Bug#1070689: transition: msgpack-c

[James McCoy]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: msgpac...@packages.debian.org
Control: affects -1 + src:msgpack-c
User: release.debian@packages.debian.org
Usertags: transition

The msgpack-c upstream renamed their C library from libmsgpackc.so to
libmsgpack-c.so. I've renamed the binary packages accordingly
(libmsgpack-dev -> libmsgpack-c-dev, libmsgpackc2 -> libmsgpack-c2) and
the former "Provides: libmsgpack-dev" to help ease the transition.

The following build dependencies will need fixes to build against the
new msgpack-c version:

* libdata-messagepack-stream-perl
* tmate
* tmate-ssh-server
* webdis

This is just related to how the packages detect whether msgpack is
available, since the APIs/ABIs themselves did not change.

Ben file:

title = "msgpack-c";
is_affected = .depends ~ "libmsgpackc2" | .depends ~ "libmsgpack-c2";
is_good = .depends ~ "libmsgpack-c2";
is_bad = .depends ~ "libmsgpackc2";

Bug#1063308: transition: libvterm

[James McCoy]

On Mon, Mar 04, 2024 at 06:40:46AM -0500, James McCoy wrote:
> On Mon, Feb 05, 2024 at 10:54:12PM -0500, James McCoy wrote:
> > libvterm doesn't have a stable API/ABI yet, so although the SONAME
> > didn't change, this is a breaking update.
> > 
> > There are 3 packages which use libvterm:
> > * pangoterm: I've filed #1063196 to RM the package, so it shouldn't
> >   block
> > * emacs-libvterm: It supports building against either 0.1 or 0.3, so it
> >   just needs a binNMU
> > * neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in
> >   experimental) supports 0.3.
> > 
> > Ben file:
> > 
> > title = "libvterm 0.1 -> 0.3";
> > is_affected = .build-depends ~ "libvterm-dev";
> > is_good = .depends ~ /libvterm0 \(>= 0\.[23]/;
> > is_bad = .depends ~ /libvterm0 \(>= 0\.1/;
> 
> This was ACKed on IRC, so I've uploaded libvterm and neovim.

Now that cmake is available on arm* again, emacs-libvterm just needs a
binNMU to finish this transition.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#1063308: transition: libvterm

[James McCoy]

On Mon, Feb 05, 2024 at 10:54:12PM -0500, James McCoy wrote:
> libvterm doesn't have a stable API/ABI yet, so although the SONAME
> didn't change, this is a breaking update.
> 
> There are 3 packages which use libvterm:
> * pangoterm: I've filed #1063196 to RM the package, so it shouldn't
>   block
> * emacs-libvterm: It supports building against either 0.1 or 0.3, so it
>   just needs a binNMU
> * neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in
>   experimental) supports 0.3.
> 
> Ben file:
> 
> title = "libvterm 0.1 -> 0.3";
> is_affected = .build-depends ~ "libvterm-dev";
> is_good = .depends ~ /libvterm0 \(>= 0\.[23]/;
> is_bad = .depends ~ /libvterm0 \(>= 0\.1/;

This was ACKed on IRC, so I've uploaded libvterm and neovim.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#1063308: transition: libvterm

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: libvt...@packages.debian.org
Control: affects -1 + src:libvterm

libvterm doesn't have a stable API/ABI yet, so although the SONAME
didn't change, this is a breaking update.

There are 3 packages which use libvterm:
* pangoterm: I've filed #1063196 to RM the package, so it shouldn't
  block
* emacs-libvterm: It supports building against either 0.1 or 0.3, so it
  just needs a binNMU
* neovim: 0.7.2 (in unstable) only supports 0.1, but 0.9.5 (in
  experimental) supports 0.3.

Ben file:

title = "libvterm 0.1 -> 0.3";
is_affected = .build-depends ~ "libvterm-dev";
is_good = .depends ~ /libvterm0 \(>= 0\.[23]/;
is_bad = .depends ~ /libvterm0 \(>= 0\.1/;

Bug#1061565: nmu: rust-alacritty_0.12.2-2

[James McCoy]

On Fri, Jan 26, 2024 at 10:16:50AM -0500, James McCoy wrote:
> nmu rust-alacritty_0.12.2-2 . ANY . unstable . -m "Rebuild against 
> rust-smithay-client-toolkit 0.16.1"
> 
> This is needed to fix #1061563 (crash with recent sway versions).

Ping?  It'd be nice to get this fixed, since other things are blocking
an update of alacritty.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#1061565: nmu: rust-alacritty_0.12.2-2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: rust-alacri...@packages.debian.org
Control: affects -1 + src:rust-alacritty

nmu rust-alacritty_0.12.2-2 . ANY . unstable . -m "Rebuild against 
rust-smithay-client-toolkit 0.16.1"

This is needed to fix #1061563 (crash with recent sway versions).

Bug#1036027: unblock: kitty/0.26.5-5

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ki...@packages.debian.org
Control: affects -1 + src:kitty

Please unblock package kitty

[ Reason ]
Kitty registers itself as a handler for various MIME types (via
kitty-open.desktop), but some of those (e.g., application/x-sh) are
unexpectedly executed instead of viewed.  This upload removes the
installation of the desktop file, instead providing it as an example.

README.Debian is updated to explain how to enable the functionality as
well as warning about the implications.

[ Impact ]
Untrusted files may be executed rather than viewed (e.g., trying to view
a shell script attached to an email).

[ Tests ]
n/a

[ Risks ]
Trivial change in a leaf package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock kitty/0.26.5-5

Bug#1035509: [pre-approval] unblock: vim/2:9.0.1378-2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: v...@packages.debian.org
Control: affects -1 + src:vim

Please unblock package vim

[ Reason ]
- Fix for CVE-2023-2426 (using uninitialized memory)
- Minor fix for indenting of Perl scripts (regression from bullseye)

[ Impact ]
- Shipping with a known CVE, whose fix was requested by the security
  team
- Thousands of wasted keystrokes indenting Perl scripts

[ Tests ]
- New test was added upstream for the CVE, but its mainly useful for
  running under valgrind

[ Risks ]
Fixes are small and straight forward.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock vim/2:9.0.1378-2
diffstat for vim-9.0.1378 vim-9.0.1378

 changelog| 
   7 
 patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch | 
  22 +
 patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch | 
   2 
 patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch  | 
 147 ++
 patches/series   | 
   2 
 5 files changed, 179 insertions(+), 1 deletion(-)

diff -Nru vim-9.0.1378/debian/changelog vim-9.0.1378/debian/changelog
--- vim-9.0.1378/debian/changelog   2023-03-04 14:41:33.0 -0500
+++ vim-9.0.1378/debian/changelog   2023-05-04 06:24:44.0 -0400
@@ -1,3 +1,10 @@
+vim (2:9.0.1378-2) unstable; urgency=medium
+
+  * Backport 9.0.1499 to fix CVE-2023-2426 (Closes: #1035323)
+  * Backport fix for indenting of Perl subroutines (Closes: #1034529)
+
+ -- James McCoy   Thu, 04 May 2023 06:24:44 -0400
+
 vim (2:9.0.1378-1) unstable; urgency=medium
 
   * Merge upstream patch v9.0.1378
diff -Nru 
vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch
 
vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch
--- 
vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch
2023-03-04 14:41:33.0 -0500
+++ 
vim-9.0.1378/debian/patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch
2023-05-04 06:24:44.0 -0400
@@ -86,7 +86,7 @@
  # define SYS_VIMRC_FILE "$VIM/vimrc"
  #endif
 diff --git a/src/structs.h b/src/structs.h
-index d020449..dbbecb4 100644
+index 46a71cb..ac661a6 100644
 --- a/src/structs.h
 +++ b/src/structs.h
 @@ -4468,6 +4468,9 @@ typedef struct
diff -Nru 
vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch
 
vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch
--- 
vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch
1969-12-31 19:00:00.0 -0500
+++ 
vim-9.0.1378/debian/patches/Fix-GH-267-where-indent-after-a-sub-would-not-work.patch
2023-05-04 06:24:44.0 -0400
@@ -0,0 +1,22 @@
+From: Andy Lester 
+Date: Tue, 26 Apr 2022 20:07:43 -0500
+Subject: Fix GH#267 where indent after a sub would not work
+
+Closes: #1034529
+Signed-off-by: James McCoy 
+---
+ runtime/indent/perl.vim | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/runtime/indent/perl.vim b/runtime/indent/perl.vim
+index 4c91fa1..bd2a1a9 100644
+--- a/runtime/indent/perl.vim
 b/runtime/indent/perl.vim
+@@ -133,6 +133,7 @@ function! GetPerlIndent()
+ \ || synid == "perlHereDoc"
+ \ || synid == "perlBraces"
+ \ || synid == "perlStatementIndirObj"
++\ || synid == "perlSubDeclaration"
+ \ || synid =~ "^perlFiledescStatement"
+ \ || synid =~ '^perl\(Sub\|Block\|Package\)Fold'
+ let brace = strpart(line, bracepos, 1)
diff -Nru 
vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch
 
vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch
--- 
vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch
 1969-12-31 19:00:00.0 -0500
+++ 
vim-9.0.1378/debian/patches/patch-9.0.1499-using-uninitialized-memory-with-fuzzy-matc.patch
 2023-05-04 06:24:44.0 -0400
@@ -0,0 +1,147 @@
+From: Bram Moolenaar 
+Date: Sat, 29 Apr 2023 21:38:04 +0100
+Subject: patch 9.0.1499: using uninitialized memory with fuzzy matching
+
+Problem:Using uninitialized memory with fuzzy matching.
+Solution:   Initialize the arrays used to store match positions.
+
+Closes: #1035323
+---
+ src/quickfix.c  |  5 -
+ src/search.c| 17 +++--
+ src/testdir/test_matchfuzzy.vim | 27 +

Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1

[James McCoy]

On Sat, Mar 19, 2022 at 10:02:07AM +, Adam D. Barratt wrote:
> On Sat, 2021-12-25 at 10:53 -0500, James McCoy wrote:
> > On Sat, Dec 25, 2021 at 11:41:29AM +, Adam D. Barratt wrote:
> [...]
> > > Unfortunately the builds failed everywhere with a test suite issue:
> > 
> > My apologies.  I uploaded with an additional patch for another issue
> > (#996593), which ended up not being relevant to the Buster version of
> > Vim.  This wasn't part of the originally proposed changes, but I had
> > the
> > source packge still present locally.  I should have double checked
> > the
> > changes before uploading.
> > 
> > Attached is a debdiff reverting that additional patch, back to what I
> > had originally prepared.
> > 
> 
> Apologies, I'm not sure how this got missed and managed to stay under
> the radar for so long.
> 
> Please feel free to go ahead, bearing in mind that the upload for
> getting the fixes into 10.12 closes this weekend.

Uploaded.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1

[James McCoy]

On Sat, Dec 25, 2021 at 11:41:29AM +, Adam D. Barratt wrote:
> On Sat, 2021-12-04 at 17:36 +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote:
> > > Various "non DSA" CVEs have accumulated in Vim, and it seemed like
> > > a
> > > good idea to get a new upload addressing those.
> > > 
> > > [ Impact ]
> > > * CVE-2019-20807 - Shell commands can be executed from rvim
> > > (restricted
> > >   vim) via the bindings to other programming languages
> > > * CVE-2021-3770 / #994076 - Invalid memory access when a very large
> > >   number is given to :retab command
> > > * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid
> > >   utf-8 character is encountered
> > > * CVE-2021-3796 / #994497 - Using freed memory in replace mode
> > > 
> > 
> > Please go ahead, thanks.
> 
> Unfortunately the builds failed everywhere with a test suite issue:

My apologies.  I uploaded with an additional patch for another issue
(#996593), which ended up not being relevant to the Buster version of
Vim.  This wasn't part of the originally proposed changes, but I had the
source packge still present locally.  I should have double checked the
changes before uploading.

Attached is a debdiff reverting that additional patch, back to what I
had originally prepared.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB
diffstat for vim-8.1.0875 vim-8.1.0875

 changelog  |   
11 +
 patches/series |   
 1 
 patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch |   
62 --
 3 files changed, 8 insertions(+), 66 deletions(-)

diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog
--- vim-8.1.0875/debian/changelog   2021-10-19 21:56:40.0 -0400
+++ vim-8.1.0875/debian/changelog   2021-12-25 10:48:51.0 -0500
@@ -1,3 +1,10 @@
+vim (2:8.1.0875-5+deb10u2) buster; urgency=medium
+
+  * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim
+8.2.3110 and later.
+
+ -- James McCoy   Sat, 25 Dec 2021 10:48:51 -0500
+
 vim (2:8.1.0875-5+deb10u1) buster; urgency=medium
 
   * Change gbp.conf and salsa config to use buster
@@ -13,10 +20,8 @@
 + 8.2.3409: reading beyond end of line with invalid utf-8 character
   * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497)
 + 8.2.3428: using freed memory when replacing
-  * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593)
-+ 8.2.3489: ml_get error after search with range
 
- -- James McCoy   Tue, 19 Oct 2021 21:56:40 -0400
+ -- James McCoy   Sun, 26 Sep 2021 09:29:21 -0400
 
 vim (2:8.1.0875-5) unstable; urgency=medium
 
diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series
--- vim-8.1.0875/debian/patches/series  2021-10-19 21:56:40.0 -0400
+++ vim-8.1.0875/debian/patches/series  2021-12-25 10:48:51.0 -0500
@@ -21,4 +21,3 @@
 upstream/patch-8.2.3403-memory-leak-for-retab-with-invalid-argumen.patch
 upstream/patch-8.2.3409-reading-beyond-end-of-line-with-invalid-ut.patch
 upstream/patch-8.2.3428-using-freed-memory-when-replacing.patch
-upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
diff -Nru 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
--- 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
  2021-10-19 21:56:40.0 -0400
+++ 
vim-8.1.0875/debian/patches/upstream/patch-8.2.3489-ml_get-error-after-search-with-range.patch
  1969-12-31 19:00:00.0 -0500
@@ -1,62 +0,0 @@
-From: Bram Moolenaar 
-Date: Sat, 9 Oct 2021 13:58:55 +0100
-Subject: patch 8.2.3489: ml_get error after search with range
-
-Problem:ml_get error after search with range.
-Solution:   Limit the line number to the buffer line count.
-(cherry picked from commit 35a319b77f897744eec1155b736e9372c9c5575f)

- src/ex_docmd.c  |  6 --
- src/testdir/test_search.vim | 12 
- src/version.c   |  1 +
- 3 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index ccca2f9..b550af6 100644
 a/src/ex_docmd.c
-+++ b/src/ex_docmd.c
-@@ -4589,8 +4589,10 @@ get_address(
- 
-   // When '/' or '?' follows another address, start from
-   // there.
--  if (lnum != MAXLNUM)
--  curwin->w_cursor.lnum = lnum;
-+  if (lnum > 0 && lnum != MAXLNUM)
-+  curwin->w_cursor.ln

Bug#995494: bullseye-pu: package vim/2:8.2.2434-3+deb11u1

[James McCoy]

On Fri, Dec 03, 2021 at 04:45:57PM +, Adam D. Barratt wrote:
> It might be clearer for the alternatives bug to have a fixed version to
> indicate that it doesn't affect the package in testing/unstable in
> practice, although I'm not quite sure what it should be - maybe the
> first upload after buster's version?

Would applying the "bullseye" tag to the bug achieve be enough?

> Please go ahead, thanks.

Will do, thanks.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@security.debian.org

[ Reason ]
Various "non DSA" CVEs have accumulated in Vim, and it seemed like a
good idea to get a new upload addressing those.

[ Impact ]
* CVE-2019-20807 - Shell commands can be executed from rvim (restricted
  vim) via the bindings to other programming languages
* CVE-2021-3770 / #994076 - Invalid memory access when a very large
  number is given to :retab command
* CVE-2021-3778 / #994498 - Reading beyond end of line when invalid
  utf-8 character is encountered
* CVE-2021-3796 / #994497 - Using freed memory in replace mode

[ Tests ]
Upstream tests accompany all of the fixes for the CVEs

[ Risks ]
The changes are pretty targeted and have had time to "soak" upstream.
Patches for subsequent issues in initial fixes are included.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
attached


vim_8.1.0875-5+deb10u1.diff
Description: Binary data

Bug#995494: bullseye-pu: package vim/2:8.2.2434-3+deb11u1

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@security.debian.org

[ Reason ]
* Vim has some recent "no DSA" CVEs which, although unlikely to hit,
  would be good to fix (#994497, #994498, #994076)

* In the buster -> bullseye upgrade, vim-gtk becomes a transitional
  package, switching to vim-gtk3.  The vim-gtk alternatives weren't
  cleaned up, so there's a lot of noise during the upgrade about
  dangling links for alternatives and a window where the symlinks may
  not exist (#993766).

[ Impact ]
* Off chance that Vim crashes or twiddles some bits in memory it
  shouldn't be.

[ Tests ]
* The CVE fixes all come with tests from upstream.

* I've manually tested the upgrade scenario described in #993766.  The
  scary warnings about dangling links are fixed, but the scenario
  encountered (conffile editing needed with no alternative link in
  place) isn't something I see an obvious way to fix.

  I've also tested upgrading from current bullseye to the proposed
  changes.

  The most likely reason to encounter the bug is if /etc/vim/vimrc,
  which is a conffile, is modified, since it will cause dpkg's conffile
  prompt to happen.  At this point, buster vim-gtk's files have been
  removed but vim-common is being configured before vim-gtk3, so the new
  alternatives haven't been established.

  The binaries are already in place, so the user can run vim.gtk3, but
  it's not what their fingers (or possibly $VISUAL/$EDITOR) expects to
  use.

[ Risks ]
Low risk.  CVE fixes are pretty small and covered by new tests.  The
alternatives issue is targeted

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable
  * Aside from the vim-gtk -> vim-gtk3 change, which is buster ->
bullseye specific.

[ Changes ]
attached

[ Other info ]
n/a


vim_8.2.2434-3+deb11u1.diff
Description: Binary data

Bug#987964: unblock: vim-scripts/20210124.1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim-scripts

[ Reason ]
The filesystem layout of the package was reorganized, but the default
setting of the VimSokoban files was not updated accordingly.

[ Impact ]
Users of VimSokoban will get an error and have to figure out how to
change the path in their config.

[ Tests ]
Manual tests verified the installed package can start VimSokoban without
any config changes.

[ Risks ]
None.  Single line change to update the default location for VimSokoban.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock vim-scripts/20210124.1
diffstat for vim-scripts-20210124 vim-scripts-20210124.1

 changelog  |7 +++
 patches/sokoboan_path.diff |2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff -Nru vim-scripts-20210124/debian/changelog 
vim-scripts-20210124.1/debian/changelog
--- vim-scripts-20210124/debian/changelog   2021-01-24 18:58:45.0 
-0500
+++ vim-scripts-20210124.1/debian/changelog 2021-04-27 07:44:43.0 
-0400
@@ -1,3 +1,10 @@
+vim-scripts (20210124.1) unstable; urgency=medium
+
+  * Fix path for VimSokoban levels.  Thanks to Darshaka Pathirana for the
+report.  (Closes: #987498)
+
+ -- James McCoy   Tue, 27 Apr 2021 07:44:43 -0400
+
 vim-scripts (20210124) unstable; urgency=medium
 
   * color_sampler_pack:
diff -Nru vim-scripts-20210124/debian/patches/sokoboan_path.diff 
vim-scripts-20210124.1/debian/patches/sokoboan_path.diff
--- vim-scripts-20210124/debian/patches/sokoboan_path.diff  2021-01-24 
18:58:45.0 -0500
+++ vim-scripts-20210124.1/debian/patches/sokoboan_path.diff2021-04-27 
07:44:43.0 -0400
@@ -10,7 +10,7 @@
  finish
  endif
  let loaded_VimSokoban = 1
-+let g:SokobanLevelDirectory = "/usr/share/vim-scripts/sokoban-levels/"
++let g:SokobanLevelDirectory = 
"/usr/share/vim-scripts/VimSokoban/plugin/VimSokoban/"
  
  " Allow the user to specify the location of the sokoban levels
  if (!exists("g:SokobanLevelDirectory"))

Bug#953881: Bug#954866: Bug#953881: transition: ruby2.7 only

[James McCoy]

On Thu, Apr 23, 2020 at 02:09:35PM +0200, Paul Gevers wrote:
> I
> suggest you apply the same fix you already did here [2] and stop
> building the python package for now if that works.

Done and uploaded, however that now makes mercurial FTBFS, as I had
notified them earlier this month (#956007).  I've now raised that bug to
serious.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#953881: Bug#954866: Bug#953881: transition: ruby2.7 only

[James McCoy]

On Thu, Apr 23, 2020 at 10:13:15AM +0200, Paul Gevers wrote:
> It seems the ruby2.5 removal transition [1] is stalled by subversion
> [2]. Can the fix for 954866 please be uploaded to unstable such that
> subversion can migrate and we can finish the removal of ruby2.5 in testing?

I'd rather not upload an RC.  The ETA for the actual release is May
27th.

There don't seem to be any users of ruby-svn in the archive, so maybe
it's best to remove that from testing in the interim?

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#931143: unblock: neovim/0.3.4-3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package neovim

This upload contains the rest of the fixes needed to address
CVE-2019-12735/#930024.

unblock neovim/0.3.4-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for neovim-0.3.4 neovim-0.3.4

 changelog   |   28 
 patches/0001-debcherry-fixup-patch.patch| 1066 
++
 patches/0001-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch |   36 
 patches/0002-vim-patch-8.1.1365-source-should-check-sandbox-10082.patch |   36 
 patches/0003-vim-patch-8.1.0177-defining-function-in-sandbox-is-i.patch |  104 
 patches/0004-vim-patch-8.1.0189-function-defined-in-sandbox-not-t.patch |   41 
 patches/0005-vim-patch-8.1.0206-duplicate-test-function-name.patch  |   35 
 patches/0006-vim-patch-8.1.1382-error-when-editing-test-file.patch  |   59 
 patches/0007-eval-api-don-t-allow-the-API-to-be-called-in-the-san.patch |   57 
 patches/series  |8 
 10 files changed, 1433 insertions(+), 37 deletions(-)

diff -Nru neovim-0.3.4/debian/changelog neovim-0.3.4/debian/changelog
--- neovim-0.3.4/debian/changelog   2019-06-05 21:38:14.0 -0400
+++ neovim-0.3.4/debian/changelog   2019-06-26 21:21:33.0 -0400
@@ -1,3 +1,31 @@
+neovim (0.3.4-3) unstable; urgency=high
+
+  * Backport additional changes to address CVE-2019-12735 (Closes: #930024)
++ vim-patch:8.1.0177: defining function in sandbox is inconsistent
++ vim-patch:8.1.0189: function defined in sandbox not tested
++ vim-patch:8.1.0538: evaluating a modeline might invoke using a shell
+  command
++ vim-patch:8.1.0539: cannot build without the sandbox
++ vim-patch:8.1.0540: may evaluate insecure value when appending to option
++ vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error
++ vim-patch:8.1.0613: when executing an insecure function the secure flag
+  is stuck
++ vim-patch:8.1.1046: the "secure" variable is used inconsistently
++ vim-patch:8.1.0205: invalid memory access with invalid modeline
++ vim-patch:8.1.0206: duplicate test function name
++ vim-patch:8.1.0506: modeline test fails when run by root
++ vim-patch:8.1.0546: modeline test with keymap fails
++ vim-patch:8.1.0547: modeline test with keymap still fails
++ vim-patch:8.1.1366: using expressions in a modeline is unsafe
++ vim-patch:8.1.1367: can set 'modelineexpr' in modeline
++ vim-patch:8.1.1368: modeline test fails with python but without
+  pythonhome
++ vim-patch:8.1.1382: error when editing test file
++ vim-patch:8.1.1401: misspelled mkspellmem as makespellmem
+  * Backport patch to prevent use of nvim's API within the sandbox
+
+ -- James McCoy   Wed, 26 Jun 2019 21:21:33 -0400
+
 neovim (0.3.4-2) unstable; urgency=high
 
   [ Efraim Flashner ]
diff -Nru neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch 
neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
--- neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
1969-12-31 19:00:00.0 -0500
+++ neovim-0.3.4/debian/patches/0001-debcherry-fixup-patch.patch
2019-06-26 21:21:33.0 -0400
@@ -0,0 +1,1066 @@
+From d39c384696e94bd8cb4a8830f0ec2e801619a970 Mon Sep 17 00:00:00 2001
+From: James McCoy 
+Date: Wed, 26 Jun 2019 21:32:44 -0400
+Subject: [PATCH 1/7] debcherry fixup patch
+
+ed179f931 vim-patch:8.1.1401: misspelled mkspellmem as makespellmem
+- no changes against upstream or conflicts
+41a3ff9fe vim-patch:8.1.1368: modeline test fails with python but without 
pythonhome
+- no changes against upstream or conflicts
+12c5b6885 vim-patch:8.1.1367: can set 'modelineexpr' in modeline
+- no changes against upstream or conflicts
+cffc3f5f8 vim-patch:8.1.1366: using expressions in a modeline is unsafe
+- extra changes or conflicts
+a15defc3c vim-patch:8.1.0547: modeline test with keymap still fails
+- extra changes or conflicts
+c550a5e94 vim-patch:8.1.0546: modeline test with keymap fails
+- no changes against upstream or conflicts
+0605eb856 vim-patch:8.1.0506: modeline test fails when run by root
+- no changes against upstream or conflicts
+cbec04e98 vim-patch:8.1.0205: invalid memory access with invalid modeline
+- extra changes or conflicts
+ed7ca8f1e vim-patch:8.1.1046: the "secure&qu

Bug#930616: unblock: vim/2:8.1.0875-5

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

This is a follow up to the previous fixes for CVE-2019-12735.  Upstream
added a new option (disabled by default) to control whether expressions
can be evaluated in modelines, so that modelines are further restricted.

unblock vim/2:8.1.0875-5

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for vim-8.1.0875 vim-8.1.0875

 changelog   |   12 
 gbp.conf|2 
 patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch  |  588 
++
 patches/patch-8.1.1367-can-set-modelineexpr-in-modeline.patch   |   54 
 patches/patch-8.1.1368-modeline-test-fails-with-python-but-withou.patch |   42 
 patches/patch-8.1.1382-error-when-editing-test-file.patch   |   71 
+
 patches/patch-8.1.1401-misspelled-mkspellmem-as-makespellmem.patch  |   69 
+
 patches/series  |5 
 8 files changed, 842 insertions(+), 1 deletion(-)

diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog
--- vim-8.1.0875/debian/changelog   2019-06-07 06:49:19.0 -0400
+++ vim-8.1.0875/debian/changelog   2019-06-15 12:41:15.0 -0400
@@ -1,3 +1,15 @@
+vim (2:8.1.0875-5) unstable; urgency=medium
+
+  * gbp.conf: Set debian-tag to debian/%(version)s
+  * Backport 'modelineexpr' patches to further restrict modelines
++ 8.1.1366: Using expressions in a modeline is unsafe
++ 8.1.1367: can set 'modelineexpr' in modeline
++ 8.1.1368: Modeline test fails with python but without pythonhome
++ 8.1.1382: Error when editing test file
++ 8.1.1401: misspelled mkspellmem as makespellmem (test fix)
+
+ -- James McCoy   Sat, 15 Jun 2019 12:41:15 -0400
+
 vim (2:8.1.0875-4) unstable; urgency=high
 
   * Backport 8.1.1046 and 8.1.1365 to fix CVE-2019-12735  (Closes: #930020)
diff -Nru vim-8.1.0875/debian/gbp.conf vim-8.1.0875/debian/gbp.conf
--- vim-8.1.0875/debian/gbp.conf2019-06-07 06:49:19.0 -0400
+++ vim-8.1.0875/debian/gbp.conf2019-06-15 12:41:15.0 -0400
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-tag = v%(version)s
-debian-tag = v%(version)s
+debian-tag = debian/%(version)s
 debian-branch = debian/sid
 
 [pq]
diff -Nru 
vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch
 
vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch
--- 
vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch
  1969-12-31 19:00:00.0 -0500
+++ 
vim-8.1.0875/debian/patches/patch-8.1.1366-using-expressions-in-a-modeline-is-unsafe.patch
  2019-06-15 12:41:15.0 -0400
@@ -0,0 +1,588 @@
+From: Bram Moolenaar 
+Date: Thu, 23 May 2019 15:38:06 +0200
+Subject: patch 8.1.1366: using expressions in a modeline is unsafe
+
+Problem:Using expressions in a modeline is unsafe.
+Solution:   Disallow using expressions in a modeline, unless the
+'modelineexpr' option is set.  Update help, add more tests.
+
+(cherry picked from commit 110289e78195b6d01e1e6ad26ad450de476d41c1)
+
+Signed-off-by: James McCoy 
+---
+ runtime/doc/options.txt   | 69 +++-
+ src/option.c  | 35 ++--
+ src/option.h  |  1 +
+ src/testdir/test49.in |  2 +-
+ src/testdir/test_modeline.vim | 93 +++
+ src/version.c |  2 +
+ 6 files changed, 169 insertions(+), 33 deletions(-)
+
+diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
+index c269fea..7b25f20 100644
+--- a/runtime/doc/options.txt
 b/runtime/doc/options.txt
+@@ -1,4 +1,4 @@
+-*options.txt* For Vim version 8.1.  Last change: 2019 Feb 03
++*options.txt* For Vim version 8.1.  Last change: 2019 May 23
+ 
+ 
+ VIM REFERENCE MANUALby Bram Moolenaar
+@@ -588,14 +588,17 @@ backslash in front of the ':' will be removed.  Example:
+/* vi:set dir=c\:\tmp: */ ~
+ This sets the 'dir' option to "c:\tmp".  Only a single backslash before the
+ ':' is removed.  Thus to include "\:" you have to specify "\\:".
+-
++  *E992*
+ No other commands than "set" are supported, for security reasons (somebody
+ might create a Trojan horse text file wit

