer + 4); -if (ctx-zstream.total_out != compLen) { +/* The length in the trailer is module 2^32, so do the same for + the actual length. */ +actualLen = ctx-zstream.total_out; +actualLen = 0x; +if (actualLen != compLen) { return SERF_ERROR_DECOMPRESSION_FAILED; } ctx-state++; break; +} case STATE_INIT: zRC = inflateInit2(ctx-zstream, ctx-windowSize); if (zRC != Z_OK) { @@ -264,10 +271,14 @@ ctx-zstream.next_in = (unsigned char*)private_data; ctx-zstream.avail_in = private_len; } -zRC = Z_OK; -while (ctx-zstream.avail_in != 0) { -/* We're full, clear out our buffer, reset, and return. */ -if (ctx-zstream.avail_out == 0) { + +while (1) { + +zRC = inflate(ctx-zstream, Z_NO_FLUSH); + +/* We're full or zlib requires more space. Either case, clear + out our buffer, reset, and return. */ +if (zRC == Z_BUF_ERROR || ctx-zstream.avail_out == 0) { serf_bucket_t *tmp; ctx-zstream.next_out = ctx-buffer; private_len = ctx-bufferSize - ctx-zstream.avail_out; @@ -283,7 +294,6 @@ ctx-zstream.avail_out = ctx-bufferSize; break; } -zRC = inflate(ctx-zstream, Z_NO_FLUSH); if (zRC == Z_STREAM_END) { serf_bucket_t *tmp; @@ -330,9 +340,13 @@ break; } + +/* Any other error? */ if (zRC != Z_OK) { return SERF_ERROR_DECOMPRESSION_FAILED; } + +/* As long as zRC == Z_OK, just
Bug#771574: unblock (pre-approval): vim/2:7.4.488-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim As described in #765069[0], there was a recent change in GTK+ 3.14 with regard to icon scaling occurs. The result being that Vim's icon in Gnome's Open with... dialog is vastly oversized, resulting in a bad user experience trying to choose a non-default application to handle a file. [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765069#49 The trivial work around I'd like to upload is to install Vim's icons into /usr/share/icons/hicolor so GTK's icon handling understands that vim.svg is scalable. $ debdiff vim_7.4.488-2.dsc vim_7.4.488-3.dsc dpkg-source: warning: extracting unsigned source package (/home/jamessan/src/debian.org/deb-packages/vim/vim_7.4.488-3.dsc) diffstat for vim-7.4.488 vim-7.4.488 changelog |7 +++ vim-gui-common.install.in |3 +++ 2 files changed, 10 insertions(+) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2014-11-14 21:06:33.0 -0500 +++ vim-7.4.488/debian/changelog2014-11-30 15:08:12.0 -0500 @@ -1,3 +1,10 @@ +vim (2:7.4.488-3) unstable; urgency=medium + + * Install icons to /usr/share/icons/hicolor to work around #765069. +(Closes: #768256) + + -- James McCoy james...@debian.org Sun, 30 Nov 2014 15:08:09 -0500 + vim (2:7.4.488-2) unstable; urgency=medium * Actually fix the Name in vim.desktop. (Closes: #769575) diff -Nru vim-7.4.488/debian/vim-gui-common.install.in vim-7.4.488/debian/vim-gui-common.install.in --- vim-7.4.488/debian/vim-gui-common.install.in2014-10-22 21:01:13.0 -0400 +++ vim-7.4.488/debian/vim-gui-common.install.in2014-11-30 14:34:27.0 -0500 @@ -1,6 +1,9 @@ debian/tmp/usr/bin/gvimtutor usr/bin/ debian/gvim.desktopusr/share/applications/ debian/icons/* usr/share/pixmaps/ +debian/icons/vim.svg usr/share/icons/hicolor/scalable/apps/ +debian/icons/vim-16.xpm usr/share/icons/hicolor/16x16/apps/vim.xpm +debian/icons/vim-32.xpm usr/share/icons/hicolor/32x32/apps/vim.xpm debian/runtime/gvimrc etc/vim/ debian/tmp/usr/share/man/man1/evim.1 usr/share/man/man1/ debian/lintian/vim-gui-common usr/share/lintian/overrides/ unblock vim/2:7.4.488-3 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141130202242.13280.38527.report...@freya.jamessan.com
Bug#771574: unblock (pre-approval): vim/2:7.4.488-3
Control: tags -1 - moreinfo Control: retitle -1 unblock: vim/2:7.4.488-3 On Sun, Nov 30, 2014 at 09:32:10PM +0100, Niels Thykier wrote: On 2014-11-30 21:22, James McCoy wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim As described in #765069[0], there was a recent change in GTK+ 3.14 with regard to icon scaling occurs. The result being that Vim's icon in Gnome's Open with... dialog is vastly oversized, resulting in a bad user experience trying to choose a non-default application to handle a file. [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765069#49 The trivial work around I'd like to upload is to install Vim's icons into /usr/share/icons/hicolor so GTK's icon handling understands that vim.svg is scalable. [...] unblock vim/2:7.4.488-3 [...] Approved provided it is uploaded to unstable prior to the 5th of December. Please remove the moreinfo once it as been accepted in sid. Uploaded and accepted. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#769984: unblock: serf/1.3.7-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package serf As per an Ubuntu bug[0] libserf-dev's serf-1.pc has incorrect paths for includedir/libdir and therefore reports bad information out of pkg-config. This didn't happen to have a direct effect in Debian since the subversion build (its only reverse dependency) gets proper paths by other means, but as it can break user builds I'd like to get the fix unblocked. [0]: https://bugs.launchpad.net/ubuntu/+source/serf/+bug/1388271 $ debdiff serf_1.3.7-2.dsc serf_1.3.7-3.dsc diffstat for serf_1.3.7-2 serf_1.3.7-3 changelog |7 +++ rules |2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff -u serf-1.3.7/debian/changelog serf-1.3.7/debian/changelog --- serf-1.3.7/debian/changelog +++ serf-1.3.7/debian/changelog @@ -1,3 +1,10 @@ +serf (1.3.7-3) unstable; urgency=medium + + * Specify the proper prefix/libdir when building libserf-1.pc. +(Closes: LP: #1388271) + + -- James McCoy james...@debian.org Mon, 17 Nov 2014 21:12:38 -0500 + serf (1.3.7-2) unstable; urgency=medium * debian/control: diff -u serf-1.3.7/debian/rules serf-1.3.7/debian/rules --- serf-1.3.7/debian/rules +++ serf-1.3.7/debian/rules @@ -25,7 +25,7 @@ debian/stamp-build: patch dh_testdir - scons $(parallel) GSSAPI=/usr CFLAGS=$(CFLAGS) CPPFLAGS=$(CPPFLAGS) LINKFLAGS=$(LDFLAGS) + scons $(parallel) GSSAPI=/usr CFLAGS=$(CFLAGS) CPPFLAGS=$(CPPFLAGS) LINKFLAGS=$(LDFLAGS) PREFIX=/usr LIBDIR=$(libdir) ifeq (, $(filter nocheck,$(DEB_BUILD_OPTIONS))) scons check endif $ diff -u libserf-dev_1.3.7-{2,3}/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc --- libserf-dev_1.3.7-2/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc 2014-11-09 14:13:12.0 -0500 +++ libserf-dev_1.3.7-3/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc 2014-11-17 20:18:46.0 -0500 @@ -1,7 +1,7 @@ SERF_MAJOR_VERSION=1 -prefix=/usr/local +prefix=/usr exec_prefix=${prefix} -libdir=/usr/local/lib +libdir=/usr/lib/x86_64-linux-gnu includedir=${prefix}/include/serf-1 Name: serf unblock serf/1.3.7-3 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141118041613.7668.39330.report...@freya.jamessan.com
