Bug#926889: unblock: graphviz/2.40.1-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock graphviz which fixes a vulnerability, CVE-2018-10196 [1]. The debdiff which is attached contains some extra self-tests over the fix. Thanks for consideration, Laszlo/GCS [1] https://bugs.debian.org/898841 diff -Nru graphviz-2.40.1/debian/changelog graphviz-2.40.1/debian/changelog --- graphviz-2.40.1/debian/changelog 2018-10-03 15:04:59.0 + +++ graphviz-2.40.1/debian/changelog 2019-04-08 15:51:00.0 + @@ -1,3 +1,10 @@ +graphviz (2.40.1-6) unstable; urgency=high + + * Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists() +(closes: #898841). + + -- Laszlo Boszormenyi (GCS) Mon, 08 Apr 2019 15:51:00 + + graphviz (2.40.1-5) unstable; urgency=medium * Patch upstream _gv.so symlink creation (closes: #905209). diff -Nru graphviz-2.40.1/debian/patches/CVE-2018-10196.patch graphviz-2.40.1/debian/patches/CVE-2018-10196.patch --- graphviz-2.40.1/debian/patches/CVE-2018-10196.patch 1970-01-01 00:00:00.0 + +++ graphviz-2.40.1/debian/patches/CVE-2018-10196.patch 2019-04-08 15:51:00.0 + @@ -0,0 +1,605 @@ +diff --git a/configure.ac b/configure.ac +index b0762993c299fcd3d9040aec19d99425132b42f2..6f743e9d23e072301bd94f58b3fb865fee804f0e 100644 +--- a/configure.ac b/configure.ac +@@ -3363,6 +3363,7 @@ AC_CONFIG_FILES(Makefile + tests/unit_tests/lib/common/Makefile + tests/regression_tests/Makefile + tests/regression_tests/shapes/Makefile ++ tests/regression_tests/vuln/Makefile + share/Makefile + share/examples/Makefile + share/gui/Makefile +diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c +index dd13e936bf25d17d8baa5b3b9e089cff35c502fe..f7307d23b3ff9151b283c9b045892a80c0d6c055 100644 +--- a/lib/dotgen/conc.c b/lib/dotgen/conc.c +@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g) + + for (r = GD_minrank(g); r <= GD_maxrank(g); r++) { + lead = GD_rankleader(g)[r]; +- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) { ++ if (lead == NULL) { ++ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r); ++ longjmp(jbuf, 1); ++ } ++ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) { + agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n", + agnameof(lead), ND_order(lead), r); + longjmp(jbuf, 1); +diff --git a/tests/regression_tests/Makefile.am b/tests/regression_tests/Makefile.am +index c375449ad3f30834eb10b19a6174977354d41230..c472181c13387de9c579f533e17d1a749fb0b534 100644 +--- a/tests/regression_tests/Makefile.am b/tests/regression_tests/Makefile.am +@@ -1 +1 @@ +-SUBDIRS = shapes ++SUBDIRS = shapes vuln +diff --git a/tests/regression_tests/vuln/Makefile.am b/tests/regression_tests/vuln/Makefile.am +new file mode 100644 +index ..e58fc3cde6384a581914f92edcacd815f4738e80 +--- /dev/null b/tests/regression_tests/vuln/Makefile.am +@@ -0,0 +1,2 @@ ++check test rtest: ++ python vuln.py +diff --git a/tests/regression_tests/vuln/input/nullderefrebuildlist.dot b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot +new file mode 100644 +index ..31a15a1dad27aa8a34bd47b297eb02bfdf1a6f9c +--- /dev/null b/tests/regression_tests/vuln/input/nullderefrebuildlist.dot +@@ -0,0 +1,55 @@ ++digraph G { ++graph [concentrate=true]; ++ ++routine1; ++routine2; ++ ++rfontsize=9; ++nodesep="0.4"; ++ranksep="0.4"; ++node [fontname=Arial, fontsize=9, shape=box]; ++subgraph clustere3ffa58211d69e3db000538bf02fa1d0 { ++label = "DriveCom Z"; ++Ie3ffa58211d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2]; ++Se3ffa4bf11d69e3db000538bf02fa1d0 [label="Idle"]; ++Se3ffa7b011d69e3db000538bf02fa1d0 [label="Disabled"]; ++subgraph clustere3ffa77611d69e3db000538bf02fa1d0 { ++label = "Active"; ++Ie3ffa77611d69e3db000538bf02fa1d0 [label="", shape=circle, style=filled, color=black, width=.2]; ++Se3fa84b11d69e3db000538bf02fa1d0 [label="Undefined"]; ++Se3ffa60811d69e3db000538bf02fa1d0 [label="Wait Switch On Inhibit"]; ++Se3ffa87211d69e3db000538bf02fa1d0 [label="Switch On Inhibit"]; ++Se3ffa65611d69e3db000538bf02fa1d0 [label="Wait Ready To Switch On"]; ++Se3ffa61c11d69e3db000538bf02fa1d0 [label="Ready To Switch On"]; ++Se3ffa53211d69e3db000538bf02fa1d0 [label="Wait Switched On"]; ++Se3ffa8ac11d69e3db000538bf02fa1d0 [label="Switched On"]; ++Se3ffa83711d69e3db000538bf02fa1d0 [label="Wait Operation Enabled"]; ++Se3ffa81011d69e3db000538bf02fa1d0
Bug#926002: unblock: zeromq3/4.3.1-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Unfortunately upstream of zeromq3 broke GSSAPI detection[1] in the configure phase. It went undetected and now zeromq3 for Buster doesn't have GSSAPI support and this is a regression since Stretch. Luca Boccassi who is not just our fellow DD but also upstream fixed it with a small patch. Full debdiff is attached. Please let it migrate to Buster and have the same functionality available that's in Stretch. Thanks for consideration, Laszlo/GCS [1] https://bugs.debian.org/925914 diff -Nru zeromq3-4.3.1/debian/changelog zeromq3-4.3.1/debian/changelog --- zeromq3-4.3.1/debian/changelog 2019-01-26 12:49:45.0 + +++ zeromq3-4.3.1/debian/changelog 2019-03-28 16:37:09.0 + @@ -1,3 +1,10 @@ +zeromq3 (4.3.1-4) unstable; urgency=medium + + [ Luca Boccassi ] + * Fix GSSAPI support build (closes: #925914). + + -- Laszlo Boszormenyi (GCS) Thu, 28 Mar 2019 16:37:09 + + zeromq3 (4.3.1-3) unstable; urgency=medium [ Luca Boccassi ] diff -Nru zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch --- zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch 1970-01-01 00:00:00.0 + +++ zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch 2019-03-28 16:37:09.0 + @@ -0,0 +1,30 @@ +Author: Luca Boccassi +Description: gssapi pkg-config check in configure.ac does not work + correctly enable the definition in platform.hpp so that the + gssapi support is actually built in if requested and available. +Origin: https://github.com/zeromq/libzmq/pull/3361 +--- a/configure.ac b/configure.ac +@@ -472,16 +472,20 @@ + # conditionally require libgssapi_krb5 + if test "x$require_libgssapi_krb5_ext" != "xno"; then + PKG_CHECK_MODULES([gssapi_krb5], [krb5-gssapi], [ ++have_gssapi_library="yes" + PKGCFG_NAMES_PRIVATE="$PKGCFG_NAMES_PRIVATE krb5-gssapi" + ], [ + AC_CHECK_HEADERS(gssapi/gssapi_generic.h) + AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi], +-AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]), ++have_gssapi_library="yes", + AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security)) + PKGCFG_LIBS_PRIVATE="$PKGCFG_LIBS_PRIVATE -lgssapi_krb5" + ]) + fi +-AM_CONDITIONAL(BUILD_GSSAPI, test "x$require_libgssapi_krb5_ext" != "xno") ++if test "x$have_gssapi_library" = "xyes"; then ++AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]) ++fi ++AM_CONDITIONAL(BUILD_GSSAPI, test "x$have_gssapi_library" = "xyes") + + # Select curve encryption library, defaults to tweetnacl + # To use libsodium instead, use --with-libsodium (must be installed) diff -Nru zeromq3-4.3.1/debian/patches/series zeromq3-4.3.1/debian/patches/series --- zeromq3-4.3.1/debian/patches/series 2019-01-26 12:49:45.0 + +++ zeromq3-4.3.1/debian/patches/series 2019-03-28 16:37:09.0 + @@ -3,3 +3,4 @@ test_hardcoded_ipc_path.patch ppc64_atomic_intrinsics.patch test_pair_ipc_hurd.patch +gssapi_pkgconfig.patch
Bug#918308: transition: botan
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi RMs, It's a small transition with only three packages: biboumi, libqtshadowsocks and qtcreator. All three build fine with this botan release as well. It is also needed for proper upstream support for building botan for armel/armhf on arm64 machines[1]. Thanks, Laszlo/GCS [1] https://bugs.debian.org/916970
Bug#912853: transition: icu
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi RMs, I'd like to upload ICU 63.1 which was recently released for Buster. The packaging already bootstrapped with icu-le-hb (Layout Engine using the HarfBuzz library) in experimental. Rebuilding of dependent packages are in progress. I can report the following so far. Level 1 widelands FTBFS, but I've a patch. Level 2 boost1.63 FTBFS due to an unrelated, Pyhon 3.7 problem probably related to the already reported case in #902921 [1]. I think it's going to be removed thus didn't investigated further. hfst-ospell FTBFS and while I've a patch, it's already fixed in its new, 0.5.1 release. mozjs60 FTBFS due to an unrelated problem, confirmed in a clean Sid environment as well. nodejs FTBFS on x86 only and while I've a patch it will still fail to build due to its test suite problems already reported in #902512 [2]. openttd FTBFS on x86 only and upstream has a patch that can be backported easily. Other packages are in build testing. I don't expect too much problems and fixing build failures are quite easy. This has to be done with the Boost 1.67 transition which is already scheduled. I don't think this would delay that too much as my testing is done with the ICU transitioned boost1.67 package and boost-defaults set to it. It seems more and more applications start to use it as their ICU dependency for Unicode 11.0 support including Firefox and Chromium browser. Would be nice if Buster can be shipped with this ICU release. Regards, Laszlo/GCS [1] https://bugs.debian.org/902921 [2] https://bugs.debian.org/902512
Bug#897165: transition: botan
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, A small, incremental transition of botan 2.4 -> 2.6 as the dependent packages are only biboumi and qtcreator. Both build fine with it. Two things to note. For sixteen days it's still doesn't scheduled to build on armhf, but I don't think it would have any problem. Then it failed to build on armel due to an unrelated problem. I've already requested a give-back just in case. Regards, Laszlo/GCS