Bug#928630: unblock: vim/2:8.1.0875-3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

This upload updates the Debian/Ubuntu release names in a couple syntax
highlighting files to include buster, bullseye, and bookworm (for
Debian) and eoan (for Ubuntu).

unblock vim/2:8.1.0875-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for vim-8.1.0875 vim-8.1.0875

 changelog|7 +++
 patches/series   |1 
 patches/upstream/deb-release-names.patch |   58 +++
 3 files changed, 66 insertions(+)

diff -Nru vim-8.1.0875/debian/changelog vim-8.1.0875/debian/changelog
--- vim-8.1.0875/debian/changelog   2019-02-22 07:55:04.0 -0500
+++ vim-8.1.0875/debian/changelog   2019-05-05 23:41:10.0 -0400
@@ -1,3 +1,10 @@
+vim (2:8.1.0875-3) unstable; urgency=medium
+
+  * syntax/deb{changelog,sources}: Update release names for Debian/Ubuntu
+(Closes: #927167)
+
+ -- James McCoy   Sun, 05 May 2019 23:41:10 -0400
+
 vim (2:8.1.0875-2) unstable; urgency=medium
 
   * Backport 8.1.0878 and 8.1.0884 to fix test failures on kFreeBSD.
diff -Nru vim-8.1.0875/debian/patches/series vim-8.1.0875/debian/patches/series
--- vim-8.1.0875/debian/patches/series  2019-02-22 07:55:04.0 -0500
+++ vim-8.1.0875/debian/patches/series  2019-05-05 23:41:10.0 -0400
@@ -6,3 +6,4 @@
 patch-8.1.0878-test-for-has-bsd-fails-on-some-BSD-systems.patch
 patch-8.1.0884-double-check-for-bsd-systems.patch
 patch-8.1.0948-when-built-without-eval-Vim-clean-produces.patch
+upstream/deb-release-names.patch
diff -Nru vim-8.1.0875/debian/patches/upstream/deb-release-names.patch 
vim-8.1.0875/debian/patches/upstream/deb-release-names.patch
--- vim-8.1.0875/debian/patches/upstream/deb-release-names.patch
1969-12-31 19:00:00.0 -0500
+++ vim-8.1.0875/debian/patches/upstream/deb-release-names.patch
2019-05-05 23:41:10.0 -0400
@@ -0,0 +1,58 @@
+From: James McCoy 
+Date: Sun, 21 Apr 2019 23:12:18 -0400
+Subject: Add Ubuntu's eoan and Debian's buster, bullseye, bookworm releases
+
+Signed-off-by: James McCoy 
+---
+ runtime/syntax/debchangelog.vim | 4 ++--
+ runtime/syntax/debsources.vim   | 7 ---
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim
+index 4ca4c29..9d6dfe9 100644
+--- a/runtime/syntax/debchangelog.vim
 b/runtime/syntax/debchangelog.vim
+@@ -3,7 +3,7 @@
+ " Maintainer:  Debian Vim Maintainers
+ " Former Maintainers: Gerfried Fuchs 
+ " Wichert Akkerman 
+-" Last Change: 2019 Jan 26
++" Last Change: 2019 Apr 21
+ " URL: 
https://salsa.debian.org/vim-team/vim-debian/blob/master/syntax/debchangelog.vim
+ 
+ " Standard syntax initialization
+@@ -21,7 +21,7 @@ let s:binNMU='binary-only=yes'
+ syn match debchangelogNamecontained "^[[:alnum:]][[:alnum:].+-]\+ "
+ exe 'syn match debchangelogFirstKVcontained "; 
\('.s:urgency.'\|'.s:binNMU.'\)"'
+ exe 'syn match debchangelogOtherKVcontained ", 
\('.s:urgency.'\|'.s:binNMU.'\)"'
+-syn match debchangelogTarget  contained "\v 
%(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|squeeze-%(backports%(-sloppy)=|volatile|lts|security)|%(wheezy|jessie)%(-backports%(-sloppy)=|-security)=|stretch%(-backports|-security)=|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco)%(-%(security|proposed|updates|backports|commercial|partner))=)+"
++syn match debchangelogTarget  contained "\v 
%(frozen|unstable|sid|%(testing|%(old)=stable)%(-proposed-updates|-security)=|experimental|%(squeeze|wheezy|jessie)-%(backports%(-sloppy)=|lts|security)|stretch%(-backports%(-sloppy)=|-security)=|buster%(-backports|-security)=|bullseye|%(devel|precise|trusty|vivid|wily|xenial|yakkety|zesty|artful|bionic|cosmic|disco|eoan)%(-%(security|proposed|updates|backports|commercial|partner))=)+"
+ syn match debchangelogVersion contained "(.\{-})"
+ syn match debchangelogCloses  contained 
"closes:\_s*\(bug\)\=#\=\_s\=\d\+\(,\_s*\(bug\)\=#\=\_s\=\d\+\)*"
+ syn match debchangelogLP  contained "\clp:\s\+#\d\+\(,\s*#\d\+\)*"
+diff --git a/runtime/syntax/debsources.vim b/runtime/syntax/debsources.vim
+index 4b21941..f90476f 100644
+--- a/runtime/syntax/debsources.vim
 b/runtime/syntax/debsources.vim
+@@ -2,7 +2,7 @@
+ " Language: Debian sources.list
+ " Maintainer:   Debian Vim Ma

Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)

[James McCoy]

On Fri, Jan 25, 2019 at 08:23:52AM -0500, James McCoy wrote:
> On Thu, Jan 24, 2019 at 03:00:22PM +0100, Dr. Tobias Quathamer wrote:
> > Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort:
> > > On 24/01/2019 08:58, Michael Stapelberg wrote:
> > >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you 
> > >> be
> > >> able to help this time, too?
> > > 
> > > Sure. Can you give me a list of source packages to binNMU in unstable? If 
> > > this
> > > is public already, can you do that through a binNMU bug against 
> > > release.debian.org?
> > > 
> > > Emilio
> > 
> > Hi all,
> > 
> > there is already an outdated binNMU list as bug report available, so
> > I'm reusing that report. Please ignore the previously attached
> > binNMU list of that bug report.
> > 
> > This should be a complete and current list of needed binNMUs:
> > 
> > 
> > [‥]
> >   nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current 
> > golang-1.11 (CVE-2019-6486)'
> 
> This is a (common) mistake.  src:serf does not use golang.
> src:golang-github-hashicorp-serf is the golang package, which producees
> bin:serf, however I just saw that src:serf was binNMUed.

Ping.

nmu golang-github-hashicorp-serf_0.8.1+git20180508.80ab4877~ds-1 . ANY .  -m 
'Rebuild with current golang-1.11 (CVE-2019-6486)'

Tobias, your tool should be updated to ensure it's using the source
pacakge name, not the binary package name.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#916642: golang CVE-2019-6486 (DoS in crypto/elliptic)

[James McCoy]

On Thu, Jan 24, 2019 at 03:00:22PM +0100, Dr. Tobias Quathamer wrote:
> Am 24.01.2019 um 09:12 schrieb Emilio Pozuelo Monfort:
> > On 24/01/2019 08:58, Michael Stapelberg wrote:
> >> Last time, pochu@ (cc'ed) helpfully scheduled binNMUs. pochu, would you be
> >> able to help this time, too?
> > 
> > Sure. Can you give me a list of source packages to binNMU in unstable? If 
> > this
> > is public already, can you do that through a binNMU bug against 
> > release.debian.org?
> > 
> > Emilio
> 
> Hi all,
> 
> there is already an outdated binNMU list as bug report available, so
> I'm reusing that report. Please ignore the previously attached
> binNMU list of that bug report.
> 
> This should be a complete and current list of needed binNMUs:
> 
> 
> [‥]
>   nmu serf_0.8.1+git20180508.80ab4877~ds-1 . ANY . -m 'Rebuild with current 
> golang-1.11 (CVE-2019-6486)'

This is a (common) mistake.  src:serf does not use golang.
src:golang-github-hashicorp-serf is the golang package, which producees
bin:serf, however I just saw that src:serf was binNMUed.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#912191: stretch-pu: package serf/1.3.9-3+deb9u1

[James McCoy]

On Sun, Oct 28, 2018 at 08:21:55PM -0400, James McCoy wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Serf's testsuite uses some pre-generated SSL certs, which have an expiry
> of 3 years.  The timebomb has gone off, and serf is currently FTBFS
> (#911714).  The pending upstream release now has a script which
> generates the certs, so I've backported that and run it every build.
> 
> Since an upload was needed, I also included a NULL pointer dereference
> fix (#893688).
> 
> The package has already been uploaded.

Attached debdiff.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB
diffstat for serf_1.3.9-3 serf_1.3.9-3+deb9u1

 debian/create_certs.py   |  262 

 debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list |   34 +
 debian/patches/r1792234-expired-certs|  324 
--
 debian/serfclientcert.p12.b64|   65 --
 serf-1.3.9/debian/changelog  |9 
 serf-1.3.9/debian/control|3 
 serf-1.3.9/debian/patches/series |2 
 serf-1.3.9/debian/rules  |   14 
 8 files changed, 320 insertions(+), 393 deletions(-)

diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog
--- serf-1.3.9/debian/changelog
+++ serf-1.3.9/debian/changelog
@@ -1,3 +1,12 @@
+serf (1.3.9-3+deb9u1) stretch; urgency=medium
+
+  * Backport r1712790 from upstream to fix NULL pointer dereference.
+Thanks to Colin Watson for investigation and report (Closes: #893688)
+  * Backport create_certs.py from upstream to generate certs at test time
+(Closes: #911714)
+
+ -- James McCoy   Sun, 28 Oct 2018 19:52:35 -0400
+
 serf (1.3.9-3) unstable; urgency=medium
 
   * Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't
diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control
--- serf-1.3.9/debian/control
+++ serf-1.3.9/debian/control
@@ -7,7 +7,8 @@
 # CFLAGS as of 1.12.1+dfsg-9
  scons (>= 2.3.1-2),
  quilt, libapr1-dev, libaprutil1-dev, chrpath, libkrb5-dev, zlib1g-dev,
- libssl-dev
+ libssl-dev,
+ python-openssl 
 Standards-Version: 3.9.8
 Homepage: https://serf.apache.org/
 Vcs-Git: https://anonscm.debian.org/git/collab-maint/pkg-serf.git
reverted:
--- serf-1.3.9/debian/patches/r1792234-expired-certs
+++ serf-1.3.9.orig/debian/patches/r1792234-expired-certs
@@ -1,324 +0,0 @@
-
-r1792234 | astieger | 2017-04-21 15:03:06 -0400 (Fri, 21 Apr 2017) | 12 lines
-
-On the 1.3.x branch: Copy test certificates from trunk r1704177
-
-The test were failing due to recently expired certificates.
-
-* test/server/serfcacert.pem,
-  test/server/serfclientcert.p12,
-  test/server/serfrootcacert.pem,
-  test/server/serfserver_expired_cert.pem,
-  test/server/serfserver_future_cert.pem,
-  test/server/serfservercert.pem: copy from trunk test/certs
-* test/server/serfserverkey.pem: copy from trunk test/certs/private
-
-
-Index: 1.3.x/test/server/serfserverkey.pem
-===
 1.3.x/test/server/serfserverkey.pem(revision 1792233)
-+++ 1.3.x/test/server/serfserverkey.pem(revision 1792234)
-@@ -1,30 +1,30 @@
- -BEGIN ENCRYPTED PRIVATE KEY-
--MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEVWBqG6vECoCAggA
--MBQGCCqGSIb3DQMHBAiAagREZjJEQQSCBMgpHbLBzmAyx9f4YHhRnDdUm4ftQ7bR
--6fF7sKxOD7fdJ+jgEB6xYBIlG9Y4+DDDbz3IvZgXIsweauV+WNscxnTHyJequoFL
--qKFPY5bEc2hskZYsi/+LfvvguZLFm1vjK08sORYK2Kdy2hwmk3sTPQmgD2T/jZpg
--vI1AkB+hXA/6AVJUVqSyAFH8u3WGr8Dxjz69YCQ+K9cPqYXJdWZzAVq/0ibSRkzL
--mSLN8VoF810AXkFxCC7DKxg+mgp9dBdR8uuBXZ9fBOz5YCI92thZwd1iYsTetmWa
--LoIS8xLMvuBaalAV8oQ7e0xuow6Cx9IjxlQ/sd8N1Xg+Z2vWTwnj9AOFIHU3s/N8
--e9L51Q9p6igZgmNm2N2+pUQ1Y5mest7gfJ1ka07ypSr0yzOnK7L41VCIposZuzyX
--psTRy+zpGULsK0lG5mH0r1CZ88G8puwyUOaOk/yUhHgc4ZSOsDbeWdQ8UohHElUA
--ZLkxwt2xWgcd8mG+FQnbXQZhDFII/aP/RBe7xfEwSQr8hhyP8fsyRmbuq5YZrkRw
--mMyp6kxX8USKmeXxBEm364RdilFgPUN3djf7ljKCPOJ1y5OTzmBQacMbXGhbqBGY
--PZUKE6szzsM1IYnrvUwP7Gf5wksR/VYMr1VnnpeBofaOJ0brXNF/MFiBE13afNT7
--JLUjA3QcAfmdYocfBTVQSM7umSBOrM7H6qsX67ye5ccAK9x1HikgxXRoqV/TxFgI
--snrXEtiDrve+nvmPYlmgP5RGyl+bAxtGGjT6TZPlfGACb7xytCpNiOK5bNsgMx7F
--ukOMiVE+sQJT95WnOJMXSmiSw2HmSBXwjpnEKNOYe+Cram64Vjaa8dFqIZSvUDMW
--ihyWAYZrHro4hKmSdeCmrk4rkYH97BxG2Gm/6oRsEDCTgTUn7OYGm5bAmxz0WPSZ
--/TQ7oYSQ3jUlX8q8NPhVPeHizjNwGWyYovmAyAzi3uPTIBsaIdeMiENyyZTXnSHq
--IkfAGekcQ/IX6VWpZGiS3ilgSqxInSVfByM2gs2thdIQ1WEcDitGsAJxFPjnimjX
--1WFk08/6aUDGK30Q9Mm2X3WjSTvCKq8ccd/bwjvQRepvzjRSl1vt6Ngvv88UPH1e
--/0GrKcXNkBEoGqZSk4D60BFz0rpyDplaZLFVEj7ET85sHP+h5JYnKCpjqkHKQUuj
--VVhVhjk6IGpVQZnbGf4PSoij61NUfwpKS4zfAHg7

Bug#912191: stretch-pu: package serf/1.3.9-3+deb9u1

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Serf's testsuite uses some pre-generated SSL certs, which have an expiry
of 3 years.  The timebomb has gone off, and serf is currently FTBFS
(#911714).  The pending upstream release now has a script which
generates the certs, so I've backported that and run it every build.

Since an upload was needed, I also included a NULL pointer dereference
fix (#893688).

The package has already been uploaded.

Cheers,
James

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#904196: stretch-pu: package subversion/1.9.5-1+deb9u3

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

The SHA1/shattered fixes in the previous upload introduced a small
regression where the commit fails if the delta is a multiple of 16K.  I
had meant to include the upstream patch for this last time but
accidentally overlooked it.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for subversion_1.9.5-1+deb9u2 subversion_1.9.5-1+deb9u3

 debian/patches/shattered_r1827688  |   26 ++
 subversion-1.9.5/debian/changelog  |8 
 subversion-1.9.5/debian/patches/series |1 +
 3 files changed, 35 insertions(+)

diff -u subversion-1.9.5/debian/changelog subversion-1.9.5/debian/changelog
--- subversion-1.9.5/debian/changelog
+++ subversion-1.9.5/debian/changelog
@@ -1,3 +1,11 @@
+subversion (1.9.5-1+deb9u3) stretch; urgency=medium
+
+  * Backport r1827688, fixing a regression introduced in the fixes for SHA1
+collisions, where commits would incorrectly fail with a "Filesystem is
+corrupt" error if the delta length is a multiple of 16K.
+
+ -- James McCoy   Fri, 20 Jul 2018 22:35:40 -0400
+
 subversion (1.9.5-1+deb9u2) stretch; urgency=medium
 
   * Backport r1759116, working around an issue in APR's trunc API.  This is a
diff -u subversion-1.9.5/debian/patches/series 
subversion-1.9.5/debian/patches/series
--- subversion-1.9.5/debian/patches/series
+++ subversion-1.9.5/debian/patches/series
@@ -21,0 +22 @@
+shattered_r1827688
only in patch2:
unchanged:
--- subversion-1.9.5.orig/debian/patches/shattered_r1827688
+++ subversion-1.9.5/debian/patches/shattered_r1827688
@@ -0,0 +1,26 @@
+
+r1827688 | svn-role | 2018-03-25 00:00:08 -0400 (Sun, 25 Mar 2018) | 10 lines
+
+Merge the 1.9.x-issue4722 branch:
+
+ * r1826272
+   Fix issue #4722: commits that fail when a file DELTA is a multiple of 16K.
+   Justification:
+ Commits fail with a false "Filesystem is corrupt" error.
+   Branch: ^/subversion/branches/1.9.x-issue4722
+   Votes:
+ +1: philip, stsp, stefan2
+
+
+Index: 1.9.x/subversion/libsvn_fs_fs/cached_data.c
+===
+--- 1.9.x/subversion/libsvn_fs_fs/cached_data.c(revision 1827687)
 1.9.x/subversion/libsvn_fs_fs/cached_data.c(revision 1827688)
+@@ -2199,6 +2199,7 @@
+   next_rep.revision = rh->base_revision;
+   next_rep.item_index = rh->base_item_index;
+   next_rep.size = rh->base_length;
++  next_rep.expanded_size = rep->expanded_size;
+   svn_fs_fs__id_txn_reset(_rep.txn_id);
+ 
+   SVN_ERR(build_rep_list(>rs_list, >base_window,

Bug#902758: stretch-pu: package subversion/1.9.5-1+deb9u2

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

It recently came up in discussion with upstream that Stretch only had
1.9.5 and although that had seen an update for a CVE, there hadn't been
any for shattered -- big oversight on my part.

I have uploaded 1.9.5-1+deb9u2 to address the SHA-1 collision/shattered
issues with subversion.  These are the same patches that were included
in the official upstream release of 1.9.6 to address the issue.

The delta isn't small, but it does include new test coverage and there
have been no further changes in the 1.9.x release upstream related to
this.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for subversion_1.9.5-1+deb9u1 subversion_1.9.5-1+deb9u2

 debian/patches/apr_file_trunc_r1759116 |  141 
 debian/patches/no-dir-rep-sharing_r1794527 |  157 +
 debian/patches/no-dir-rep-sharing_r1796725 |   29 +
 debian/patches/shattered_r1795993  |  491 +
 debian/patches/shattered_r1796470  |  127 +++
 subversion-1.9.5/debian/changelog  |   12 
 subversion-1.9.5/debian/patches/series |5 
 7 files changed, 962 insertions(+)

diff -u subversion-1.9.5/debian/changelog subversion-1.9.5/debian/changelog
--- subversion-1.9.5/debian/changelog
+++ subversion-1.9.5/debian/changelog
@@ -1,3 +1,15 @@
+subversion (1.9.5-1+deb9u2) stretch; urgency=medium
+
+  * Backport r1759116, working around an issue in APR's trunc API.  This is a
+prerequisite for the SHA1/shattered fixes.
+  * Backport r1794527 and r1796725 to prevent the possibility of rep-sharing
+between a directory rep and a file/prop rep.
+  * Backport r1795993 and r1796470 to reject commits which would introduce
+hash collisions with existing data, thus addressing the SHA1/shattered
+issue.
+
+ -- James McCoy   Sat, 30 Jun 2018 09:44:22 -0400
+
 subversion (1.9.5-1+deb9u1) stretch-security; urgency=high
 
   * patches/CVE-2017-9800: Arbitrary code execution on clients through
diff -u subversion-1.9.5/debian/patches/series 
subversion-1.9.5/debian/patches/series
--- subversion-1.9.5/debian/patches/series
+++ subversion-1.9.5/debian/patches/series
@@ -16,0 +17,5 @@
+apr_file_trunc_r1759116
+no-dir-rep-sharing_r1794527
+no-dir-rep-sharing_r1796725
+shattered_r1795993
+shattered_r1796470
only in patch2:
unchanged:
--- subversion-1.9.5.orig/debian/patches/apr_file_trunc_r1759116
+++ subversion-1.9.5/debian/patches/apr_file_trunc_r1759116
@@ -0,0 +1,141 @@
+
+r1759116 | stefan2 | 2016-09-03 13:47:56 -0400 (Sat, 03 Sep 2016) | 16 lines
+
+Add a workaround for yet another issue with APR's apr_file_trunc.
+
+The previous workaround is ineffective if the last file access had been
+a read.  Now, we force it into to "write mode" internally to have the
+existing workaround kick in.
+
+Luckily, this only affects 'svnadmin pack' for FSFS format 7 and FSX.
+The other functions using trunc should have no problem with the added
+overhead.
+
+* subversion/libsvn_subr/io.c
+  (svn_io_file_trunc): Admend the existing workaround with a dummy-write.
+
+* subversion/tests/libsvn_subr/io-test.c
+  (test_apr_trunc_workaround): New test demonstrating the problem.
+  (test_funcs): Register the new test.
+
+Index: trunk/subversion/libsvn_subr/io.c
+===
+--- trunk/subversion/libsvn_subr/io.c  (revision 1759115)
 trunk/subversion/libsvn_subr/io.c  (revision 1759116)
+@@ -4064,6 +4064,26 @@
+ svn_error_t *
+ svn_io_file_trunc(apr_file_t *file, apr_off_t offset, apr_pool_t *pool)
+ {
++  /* Workaround for yet another APR issue with trunc.
++
++ If the APR file internally is in read mode, the current buffer pointer
++ will not be clipped to the valid data range. get_file_offset may then
++ return an invalid position *after* new data was written to it.
++
++ To prevent this, write 1 dummy byte just after the OFFSET at which we
++ will trunc it.  That will force the APR file into write mode
++ internally and the flush() work-around below becomes affective. */
++  apr_off_t position = 0;
++
++  /* A frequent usage is OFFSET==0, in which case we don't need to preserve
++ any file content or file pointer. */
++  if (offset)
++{
++  SVN_ERR(svn_io_file_seek(file, APR_CUR, , pool));
++  SVN_ERR(svn_io_file_seek(file, APR_SET, , pool));
++}
++  SVN_ERR(svn_io_file_pu

Bug#891611: jessie-pu: package subversion/1.8.10-6+deb8u6

[James McCoy]

On Mon, Feb 26, 2018 at 10:12:15PM -0500, James McCoy wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> This upload would fix crashes that are seen when using subversion's Perl
> bindings.  In particular, git-svn has been a common victim since its
> memory usage patterns tend to cause the right conditions.
> 
> I've verified this against the originally reported issue[0] and
> Salvatore Bonaccorso, who prodded me to prepare the upload, has verified
> it against their problematic repository.

Uploaded, per the workflow changes described in
<1523909491.2872.15.ca...@adam-barratt.org.uk>.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#891611: jessie-pu: package subversion/1.8.10-6+deb8u6

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

This upload would fix crashes that are seen when using subversion's Perl
bindings.  In particular, git-svn has been a common victim since its
memory usage patterns tend to cause the right conditions.

I've verified this against the originally reported issue[0] and
Salvatore Bonaccorso, who prodded me to prepare the upload, has verified
it against their problematic repository.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diffstat for subversion_1.8.10-6+deb8u5 subversion_1.8.10-6+deb8u6

 debian/patches/perl-swig-crash  |  244 
 subversion-1.8.10/debian/changelog  |7 
 subversion-1.8.10/debian/patches/series |1 
 3 files changed, 252 insertions(+)

diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
--- subversion-1.8.10/debian/changelog
+++ subversion-1.8.10/debian/changelog
@@ -1,3 +1,10 @@
+subversion (1.8.10-6+deb8u6) jessie; urgency=medium
+
+  * Backport patches/perl-swig-crash from upstream to fix crashes with Perl
+bindings, commonly seen when using git-svn (Closes: #780246, #534763).
+
+ -- James McCoy <james...@debian.org>  Mon, 26 Feb 2018 22:00:47 -0500
+
 subversion (1.8.10-6+deb8u5) jessie-security; urgency=high
 
   * patches/CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients
diff -u subversion-1.8.10/debian/patches/series 
subversion-1.8.10/debian/patches/series
--- subversion-1.8.10/debian/patches/series
+++ subversion-1.8.10/debian/patches/series
@@ -33,0 +34 @@
+perl-swig-crash
only in patch2:
unchanged:
--- subversion-1.8.10.orig/debian/patches/perl-swig-crash
+++ subversion-1.8.10/debian/patches/perl-swig-crash
@@ -0,0 +1,244 @@
+
+r1668618 | philip | 2015-03-23 08:33:22 -0400 (Mon, 23 Mar 2015) | 6 lines
+
+* subversion/bindings/swig/include/svn_types.swg: Change the
+   SWIG Perl binding code that was marked "clearly buggy" so
+   that svn_swig_pl_from_md5 follows the same pattern as
+   svn_swig_pl_from_stream.  This may fix a SEGV reported
+   via Debian: https://bugs.debian.org/780246
+
+
+Index: trunk/subversion/bindings/swig/include/svn_types.swg
+===
+--- trunk/subversion/bindings/swig/include/svn_types.swg   (revision 
1668617)
 trunk/subversion/bindings/swig/include/svn_types.swg   (revision 
1668618)
+@@ -1116,11 +1116,7 @@
+ }
+ 
+ %typemap(argout) unsigned char *result_digest {
+-  /* FIXME: This code is clearly buggy. The return value of sv_newmortal()
+- is immediately overwritten by the return value
+- of svn_swig_pl_from_md5(). */
+-ST(argvi) = sv_newmortal();
+-ST(argvi++) = svn_swig_pl_from_md5($1);
++%append_output(svn_swig_pl_from_md5($1));
+ }
+ #endif
+ 
+
+
+r1671388 | rschupp | 2015-04-05 08:48:45 -0400 (Sun, 05 Apr 2015) | 6 lines
+
+* subversion/bindings/swig/include/svn_types.swg: Following r1668618
+   fix two more instances where the Perl argument stack pointer 
+   was bumped without checking if there's enough space allocated.
+   While we're at it, reduce the size of the temp array - 30 bytes
+   are more than enough to hold a decimal representation of a 64-bit integer.
+
+
+Index: trunk/subversion/bindings/swig/include/apr.swg
+===
+--- trunk/subversion/bindings/swig/include/apr.swg (revision 1671387)
 trunk/subversion/bindings/swig/include/apr.swg (revision 1671388)
+@@ -31,23 +31,21 @@
+ */
+ #ifdef SWIGPERL
+ %typemap(out) long long {
+-char temp[256];
++char temp[30];
+ sprintf(temp, "%" APR_INT64_T_FMT, (apr_int64_t) $1);
+-ST(argvi) = sv_newmortal();
+-sv_setpv((SV*)ST(argvi++), temp);
++%append_output(sv_2mortal(newSVpv(temp, 0)));
+ }
+ 
+ %typemap(out) unsigned long long {
+-char temp[256];
++char temp[30];
+ sprintf(temp, "%" APR_UINT64_T_FMT, (apr_uint64_t) $1);
+-ST(argvi) = sv_newmortal();
+-sv_setpv((SV*)ST(argvi++), temp);
++%append_output(sv_2mortal(newSVpv(temp, 0)));
+ }
+ 
+ %typemap(in, numinputs=0) long long *OUTPUT (apr_int64_t temp)
+ "$1 = ";
+ %typemap(argout) long long *OUTPUT {
+-  char temp[256];
++  char temp[30];
+   sprintf(temp, "%" APR_INT64_T_FMT, (apr_in

Bug#890897: transition: unibilium

[James McCoy]

On Fri, Feb 23, 2018 at 08:17:31AM -0500, James McCoy wrote:
> On Fri, Feb 23, 2018 at 10:11:42AM +0100, Emilio Pozuelo Monfort wrote:
> > Control: tags -1 confirmed
> > 
> > On 20/02/18 13:16, James McCoy wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > 
> > > There is an upstream SONAME bump due to support for terminfo's new wide
> > > format.  The dependency chain revolves around neovim and everything
> > > rebuilds and tests fine with the new unibilium.
> > 
> > Go ahead.
> 
> Thanks.  Uploaded.