Bug#769713: unblock: vim/2:7.4.488-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim There was a disagreement between Mercurial and I, which left my intended typo fix in /usr/share/applications/vim.desktop out of 2:7.4.488-1. I'd like to get this into Jessie since there are two GVim entries in the menu instead of Vim and GVim entries otherwise. diffstat for vim-7.4.488 vim-7.4.488 changelog |6 ++ vim.desktop |2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog --- vim-7.4.488/debian/changelog2014-10-22 21:08:01.0 -0400 +++ vim-7.4.488/debian/changelog2014-11-14 21:06:33.0 -0500 @@ -1,3 +1,9 @@ +vim (2:7.4.488-2) unstable; urgency=medium + + * Actually fix the Name in vim.desktop. (Closes: #769575) + + -- James McCoy james...@debian.org Fri, 14 Nov 2014 21:06:27 -0500 + vim (2:7.4.488-1) unstable; urgency=medium * Merge upstream tag v7-4-488 diff -Nru vim-7.4.488/debian/vim.desktop vim-7.4.488/debian/vim.desktop --- vim-7.4.488/debian/vim.desktop 2014-10-22 21:04:51.0 -0400 +++ vim-7.4.488/debian/vim.desktop 2014-11-14 21:05:01.0 -0500 @@ -1,5 +1,5 @@ [Desktop Entry] -Name=GVim +Name=Vim GenericName=Text Editor GenericName[de]=Texteditor Comment=Edit text files unblock vim/2:7.4.488-2 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141115192146.17202.4464.report...@freya.jamessan.com
Bug#758265: nmu: apache2_2.4.10-1
On Mon, Aug 18, 2014 at 12:52:55AM +0200, Emilio Pozuelo Monfort wrote: On 17/08/14 22:06, Emilio Pozuelo Monfort wrote: On 16/08/14 02:55, James McCoy wrote: “apxs2 -q CC” currently reports i486-linux-gnu-gcc on i386, but binutils no longer ships that. This is causing the rebuild of subversion for Perl 5.20 to fail on i386. Thanks for the analysis. apache2 binNMUed, and subversion given back with a dep-wait on apache. And the binNMU failed. Sorry. It seems that there's a similar issue with apr affecting apache2's build. So it looks like apr needs to be rebuilt first, then apache2, then subversion. nmu apr_1.5.1-2 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu nmu apache2_1.5.1-2 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu dw apache2_2.4.10-1 . i386 . -m 'apr (= 1.5.1-2+b1)' dw subversion_1.8.10-1 . i386 . -m 'apache2-dev (= 2.4.10-1+b1)' Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140818032138.ga1...@freya.jamessan.com
Bug#758265: nmu: apache2_2.4.10-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu apache2_2.4.10-1 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu apache2-dev provides the apxs/apxs2 binaries which packages building Apache modules can use to determine what tools were used to build Apache. “apxs2 -q CC” currently reports i486-linux-gnu-gcc on i386, but binutils no longer ships that. This is causing the rebuild of subversion for Perl 5.20 to fail on i386. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140816005512.1931.17803.report...@freya.jamessan.com
Re: ITM: performance and refactor patches for Britney
Small nits on commit messages follow. On Sun, Jul 27, 2014 at 09:45:07PM +0200, Niels Thykier wrote: From 7161a3eff24d2a073911c3d132df623ba499c927 Mon Sep 17 00:00:00 2001 From: Niels Thykier ni...@thykier.net Date: Sun, 27 Jul 2014 16:56:37 +0200 Subject: [PATCH 02/11] britney.py: Handle version-ranged dependencies a bit smarter Avoid creating two dependency clauses for dependencies emulating a version range a la: Depends: pkg-a (= 2), pkg-a ( 3~) Previously this would create two clauses a la: - (pkg-a, 2, arch), (pkg-a, 3, arch) - (pkg-a, 1, arch), (pkg-a, 2, arch) However, it is plain to see that only (pkg-a, 2, arch) is a valid solution and the other options are just noise. This patch makes Britney merge these two claues into a single clause containing exactly (pkg-a, 1, arch). I think you mean (pkg-a, 2, arch) here, right? From 922d3fc01cbee8417ec7bad5bb566ad7e1709819 Mon Sep 17 00:00:00 2001 From: Niels Thykier ni...@thykier.net Date: Sat, 19 Jul 2014 20:05:23 +0200 Subject: [PATCH 06/11] installability: Exploit equvialency to reduce choices For some cases, like aspell-dictionary, a number of packages can satisfy the dependency (e.g. all aspell-*). In the particular example, most (all?) of the aspell-* look so similar to the extend extent not extend. From 8e9e26245141e47ae229c886c4c48a805428764a Mon Sep 17 00:00:00 2001 From: Niels Thykier ni...@thykier.net Date: Thu, 24 Jul 2014 23:52:50 +0200 Subject: [PATCH 09/11] britney.py: Refactor doop_source Rename local variables and avoid repeated chained lookups. In particular, avoid confusing cases like: [...] version = binaries[parch][0][binary][VERSION] [...] binaries[parch][0][binary] = self.binaries[item.suite][parch][0][binary] version = binaries[parch][0][binary][VERSION] Where version here will refer to two different versions. The former the version from testing of a hijacked binary and the latter the version from the source suite (despite the look up using the testing table, due to the testing copy being updated). Notable renamings: * binaries = packages_t (a.k.a. self.binaries['testing']) * binaries[parch][0] = binaries_t_a * binaries[parch][1] = provides_t_a * Similar naming used for item.suite instead of testing The naming is based on the following logic: * self.binaries from packages files (by this logic, it ought to be self.packages, but thats for Missing apostrophe in that's. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140729035530.gc18...@freya.jamessan.com