Bug#895935: jessie-pu: package patch/2.7.5-1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi OSRMs, I'd like to fix CVE-2018-1000156 in patch for Jessie, which is an arbitrary command execution in ed-style patches. While it might be used for remote compromise, it would need a setup to accept patches unconditionally. But then an attacker has an easy path already to insert vulnerable code to source files or JavaScript injection to HTML pages, etc. Hence it doesn't warrant a DSA on its own, but would be good to fix in a point release. Thanks for considering, Laszlo/GCSdiff -Nru patch-2.7.5/debian/changelog patch-2.7.5/debian/changelog --- patch-2.7.5/debian/changelog 2015-03-07 06:38:30.0 + +++ patch-2.7.5/debian/changelog 2018-04-16 20:48:14.0 + @@ -1,3 +1,10 @@ +patch (2.7.5-1+deb8u1) jessie; urgency=medium + + * Fix CVE-2018-1000156: arbitrary command execution in ed-style patches +(closes: #894993). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 16 Apr 2018 20:48:14 + + patch (2.7.5-1) unstable; urgency=medium * New upstream release. diff -Nru patch-2.7.5/debian/control patch-2.7.5/debian/control --- patch-2.7.5/debian/control 2015-03-07 06:33:14.0 + +++ patch-2.7.5/debian/control 2018-04-16 20:48:14.0 + @@ -2,7 +2,7 @@ Section: vcs Priority: standard Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> -Build-Depends: debhelper (>= 7), ed +Build-Depends: debhelper (>= 7), ed, autoconf, automake Standards-Version: 3.9.6 Homepage: http://savannah.gnu.org/projects/patch/ Vcs-Git: git://git.debian.org/collab-maint/patch.git diff -Nru patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch --- patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch 1970-01-01 00:00:00.0 + +++ patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch 2018-04-16 20:48:14.0 + @@ -0,0 +1,237 @@ +From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agr...@gnu.org> +Date: Fri, 6 Apr 2018 12:14:49 +0200 +Subject: Fix arbitrary command execution in ed-style patches + (CVE-2018-1000156) + +* src/pch.c (do_ed_script): Write ed script to a temporary file instead +of piping it to ed: this will cause ed to abort on invalid commands +instead of rejecting them and carrying on. +* tests/ed-style: New test case. +* tests/Makefile.am (TESTS): Add test case. +--- + src/pch.c | 91 --- + tests/Makefile.am | 1 + + tests/ed-style| 41 + + 3 files changed, 108 insertions(+), 25 deletions(-) + create mode 100644 tests/ed-style + +diff --git a/src/pch.c b/src/pch.c +index 0c5cc26..4fd5a05 100644 +--- a/src/pch.c b/src/pch.c +@@ -33,6 +33,7 @@ + # include + #endif + #include ++#include + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2387,22 +2387,28 @@ do_ed_script (char const *inname, char c + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +-FILE *pipefp = 0; + size_t chars_read; ++FILE *tmpfp = 0; ++char const *tmpname; ++int tmpfd; ++pid_t pid; ++ ++if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +-if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +-} + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2413,14 +2418,14 @@ do_ed_script (char const *inname, char const *outname, + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (bu
Bug#895936: stretch-pu: package patch/2.7.5-1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi SRMs, I'd like to fix CVE-2018-1000156 in patch for Stretch, which is an arbitrary command execution in ed-style patches. While it might be used for remote compromise, it would need a setup to accept patches unconditionally. But then an attacker has an easy path already to insert vulnerable code to source files or JavaScript injection to HTML pages, etc. Hence it doesn't warrant a DSA on its own, but would be good to fix in a point release. Thanks for considering, Laszlo/GCSdiff -Nru patch-2.7.5/debian/changelog patch-2.7.5/debian/changelog --- patch-2.7.5/debian/changelog 2015-03-07 06:38:30.0 + +++ patch-2.7.5/debian/changelog 2018-04-16 20:48:43.0 + @@ -1,3 +1,10 @@ +patch (2.7.5-1+deb9u1) stretch; urgency=medium + + * Fix CVE-2018-1000156: arbitrary command execution in ed-style patches +(closes: #894993). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 16 Apr 2018 20:48:43 + + patch (2.7.5-1) unstable; urgency=medium * New upstream release. diff -Nru patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch --- patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch 1970-01-01 00:00:00.0 + +++ patch-2.7.5/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch 2018-04-16 20:48:43.0 + @@ -0,0 +1,237 @@ +From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agr...@gnu.org> +Date: Fri, 6 Apr 2018 12:14:49 +0200 +Subject: Fix arbitrary command execution in ed-style patches + (CVE-2018-1000156) + +* src/pch.c (do_ed_script): Write ed script to a temporary file instead +of piping it to ed: this will cause ed to abort on invalid commands +instead of rejecting them and carrying on. +* tests/ed-style: New test case. +* tests/Makefile.am (TESTS): Add test case. +--- + src/pch.c | 91 --- + tests/Makefile.am | 1 + + tests/ed-style| 41 + + 3 files changed, 108 insertions(+), 25 deletions(-) + create mode 100644 tests/ed-style + +diff --git a/src/pch.c b/src/pch.c +index 0c5cc26..4fd5a05 100644 +--- a/src/pch.c b/src/pch.c +@@ -33,6 +33,7 @@ + # include + #endif + #include ++#include + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2387,22 +2387,28 @@ do_ed_script (char const *inname, char c + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +-FILE *pipefp = 0; + size_t chars_read; ++FILE *tmpfp = 0; ++char const *tmpname; ++int tmpfd; ++pid_t pid; ++ ++if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +-if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +-} + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2413,14 +2418,14 @@ do_ed_script (char const *inname, char const *outname, + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (ed_command_letter != 'd' && ed_command_letter != 's') { + p_pass_comments_through = true; + while ((chars_read = get_line ()) != 0) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (chars_read == 2 && strEQ (buf, ".\n&
Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi SRMs, I'd like to fix CVE-2017-10989 in SQLite3 for Jessie, which is a heap-based buffer over-read via undersized RTree blobs. It's considered remotely exploitable, still marked as no-DSA by the Security Team. Still, worth fixing via the point update, proposed patch is attached. Thanks for considering, Laszlo/GCSdiff -Nru sqlite3-3.8.7.1/debian/changelog sqlite3-3.8.7.1/debian/changelog --- sqlite3-3.8.7.1/debian/changelog 2016-08-25 16:10:24.0 + +++ sqlite3-3.8.7.1/debian/changelog 2017-10-03 16:13:42.0 + @@ -1,3 +1,10 @@ +sqlite3 (3.8.7.1-1+deb8u3) jessie; urgency=medium + + * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree +blobs (closes: #867618). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Tue, 03 Oct 2017 16:13:42 + + sqlite3 (3.8.7.1-1+deb8u2) jessie; urgency=medium * Fix CVE-2016-6153 , Tempdir Selection Vulnerability. diff -Nru sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch --- sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.8.7.1/debian/patches/51-CVE-2017-10989.patch 2017-10-03 16:13:42.0 + @@ -0,0 +1,47 @@ +Index: sqlite3/ext/rtree/rtree.c +== +--- sqlite3/ext/rtree/rtree.c sqlite3/ext/rtree/rtree.c +@@ -3131,10 +3131,14 @@ + pRtree->zDb, pRtree->zName + ); + rc = getIntFromStmt(db, zSql, >iNodeSize); + if( rc!=SQLITE_OK ){ + *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db)); ++}else if( pRtree->iNodeSize<(512-64) ){ ++ rc = SQLITE_CORRUPT; ++ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"", ++ pRtree->zName); + } + } + + sqlite3_free(zSql); + return rc; + +Index: sqlite3/ext/rtree/rtreeA.test +== +--- sqlite3/ext/rtree/rtreeA.test sqlite3/ext/rtree/rtreeA.test +@@ -213,8 +213,21 @@ + } {} + do_corruption_tests rtreeA-6.1 { + 1 "DELETE FROM t1 WHERE rowid = 5" + 2 "UPDATE t1 SET x1=x1+1, x2=x2+1" + } ++ ++#- ++# Truncated blobs in the _node table. ++# ++create_t1 ++populate_t1 ++sqlite3 db test.db ++do_execsql_test rtreeA-7.100 { ++ UPDATE t1_node SET data=x'' WHERE rowid=1; ++} {} ++do_catchsql_test rtreeA-7.110 { ++ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100; ++} {1 {undersize RTree blobs in "t1_node"}} + + + finish_test + diff -Nru sqlite3-3.8.7.1/debian/patches/series sqlite3-3.8.7.1/debian/patches/series --- sqlite3-3.8.7.1/debian/patches/series 2016-08-25 16:10:24.0 + +++ sqlite3-3.8.7.1/debian/patches/series 2017-10-03 16:13:42.0 + @@ -13,3 +13,4 @@ 46-CVE-2016-6153_part2.patch 47-CVE-2016-6153_part3.patch 50-fix_in-memory_journal.patch +51-CVE-2017-10989.patch
Bug#877640: stretch-pu: package sqlite3/3.16.2-5+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi SRMs, I'd like to fix CVE-2017-10989 in SQLite3 for Stretch, which is a heap-based buffer over-read via undersized RTree blobs. It's considered remotely exploitable, still marked as no-DSA by the Security Team. Still, worth fixing via the point update, proposed patch is attached. Thanks for considering, Laszlo/GCSdiff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog --- sqlite3-3.16.2/debian/changelog 2017-06-08 22:07:42.0 + +++ sqlite3-3.16.2/debian/changelog 2017-10-03 16:13:44.0 + @@ -1,3 +1,10 @@ +sqlite3 (3.16.2-5+deb9u1) stretch; urgency=medium + + * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree +blobs (closes: #867618). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Tue, 03 Oct 2017 16:13:44 + + sqlite3 (3.16.2-5) unstable; urgency=medium * Backport fix for corruption due to REPLACE in an auto-vacuumed database. diff -Nru sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch --- sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.16.2/debian/patches/51-CVE-2017-10989.patch 2017-10-03 16:13:44.0 + @@ -0,0 +1,47 @@ +Index: sqlite3/ext/rtree/rtree.c +== +--- sqlite3/ext/rtree/rtree.c sqlite3/ext/rtree/rtree.c +@@ -3207,10 +3207,14 @@ + pRtree->zDb, pRtree->zName + ); + rc = getIntFromStmt(db, zSql, >iNodeSize); + if( rc!=SQLITE_OK ){ + *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db)); ++}else if( pRtree->iNodeSize<(512-64) ){ ++ rc = SQLITE_CORRUPT; ++ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"", ++ pRtree->zName); + } + } + + sqlite3_free(zSql); + return rc; + +Index: sqlite3/ext/rtree/rtreeA.test +== +--- sqlite3/ext/rtree/rtreeA.test sqlite3/ext/rtree/rtreeA.test +@@ -213,8 +213,21 @@ + } {} + do_corruption_tests rtreeA-6.1 { + 1 "DELETE FROM t1 WHERE rowid = 5" + 2 "UPDATE t1 SET x1=x1+1, x2=x2+1" + } ++ ++#- ++# Truncated blobs in the _node table. ++# ++create_t1 ++populate_t1 ++sqlite3 db test.db ++do_execsql_test rtreeA-7.100 { ++ UPDATE t1_node SET data=x'' WHERE rowid=1; ++} {} ++do_catchsql_test rtreeA-7.110 { ++ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100; ++} {1 {undersize RTree blobs in "t1_node"}} + + + finish_test + diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series --- sqlite3-3.16.2/debian/patches/series 2017-06-08 22:07:42.0 + +++ sqlite3-3.16.2/debian/patches/series 2017-10-03 16:13:44.0 + @@ -13,3 +13,4 @@ 42-JSON-2_2.patch 43-JSON-3.patch 50-REPLACE_corruption_fix.patch +51-CVE-2017-10989.patch
Bug#856121: unblock: zeromq3