Could libtickit be binNMUed?  That would be the last bit to finish
rebuilding against the new unibilium.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#890897: transition: unibilium

[James McCoy]

On Fri, Feb 23, 2018 at 10:11:42AM +0100, Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
> 
> On 20/02/18 13:16, James McCoy wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > There is an upstream SONAME bump due to support for terminfo's new wide
> > format.  The dependency chain revolves around neovim and everything
> > rebuilds and tests fine with the new unibilium.
> 
> Go ahead.

Thanks.  Uploaded.

-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#890897: transition: unibilium

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

There is an upstream SONAME bump due to support for terminfo's new wide
format.  The dependency chain revolves around neovim and everything
rebuilds and tests fine with the new unibilium.

Ben file:

title = "unibilium";
is_affected = .depends ~ "libunibilium0" | .depends ~ "libunibilium4";
is_good = .depends ~ "libunibilium4";
is_bad = .depends ~ "libunibilium0";


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1

[James McCoy]

On Sat, Sep 30, 2017 at 09:42:14PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-09-30 at 14:48 -0400, James McCoy wrote:
> > * Backport upstream patches to fix CVE-2017-11109  (Closes: #867720)
> >   + 8.0.0703: Illegal memory access with empty :doau command
> >   + 8.0.0706: Crash when cancelling the cmdline window in Ex mode
> >   + 8.0.0707: Freeing wrong memory when manipulating buffers in
> > autocommands
> > 
> 
> Please go ahead, bearing in mind that the window for 9.2 closes during
> this weekend.

Thanks!  Uploaded.

-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

* Backport upstream patches to fix CVE-2017-11109  (Closes: #867720)
  + 8.0.0703: Illegal memory access with empty :doau command
  + 8.0.0706: Crash when cancelling the cmdline window in Ex mode
  + 8.0.0707: Freeing wrong memory when manipulating buffers in autocommands

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for vim-8.0.0197 vim-8.0.0197

 changelog  
  |9 +
 patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch 
  |2 
 patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch
  |2 
 patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch 
  |2 
 patches/debian/Support-sourcing-a-vimrc.tiny-when-Vim-is-invoked-as-vi.patch   
  |6 
 patches/series 
  |3 
 patches/upstream/Add-Zesty-Zapus-to-deb-changelog-sources-syntax-files.patch   
  |4 
 patches/upstream/Support-defining-compilation-date-in-SOURCE_DATE_EPOCH.patch  
  |6 
 patches/upstream/debcontrol.vim-Add-sections-for-Rust-and-JavaScript.patch 
  |2 
 
patches/upstream/patch-8.0.0703-illegal-memory-access-with-empty-doau-comm.patch
 |   69 ++
 
patches/upstream/patch-8.0.0706-crash-when-cancelling-the-cmdline-window-i.patch
 |   42 ++
 
patches/upstream/patch-8.0.0707-freeing-wrong-memory-with-certain-autocomm.patch
 |   40 +
 12 files changed, 175 insertions(+), 12 deletions(-)

diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog
--- vim-8.0.0197/debian/changelog   2017-04-23 08:10:29.0 -0400
+++ vim-8.0.0197/debian/changelog   2017-09-30 14:21:38.0 -0400
@@ -1,3 +1,12 @@
+vim (2:8.0.0197-4+deb9u1) stretch; urgency=medium
+
+  * Backport upstream patches to fix CVE-2017-11109  (Closes: #867720)
++ 8.0.0703: Illegal memory access with empty :doau command
++ 8.0.0706: Crash when cancelling the cmdline window in Ex mode
++ 8.0.0707: Freeing wrong memory when manipulating buffers in autocommands
+
+ -- James McCoy <james...@debian.org>  Sat, 30 Sep 2017 14:21:38 -0400
+
 vim (2:8.0.0197-4) unstable; urgency=medium
 
   * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for
diff -Nru 
vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch
 
vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch
--- 
vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch
  2017-04-23 08:10:29.0 -0400
+++ 
vim-8.0.0197/debian/patches/debian/Add-recognition-of-more-LaTeX-commands-for-tex-filetype-d.patch
  2017-09-30 14:21:38.0 -0400
@@ -13,7 +13,7 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/runtime/filetype.vim b/runtime/filetype.vim
-index 9c9c808b4..13e2c0479 100644
+index 9c9c808..13e2c04 100644
 --- a/runtime/filetype.vim
 +++ b/runtime/filetype.vim
 @@ -2227,7 +2227,7 @@ func! s:FTtex()
diff -Nru 
vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch
 
vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch
--- 
vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch
 2017-04-23 08:10:29.0 -0400
+++ 
vim-8.0.0197/debian/patches/debian/Detect-the-rst-filetype-using-the-contents-of-the-file.patch
 2017-09-30 14:21:38.0 -0400
@@ -8,7 +8,7 @@
  1 file changed, 8 insertions(+)
 
 diff --git a/runtime/scripts.vim b/runtime/scripts.vim
-index 276382808..d3101c6b7 100644
+index 2763828..d3101c6 100644
 --- a/runtime/scripts.vim
 +++ b/runtime/scripts.vim
 @@ -332,6 +332,14 @@ else
diff -Nru 
vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch
 
vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch
--- 
vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch
  2017-04-23 08:10:29.0 -0400
+++ 
vim-8.0.0197/debian/patches/debian/Document-Debian-s-decision-to-disable-modelines-by-defaul.patch
  2017-09-30 14:21:38.0 -0400
@@ -15,7 +15,7 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/runtime/doc/options.txt b/runti

Bug#871444: transition: msgpack-c

[James McCoy]

On Tue, Aug 15, 2017 at 10:11:36PM +0200, Emilio Pozuelo Monfort wrote:
> On 08/08/17 03:56, James McCoy wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > I'd like to upload the new msgpack-c to unstable.  I did a test rebuild
> > in July and filed bugs[0] against the packages which fail to build with
> > the new API changes.
> > 
> > [0]: 
> > https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=msgpac...@packages.debian.org;tag=msgpack-c-2.x;dist=unstable
> > 
> > The below Ben settings will detect the packages using the C library
> > which need to be rebuilt, but the C++ library is header-only.  I'm not
> > sure the how that should be tracked, other than FTBFS bugs.
> 
> > is_affected = .depends ~ "libmsgpackc2";
> > is_good = .depends ~ /libmsgpackc2 \(>= 2\.1\.0)/ | .depends ~ 
> > /libmsgpackc2 \(>= 0\.5\.7);
> > is_bad = .depends ~ /libmsgpackc2 \(>= 1\.0\.0\)/;
> 
> Why do the C library rdeps need to be rebuilt if the SONAME didn't change?

Hmm, you have a good point there. :) There are incompatible API changes
for the (header only) C++ library, but no ABI changes for the C library.

Maybe I need to split the C++ headers out into their own APIv1 and APIv2
packages.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#871444: transition: msgpack-c

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

I'd like to upload the new msgpack-c to unstable.  I did a test rebuild
in July and filed bugs[0] against the packages which fail to build with
the new API changes.

[0]: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=msgpac...@packages.debian.org;tag=msgpack-c-2.x;dist=unstable

The below Ben settings will detect the packages using the C library
which need to be rebuilt, but the C++ library is header-only.  I'm not
sure the how that should be tracked, other than FTBFS bugs.

Ben file:

title = "msgpack-c";
is_affected = .depends ~ "libmsgpackc2";
is_good = .depends ~ /libmsgpackc2 \(>= 2\.1\.0)/ | .depends ~ /libmsgpackc2 
\(>= 0\.5\.7);
is_bad = .depends ~ /libmsgpackc2 \(>= 1\.0\.0\)/;


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#868102: stretch-pu: package devscripts/2.17.6+deb9u1

[James McCoy]

On Thu, Jul 13, 2017 at 10:09:46AM +0100, Adam D. Barratt wrote:
> On 2017-07-12 3:27, James McCoy wrote:
> > * debchange:
> >   + Target stretch-backports with --bpo.  Closes: #867662
> >   + Support $codename{,-{proposed-updates,security}} as well.
> 
> I think there's a bug (or two?) that could be closed there?

Indeed.  Add the bug reference to the changelog.

> > * bts:
> >   + Add support for the new 'a11y' tag.  Closes: #867416
> 
> Please go ahead.

Done.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#868102: stretch-pu: package devscripts/2.17.6+deb9u1

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

* debchange:
  + Target stretch-backports with --bpo.  Closes: #867662
  + Support $codename{,-{proposed-updates,security}} as well.
* bts:
  + Add support for the new 'a11y' tag.  Closes: #867416

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for devscripts-2.17.6 devscripts-2.17.6+deb9u1

 debian/changelog |   12 
 scripts/bts.pl   |2 +-
 scripts/debchange.pl |   17 ++---
 test/test_debchange  |7 +++
 4 files changed, 30 insertions(+), 8 deletions(-)

diff -Nru devscripts-2.17.6/debian/changelog 
devscripts-2.17.6+deb9u1/debian/changelog
--- devscripts-2.17.6/debian/changelog  2017-06-03 14:29:24.0 -0400
+++ devscripts-2.17.6+deb9u1/debian/changelog   2017-07-11 22:06:17.0 
-0400
@@ -1,3 +1,15 @@
+devscripts (2.17.6+deb9u1) stretch; urgency=medium
+
+  [ Mattia Rizzolo ]
+  * debchange:
++ Target stretch-backports with --bpo.  Closes: #867662
++ Support $codename{,-{proposed-updates,security}} as well.
+  * bts:
++ Add patch from Samuel Thibault <sthiba...@debian.org> to add support for
+  the new 'a11y' tag.  Closes: #867416
+
+ -- James McCoy <james...@debian.org>  Tue, 11 Jul 2017 22:06:17 -0400
+
 devscripts (2.17.6) unstable; urgency=medium
 
   [ Osamu Aoki ]
diff -Nru devscripts-2.17.6/scripts/bts.pl 
devscripts-2.17.6+deb9u1/scripts/bts.pl
--- devscripts-2.17.6/scripts/bts.pl2017-06-03 14:29:24.0 -0400
+++ devscripts-2.17.6+deb9u1/scripts/bts.pl 2017-07-11 22:06:17.0 
-0400
@@ -160,7 +160,7 @@
"potato", "woody", "sid", "help", "security", "upstream",
"pending", "sarge", "sarge-ignore", "experimental", "d-i",
"confirmed", "ipv6", "lfs", "fixed-in-experimental",
-   "fixed-upstream", "l10n", "newcomer", "etch", "etch-ignore",
+   "fixed-upstream", "a11y", "l10n", "newcomer", "etch", "etch-ignore",
"lenny", "lenny-ignore", "squeeze", "squeeze-ignore",
"wheezy", "wheezy-ignore", "jessie", "jessie-ignore",
"stretch", "stretch-ignore", "buster", "buster-ignore",
diff -Nru devscripts-2.17.6/scripts/debchange.pl 
devscripts-2.17.6+deb9u1/scripts/debchange.pl
--- devscripts-2.17.6/scripts/debchange.pl  2017-06-03 14:29:24.0 
-0400
+++ devscripts-2.17.6+deb9u1/scripts/debchange.pl   2017-07-11 
22:06:17.0 -0400
@@ -161,7 +161,7 @@
  distribution name
   --bpo
  Increment the Debian release number for a backports upload
- to "jessie-backports"
+ to "stretch-backports"
   -l, --local 
  Add a suffix to the Debian version number for a local build
   -b, --force-bad-version
@@ -472,7 +472,7 @@
 # Check the distro name given.
 if (defined $opt_D) {
 if ($vendor eq 'Debian') {
-   unless ($opt_D =~ 
/^(experimental|unstable|UNRELEASED|((old)?stable|testing)(-proposed-updates)?|proposed-updates|(wheezy|jessie|stretch|buster|bullseye)-security)$/)
 {
+   unless ($opt_D =~ 
/^(experimental|unstable|sid|UNRELEASED|((old){0,2}stable|testing|wheezy|jessie|stretch|buster|bullseye)(-proposed-updates|-security)?|proposed-updates)$/)
 {
my $deb_info = get_debian_distro_info();
my ($oldstable_backports, $stable_backports) = ("", "");
if ($deb_info == 0) {
@@ -487,9 +487,12 @@
if ($deb_info == 0 || $opt_D !~ 
m/^(\Q$stable_backports\E|\Q$oldstable_backports\E)$/) {
$stable_backports = ", " . $stable_backports if 
$stable_backports;
$oldstable_backports = ", " . $oldstable_backports if 
$oldstable_backports;
-   warn "$progname warning: Recognised distributions are: 
unstable, testing, stable,\n"
-. "oldstable, experimental, 
{testing-,stable-,oldstable-,}proposed-updates,\n"
-. 
"{testing,stable,oldstable}-security$oldstable_backports$stable_backports and 
UNRELEASED.\n"
+   warn "$progname warning: Rec

Bug#864399: unblock: serf/1.3.9-3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package serf

libserf-dev was missing a Depends on libssl-dev.  This caused pkg-config
to error when querying information for serf unless libssl-dev happened
to be installed.

diffstat for serf_1.3.9-2 serf_1.3.9-3

 changelog |7 +++
 control   |3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog
--- serf-1.3.9/debian/changelog
+++ serf-1.3.9/debian/changelog
@@ -1,3 +1,10 @@
+serf (1.3.9-3) unstable; urgency=medium
+
+  * Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't
+provide information about serf.  Thanks to Daniel Shahaf for noticing!
+
+ -- James McCoy <james...@debian.org>  Wed, 07 Jun 2017 23:09:48 -0400
+
 serf (1.3.9-2) unstable; urgency=medium
 
   * Remove Peter Samuelson as maintainer, at request of MIA team.  Thanks for
diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control
--- serf-1.3.9/debian/control
+++ serf-1.3.9/debian/control
@@ -28,7 +28,8 @@
 Package: libserf-dev
 Section: libdevel
 Architecture: any
-Depends: libserf-1-1 (= ${binary:Version}), ${misc:Depends}, libapr1-dev, 
libaprutil1-dev
+Depends: libserf-1-1 (= ${binary:Version}), ${misc:Depends}, libapr1-dev,
+ libaprutil1-dev, libssl-dev
 Description: high-performance asynchronous HTTP client library headers
  serf library is a C-based HTTP client library built upon the Apache
  Portable Runtime (APR) library.  It multiplexes connections, running the

unblock serf/1.3.9-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#863521: unblock: devscripts/2.17.6

[James McCoy]

On Tue, Jun 06, 2017 at 11:49:36PM +0100, Jonathan Wiltshire wrote:
> On Sat, Jun 03, 2017 at 03:01:40PM -0400, James McCoy wrote:
> > This has now been uploaded.  Updated debdiffs attached.
> 
> Thanks, and sorry about the delay.

No worries.  I know you all have a lot to deal with.

> Unblocked.

Thanks!

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#863521: unblock: devscripts/2.17.6 (pre-approval)

[James McCoy]

On Sun, May 28, 2017 at 12:57:57AM -0400, James McCoy wrote:
> On Sat, May 27, 2017 at 09:38:39PM -0400, James McCoy wrote:
> > Additionally, there are changes to various scripts to make them work
> > better when $HOME isn't set by using Perl's File::HomeDir, a new
> > Depends (56e38636, 3ff2f9db).
> 
> And Build-Depends (7f47730a).

Ping?

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#863521: unblock: devscripts/2.17.6 (pre-approval)

[James McCoy]

On Sat, May 27, 2017 at 09:38:39PM -0400, James McCoy wrote:
> Additionally, there are changes to various scripts to make them work
> better when $HOME isn't set by using Perl's File::HomeDir, a new
> Depends (56e38636, 3ff2f9db).

And Build-Depends (7f47730a).

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#863521: unblock: devscripts/2.17.6 (pre-approval)

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

There are a few changes sitting in git right now that would be useful to
make it into Stretch.  The full log is
https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=v2.17.5..master

uscan/debdiff: Typos/documentation improvements (7f07b7bc, f447aafb)
chdist: Support running aptitude (f722bf62)
debcheckout: Understand cgit URLs (4e1867dc)
debrepro: Check for and inform user of missing runtime dependencies (ad90af3a)
debsign: Fix regression when signing a dsc file (51e909fd)

Additionally, there are changes to various scripts to make them work
better when $HOME isn't set by using Perl's File::HomeDir, a new
Depends (56e38636, 3ff2f9db).

The $HOME handling is the most disruptive, so I'd be willing to drop
that.

unblock devscripts/2.17.6

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
 debian/changelog   | 30 ++
 debian/control |  1 +
 scripts/bts.pl |  2 ++
 scripts/chdist.bash_completion |  6 +++---
 scripts/chdist.pl  | 12 ++--
 scripts/debcheckout.pl |  5 +++--
 scripts/debcommit.pl   |  3 ++-
 scripts/debdiff.pl |  2 +-
 scripts/debrepro.pod   |  4 
 scripts/debrepro.sh| 21 +
 scripts/debsign.sh |  2 +-
 scripts/dscverify.pl   |  2 ++
 scripts/grep-excuses.pl|  3 ++-
 scripts/namecheck.pl   |  8 +++-
 scripts/rc-alert.pl|  2 ++
 scripts/svnpath.pl |  7 +--
 scripts/uscan.pl   | 18 +++---
 scripts/wnpp-alert.sh  |  2 +-
 18 files changed, 112 insertions(+), 18 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0c32aaac..e436d4be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+devscripts (2.17.6) UNRELEASED; urgency=medium
+
+  [ Osamu Aoki ]
+  * uscan:
++ Update manpage on the github.com behavior and the alternative
+  shorthand form.  (Closes: #836507, #859089)
+
+  [ Adam D. Barratt ]
+  * uscan: fix a typo in the manpage
+  * debdiff: fix a typo
+
+  [ Paul Wise ]
+  * chdist:
++ add support for running aptitude
+  * debcheckout:
++ handle cgit URLs too. Thanks to Rhonda for the suggestion.
+  * Make various scripts work when HOME is unset:
+bts chdist debcommit dscverify grep-excuses
+namecheck rc-alert svnpath wnpp-alert
+
+  [ Antonio Terceiro ]
+  * debrepro:
++ check for dependencies before doing any builds (Closes: #862586)
+
+  [ James Clarke ]
+  * debsign:
++ Fix signing a dsc directly.  (Closes: #863497)
+
+ -- Osamu Aoki   Fri, 31 Mar 2017 02:03:30 +0900
+
 devscripts (2.17.5) unstable; urgency=medium
 
   * Create GNUPGHOME in /tmp to fix CI failures due to long path names.
diff --git a/debian/control b/debian/control
index 52b774e9..3a2994a8 100644
--- a/debian/control
+++ b/debian/control
@@ -46,6 +46,7 @@ Package: devscripts
 Architecture: any
 Multi-Arch: foreign
 Depends: dpkg-dev (>= 1.17.6),
+ libfile-homedir-perl,
  ${misc:Depends},
  ${perl:Depends},
  ${python3:Depends},
diff --git a/scripts/bts.pl b/scripts/bts.pl
index 2a650d10..a2a64c51 100755
--- a/scripts/bts.pl
+++ b/scripts/bts.pl
@@ -47,6 +47,7 @@ use strict;
 use warnings;
 use File::Basename;
 use File::Copy;
+use File::HomeDir;
 use File::Path qw(make_path rmtree);
 use File::Spec;
 use File::Temp qw/tempfile/;
@@ -173,6 +174,7 @@ my @valid_severities=qw(wishlist minor normal important
 
 my $browser;  # Will set if necessary
 
+$ENV{HOME} = File::HomeDir->my_home;
 my $cachedir = $ENV{XDG_CACHE_HOME} || File::Spec->catdir($ENV{HOME}, 
'.cache');
 $cachedir = File::Spec->catdir($cachedir, 'devscripts', 'bts');
 
diff --git a/scripts/chdist.bash_completion b/scripts/chdist.bash_completion
index 89773313..51dbf499 100644
--- a/scripts/chdist.bash_completion
+++ b/scripts/chdist.bash_completion
@@ -6,7 +6,7 @@ _chdist ()
 {
   local cur=$2 prev=$3
   local options='--help -h --data-dir -d --arch -a'
-  local commands='create apt apt-get apt-cache apt-rdepends
+  local commands='create apt apt-get apt-cache apt-rdepends aptitude
src2bin bin2src
compare-packages compare-bin-packages
compare-versions compare-bin-versions
@@ -14,7 +14,7 @@ _chdist ()
list'
   # Sync'd with buildd.debian.org on 2016-04-02:
   local archs="all alpha amd64 arm64 armel armhf hppa hurd-i386 i386 ia64 

Bug#860999: unblock: vim/2:8.0.0197-4 (pre-approval)

[James McCoy]

Control: tags -1 - moreinfo

On Sun, Apr 23, 2017 at 03:57:05PM +0200, Ivo De Decker wrote:
> On Sun, Apr 23, 2017 at 08:29:50AM -0400, James McCoy wrote:
> > * Update Ubuntu release names in syntax highlighting files
> >   + Additionally, require word boundaries around release names, so
> > stretch isn't mishighlighted as (unsupported) etch. (#859247)
> 
> If you are updating this, maybe you could also add support for
> jessie-backports-sloppy, stretch-backports and stretch-security.

Done.

> > * Fix a regression in parsing ctags-generated TAGS files (#859426)
> > * Set $TERM to a sane value before running tests.  This fixes test
> >   failures when $TERM is an atypical value (like "unknown" in the
> >   reproducible builds environment).
> 
> Please go ahead with the upload and remove the moreinfo tag from this bug once
> the upload is in unstable.

Done.  Updated debdiff attached, too.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB
diffstat for vim-8.0.0197 vim-8.0.0197

 changelog  
|   13 +
 patches/series 
|2 
 patches/upstream/Update-releases-in-deb-changelog-sources-syntax-files.patch   
|   92 
 patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch 
|  103 ++
 rules  
|3 
 5 files changed, 212 insertions(+), 1 deletion(-)

diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog
--- vim-8.0.0197/debian/changelog   2017-03-06 22:33:23.0 -0500
+++ vim-8.0.0197/debian/changelog   2017-04-23 08:10:29.0 -0400
@@ -1,3 +1,16 @@
+vim (2:8.0.0197-4) unstable; urgency=medium
+
+  * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for
+ctags-generated emacs style tags files.  (Closes: #859426)
+  * Add Artful Aardvark, jessie-backports-sloppy, and
+stretch-backports/security to deb{changelog,sources} syntax files.
+  * debsources.vim: Require word boundaries around distribution name.
+(Closes: #859247)
+  * Set $TERM to a known sane value when running tests to avoid test failures
+due to an unknown $TERM.
+
+ -- James McCoy <james...@debian.org>  Sun, 23 Apr 2017 08:10:29 -0400
+
 vim (2:8.0.0197-3) unstable; urgency=high
 
   * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
diff -Nru vim-8.0.0197/debian/patches/series vim-8.0.0197/debian/patches/series
--- vim-8.0.0197/debian/patches/series  2017-03-06 22:33:23.0 -0500
+++ vim-8.0.0197/debian/patches/series  2017-04-23 08:10:29.0 -0400
@@ -8,3 +8,5 @@
 upstream/patch-8.0.0322-possible-overflow-with-corrupted-spell-fil.patch
 upstream/patch-8.0.0377-possible-overflow-when-reading-corrupted-u.patch
 upstream/patch-8.0.0378-possible-overflow-when-reading-corrupted-u.patch
+upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
+upstream/Update-releases-in-deb-changelog-sources-syntax-files.patch
diff -Nru 
vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
 
vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
--- 
vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
  1969-12-31 19:00:00.0 -0500
+++ 
vim-8.0.0197/debian/patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
  2017-04-23 08:10:29.0 -0400
@@ -0,0 +1,103 @@
+From: Bram Moolenaar <b...@vim.org>
+Date: Fri, 7 Apr 2017 20:30:29 +0200
+Subject: patch 8.0.0550: cannot parse some etags format tags file
+
+Problem:Some etags format tags file use 0x01, breaking the parsing.
+Solution:   Use 0x02 for TAG_SEP. (James McCoy, closes #1614)
+
+Signed-off-by: James McCoy <james...@debian.org>
+---
+ src/tag.c| 13 +++--
+ src/testdir/test_taglist.vim | 39 +++
+ src/version.c|  2 ++
+ 3 files changed, 48 insertions(+), 6 deletions(-)
+ create mode 100644 src/testdir/test_taglist.vim
+
+diff --git a/src/tag.c b/src/tag.c
+index a80a362..80b21c1 100644
+--- a/src/tag.c
 b/src/tag.c
+@@ -2335,18 +2335,19 @@ parse_line:
+   }
+   else
+   {
+-#define TAG_SEP 0x01
++#define TAG_SEP 0x02
+   size_t tag_fname_len = STRLEN(tag_fname);
+ #ifdef FEAT_EMACS_TAGS
+   size_t ebuf_len = 0;
+ #endif
+ 
+   /* Save the tag in a buffer.
+-   * Use 0x01 to separate fields (Can't use NUL, because the
+-   * hash key is terminated by NUL).
+-   * Emacs tag: <0x01><0x01>
+-   * other tag: <0x

Bug#860999: unblock: vim/2:8.0.0197-4 (pre-approval)

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

* Update Ubuntu release names in syntax highlighting files
  + Additionally, require word boundaries around release names, so
stretch isn't mishighlighted as (unsupported) etch. (#859247)
* Fix a regression in parsing ctags-generated TAGS files (#859426)
* Set $TERM to a sane value before running tests.  This fixes test
  failures when $TERM is an atypical value (like "unknown" in the
  reproducible builds environment).

(include/attach the debdiff against the package in testing)

unblock vim/2:8.0.0197-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for vim-8.0.0197 vim-8.0.0197

 changelog  
  |   12 +
 patches/series 
  |2 
 
patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
 |   76 +++
 patches/upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch 
  |  103 ++
 rules  
  |3 
 5 files changed, 195 insertions(+), 1 deletion(-)

diff -Nru vim-8.0.0197/debian/changelog vim-8.0.0197/debian/changelog
--- vim-8.0.0197/debian/changelog   2017-03-06 22:33:23.0 -0500
+++ vim-8.0.0197/debian/changelog   2017-04-23 08:10:29.0 -0400
@@ -1,3 +1,15 @@
+vim (2:8.0.0197-4) unstable; urgency=medium
+
+  * Backport upstream patch v8.0.0550 to fix a regression in tag lookups for
+ctags-generated emacs style tags files.  (Closes: #859426)
+  * Add Artful Aardvark to deb{changelog,sources} syntax files.
+  * debsources.vim: Require word boundaries around distribution name.
+(Closes: #859247)
+  * Set $TERM to a known sane value when running tests to avoid test failures
+due to an unknown $TERM.
+
+ -- James McCoy <james...@debian.org>  Sun, 23 Apr 2017 08:10:29 -0400
+
 vim (2:8.0.0197-3) unstable; urgency=high
 
   * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
diff -Nru vim-8.0.0197/debian/patches/series vim-8.0.0197/debian/patches/series
--- vim-8.0.0197/debian/patches/series  2017-03-06 22:33:23.0 -0500
+++ vim-8.0.0197/debian/patches/series  2017-04-23 08:10:29.0 -0400
@@ -8,3 +8,5 @@
 upstream/patch-8.0.0322-possible-overflow-with-corrupted-spell-fil.patch
 upstream/patch-8.0.0377-possible-overflow-when-reading-corrupted-u.patch
 upstream/patch-8.0.0378-possible-overflow-when-reading-corrupted-u.patch
+upstream/patch-8.0.0550-cannot-parse-some-etags-format-tags-file.patch
+upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
diff -Nru 
vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
 
vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
--- 
vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
1969-12-31 19:00:00.0 -0500
+++ 
vim-8.0.0197/debian/patches/upstream/Add-Artful-Aardvark-to-deb-changelog-sources-syntax-files.patch
2017-04-23 08:10:29.0 -0400
@@ -0,0 +1,76 @@
+From: James McCoy <james...@debian.org>
+Date: Sat, 22 Apr 2017 13:43:32 -0400
+Subject: Add Artful Aardvark to deb{changelog,sources} syntax files
+
+Require word boundary around distribution name.
+
+Closes: #859247
+Signed-off-by: James McCoy <james...@debian.org>
+---
+ runtime/syntax/debchangelog.vim |  4 ++--
+ runtime/syntax/debsources.vim   | 10 +-
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/runtime/syntax/debchangelog.vim b/runtime/syntax/debchangelog.vim
+index eb02aaf..691420f 100644
+--- a/runtime/syntax/debchangelog.vim
 b/runtime/syntax/debchangelog.vim
+@@ -3,7 +3,7 @@
+ " Maintainer:  Debian Vim Maintainers 
<pkg-vim-maintain...@lists.alioth.debian.org>
+ " Former Maintainers: Gerfried Fuchs <al...@ist.org>
+ " Wichert Akkerman <wakke...@debian.org>
+-" Last Change: 2016 Nov 12
++" Last Change: 2017 Apr 22
+ " URL: 
https://anonscm.debian.org/cgit/pkg-vim/vim.git/plain/runtime/syntax/debchangelog.vim
+ 
+ " Standard syntax initialization
+@@ -21,7 +21,7 @@ let binNMU='binary-only=yes'
+ syn match debchangelogNamecontained "^[[:alnum:]][[:alnum:].+-]\+ "
+ exe 'syn match debchangelogFirstKVcontained "; 
\('.urg

Bug#860242: unblock: neovim/0.1.7-4

[James McCoy]

On Thu, Apr 13, 2017 at 08:13:31AM -0400, James McCoy wrote:
> Please unblock package neovim
> 
> This upload includes fixes for CVE-2017-{5953,6349,6350}.
> 
> unblock neovim/0.1.7-4

Ping?