Re: Bug#739611: ruby1.9.1-rm transition: binNMU request
On Wed, Apr 09, 2014 at 03:14:56AM +0200, Christian Hofstaedtler wrote: Dear Release-Team, In addition to my previous list, please binNMU the following packages to remove the (lib)ruby1.9.1 dependencies: vim I'm preparing a sourceful upload for this right now for other reasons, so a binNMU shouldn't be necessary. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140409014441.gl2...@jamessan.com
Bug#740302: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u5
On Thu, Feb 27, 2014 at 09:52:17PM -0500, James McCoy wrote: I would like to upload subversion for the next Wheezy point release to address the following issues. * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests with SVNListParentPath on (Closes: #737815) * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes: #711911) Ping? diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5 debian/patches/CVE-2014-0032| 39 subversion-1.6.17dfsg/debian/changelog |9 ++ subversion-1.6.17dfsg/debian/patches/series |1 subversion-1.6.17dfsg/debian/rules |3 +- 4 files changed, 51 insertions(+), 1 deletion(-) diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules --- subversion-1.6.17dfsg/debian/rules +++ subversion-1.6.17dfsg/debian/rules @@ -346,13 +346,14 @@ cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \ $(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \ done - cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a libsvnjavahl.la + cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a libsvnjavahl-1.la # Intermediate hack, until we can remove the rest of the .la files. sed -i /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la dh_install -s ifdef DEB_OPT_WITH_JAVAHL mkdir -p debian/libsvn-java/$(libdir) mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/ + $(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so endif ln -s libsvn_ra_neon-1.so.1 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1 diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog --- subversion-1.6.17dfsg/debian/changelog +++ subversion-1.6.17dfsg/debian/changelog @@ -1,3 +1,12 @@ +subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=medium + + * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests +with SVNListParentPath on (Closes: #737815) + * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes: +#711911) + + -- James McCoy james...@debian.org Wed, 26 Feb 2014 21:19:57 -0500 + subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low * Non-maintainer upload. diff -u subversion-1.6.17dfsg/debian/patches/series subversion-1.6.17dfsg/debian/patches/series --- subversion-1.6.17dfsg/debian/patches/series +++ subversion-1.6.17dfsg/debian/patches/series @@ -42,0 +43 @@ +CVE-2014-0032 only in patch2: unchanged: --- subversion-1.6.17dfsg.orig/debian/patches/CVE-2014-0032 +++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032 @@ -0,0 +1,39 @@ +Author: Ben Reser bre...@apache.org +Subject: Disallow methods other than GET/HEAD for the parentpath list. + +Fixes the segfault for `svn ls http://svn.example.com` when SVN is handling +the server root and SVNListParentPath is on. + +Origin: upstream, backported from commit:r1557320 +Bug-CVE: http://subversion.apache.org/security/CVE-2014-0032-advisory.txt +Bug-Debian: http://bugs.debian.org/737815 +Last-Update: 2014-02-26 + +--- a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c +@@ -1672,6 +1672,25 @@ + + if (strcmp(parentpath, uri) == 0) + { ++ /* Only allow GET and HEAD on the parentpath resource ++ * httpd uses the same method_number for HEAD as GET */ ++ if (r-method_number != M_GET) ++{ ++ int status; ++ ++ /* Marshal the error back to the client by generating by ++ * way of the dav_svn__error_response_tag trick. */ ++ err = dav_svn__new_error(r-pool, HTTP_METHOD_NOT_ALLOWED, ++ SVN_ERR_APMOD_MALFORMED_URI, ++ The URI does not contain the name ++ of a repository.); ++ /* can't use r-allowed since the default handler isn't called */ ++ apr_table_setn(r-headers_out, Allow, GET,HEAD); ++ status = dav_svn__error_response_tag(r, err); ++ ++ return dav_push_error(r-pool, status, err-error_id, NULL, err); ++} ++ + err = get_parentpath_resource(r, root_path, resource); + if (err) + return err; -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#740302: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u5
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu I would like to upload subversion for the next Wheezy point release to address the following issues. * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests with SVNListParentPath on (Closes: #737815) * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes: #711911) -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5 debian/patches/CVE-2014-0032| 39 subversion-1.6.17dfsg/debian/changelog |9 ++ subversion-1.6.17dfsg/debian/patches/series |1 subversion-1.6.17dfsg/debian/rules |3 +- 4 files changed, 51 insertions(+), 1 deletion(-) diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules --- subversion-1.6.17dfsg/debian/rules +++ subversion-1.6.17dfsg/debian/rules @@ -346,13 +346,14 @@ cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \ $(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \ done - cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a libsvnjavahl.la + cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a libsvnjavahl-1.la # Intermediate hack, until we can remove the rest of the .la files. sed -i /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la dh_install -s ifdef DEB_OPT_WITH_JAVAHL mkdir -p debian/libsvn-java/$(libdir) mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/ + $(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so endif ln -s libsvn_ra_neon-1.so.1 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1 diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog --- subversion-1.6.17dfsg/debian/changelog +++ subversion-1.6.17dfsg/debian/changelog @@ -1,3 +1,12 @@ +subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=medium + + * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests +with SVNListParentPath on (Closes: #737815) + * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes: +#711911) + + -- James McCoy james...