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Recently reported that the OpenPGM support of ZeroMQ doesn't work (RC bug link[1]). Reason is that the configure switch for that was changed a while back from 'with-system-pgm' to 'with-pgm' and it went unnoticed. Please unblock it and let users have OpenPGM support again. The debdiff is attached and the change is only the mentioned configure switch. Thanks, Laszlo/GCS [1] https://bugs.debian.org/856023diff -Nru zeromq3-4.2.1/debian/changelog zeromq3-4.2.1/debian/changelog --- zeromq3-4.2.1/debian/changelog 2017-01-01 15:53:54.0 + +++ zeromq3-4.2.1/debian/changelog 2017-02-24 17:35:03.0 + @@ -1,3 +1,9 @@ +zeromq3 (4.2.1-3) unstable; urgency=medium + + * Compile with OpenPGM support (closes: #856023). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Fri, 24 Feb 2017 17:35:03 + + zeromq3 (4.2.1-2) unstable; urgency=low * Backport upstream fix for Hurd FTBFS (closes: #849860). diff -Nru zeromq3-4.2.1/debian/rules zeromq3-4.2.1/debian/rules --- zeromq3-4.2.1/debian/rules 2016-11-04 15:30:31.0 + +++ zeromq3-4.2.1/debian/rules 2017-02-24 17:35:03.0 + @@ -17,7 +17,7 @@ rm -f config.log override_dh_auto_configure: - dh_auto_configure -- --with-system-pgm --with-libsodium + dh_auto_configure -- --with-pgm --with-libsodium override_dh_auto_test: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
Bug#856120: unblock (pre-approval): sqlite3
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, There's a NULL pointer problem fixed in the 3.17.0 version of SQLite that affects the Stretch version. The bugreport[1] contains a proof of concept code, which doesn't crash (it seems it doesn't have a security impact) - but still the bug marked as severe code defect and fixed immediately. Upstream fix[2] is small, checking the value and assign 0 if it's NULL. Then the next 'if' will print an error message that the value can not be opened as being NULL. The debdiff is attached and I hope the upload and later the unblock can be approved. Thanks for consideration, Laszlo/GCS [1] http://www.sqlite.org/src/tktview?name=e6e962d6b0 [2] https://www.sqlite.org/src/info/8cd1a4451cce1fe2diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog --- sqlite3-3.16.2/debian/changelog 2017-01-22 17:21:15.0 + +++ sqlite3-3.16.2/debian/changelog 2017-02-13 17:31:26.0 + @@ -1,3 +1,10 @@ +sqlite3 (3.16.2-3) unstable; urgency=medium + + * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly +handles short rows. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 13 Feb 2017 17:31:26 + + sqlite3 (3.16.2-2) unstable; urgency=medium * Backport upstream fix of variable initialization in the CLI tool. diff -Nru sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch --- sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch 2017-02-13 17:31:26.0 + @@ -0,0 +1,22 @@ +Description: Ensure that sqlite3_blob_reopen() correctly handles short rows + TODO: Put a short summary on the line above and replace this paragraph + * Non-maintainer upload. +Origin: upstream, https://www.sqlite.org/src/info/8cd1a4451cce1fe2 +Author: Laszlo Boszormenyi (GCS) <g...@debian.org> +Last-Update: 2017-02-14 + +--- + +--- sqlite3-3.16.2.orig/src/vdbeblob.c sqlite3-3.16.2/src/vdbeblob.c +@@ -67,7 +67,9 @@ static int blobSeekToRow(Incrblob *p, sq + rc = sqlite3_step(p->pStmt); + if( rc==SQLITE_ROW ){ + VdbeCursor *pC = v->apCsr[0]; +-u32 type = pC->aType[p->iCol]; ++u32 type = pC->nHdrParsed>p->iCol ? pC->aType[p->iCol] : 0; ++testcase( pC->nHdrParsed==p->iCol ); ++testcase( pC->nHdrParsed==p->iCol+1 ); + if( type<12 ){ + zErr = sqlite3MPrintf(p->db, "cannot open value of type %s", + type==0?"null": type==7?"real": "integer" diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series --- sqlite3-3.16.2/debian/patches/series 2017-01-22 17:21:15.0 + +++ sqlite3-3.16.2/debian/patches/series 2017-02-13 17:31:26.0 + @@ -6,3 +6,4 @@ 31-increase_SQLITE_MAX_DEFAULT_PAGE_SIZE_to_32k.patch 02-use-packaged-lempar.c.patch 32-fix_an_uninitialized_variable_in_the_command-line_shell.patch +35-fix-sqlite3_blob_reopen.patch
Bug#856119: unblock: qpid-python
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, I maintain some Qpid related packages, even if I've neglected those. However qpid-python was in other hands and recently orphaned. I have adopted it and made small changes to it. The compat change may warn you, but I can assure you that the binary package is bit identical to the one currently in Stretch (made md5sum on all files and those match). Please unblock it to have a maintainer in the background - debdiff is attached. Thanks, Laszlo/GCSdiff -Nru qpid-python-1.35.0+dfsg/debian/changelog qpid-python-1.35.0+dfsg/debian/changelog --- qpid-python-1.35.0+dfsg/debian/changelog 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/changelog 2017-02-21 22:44:19.0 +0100 @@ -1,3 +1,11 @@ +qpid-python (1.35.0+dfsg-2) unstable; urgency=low + + * New maintainer (closes: #729207). + * Generalize watch file. + * Use debhelper level 10 in compat. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Tue, 21 Feb 2017 21:44:19 + + qpid-python (1.35.0+dfsg-1) unstable; urgency=medium * QA upload. diff -Nru qpid-python-1.35.0+dfsg/debian/compat qpid-python-1.35.0+dfsg/debian/compat --- qpid-python-1.35.0+dfsg/debian/compat 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/compat 2017-02-21 22:44:19.0 +0100 @@ -1 +1 @@ -9 +10 diff -Nru qpid-python-1.35.0+dfsg/debian/control qpid-python-1.35.0+dfsg/debian/control --- qpid-python-1.35.0+dfsg/debian/control 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/control 2017-02-21 22:44:19.0 +0100 @@ -1,7 +1,7 @@ Source: qpid-python Section: python Priority: extra -Maintainer: Debian QA Group <packa...@qa.debian.org> +Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Build-Depends: debhelper (>= 10), dh-python, python (>= 2.6.6-3~), diff -Nru qpid-python-1.35.0+dfsg/debian/copyright qpid-python-1.35.0+dfsg/debian/copyright --- qpid-python-1.35.0+dfsg/debian/copyright 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/copyright 2017-02-21 22:44:19.0 +0100 @@ -4,7 +4,7 @@ Files-Excluded: qpid/specs/amqp-0-10.dtd Files: * -Copyright: 2006-2016 QPID Apache team +Copyright: 2006-2017 QPID Apache team License: Apache Files: qpid/specs/* @@ -15,8 +15,9 @@ Copyright: 2009-2012 Cajus Pollmeier <ca...@debian.org> 2013 Michael Gilbert <mgilb...@debian.org> 2013 Barry deFreese <bdefre...@debian.org> - 2013 Michael Banck <mba...@debian.org> + 2013 Michael Banck <mba...@debian.org> 2016 Herbert Parentes Fortes Neto <h...@debian.org> + 2017 Laszlo Boszormenyi (GCS) <g...@debian.org> License: GPL-3+ License: Apache diff -Nru qpid-python-1.35.0+dfsg/debian/rules qpid-python-1.35.0+dfsg/debian/rules --- qpid-python-1.35.0+dfsg/debian/rules 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/rules 2017-02-21 22:44:19.0 +0100 @@ -1,10 +1,14 @@ #!/usr/bin/make -f +# -*- makefile -*- +# Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 + export PYBUILD_NAME = qpid +override_dh_auto_test: + %: dh $@ --with python2 --buildsystem=pybuild -override_dh_auto_test: - +.PHONY: override_dh_auto_test diff -Nru qpid-python-1.35.0+dfsg/debian/watch qpid-python-1.35.0+dfsg/debian/watch --- qpid-python-1.35.0+dfsg/debian/watch 2016-10-09 20:24:29.0 +0200 +++ qpid-python-1.35.0+dfsg/debian/watch 2017-02-21 22:44:19.0 +0100 @@ -1,4 +1,3 @@ version=4 -#http://www.apache.org/dist/qpid/([\d\.]+)/qpid-python-(.*)\.tar\.gz opts=dversionmangle=s/\+dfsg\d*$// \ -http://ftp.unicamp.br/pub/apache/qpid/python/([\d\.]+)/qpid-python-(.*)\.tar\.gz +http://qpid.apache.org/download.html .*/python/.+/qpid-python-([\d\.]+)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz))
Bug#856118: unblock: graphicsmagick
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Upstream of GraphicsMagick, Bob Friesenhahn reported its vulnerability when reading (heap buffer overread) CMYKA TIFF files[1]. The fix is small and the debdiff is attached for your convenience. Please unblock and let it migrate to Stretch. Thanks, Laszlo/GCS [1] http://www.openwall.com/lists/oss-security/2017/02/24/1diff -Nru graphicsmagick-1.3.25/debian/changelog graphicsmagick-1.3.25/debian/changelog --- graphicsmagick-1.3.25/debian/changelog 2016-12-25 15:42:18.0 +0100 +++ graphicsmagick-1.3.25/debian/changelog 2017-02-24 20:17:41.0 +0100 @@ -1,3 +1,9 @@ +graphicsmagick (1.3.25-8) unstable; urgency=high + + * Backport security fix for out of bounds access when reading CMYKA tiff. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Fri, 24 Feb 2017 19:17:41 + + graphicsmagick (1.3.25-7) unstable; urgency=medium * Add hack to build self-tests on mips* architectures. diff -Nru graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch --- graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch 1970-01-01 01:00:00.0 +0100 +++ graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch 2017-02-24 20:17:41.0 +0100 @@ -0,0 +1,70 @@ +# HG changeset patch +# User Bob Friesenhahn <bfrie...@graphicsmagick.org> +# Date 1487905610 21600 +# Thu Feb 23 21:06:50 2017 -0600 +# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8 +# Parent 0392c4305a4369984ec8069055acc470c0a73647 +Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel. + +diff -r 0392c4305a43 -r 6156b4c2992d ChangeLog +--- a/ChangeLog Sun Jan 29 10:04:57 2017 -0600 b/ChangeLog Thu Feb 23 21:06:50 2017 -0600 +@@ -1,3 +1,10 @@ ++2017-02-23 Bob Friesenhahn <bfrie...@simple.dallas.tx.us> ++ ++ * coders/tiff.c (QuantumTransferMode): Fix out of bounds ++ read/write when reading CMYKA TIFF which claims to have only 2 ++ samples per pixel. Problem was reported via email on February 15, ++ 2017 by Valon Chu. ++ + 2016-10-21 Glenn Randers-Pehrson <glen...@simple.dallas.tx.us> + + *coders/png.c (ReadOneJNGImage): Enforce spec requirement that the +diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c +--- a/coders/tiff.c Sun Jan 29 10:04:57 2017 -0600 b/coders/tiff.c Thu Feb 23 21:06:50 2017 -0600 +@@ -1230,8 +1230,8 @@ + case 0: + if (samples_per_pixel == 1) + *quantum_type=GrayQuantum; +- else +-*quantum_type=RedQuantum; ++else ++ *quantum_type=RedQuantum; + break; + case 1: + *quantum_type=GreenQuantum; +@@ -1411,12 +1411,12 @@ + } + else + { +-if (image->matte) ++if (image->matte && samples_per_pixel >= 5) + { + *quantum_type=CMYKAQuantum; + *quantum_samples=5; + } +-else ++else if (samples_per_pixel >= 4) + { + *quantum_type=CMYKQuantum; + *quantum_samples=4; +diff -r 0392c4305a43 -r 6156b4c2992d www/Changelog.html +--- a/www/Changelog.html Sun Jan 29 10:04:57 2017 -0600 b/www/Changelog.html Thu Feb 23 21:06:50 2017 -0600 +@@ -35,6 +35,15 @@ + + + ++2017-02-23 Bob Friesenhahn bfriesensimpledallastxus ++ ++ ++coders/tiff.c (QuantumTransferMode): Fix out of bounds ++read/write when reading CMYKA TIFF which claims to have only 2 ++samples per pixel. Problem was reported via email on February 15, ++2017 by Valon Chu. ++ ++ + 2016-10-21 Glenn Randers-Pehrson glennrpsimpledallastxus + + *coders/png.c (ReadOneJNGImage): Enforce spec requirement that the diff -Nru graphicsmagick-1.3.25/debian/patches/series graphicsmagick-1.3.25/debian/patches/series --- graphicsmagick-1.3.25/debian/patches/series 2016-12-25 15:42:18.0 +0100 +++ graphicsmagick-1.3.25/debian/patches/series 2017-02-24 20:17:41.0 +0100 @@ -8,3 +8,4 @@ CVE-2016-8684.patch CVE-2016-9830.patch mips_link_fix.patch +Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch
Bug#854968: unblock: ntfs-3g
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock ntfs-3g 2016.2.22AR.1-4 as it fixes CVE-2017-0358. The debdiff is attached for your convenience. Thanks, Laszlo/GCSdiff -Nru ntfs-3g-2016.2.22AR.1/debian/changelog ntfs-3g-2016.2.22AR.1/debian/changelog --- ntfs-3g-2016.2.22AR.1/debian/changelog 2016-04-21 18:48:50.0 + +++ ntfs-3g-2016.2.22AR.1/debian/changelog 2017-02-01 06:23:28.0 + @@ -1,3 +1,10 @@ +ntfs-3g (1:2016.2.22AR.1-4) unstable; urgency=high + + * Fix CVE-2017-0358: modprobe influence vulnerability via environment +variables. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Wed, 01 Feb 2017 06:23:28 + + ntfs-3g (1:2016.2.22AR.1-3) unstable; urgency=low * Really fix ELIBBAD errno on kFreeBSD (closes: #821838). diff -Nru ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch --- ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch 1970-01-01 00:00:00.0 + +++ ntfs-3g-2016.2.22AR.1/debian/patches/0003-CVE-2017-0358.patch 2017-02-01 06:23:28.0 + @@ -0,0 +1,36 @@ +--- ntfs-3g/src/lowntfs-3g.c.ref 2016-12-31 08:56:59.011749600 +0100 ntfs-3g/src/lowntfs-3g.c 2017-01-05 14:41:52.041473700 +0100 +@@ -4291,13 +4291,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 1 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, ) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, ); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +--- ntfs-3g/src/ntfs-3g.c.ref 2016-12-31 08:56:59.022518700 +0100 ntfs-3g/src/ntfs-3g.c 2017-01-05 15:45:45.912499400 +0100 +@@ -3885,13 +3885,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 1 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, ) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, ); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); diff -Nru ntfs-3g-2016.2.22AR.1/debian/patches/series ntfs-3g-2016.2.22AR.1/debian/patches/series --- ntfs-3g-2016.2.22AR.1/debian/patches/series 2016-04-20 15:51:16.0 + +++ ntfs-3g-2016.2.22AR.1/debian/patches/series 2017-02-01 06:23:28.0 + @@ -1,2 +1,3 @@ 0001-link-with-gpg-error.patch 0002-kFreeBSD_ELIBBAD.patch +0003-CVE-2017-0358.patch
Bug#853770: unblock: pyro4
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, I don't want to hide that due to my mistake, pyro4 package migrated to Stretch without the selectors34 dependency of python2-pyro4 even packaged. It was only partly fixed with importing the selectors module instead[1] - that fixes the client mode but the multiplexed server still fails (the user have to change to the threadpool variant). I see the following solutions: 1) Drop the python2 variant of Pyro4 and only ship the python3 one (worst case). 2) Allow the packaged selectors34 module[2] to Stretch (not yet uploaded) as it's an one file module. 3) Add the selectors34.py to the pyro4 package, debdiff to the Stretch version is attached. 4) Use the upstream commit not to fail with the import, but inform the user to switch to the threadpool variant with a RuntimeError[3] when using the Python 2 variant. Which solution would be allowed for Stretch? Thanks, Laszlo/GCS [1] https://bugs.debian.org/852245 [2] dget -x http://www.barcikacomp.hu/gcs/selectors34_1.1.0-1.dsc [3] https://github.com/irmen/Pyro4/commit/edfdbb2ce4279d929b306d00ac8fb c6543a0807bdiff -Nru pyro4-4.53/debian/changelog pyro4-4.53/debian/changelog --- pyro4-4.53/debian/changelog 2017-01-06 12:45:50.0 + +++ pyro4-4.53/debian/changelog 2017-01-31 16:56:26.0 + @@ -1,3 +1,20 @@ +pyro4 (4.53-3) unstable; urgency=medium + + * Add selectors34 to Python2 package for proper Python2 compatibility +(closes: #852245). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Tue, 31 Jan 2017 16:56:26 + + +pyro4 (4.53-2) unstable; urgency=medium + + * Rework Python version detection. + * Remove requires.txt from the installed files. + + [ Marcin Kulisz <deb...@kulisz.net> ] + * Fix Python2 compatibility (closes: #852245). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 23 Jan 2017 21:17:56 + + pyro4 (4.53-1) unstable; urgency=low * New upstream release. diff -Nru pyro4-4.53/debian/control pyro4-4.53/debian/control --- pyro4-4.53/debian/control 2017-01-06 12:45:50.0 + +++ pyro4-4.53/debian/control 2017-01-31 16:56:26.0 + @@ -33,7 +33,7 @@ Package: python2-pyro4 Architecture: all -Depends: python2-serpent (>= 1.16), ${misc:Depends}, ${python:Depends} +Depends: python2-serpent (>= 1.16), python-six, ${misc:Depends}, ${python:Depends} Conflicts: python3-pyro4 Replaces: python3-pyro4 Suggests: pyro4-doc, pyro4 diff -Nru pyro4-4.53/debian/copyright pyro4-4.53/debian/copyright --- pyro4-4.53/debian/copyright 2013-07-10 18:22:45.0 + +++ pyro4-4.53/debian/copyright 2017-01-31 16:56:26.0 + @@ -25,6 +25,54 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +Files: debian/selectors34.py +Copyright: Copyright (C) 2015- Berker Peksag <berker.pek...@gmail.com> +License: PSFL-2 + 1. This LICENSE AGREEMENT is between the Python Software Foundation + ("PSF"), and the Individual or Organization ("Licensee") accessing and + otherwise using this software ("Python") in source or binary form and + its associated documentation. + . + 2. Subject to the terms and conditions of this License Agreement, PSF hereby + grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, + analyze, test, perform and/or display publicly, prepare derivative works, + distribute, and otherwise use Python alone or in any derivative version, + provided, however, that PSF's License Agreement and PSF's notice of copyright, + i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, + 2010, 2011 Python Software Foundation; All Rights Reserved" are retained in + Python alone or in any derivative version prepared by Licensee. + . + 3. In the event Licensee prepares a derivative work that is based on + or incorporates Python or any part thereof, and wants to make + the derivative work available to others as provided herein, then + Licensee hereby agrees to include in any such work a brief summary of + the changes made to Python. + . + 4. PSF is making Python available to Licensee on an "AS IS" + basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR + IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND + DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS + FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT + INFRINGE ANY THIRD PARTY RIGHTS. + . + 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON + FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS + A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, + OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. + . + 6. This License Agreement will automatically terminate upon a material + breach of its terms and conditions. + . + 7. Nothing in this License Agreeme
Bug#846613: transition: gflags
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, Small transition of gflags which changed the library name from libgflags2v5 to libgflags2.2 . These are co-installable and the new version is in experimental, built on all release architectures, except mips* (yet). The affected packages are[1]: autofdo ceres-solver gnss-sdr google-glog rocksdb All build fine with the new gflags release as well. Hope this can be done before the Stretch release. Kind regards, Laszlo/GCS [1] https://release.debian.org/transitions/html/auto-gflags.html
Bug#846271: transition: ntfs-3g
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, Mini transition of ntfs-3g which changed the library name from libntfs-3g871 to libntfs-3g872 . These are co-installable and the new version is in experimental, built on all release architectures. The affected packages are[1]: partclone testdisk wimlib All build fine with the new ntfs-3g release as well. Hope this can be done before the Stretch release. Kind regards, Laszlo/GCS [1] https://release.debian.org/transitions/html/auto-ntfs-3g.html
Bug#842816: nmu: syslog-ng_3.7.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, I ask for binNMU of syslog-ng to build with PIE with the new toolchain. Currently it prevents fixing of syslog-ng-incubator[1] as it can't link with one of its libraries. Thanks, Laszlo/GCS nmu syslog-ng_3.7.3-3 . ANY . unstable . -m "Recompile static libraries with PIE" [1] https://bugs.debian.org/839454
Bug#841638: transition: libcrypto++
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to update libcrypto++ from 5.6.4 to 5.6.5; which is a semi-transition. Packages I've tried works with both version, however without binNMUs those will print this: Symbol `_ZTVN8CryptoPP23FilterWithBufferedInputE' has different size in shared object, consider re-linking Symbol `_ZTVN8CryptoPP10HexEncoderE' has different size in shared object, consider re-linking Symbol `_ZTVN8CryptoPP11ProxyFilterE' has different size in shared object, consider re-linking This matches upstream recommendation[1]: "maintenance release, recompile of programs recommended" I know about #841443 [2] and it will be fixed with the new upload. Regards, Laszlo/GCS [1] http://www.cryptopp.com/release565.html [2] https://bugs.debian.org/841443