> diffstat for neovim-0.1.7 neovim-0.1.7
> 
>  changelog   |9 ++
>  patches/0001-debcherry-fixup-patch.patch|   32 
> +++-
>  patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch   |4 -
>  patches/0003-tui-backpressure-Drop-messages-to-avoid-flooding.patch |4 -
>  patches/0004-vim-patch-8.0.0377.patch   |   38 
> ++
>  patches/0005-vim-patch-8.0.0378.patch   |   37 
> +
>  patches/series  |2 
>  7 files changed, 118 insertions(+), 8 deletions(-)
> 
> diff -Nru neovim-0.1.7/debian/changelog neovim-0.1.7/debian/changelog
> --- neovim-0.1.7/debian/changelog 2017-01-16 07:18:35.0 -0500
> +++ neovim-0.1.7/debian/changelog 2017-04-10 08:15:38.0 -0400
> @@ -1,3 +1,12 @@
> +neovim (0.1.7-4) unstable; urgency=high
> +
> +  * Cherry-pick b338bb9d & 4af6c608 from upstream to fix buffer overflow if a
> +spellfile has an invalid length in it.  (CVE-2017-5953)
> +  * Cherry-pick fb66a7c6 & ad66826a from upstream to fix buffer overflows 
> when
> +reading corrupted undo files.  (CVE-2017-6349 & CVE-2017-6350)
> +
> + -- James McCoy <james...@debian.org>  Mon, 10 Apr 2017 08:15:38 -0400
> +
>  neovim (0.1.7-3) unstable; urgency=medium
>  
>* Disable global_spec.lua since it's rather flaky.
> diff -Nru neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch 
> neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch
> --- neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch  
> 2017-01-16 07:18:35.0 -0500
> +++ neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch  
> 2017-04-10 08:15:38.0 -0400
> @@ -1,8 +1,12 @@
> -From 2ef123279cbff7afeb5546992dc34c902664b4db Mon Sep 17 00:00:00 2001
> +From 5a06ba6f8d7c464ec319eac1a805575849203371 Mon Sep 17 00:00:00 2001
>  From: James McCoy <james...@jamessan.com>
> -Date: Mon, 16 Jan 2017 07:19:41 -0500
> -Subject: [PATCH 1/3] debcherry fixup patch
> +Date: Mon, 10 Apr 2017 08:16:34 -0400
> +Subject: [PATCH 1/5] debcherry fixup patch
>  
> +53bde37a vim-patch:8.0.0376
> +  - no changes against upstream or conflicts
> +aa0c704e vim-patch:8.0.0322
> +  - extra changes or conflicts
>  7b3fc809 out_data_decide_throttle(): timeout instead of hard limit.
>- no changes against upstream or conflicts
>  443f0387 out_data_decide_throttle(): Avoid too-small final chunk.
> @@ -22,11 +26,12 @@
>   src/nvim/main.c   |   2 +-
>   src/nvim/memory.c |  31 ---
>   src/nvim/os/shell.c   | 147 
> --
> + src/nvim/spell.c  |   6 +-
>   test/functional/eval/execute_spec.lua |  17 ++--
>   test/functional/terminal/helpers.lua  |   1 +
>   test/functional/ui/output_spec.lua|  21 +
>   test/functional/ui/screen.lua |  47 ---
> - 10 files changed, 235 insertions(+), 49 deletions(-)
> + 11 files changed, 240 insertions(+), 50 deletions(-)
>  
>  diff --git a/runtime/doc/various.txt b/runtime/doc/various.txt
>  index a1bf379d..3c147244 100644
> @@ -353,6 +358,25 @@
> if (cnt) {
>   rbuffer_consumed(buf, cnt);
> }
> +diff --git a/src/nvim/spell.c b/src/nvim/spell.c
> +index 7119ac6d..7dc9eb05 100644
> +--- a/src/nvim/spell.c
>  b/src/nvim/spell.c
> +@@ -3589,9 +3589,13 @@ spell_read_tree (
> + 
> +   // The tree size was computed when writing the file, so that we can
> +   // allocate it as one long block. 
> +-  int len = get4c(fd);
> ++  long len = get4c(fd);
> +   if (len < 0)
> + return SP_TRUNCERROR;
> ++  if ((size_t)len >= SIZE_MAX / sizeof(int)) {
> ++// Invalid length, multiply with sizeof(int) would overflow.
> ++return SP_FORMERROR;
> ++  }
> +   if (len > 0) {
> + // Allocate the byte array.
> + bp = xmalloc(len);
>  diff --git a/test/functional/eval/execute_spec.lua 
> b/test/functional/eval/execute_spec.lua
>  index b5b48143..fc13c0a7 100644
>  --- a/test/functional/eval/execute_spec.lua
> diff -Nru 
> neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch 
> neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch
> --- 
> neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch 
> 2017-0

Bug#860242: unblock: neovim/0.1.7-4

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package neovim

This upload includes fixes for CVE-2017-{5953,6349,6350}.

unblock neovim/0.1.7-4

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for neovim-0.1.7 neovim-0.1.7

 changelog   |9 ++
 patches/0001-debcherry-fixup-patch.patch|   32 
+++-
 patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch   |4 -
 patches/0003-tui-backpressure-Drop-messages-to-avoid-flooding.patch |4 -
 patches/0004-vim-patch-8.0.0377.patch   |   38 
++
 patches/0005-vim-patch-8.0.0378.patch   |   37 
+
 patches/series  |2 
 7 files changed, 118 insertions(+), 8 deletions(-)

diff -Nru neovim-0.1.7/debian/changelog neovim-0.1.7/debian/changelog
--- neovim-0.1.7/debian/changelog   2017-01-16 07:18:35.0 -0500
+++ neovim-0.1.7/debian/changelog   2017-04-10 08:15:38.0 -0400
@@ -1,3 +1,12 @@
+neovim (0.1.7-4) unstable; urgency=high
+
+  * Cherry-pick b338bb9d & 4af6c608 from upstream to fix buffer overflow if a
+spellfile has an invalid length in it.  (CVE-2017-5953)
+  * Cherry-pick fb66a7c6 & ad66826a from upstream to fix buffer overflows when
+reading corrupted undo files.  (CVE-2017-6349 & CVE-2017-6350)
+
+ -- James McCoy <james...@debian.org>  Mon, 10 Apr 2017 08:15:38 -0400
+
 neovim (0.1.7-3) unstable; urgency=medium
 
   * Disable global_spec.lua since it's rather flaky.
diff -Nru neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch 
neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch
--- neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch
2017-01-16 07:18:35.0 -0500
+++ neovim-0.1.7/debian/patches/0001-debcherry-fixup-patch.patch
2017-04-10 08:15:38.0 -0400
@@ -1,8 +1,12 @@
-From 2ef123279cbff7afeb5546992dc34c902664b4db Mon Sep 17 00:00:00 2001
+From 5a06ba6f8d7c464ec319eac1a805575849203371 Mon Sep 17 00:00:00 2001
 From: James McCoy <james...@jamessan.com>
-Date: Mon, 16 Jan 2017 07:19:41 -0500
-Subject: [PATCH 1/3] debcherry fixup patch
+Date: Mon, 10 Apr 2017 08:16:34 -0400
+Subject: [PATCH 1/5] debcherry fixup patch
 
+53bde37a vim-patch:8.0.0376
+- no changes against upstream or conflicts
+aa0c704e vim-patch:8.0.0322
+- extra changes or conflicts
 7b3fc809 out_data_decide_throttle(): timeout instead of hard limit.
 - no changes against upstream or conflicts
 443f0387 out_data_decide_throttle(): Avoid too-small final chunk.
@@ -22,11 +26,12 @@
  src/nvim/main.c   |   2 +-
  src/nvim/memory.c |  31 ---
  src/nvim/os/shell.c   | 147 --
+ src/nvim/spell.c  |   6 +-
  test/functional/eval/execute_spec.lua |  17 ++--
  test/functional/terminal/helpers.lua  |   1 +
  test/functional/ui/output_spec.lua|  21 +
  test/functional/ui/screen.lua |  47 ---
- 10 files changed, 235 insertions(+), 49 deletions(-)
+ 11 files changed, 240 insertions(+), 50 deletions(-)
 
 diff --git a/runtime/doc/various.txt b/runtime/doc/various.txt
 index a1bf379d..3c147244 100644
@@ -353,6 +358,25 @@
if (cnt) {
  rbuffer_consumed(buf, cnt);
}
+diff --git a/src/nvim/spell.c b/src/nvim/spell.c
+index 7119ac6d..7dc9eb05 100644
+--- a/src/nvim/spell.c
 b/src/nvim/spell.c
+@@ -3589,9 +3589,13 @@ spell_read_tree (
+ 
+   // The tree size was computed when writing the file, so that we can
+   // allocate it as one long block. 
+-  int len = get4c(fd);
++  long len = get4c(fd);
+   if (len < 0)
+ return SP_TRUNCERROR;
++  if ((size_t)len >= SIZE_MAX / sizeof(int)) {
++// Invalid length, multiply with sizeof(int) would overflow.
++return SP_FORMERROR;
++  }
+   if (len > 0) {
+ // Allocate the byte array.
+ bp = xmalloc(len);
 diff --git a/test/functional/eval/execute_spec.lua 
b/test/functional/eval/execute_spec.lua
 index b5b48143..fc13c0a7 100644
 --- a/test/functional/eval/execute_spec.lua
diff -Nru 
neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch 
neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch
--- 
neovim-0.1.7/debian/patches/0002-test-Handle-SIGHUP-in-tty-test-fixture.patch   
2017-01-16 07:18:35.0 -0500
+++ 
neovim-0.1.7/debia

Bug#857041: jessie-pu: package vim/2:7.4.488-7+deb8u3

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

This upload would fix two no-dsa CVEs (CVE-2017-6349, CVE-2017-6350) for
Vim.  Debdiff attached.

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for vim-7.4.488 vim-7.4.488

 changelog|8 +
 patches/series   |2 +
 patches/upstream/v8-0-0377.patch |   45 
 patches/upstream/v8-0-0378.patch |   54 +++
 4 files changed, 109 insertions(+)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2017-02-12 20:02:50.0 -0500
+++ vim-7.4.488/debian/changelog2017-03-06 23:52:28.0 -0500
@@ -1,3 +1,11 @@
+vim (2:7.4.488-7+deb8u3) jessie; urgency=medium
+
+  * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
+when reading corrupted undo files.  (Closes: #856266, CVE-2017-6349,
+CVE-2017-6350)
+
+ -- James McCoy <james...@debian.org>  Mon, 06 Mar 2017 23:52:28 -0500
+
 vim (2:7.4.488-7+deb8u2) jessie-security; urgency=high
 
   * Backport patch 8.0.0322 to fix a buffer overflow if a spellfile has an
diff -Nru vim-7.4.488/debian/patches/series vim-7.4.488/debian/patches/series
--- vim-7.4.488/debian/patches/series   2017-02-12 19:59:43.0 -0500
+++ vim-7.4.488/debian/patches/series   2017-03-06 23:46:47.0 -0500
@@ -10,3 +10,5 @@
 debian/extra-tex-detection.patch
 upstream/v8-0-0056.patch
 upstream/v8-0-0322.patch
+upstream/v8-0-0377.patch
+upstream/v8-0-0378.patch
diff -Nru vim-7.4.488/debian/patches/upstream/v8-0-0377.patch 
vim-7.4.488/debian/patches/upstream/v8-0-0377.patch
--- vim-7.4.488/debian/patches/upstream/v8-0-0377.patch 1969-12-31 
19:00:00.0 -0500
+++ vim-7.4.488/debian/patches/upstream/v8-0-0377.patch 2017-03-06 
23:51:37.0 -0500
@@ -0,0 +1,45 @@
+commit 3eb1637b1bba19519885dd6d377bd5596e91d22c
+Author: Bram Moolenaar <b...@vim.org>
+Date:   Sun Feb 26 18:11:36 2017 +0100
+
+patch 8.0.0377: possible overflow when reading corrupted undo file
+
+Problem:Possible overflow when reading corrupted undo file.
+Solution:   Check if allocated size is not too big. (King)
+
+diff --git a/src/undo.c b/src/undo.c
+index b69f31872..ba7c0b83c 100644
+--- a/src/undo.c
 b/src/undo.c
+@@ -1836,7 +1836,7 @@ u_read_undo(char_u *name, char_u *hash, char_u 
*orig_name)
+ linenr_T  line_lnum;
+ colnr_T   line_colnr;
+ linenr_T  line_count;
+-int   num_head = 0;
++long  num_head = 0;
+ long  old_header_seq, new_header_seq, cur_header_seq;
+ long  seq_last, seq_cur;
+ long  last_save_nr = 0;
+@@ -2023,7 +2023,8 @@ u_read_undo(char_u *name, char_u *hash, char_u 
*orig_name)
+  * When there are no headers uhp_table is NULL. */
+ if (num_head > 0)
+ {
+-  uhp_table = (u_header_T **)U_ALLOC_LINE(
++  if (num_head < LONG_MAX / (long)sizeof(u_header_T *))
++  uhp_table = (u_header_T **)U_ALLOC_LINE(
+num_head * sizeof(u_header_T *));
+   if (uhp_table == NULL)
+   goto error;
+diff --git a/src/version.c b/src/version.c
+index 8d1454197..c79020b21 100644
+--- a/src/version.c
 b/src/version.c
+@@ -1733,6 +1733,8 @@ static char *(features[]) =
+ static char *(extra_patches[]) =
+ {   /* Add your patch description below this line */
+ /**/
++"8.0.0377",
++/**/
+ "8.0.0322",
+ /**/
+ "8.0.0056",
diff -Nru vim-7.4.488/debian/patches/upstream/v8-0-0378.patch 
vim-7.4.488/debian/patches/upstream/v8-0-0378.patch
--- vim-7.4.488/debian/patches/upstream/v8-0-0378.patch 1969-12-31 
19:00:00.0 -0500
+++ vim-7.4.488/debian/patches/upstream/v8-0-0378.patch 2017-03-06 
23:52:12.0 -0500
@@ -0,0 +1,54 @@
+commit 0c8485f0e4931463c0f7986e1ea84a7d79f10c75
+Author: Bram Moolenaar <b...@vim.org>
+Date:   Sun Feb 26 18:17:10 2017 +0100
+
+patch 8.0.0378: possible overflow when reading corrupted undo file
+
+Problem:Another possible overflow when reading corrupted undo file.
+Solution:   Check if allocated size is not too big. (King)
+
+diff --git a/src/undo.c b/src/undo.c
+index ba7c0b83c..5b953795e 100644
+--- a/src/undo.c
 b/src/undo.c
+@@ -1423,7 +1423,7 @@ unserialize_uep(bufinfo_T *bi, int *error, char_u 
*file_name)
+ {
+ int   i;
+ u_entry_T *uep;
+-char_u**array;
++char_u**array = NUL

Bug#857007: unblock: devscripts/2.17.2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

devscripts (2.17.2) unstable; urgency=medium

  [ James McCoy ]
  * deb-reversion:
+ Correct parsing of long-form --new-version switch.  (Closes: #853919)
  * grep-excuses:
+ Improve robustness of HTML parsing to avoid issues like #856104, until
  grep-excuses is converted to consume YAML.
  * debsign:
+ Add support for *.buildinfo files.  Thanks to Ximin Luo and Guillem
  Jover for the patches!  (Closes: #855282)
  * debian/tests/control: Add mozilla-devscripts to Depends, as needed by
mk-origtargz's tests.

  [ Antonio Terceiro ]
  * rc-alert:
+ Add bug URL to the output.

  [ Guillem Jover ]
  * wrap-and-sort:
+ Deal with Build-Conflicts-{Arch,Indep}, Build-Depends-Arch and
  Built-Using fields.  (Closes: #855433)

  [ Mattia Rizzolo ]
  * Remove Ryan Niebur from Uploaders after a request from the MIA Team.
Thank you for all your past contributions!  (Closes: #856374)

 -- James McCoy <james...@debian.org>  Sun, 05 Mar 2017 22:23:37 -0500

#853919, #855433, and #856104 are minor fixes, both in impact and churn.
The latter, in particular, is just preventative since britney has been
fixed.

#855282 is a fair amount of churn, but I think having buildinfo support
is important for Stretch.  Adrian Bunk also noted[0] that debarchiver
was rejecting package uploads signed by debsign since dscverify's
support for buildinfo was uploaded in 2.17.1.

The individual commits may be easier to review:
- 
https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=e1a18a8f..1a3304ab
- https://anonscm.debian.org/git/collab-maint/devscripts.git/log/?id=51b5e50e

The debdiff is attached.

unblock devscripts/2.17.2

[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855282#42

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for devscripts-2.17.1 devscripts-2.17.2

 debian/changelog|   29 ++
 debian/control  |3 
 debian/tests/control|2 
 po4a/po/de.po   |  232 +--
 po4a/po/devscripts.pot  |  112 -
 po4a/po/fr.po   |  206 +++--
 scripts/deb-reversion.sh|2 
 scripts/debsign.1   |   64 ++---
 scripts/debsign.bash_completion |1 
 scripts/debsign.sh  |  484 +---
 scripts/dscverify.pl|8 
 scripts/grep-excuses.pl |4 
 scripts/rc-alert.pl |1 
 scripts/wrap-and-sort   |4 
 test/test_package_lifecycle |   48 +++
 15 files changed, 784 insertions(+), 416 deletions(-)

diff -Nru devscripts-2.17.1/debian/changelog devscripts-2.17.2/debian/changelog
--- devscripts-2.17.1/debian/changelog  2017-02-01 21:25:00.0 -0500
+++ devscripts-2.17.2/debian/changelog  2017-03-05 22:23:37.0 -0500
@@ -1,3 +1,32 @@
+devscripts (2.17.2) unstable; urgency=medium
+
+  [ James McCoy ]
+  * deb-reversion:
++ Correct parsing of long-form --new-version switch.  (Closes: #853919)
+  * grep-excuses:
++ Improve robustness of HTML parsing to avoid issues like #856104, until
+  grep-excuses is converted to consume YAML.
+  * debsign:
++ Add support for *.buildinfo files.  Thanks to Ximin Luo and Guillem
+  Jover for the patches!  (Closes: #855282)
+  * debian/tests/control: Add mozilla-devscripts to Depends, as needed by
+mk-origtargz's tests.
+
+  [ Antonio Terceiro ]
+  * rc-alert:
++ Add bug URL to the output.
+
+  [ Guillem Jover ]
+  * wrap-and-sort:
++ Deal with Build-Conflicts-{Arch,Indep}, Build-Depends-Arch and
+  Built-Using fields.  (Closes: #855433)
+
+  [ Mattia Rizzolo ]
+  * Remove Ryan Niebur from Uploaders after a request from the MIA Team.
+Thank you for all your past contributions!  (Closes: #856374)
+
+ -- James McCoy <james...@debian.org>  Sun, 05 Mar 2017 22:23:37 -0500
+
 devscripts (2.17.1) unstable; urgency=medium
 
   [ Osamu Aoki ]
diff -Nru devscripts-2.17.1/debian/control devscripts-2.17.2/debian/control
--- devscripts-2.17.1/debian/control2017-02-01 21:25:00.0 -0500
+++ devscripts-2.17.2/debian/control2017-03-05 22:23:37.0 -0500
@@ -5,7 +5,6 @@
 Uploaders: James McCoy <james...@debian.org>,
Martin Zobel-Helas <zo...@debian.org>,
Patrick Schoenfeld <schoenf...@debian.org>,
-   Ryan Niebur <ryanrya...@gmail.com>,
Benjamin Drung <bdr...@debian.org>

Re: Bug#855644: devscripts: grep-excuses doesn't work with maintainer name

[James McCoy]

Control: clone -1 -2
Control: retitle -2 [britney] Add an EOL to the verdict summary line in HTML 
output
Control: tag -2 patch
Control: retitle -1 grep-excuses: Use excuses.yaml instead of 
update_excuses.html.gz
Control: severity -1 normal

On Mon, Feb 20, 2017 at 10:42:17PM +0100, Christian Marillat wrote:
> $ grep-excuses sawfish-merlin-ugliness
> sawfish-merlin-ugliness (- to 1.3.1-1)
> Migration status: BLOCKED: Rejected/introduces a regression (please see 
> below)
> Maintainer: Christian Marillat
> 4589 days old (needed 10 days)
> Not touching package due to block request by freeze (check 
> https://release.debian.org/testing/freeze_policy.html if update is needed)
> sawfish-merlin-ugliness has new bugs!
> Updating sawfish-merlin-ugliness introduces new bugs: #800278
> Piuparts tested OK - 
> https://piuparts.debian.org/sid/source/s/sawfish-merlin-ugliness.html
> 
> When 'grep-excuses Marillat' or grep-excuses 'Christian Marillat' return 
> nothing.

This is due to a recent change in the script that generates the
update_excuses.html page, which breaks grep-excuses' parsing.

I'm splitting this bug into two pieces.  One, for the release team, to
fix the generation of the HTML so grep-excuses is fixed now, and another
for grep-excuses to start consuming YAML instead of parsing HTML.

I have patches for both bugs, but the YAML one will need to wait until
Buster, since it's essentially a rewrite of that part of grep-excuses.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB
>From a04d730bb7ba63df17117c3bfc4afd93bab9f37c Mon Sep 17 00:00:00 2001
From: James McCoy <james...@debian.org>
Date: Fri, 24 Feb 2017 23:43:57 -0500
Subject: [PATCH] excuse: Add an EOL to the verdict summary line in HTML output

devscripts' grep-excuses expects each  to be on its own line.  When
d7a676d0741729bb643e0b8c54b989cb747c6a4b added the verdict summary,
without an EOL, it broke grep-excuses' ability to search by maintainer.

Signed-off-by: James McCoy <james...@debian.org>
---
 britney2/excuse.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/britney2/excuse.py b/britney2/excuse.py
index 4dbd703..e301cfe 100644
--- a/britney2/excuse.py
+++ b/britney2/excuse.py
@@ -182,7 +182,7 @@ class Excuse(object):
 """Render the excuse in HTML"""
 res = "%s (%s to %s)\n\n" % \
 (self.name, self.name, self.name, self.ver[0], self.ver[1])
-res += "Migration status: %s" % self._format_verdict_summary()
+res += "Migration status: %s\n" % self._format_verdict_summary()
 if self.maint:
 res = res + "Maintainer: %s\n" % (self.maint)
 if self.section and self.section.find("/") > -1:
-- 
2.11.0

Bug#853920: unblock: devscripts/2.17.1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

* Fix FTBFS (test failure) due to recent debhelper changes (#852918)
* Add .buildinfo support to dscverify
* Documentation/translation updates

debdiff attached.

unblock devscripts/2.17.1

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for devscripts-2.17.0 devscripts-2.17.1

 debian/changelog|   27 +++
 debian/tests/control|2 
 po4a/po/de.po   |  100 +++-
 po4a/po/devscripts.pot  |   77 +
 po4a/po/fr.po   |   91 
 scripts/dscverify.1 |   15 +++---
 scripts/dscverify.pl|   10 ++--
 scripts/uscan.pl|2 
 test/test_package_lifecycle |8 ++-
 9 files changed, 205 insertions(+), 127 deletions(-)

diff -Nru devscripts-2.17.0/debian/changelog devscripts-2.17.1/debian/changelog
--- devscripts-2.17.0/debian/changelog  2017-01-10 23:21:45.0 -0500
+++ devscripts-2.17.1/debian/changelog  2017-02-01 21:25:00.0 -0500
@@ -1,3 +1,30 @@
+devscripts (2.17.1) unstable; urgency=medium
+
+  [ Osamu Aoki ]
+  * uscan:
++ PyPI packages location change.  (Closes: #851590)
+
+  [ Guillem Jover ]
+  * dscverify:
++ Add support for .buildinfo files.  (Closes: #852801)
+
+  [ Mattia Rizzolo ]
+  * dscverify:
++ Remove reference to the long gone debian-maintainers package.
+  * test_package_lifecycle:
++ Import patch from Ubuntu to have the test pass on their builders too:
+  filter out output from pkg-create-dbgsym's dh_gencontrol wrapper, pass
+  --set-envvar=NO_PKG_MANGLE=1 to debuild, and pass -U to debchange.
+  * debian/tests/control:
++ Depend on build-essential.
+
+  [ James McCoy ]
+  * test_package_lifecycle:
++ Ignore debhelper's new "create-stamp" output to fix the test failure.
+  (Closes: #852918)
+
+ -- James McCoy <james...@debian.org>  Wed, 01 Feb 2017 21:25:00 -0500
+
 devscripts (2.17.0) unstable; urgency=medium
 
   [ Sean Whitton ]
diff -Nru devscripts-2.17.0/debian/tests/control 
devscripts-2.17.1/debian/tests/control
--- devscripts-2.17.0/debian/tests/control  2017-01-10 23:21:45.0 
-0500
+++ devscripts-2.17.1/debian/tests/control  2017-02-01 21:25:00.0 
-0500
@@ -1,3 +1,3 @@
 Tests: shunit2
-Depends: devscripts, libdistro-info-perl, zip, shunit2, gcc
+Depends: devscripts, libdistro-info-perl, zip, shunit2, gcc, build-essential
 Restrictions: allow-stderr needs-recommends
diff -Nru devscripts-2.17.0/po4a/po/de.po devscripts-2.17.1/po4a/po/de.po
--- devscripts-2.17.0/po4a/po/de.po 2017-01-10 23:21:45.0 -0500
+++ devscripts-2.17.1/po4a/po/de.po 2017-02-01 21:25:00.0 -0500
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: devscripts 2.16.4\n"
 "Report-Msgid-Bugs-To: devscri...@packages.debian.org\n"
-"POT-Creation-Date: 2017-01-11 04:24+\n"
+"POT-Creation-Date: 2017-02-02 02:29+\n"
 "PO-Revision-Date: 2016-09-25 18:56+0200\n"
 "Last-Translator: Chris Leick <c.le...@vollbio.de>\n"
 "Language-Team: de <debian-l10n-ger...@lists.debian.org>\n"
@@ -252,7 +252,7 @@
 #: ../scripts/annotate-output.1:19 ../scripts/debchange.1:389
 #: ../scripts/debclean.1:90 ../scripts/debrelease.1:102
 #: ../scripts/debsign.1:103 ../scripts/dep3changelog.1:19
-#: ../scripts/dscverify.1:39 ../scripts/nmudiff.1:76
+#: ../scripts/dscverify.1:40 ../scripts/nmudiff.1:76
 #: ../scripts/pts-subscribe.1:31 ../scripts/uupdate.1:104
 #: ../scripts/who-uploads.1:47
 msgid "Display a help message and exit successfully."
@@ -344,7 +344,7 @@
 #: ../scripts/debuild.1:445 ../scripts/dep3changelog.1:28
 #: ../scripts/dget.pl:717 ../scripts/diff2patches.1:45
 #: ../scripts/dpkg-depcheck.1:118 ../scripts/dpkg-genbuilddeps.1:30
-#: ../scripts/dscverify.1:75 ../scripts/git-deborig.pl:52
+#: ../scripts/dscverify.1:76 ../scripts/git-deborig.pl:52
 #: ../scripts/grep-excuses.1:45 ../scripts/list-unreleased.1:19
 #: ../scripts/mk-origtargz.pl:181 ../scripts/nmudiff.1:108
 #: ../scripts/origtargz.pl:158 ../scripts/plotchangelog.1:124
@@ -395,7 +395,7 @@
 #: ../scripts/desktop2menu.pl:52 ../scripts/dep3changelog.1:26
 #: ../scripts/dget.pl:709 ../scripts/diff2patches.1:48
 #: ../scripts/dpkg-genbuilddeps.1:36 ../scripts/dscextract.1:32
-#: ../scripts/dscverify.1:80 ../scripts/getbuildlog.1:41
+#: ../scripts/dscver

iptables transition (was Re: Bug#844755: fixed in iptables 1.6.0+snapshot20161117-2)

[James McCoy]

On Tue, Nov 22, 2016 at 02:00:47AM +, Arturo Borrero Gonzalez wrote:
> Changes:
>  iptables (1.6.0+snapshot20161117-2) unstable; urgency=medium
>  .
>* [146c602] libxtables: bump from libxtables11 to libxtables12 (Closes:
>  #844755)

As noted in the last Release Update[0], November 5th was the close for
library transitions.  Not only is this a late transition, but it seems
to be uncoordinated with the release team.

This may need to be reverted.