@debian.org Wed, 26 Feb 2014 21:19:57 -0500 + subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low * Non-maintainer upload. diff -u subversion-1.6.17dfsg/debian/patches/series subversion-1.6.17dfsg/debian/patches/series --- subversion-1.6.17dfsg/debian/patches/series +++ subversion-1.6.17dfsg/debian/patches/series @@ -42,0 +43 @@ +CVE-2014-0032 only in patch2: unchanged: --- subversion-1.6.17dfsg.orig/debian/patches/CVE-2014-0032 +++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032 @@ -0,0 +1,39 @@ +Author: Ben Reser bre...@apache.org +Subject: Disallow methods other than GET/HEAD for the parentpath list. + +Fixes the segfault for `svn ls http://svn.example.com` when SVN is handling +the server root and SVNListParentPath is on. + +Origin: upstream, backported from commit:r1557320 +Bug-CVE: http://subversion.apache.org/security/CVE-2014-0032-advisory.txt +Bug-Debian: http://bugs.debian.org/737815 +Last-Update: 2014-02-26 + +--- a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c +@@ -1672,6 +1672,25 @@ + + if (strcmp(parentpath, uri) == 0) + { ++ /* Only allow GET and HEAD on the parentpath resource ++ * httpd uses the same method_number for HEAD as GET */ ++ if (r-method_number != M_GET) ++{ ++ int status; ++ ++ /* Marshal the error back to the client by generating by ++ * way of the dav_svn__error_response_tag trick. */ ++ err = dav_svn__new_error(r-pool, HTTP_METHOD_NOT_ALLOWED, ++ SVN_ERR_APMOD_MALFORMED_URI, ++ The URI does not contain the name ++ of a repository.); ++ /* can't use r-allowed since the default handler isn't called */ ++ apr_table_setn(r-headers_out, Allow, GET,HEAD); ++ status = dav_svn__error_response_tag(r, err); ++ ++ return dav_push_error(r-pool, status, err-error_id, NULL, err); ++} ++ + err = get_parentpath_resource(r, root_path, resource); + if (err) + return err;
Bug#739416: transition: ruby1.8 removal
On Tue, Feb 18, 2014 at 08:29:35PM +0100, Julien Cristau wrote: Removing subversion doesn't seem reasonable. The sid version might be fixed (I haven't checked), but it FTBFS. So that'll need to be taken care of first. One of the FTBFS appears to be a transient issue. A gb would likely fix it, but the others are related to #735446. Upstream's next release (due this week) fix that. I've been monitoring the release process, so I should be able to get it uploaded to Debian ASAP once it's officially released. The only potential complication would be if the libdb5.1-dev package disappears in the mean time as Ondřej intends[0]. I haven't finished the bdb 5.3 work as I wanted to touch base with Peter on it. 0: 139230.17282.82981781.6e443...@webmail.messagingengine.com If needed, I could look at backporting the upstream commits to fix the FTBFS, but I'd prefer to put that effort into ensuring I can get the next 1.8.x uploaded when it's out. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#734672: pu: package subversion/1.6.17dfsg-4+deb7u5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Subversion's transition to the non-versioned ruby-svn package didn't make it into Wheezy. Since ruby1.8 is planning on being removed for Jessie, the libsvn-ruby1.8 → ruby-svn transition should be backported to Wheezy so there's an upgrade path to what will be Jessie's ruby-svn (built with something other than ruby1.8) package. In addition, libsvn-dev contains a broken /usr/lib/$arch/libsvnjavahl-1.so symlink (#711911) which is trivial to fix. The attached debdiff contains both of these changes. Does this seem reasonable? Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5 debian/libsvn-ruby1.8.install |2 -- debian/libsvn-ruby1.8.links |1 + debian/libsvn-ruby1.8.lintian-overrides |2 -- debian/libsvn-ruby1.8.postinst | 12 debian/ruby-svn.install |2 ++ debian/ruby-svn.lintian-overrides |2 ++ subversion-1.6.17dfsg/debian/changelog |9 + subversion-1.6.17dfsg/debian/control| 13 - subversion-1.6.17dfsg/debian/rules |5 +++-- 9 files changed, 37 insertions(+), 11 deletions(-) diff -u subversion-1.6.17dfsg/debian/control subversion-1.6.17dfsg/debian/control --- subversion-1.6.17dfsg/debian/control +++ subversion-1.6.17dfsg/debian/control @@ -100,7 +100,7 @@ Recommends: python-subversion (= 1.5), libsvn-perl (= 1.5), libconfig-inifiles-perl, liburi-perl, exim4 | mail-transport-agent, xsltproc, rsync -Suggests: libsvn-ruby1.8 +Suggests: ruby-svn Description: Assorted tools related to Subversion This package includes miscellaneous tools for use with Subversion clients and servers: @@ -144,22 +144,25 @@ manipulates a Subversion repository or working copy. See the 'subversion' package for more information. -Package: libsvn-ruby1.8 +Package: ruby-svn Section: ruby Architecture: any Multi-Arch: same Pre-Depends: multiarch-support +Breaks: libsvn-ruby1.8 ( 1.6.17dfsg-4+deb7u5) Depends: ruby1.8, ${shlibs:Depends}, ${misc:Depends} +Replaces: libsvn-ruby1.8 ( 1.6.17dfsg-4+deb7u5) Description: Ruby bindings for Subversion This is a set of Ruby interfaces to libsvn, the Subversion libraries. It is useful if you want to, for example, write a Ruby script that manipulates a Subversion repository or working copy. See the 'subversion' package for more information. -Package: libsvn-ruby -Section: ruby +Package: libsvn-ruby1.8 +Section: oldlibs +Priority: extra Architecture: all -Depends: libsvn-ruby1.8, ${misc:Depends} +Depends: ruby-svn, ${misc:Depends} Description: Ruby bindings for Subversion (dummy package) This is a dummy package to install the Subversion library bindings for the default version of Ruby. reverted: --- subversion-1.6.17dfsg/debian/libsvn-ruby1.8.lintian-overrides +++ subversion-1.6.17dfsg.orig/debian/libsvn-ruby1.8.lintian-overrides @@ -1,2 +0,0 @@ -# nobody but us will ever link to this, so we don't ship a shlibs file -no-shlibs-control-file usr/lib/*/libsvn_swig_ruby-1.so.* diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules --- subversion-1.6.17dfsg/debian/rules +++ subversion-1.6.17dfsg/debian/rules @@ -118,7 +118,7 @@ rb_defs := SWIG_RB_SITE_LIB_DIR=$(shell $(RUBY) -rrbconfig -e print RbConfig::CONFIG['vendordir']) rb_defs += SWIG_RB_SITE_ARCH_DIR=$(shell $(RUBY) -rrbconfig -e print RbConfig::CONFIG['vendorarchdir']) else - DH_OPTIONS += -Nlibsvn-ruby -Nlibsvn-$(RUBY) + DH_OPTIONS += -Nruby-svn -Nlibsvn-$(RUBY) RUBY := fooby endif @@ -346,13 +346,14 @@ cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \ $(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \ done - cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a libsvnjavahl.la + cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a libsvnjavahl-1.la # Intermediate hack, until we can remove the rest of the .la files. sed -i /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la dh_install -s ifdef DEB_OPT_WITH_JAVAHL mkdir -p debian/libsvn-java/$(libdir) mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/ + $(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so endif ln -s libsvn_ra_neon-1.so.1 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1 reverted: --- subversion-1.6.17dfsg/debian/libsvn-ruby1.8.install +++ subversion-1.6.17dfsg.orig/debian/libsvn-ruby1.8.install @@ -1,2 +0,0 @@ -debian/tmp/usr/lib/*/libsvn_swig_ruby*.so.* -debian/tmp/usr/lib/ruby diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog --- subversion-1.6.17dfsg/debian/changelog +++ subversion-1.6.17dfsg/debian/changelog @@ -1,3 +1,12 @@ +subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=low + + * rules: Fix removal of libsvnjavahl-1.a/.la/.so from
Bug#733904: nmu: subversion_1.7.14-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu subversion_1.7.14-1 . ALL . -m Rebuild against libserf-1-1 Subversion is currently intertwined in the libunwind transition, but once it's appropriate, it should be rebuilt against the new serf ABI. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140101234221.31563.7784.report...@cerberus.jamessan.com
Bug#725172: pu: package subversion/1.6.17dfsg-4+deb7u4
Control: reopen -1 ! Thanks for pushing this forward, Cyril. Sorry for not communicating my intent to make a pu or acting on it sooner. On Wed, Oct 02, 2013 at 12:17:24PM +0200, Cyril Brulebois wrote: Only impacted file is subversion/bindings/swig/core.i, fix is different from upstream's (which isn't in the version in unstable anyway), Upstream's fix is in unstable, although the incorrect “fix” uploaded in 1.7.9+nmu1/1.6.17dfsg-4+deb7u2 is there as well. Updated pu has upstream's backported fix and removes the other attempted fix. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog --- subversion-1.6.17dfsg/debian/changelog +++ subversion-1.6.17dfsg/debian/changelog @@ -1,3 +1,12 @@ +subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low + + * Non-maintainer upload. + * patches/python-swig205: Backport upstream patch to fix Python bindings +when built against swig 2.0.5+. (Closes: #683188) + * Remove patches/chunksize-integer.patch + + -- James McCoy james...@debian.org Wed, 02 Oct 2013 21:40:37 -0400 + subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. diff -u subversion-1.6.17dfsg/debian/patches/series subversion-1.6.17dfsg/debian/patches/series --- subversion-1.6.17dfsg/debian/patches/series +++ subversion-1.6.17dfsg/debian/patches/series @@ -37,6 +37,6 @@ -chunksize-integer.patch cve-2013-1845 cve-2013-1846 cve-2013-1849 CVE-2013-1968.patch CVE-2013-2112.patch +python-swig205 reverted: --- subversion-1.6.17dfsg/debian/patches/chunksize-integer.patch +++ subversion-1.6.17dfsg.orig/debian/patches/chunksize-integer.patch @@ -1,17 +0,0 @@ -Author: W. Martin Borgert deba...@debian.org - -Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683188#78 -Bug-Debian: http://bugs.debian.org/683188 -Forwarded: not-needed -Last-Update: 2016-04-16 subversion-1.7.9.orig/subversion/bindings/swig/python/svn/core.py -+++ subversion-1.7.9/subversion/bindings/swig/python/svn/core.py -@@ -145,7 +145,7 @@ - # read the rest of the stream - chunks = [ ] - while 1: --data = svn_stream_read(self._stream, SVN_STREAM_CHUNK_SIZE) -+data = svn_stream_read(self._stream, int(SVN_STREAM_CHUNK_SIZE)) - if not data: - break - chunks.append(data) only in patch2: unchanged: --- subversion-1.6.17dfsg.orig/debian/patches/python-swig205 +++ subversion-1.6.17dfsg/debian/patches/python-swig205 @@ -0,0 +1,28 @@ +Fix python bindings for swig 2.0.5. Upstream r1351117. +Somehow swig 2.0.5 produces a long integer instead of an integer in this +situation - I'm not entirely clear on specifics. But tolerate both as +inputs to svn_stream_read(). + + +--- a/subversion/bindings/swig/core.i b/subversion/bindings/swig/core.i +@@ -337,12 +337,17 @@ + */ + #ifdef SWIGPYTHON + %typemap(in) (char *buffer, apr_size_t *len) ($*2_type temp) { +-if (!PyInt_Check($input)) { ++if (PyLong_Check($input)) { ++temp = PyLong_AsLong($input); ++} ++else if (PyInt_Check($input)) { ++temp = PyInt_AsLong($input); ++} ++else { + PyErr_SetString(PyExc_TypeError, + expecting an integer for the buffer size); + SWIG_fail; + } +-temp = PyInt_AsLong($input); + if (temp 0) { + PyErr_SetString(PyExc_ValueError, + buffer size must be a positive integer); signature.asc Description: Digital signature