Bug#836787: jessie-pu: package pypdf2/1.23+git20141008-1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi Release Team, A PyPDF2 user found a DoS, an infinite loop[1]. It has a reproducer even. This affects Jessie as well (the Sid update is just uploaded). Upstream fix is simple[2] and the Security Team noted this as no-dsa, but can be updated via a Jessie PU. Proposed patch is attached. Thanks for considering, Laszlo/GCS [1] https://github.com/mstamy2/PyPDF2/issues/184 [2] https://github.com/mstamy2/PyPDF2/commit/4fc7f9d14adb2a9b890aea2616955ec54229f48cdiff -Nru pypdf2-1.23+git20141008/debian/changelog pypdf2-1.23+git20141008/debian/changelog --- pypdf2-1.23+git20141008/debian/changelog 2014-10-25 21:00:12.0 + +++ pypdf2-1.23+git20141008/debian/changelog 2016-09-05 17:50:32.0 + @@ -1,3 +1,10 @@ +pypdf2 (1.23+git20141008-1+deb8u1) jessie; urgency=medium + + * Backport fix 'prevent infinite loop in readObject() function' to prevent +DoS from upstream Git tree. + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 05 Sep 2016 17:46:41 + + pypdf2 (1.23+git20141008-1) unstable; urgency=low * Upstream snapshot with various bug fixes. diff -Nru pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch --- pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch 1970-01-01 00:00:00.0 + +++ pypdf2-1.23+git20141008/debian/patches/Prevent_infinite_loop_in_readObject.patch 2016-09-05 17:49:22.0 + @@ -0,0 +1,25 @@ +From 48193975e5a0e48ebbb68217f8533ad2bfbdede2 Mon Sep 17 00:00:00 2001 +From: Henri Salo <henri.s...@nixu.com> +Date: Tue, 18 Aug 2015 13:42:22 +0300 +Subject: [PATCH] Prevent infinite loop in readObject() function. Patch by + dhudson1. Closes mstamy2/PyPDF2#184 + +--- + PyPDF2/generic.py | 4 + 1 file changed, 4 insertions(+) + +diff --git a/PyPDF2/generic.py b/PyPDF2/generic.py +index df1e028..657612a 100644 +--- a/PyPDF2/generic.py b/PyPDF2/generic.py +@@ -82,6 +82,10 @@ def readObject(stream, pdf): + # comment + while tok not in (b_('\r'), b_('\n')): + tok = stream.read(1) ++# Prevents an infinite loop by raising an error if the stream is at ++# the EOF ++if len(tok) <= 0: ++raise PdfStreamError("File ended unexpectedly.") + tok = readNonWhitespace(stream) + stream.seek(-1, 1) + return readObject(stream, pdf) diff -Nru pypdf2-1.23+git20141008/debian/patches/series pypdf2-1.23+git20141008/debian/patches/series --- pypdf2-1.23+git20141008/debian/patches/series 1970-01-01 00:00:00.0 + +++ pypdf2-1.23+git20141008/debian/patches/series 2016-09-05 17:50:00.0 + @@ -0,0 +1 @@ +Prevent_infinite_loop_in_readObject.patch
Bug#836010: nmu: libodb_2.4.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, odb depends on GCC plugin loading. Uploaded a new package version, which started to use GCC 6.2 as it's being the default compiler. Previously it used GCC 5.1 and to prevent any problems, libodb* need a rebuild with GCC 6 as well. First libodb itself (if I'm correct with the syntax of britney): nmu libodb_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6" When it's done, the following packages need to be rebuilt as well: nmu libodb-boost_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6" nmu libodb-mysql_2.4.0-2 . ANY . unstable . -m "Rebuild with GCC 6" nmu libodb-pgsql_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6" nmu libodb-qt_2.4.0-2 . ANY . unstable . -m "Rebuild with GCC 6" nmu libodb-sqlite_2.4.0-1 . ANY . unstable . -m "Rebuild with GCC 6" Thanks, Laszlo/GCS
Bug#835444: jessie-pu: package ovirt-guest-agent/1.0.10.2.dfsg-2+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi Release Team, There are two stupid bugs in ovirt-guest-agent which affects Jessie. Both fixed in Sid + Stretch. First is that its daemon is not started with the initscript[1]. Reason is: it checks for executable bit on the daemon, but it's installed without that. chmod a+x added to d/rules. Second is that the logging is not working if daemon is started with systemd as its log directory is not owned by the ovirtagent user[2]. To be extra safe, the chown was added to postinst. Proposed patch is attached. Thanks for considering, Laszlo/GCS [1] http://bugs.debian.org/782005 [2] http://bugs.debian.org/811481diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog --- ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog 2015-02-14 11:33:40.0 + +++ ovirt-guest-agent-1.0.10.2.dfsg/debian/changelog 2016-08-20 10:34:30.0 + @@ -1,3 +1,10 @@ +ovirt-guest-agent (1.0.10.2.dfsg-2+deb8u1) jessie; urgency=medium + + * Install ovirt-guest-agent.py executable (closes: #782005). + * Change owner of log directory to ovirtagent in postinst (closes: #811481). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Sat, 20 Aug 2016 10:34:30 + + ovirt-guest-agent (1.0.10.2.dfsg-2) unstable; urgency=low * Rework useradd logic not to fail if gid 175 already present diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst --- ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst 2015-02-14 09:57:18.0 + +++ ovirt-guest-agent-1.0.10.2.dfsg/debian/postinst 2016-08-20 10:34:30.0 + @@ -12,4 +12,8 @@ udevadm settle fi +chown ovirtagent:ovirtagent /var/log/ovirt-guest-agent +[ -f /var/log/ovirt-guest-agent/ovirt-guest-agent.log ] && \ +chown ovirtagent:ovirtagent /var/log/ovirt-guest-agent/ovirt-guest-agent.log + #DEBHELPER# diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/debian/rules ovirt-guest-agent-1.0.10.2.dfsg/debian/rules --- ovirt-guest-agent-1.0.10.2.dfsg/debian/rules 2014-08-10 17:37:53.0 + +++ ovirt-guest-agent-1.0.10.2.dfsg/debian/rules 2016-08-20 10:34:30.0 + @@ -8,13 +8,20 @@ export DH_OPTIONS #DEB_DH_INSTALLINIT_ARGS := --upstart-only +PKGDIR=$(CURDIR)/debian/ovirt-guest-agent + override_dh_auto_configure: dh_auto_configure -- --without-sso +override_dh_auto_install: + dh_auto_install + chmod a+x $(PKGDIR)/usr/share/ovirt-guest-agent/ovirt-guest-agent.py + override_dh_installudev: dh_installudev --priority 55 %: dh $@ --with autoreconf,python2 -.PHONY: override_dh_auto_configure override_dh_installudev +.PHONY: override_dh_auto_configure override_dh_auto_install \ + override_dh_installudev
Bug#835443: jessie-pu: package sqlite3/3.8.7.1-1+deb8u2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi Release Team, There's a vulnerability in SQLite3 [1] which was fixed in Sid and Stretch, but not yet in Jessie. Security Team decided it's a minor issue and doesn't warrant a DSA. An other issue, a segfault is fixed as well on heavy 'SAVEPOINT' usage[2][3], which affects Django. Proposed patch is attached. Thanks for considering, Laszlo/GCS [1] https://security-tracker.debian.org/tracker/CVE-2016-6153 [2] http://bugs.debian.org/835205 [3] https://www.sqlite.org/src/info/c4b9c611diff -Nru sqlite3-3.8.7.1/debian/changelog sqlite3-3.8.7.1/debian/changelog --- sqlite3-3.8.7.1/debian/changelog 2015-05-02 07:59:48.0 + +++ sqlite3-3.8.7.1/debian/changelog 2016-08-25 16:10:24.0 + @@ -1,3 +1,11 @@ +sqlite3 (3.8.7.1-1+deb8u2) jessie; urgency=medium + + * Fix CVE-2016-6153 , Tempdir Selection Vulnerability. + * Backport fix for segfault following heavy SAVEPOINT usage +(closes: #835205). + + -- Laszlo Boszormenyi (GCS) <g...@debian.org> Thu, 25 Aug 2016 16:10:24 + + sqlite3 (3.8.7.1-1+deb8u1) jessie-security; urgency=high * Fix CVE-2015-3414 , use of uninitialized memory when parsing collation diff -Nru sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch --- sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.8.7.1/debian/patches/45-CVE-2016-6153_part1.patch 2016-08-25 16:10:24.0 + @@ -0,0 +1,31 @@ +Index: sqlite3/src/os_unix.c +== +--- sqlite3/src/os_unix.c sqlite3/src/os_unix.c +@@ -5423,10 +5423,10 @@ static const char *unixTempFileDir(void) + if( zDir==0 ) continue; + if( osStat(zDir, ) ) continue; + if( !S_ISDIR(buf.st_mode) ) continue; +-if( osAccess(zDir, 07) ) continue; +-break; ++if( osAccess(zDir, 03) ) continue; ++return zDir; + } +- return zDir; ++ return 0; + } + + /* +@@ -5446,10 +5446,11 @@ static int unixGetTempname(int nBuf, cha + ** using the io-error infrastructure to test that SQLite handles this + ** function failing. + */ ++ zBuf[0] = 0; + SimulateIOError( return SQLITE_IOERR ); + + zDir = unixTempFileDir(); +- if( zDir==0 ) zDir = "."; ++ if( zDir==0 ) return SQLITE_IOERR_GETTEMPPATH; + + /* Check that the output buffer is large enough for the temporary file + ** name. If it is not, return SQLITE_ERROR. diff -Nru sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch --- sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.8.7.1/debian/patches/46-CVE-2016-6153_part2.patch 2016-08-25 16:10:24.0 + @@ -0,0 +1,13 @@ +Index: sqlite3/src/os_unix.c +== +--- sqlite3/src/os_unix.c sqlite3/src/os_unix.c +@@ -5419,7 +5419,7 @@ static const char *unixTempFileDir(void) + azDirs[0] = sqlite3_temp_directory; + if( !azDirs[1] ) azDirs[1] = getenv("SQLITE_TMPDIR"); + if( !azDirs[2] ) azDirs[2] = getenv("TMPDIR"); +- for(i=0; i<sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){ ++ for(i=0; i<=sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){ + if( zDir==0 ) continue; + if( osStat(zDir, ) ) continue; + if( !S_ISDIR(buf.st_mode) ) continue; diff -Nru sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch --- sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch 1970-01-01 00:00:00.0 + +++ sqlite3-3.8.7.1/debian/patches/47-CVE-2016-6153_part3.patch 2016-08-25 16:10:24.0 + @@ -0,0 +1,35 @@ +Index: sqlite3/src/os_unix.c +== +--- sqlite3/src/os_unix.c sqlite3/src/os_unix.c +@@ -5412,19 +5412,23 @@ static const char *unixTempFileDir(void) + "/tmp", + 0/* List terminator */ + }; +- unsigned int i; ++ unsigned int i = 0; + struct stat buf; + const char *zDir = 0; + + azDirs[0] = sqlite3_temp_directory; + if( !azDirs[1] ) azDirs[1] = getenv("SQLITE_TMPDIR"); + if( !azDirs[2] ) azDirs[2] = getenv("TMPDIR"); +- for(i=0; i<=sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){ +-if( zDir==0 ) continue; +-if( osStat(zDir, ) ) continue; +-if( !S_ISDIR(buf.st_mode) ) continue; +-if( osAccess(zDir, 03) ) continue; +-return zDir; ++ while(1){ ++if( zDir!=0 ++ && osStat(zDir, )==0 ++ && S_ISDIR(buf.st_mode) ++ && osAccess(zDir, 03)==0 ++){ ++ return zDir; ++} ++if( i>=sizeof(azDirs)/sizeof(azDirs[0]) ) break; ++zDir = azDirs[i++]; +
Bug#821440: transition: ntfs-3g
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition ntfs-3g previously used a virtual library[1] that caused problems with packages depending on it. I've created a normal, binNMU safe library package which currently sits in experimental. Tested the affected packages: - partclone - testdisk - wimlib All three build fine and seem to be correct with the new ntfs-3g package. May I upload the it with the new upstream release to Sid? Mentioned packages will need to be binNMUed. Cheers, Laszlo/GCS [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=79
Bug#819530: transition: icu
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition ICU has a new major upstream release, supporting several new things that I would like to see in Stretch: - CLDR[1] 28 [2] and 29 [3] support, - Unicode 8.0.0 [4] support. As it affects the system from Boost C++ libraries (several packages build depends on it) to LibreOffice, it's not uploaded to experimental even. But my local build tests on amd64 shows that Boost 1.58 could be built and transiently some packages that build depends on Boost. The biggest one is LibreOffice which could be built of course. In short, I compiled ICU 57.1 and installed it -> compiled and installed Boost 1.58 -> successfully compiled LibreOffice 5.1.2~RC1. May I proceed with the upload, targeting experimental first? Regards, Laszlo/GCS [1] http://cldr.unicode.org/index [2] http://cldr.unicode.org/index/downloads/cldr-28 [3] http://cldr.unicode.org/index/downloads/cldr-29 [4] http://www.unicode.org/versions/Unicode8.0.0/#Summary