[0]: https://lists.debian.org/debian-devel-announce/2016/11/msg2.html

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#815036: transition: msgpack-c

[James McCoy]

On Sun, Sep 25, 2016 at 11:23:43AM +0200, Emilio Pozuelo Monfort wrote:
> On 24/09/16 22:52, James McCoy wrote:
> > On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote:
> >> On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
> >>> Upload msgpack-c to unstable, then you bump the remaining bugs to RC.
> >>
> >> Done.  The tmate maintainer is going to move the compatible version from
> >> experimental to unstable today.
> > 
> > It looks like everything's transitioned.
> 
> Should src:msgpack be removed from the archive now? libmsgpack3 has no rdeps.

Yes, it should.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#815036: transition: msgpack-c

[James McCoy]

On Sat, Sep 03, 2016 at 02:10:08PM -0400, James McCoy wrote:
> On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
> > Upload msgpack-c to unstable, then you bump the remaining bugs to RC.
> 
> Done.  The tmate maintainer is going to move the compatible version from
> experimental to unstable today.

It looks like everything's transitioned.

Thanks!
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#815036: transition: msgpack-c

[James McCoy]

On Wed, Aug 31, 2016 at 05:01:33PM +0200, Emilio Pozuelo Monfort wrote:
> On 27/08/16 04:39, James McCoy wrote:
> > On Sat, Aug 13, 2016 at 10:10:29AM -0400, James McCoy wrote:
> >> On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote:
> >>> + libdata-messagepack-perl has a fix upstream but no "stable" release
> >>>   including it
> > 
> > There is now an actual upstream release with the msgpack-c changes.
> > 
> >>> + libdata-messagepack-stream-perl could be NMUed once
> >>>   libdata-messagepack-perl is available.
> >>
> >> No activity on either of these.
> >>
> >> They're only used by libcatmandu-store-lucy-perl and
> >> libtext-xslate-perl, which have no rdeps.  Should I bump the severity of
> >> these bugs or suggest removing them?
> > 
> > I've pinged these bugs and got responses that the Perl folks would be ok
> > with those two packages being removed from testing (not unstable since
> > packaging was done in response to an RFP) to help the transition and
> > possibly bring visibility to the needed maintenance.
> > 
> > Given that there's been some activity upstream around these packages,
> > I'm a little more confident about performing NMUs than I had been.
> > 
> > Thoughts on how to proceed?
> 
> Upload msgpack-c to unstable, then you bump the remaining bugs to RC.

Done.  The tmate maintainer is going to move the compatible version from
experimental to unstable today.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#815036: transition: msgpack-c

[James McCoy]

On Sat, Aug 13, 2016 at 10:10:29AM -0400, James McCoy wrote:
> On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote:
> > + libdata-messagepack-perl has a fix upstream but no "stable" release
> >   including it

There is now an actual upstream release with the msgpack-c changes.

> > + libdata-messagepack-stream-perl could be NMUed once
> >   libdata-messagepack-perl is available.
> 
> No activity on either of these.
> 
> They're only used by libcatmandu-store-lucy-perl and
> libtext-xslate-perl, which have no rdeps.  Should I bump the severity of
> these bugs or suggest removing them?

I've pinged these bugs and got responses that the Perl folks would be ok
with those two packages being removed from testing (not unstable since
packaging was done in response to an RFP) to help the transition and
possibly bring visibility to the needed maintenance.

Given that there's been some activity upstream around these packages,
I'm a little more confident about performing NMUs than I had been.

Thoughts on how to proceed?

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#815036: transition: msgpack-c

[James McCoy]

On Tue, Jun 14, 2016 at 06:17:31PM -0400, James McCoy wrote:
> On Tue, Jun 14, 2016 at 07:43:27PM +0200, Emilio Pozuelo Monfort wrote:
> > How is this progressing?
> 
> To summarize:
> 
> + Will NMU webdis with my proposed patch and send it upstream

Done

> + tmate is fixed in experimental
> + libdata-messagepack-perl has a fix upstream but no "stable" release
>   including it
> + libdata-messagepack-stream-perl could be NMUed once
>   libdata-messagepack-perl is available.

No activity on either of these.

They're only used by libcatmandu-store-lucy-perl and
libtext-xslate-perl, which have no rdeps.  Should I bump the severity of
these bugs or suggest removing them?

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#831699: release.debian.org: urgency is sticky across dists - low urgency on sid upload ignored after previous experimental medium-urgency upload

[James McCoy]

Control: reopen -1
Control: clone -1 -2
Control: reassign -2 ftp.debian.org
Control: retitle -2 [dak] Include suite information in UrgencyLog
Control: block -1 by -2

On Tue, Jul 19, 2016 at 07:53:00PM +, Niels Thykier wrote:
> Adam D. Barratt:
> > On Tue, 2016-07-19 at 15:40 +0200, Goswin von Brederlow wrote:
> >> On Mon, Jul 18, 2016 at 07:41:54PM +0200, Andreas Metzler wrote:
> > [...]
> >>> Testing has 2016.0.0+dfsg-1, which was followed by
> >>> [2016-07-16] 2016.2.0~rc1+dfsg-2 in unstable (low)
> >>> [2016-07-11] 2016.2.0~rc1+dfsg-1 in experimental (low)
> >>> [2016-06-04] 2016.2.0~beta1+dfsg-1 in experimental (medium)
> >>>
> >>> britney seems to have remembered that 2016.2.0~beta1+dfsg-1 had medium
> >>> urgency and chose to consider this urgency for sid->testing migration.
> > [...]
> >> Does it remember or does it parse the changelog and use the highest
> >> priority since the version in testing? The hugin changelog contains
> >> the urgency=medium entry so this seems a valid urgency to use.
> > 
> > britney knows nothing about changelogs. The input is a strictly
> > chronological (in terms of when dak accepted the package) list of source
> > package name, version and urgency tuples for all uploads to the main
> > archive.
> > 
> > Regards,
> > 
> > Adam
> > 
> 
> For the people interested, the input data is available from [1].  If you
> want it changed, it will need to be fixed in dak (producer) and Britney
> (as the consumer).

I think that's the proper fix for this and I would prefer to avoid
adding even more special-casing code to dch.

>   From my PoV: Patches welcome and will gladly help people, who are
> interested in it.  I don't expect to have time to fix it myself any time
> soon - but as I said; I will gladly help people getting started.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB


signature.asc
Description: PGP signature

Bug#815036: transition: msgpack-c

[James McCoy]

On Tue, Jun 14, 2016 at 07:43:27PM +0200, Emilio Pozuelo Monfort wrote:
> On 25/02/16 02:28, James McCoy wrote:
> > On Mon, Feb 22, 2016 at 07:39:44PM +0100, Emilio Pozuelo Monfort wrote:
> >> On 21/02/16 16:54, James McCoy wrote:
> >>> On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote:
> >>>> FTBFS:
> >>>>
> >>>> * webdis:
> >>>>   + #811343 filed with patch

No action seen on this.  I can try to push this upstream.  The package
hasn't seen any activity in almost a year (even with an upstream release
in the interim).

I could NMU this.

> >>>> * tmate:
> >>>>   + New upstream version is needed
> >>>>   + Will file a bug for this
> >>>
> >>> Filed #815381.

Fixed in experimental.

> >>>> * kumofs:
> >>>>   + configure script expects the C++ library (libmsgpack) and therefore
> >>>> fails
> >>>>   + Trivial patch to remove that expectation leads to a compile failure
> >>>> due to mixing code with C and C++ linkage
> >>>>   + No upstream activity in 5+ years
> >>>>   + Debian maintainer MIA
> >>>
> >>> Given the above and a popcon of 5, should an RM bug be filed?
> >>
> >> Yeah I'd say so.
> > 
> > #815845 filed.

This has been removed from the archive.

libdata-messagepack-perl has an upstream pre-release which works with
the new msgpack-c.  I've poked them to see if they're ready to make an
official release.

There's still been no reaction to my patch against
libdata-messagepack-stream-perl upstream.  I can poke them again.

> How is this progressing?

To summarize:

+ Will NMU webdis with my proposed patch and send it upstream
+ tmate is fixed in experimental
+ libdata-messagepack-perl has a fix upstream but no "stable" release
  including it
+ libdata-messagepack-stream-perl could be NMUed once
  libdata-messagepack-perl is available.

Also, a new package has appeared in the interim which needs the new
msgpack-c.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3

[James McCoy]

On Fri, Mar 11, 2016 at 09:49:25PM +, Adam D. Barratt wrote:
> On Sun, 2016-02-28 at 21:38 -0500, James McCoy wrote:
> > I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a
> > crash when running svn and using kwallet to store credentials.
> [...]
> > +  * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to
> > +store authentication information.  (Closes: #736879)
> 
> Please go ahead.

Uploaded.

Thanks,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>


signature.asc
Description: PGP signature

Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3

[James McCoy]

On Sun, Feb 28, 2016 at 09:38:23PM -0500, James McCoy wrote:
> I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a
> crash when running svn and using kwallet to store credentials.

Ping.

> $ debdiff subversion_1.8.10-6+deb8u{2,3}.dsc
> diffstat for subversion_1.8.10-6+deb8u2 subversion_1.8.10-6+deb8u3
> 
>  debian/patches/r1701440-kwallet-segfault |  145 
> +++
>  subversion-1.8.10/debian/changelog   |7 +
>  subversion-1.8.10/debian/patches/series  |1 
>  3 files changed, 153 insertions(+)
> 
> diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
> --- subversion-1.8.10/debian/changelog
> +++ subversion-1.8.10/debian/changelog
> @@ -1,3 +1,10 @@
> +subversion (1.8.10-6+deb8u3) UNRELEASED; urgency=medium
> +
> +  * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to
> +store authentication information.  (Closes: #736879)
> +
> + -- James McCoy <james...@debian.org>  Sat, 27 Feb 2016 14:08:40 -0500
> +
>  subversion (1.8.10-6+deb8u2) jessie-security; urgency=high
>  
>* patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with
> diff -u subversion-1.8.10/debian/patches/series 
> subversion-1.8.10/debian/patches/series
> --- subversion-1.8.10/debian/patches/series
> +++ subversion-1.8.10/debian/patches/series
> @@ -28,0 +29 @@
> +r1701440-kwallet-segfault
> only in patch2:
> unchanged:
> --- subversion-1.8.10.orig/debian/patches/r1701440-kwallet-segfault
> +++ subversion-1.8.10/debian/patches/r1701440-kwallet-segfault
> @@ -0,0 +1,145 @@
> +
> +r1701440 | svn-role | 2015-09-06 00:00:12 -0400 (Sun, 06 Sep 2015) | 9 lines
> +
> +Merge the r1700740 group from trunk:
> +
> + * r1700740, r1700951
> +   Fix registration of kwallet to avoid double free on close
> +   Justification:
> + Fixes segfault on kwallet close. User reported problem.
> +   Votes:
> + +1: rhuijben, stsp, brane
> +
> +
> +Index: 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp
> +===
> +--- 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701439)
>  1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1701440)
> +@@ -47,6 +47,7 @@
> + #include "svn_auth.h"
> + #include "svn_config.h"
> + #include "svn_error.h"
> ++#include "svn_hash.h"
> + #include "svn_io.h"
> + #include "svn_pools.h"
> + #include "svn_string.h"
> +@@ -135,35 +136,37 @@
> +   return wid;
> + }
> + 
> ++/* Forward definition */
> ++static apr_status_t
> ++kwallet_terminate(void *data);
> ++
> + static KWallet::Wallet *
> + get_wallet(QString wallet_name,
> +apr_hash_t *parameters)
> + {
> +   KWallet::Wallet *wallet =
> +-static_cast (apr_hash_get(parameters,
> +- "kwallet-wallet",
> +- APR_HASH_KEY_STRING));
> +-  if (! wallet && ! apr_hash_get(parameters,
> +- "kwallet-opening-failed",
> +- APR_HASH_KEY_STRING))
> ++static_cast (svn_hash_gets(parameters,
> ++  "kwallet-wallet"));
> ++  if (! wallet && ! svn_hash_gets(parameters, "kwallet-opening-failed"))
> + {
> +   wallet = KWallet::Wallet::openWallet(wallet_name, get_wid(),
> +KWallet::Wallet::Synchronous);
> ++
> ++  if (wallet)
> ++{
> ++  svn_hash_sets(parameters, "kwallet-wallet", wallet);
> ++
> ++  apr_pool_cleanup_register(apr_hash_pool_get(parameters),
> ++parameters, kwallet_terminate,
> ++apr_pool_cleanup_null);
> ++
> ++  svn_hash_sets(parameters, "kwallet-initialized", "");
> ++}
> ++  else
> ++{
> ++  svn_hash_sets(parameters, "kwallet-opening-failed", "");
> ++}
> + }
> +-  if (wallet)
> +-{
> +-  apr_hash_set(parameters,
> +-   "kwallet-wallet",
> +-   APR_HASH_KEY_STRING,
> +-   wallet);
> +-}
> +-  else
> +-{
> +-  apr_hash_set(parameters,
> +-   "kwallet-opening-failed",
> +-   APR_HASH_KEY_STRING,
> +-   "");
> +-}
> + 

Bug#816243: jessie-pu: package subversion/1.8.10-6+deb8u3

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I'd like to propose the following update (+ s/UNRELEASED/jessie/) to fix a
crash when running svn and using kwallet to store credentials.

$ debdiff subversion_1.8.10-6+deb8u{2,3}.dsc
diffstat for subversion_1.8.10-6+deb8u2 subversion_1.8.10-6+deb8u3

 debian/patches/r1701440-kwallet-segfault |  145 +++
 subversion-1.8.10/debian/changelog   |7 +
 subversion-1.8.10/debian/patches/series  |1 
 3 files changed, 153 insertions(+)

diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
--- subversion-1.8.10/debian/changelog
+++ subversion-1.8.10/debian/changelog
@@ -1,3 +1,10 @@
+subversion (1.8.10-6+deb8u3) UNRELEASED; urgency=medium
+
+  * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to
+store authentication information.  (Closes: #736879)
+
+ -- James McCoy <james...@debian.org>  Sat, 27 Feb 2016 14:08:40 -0500
+
 subversion (1.8.10-6+deb8u2) jessie-security; urgency=high
 
   * patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with
diff -u subversion-1.8.10/debian/patches/series 
subversion-1.8.10/debian/patches/series
--- subversion-1.8.10/debian/patches/series
+++ subversion-1.8.10/debian/patches/series
@@ -28,0 +29 @@
+r1701440-kwallet-segfault
only in patch2:
unchanged:
--- subversion-1.8.10.orig/debian/patches/r1701440-kwallet-segfault
+++ subversion-1.8.10/debian/patches/r1701440-kwallet-segfault
@@ -0,0 +1,145 @@
+
+r1701440 | svn-role | 2015-09-06 00:00:12 -0400 (Sun, 06 Sep 2015) | 9 lines
+
+Merge the r1700740 group from trunk:
+
+ * r1700740, r1700951
+   Fix registration of kwallet to avoid double free on close
+   Justification:
+ Fixes segfault on kwallet close. User reported problem.
+   Votes:
+ +1: rhuijben, stsp, brane
+
+
+Index: 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp
+===
+--- 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp   (revision 1701439)
 1.9.x/subversion/libsvn_auth_kwallet/kwallet.cpp   (revision 1701440)
+@@ -47,6 +47,7 @@
+ #include "svn_auth.h"
+ #include "svn_config.h"
+ #include "svn_error.h"
++#include "svn_hash.h"
+ #include "svn_io.h"
+ #include "svn_pools.h"
+ #include "svn_string.h"
+@@ -135,35 +136,37 @@
+   return wid;
+ }
+ 
++/* Forward definition */
++static apr_status_t
++kwallet_terminate(void *data);
++
+ static KWallet::Wallet *
+ get_wallet(QString wallet_name,
+apr_hash_t *parameters)
+ {
+   KWallet::Wallet *wallet =
+-static_cast (apr_hash_get(parameters,
+- "kwallet-wallet",
+- APR_HASH_KEY_STRING));
+-  if (! wallet && ! apr_hash_get(parameters,
+- "kwallet-opening-failed",
+- APR_HASH_KEY_STRING))
++static_cast (svn_hash_gets(parameters,
++  "kwallet-wallet"));
++  if (! wallet && ! svn_hash_gets(parameters, "kwallet-opening-failed"))
+ {
+   wallet = KWallet::Wallet::openWallet(wallet_name, get_wid(),
+KWallet::Wallet::Synchronous);
++
++  if (wallet)
++{
++  svn_hash_sets(parameters, "kwallet-wallet", wallet);
++
++  apr_pool_cleanup_register(apr_hash_pool_get(parameters),
++parameters, kwallet_terminate,
++apr_pool_cleanup_null);
++
++  svn_hash_sets(parameters, "kwallet-initialized", "");
++}
++  else
++{
++  svn_hash_sets(parameters, "kwallet-opening-failed", "");
++}
+ }
+-  if (wallet)
+-{
+-  apr_hash_set(parameters,
+-   "kwallet-wallet",
+-   APR_HASH_KEY_STRING,
+-   wallet);
+-}
+-  else
+-{
+-  apr_hash_set(parameters,
+-   "kwallet-opening-failed",
+-   APR_HASH_KEY_STRING,
+-   "");
+-}
+   return wallet;
+ }
+ 
+@@ -171,14 +174,12 @@
+ kwallet_terminate(void *data)
+ {
+   apr_hash_t *parameters = static_cast (data);
+-  if (apr_hash_get(parameters, "kwallet-initialized", APR_HASH_KEY_STRING))
++  if (svn_hash_gets(parameters, "kwallet-initialized"))
+ {
+   KWallet::Wallet *wallet = get_wallet(NULL, parameters);
+   delete wallet;
+-  apr_hash_set(parameters,
+-   "kwallet-initialized",
+-   APR_HASH_KEY_STRING,
+-   NU

Bug#815036: transition: msgpack-c

[James McCoy]

On Mon, Feb 22, 2016 at 07:39:44PM +0100, Emilio Pozuelo Monfort wrote:
> Tracker at https://release.debian.org/transitions/html/msgpack-c.html

Thanks!

> On 21/02/16 16:54, James McCoy wrote:
> > On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote:
> >> FTBFS:
> >>
> >> * webdis:
> >>   + #811343 filed with patch
> >> * tmate:
> >>   + New upstream version is needed
> >>   + Will file a bug for this
> > 
> > Filed #815381.
> > 
> >> * kumofs:
> >>   + configure script expects the C++ library (libmsgpack) and therefore
> >> fails
> >>   + Trivial patch to remove that expectation leads to a compile failure
> >> due to mixing code with C and C++ linkage
> >>   + No upstream activity in 5+ years
> >>   + Debian maintainer MIA
> > 
> > Given the above and a popcon of 5, should an RM bug be filed?
> 
> Yeah I'd say so.

#815845 filed.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>

Bug#815036: transition: msgpack-c

[James McCoy]

On Wed, Feb 17, 2016 at 11:46:53PM -0500, James McCoy wrote:
> FTBFS:
> 
> * webdis:
>   + #811343 filed with patch
> * tmate:
>   + New upstream version is needed
>   + Will file a bug for this

Filed #815381.

> * kumofs:
>   + configure script expects the C++ library (libmsgpack) and therefore
> fails
>   + Trivial patch to remove that expectation leads to a compile failure
> due to mixing code with C and C++ linkage
>   + No upstream activity in 5+ years
>   + Debian maintainer MIA

Given the above and a popcon of 5, should an RM bug be filed?

> * libdata-messagepack-stream-perl:
>   + This likely needs a newer version of libdata-messagepack-perl, which
> hasn't been uploaded yet

Confirmed that a newer libdata-messagepack-perl is needed.  There is a
patch in the Debian repo which helps, but a more complete patch is
proposed upstream[0].

[0]: https://github.com/msgpack/msgpack-perl/pull/22

>   + Needs to be adapted to new msgpack-c API.  I have some patches I can
> send in that regard.

I've provided patches for this upstream[1] and opened bug #815433 to
track this.

[1]: https://github.com/typester/Data-MessagePack-Stream/issues/6

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>

Bug#815036: transition: msgpack-c

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,

I'd like to start discussion of a msgpack-c (formerly msgpack)
transition.

msgpack-c 1.4.0-2 is in experimental and I'm ready to start trying to
get it into unstable & testing.  I don't know of any outstanding issues
other than it tickling a possible G++6 bug[0], but there's a possible
workaround already being looked at upstream[1].

[0]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69853
[1]: 
https://github.com/redboltz/msgpack-c/commit/d1a9ddf80307c7fd8aa5bb060792523cf3e50482

Although there isn't an ABI bump, the 1.4.0 implements the new version
of the msgpack format and has some related API changes.  The old
libmsgpackc2 doesn't understand the new msgpack format, so packages
built against the new library won't run properly if they try to use some
of the newer types.

The libmsgpack3 packge is no longer relevant as the C++ interface is now
header-only.

I've done some test rebuilds of the reverse depends and here's the
breakdown:

FTBFS:

* webdis:
  + #811343 filed with patch
* tmate:
  + New upstream version is needed
  + Will file a bug for this
* kumofs:
  + configure script expects the C++ library (libmsgpack) and therefore
fails
  + Trivial patch to remove that expectation leads to a compile failure
due to mixing code with C and C++ linkage
  + No upstream activity in 5+ years
  + Debian maintainer MIA
* libdata-messagepack-stream-perl:
  + This likely needs a newer version of libdata-messagepack-perl, which
hasn't been uploaded yet
  + Needs to be adapted to new msgpack-c API.  I have some patches I can
send in that regard.

Good:

* groonga

I'll update this as I file bugs against the FTBFS packages, but I wanted
to get on the radar and see what feedback the team had.

I'm not quite sure about the Ben file, but I think it should be
sufficient.  From what I see, most current packages ended up getting
dependencies on libmsgpack3 so seeing them switch to libmsgpackc2 should
be good enough.  I don't think enforcing a minimum version of the
libmsgpackc2 dependency is accurate, since that depends on what part of
the API is being used.

Although it's most likely that anything build depending on
libmsgpack-dev has *some* binary package that will get a dependency on
libmsgpackc2 >= 1.0.0, not necessarily all of their binary packages
will.  For example, groonga's groonga-bin package has Depends
libmsgpackc2 (>= 0.5.1) after a rebuild but groonga-plugin-suggest gets
libmsgpackc2 (>= 1.0.0).

Cheers,
James

Ben file:

title = "msgpack-c";
is_affected = .build-depends ~ "libmsgpack-dev"
is_good = .depends ~ "libmsgpackc2";
is_bad = .depends ~ "libmsgpack3"


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Re: Bug#807128: gcc-5-base: Differing changelog.Debian.gz between :i386 and :amd64

[James McCoy]

Control: reassign -1 release.debian.org
Control: retitle -1 nmu: gcc-5_5.3.0-3
Control: user release.debian@packages.debian.org
Control: usertag -1 binnmu

nmu gcc-5_5.3.0-3 . amd64 . unstable . -m "Rebuild to fix M-A installability"

On Sat, Dec 05, 2015 at 01:00:20PM -0500, James McCoy wrote:
> Unpacking gcc-5-base:amd64 (5.3.0-3) over (5.2.1-27) ...
> Preparing to unpack .../gcc-5-base_5.3.0-3_i386.deb ...
> Unpacking gcc-5-base:i386 (5.3.0-3) over (5.2.1-27) ...
> dpkg: error processing archive 
> /var/cache/apt/archives/gcc-5-base_5.3.0-3_i386.deb (--unpack):
>  trying to overwrite shared '/usr/share/doc/gcc-5-base/changelog.Debian.gz', 
> which is different from other instances of package gcc-5-base:i386
> 
> The :amd64 package (built on the buildd) has unstable as the target
> distribution in the changelog, but the (maintainer built) :i386 package
> has experimental, thus causing the mismatch between the two.

Where :i386 and :amd64 were built is reversed, but the end result is the
same.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>

Re: Bug#807128: gcc-5-base: Differing changelog.Debian.gz between :i386 and :amd64

[James McCoy]

On Sat, Dec 05, 2015 at 08:37:15PM +0100, Matthias Klose wrote:
> no binNMU please.

Why?  Are you planning to do a sourceful upload?  If not, that would
resolve the installability issues that people are going to encounter.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>

Bug#795447: stretch-pu: package subversion/1.8.13-1+deb9u1

[James McCoy]

Package: release.debian.org
Severity: normal

The recent upstream Subversion releases included fixes for 2 CVEs
(CVE-2015-3184 and CVE-2015-3187).  The sid upload got caught up in the
libstdc++ transition, so I've uploaded an updated package for stretch.

Attached is the debdiff.  It's large, but a good chunk of that is added
testing for the security fix.

Cheers,
James

diffstat for subversion_1.8.13-1 subversion_1.8.13-1+deb9u1

 debian/patches/CVE-2015-3184| 2165 
 debian/patches/CVE-2015-3187|  404 +
 subversion-1.8.13/debian/changelog  |   10 
 subversion-1.8.13/debian/control|4 
 subversion-1.8.13/debian/patches/series |2 
 5 files changed, 2583 insertions(+), 2 deletions(-)

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for subversion_1.8.13-1 subversion_1.8.13-1+deb9u1

 debian/patches/CVE-2015-3184| 2165 
 debian/patches/CVE-2015-3187|  404 +
 subversion-1.8.13/debian/changelog  |   10 
 subversion-1.8.13/debian/control|4 
 subversion-1.8.13/debian/patches/series |2 
 5 files changed, 2583 insertions(+), 2 deletions(-)

diff -u subversion-1.8.13/debian/changelog subversion-1.8.13/debian/changelog
--- subversion-1.8.13/debian/changelog
+++ subversion-1.8.13/debian/changelog
@@ -1,3 +1,13 @@
+subversion (1.8.13-1+deb9u1) stretch; urgency=medium
+
+  * Add (Build-)Depends on apache2 packages necessary for security fixes.
+  * patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with
+httpd 2.4
+  * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals path
+hidden by authz
+
+ -- James McCoy james...@debian.org  Wed, 12 Aug 2015 20:31:26 -0400
+
 subversion (1.8.13-1) unstable; urgency=medium
 
   * New upstream release.  Refresh patches.
diff -u subversion-1.8.13/debian/control subversion-1.8.13/debian/control
--- subversion-1.8.13/debian/control
+++ subversion-1.8.13/debian/control
@@ -6,7 +6,7 @@
James McCoy james...@debian.org
 Build-Depends: debhelper (= 8), libserf-dev (= 1.2), zlib1g-dev,
libapr1-dev, libaprutil1-dev, libdb5.3-dev,
-   libsasl2-dev, apache2-dev, dh-apache2,
+   libsasl2-dev, apache2-dev (= 2.4.16), dh-apache2,
libsqlite3-dev (= 3.7.12), libgnome-keyring-dev, libdbus-1-dev, kdelibs5-dev,
quilt, doxygen, autotools-dev, autoconf, libtool-bin, swig,
python-all-dev, perl, libperl-dev, ruby, ruby-dev,
@@ -83,7 +83,7 @@
 Package: libapache2-mod-svn
 Section: httpd
 Architecture: any
-Depends: apache2-api-20120211, libsvn1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: apache2-bin (= 2.4.16), apache2-api-20120211, libsvn1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
 Breaks: libapache2-svn ( 1.7.9-1+nmu5)
 Replaces: libapache2-svn ( 1.7.9-1+nmu5)
 Suggests: db5.3-util
diff -u subversion-1.8.13/debian/patches/series subversion-1.8.13/debian/patches/series
--- subversion-1.8.13/debian/patches/series
+++ subversion-1.8.13/debian/patches/series
@@ -19,0 +20,2 @@
+CVE-2015-3187
+CVE-2015-3184
only in patch2:
unchanged:
--- subversion-1.8.13.orig/debian/patches/CVE-2015-3184
+++ subversion-1.8.13/debian/patches/CVE-2015-3184
@@ -0,0 +1,2165 @@
+  Mixed anonymous/authenticated path-based authz with Apache httpd 2.4.
+
+Summary
+===
+
+  Subversion's mod_authz_svn does not properly restrict anonymous
+  access in some mixed anonymous/authenticated environments when using
+  Apache httpd 2.4.  The result is that anonymous access may be possible
+  to files for which only authenticated access should be possible.
+
+Known vulnerable
+
+
+  Apache httpd 2.4.0 to 2.4.12
+  Apache Subversion 1.8.0 to 1.8.13
+  Apache Subversion 1.7.0 to 1.7.20
+
+  Servers are vulnerable if either httpd or Subversion is as listed.
+
+  Subversion 1.6 does not build with httpd 2.4 and servers using
+  httpd 2.2 are not vulnerable.  Servers that are configured to deny
+  anonymous access are not vulnerable.
+
+Known fixed
+===
+
+  Apache httpd 2.4.16
+  Apache Subversion 1.8.14 and 1.7.21
+
+  Both httpd and Subversion need to be updated.  Subversion must
+  be built with a fixed httpd.
+
+Details
+===
+
+  If you have a Subversion repository configured for anonymous read
+  that has mod_authz_svn configured such that some portion of the
+  repository is hidden from an anonymous user, then in certain cases
+  when Subversion is used with Apache httpd 2.4.x the file contents of
+  the repository may be exposed to someone who knows

Bug#789077: ruby2.2 transition: about to switch the default in unstable

[James McCoy]

On Tue, Jul 28, 2015 at 06:23:57PM -0300, Antonio Terceiro wrote:
 Hello release team.
 