Bug#703132: nmu: python2.7_2.7.3-16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu python2.7_2.7.3-16 . amd64 . -m Rebuild in a clean chroot to drop Depends on experimental's libc6 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130316011157.26062.24754.report...@cerberus.jamessan.com
Bug#700254: unblock: vim/2:7.3.547-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim vim-lesstif became a transitional package during the Wheezy cycle and didn't properly handle converting /usr/share/doc/vim-lesstif from a symlink to a directory. The 2:7.3.547-7 upload, as shown in the debdiff below, fixes this. unblock vim/2:7.3.547-7 Cheers, James diffstat for vim-7.3.547 vim-7.3.547 changelog |8 control |2 +- vim-lesstif.preinst | 10 ++ 3 files changed, 19 insertions(+), 1 deletion(-) diff -Nru vim-7.3.547/debian/changelog vim-7.3.547/debian/changelog --- vim-7.3.547/debian/changelog2012-11-22 09:37:54.0 -0500 +++ vim-7.3.547/debian/changelog2013-02-09 18:44:01.0 -0500 @@ -1,3 +1,11 @@ +vim (2:7.3.547-7) unstable; urgency=low + + * Add vim-lesstif.preinst to handle transitioning /usr/share/doc/vim-lesstif +from a symlink to a directory. (Closes: #700069) + * Add clarification to short description of vim-nox. (Closes: #699780) + + -- James McCoy james...@debian.org Sat, 09 Feb 2013 18:43:57 -0500 + vim (2:7.3.547-6) unstable; urgency=low * Always enable ACL support. (Closes: #693462) diff -Nru vim-7.3.547/debian/control vim-7.3.547/debian/control --- vim-7.3.547/debian/control 2012-09-15 23:15:05.0 -0400 +++ vim-7.3.547/debian/control 2013-02-09 17:20:28.0 -0500 @@ -170,7 +170,7 @@ Depends: vim-common (= ${binary:Version}), vim-runtime (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Suggests: cscope, vim-doc Provides: vim, editor, vim-perl, vim-python, vim-ruby, vim-tcl, vim-lua -Description: Vi IMproved - enhanced vi editor +Description: Vi IMproved - enhanced vi editor - with scripting languages support Vim is an almost compatible version of the UNIX editor Vi. . Many new features have been added: multi level undo, syntax diff -Nru vim-7.3.547/debian/vim-lesstif.preinst vim-7.3.547/debian/vim-lesstif.preinst --- vim-7.3.547/debian/vim-lesstif.preinst 1969-12-31 19:00:00.0 -0500 +++ vim-7.3.547/debian/vim-lesstif.preinst 2013-02-09 17:13:08.0 -0500 @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +if [ -L /usr/share/doc/vim-lesstif ]; then +rm -f /usr/share/doc/vim-lesstif +fi + +#DEBHELPER# + +exit 0 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130210165014.28211.1229.report...@cerberus.jamessan.com
Bug#690163: unblock: smlnj/110.74-2
On Wed, Oct 10, 2012 at 12:30:15PM -0400, James McCoy wrote: Please unblock package smlnj I've updated the packaging to address #689123 (configuration file in /usr (policy 10.7.2): /usr/lib/smlnj/lib/pathconfig) by generating /usr/lib/smlnj/pathconfig via triggers. Debdiff attached. unblock smlnj/110.74-2 Anyone had a chance to look into this? Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#690163: unblock: smlnj/110.74-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package smlnj I've updated the packaging to address #689123 (configuration file in /usr (policy 10.7.2): /usr/lib/smlnj/lib/pathconfig) by generating /usr/lib/smlnj/pathconfig via triggers. Debdiff attached. unblock smlnj/110.74-2 Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diffstat for smlnj_110.74-1 smlnj_110.74-2 debian/deregister | 12 debian/pkg-deregister | 17 - debian/pkg-register| 17 - debian/postinst.in |7 --- debian/prerm.in|7 --- debian/register| 15 --- debian/smlnj-runtime.prerm |7 --- debian/smlnj-runtime.triggers |1 + smlnj-110.74/debian/changelog | 15 +++ smlnj-110.74/debian/control|7 +++ smlnj-110.74/debian/rules | 26 ++ smlnj-110.74/debian/smlnj-runtime.install |2 +- smlnj-110.74/debian/smlnj-runtime.postinst | 21 + 13 files changed, 47 insertions(+), 107 deletions(-) reverted: --- smlnj-110.74/debian/pkg-deregister +++ smlnj-110.74.orig/debian/pkg-deregister @@ -1,17 +0,0 @@ -#!/bin/sh - -set -e - -SMLNJ_HOME=/usr/lib/smlnj - -list=/var/lib/dpkg/info/$1.list - -for l in $(grep $SMLNJ_HOME/lib/[^.][^/]*$ $list) ; do -base=$(basename $l) -$SMLNJ_HOME/bin/deregister $base -done - -for b in $(grep $SMLNJ_HOME/bin/[^.][^/]*$ $list) ; do -base=$(basename $b) -$SMLNJ_HOME/bin/deregister $base -done diff -u smlnj-110.74/debian/smlnj-runtime.install smlnj-110.74/debian/smlnj-runtime.install --- smlnj-110.74/debian/smlnj-runtime.install +++ smlnj-110.74/debian/smlnj-runtime.install @@ -1 +1 @@ -bin/.arch-n-opsys bin/.link-sml bin/.run-sml bin/.run debscripts/* usr/lib/smlnj/bin +bin/.arch-n-opsys bin/.link-sml bin/.run-sml bin/.run usr/lib/smlnj/bin reverted: --- smlnj-110.74/debian/prerm.in +++ smlnj-110.74.orig/debian/prerm.in @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -@SMLNJ_HOME@/bin/pkg-deregister @PKG@ - -#DEBHELPER# diff -u smlnj-110.74/debian/control smlnj-110.74/debian/control --- smlnj-110.74/debian/control +++ smlnj-110.74/debian/control @@ -40,6 +40,13 @@ Package: smlnj-runtime Architecture: i386 amd64 powerpc Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: libckit-smlnj ( 110.74-2~), libcml-smlnj ( 110.74-2~), + libcmlutil-smlnj ( 110.74-2~), libexene-smlnj ( 110.74-2~), + libmlnlffi-smlnj ( 110.74-2~), libmlrisctools-smlnj ( 110.74-2~), + libpgraphutil-smlnj ( 110.74-2~), libsmlnj-smlnj ( 110.74-2~), + ml-burg ( 110.74-2~), ml-lex ( 110.74-2~), ml-lpt ( 110.74-2~), + ml-nlffigen ( 110.74-2~), ml-yacc ( 110.74-2~), nowhere ( 110.74-2~), + smlnj ( 110.74-2~) Description: Standard ML of New Jersey runtime system SML/NJ is an implementation of the Standard ML programming language. This package includes the runtime system only -- it provides garbage reverted: --- smlnj-110.74/debian/register +++ smlnj-110.74.orig/debian/register @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -if [ $# -ne 2 ] ; then -echo usage: register name target -exit 1 -fi - -name=$1 -target=$2 - -/usr/lib/smlnj/bin/deregister $name - -echo $name $target /usr/lib/smlnj/lib/pathconfig