Bug#819529: transition: libcrypto++
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to do the libcrypto++ 5.6.1 to 5.6.3 transition. The latter is already in experimental. Affected package maintainers are noted, waiting for feedback. For the time being, I've rebuilt all affected packages on amd64: amule armory clementine murasaki pycryptopp synergy tegrarcm (non-free) All built successfully and as the libcrypto++ libraries are co-installable, binNMUs can be enough. Cheers, Laszlo/GCS
Bug#819528: transition: angular.js
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I don't know if the Release Team follows JavaScript library transitions or not. But I think it's better to be aware of angular.js (libjs-angularjs) 1.3 (in Sid) to 1.5 (in experimental) transition. I have noted the affected package maintainers. Giving links on the migration issues[1][2]. The packages that may need update: glances grafana-data node-sprintf-js nqp owncloud-music owncloud-tasks The owncloud modules may not be relevant as owncloud is going to be removed from the archive. Reason is that upstream gone hostile[3] and don't want the software in distributions. Regards, Laszlo/GCS [1] https://docs.angularjs.org/guide/migration#migrating-from-1-3-to-1- 4 [2] https://docs.angularjs.org/guide/migration#migrating-from-1-4-to-1- 5 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816376
Bug#815260: transition: libpgm
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition A small transition of libpgm, its soname changed from 5.1 to 5.2 which is already in experimental. Affected packages are: libxs zeromq zeromq3 Library packages are co-installable and can be a smooth transition. However libxs and zeromq need sourceful uploads. The latter is not a problem as I'm its maintainer. The former, libxs package seems to be an abandoned one. Upstream no longer exists, last maintainer upload[1] was in 2012 and NMUed in 2013. The zeromq{,3} uploads will be handled by me. Of course, I can further NMU libxs if needed or provide patch for maintainer upload. Cheers, Laszlo/GCS [1] https://packages.qa.debian.org/libx/libxs/news/20120613T174733Z.htm l
Bug#811207: transition: libcutl
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Mini-transition of libcutl. It has 1.8 soname in Sid and 1.9 in experimental, but I plan to upload soname 1.10 version. May I upload it directly to Sid or should I target experimental first? The only affected binary is odb which can be binNMUed. Libraries are co-installable. Ben file: title = "libcutl; is_affected = .depends ~ "libcutl-1.8" | .depends ~ "libcutl-1.9" | .depends ~ "libcutl-1.10"; is_good = .depends ~ "libcutl-1.10"; is_bad = .depends ~ "libcutl-1.8" | .depends ~ "libcutl-1.9";
Bug#773864: pre-approval: unblock: python-greenlet/0.4.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Package python-greenlet FTBFS on ARM architectures, but it's part of Jessie. Then upstream fixed the build failure[1][2] and released it in version 0.4.5 that didn't make it to testing. Then Ubuntu backported those fixes for Utopic[3]. I did the same, used the fixes for 0.4.2 and asked an other DD, Bálint Réczey to confirm it. Indeed, he says[4] the fixes are working correctly. Please let me upload 0.4.2-2 to t-p-u, debdiff is attached. Thanks, Laszlo/GCS unblock python-greenlet/0.4.2-2 [1] https://github.com/python-greenlet/greenlet/commit/c1437e3677b8f2489e9dab3215eedb58590443c8 [2] https://github.com/python-greenlet/greenlet/commit/f90dbe4c24a9aed261a5fa9f66fb95ebdb8f21cc [3] http://patches.ubuntu.com/p/python-greenlet/python-greenlet_0.4.2-1ubuntu1.patch [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751498#63 diff -Nru python-greenlet-0.4.2/debian/changelog python-greenlet-0.4.2/debian/changelog --- python-greenlet-0.4.2/debian/changelog 2014-02-01 12:34:37.0 +0100 +++ python-greenlet-0.4.2/debian/changelog 2014-12-22 08:48:28.0 +0100 @@ -1,3 +1,12 @@ +python-greenlet (0.4.2-2) testing-proposed-updates; urgency=medium + + [ Robie Basak robie.ba...@ubuntu.com ] + * d/p/arm32-{always-use-frame-pointer,unoptimize-return-value}: adjust +armhf-specific platform code to fix armhf FTBFS (closes: #751498); +cherry-picked from upstream (LP: #1379297). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Mon, 22 Dec 2014 07:42:41 + + python-greenlet (0.4.2-1) unstable; urgency=low * New upstream release. diff -Nru python-greenlet-0.4.2/debian/patches/arm32-always-use-frame-pointer python-greenlet-0.4.2/debian/patches/arm32-always-use-frame-pointer --- python-greenlet-0.4.2/debian/patches/arm32-always-use-frame-pointer 1970-01-01 01:00:00.0 +0100 +++ python-greenlet-0.4.2/debian/patches/arm32-always-use-frame-pointer 2014-12-22 08:46:22.0 +0100 @@ -0,0 +1,34 @@ +From: Robie Basak robie.ba...@canonical.com +Date: Tue, 14 Oct 2014 13:07:59 +0100 +Subject: [PATCH] arm32: make sure gcc uses a frame pointer + +This code assumes that there is a frame pointer. When gcc doesn't use a +frame pointer here and __thumb__ is defined, then the code clobbers r7 +without declaring it to the compiler. If the compiler uses r7 for +something else, then this causes arbitrary failures, depending on what +the optimizer did. + +To work around this, tell gcc to always use a frame pointer. + +Bug: https://github.com/python-greenlet/greenlet/pull/64 +Origin: upstream, https://github.com/python-greenlet/greenlet/commit/c1437e3677b8f2489e9dab3215eedb58590443c8 +Last-Update: 2014-10-15 + +--- + platform/switch_arm32_gcc.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/platform/switch_arm32_gcc.h b/platform/switch_arm32_gcc.h +index c6e160d..f74b2bb 100644 +--- a/platform/switch_arm32_gcc.h b/platform/switch_arm32_gcc.h +@@ -50,6 +50,9 @@ + #endif + + static int ++#ifdef __GNUC__ ++__attribute__((optimize(no-omit-frame-pointer))) ++#endif + slp_switch(void) + { + void *fp; diff -Nru python-greenlet-0.4.2/debian/patches/arm32-unoptimize-return-value python-greenlet-0.4.2/debian/patches/arm32-unoptimize-return-value --- python-greenlet-0.4.2/debian/patches/arm32-unoptimize-return-value 1970-01-01 01:00:00.0 +0100 +++ python-greenlet-0.4.2/debian/patches/arm32-unoptimize-return-value 2014-12-22 08:46:22.0 +0100 @@ -0,0 +1,68 @@ +From 505c91a68aaf5ab56325affd4d8581b32b649cf4 Mon Sep 17 00:00:00 2001 +From: Robie Basak robie.ba...@canonical.com +Date: Tue, 14 Oct 2014 13:16:22 +0100 +Subject: [PATCH] arm32: force return value from asm + +In my case, instead of a simple mov r0, #0, the optimizer had done +this: + +Between calls to slp_save_state and slp_restore_state, it saved the +value now guaranteed to be 0 using str r0, [r7]. + +Now, at the end, it restores that value into r0 using ldr r3, [r7] +and then mov r0, r3. + +It isn't clear to me that intermediate values managed by the compiler, +like this one at [r7], would be preserved in the stack this way, +especially as at this point we're in a different stack (unknown to the +optimizer). + +Instead, prevent the optimizer from re-using a previous result like this +by forcing it to rely on the inline assembly to produce the result. + +This fixes test failures on Ubuntu Utopic using gcc 4.9.1 (-5ubuntu1). + +I think even this is still a hack though, and not guaranteed to work. +Ultimately, gcc can even re-order the __asm__ volatile functions at +will around the entire function, or just wrap each REGS_TO_SAVE +clobbering call with a simple push/pop, thus not preserving the +registers between stack switches. + +The only way I can see of doing this without relying on undefined +compiler behaviour is to write the entire slp_switch function in +assembly
Bug#773093: unblock: python-gevent/1.0.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock python-gevent which fixes #770616 [1]. It's a FTBFS due to the SSLv3 removal and the solution is to use the v2 fallback. Debdiff is attached. Thanks, Laszlo/GCS unblock python-gevent/1.0.1-2 [1] https://bugs.debian.org/770616 diff -Nru python-gevent-1.0.1/debian/changelog python-gevent-1.0.1/debian/changelog --- python-gevent-1.0.1/debian/changelog 2014-10-09 18:18:32.0 + +++ python-gevent-1.0.1/debian/changelog 2014-12-13 06:03:37.0 + @@ -1,3 +1,12 @@ +python-gevent (1.0.1-2) unstable; urgency=medium + + * Add dh-python to Build-Depends. + + [ Jan Gerber j...@mailb.org ] + * Use PROTOCOL_SSLv23 instead of PROTOCOL_SSLv3 (closes: #770616). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Sat, 13 Dec 2014 05:54:50 + + python-gevent (1.0.1-1) unstable; urgency=low * New upstream release, fixes thread switch detection (closes: #694750). diff -Nru python-gevent-1.0.1/debian/control python-gevent-1.0.1/debian/control --- python-gevent-1.0.1/debian/control 2014-10-08 17:23:45.0 + +++ python-gevent-1.0.1/debian/control 2014-12-13 01:24:25.0 + @@ -1,7 +1,7 @@ Source: python-gevent Priority: extra Maintainer: Laszlo Boszormenyi (GCS) g...@debian.org -Build-Depends: debhelper (= 9), autotools-dev, python-all-dev, +Build-Depends: debhelper (= 9), dh-python, autotools-dev, python-all-dev, libevent-dev (= 1.4), python-greenlet | python-codespeak-lib ( 1.0), python-sphinx (= 1.0.7+dfsg), python-all-dbg Standards-Version: 3.9.6 diff -Nru python-gevent-1.0.1/debian/patches/nossl3.patch python-gevent-1.0.1/debian/patches/nossl3.patch --- python-gevent-1.0.1/debian/patches/nossl3.patch 1970-01-01 00:00:00.0 + +++ python-gevent-1.0.1/debian/patches/nossl3.patch 2014-12-13 01:30:10.0 + @@ -0,0 +1,152 @@ +diff a/gevent/ssl.py b/gevent/ssl.py +--- a/gevent/ssl.py b/gevent/ssl.py +@@ -382,7 +382,7 @@ def wrap_socket(sock, keyfile=None, certfile=None, + ciphers=ciphers) + + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff a/greentest/2.6/test_ssl.py b/greentest/2.6/test_ssl.py +--- a/greentest/2.6/test_ssl.py b/greentest/2.6/test_ssl.py +@@ -60,7 +60,6 @@ class BasicTests(unittest.TestCase): + def test_constants(self): + ssl.PROTOCOL_SSLv2 + ssl.PROTOCOL_SSLv23 +-ssl.PROTOCOL_SSLv3 + ssl.PROTOCOL_TLSv1 + ssl.CERT_NONE + ssl.CERT_OPTIONAL +@@ -839,7 +838,7 @@ else: + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True) +-try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False) ++try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False) + try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False) + + def test_protocol_sslv23(self): +@@ -856,15 +855,12 @@ else: + sys.stdout.write( + SSL2 client to SSL23 server test unexpectedly failed:\n %s\n + % str(x)) +-try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True) + +-try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) + +-try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED) + try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) + +@@ -874,12 +870,11 @@ else: + sys.stdout.write(\ntest_protocol_sslv3 disabled, + as it fails on OpenSSL 1.0.0+) + return +-try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True) +-try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) +-try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED
Bug#772566: unblock: sqlite3/3.8.7.2-1
-3.8.7.1/debian/changelog sqlite3-3.8.7.2/debian/changelog --- sqlite3-3.8.7.1/debian/changelog 2014-11-06 16:25:11.0 + +++ sqlite3-3.8.7.2/debian/changelog 2014-12-02 14:29:41.0 + @@ -1,3 +1,9 @@ +sqlite3 (3.8.7.2-1) unstable; urgency=medium + + * New upstream bugfix release. + + -- Laszlo Boszormenyi (GCS) g...@debian.org Tue, 02 Dec 2014 14:28:59 + + sqlite3 (3.8.7.1-1) unstable; urgency=medium * New upstream bugfix release. diff -Nur sqlite3-3.8.7.1/manifest sqlite3-3.8.7.2/manifest --- sqlite3-3.8.7.1/manifest 2014-10-29 21:13:32.0 + +++ sqlite3-3.8.7.2/manifest 2014-11-19 14:10:06.0 + @@ -1,12 +1,12 @@ -C Version\s3.8.7.1 -D 2014-10-29T13:59:56.070 +C Version\s3.8.7.2. +D 2014-11-18T20:57:56.794 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 F Makefile.msc e31dee24038965fb6269d6d61073fd6b7e331dec F Makefile.vxworks 034289efa9d591b04b1a73598623119c306cbba0 F README.md 64f270c43c38c46de749e419c22f0ae2f4499fe8 -F VERSION 5cc0baaee73238f0f7b5871398d17f79d0cd +F VERSION 3978bf46d1599bc324ae171a99c4e8fca7481822 F aclocal.m4 a5c22d164aff7ed549d53a90fa56d56955281f50 F addopcodes.awk 9eb448a552d5c0185cf62c463f9c173cedae3811 F art/sqlite370.eps aa97a671332b432a54e1d74ff5e8775be34200c2 @@ -38,7 +38,7 @@ F config.guess 226d9a188c6196f3033ffc651cbc9dcee1a42977 F config.h.in 0921066a13130082764ab4ab6456f7b5bebe56de F config.sub 9ebe4c3b3dab6431ece34f16828b594fb420da55 -F configure 56fe985cf0e59cd594f9b929099d0be40260e667 x +F configure 135207dac9b9ff35a91cdb17871322c26fa5de73 x F configure.ac 4cf9f60785143fa141b10962ccc885d973792e9a F contrib/sqlitecon.tcl 210a913ad63f9f991070821e599d600bd913e0ad F doc/lemon.html 334dbf6621b8fb8790297ec1abf3cfa4621709d1 @@ -169,19 +169,19 @@ F src/analyze.c 8c322e1ecc08909526dbd5ab4421889d05f2263d F src/attach.c f4e94df2d1826feda65eb0939f7f6f5f923a0ad9 F src/auth.c d8abcde53426275dab6243b441256fcd8ccbebb2 -F src/backup.c a31809c65623cc41849b94d368917f8bb66e6a7e +F src/backup.c 8cdfeb0c8a6d8bdad3faefae418eb3dc767051b6 F src/bitvec.c 19a4ba637bd85f8f63fc8c9bae5ade9fb05ec1cb F src/btmutex.c 49ca66250c7dfa844a4d4cb8272b87420d27d3a5 -F src/btree.c 1b1123cba0c65caa0baa51e71b8c089e3167c3ed -F src/btree.h a79aa6a71e7f1055f01052b7f821bd1c2dce95c8 -F src/btreeInt.h 026d0129724e8f265fdc60d44ec240cf5a4e6179 +F src/btree.c c961588f01bd95d37b90359220c640f9763a3f58 +F src/btree.h a4afc6b06f5a1dd2076d15aa168baec44fc0121b +F src/btreeInt.h 3363e18fd76f69a27a870b25221b2345b3fd4d21 F src/build.c 9dc2bd94347b878c89627000c92b0c8d97ec2919 F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0 F src/complete.c 535183afb3c75628b78ce82612931ac7cdf26f14 F src/ctime.c bb434068b5308a857b181c2d204a320ff0d6c638 F src/date.c 57a7f9ba9f6b4d5268f5e411739066a611f99036 F src/delete.c 0750b1eb4d96cd3fb2c798599a3a7c85e92f1417 -F src/expr.c fc204d08af06437ddaffe5a1b1f1f6f9e1a55d6d +F src/expr.c 1891cb50510a31e96de8a54579e7d3aef60f0094 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c da985ae673efef2c712caef825a5d2edb087ead7 F src/func.c ba47c1671ab3cfdafa6e9d6ee490939ea578adee @@ -194,7 +194,7 @@ F src/legacy.c ba1863ea58c4c840335a84ec276fc2b25e22bc4e F src/lempar.c 7274c97d24bb46631e504332ccd3bd1b37841770 F src/loadext.c de741e66e5ddc1598d904d7289239696e40ed994 -F src/main.c bbe872b0ac0007bed0ebe1936fc493b039ad4f51 +F src/main.c 1bdabb62205af168498a17460bdb7533b2a4a915 F src/malloc.c 3c3ac67969612493d435e14b6832793209afd2ec F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645 F src/mem1.c faf615aafd8be74a71494dfa027c113ea5c6615f @@ -223,7 +223,7 @@ F src/pcache1.c e412cb585f777c840ddce0500eddc5c6043c2bb5 F src/pragma.c 3f3e959390a10c0131676f0e307acce372777e0f F src/prepare.c 6ef0cf2f9274982988ed6b7cab1be23147e94196 -F src/printf.c 090fac0f779c93c8a95089a125339686648835e4 +F src/printf.c d83b573624f3f6bc12b800af7fd55ce90be70659 F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece F src/resolve.c a3466128b52a86c466e47ac1a19e2174f7b5cf89 F src/rowset.c eccf6af6d620aaa4579bd3b72c1b6395d9e9fa1e @@ -232,7 +232,7 @@ F src/sqlite.h.in 4a5e5158c189d2bcd45c7c4607c2c0eb6d25c153 F src/sqlite3.rc 992c9f5fb8285ae285d6be28240a7e8d3a7f2bad F src/sqlite3ext.h 17d487c3c91b0b8c584a32fbeb393f6f795eea7d -F src/sqliteInt.h f7812f74f2d0c6041ef6b91a99c5a45f775dd408 +F src/sqliteInt.h c97db3c4d20b34c050a801c93451ef18e4f22de1 F src/sqliteLimit.h 164b0e6749d31e0daa1a4589a169d31c0dec7b3d F src/status.c 961d5926e5a8fda611d385ec22c226b8635cd1cb F src/table.c 2e99ef7ef16187e17033d9398dc962ce22dab5cb @@ -289,7 +289,7 @@ F src/utf.c fc6b889ba0779b7722634cdeaa25f1930d93820c F src/util.c 4006c01772bd8d8ac4306d523bbcee41d3e392d8 F src/vacuum.c 59f03f92bcff57faa6a8ca256eb29ccddfb0614a -F src/vdbe.c 5a1afb571853ddb911d698ac996bc4fd8ddf1eed +F src/vdbe.c
Bug#772482: unblock: dmraid/1.0.0.rc16-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, dmraid was orphaned and as at some places I still need it, I've adopted it. Corrected some spelling mistakes. Please consider its acceptance. Debdiff is attached. Thanks, Laszlo/GCS unblock dmraid/1.0.0.rc16-6 diff -u dmraid-1.0.0.rc16/debian/changelog dmraid-1.0.0.rc16/debian/changelog --- dmraid-1.0.0.rc16/debian/changelog +++ dmraid-1.0.0.rc16/debian/changelog @@ -1,3 +1,12 @@ +dmraid (1.0.0.rc16-6) unstable; urgency=low + + * New maintainer (closes: #613706). + + [ Simon Ward si...@bleah.co.uk ] + * Fix manpage typos (closes: #525252). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Thu, 04 Dec 2014 20:44:01 + + dmraid (1.0.0.rc16-5) unstable; urgency=low * QA upload. diff -u dmraid-1.0.0.rc16/debian/control dmraid-1.0.0.rc16/debian/control --- dmraid-1.0.0.rc16/debian/control +++ dmraid-1.0.0.rc16/debian/control @@ -1,7 +1,7 @@ Source: dmraid Section: admin Priority: optional -Maintainer: Debian QA Group packa...@qa.debian.org +Maintainer: Laszlo Boszormenyi (GCS) g...@debian.org Standards-Version: 3.9.5 Build-Depends: debhelper (= 9), libdevmapper-dev, libklibc-dev, libselinux1-dev, quilt (= 0.40), autotools-dev Vcs-git: git://git.debian.org/git/users/derevko-guest/dmraid.git diff -u dmraid-1.0.0.rc16/debian/patches/series dmraid-1.0.0.rc16/debian/patches/series --- dmraid-1.0.0.rc16/debian/patches/series +++ dmraid-1.0.0.rc16/debian/patches/series @@ -12,0 +13 @@ +21_fix_man_page_typos.patch only in patch2: unchanged: --- dmraid-1.0.0.rc16.orig/debian/patches/21_fix_man_page_typos.patch +++ dmraid-1.0.0.rc16/debian/patches/21_fix_man_page_typos.patch @@ -0,0 +1,48 @@ +diff -Nur dmraid.orig/1.0.0.rc16/man/dmraid.8 dmraid/1.0.0.rc16/man/dmraid.8 +--- dmraid.orig/1.0.0.rc16/man/dmraid.8 2014-12-04 21:19:56.475626165 + dmraid/1.0.0.rc16/man/dmraid.8 2014-12-04 21:22:12.843459188 + +@@ -115,7 +115,7 @@ + .B -Z + will make dmraid tell the kernel to remove the partitions from the disks + underlying the set, ie if sda is part of the set, remove sda1, sda2, etc. +-This prevents applications from directly accessiong the disks bypassing dmraid. ++This prevents applications from directly accessing the disks bypassing dmraid. + RAID set names given on command line don't need to be fully specified + (eg, dmraid \-ay sil would activate all discovered Silicon Image Medley + RAID sets). +@@ -135,7 +135,7 @@ + + .TP + .I [\-d|--debug]... +-Enable debugging output. Opion can be given multiple times ++Enable debugging output. Option can be given multiple times + increasing the debug output level. + + .TP +@@ -165,7 +165,7 @@ + .B -l + for a list of supported format handler names. This is useful to + select particular formats in case multiple metadata signatures are found +-on a device. A comma seperated list of format names can be specified which ++on a device. A comma separated list of format names can be specified which + may not contain white space. + + .TP +@@ -183,7 +183,7 @@ + descriptions. Supported RAID levels are listed in parenthesis: + .br + +-S: Span (concatination) ++S: Span (concatenation) + .br + 0: RAID0 (stripe) + .br +@@ -373,7 +373,7 @@ + + .TP + .I [-v|--verbose]... +-Enable verbose runtime information output. Opion can be given multiple times ++Enable verbose runtime information output. Option can be given multiple times + increasing the verbosity level. + + .SH EXAMPLES signature.asc Description: This is a digitally signed message part