 We are not at a point where it makes sense to switch the default ruby
now? -^
 in unstable.
 […]
 These packages FTBFS and we will need to look at them individually:
 
 korundum
 kross-interpreters
 subversion

At least subversion is due to ruby2.2 not including or depending on
ruby-test-unit, even though upstream ruby's tarball does (#791925).

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Re: release goal idea: namespace for users and groups

[James McCoy]

On Tue, Jun 30, 2015 at 03:49:08AM +0200, Christoph Anton Mitterer wrote:
 Hey.
 
 The following probably doesn't qualify yet for a proper release goal
 proposal (I haven't written a wikipage yet)... further as non-DD I'm
 not sure how far I could actually coordinate that.
 So take that rather as presenting and idea[0] and asking for
 commentsfeedback than a commitment to spend an FTE on it ;-)
 
 Nevertheless it may be found useful, so here it is for discussion:
 
 
 I think there should be a reserved namespace for users and groups,
 created by Debian packages.
 Maybe even further namespaces for other use cases (e.g. 3rd party
 packages).

This has been discussed various times over the years on debian-devel
([0] looks like the most recent).  There's even an open bug[1] against
debian-policy about it.  There's been plenty of discussion, with a
general concensus on _-prefixed names, but not much else.

[0]: https://lists.debian.org/debian-devel/2014/02/msg00187.html
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248809

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150630034446.gc1...@freya.jamessan.com

Bug#782053: unblock: devscripts/2.15.3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

Update debchange to understand the versioning for jessie-backports and
make that the default release when using “dch --bpo”.  The release is
(relatively) imminent and I'd rather have this ready at release time
rather than wait for a stable upload, even though that means sid users
creating new backports will have to manually adjust the changelog
header.

$ debdiff devscripts_2.15.1.dsc devscripts_2.15.3.dsc
diffstat for devscripts-2.15.1 devscripts-2.15.3

 debian/changelog   |   13 +
 po4a/po/de.po  |4 ++--
 po4a/po/devscripts.pot |2 +-
 po4a/po/fr.po  |4 ++--
 scripts/debchange.1|2 +-
 scripts/debchange.pl   |6 +++---
 6 files changed, 22 insertions(+), 9 deletions(-)

diff -Nru devscripts-2.15.1/debian/changelog devscripts-2.15.3/debian/changelog
--- devscripts-2.15.1/debian/changelog  2015-01-01 09:51:28.0 -0500
+++ devscripts-2.15.3/debian/changelog  2015-04-03 21:48:02.0 -0400
@@ -1,3 +1,16 @@
+devscripts (2.15.3) unstable; urgency=medium
+
+  * debchange: Use bpo8 instead of bpo80 for jessie-backports, per
+https://lists.debian.org/debian-backports/2014/11/msg00031.html.
+
+ -- James McCoy james...@debian.org  Fri, 03 Apr 2015 21:47:54 -0400
+
+devscripts (2.15.2) unstable; urgency=medium
+
+  * debchange: Make jessie default backports release.
+
+ -- James McCoy james...@debian.org  Thu, 02 Apr 2015 21:37:39 -0400
+
 devscripts (2.15.1) unstable; urgency=medium
 
   [ Julien Cristau ]
diff -Nru devscripts-2.15.1/po4a/po/de.po devscripts-2.15.3/po4a/po/de.po
--- devscripts-2.15.1/po4a/po/de.po 2015-01-01 09:51:28.0 -0500
+++ devscripts-2.15.3/po4a/po/de.po 2015-04-03 21:48:02.0 -0400
@@ -7086,10 +7086,10 @@
 #. type: Plain text
 #: ../scripts/debchange.1:256
 msgid 
-Increment the Debian release number for an upload to wheezy-backports, and 
+Increment the Debian release number for an upload to jessie-backports, and 
 add a backport upload changelog comment.
 msgstr 
-erhöht die Debian-Veröffentlichungsnummer für ein Hochladen nach wheezy-
+erhöht die Debian-Veröffentlichungsnummer für ein Hochladen nach jessie-
 backports und fügt einen Changelog-Kommentar »backport upload« hinzu.
 
 #. type: TP
diff -Nru devscripts-2.15.1/po4a/po/devscripts.pot 
devscripts-2.15.3/po4a/po/devscripts.pot
--- devscripts-2.15.1/po4a/po/devscripts.pot2015-01-01 09:53:59.0 
-0500
+++ devscripts-2.15.3/po4a/po/devscripts.pot2015-04-03 21:53:13.0 
-0400
@@ -5354,7 +5354,7 @@
 #. type: Plain text
 #: ../scripts/debchange.1:256
 msgid 
-Increment the Debian release number for an upload to wheezy-backports, and 
+Increment the Debian release number for an upload to jessie-backports, and 
 add a backport upload changelog comment.
 msgstr 
 
diff -Nru devscripts-2.15.1/po4a/po/fr.po devscripts-2.15.3/po4a/po/fr.po
--- devscripts-2.15.1/po4a/po/fr.po 2015-01-01 09:51:28.0 -0500
+++ devscripts-2.15.3/po4a/po/fr.po 2015-04-03 21:48:02.0 -0400
@@ -7075,11 +7075,11 @@
 #. type: Plain text
 #: ../scripts/debchange.1:256
 msgid 
-Increment the Debian release number for an upload to wheezy-backports, and 
+Increment the Debian release number for an upload to jessie-backports, and 
 add a backport upload changelog comment.
 msgstr 
 Incrémenter le numéro de publication de Debian pour un envoi d'un 
-rétroportage pour Wheezy, et ajouter un commentaire pour l'envoi du 
+rétroportage pour Jessie, et ajouter un commentaire pour l'envoi du 
 rétroportage dans le changelog.
 
 #. type: TP
diff -Nru devscripts-2.15.1/scripts/debchange.1 
devscripts-2.15.3/scripts/debchange.1
--- devscripts-2.15.1/scripts/debchange.1   2015-01-01 09:51:28.0 
-0500
+++ devscripts-2.15.3/scripts/debchange.1   2015-04-03 21:48:02.0 
-0400
@@ -251,7 +251,7 @@
 distribution. Increment the Debian version.
 .TP
 .B \-\-bpo
-Increment the Debian release number for an upload to wheezy-backports,
+Increment the Debian release number for an upload to jessie-backports,
 and add a backport upload changelog comment.
 .TP
 .BR \-\-local ,  \-l \fIsuffix\fR
diff -Nru devscripts-2.15.1/scripts/debchange.pl 
devscripts-2.15.3/scripts/debchange.pl
--- devscripts-2.15.1/scripts/debchange.pl  2015-01-01 09:51:28.0 
-0500
+++ devscripts-2.15.3/scripts/debchange.pl  2015-04-03 21:48:02.0 
-0400
@@ -179,7 +179,7 @@
  distribution name
   --bpo
  Increment the Debian release number for a backports upload
- to wheezy-backports
+ to jessie-backports
   -l, --local suffix
  Add a suffix to the Debian version number for a local build
   -b, --force-bad-version
@@ -624,8 +624,8 @@
 my $EMAIL = 'EMAIL';
 my $DISTRIBUTION = 'UNRELEASED';
 my $bpo_dist = '';
-my %bpo_dists = ( 60, 'squeeze', 70, 'wheezy', 80, 'jessie

Bug#781718: unblock: subversion/1.8.10-6

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package subversion

This uploaded backports fixes for 3 recent CVEs.

$ debdiff subversion_1.8.10-5.dsc subversion_1.8.10-6.dsc
diffstat for subversion_1.8.10-5 subversion_1.8.10-6

 debian/patches/CVE-2015-0202|  474 
 debian/patches/CVE-2015-0248|  105 +++
 debian/patches/CVE-2015-0251|   62 
 subversion-1.8.10/debian/changelog  |   11 
 subversion-1.8.10/debian/patches/series |3 
 5 files changed, 655 insertions(+)

diff -u subversion-1.8.10/debian/changelog subversion-1.8.10/debian/changelog
--- subversion-1.8.10/debian/changelog
+++ subversion-1.8.10/debian/changelog
@@ -1,3 +1,14 @@
+subversion (1.8.10-6) unstable; urgency=high
+
+  * patches/CVE-2015-0202: Excessive memory use with certain REPORT requests
+against mod_dav_svn with FSFS repositories
+  * patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn
+and svnserve requests with dynamically evaluated revision numbers
+  * patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property
+values for new revisions
+
+ -- James McCoy james...@debian.org  Tue, 31 Mar 2015 22:51:18 -0400
+
 subversion (1.8.10-5) unstable; urgency=medium
 
   * patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual
diff -u subversion-1.8.10/debian/patches/series 
subversion-1.8.10/debian/patches/series
--- subversion-1.8.10/debian/patches/series
+++ subversion-1.8.10/debian/patches/series
@@ -21,0 +22,3 @@
+CVE-2015-0251
+CVE-2015-0248
+CVE-2015-0202
only in patch2:
unchanged:
--- subversion-1.8.10.orig/debian/patches/CVE-2015-0202
+++ subversion-1.8.10/debian/patches/CVE-2015-0202
@@ -0,0 +1,474 @@
+Index: subversion/libsvn_fs_fs/tree.c
+===
+--- a/subversion/libsvn_fs_fs/tree.c   (revision 1655679)
 b/subversion/libsvn_fs_fs/tree.c   (working copy)
+@@ -127,7 +127,6 @@ typedef struct fs_txn_root_data_t
+ static svn_error_t * get_dag(dag_node_t **dag_node_p,
+  svn_fs_root_t *root,
+  const char *path,
+- svn_boolean_t needs_lock_cache,
+  apr_pool_t *pool);
+ 
+ static svn_fs_root_t *make_revision_root(svn_fs_t *fs, svn_revnum_t rev,
+@@ -178,34 +177,10 @@ typedef struct cache_entry_t
+  */
+ enum { BUCKET_COUNT = 256 };
+ 
+-/* Each pool that has received a DAG node, will hold at least on lock on
+-   our cache to ensure that the node remains valid despite being allocated
+-   in the cache's pool.  This is the structure to represent the lock.
+- */
+-typedef struct cache_lock_t
+-{
+-  /* pool holding the lock */
+-  apr_pool_t *pool;
+-
+-  /* cache being locked */
+-  fs_fs_dag_cache_t *cache;
+-
+-  /* next lock. NULL at EOL */
+-  struct cache_lock_t *next;
+-
+-  /* previous lock. NULL at list head. Only then this==cache-first_lock */
+-  struct cache_lock_t *prev;
+-} cache_lock_t;
+-
+ /* The actual cache structure.  All nodes will be allocated in POOL.
+When the number of INSERTIONS (i.e. objects created form that pool)
+exceeds a certain threshold, the pool will be cleared and the cache
+with it.
+-
+-   To ensure that nodes returned from this structure remain valid, the
+-   cache will get locked for the lifetime of the _receiving_ pools (i.e.
+-   those in which we would allocate the node if there was no cache.).
+-   The cache will only be cleared FIRST_LOCK is 0.
+  */
+ struct fs_fs_dag_cache_t
+ {
+@@ -221,47 +196,8 @@ struct fs_fs_dag_cache_t
+   /* Property lookups etc. have a very high locality (75% re-hit).
+  Thus, remember the last hit location for optimistic lookup. */
+   apr_size_t last_hit;
+-
+-  /* List of receiving pools that are still alive. */
+-  cache_lock_t *first_lock;
+ };
+ 
+-/* Cleanup function to be called when a receiving pool gets cleared.
+-   Unlocks the cache once.
+- */
+-static apr_status_t
+-unlock_cache(void *baton_void)
+-{
+-  cache_lock_t *lock = baton_void;
+-
+-  /* remove lock from chain. Update the head */
+-  if (lock-next)
+-lock-next-prev = lock-prev;
+-  if (lock-prev)
+-lock-prev-next = lock-next;
+-  else
+-lock-cache-first_lock = lock-next;
+-
+-  return APR_SUCCESS;
+-}
+-
+-/* Cleanup function to be called when the cache itself gets destroyed.
+-   In that case, we must unregister all unlock requests.
+- */
+-static apr_status_t
+-unregister_locks(void *baton_void)
+-{
+-  fs_fs_dag_cache_t *cache = baton_void;
+-  cache_lock_t *lock;
+-
+-  for (lock = cache-first_lock; lock; lock = lock-next)
+-apr_pool_cleanup_kill(lock-pool,
+-  lock,
+-  unlock_cache);
+-
+-  return APR_SUCCESS;
+-}
+-
+ fs_fs_dag_cache_t*
+ svn_fs_fs__create_dag_cache(apr_pool_t *pool)
+ {
+@@ -268,59 +204,15

Bug#781562: [preapproval] unblock: vim/2:7.4.488-7

[James McCoy]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: vim/2:7.4.488-7

On Tue, Mar 31, 2015 at 07:39:03AM +0100, Adam D. Barratt wrote:
 On 2015-03-31 2:39, James McCoy wrote:
 Please unblock package vim
 
 The 'linebreak' patch in this upload addresses a very distracting bug
 where the visual formatting of blocks of text changes every time the
 user starts insert mode using Vim's c command.
 
 The NetRW patch fixes an error that will make any callers of the
 function fail.
 
 Please go ahead, and remove the moreinfo tag once the package is in
 unstable.

Uploaded.  Thanks.

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#781562: [preapproval] unblock: vim/2:7.4.488-7

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

The 'linebreak' patch in this upload addresses a very distracting bug
where the visual formatting of blocks of text changes every time the
user starts insert mode using Vim's c command.

The NetRW patch fixes an error that will make any callers of the
function fail.

$ debdiff vim_7.4.488-6.dsc vim_7.4.488-7.dsc
diffstat for vim-7.4.488 vim-7.4.488

 changelog|9 ++
 patches/series   |2 
 patches/upstream/netrwSavePosn.patch |   11 ++
 patches/upstream/v7-4-576.patch  |  148 +++
 4 files changed, 170 insertions(+)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2015-03-21 14:24:12.0 -0400
+++ vim-7.4.488/debian/changelog2015-03-30 20:53:46.0 -0400
@@ -1,3 +1,12 @@
+vim (2:7.4.488-7) UNRELEASED; urgency=medium
+
+  * Backport patch 7.4.576 to fix jarring toggling of 'linebreak' option when
+using the c command to change the buffer.  (Closes: #774492)
+  * Backport upstream fix for call to unknown function in NetRW plugin.
+(Closes: #768467)
+
+ -- James McCoy james...@debian.org  Mon, 30 Mar 2015 20:48:28 -0400
+
 vim (2:7.4.488-6) unstable; urgency=medium
 
   * Build vim logo from the eps instead of pdf so the svg has the correct
diff -Nru vim-7.4.488/debian/patches/series vim-7.4.488/debian/patches/series
--- vim-7.4.488/debian/patches/series   2014-11-04 19:41:11.0 -0500
+++ vim-7.4.488/debian/patches/series   2015-03-30 20:44:15.0 -0400
@@ -3,6 +3,8 @@
 upstream/pythoncomplete-autoload-init.patch
 upstream/debcontrol-syntax-vcs-git.patch
 upstream/debian-runtime-versions.patch
+upstream/v7-4-576.patch
+upstream/netrwSavePosn.patch
 debian/vim-tiny.patch
 debian/disabled-modelines.patch
 debian/extra-tex-detection.patch
diff -Nru vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch 
vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch
--- vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch 1969-12-31 
19:00:00.0 -0500
+++ vim-7.4.488/debian/patches/upstream/netrwSavePosn.patch 2015-03-30 
20:46:43.0 -0400
@@ -0,0 +1,11 @@
+--- a/runtime/autoload/netrwSettings.vim
 b/runtime/autoload/netrwSettings.vim
+@@ -31,7 +31,7 @@
+  NetrwSettings: {{{1
+ fun! netrwSettings#NetrwSettings()
+this call is here largely just to insure that netrw has been loaded
+-  call netrw#NetrwSavePosn()
++  call netrw#SavePosn()
+   if !exists(g:loaded_netrw)
+echohl WarningMsg | echomsg ***sorry*** netrw needs to be loaded prior to 
using NetrwSettings | echohl None
+return
diff -Nru vim-7.4.488/debian/patches/upstream/v7-4-576.patch 
vim-7.4.488/debian/patches/upstream/v7-4-576.patch
--- vim-7.4.488/debian/patches/upstream/v7-4-576.patch  1969-12-31 
19:00:00.0 -0500
+++ vim-7.4.488/debian/patches/upstream/v7-4-576.patch  2015-03-30 
20:43:31.0 -0400
@@ -0,0 +1,148 @@
+changeset:   6888:749fc929da45
+tag: v7-4-576
+user:Bram Moolenaar b...@vim.org
+date:Wed Jan 14 17:52:30 2015 +0100
+files:   src/normal.c src/version.c
+description:
+updated for version 7.4.576
+Problem:Redrawing problem with 'relativenumber' and 'linebreak'.
+Solution:   Temporarily reset 'linebreak' and restore it in more places.
+   (Christian Brabandt)
+
+
+diff --git a/src/normal.c b/src/normal.c
+--- a/src/normal.c
 b/src/normal.c
+@@ -1393,10 +1393,6 @@
+ int   include_line_break = FALSE;
+ #endif
+ 
+-#ifdef FEAT_LINEBREAK
+-curwin-w_p_lbr = FALSE;  /* Avoid a problem with unwanted linebreaks in
+-   * block mode. */
+-#endif
+ #if defined(FEAT_CLIPBOARD)
+ /*
+  * Yank the visual area into the GUI selection register before we operate
+@@ -1420,6 +1416,10 @@
+  */
+ if ((finish_op || VIsual_active)  oap-op_type != OP_NOP)
+ {
++#ifdef FEAT_LINEBREAK
++  /* Avoid a problem with unwanted linebreaks in block mode. */
++  curwin-w_p_lbr = FALSE;
++#endif
+   oap-is_VIsual = VIsual_active;
+   if (oap-motion_force == 'V')
+   oap-motion_type = MLINE;
+@@ -1819,7 +1819,13 @@
+   || oap-op_type == OP_FUNCTION
+   || oap-op_type == OP_FILTER)
+oap-motion_force == NUL)
++  {
++#ifdef FEAT_LINEBREAK
++  /* make sure redrawing is correct */
++  curwin-w_p_lbr = lbr_saved;
++#endif
+   redraw_curbuf_later(INVERTED);
++  }
+   }
+   }
+ 
+@@ -1863,7 +1869,12 @@
+   || oap-op_type == OP_FOLD
+ #endif
+   ))
++  {
++#ifdef FEAT_LINEBREAK
++  curwin-w_p_lbr = lbr_saved;
++#endif
+   redraw_curbuf_later(INVERTED

Bug#780985: unblock: vim/2:7.4.488-6

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

The -5 upload finished off the changes from the previous couple uploads
such that the scalable icons are installed in the proper places.  It
also drops our custom icons in favor of using upstream's.

The -6 upload fixes an issue with generating the svg from upstream's pdf
and includes recognition of jessie(-backports)/sid and binary-only=yes
in the debchangelog syntax file.

Generating the svg from the pdf resulted in a bad bounding box which
made applications that honored the bounding box display a lot of dead
space, so I changed to generating the svg from the eps file which
resolves the issue.

$ debdiff vim_7.4.488-4.dsc vim_7.4.488-6.dsc
diffstat for vim-7.4.488 vim-7.4.488

 changelog  |   19 +
 control|2 
 icons/vim-16.xpm   |   30 --
 icons/vim-32.xpm   |   43 ---
 icons/vim.svg  |  284 -
 patches/upstream/debian-runtime-versions.patch |   35 ++-
 rules  |   15 +
 vim-common.dirs|5 
 vim-common.install.in  |4 
 9 files changed, 71 insertions(+), 366 deletions(-)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2014-12-29 23:13:20.0 -0500
+++ vim-7.4.488/debian/changelog2015-03-21 14:24:12.0 -0400
@@ -1,3 +1,22 @@
+vim (2:7.4.488-6) unstable; urgency=medium
+
+  * Build vim logo from the eps instead of pdf so the svg has the correct
+bounding box.  Thanks to Simon McVittie for the idea!  (Closes: #778477)
+  * syntax/debchangelog.vim:
++ Recognize jessie, jessie-backports, and sid targets
++ Recognize binary-only=yes key value in debchangelogHeader
+
+ -- James McCoy james...@debian.org  Sat, 21 Mar 2015 14:24:01 -0400
+
+vim (2:7.4.488-5) unstable; urgency=medium
+
+  * Install icons to the proper directory.  dh_install doesn't rename files,
+even though the last upload pretended it does.
+- Use upstream's icons and remove the ones in debian/
+- Add Build-Depends: pdf2svg to create a scalable icon
+
+ -- James McCoy james...@debian.org  Wed, 11 Feb 2015 21:38:10 -0500
+
 vim (2:7.4.488-4) unstable; urgency=medium
 
   * Move vim icon from vim-gui-common to vim-common since both vim.desktop and
diff -Nru vim-7.4.488/debian/control vim-7.4.488/debian/control
--- vim-7.4.488/debian/control  2014-12-29 21:14:50.0 -0500
+++ vim-7.4.488/debian/control  2015-03-21 11:25:06.0 -0400
@@ -5,6 +5,8 @@
 Uploaders: James McCoy james...@debian.org
 Standards-Version: 3.9.5
 Build-Depends: libacl1-dev, libgpmg1-dev [linux-any], autoconf,
+# Building Vim's svg icons
+ pdf2svg, ghostscript,
 # B-D for dh_bugfiles
  debhelper (= 7.2.3~),
  libtinfo-dev | libncurses5-dev, libselinux1-dev [linux-any],
diff -Nru vim-7.4.488/debian/icons/vim-16.xpm 
vim-7.4.488/debian/icons/vim-16.xpm
--- vim-7.4.488/debian/icons/vim-16.xpm 2014-10-22 21:01:13.0 -0400
+++ vim-7.4.488/debian/icons/vim-16.xpm 1969-12-31 19:00:00.0 -0500
@@ -1,30 +0,0 @@
-/* XPM */
-static char *magick[] = {
-/* columns rows colors chars-per-pixel */
-16 16 8 1,
-  c Gray0,
-. c #80,
-X c #008000,
-o c Green,
-O c #808080,
-+ c #c0c0c0,
-@ c Gray100,
-# c None,
-/* pixels */
-## o ###,
-# @ X  #,
-# +O  O ,
-## +++O X @++O #,
-## +++O  @++O ##,
-## +++O @++O  ##,
-#o +++O@++O XX #,
-oX +++@++O  ,
- X +  .#,
-#   +   X ##,
-##    ++ + #,
-## +++ ++ + ,
-## ++O  + + + + ,
-## +O X + + + + ,
-###  # ++ + + + ,
-###  # # # #
-};
diff -Nru vim-7.4.488/debian/icons/vim-32.xpm 
vim-7.4.488/debian/icons/vim-32.xpm
--- vim-7.4.488/debian/icons/vim-32.xpm 2014-10-22 21:01:13.0 -0400
+++ vim-7.4.488/debian/icons/vim-32.xpm 1969-12-31 19:00:00.0 -0500
@@ -1,43 +0,0 @@
-/* XPM */
-static char * vim32x32[] = {
-32 32 8 1,
-  c None,
-. c #00,
-+ c #7f,
-@ c #007f00,
-# c #00FF00,
-$ c #7f7f7f,
-% c #CC,
- c #FF

Bug#774462: unblock: devscripts/2.15.1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

David Prévot updated French translations and there was a small URL
update for grep-excuses.

Debdiffs, with and without translations, attached.

unblock devscripts/2.15.1

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150103013242.27266.69469.report...@freya.jamessan.com

Bug#774305: unblock: vim/2:7.4.488-4

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

A vim.desktop file is shipped by vim-common (for non-GUI versions of
Vim), but the icons it and gvim.desktop reference are only in
vim-gui-common.  This upload moves the icons to vim-common, which all
vim variants Depend on.

$ debdiff vim_7.4.488-3.dsc vim_7.4.488-4.dsc
diffstat for vim-7.4.488 vim-7.4.488

 changelog |7 +++
 control   |3 +++
 vim-common.install.in |4 
 vim-gui-common.install.in |4 
 4 files changed, 14 insertions(+), 4 deletions(-)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2014-11-30 15:08:12.0 -0500
+++ vim-7.4.488/debian/changelog2014-12-29 23:13:20.0 -0500
@@ -1,3 +1,10 @@
+vim (2:7.4.488-4) unstable; urgency=medium
+
+  * Move vim icon from vim-gui-common to vim-common since both vim.desktop and
+gvim.desktop use it.  (Closes: #773930)
+
+ -- James McCoy james...@debian.org  Mon, 29 Dec 2014 23:13:17 -0500
+
 vim (2:7.4.488-3) unstable; urgency=medium
 
   * Install icons to /usr/share/icons/hicolor to work around #765069.
diff -Nru vim-7.4.488/debian/control vim-7.4.488/debian/control
--- vim-7.4.488/debian/control  2014-11-04 21:10:48.0 -0500
+++ vim-7.4.488/debian/control  2014-12-29 21:14:50.0 -0500
@@ -29,6 +29,9 @@
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Recommends: vim | vim-gnome | vim-gtk | vim-athena | vim-nox | vim-tiny
+# Move vim icon from vim-gui-common to vim-common
+Breaks: vim-gui-common ( 2:7.4.488-4~)
+Replaces: vim-gui-common ( 2:7.4.488-4~)
 Description: Vi IMproved - Common files
  Vim is an almost compatible version of the UNIX editor Vi.
  .
diff -Nru vim-7.4.488/debian/vim-common.install.in 
vim-7.4.488/debian/vim-common.install.in
--- vim-7.4.488/debian/vim-common.install.in2014-11-04 19:41:11.0 
-0500
+++ vim-7.4.488/debian/vim-common.install.in2014-12-29 21:13:22.0 
-0500
@@ -1,6 +1,10 @@
 debian/tmp/usr/bin/xxd   usr/bin/
 debian/helpztags usr/bin/
 debian/vim.desktop   usr/share/applications/
+debian/icons/*   usr/share/pixmaps/
+debian/icons/vim.svg 
usr/share/icons/hicolor/scalable/apps/
+debian/icons/vim-16.xpm  
usr/share/icons/hicolor/16x16/apps/vim.xpm
+debian/icons/vim-32.xpm  
usr/share/icons/hicolor/32x32/apps/vim.xpm
 debian/runtime/vimrc etc/vim/
 debian/runtime/debian.vimusr/share/vim/@VIMCUR@/
 debian/tmp/usr/share/man/man1/xxd.1  usr/share/man/man1/
diff -Nru vim-7.4.488/debian/vim-gui-common.install.in 
vim-7.4.488/debian/vim-gui-common.install.in
--- vim-7.4.488/debian/vim-gui-common.install.in2014-11-30 
14:34:27.0 -0500
+++ vim-7.4.488/debian/vim-gui-common.install.in2014-12-29 
21:13:26.0 -0500
@@ -1,9 +1,5 @@
 debian/tmp/usr/bin/gvimtutor   usr/bin/
 debian/gvim.desktopusr/share/applications/
-debian/icons/* usr/share/pixmaps/
-debian/icons/vim.svg   
usr/share/icons/hicolor/scalable/apps/
-debian/icons/vim-16.xpm
usr/share/icons/hicolor/16x16/apps/vim.xpm
-debian/icons/vim-32.xpm
usr/share/icons/hicolor/32x32/apps/vim.xpm
 debian/runtime/gvimrc  etc/vim/
 debian/tmp/usr/share/man/man1/evim.1   usr/share/man/man1/
 debian/lintian/vim-gui-common  
usr/share/lintian/overrides/

unblock vim/2:7.4.488-4

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20141231135650.19593.76876.report...@freya.jamessan.com

Bug#771758: unblock (pre-approval): serf/1.3.8-1

[James McCoy]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: serf/1.3.8-1

On Thu, Dec 04, 2014 at 07:58:20AM +, Adam D. Barratt wrote:
 On 2014-12-02 3:38, James McCoy wrote:
 Please unblock package serf
 
 Please go ahead, and remove the moreinfo tag once the package has been
 accepted.

Uploaded and accepted.  Thanks.

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141205005517.gf13...@freya.jamessan.com

Bug#771758: unblock (pre-approval): serf/1.3.8-1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package serf

The upstream 1.3.8 release is a minor bug fix release.  One of the three
functional changes is to disable use of SSLv2/SSLv3.  I'd like to
include all the changes, but the SSL changes seem most relevant, so if
needed I can instead backport just that patch.