diff -u smlnj-110.74/debian/rules smlnj-110.74/debian/rules --- smlnj-110.74/debian/rules +++ smlnj-110.74/debian/rules @@ -20,15 +20,11 @@ VERSION=$(shell cat $(CONFIGDIR)/version) -debscripts:=$(addprefix debian/,deregister mkorig pkg-deregister pkg-register register) - srcdirs:=$(basename $(wildcard *tgz)) basedirs:=$(basename $(notdir $(wildcard base/*tgz))) notlibs:=smlnj-runtime smlnj-doc libpkgs:=$(filter-out $(notlibs),$(shell dh_listpackages)) -postinsts:=$(addsuffix .postinst,$(addprefix debian/,$(libpkgs))) -prerms:=$(addsuffix .prerm,$(addprefix debian/,$(libpkgs))) vars.sed: echo s,@SHELL@,$(SHELL),g vars.sed @@ -68,14 +64,6 @@ chmod 555 wrapper/$$c; \ done -debian/%.postinst: debian/postinst.in vars.sed - cat $ | sed -f vars.sed -e s/@PKG@/$*/ $@ - -debian/%.prerm: debian/prerm.in vars.sed - cat $ | sed -f vars.sed -e s/@PKG@/$*/ $@ - -instscripts: $(postinsts) $(prerms) - unpack-source: unpack-source-stamp unpack-source-stamp: cd base for t in $(basedirs); do tar zxf $$t.tgz; done @@ -87,9 +75,6 @@ build-arch: build-arch-stamp build-arch-stamp: unpack-source-stamp - mkdir -p debscripts - install -m 555 $(debscripts) debscripts - cat debian/patches/* | patch -N -p1 1/dev/null || true cp config/targets config/targets.orig cp debian/targets config/targets @@ -115,12 +100,11 @@ rm -f *-stamp rm
Bug#690195: unblock: vim-scripts/20121007
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package vim-scripts This upload adds support for svn 1.7 to the vcscommand plugin and xz-compressed debs to debPlugin. Both patches are pretty minimal. Debdiff attached. unblock vim-scripts/20121007 -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diff -Naur vim-scripts-20110813/debian/changelog vim-scripts-20121007/debian/changelog --- vim-scripts-20110813/debian/changelog 2011-08-13 23:11:50.0 -0400 +++ vim-scripts-20121007/debian/changelog 2012-10-07 11:16:17.0 -0400 @@ -1,3 +1,13 @@ +vim-scripts (20121007) unstable; urgency=low + + * Update Vcs-* URLs. + * vcscommand: Backport patch from upstream to handle svn 1.7. (Closes: +#688093) + * debPlugin: Add support for xz compressed debs. Thanks to Jakub Wilk for +the patch. (Closes: #644172) + + -- James McCoy james...@debian.org Sun, 07 Oct 2012 11:15:37 -0400 + vim-scripts (20110813) unstable; urgency=low * Rename colors sampler pack to colors-sampler-pack so it's easier to diff -Naur vim-scripts-20110813/debian/control vim-scripts-20121007/debian/control --- vim-scripts-20110813/debian/control 2011-08-13 23:11:50.0 -0400 +++ vim-scripts-20121007/debian/control 2012-10-07 11:16:17.0 -0400 @@ -2,13 +2,13 @@ Section: editors Priority: optional Maintainer: Debian Vim Maintainers pkg-vim-maintain...@lists.alioth.debian.org -Uploaders: Michael Piefel pie...@debian.org, James Vega james...@debian.org +Uploaders: Michael Piefel pie...@debian.org, James McCoy james...@debian.org Build-Depends: cdbs, debhelper ( 5.0.0), quilt Build-Depends-Indep: xsltproc, docbook-xsl Standards-Version: 3.9.2.0 Homepage: http://www.vim.org/scripts/ -Vcs-Git: git://git.debian.org/git/pkg-vim/vim-scripts.git -Vcs-Browser: http://git.debian.org/?p=pkg-vim/vim-scripts.git +Vcs-Git: git://anonscm.debian.org/pkg-vim/vim-scripts.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-vim/vim-scripts.git Package: vim-scripts Architecture: all diff -Naur vim-scripts-20110813/debian/patches/deb.vim-xz.diff vim-scripts-20121007/debian/patches/deb.vim-xz.diff --- vim-scripts-20110813/debian/patches/deb.vim-xz.diff 1969-12-31 19:00:00.0 -0500 +++ vim-scripts-20121007/debian/patches/deb.vim-xz.diff 2012-10-07 11:16:17.0 -0400 @@ -0,0 +1,25 @@ +Subject: Add support for xz-compressed debs +Author: Jakub Wilk jw...@debian.org +Bug-Debian: http://bugs.debian.org/644172 + +diff --git a/autoload/deb.vim b/autoload/deb.vim +--- a/autoload/deb.vim b/autoload/deb.vim +@@ -32,6 +32,8 @@ + let l:unpcmp = tar zxfO + elseif l:archmember == data.tar.bz2 + let l:unpcmp = tar jxfO ++elseif l:archmember == data.tar.xz ++ let l:unpcmp = tar JxfO + elseif l:archmember == data.tar.lzma + if !s:hascmd(lzma) + return +@@ -230,7 +232,7 @@ + return data file name for debian package. This can be either data.tar.gz, + data.tar.bz2 or data.tar.lzma + fun s:dataFileName(deb) +-for fn in [data.tar.gz, data.tar.bz2, data.tar.lzma, data.tar] ++for fn in [data.tar.gz, data.tar.bz2, data.tar.lzma, data.tar.xz, data.tar] + [0:-2] is to remove trailing null character from command output + if (system(ar t . ' . a:deb . ' . . fn))[0:-2] == fn + return fn diff -Naur vim-scripts-20110813/debian/patches/series vim-scripts-20121007/debian/patches/series --- vim-scripts-20110813/debian/patches/series 2011-08-13 23:11:50.0 -0400 +++ vim-scripts-20121007/debian/patches/series 2012-10-07 11:16:17.0 -0400 @@ -18,3 +18,5 @@ lbdbq-query.diff lbdbq-detect-lbdbq.diff disabledby-doxygentoolkit.diff +vcscommand-svn1.7.diff +deb.vim-xz.diff diff -Naur vim-scripts-20110813/debian/patches/vcscommand-svn1.7.diff vim-scripts-20121007/debian/patches/vcscommand-svn1.7.diff --- vim-scripts-20110813/debian/patches/vcscommand-svn1.7.diff 1969-12-31 19:00:00.0 -0500 +++ vim-scripts-20121007/debian/patches/vcscommand-svn1.7.diff 2012-10-07 11:16:17.0 -0400 @@ -0,0 +1,44 @@ +commit f0750a4e0b1606e51807d7157759b3a5e1e9760d +Author: Bob Hiestand bob.hiest...@gmail.com +Date: Tue Oct 18 10:50:12 2011 -0500 + +identify via 'svn info' + +don't look for .svn directories as svn 1.7 breaks that method + +--- a/plugin/vcssvn.vim b/plugin/vcssvn.vim +@@ -90,22 +90,17 @@ + + Function: s:svnFunctions.Identify(buffer) {{{2 + function! s:svnFunctions.Identify(buffer) +- let fileName = resolve(bufname(a:buffer)) +- if isdirectory(fileName) +- let directoryName = fileName +- else +- let directoryName = fnamemodify(fileName, ':h') +- endif +- if strlen(directoryName) 0 +- let svnDir = directoryName . '/.svn' +- else +- let svnDir = '.svn' +- endif