Attached are the full debdiff and a debdiff excluding the changes to the
test directory.

unblock serf/1.3.8-1

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diffstat for serf-1.3.7 serf-1.3.8

 CHANGES|8 
 auth/auth_spnego_sspi.c|4 
 buckets/deflate_buckets.c  |   37 ++-
 buckets/ssl_buckets.c  |2 
 debian/changelog   |   10 
 debian/patches/comment-style_r2443 |   19 +
 debian/patches/series  |2 
 debian/patches/test-memory-usage_r2445 |   61 +
 serf.h |2 
 test/test_buckets.c|  350 +
 test/test_serf.h   |3 
 11 files changed, 485 insertions(+), 13 deletions(-)

diff -Nru serf-1.3.7/auth/auth_spnego_sspi.c serf-1.3.8/auth/auth_spnego_sspi.c
--- serf-1.3.7/auth/auth_spnego_sspi.c	2014-02-04 14:41:14.0 -0500
+++ serf-1.3.8/auth/auth_spnego_sspi.c	2014-10-19 14:38:11.0 -0400
@@ -95,8 +95,8 @@
 }
 
 if (SecIsValidHandle(ctx-sspi_credentials)) {
-FreeCredentialsHandle(ctx-sspi_context);
-SecInvalidateHandle(ctx-sspi_context);
+FreeCredentialsHandle(ctx-sspi_credentials);
+SecInvalidateHandle(ctx-sspi_credentials);
 }
 
 return APR_SUCCESS;
diff -Nru serf-1.3.7/buckets/deflate_buckets.c serf-1.3.8/buckets/deflate_buckets.c
--- serf-1.3.7/buckets/deflate_buckets.c	2011-06-23 22:03:57.0 -0400
+++ serf-1.3.8/buckets/deflate_buckets.c	2014-10-19 14:38:11.0 -0400
@@ -141,7 +141,6 @@
   const char **data, apr_size_t *len)
 {
 deflate_context_t *ctx = bucket-data;
-unsigned long compCRC, compLen;
 apr_status_t status;
 const char *private_data;
 apr_size_t private_len;
@@ -186,17 +185,25 @@
 ctx-state++;
 break;
 case STATE_VERIFY:
+{
+unsigned long compCRC, compLen, actualLen;
+
 /* Do the checksum computation. */
 compCRC = getLong((unsigned char*)ctx-hdr_buffer);
 if (ctx-crc != compCRC) {
 return SERF_ERROR_DECOMPRESSION_FAILED;
 }
 compLen = getLong((unsigned char*)ctx-hdr_buffer + 4);
-if (ctx-zstream.total_out != compLen) {
+/* The length in the trailer is module 2^32, so do the same for
+   the actual length. */
+actualLen = ctx-zstream.total_out;
+actualLen = 0x;
+if (actualLen != compLen) {
 return SERF_ERROR_DECOMPRESSION_FAILED;
 }
 ctx-state++;
 break;
+}
 case STATE_INIT:
 zRC = inflateInit2(ctx-zstream, ctx-windowSize);
 if (zRC != Z_OK) {
@@ -264,10 +271,14 @@
 ctx-zstream.next_in = (unsigned char*)private_data;
 ctx-zstream.avail_in = private_len;
 }
-zRC = Z_OK;
-while (ctx-zstream.avail_in != 0) {
-/* We're full, clear out our buffer, reset, and return. */
-if (ctx-zstream.avail_out == 0) {
+
+while (1) {
+
+zRC = inflate(ctx-zstream, Z_NO_FLUSH);
+
+/* We're full or zlib requires more space. Either case, clear
+   out our buffer, reset, and return. */
+if (zRC == Z_BUF_ERROR || ctx-zstream.avail_out == 0) {
 serf_bucket_t *tmp;
 ctx-zstream.next_out = ctx-buffer;
 private_len = ctx-bufferSize - ctx-zstream.avail_out;
@@ -283,7 +294,6 @@
 ctx-zstream.avail_out = ctx-bufferSize;
 break;
 }
-zRC = inflate(ctx-zstream, Z_NO_FLUSH);
 
 if (zRC == Z_STREAM_END) {
 serf_bucket_t *tmp;
@@ -330,9 +340,13 @@
 
 break;
 }
+
+/* Any other error? */
 if (zRC != Z_OK) {
 return SERF_ERROR_DECOMPRESSION_FAILED;
 }
+
+/* As long as zRC == Z_OK, just

Bug#771574: unblock (pre-approval): vim/2:7.4.488-3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

As described in #765069[0], there was a recent change in GTK+ 3.14
with regard to icon scaling occurs.  The result being that Vim's icon in
Gnome's Open with... dialog is vastly oversized, resulting in a bad
user experience trying to choose a non-default application to handle a
file.

[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765069#49

The trivial work around I'd like to upload is to install Vim's icons
into /usr/share/icons/hicolor so GTK's icon handling understands that
vim.svg is scalable.

$ debdiff vim_7.4.488-2.dsc vim_7.4.488-3.dsc
dpkg-source: warning: extracting unsigned source package 
(/home/jamessan/src/debian.org/deb-packages/vim/vim_7.4.488-3.dsc)
diffstat for vim-7.4.488 vim-7.4.488

 changelog |7 +++
 vim-gui-common.install.in |3 +++
 2 files changed, 10 insertions(+)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2014-11-14 21:06:33.0 -0500
+++ vim-7.4.488/debian/changelog2014-11-30 15:08:12.0 -0500
@@ -1,3 +1,10 @@
+vim (2:7.4.488-3) unstable; urgency=medium
+
+  * Install icons to /usr/share/icons/hicolor to work around #765069.
+(Closes: #768256)
+
+ -- James McCoy james...@debian.org  Sun, 30 Nov 2014 15:08:09 -0500
+
 vim (2:7.4.488-2) unstable; urgency=medium
 
   * Actually fix the Name in vim.desktop.  (Closes: #769575)
diff -Nru vim-7.4.488/debian/vim-gui-common.install.in 
vim-7.4.488/debian/vim-gui-common.install.in
--- vim-7.4.488/debian/vim-gui-common.install.in2014-10-22 
21:01:13.0 -0400
+++ vim-7.4.488/debian/vim-gui-common.install.in2014-11-30 
14:34:27.0 -0500
@@ -1,6 +1,9 @@
 debian/tmp/usr/bin/gvimtutor   usr/bin/
 debian/gvim.desktopusr/share/applications/
 debian/icons/* usr/share/pixmaps/
+debian/icons/vim.svg   
usr/share/icons/hicolor/scalable/apps/
+debian/icons/vim-16.xpm
usr/share/icons/hicolor/16x16/apps/vim.xpm
+debian/icons/vim-32.xpm
usr/share/icons/hicolor/32x32/apps/vim.xpm
 debian/runtime/gvimrc  etc/vim/
 debian/tmp/usr/share/man/man1/evim.1   usr/share/man/man1/
 debian/lintian/vim-gui-common  
usr/share/lintian/overrides/

unblock vim/2:7.4.488-3

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20141130202242.13280.38527.report...@freya.jamessan.com

Bug#771574: unblock (pre-approval): vim/2:7.4.488-3

[James McCoy]

Control: tags -1 - moreinfo
Control: retitle -1 unblock: vim/2:7.4.488-3

On Sun, Nov 30, 2014 at 09:32:10PM +0100, Niels Thykier wrote:
 On 2014-11-30 21:22, James McCoy wrote:
  Package: release.debian.org
  Severity: normal
  User: release.debian@packages.debian.org
  Usertags: unblock
  
  Please unblock package vim
  
  As described in #765069[0], there was a recent change in GTK+ 3.14
  with regard to icon scaling occurs.  The result being that Vim's icon in
  Gnome's Open with... dialog is vastly oversized, resulting in a bad
  user experience trying to choose a non-default application to handle a
  file.
  
  [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765069#49
  
  The trivial work around I'd like to upload is to install Vim's icons
  into /usr/share/icons/hicolor so GTK's icon handling understands that
  vim.svg is scalable.
  
  [...]
  
  unblock vim/2:7.4.488-3
  
  [...]
 
 Approved provided it is uploaded to unstable prior to the 5th of
 December.  Please remove the moreinfo once it as been accepted in sid.

Uploaded and accepted.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#769984: unblock: serf/1.3.7-3

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package serf

As per an Ubuntu bug[0] libserf-dev's serf-1.pc has incorrect paths for
includedir/libdir and therefore reports bad information out of
pkg-config.  This didn't happen to have a direct effect in Debian since
the subversion build (its only reverse dependency) gets proper paths by
other means, but as it can break user builds I'd like to get the fix
unblocked.

[0]: https://bugs.launchpad.net/ubuntu/+source/serf/+bug/1388271

$ debdiff serf_1.3.7-2.dsc serf_1.3.7-3.dsc
diffstat for serf_1.3.7-2 serf_1.3.7-3

 changelog |7 +++
 rules |2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff -u serf-1.3.7/debian/changelog serf-1.3.7/debian/changelog
--- serf-1.3.7/debian/changelog
+++ serf-1.3.7/debian/changelog
@@ -1,3 +1,10 @@
+serf (1.3.7-3) unstable; urgency=medium
+
+  * Specify the proper prefix/libdir when building libserf-1.pc.
+(Closes: LP: #1388271)
+
+ -- James McCoy james...@debian.org  Mon, 17 Nov 2014 21:12:38 -0500
+
 serf (1.3.7-2) unstable; urgency=medium
 
   * debian/control:
diff -u serf-1.3.7/debian/rules serf-1.3.7/debian/rules
--- serf-1.3.7/debian/rules
+++ serf-1.3.7/debian/rules
@@ -25,7 +25,7 @@
 debian/stamp-build: patch
dh_testdir
 
-   scons $(parallel) GSSAPI=/usr CFLAGS=$(CFLAGS) CPPFLAGS=$(CPPFLAGS) 
LINKFLAGS=$(LDFLAGS)
+   scons $(parallel) GSSAPI=/usr CFLAGS=$(CFLAGS) CPPFLAGS=$(CPPFLAGS) 
LINKFLAGS=$(LDFLAGS) PREFIX=/usr LIBDIR=$(libdir)
 ifeq (, $(filter nocheck,$(DEB_BUILD_OPTIONS)))
scons check
 endif

$ diff -u libserf-dev_1.3.7-{2,3}/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc
--- libserf-dev_1.3.7-2/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc
2014-11-09 14:13:12.0 -0500
+++ libserf-dev_1.3.7-3/usr/lib/x86_64-linux-gnu/pkgconfig/serf-1.pc
2014-11-17 20:18:46.0 -0500
@@ -1,7 +1,7 @@
 SERF_MAJOR_VERSION=1
-prefix=/usr/local
+prefix=/usr
 exec_prefix=${prefix}
-libdir=/usr/local/lib
+libdir=/usr/lib/x86_64-linux-gnu
 includedir=${prefix}/include/serf-1
 
 Name: serf

unblock serf/1.3.7-3

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20141118041613.7668.39330.report...@freya.jamessan.com

Bug#769713: unblock: vim/2:7.4.488-2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

There was a disagreement between Mercurial and I, which left my intended
typo fix in /usr/share/applications/vim.desktop out of 2:7.4.488-1.  I'd
like to get this into Jessie since there are two GVim entries in the
menu instead of Vim and GVim entries otherwise.

diffstat for vim-7.4.488 vim-7.4.488

 changelog   |6 ++
 vim.desktop |2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff -Nru vim-7.4.488/debian/changelog vim-7.4.488/debian/changelog
--- vim-7.4.488/debian/changelog2014-10-22 21:08:01.0 -0400
+++ vim-7.4.488/debian/changelog2014-11-14 21:06:33.0 -0500
@@ -1,3 +1,9 @@
+vim (2:7.4.488-2) unstable; urgency=medium
+
+  * Actually fix the Name in vim.desktop.  (Closes: #769575)
+
+ -- James McCoy james...@debian.org  Fri, 14 Nov 2014 21:06:27 -0500
+
 vim (2:7.4.488-1) unstable; urgency=medium
 
   * Merge upstream tag v7-4-488
diff -Nru vim-7.4.488/debian/vim.desktop vim-7.4.488/debian/vim.desktop
--- vim-7.4.488/debian/vim.desktop  2014-10-22 21:04:51.0 -0400
+++ vim-7.4.488/debian/vim.desktop  2014-11-14 21:05:01.0 -0500
@@ -1,5 +1,5 @@
 [Desktop Entry]
-Name=GVim
+Name=Vim
 GenericName=Text Editor
 GenericName[de]=Texteditor
 Comment=Edit text files

unblock vim/2:7.4.488-2

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20141115192146.17202.4464.report...@freya.jamessan.com

Bug#758265: nmu: apache2_2.4.10-1

[James McCoy]

On Mon, Aug 18, 2014 at 12:52:55AM +0200, Emilio Pozuelo Monfort wrote:
 On 17/08/14 22:06, Emilio Pozuelo Monfort wrote:
  On 16/08/14 02:55, James McCoy wrote:
  “apxs2 -q CC” currently reports i486-linux-gnu-gcc on i386, but binutils
  no longer ships that.  This is causing the rebuild of subversion for
  Perl 5.20 to fail on i386.
  
  Thanks for the analysis. apache2 binNMUed, and subversion given back with a
  dep-wait on apache.
 
 And the binNMU failed.

Sorry.  It seems that there's a similar issue with apr affecting
apache2's build.  So it looks like apr needs to be rebuilt first, then
apache2, then subversion.

nmu apr_1.5.1-2 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu
nmu apache2_1.5.1-2 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu
dw apache2_2.4.10-1 . i386 . -m 'apr (= 1.5.1-2+b1)'
dw subversion_1.8.10-1 . i386 . -m 'apache2-dev (= 2.4.10-1+b1)'

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140818032138.ga1...@freya.jamessan.com

Bug#758265: nmu: apache2_2.4.10-1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu apache2_2.4.10-1 . i386 . -m Rebuild for new arch triplet, i586-linux-gnu

apache2-dev provides the apxs/apxs2 binaries which packages building
Apache modules can use to determine what tools were used to build
Apache.

“apxs2 -q CC” currently reports i486-linux-gnu-gcc on i386, but binutils
no longer ships that.  This is causing the rebuild of subversion for
Perl 5.20 to fail on i386.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140816005512.1931.17803.report...@freya.jamessan.com

Re: ITM: performance and refactor patches for Britney

[James McCoy]

Small nits on commit messages follow.

On Sun, Jul 27, 2014 at 09:45:07PM +0200, Niels Thykier wrote:
 From 7161a3eff24d2a073911c3d132df623ba499c927 Mon Sep 17 00:00:00 2001
 From: Niels Thykier ni...@thykier.net
 Date: Sun, 27 Jul 2014 16:56:37 +0200
 Subject: [PATCH 02/11] britney.py: Handle version-ranged dependencies a bit
  smarter
 
 Avoid creating two dependency clauses for dependencies emulating a
 version range a la:
 
   Depends: pkg-a (= 2), pkg-a ( 3~)
 
 Previously this would create two clauses a la:
 
  - (pkg-a, 2, arch), (pkg-a, 3, arch)
  - (pkg-a, 1, arch), (pkg-a, 2, arch)
 
 However, it is plain to see that only (pkg-a, 2, arch) is a valid
 solution and the other options are just noise.  This patch makes
 Britney merge these two claues into a single clause containing exactly
 (pkg-a, 1, arch).

I think you mean (pkg-a, 2, arch) here, right?

 From 922d3fc01cbee8417ec7bad5bb566ad7e1709819 Mon Sep 17 00:00:00 2001
 From: Niels Thykier ni...@thykier.net
 Date: Sat, 19 Jul 2014 20:05:23 +0200
 Subject: [PATCH 06/11] installability: Exploit equvialency to reduce choices
 
 For some cases, like aspell-dictionary, a number of packages can
 satisfy the dependency (e.g. all aspell-*).  In the particular
 example, most (all?) of the aspell-* look so similar to the extend

extent not extend.

 From 8e9e26245141e47ae229c886c4c48a805428764a Mon Sep 17 00:00:00 2001
 From: Niels Thykier ni...@thykier.net
 Date: Thu, 24 Jul 2014 23:52:50 +0200
 Subject: [PATCH 09/11] britney.py: Refactor doop_source
 
 Rename local variables and avoid repeated chained lookups.  In
 particular, avoid confusing cases like:
 
[...]
  version = binaries[parch][0][binary][VERSION]
 
[...]
binaries[parch][0][binary] = self.binaries[item.suite][parch][0][binary]
version = binaries[parch][0][binary][VERSION]
 
 Where version here will refer to two different versions.  The former
 the version from testing of a hijacked binary and the latter the
 version from the source suite (despite the look up using the testing
 table, due to the testing copy being updated).
 
 Notable renamings:
  * binaries = packages_t (a.k.a. self.binaries['testing'])
  * binaries[parch][0] = binaries_t_a
  * binaries[parch][1] = provides_t_a
  * Similar naming used for item.suite instead of testing
 
 The naming is based on the following logic:
  * self.binaries from packages files
(by this logic, it ought to be self.packages, but thats for

Missing apostrophe in that's.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140729035530.gc18...@freya.jamessan.com

Re: Bug#739611: ruby1.9.1-rm transition: binNMU request

[James McCoy]

On Wed, Apr 09, 2014 at 03:14:56AM +0200, Christian Hofstaedtler wrote:
 Dear Release-Team,
 
 In addition to my previous list, please binNMU the following
 packages to remove the (lib)ruby1.9.1 dependencies:
 
 vim

I'm preparing a sourceful upload for this right now for other reasons,
so a binNMU shouldn't be necessary.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140409014441.gl2...@jamessan.com

Bug#740302: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u5

[James McCoy]

On Thu, Feb 27, 2014 at 09:52:17PM -0500, James McCoy wrote:
 I would like to upload subversion for the next Wheezy point release to
 address the following issues.
 
* Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
  with SVNListParentPath on  (Closes: #737815)
* rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes:
  #711911)

Ping?

 diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5
 
  debian/patches/CVE-2014-0032|   39 
 
  subversion-1.6.17dfsg/debian/changelog  |9 ++
  subversion-1.6.17dfsg/debian/patches/series |1 
  subversion-1.6.17dfsg/debian/rules  |3 +-
  4 files changed, 51 insertions(+), 1 deletion(-)
 
 diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules
 --- subversion-1.6.17dfsg/debian/rules
 +++ subversion-1.6.17dfsg/debian/rules
 @@ -346,13 +346,14 @@
   cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \
   $(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \
   done
 - cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a 
 libsvnjavahl.la
 + cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a 
 libsvnjavahl-1.la
   # Intermediate hack, until we can remove the rest of the .la files.
   sed -i  /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la
   dh_install -s
  ifdef DEB_OPT_WITH_JAVAHL
   mkdir -p debian/libsvn-java/$(libdir)
   mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/
 + $(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so
  endif
   ln -s libsvn_ra_neon-1.so.1 
 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1
  
 diff -u subversion-1.6.17dfsg/debian/changelog 
 subversion-1.6.17dfsg/debian/changelog
 --- subversion-1.6.17dfsg/debian/changelog
 +++ subversion-1.6.17dfsg/debian/changelog
 @@ -1,3 +1,12 @@
 +subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=medium
 +
 +  * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
 +with SVNListParentPath on  (Closes: #737815)
 +  * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes:
 +#711911)
 +
 + -- James McCoy james...@debian.org  Wed, 26 Feb 2014 21:19:57 -0500
 +
  subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low
  
* Non-maintainer upload.
 diff -u subversion-1.6.17dfsg/debian/patches/series 
 subversion-1.6.17dfsg/debian/patches/series
 --- subversion-1.6.17dfsg/debian/patches/series
 +++ subversion-1.6.17dfsg/debian/patches/series
 @@ -42,0 +43 @@
 +CVE-2014-0032
 only in patch2:
 unchanged:
 --- subversion-1.6.17dfsg.orig/debian/patches/CVE-2014-0032
 +++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
 @@ -0,0 +1,39 @@
 +Author: Ben Reser bre...@apache.org
 +Subject: Disallow methods other than GET/HEAD for the parentpath list.
 +
 +Fixes the segfault for `svn ls http://svn.example.com` when SVN is handling
 +the server root and SVNListParentPath is on.
 +
 +Origin: upstream, backported from commit:r1557320
 +Bug-CVE: http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
 +Bug-Debian: http://bugs.debian.org/737815
 +Last-Update: 2014-02-26
 +
 +--- a/subversion/mod_dav_svn/repos.c
  b/subversion/mod_dav_svn/repos.c
 +@@ -1672,6 +1672,25 @@
 + 
 +   if (strcmp(parentpath, uri) == 0)
 + {
 ++  /* Only allow GET and HEAD on the parentpath resource
 ++   * httpd uses the same method_number for HEAD as GET */
 ++  if (r-method_number != M_GET)
 ++{
 ++  int status;
 ++
 ++  /* Marshal the error back to the client by generating by
 ++   * way of the dav_svn__error_response_tag trick. */
 ++  err = dav_svn__new_error(r-pool, HTTP_METHOD_NOT_ALLOWED,
 ++   SVN_ERR_APMOD_MALFORMED_URI,
 ++   The URI does not contain the name 
 ++   of a repository.);
 ++  /* can't use r-allowed since the default handler isn't 
 called */
 ++  apr_table_setn(r-headers_out, Allow, GET,HEAD);
 ++  status = dav_svn__error_response_tag(r, err);
 ++
 ++  return dav_push_error(r-pool, status, err-error_id, NULL, 
 err);
 ++}
 ++
 +   err = get_parentpath_resource(r, root_path, resource);
 +   if (err)
 + return err;


-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#740302: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u5

[James McCoy]

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

I would like to upload subversion for the next Wheezy point release to
address the following issues.

   * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
 with SVNListParentPath on  (Closes: #737815)
   * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes:
 #711911)

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5

 debian/patches/CVE-2014-0032|   39 
 subversion-1.6.17dfsg/debian/changelog  |9 ++
 subversion-1.6.17dfsg/debian/patches/series |1 
 subversion-1.6.17dfsg/debian/rules  |3 +-
 4 files changed, 51 insertions(+), 1 deletion(-)

diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules
--- subversion-1.6.17dfsg/debian/rules
+++ subversion-1.6.17dfsg/debian/rules
@@ -346,13 +346,14 @@
 	cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \
 	$(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \
 	done
-	cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a libsvnjavahl.la
+	cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a libsvnjavahl-1.la
 	# Intermediate hack, until we can remove the rest of the .la files.
 	sed -i  /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la
 	dh_install -s
 ifdef DEB_OPT_WITH_JAVAHL
 	mkdir -p debian/libsvn-java/$(libdir)
 	mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/
+	$(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so
 endif
 	ln -s libsvn_ra_neon-1.so.1 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1
 
diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog
--- subversion-1.6.17dfsg/debian/changelog
+++ subversion-1.6.17dfsg/debian/changelog
@@ -1,3 +1,12 @@
+subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=medium
+
+  * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
+with SVNListParentPath on  (Closes: #737815)
+  * rules: Fix removal of libsvnjavahl-1.a/.la/.so from libsvn-dev (Closes:
+#711911)
+
+ -- James McCoy james...@debian.org  Wed, 26 Feb 2014 21:19:57 -0500
+
 subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low
 
   * Non-maintainer upload.
diff -u subversion-1.6.17dfsg/debian/patches/series subversion-1.6.17dfsg/debian/patches/series
--- subversion-1.6.17dfsg/debian/patches/series
+++ subversion-1.6.17dfsg/debian/patches/series
@@ -42,0 +43 @@
+CVE-2014-0032
only in patch2:
unchanged:
--- subversion-1.6.17dfsg.orig/debian/patches/CVE-2014-0032
+++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
@@ -0,0 +1,39 @@
+Author: Ben Reser bre...@apache.org
+Subject: Disallow methods other than GET/HEAD for the parentpath list.
+
+Fixes the segfault for `svn ls http://svn.example.com` when SVN is handling
+the server root and SVNListParentPath is on.
+
+Origin: upstream, backported from commit:r1557320
+Bug-CVE: http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
+Bug-Debian: http://bugs.debian.org/737815
+Last-Update: 2014-02-26
+
+--- a/subversion/mod_dav_svn/repos.c
 b/subversion/mod_dav_svn/repos.c
+@@ -1672,6 +1672,25 @@
+ 
+   if (strcmp(parentpath, uri) == 0)
+ {
++  /* Only allow GET and HEAD on the parentpath resource
++   * httpd uses the same method_number for HEAD as GET */
++  if (r-method_number != M_GET)
++{
++  int status;
++
++  /* Marshal the error back to the client by generating by
++   * way of the dav_svn__error_response_tag trick. */
++  err = dav_svn__new_error(r-pool, HTTP_METHOD_NOT_ALLOWED,
++   SVN_ERR_APMOD_MALFORMED_URI,
++   The URI does not contain the name 
++   of a repository.);
++  /* can't use r-allowed since the default handler isn't called */
++  apr_table_setn(r-headers_out, Allow, GET,HEAD);
++  status = dav_svn__error_response_tag(r, err);
++
++  return dav_push_error(r-pool, status, err-error_id, NULL, err);
++}
++
+   err = get_parentpath_resource(r, root_path, resource);
+   if (err)
+ return err;

Bug#739416: transition: ruby1.8 removal

[James McCoy]

On Tue, Feb 18, 2014 at 08:29:35PM +0100, Julien Cristau wrote:
 Removing subversion doesn't seem reasonable.  The sid version might be
 fixed (I haven't checked), but it FTBFS.  So that'll need to be taken
 care of first.

One of the FTBFS appears to be a transient issue.  A gb would likely fix
it, but the others are related to #735446.  Upstream's next release (due
this week) fix that.  I've been monitoring the release process, so I
should be able to get it uploaded to Debian ASAP once it's officially
released.

The only potential complication would be if the libdb5.1-dev package
disappears in the mean time as Ondřej intends[0].  I haven't finished the
bdb 5.3 work as I wanted to touch base with Peter on it.

0: 139230.17282.82981781.6e443...@webmail.messagingengine.com

If needed, I could look at backporting the upstream commits to fix the
FTBFS, but I'd prefer to put that effort into ensuring I can get the
next 1.8.x uploaded when it's out.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#734672: pu: package subversion/1.6.17dfsg-4+deb7u5

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu

Subversion's transition to the non-versioned ruby-svn package didn't
make it into Wheezy.  Since ruby1.8 is planning on being removed for
Jessie, the libsvn-ruby1.8 → ruby-svn transition should be backported to
Wheezy so there's an upgrade path to what will be Jessie's ruby-svn
(built with something other than ruby1.8) package.

In addition, libsvn-dev contains a broken /usr/lib/$arch/libsvnjavahl-1.so
symlink (#711911) which is trivial to fix.

The attached debdiff contains both of these changes.  Does this seem
reasonable?

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diffstat for subversion_1.6.17dfsg-4+deb7u4 subversion_1.6.17dfsg-4+deb7u5

 debian/libsvn-ruby1.8.install   |2 --
 debian/libsvn-ruby1.8.links |1 +
 debian/libsvn-ruby1.8.lintian-overrides |2 --
 debian/libsvn-ruby1.8.postinst  |   12 
 debian/ruby-svn.install |2 ++
 debian/ruby-svn.lintian-overrides   |2 ++
 subversion-1.6.17dfsg/debian/changelog  |9 +
 subversion-1.6.17dfsg/debian/control|   13 -
 subversion-1.6.17dfsg/debian/rules  |5 +++--
 9 files changed, 37 insertions(+), 11 deletions(-)

diff -u subversion-1.6.17dfsg/debian/control subversion-1.6.17dfsg/debian/control
--- subversion-1.6.17dfsg/debian/control
+++ subversion-1.6.17dfsg/debian/control
@@ -100,7 +100,7 @@
 Recommends: python-subversion (= 1.5), libsvn-perl (= 1.5),
 libconfig-inifiles-perl, liburi-perl,
 exim4 | mail-transport-agent, xsltproc, rsync
-Suggests: libsvn-ruby1.8
+Suggests: ruby-svn
 Description: Assorted tools related to Subversion
  This package includes miscellaneous tools for use with Subversion
  clients and servers:
@@ -144,22 +144,25 @@
  manipulates a Subversion repository or working copy.  See the
  'subversion' package for more information.
 
-Package: libsvn-ruby1.8
+Package: ruby-svn
 Section: ruby
 Architecture: any
 Multi-Arch: same
 Pre-Depends: multiarch-support
+Breaks: libsvn-ruby1.8 ( 1.6.17dfsg-4+deb7u5)
 Depends: ruby1.8, ${shlibs:Depends}, ${misc:Depends}
+Replaces: libsvn-ruby1.8 ( 1.6.17dfsg-4+deb7u5)
 Description: Ruby bindings for Subversion
  This is a set of Ruby interfaces to libsvn, the Subversion libraries.
  It is useful if you want to, for example, write a Ruby script that
  manipulates a Subversion repository or working copy.  See the
  'subversion' package for more information.
 