Bug#686621: unblock: devscripts/2.12.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package devscripts 2.12.2 is a small upload to address CVE-2012-3500. Attached is the debdiff between 2.12.1 and 2.12.2 unblock devscripts/2.12.2 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diffstat for devscripts-2.12.1 devscripts-2.12.2 debian/changelog | 10 ++ scripts/annotate-output.sh | 10 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff -Nru devscripts-2.12.1/debian/changelog devscripts-2.12.2/debian/changelog --- devscripts-2.12.1/debian/changelog 2012-07-13 16:06:43.0 -0400 +++ devscripts-2.12.2/debian/changelog 2012-08-26 11:22:44.0 -0400 @@ -1,3 +1,13 @@ +devscripts (2.12.2) unstable; urgency=high + + * annotate-output: Fix to prevent symlink attack: don't delete +safely-created file and reuse its name. Instead, create temporary +directory and create FIFOs therein. Also, be sure to remove temporaries +upon catchable signal. Thanks to Jim Meyering for the patch. Fixes +CVE-2012-3500. + + -- James McCoy james...@debian.org Sun, 26 Aug 2012 11:16:17 -0400 + devscripts (2.12.1) unstable; urgency=low * debchange: diff -Nru devscripts-2.12.1/scripts/annotate-output.sh devscripts-2.12.2/scripts/annotate-output.sh --- devscripts-2.12.1/scripts/annotate-output.sh 2011-05-22 12:47:07.0 -0400 +++ devscripts-2.12.2/scripts/annotate-output.sh 2012-08-26 11:22:44.0 -0400 @@ -62,10 +62,14 @@ exit 1 fi -OUT=`mktemp --tmpdir annotate.XX` || exit 1 -ERR=`mktemp --tmpdir annotate.XX` || exit 1 +cleanup() { __st=$?; rm -rf $tmp; exit $__st; } +trap cleanup 0 +trap 'exit $?' 1 2 13 15 + +tmp=$(mktemp -d --tmpdir annotate.XX) || exit 1 +OUT=$tmp/out +ERR=$tmp/err -rm -f $OUT $ERR mkfifo $OUT $ERR || exit 1 addtime O $OUT signature.asc Description: Digital signature
Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1
On Sun, Aug 26, 2012 at 12:18:48PM +0200, Cyril Brulebois wrote: James McCoy james...@debian.org (25/08/2012): On a related note, it looks to me like racket isn't exactly a widespread package, so picking up xz compression too for t-p-u wouldn't help with fitting more stuff on 1st/2nd CDs, would it? EPARSE. Are you suggesting I should add the xz compression changes to the t-p-u upload, too? Looking at cdimage-search.d.o, racket's down in the 30s for the CD it's on. ESENDINGMAILSAT4AM. I meant to ask whether first CDs would benefit from having racket xz-compressed. Given your answer, clearly not, so sticking to the proposed fix only for your t-p-u upload looks sufficient. Ok, uploaded. -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1
On Sun, Aug 26, 2012 at 03:44:09AM +0200, Cyril Brulebois wrote: James McCoy james...@debian.org (24/08/2012): In case it's worth fixing that for Wheezy, I have a package I can upload to testing. Attached is the debdiff. What do you think? I think I'd like to see this go through t-p-u indeed. Ok, thanks. On a related note, it looks to me like racket isn't exactly a widespread package, so picking up xz compression too for t-p-u wouldn't help with fitting more stuff on 1st/2nd CDs, would it? EPARSE. Are you suggesting I should add the xz compression changes to the t-p-u upload, too? Looking at cdimage-search.d.o, racket's down in the 30s for the CD it's on. Please use +deb7u1 instead of +wheezy1 (wheezy jessie, so we're starting to move towards this new versioning scheme). Ok, I'll update that. -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1
Package: release.debian.org Severity: normal I recently uploaded a new upstream version of racket, completely forgetting that I meant to do a minor upload to fix #680685 (racket and planet-venus both ship a planet binary) first. The unstable upload does fix that bug, but the delta between the versions is far too large to ask for an unblock. In case it's worth fixing that for Wheezy, I have a package I can upload to testing. Attached is the debdiff. What do you think? Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org diffstat for racket-5.2.1+g6~92c8784+dfsg2 racket-5.2.1+g6~92c8784+dfsg2 NEWS |9 + changelog |6 ++ rules |1 + 3 files changed, 16 insertions(+) diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/changelog racket-5.2.1+g6~92c8784+dfsg2/debian/changelog --- racket-5.2.1+g6~92c8784+dfsg2/debian/changelog 2012-06-26 19:07:18.0 -0400 +++ racket-5.2.1+g6~92c8784+dfsg2/debian/changelog 2012-08-22 21:52:33.0 -0400 @@ -1,3 +1,9 @@ +racket (5.2.1+g6~92c8784+dfsg2-2+wheezy1) testing; urgency=low + + * Stop shipping /usr/bin/planet. (Closes: #680685) + + -- James McCoy james...@debian.org Wed, 22 Aug 2012 21:49:27 -0400 + racket (5.2.1+g6~92c8784+dfsg2-2) unstable; urgency=low * Update description to use Racket in place of scheme (Closes: #679000). diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS --- racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS 1969-12-31 19:00:00.0 -0500 +++ racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS 2012-08-22 21:52:33.0 -0400 @@ -0,0 +1,9 @@ +racket (5.2.1+g6~92c8784+dfsg2-2+wheezy1) testing; urgency=low + + The planet binary is no longer provided with racket. Uses of it should be + replaced with “raco planet”. + + This removal is planned upstream as well, but it is being performed earlier + in Debian's packaging due to #680685. + + -- James McCoy james...@debian.org Fri, 10 Aug 2012 16:34:33 -0400 diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/rules racket-5.2.1+g6~92c8784+dfsg2/debian/rules --- racket-5.2.1+g6~92c8784+dfsg2/debian/rules 2012-06-26 19:07:18.0 -0400 +++ racket-5.2.1+g6~92c8784+dfsg2/debian/rules 2012-08-22 21:52:33.0 -0400 @@ -44,6 +44,7 @@ do-install-arch: PLT_EXTRA=--no-docs --no-zo do-install-arch: $(DEB_MAKE_ENVVARS) $(MAKE) -C $(DEB_BUILDDIR) install DESTDIR=$(CURDIR)/debian/tmp + rm -f $(CURDIR)/debian/tmp/usr/bin/planet do-install-indep: PLT_EXTRA=--no-launcher --no-install --no-post-install do-install-indep: signature.asc Description: Digital signature