-Package: libsvn-ruby
-Section: ruby
+Package: libsvn-ruby1.8
+Section: oldlibs
+Priority: extra
 Architecture: all
-Depends: libsvn-ruby1.8, ${misc:Depends}
+Depends: ruby-svn, ${misc:Depends}
 Description: Ruby bindings for Subversion (dummy package)
  This is a dummy package to install the Subversion library bindings for
  the default version of Ruby.
reverted:
--- subversion-1.6.17dfsg/debian/libsvn-ruby1.8.lintian-overrides
+++ subversion-1.6.17dfsg.orig/debian/libsvn-ruby1.8.lintian-overrides
@@ -1,2 +0,0 @@
-# nobody but us will ever link to this, so we don't ship a shlibs file
-no-shlibs-control-file usr/lib/*/libsvn_swig_ruby-1.so.*
diff -u subversion-1.6.17dfsg/debian/rules subversion-1.6.17dfsg/debian/rules
--- subversion-1.6.17dfsg/debian/rules
+++ subversion-1.6.17dfsg/debian/rules
@@ -118,7 +118,7 @@
   rb_defs := SWIG_RB_SITE_LIB_DIR=$(shell $(RUBY) -rrbconfig -e print RbConfig::CONFIG['vendordir'])
   rb_defs += SWIG_RB_SITE_ARCH_DIR=$(shell $(RUBY) -rrbconfig -e print RbConfig::CONFIG['vendorarchdir'])
 else
-  DH_OPTIONS += -Nlibsvn-ruby -Nlibsvn-$(RUBY)
+  DH_OPTIONS += -Nruby-svn -Nlibsvn-$(RUBY)
   RUBY := fooby
 endif
 
@@ -346,13 +346,14 @@
 	cd debian/tmp/$(libdir); for lib in ra fs auth swig; do \
 	$(RM) libsvn_$${lib}_*.so libsvn_$${lib}_*.la; \
 	done
-	cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl.a libsvnjavahl.la
+	cd debian/tmp/$(libdir); $(RM) libsvn_swig*.a libsvnjavahl-1.a libsvnjavahl-1.la
 	# Intermediate hack, until we can remove the rest of the .la files.
 	sed -i  /dependency_libs/s/=.*/=''/ debian/tmp/$(libdir)/*.la
 	dh_install -s
 ifdef DEB_OPT_WITH_JAVAHL
 	mkdir -p debian/libsvn-java/$(libdir)
 	mv debian/libsvn-java/usr/lib/jni debian/libsvn-java/$(libdir)/
+	$(RM) debian/libsvn-dev/$(libdir)/libsvnjavahl-1.so
 endif
 	ln -s libsvn_ra_neon-1.so.1 debian/libsvn1/$(libdir)/libsvn_ra_dav-1.so.1
 
reverted:
--- subversion-1.6.17dfsg/debian/libsvn-ruby1.8.install
+++ subversion-1.6.17dfsg.orig/debian/libsvn-ruby1.8.install
@@ -1,2 +0,0 @@
-debian/tmp/usr/lib/*/libsvn_swig_ruby*.so.*
-debian/tmp/usr/lib/ruby
diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog
--- subversion-1.6.17dfsg/debian/changelog
+++ subversion-1.6.17dfsg/debian/changelog
@@ -1,3 +1,12 @@
+subversion (1.6.17dfsg-4+deb7u5) UNRELEASED; urgency=low
+
+  * rules: Fix removal of libsvnjavahl-1.a/.la/.so from

Bug#733904: nmu: subversion_1.7.14-1

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu subversion_1.7.14-1 . ALL . -m Rebuild against libserf-1-1

Subversion is currently intertwined in the libunwind transition, but
once it's appropriate, it should be rebuilt against the new serf
ABI.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20140101234221.31563.7784.report...@cerberus.jamessan.com

Bug#725172: pu: package subversion/1.6.17dfsg-4+deb7u4

[James McCoy]

Control: reopen -1 !

Thanks for pushing this forward, Cyril.  Sorry for not communicating my
intent to make a pu or acting on it sooner.

On Wed, Oct 02, 2013 at 12:17:24PM +0200, Cyril Brulebois wrote:
 Only impacted file is subversion/bindings/swig/core.i, fix is different
 from upstream's (which isn't in the version in unstable anyway),

Upstream's fix is in unstable, although the incorrect “fix” uploaded in
1.7.9+nmu1/1.6.17dfsg-4+deb7u2 is there as well.

Updated pu has upstream's backported fix and removes the other attempted
fix.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog
--- subversion-1.6.17dfsg/debian/changelog
+++ subversion-1.6.17dfsg/debian/changelog
@@ -1,3 +1,12 @@
+subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low
+
+  * Non-maintainer upload.
+  * patches/python-swig205: Backport upstream patch to fix Python bindings
+when built against swig 2.0.5+.  (Closes: #683188)
+  * Remove patches/chunksize-integer.patch
+
+ -- James McCoy james...@debian.org  Wed, 02 Oct 2013 21:40:37 -0400
+
 subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -u subversion-1.6.17dfsg/debian/patches/series subversion-1.6.17dfsg/debian/patches/series
--- subversion-1.6.17dfsg/debian/patches/series
+++ subversion-1.6.17dfsg/debian/patches/series
@@ -37,6 +37,6 @@
-chunksize-integer.patch
 cve-2013-1845
 cve-2013-1846
 cve-2013-1849
 CVE-2013-1968.patch
 CVE-2013-2112.patch
+python-swig205
reverted:
--- subversion-1.6.17dfsg/debian/patches/chunksize-integer.patch
+++ subversion-1.6.17dfsg.orig/debian/patches/chunksize-integer.patch
@@ -1,17 +0,0 @@
-Author: W. Martin Borgert deba...@debian.org
-
-Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683188#78
-Bug-Debian: http://bugs.debian.org/683188
-Forwarded: not-needed
-Last-Update: 2016-04-16
 subversion-1.7.9.orig/subversion/bindings/swig/python/svn/core.py
-+++ subversion-1.7.9/subversion/bindings/swig/python/svn/core.py
-@@ -145,7 +145,7 @@
-   # read the rest of the stream
-   chunks = [ ]
-   while 1:
--data = svn_stream_read(self._stream, SVN_STREAM_CHUNK_SIZE)
-+data = svn_stream_read(self._stream, int(SVN_STREAM_CHUNK_SIZE))
- if not data:
-   break
- chunks.append(data)
only in patch2:
unchanged:
--- subversion-1.6.17dfsg.orig/debian/patches/python-swig205
+++ subversion-1.6.17dfsg/debian/patches/python-swig205
@@ -0,0 +1,28 @@
+Fix python bindings for swig 2.0.5.  Upstream r1351117.
+Somehow swig 2.0.5 produces a long integer instead of an integer in this
+situation - I'm not entirely clear on specifics.  But tolerate both as
+inputs to svn_stream_read().
+
+
+--- a/subversion/bindings/swig/core.i
 b/subversion/bindings/swig/core.i
+@@ -337,12 +337,17 @@
+ */
+ #ifdef SWIGPYTHON
+ %typemap(in) (char *buffer, apr_size_t *len) ($*2_type temp) {
+-if (!PyInt_Check($input)) {
++if (PyLong_Check($input)) {
++temp = PyLong_AsLong($input);
++}
++else if (PyInt_Check($input)) {
++temp = PyInt_AsLong($input);
++}
++else {
+ PyErr_SetString(PyExc_TypeError,
+ expecting an integer for the buffer size);
+ SWIG_fail;
+ }
+-temp = PyInt_AsLong($input);
+ if (temp  0) {
+ PyErr_SetString(PyExc_ValueError,
+ buffer size must be a positive integer);


signature.asc
Description: Digital signature

Bug#703132: nmu: python2.7_2.7.3-16

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu python2.7_2.7.3-16 . amd64 . -m Rebuild in a clean chroot to drop Depends 
on experimental's libc6

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.8-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130316011157.26062.24754.report...@cerberus.jamessan.com

Bug#700254: unblock: vim/2:7.3.547-7

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim

vim-lesstif became a transitional package during the Wheezy cycle and
didn't properly handle converting /usr/share/doc/vim-lesstif from a
symlink to a directory.  The 2:7.3.547-7 upload, as shown in the debdiff
below, fixes this.

unblock vim/2:7.3.547-7

Cheers,
James

diffstat for vim-7.3.547 vim-7.3.547

 changelog   |8 
 control |2 +-
 vim-lesstif.preinst |   10 ++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff -Nru vim-7.3.547/debian/changelog vim-7.3.547/debian/changelog
--- vim-7.3.547/debian/changelog2012-11-22 09:37:54.0 -0500
+++ vim-7.3.547/debian/changelog2013-02-09 18:44:01.0 -0500
@@ -1,3 +1,11 @@
+vim (2:7.3.547-7) unstable; urgency=low
+
+  * Add vim-lesstif.preinst to handle transitioning /usr/share/doc/vim-lesstif
+from a symlink to a directory.  (Closes: #700069)
+  * Add clarification to short description of vim-nox.  (Closes: #699780)
+
+ -- James McCoy james...@debian.org  Sat, 09 Feb 2013 18:43:57 -0500
+
 vim (2:7.3.547-6) unstable; urgency=low
 
   * Always enable ACL support.  (Closes: #693462)
diff -Nru vim-7.3.547/debian/control vim-7.3.547/debian/control
--- vim-7.3.547/debian/control  2012-09-15 23:15:05.0 -0400
+++ vim-7.3.547/debian/control  2013-02-09 17:20:28.0 -0500
@@ -170,7 +170,7 @@
 Depends: vim-common (= ${binary:Version}), vim-runtime (= ${source:Version}), 
${misc:Depends}, ${shlibs:Depends}
 Suggests: cscope, vim-doc
 Provides: vim, editor, vim-perl, vim-python, vim-ruby, vim-tcl, vim-lua
-Description: Vi IMproved - enhanced vi editor
+Description: Vi IMproved - enhanced vi editor - with scripting languages 
support
  Vim is an almost compatible version of the UNIX editor Vi.
  .
  Many new features have been added: multi level undo, syntax
diff -Nru vim-7.3.547/debian/vim-lesstif.preinst 
vim-7.3.547/debian/vim-lesstif.preinst
--- vim-7.3.547/debian/vim-lesstif.preinst  1969-12-31 19:00:00.0 
-0500
+++ vim-7.3.547/debian/vim-lesstif.preinst  2013-02-09 17:13:08.0 
-0500
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if [ -L /usr/share/doc/vim-lesstif ]; then
+rm -f /usr/share/doc/vim-lesstif
+fi
+
+#DEBHELPER#
+
+exit 0

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130210165014.28211.1229.report...@cerberus.jamessan.com

Bug#690163: unblock: smlnj/110.74-2

[James McCoy]

On Wed, Oct 10, 2012 at 12:30:15PM -0400, James McCoy wrote:
 Please unblock package smlnj
 
 I've updated the packaging to address #689123 (configuration file in
 /usr (policy 10.7.2): /usr/lib/smlnj/lib/pathconfig) by generating
 /usr/lib/smlnj/pathconfig via triggers.  Debdiff attached.
 
 unblock smlnj/110.74-2

Anyone had a chance to look into this?

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#690163: unblock: smlnj/110.74-2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package smlnj

I've updated the packaging to address #689123 (configuration file in
/usr (policy 10.7.2): /usr/lib/smlnj/lib/pathconfig) by generating
/usr/lib/smlnj/pathconfig via triggers.  Debdiff attached.

unblock smlnj/110.74-2

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diffstat for smlnj_110.74-1 smlnj_110.74-2

 debian/deregister  |   12 
 debian/pkg-deregister  |   17 -
 debian/pkg-register|   17 -
 debian/postinst.in |7 ---
 debian/prerm.in|7 ---
 debian/register|   15 ---
 debian/smlnj-runtime.prerm |7 ---
 debian/smlnj-runtime.triggers  |1 +
 smlnj-110.74/debian/changelog  |   15 +++
 smlnj-110.74/debian/control|7 +++
 smlnj-110.74/debian/rules  |   26 ++
 smlnj-110.74/debian/smlnj-runtime.install  |2 +-
 smlnj-110.74/debian/smlnj-runtime.postinst |   21 +
 13 files changed, 47 insertions(+), 107 deletions(-)

reverted:
--- smlnj-110.74/debian/pkg-deregister
+++ smlnj-110.74.orig/debian/pkg-deregister
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -e
-
-SMLNJ_HOME=/usr/lib/smlnj
-
-list=/var/lib/dpkg/info/$1.list
-
-for l in $(grep $SMLNJ_HOME/lib/[^.][^/]*$ $list) ; do
-base=$(basename $l)
-$SMLNJ_HOME/bin/deregister $base
-done
-
-for b in $(grep $SMLNJ_HOME/bin/[^.][^/]*$ $list) ; do
-base=$(basename $b)
-$SMLNJ_HOME/bin/deregister $base
-done
diff -u smlnj-110.74/debian/smlnj-runtime.install 
smlnj-110.74/debian/smlnj-runtime.install
--- smlnj-110.74/debian/smlnj-runtime.install
+++ smlnj-110.74/debian/smlnj-runtime.install
@@ -1 +1 @@
-bin/.arch-n-opsys bin/.link-sml bin/.run-sml bin/.run debscripts/* 
usr/lib/smlnj/bin
+bin/.arch-n-opsys bin/.link-sml bin/.run-sml bin/.run usr/lib/smlnj/bin
reverted:
--- smlnj-110.74/debian/prerm.in
+++ smlnj-110.74.orig/debian/prerm.in
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -e
-
-@SMLNJ_HOME@/bin/pkg-deregister @PKG@
-
-#DEBHELPER#
diff -u smlnj-110.74/debian/control smlnj-110.74/debian/control
--- smlnj-110.74/debian/control
+++ smlnj-110.74/debian/control
@@ -40,6 +40,13 @@
 Package: smlnj-runtime
 Architecture: i386 amd64 powerpc
 Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: libckit-smlnj ( 110.74-2~), libcml-smlnj ( 110.74-2~),
+ libcmlutil-smlnj ( 110.74-2~), libexene-smlnj ( 110.74-2~),
+ libmlnlffi-smlnj ( 110.74-2~), libmlrisctools-smlnj ( 110.74-2~),
+ libpgraphutil-smlnj ( 110.74-2~), libsmlnj-smlnj ( 110.74-2~),
+ ml-burg ( 110.74-2~), ml-lex ( 110.74-2~), ml-lpt ( 110.74-2~),
+ ml-nlffigen ( 110.74-2~), ml-yacc ( 110.74-2~), nowhere ( 110.74-2~),
+ smlnj ( 110.74-2~)
 Description: Standard ML of New Jersey runtime system
  SML/NJ is an implementation of the Standard ML programming language.
  This package includes the runtime system only -- it provides garbage
reverted:
--- smlnj-110.74/debian/register
+++ smlnj-110.74.orig/debian/register
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ $# -ne 2 ] ; then
-echo usage: register name target
-exit 1
-fi
-
-name=$1
-target=$2
-
-/usr/lib/smlnj/bin/deregister $name
-
-echo $name $target  /usr/lib/smlnj/lib/pathconfig
diff -u smlnj-110.74/debian/rules smlnj-110.74/debian/rules
--- smlnj-110.74/debian/rules
+++ smlnj-110.74/debian/rules
@@ -20,15 +20,11 @@
 
 VERSION=$(shell cat $(CONFIGDIR)/version)
 
-debscripts:=$(addprefix debian/,deregister mkorig pkg-deregister pkg-register 
register)
-
 srcdirs:=$(basename $(wildcard *tgz))
 basedirs:=$(basename $(notdir $(wildcard base/*tgz)))
 
 notlibs:=smlnj-runtime smlnj-doc
 libpkgs:=$(filter-out $(notlibs),$(shell dh_listpackages))
-postinsts:=$(addsuffix .postinst,$(addprefix debian/,$(libpkgs)))
-prerms:=$(addsuffix .prerm,$(addprefix debian/,$(libpkgs)))
 
 vars.sed:
echo s,@SHELL@,$(SHELL),g  vars.sed
@@ -68,14 +64,6 @@
  chmod 555 wrapper/$$c; \
done
 
-debian/%.postinst: debian/postinst.in vars.sed
-   cat $ | sed -f vars.sed -e s/@PKG@/$*/  $@
-
-debian/%.prerm: debian/prerm.in vars.sed
-   cat $ | sed -f vars.sed -e s/@PKG@/$*/  $@
-
-instscripts: $(postinsts) $(prerms)
-
 unpack-source: unpack-source-stamp
 unpack-source-stamp:
cd base  for t in $(basedirs); do tar zxf $$t.tgz; done
@@ -87,9 +75,6 @@
 
 build-arch: build-arch-stamp
 build-arch-stamp: unpack-source-stamp
-   mkdir -p debscripts
-   install -m 555 $(debscripts) debscripts
-   
cat debian/patches/* | patch -N -p1 1/dev/null || true
cp config/targets config/targets.orig
cp debian/targets config/targets
@@ -115,12 +100,11 @@
rm -f *-stamp

rm

Bug#690195: unblock: vim-scripts/20121007

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vim-scripts

This upload adds support for svn 1.7 to the vcscommand plugin and
xz-compressed debs to debPlugin.  Both patches are pretty minimal.
Debdiff attached.

unblock vim-scripts/20121007

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diff -Naur vim-scripts-20110813/debian/changelog 
vim-scripts-20121007/debian/changelog
--- vim-scripts-20110813/debian/changelog   2011-08-13 23:11:50.0 
-0400
+++ vim-scripts-20121007/debian/changelog   2012-10-07 11:16:17.0 
-0400
@@ -1,3 +1,13 @@
+vim-scripts (20121007) unstable; urgency=low
+
+  * Update Vcs-* URLs.
+  * vcscommand: Backport patch from upstream to handle svn 1.7.  (Closes:
+#688093)
+  * debPlugin: Add support for xz compressed debs.  Thanks to Jakub Wilk for
+the patch.  (Closes: #644172)
+
+ -- James McCoy james...@debian.org  Sun, 07 Oct 2012 11:15:37 -0400
+
 vim-scripts (20110813) unstable; urgency=low
 
   * Rename colors sampler pack to colors-sampler-pack so it's easier to
diff -Naur vim-scripts-20110813/debian/control 
vim-scripts-20121007/debian/control
--- vim-scripts-20110813/debian/control 2011-08-13 23:11:50.0 -0400
+++ vim-scripts-20121007/debian/control 2012-10-07 11:16:17.0 -0400
@@ -2,13 +2,13 @@
 Section: editors
 Priority: optional
 Maintainer: Debian Vim Maintainers 
pkg-vim-maintain...@lists.alioth.debian.org
-Uploaders: Michael Piefel pie...@debian.org, James Vega james...@debian.org
+Uploaders: Michael Piefel pie...@debian.org, James McCoy 
james...@debian.org
 Build-Depends: cdbs, debhelper ( 5.0.0), quilt
 Build-Depends-Indep: xsltproc, docbook-xsl
 Standards-Version: 3.9.2.0
 Homepage: http://www.vim.org/scripts/
-Vcs-Git: git://git.debian.org/git/pkg-vim/vim-scripts.git
-Vcs-Browser: http://git.debian.org/?p=pkg-vim/vim-scripts.git
+Vcs-Git: git://anonscm.debian.org/pkg-vim/vim-scripts.git
+Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-vim/vim-scripts.git
 
 Package: vim-scripts
 Architecture: all
diff -Naur vim-scripts-20110813/debian/patches/deb.vim-xz.diff 
vim-scripts-20121007/debian/patches/deb.vim-xz.diff
--- vim-scripts-20110813/debian/patches/deb.vim-xz.diff 1969-12-31 
19:00:00.0 -0500
+++ vim-scripts-20121007/debian/patches/deb.vim-xz.diff 2012-10-07 
11:16:17.0 -0400
@@ -0,0 +1,25 @@
+Subject: Add support for xz-compressed debs
+Author: Jakub Wilk jw...@debian.org
+Bug-Debian: http://bugs.debian.org/644172
+
+diff --git a/autoload/deb.vim b/autoload/deb.vim
+--- a/autoload/deb.vim
 b/autoload/deb.vim
+@@ -32,6 +32,8 @@
+ let l:unpcmp = tar zxfO 
+ elseif l:archmember == data.tar.bz2
+ let l:unpcmp = tar jxfO 
++elseif l:archmember == data.tar.xz
++  let l:unpcmp = tar JxfO 
+ elseif l:archmember == data.tar.lzma
+ if !s:hascmd(lzma)
+ return
+@@ -230,7 +232,7 @@
+  return data file name for debian package. This can be either data.tar.gz,
+  data.tar.bz2 or data.tar.lzma
+ fun s:dataFileName(deb)
+-for fn in [data.tar.gz, data.tar.bz2, data.tar.lzma, data.tar]
++for fn in [data.tar.gz, data.tar.bz2, data.tar.lzma, data.tar.xz, 
data.tar]
+  [0:-2] is to remove trailing null character from command output
+ if (system(ar t  . ' . a:deb . ' .   . fn))[0:-2] == fn
+ return fn
diff -Naur vim-scripts-20110813/debian/patches/series 
vim-scripts-20121007/debian/patches/series
--- vim-scripts-20110813/debian/patches/series  2011-08-13 23:11:50.0 
-0400
+++ vim-scripts-20121007/debian/patches/series  2012-10-07 11:16:17.0 
-0400
@@ -18,3 +18,5 @@
 lbdbq-query.diff
 lbdbq-detect-lbdbq.diff
 disabledby-doxygentoolkit.diff
+vcscommand-svn1.7.diff
+deb.vim-xz.diff
diff -Naur vim-scripts-20110813/debian/patches/vcscommand-svn1.7.diff 
vim-scripts-20121007/debian/patches/vcscommand-svn1.7.diff
--- vim-scripts-20110813/debian/patches/vcscommand-svn1.7.diff  1969-12-31 
19:00:00.0 -0500
+++ vim-scripts-20121007/debian/patches/vcscommand-svn1.7.diff  2012-10-07 
11:16:17.0 -0400
@@ -0,0 +1,44 @@
+commit f0750a4e0b1606e51807d7157759b3a5e1e9760d
+Author: Bob Hiestand bob.hiest...@gmail.com
+Date:   Tue Oct 18 10:50:12 2011 -0500
+
+identify via 'svn info'
+
+don't look for .svn directories as svn 1.7 breaks that method
+
+--- a/plugin/vcssvn.vim
 b/plugin/vcssvn.vim
+@@ -90,22 +90,17 @@
+ 
+  Function: s:svnFunctions.Identify(buffer) {{{2
+ function! s:svnFunctions.Identify(buffer)
+-  let fileName = resolve(bufname(a:buffer))
+-  if isdirectory(fileName)
+-  let directoryName = fileName
+-  else
+-  let directoryName = fnamemodify(fileName, ':h')
+-  endif
+-  if strlen(directoryName)  0
+-  let svnDir = directoryName . '/.svn'
+-  else
+-  let svnDir = '.svn'
+-  endif

Bug#686621: unblock: devscripts/2.12.2

[James McCoy]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package devscripts

2.12.2 is a small upload to address CVE-2012-3500.  Attached is the
debdiff between 2.12.1 and 2.12.2

unblock devscripts/2.12.2

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diffstat for devscripts-2.12.1 devscripts-2.12.2

 debian/changelog   |   10 ++
 scripts/annotate-output.sh |   10 +++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff -Nru devscripts-2.12.1/debian/changelog devscripts-2.12.2/debian/changelog
--- devscripts-2.12.1/debian/changelog	2012-07-13 16:06:43.0 -0400
+++ devscripts-2.12.2/debian/changelog	2012-08-26 11:22:44.0 -0400
@@ -1,3 +1,13 @@
+devscripts (2.12.2) unstable; urgency=high
+
+  * annotate-output: Fix to prevent symlink attack: don't delete
+safely-created file and reuse its name.  Instead, create temporary
+directory and create FIFOs therein.  Also, be sure to remove temporaries
+upon catchable signal.  Thanks to Jim Meyering for the patch.  Fixes
+CVE-2012-3500.
+
+ -- James McCoy james...@debian.org  Sun, 26 Aug 2012 11:16:17 -0400
+
 devscripts (2.12.1) unstable; urgency=low
 
   * debchange:
diff -Nru devscripts-2.12.1/scripts/annotate-output.sh devscripts-2.12.2/scripts/annotate-output.sh
--- devscripts-2.12.1/scripts/annotate-output.sh	2011-05-22 12:47:07.0 -0400
+++ devscripts-2.12.2/scripts/annotate-output.sh	2012-08-26 11:22:44.0 -0400
@@ -62,10 +62,14 @@
 	exit 1
 fi
 
-OUT=`mktemp --tmpdir annotate.XX` || exit 1
-ERR=`mktemp --tmpdir annotate.XX` || exit 1
+cleanup() { __st=$?; rm -rf $tmp; exit $__st; }
+trap cleanup 0
+trap 'exit $?' 1 2 13 15
+
+tmp=$(mktemp -d --tmpdir annotate.XX) || exit 1
+OUT=$tmp/out
+ERR=$tmp/err
 
-rm -f $OUT $ERR
 mkfifo $OUT $ERR || exit 1
 
 addtime O  $OUT 


signature.asc
Description: Digital signature

Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1

[James McCoy]

On Sun, Aug 26, 2012 at 12:18:48PM +0200, Cyril Brulebois wrote:
 James McCoy james...@debian.org (25/08/2012):
   On a related note, it looks to me like racket isn't exactly a
   widespread package, so picking up xz compression too for t-p-u
   wouldn't help with fitting more stuff on 1st/2nd CDs, would it?
  
  EPARSE.  Are you suggesting I should add the xz compression changes to
  the t-p-u upload, too?  Looking at cdimage-search.d.o, racket's down
  in the 30s for the CD it's on.
 
 ESENDINGMAILSAT4AM. I meant to ask whether first CDs would benefit from
 having racket xz-compressed. Given your answer, clearly not, so sticking
 to the proposed fix only for your t-p-u upload looks sufficient.

Ok, uploaded.

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1

[James McCoy]

On Sun, Aug 26, 2012 at 03:44:09AM +0200, Cyril Brulebois wrote:
 James McCoy james...@debian.org (24/08/2012):
  In case it's worth fixing that for Wheezy, I have a package I can
  upload to testing.  Attached is the debdiff.
  
  What do you think?
 
 I think I'd like to see this go through t-p-u indeed.

Ok, thanks.

 On a related note, it looks to me like racket isn't exactly a widespread
 package, so picking up xz compression too for t-p-u wouldn't help with
 fitting more stuff on 1st/2nd CDs, would it?

EPARSE.  Are you suggesting I should add the xz compression changes to
the t-p-u upload, too?  Looking at cdimage-search.d.o, racket's down in
the 30s for the CD it's on.

 Please use +deb7u1 instead of +wheezy1 (wheezy  jessie, so we're
 starting to move towards this new versioning scheme).

Ok, I'll update that.

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org


signature.asc
Description: Digital signature

Bug#685835: tpu: racket/racket_5.2.1+g6~92c8784+dfsg2-2+wheezy1

[James McCoy]

Package: release.debian.org
Severity: normal

I recently uploaded a new upstream version of racket, completely
forgetting that I meant to do a minor upload to fix #680685 (racket and
planet-venus both ship a planet binary) first.  The unstable upload does
fix that bug, but the delta between the versions is far too large to ask
for an unblock.

In case it's worth fixing that for Wheezy, I have a package I can
upload to testing.  Attached is the debdiff.

What do you think?

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org
diffstat for racket-5.2.1+g6~92c8784+dfsg2 racket-5.2.1+g6~92c8784+dfsg2

 NEWS  |9 +
 changelog |6 ++
 rules |1 +
 3 files changed, 16 insertions(+)

diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/changelog racket-5.2.1+g6~92c8784+dfsg2/debian/changelog
--- racket-5.2.1+g6~92c8784+dfsg2/debian/changelog	2012-06-26 19:07:18.0 -0400
+++ racket-5.2.1+g6~92c8784+dfsg2/debian/changelog	2012-08-22 21:52:33.0 -0400
@@ -1,3 +1,9 @@
+racket (5.2.1+g6~92c8784+dfsg2-2+wheezy1) testing; urgency=low
+
+  * Stop shipping /usr/bin/planet.  (Closes: #680685)
+
+ -- James McCoy james...@debian.org  Wed, 22 Aug 2012 21:49:27 -0400
+
 racket (5.2.1+g6~92c8784+dfsg2-2) unstable; urgency=low
 
   * Update description to use Racket in place of scheme (Closes: #679000).
diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS
--- racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS	1969-12-31 19:00:00.0 -0500
+++ racket-5.2.1+g6~92c8784+dfsg2/debian/NEWS	2012-08-22 21:52:33.0 -0400
@@ -0,0 +1,9 @@
+racket (5.2.1+g6~92c8784+dfsg2-2+wheezy1) testing; urgency=low
+
+  The planet binary is no longer provided with racket.  Uses of it should be
+  replaced with “raco planet”.
+
+  This removal is planned upstream as well, but it is being performed earlier
+  in Debian's packaging due to #680685.
+
+ -- James McCoy james...@debian.org  Fri, 10 Aug 2012 16:34:33 -0400
diff -Nru racket-5.2.1+g6~92c8784+dfsg2/debian/rules racket-5.2.1+g6~92c8784+dfsg2/debian/rules
--- racket-5.2.1+g6~92c8784+dfsg2/debian/rules	2012-06-26 19:07:18.0 -0400
+++ racket-5.2.1+g6~92c8784+dfsg2/debian/rules	2012-08-22 21:52:33.0 -0400
@@ -44,6 +44,7 @@
 do-install-arch: PLT_EXTRA=--no-docs --no-zo
 do-install-arch:
 	$(DEB_MAKE_ENVVARS) $(MAKE) -C $(DEB_BUILDDIR) install DESTDIR=$(CURDIR)/debian/tmp
+	rm -f $(CURDIR)/debian/tmp/usr/bin/planet
 
 do-install-indep: PLT_EXTRA=--no-launcher --no-install --no-post-install
 do-install-indep:


signature.asc
Description: Digital signature