Bug#772046: unblock: tcplay/1.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock the recent upload of tcplay as it fixes a data corruption bug[1] on 4k sector drives. Upstream commit[2] is backported to the 1.1 release. Debdiff is attached. Thanks, Laszlo/GCS unblock tcplay/1.1-2 [1] https://bugs.debian.org/771719 [2] https://github.com/bwalex/tc-play/commit/cf654c225a06d661c2c4a4996206a62464c9484f diff -Nru tcplay-1.1/debian/changelog tcplay-1.1/debian/changelog --- tcplay-1.1/debian/changelog 2013-09-01 09:40:44.0 + +++ tcplay-1.1/debian/changelog 2014-12-03 06:55:21.0 + @@ -1,3 +1,11 @@ +tcplay (1.1-2) unstable; urgency=high + + * Backport upstream fix to prevent data loss on 4k sector drives +(closes: #771719). + * Update Standards-Version to 3.9.6 . + + -- Laszlo Boszormenyi (GCS) g...@debian.org Mon, 01 Dec 2014 21:40:29 + + tcplay (1.1-1) unstable; urgency=low * New upstream release (closes: #719836). diff -Nru tcplay-1.1/debian/control tcplay-1.1/debian/control --- tcplay-1.1/debian/control 2013-09-01 10:01:37.0 + +++ tcplay-1.1/debian/control 2014-12-01 21:49:50.0 + @@ -3,7 +3,7 @@ Priority: optional Maintainer: Laszlo Boszormenyi (GCS) g...@debian.org Build-Depends: debhelper (= 9), dpkg-dev (= 1.16.1~), cmake, pkg-config, libdevmapper-dev, libudev-dev, uuid-dev, libgcrypt11-dev -Standards-Version: 3.9.4 +Standards-Version: 3.9.6 Homepage: https://github.com/bwalex/tc-play Package: tcplay diff -Nru tcplay-1.1/debian/patches/cf654c225a06d661c2c4a4996206a62464c9484f.patch tcplay-1.1/debian/patches/cf654c225a06d661c2c4a4996206a62464c9484f.patch --- tcplay-1.1/debian/patches/cf654c225a06d661c2c4a4996206a62464c9484f.patch 1970-01-01 00:00:00.0 + +++ tcplay-1.1/debian/patches/cf654c225a06d661c2c4a4996206a62464c9484f.patch 2014-12-01 21:54:06.0 + @@ -0,0 +1,383 @@ +From cf654c225a06d661c2c4a4996206a62464c9484f Mon Sep 17 00:00:00 2001 +From: Alex Hornung a...@alexhornung.com +Date: Mon, 11 Nov 2013 20:57:28 + +Subject: [PATCH] (hopefully) fix mapping for 4k sector size disks and volumes + + * while on it, also add a unit (sectors) to block and iv offset + when printed. + +Fixes #45 +--- + +--- tcplay-1.1.orig/tcplay.c tcplay-1.1/tcplay.c +@@ -342,8 +342,10 @@ print_info(struct tcplay_info *info) + printf(Vol Flags:\t\t%d\n, info-volflags); + #endif + +- printf(IV offset:\t\t%PRIu64\n, (uint64_t)info-skip); +- printf(Block offset:\t\t%PRIu64\n, (uint64_t)info-offset); ++ printf(IV offset:\t\t%PRIu64 sectors\n, ++ (uint64_t)info-skip); ++ printf(Block offset:\t\t%PRIu64 sectors\n, ++ (uint64_t)info-offset); + } + + static +@@ -368,6 +370,7 @@ new_info(const char *dev, int flags, str + info-pbkdf_prf = prf; + info-start = start; + info-hdr = hdr; ++ info-blk_sz = hdr-sec_sz; + info-size = hdr-sz_mk_scope / hdr-sec_sz; /* volume size */ + info-skip = hdr-off_mk_scope / hdr-sec_sz; /* iv skip */ + +@@ -1574,6 +1577,7 @@ dm_info_map(const char *map_name) + info-size = dm_table[0]-size; + info-skip = dm_table[outermost]-skip; + info-offset = dm_table[outermost]-offset; ++ info-blk_sz = 512; + + return info; + +@@ -1657,8 +1661,13 @@ dm_setup(const char *mapname, struct tcp + } + + strcpy(dev, info-dev); +- start = info-start; +- offset = info-offset; ++ ++ /* ++ * Device Mapper blocks are always 512-byte blocks, so convert ++ * from the native block size to the dm block size here. ++ */ ++ start = INFO_TO_DM_BLOCKS(info, start); ++ offset = INFO_TO_DM_BLOCKS(info, offset); + uu_stack_idx = 0; + + /* +@@ -1756,25 +1765,29 @@ dm_setup(const char *mapname, struct tcp + /* dev---^ block off --^ */ + snprintf(params, 512, %s 0, dev); + +- if ((dm_task_add_target(dmt, 0, info-offset, linear, params)) == 0) { ++ if ((dm_task_add_target(dmt, 0, ++INFO_TO_DM_BLOCKS(info, offset), ++linear, params)) == 0) { + tc_log(1, dm_task_add_target failed\n); + ret = -1; + goto out; + } + +- start = info-offset; ++ start = INFO_TO_DM_BLOCKS(info, offset); + } + + /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 */ + /* iv off---^ block off--^ */ + snprintf(params, 512, %s %s %PRIu64 %s %PRIu64, + cipher_chain-cipher-dm_crypt_str, cipher_chain-dm_key, +- (uint64_t)info-skip, dev, (uint64_t)offset); ++ (uint64_t)INFO_TO_DM_BLOCKS(info, skip), dev, ++ (uint64_t)offset); + #ifdef DEBUG + printf(Params: %s\n, params); + #endif + +- if ((dm_task_add_target(dmt, start, info-size, crypt, params)) == 0) { ++ if ((dm_task_add_target(dmt, start, ++ INFO_TO_DM_BLOCKS(info, size), crypt, params)) == 0) { + tc_log(1, dm_task_add_target failed\n); + ret = -1; + goto out; +--- tcplay-1.1.orig/tcplay.h tcplay-1.1/tcplay.h +@@ -79,6 +79,8 @@ + #include uuid/uuid.h + #endif + ++typedef uint64_t disksz_t; ++ + struct pbkdf_prf_algo
Bug#771520: unblock: libsodium/1.0.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please consider unblocking libsodium/1.0.1-1 despite being a new, bugfix only upstream release. Its changelog[1] says: -- cut -- * DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid collisions with similar macros defined by other libraries. * sodium_bin2hex() is now constant-time. * crypto_secretbox_detached() now supports overlapping input and output regions. * NaCl's donna_c64 implementation of curve25519 was reading an extra byte past the end of the buffer containing the base point. This has been fixed. -- cut -- The first one is not to clash with Wine and others. Constant time function prevents an attacker to get a closer idea what the input was in a normal use call. Third is to prevent memory corruptions if input and output regions overlap. The last one is clearly a buffer over-read security fix. As libsodium is a network communication cryptography and signaturing library, I think these fixes are a should have for Jessie. Source diff is attached. Thanks, Laszlo/GCS unblock libsodium/1.0.1-1 [1] https://github.com/jedisct1/libsodium/releases/tag/1.0.1 diff -Nur libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2.h libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2.h --- libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2.h 2014-09-30 18:35:31.0 + +++ libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2.h 2014-10-11 02:22:04.0 + @@ -11,8 +11,8 @@ this software. If not, see http://creativecommons.org/publicdomain/zero/1.0/. */ -#ifndef __BLAKE2_H__ -#define __BLAKE2_H__ +#ifndef blake2_H +#define blake2_H #include stddef.h #include stdint.h @@ -58,7 +58,7 @@ }; #pragma pack(push, 1) - typedef struct __blake2s_param + typedef struct blake2s_param_ { uint8_t digest_length; // 1 uint8_t key_length;// 2 @@ -73,7 +73,7 @@ uint8_t personal[BLAKE2S_PERSONALBYTES]; // 32 } blake2s_param; - ALIGN( 64 ) typedef struct __blake2s_state + ALIGN( 64 ) typedef struct blake2s_state_ { uint32_t h[8]; uint32_t t[2]; @@ -83,7 +83,7 @@ uint8_t last_node; } blake2s_state ; - typedef struct __blake2b_param + typedef struct blake2b_param_ { uint8_t digest_length; // 1 uint8_t key_length;// 2 @@ -101,7 +101,7 @@ #ifndef DEFINE_BLAKE2B_STATE typedef crypto_generichash_blake2b_state blake2b_state; #else - ALIGN( 64 ) typedef struct __blake2b_state + ALIGN( 64 ) typedef struct blake2b_state_ { uint64_t h[8]; uint64_t t[2]; @@ -112,7 +112,7 @@ } blake2b_state; #endif - typedef struct __blake2sp_state + typedef struct blake2sp_state_ { blake2s_state S[8][1]; blake2s_state R[1]; @@ -120,7 +120,7 @@ size_t buflen; } blake2sp_state; - typedef struct __blake2bp_state + typedef struct blake2bp_state_ { blake2b_state S[4][1]; blake2b_state R[1]; diff -Nur libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h --- libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h 2014-09-30 18:35:31.0 + +++ libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h 2014-10-11 02:22:04.0 + @@ -11,8 +11,8 @@ this software. If not, see http://creativecommons.org/publicdomain/zero/1.0/. */ -#ifndef __BLAKE2_IMPL_H__ -#define __BLAKE2_IMPL_H__ +#ifndef blake2_impl_H +#define blake2_impl_H #include stdint.h #include string.h diff -Nur libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c --- libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c 2014-09-30 18:35:31.0 + +++ libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c 2014-10-11 02:22:04.0 + @@ -96,10 +96,10 @@ struct crypto_onetimeauth_poly1305_implementation crypto_onetimeauth_poly1305_donna_implementation = { -_SODIUM_C99(.implementation_name =) crypto_onetimeauth_poly1305_donna_implementation_name, -_SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna, -_SODIUM_C99(.onetimeauth_verify =) crypto_onetimeauth_poly1305_donna_verify, -_SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init, -_SODIUM_C99(.onetimeauth_update =) crypto_onetimeauth_poly1305_donna_update, -_SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_donna_final +SODIUM_C99(.implementation_name =) crypto_onetimeauth_poly1305_donna_implementation_name, +SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna, +SODIUM_C99(.onetimeauth_verify =)
Bug#769680: unblock: ntfs-3g/2014.2.15AR.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, I'm asking for permission to upload ntfs-3g/2014.2.15AR.3-1 as it fixes an RC bug[1]. Current version of ntfs-3g doesn't work with 2.6.x kernels as it falls back to a wrong FUSE compatibility level. Upstream released a new version which contains only a bugfix for this issue. Two things make it a bit difficult. Packages testdisk and partclone will need binNMUs: nmu testdisk_6.14-3 . ALL . -m rebuild against ntfs-3g 1:2014.2.15AR.3-1 nmu partclone_0.2.73-2 . ALL . -m rebuild against ntfs-3g 1:2014.2.15AR.3-1 The package contains an udeb, but it's not concerned about this bugfix. Would it be allowed for upload? Debdiff is attached. Thanks, Laszlo/GCS unblock ntfs-3g/2014.2.15AR.3-1 [1] https://bugs.debian.org/766911 diff -Nru ntfs-3g-2014.2.15AR.2/configure ntfs-3g-2014.2.15AR.3/configure --- ntfs-3g-2014.2.15AR.2/configure 2014-09-01 07:49:15.0 + +++ ntfs-3g-2014.2.15AR.3/configure 2014-11-03 07:48:28.0 + @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ntfs-3g 2014.2.15AR.2. +# Generated by GNU Autoconf 2.69 for ntfs-3g 2014.2.15AR.3. # # Report bugs to ntfs-3g-de...@lists.sf.net. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='ntfs-3g' PACKAGE_TARNAME='ntfs-3g' -PACKAGE_VERSION='2014.2.15AR.2' -PACKAGE_STRING='ntfs-3g 2014.2.15AR.2' +PACKAGE_VERSION='2014.2.15AR.3' +PACKAGE_STRING='ntfs-3g 2014.2.15AR.3' PACKAGE_BUGREPORT='ntfs-3g-de...@lists.sf.net' PACKAGE_URL='' @@ -1405,7 +1405,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat _ACEOF -\`configure' configures ntfs-3g 2014.2.15AR.2 to adapt to many kinds of systems. +\`configure' configures ntfs-3g 2014.2.15AR.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1476,7 +1476,7 @@ if test -n $ac_init_help; then case $ac_init_help in - short | recursive ) echo Configuration of ntfs-3g 2014.2.15AR.2:;; + short | recursive ) echo Configuration of ntfs-3g 2014.2.15AR.3:;; esac cat \_ACEOF @@ -1633,7 +1633,7 @@ test -n $ac_init_help exit $ac_status if $ac_init_version; then cat \_ACEOF -ntfs-3g configure 2014.2.15AR.2 +ntfs-3g configure 2014.2.15AR.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2113,7 +2113,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntfs-3g $as_me 2014.2.15AR.2, which was +It was created by ntfs-3g $as_me 2014.2.15AR.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2462,7 +2462,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -LIBNTFS_3G_VERSION=852 +LIBNTFS_3G_VERSION=853 # Environment @@ -3093,7 +3093,7 @@ # Define the identity of the package. PACKAGE='ntfs-3g' - VERSION='2014.2.15AR.2' + VERSION='2014.2.15AR.3' cat confdefs.h _ACEOF @@ -15625,7 +15625,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log= -This file was extended by ntfs-3g $as_me 2014.2.15AR.2, which was +This file was extended by ntfs-3g $as_me 2014.2.15AR.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -15691,7 +15691,7 @@ cat $CONFIG_STATUS _ACEOF || ac_write_fail=1 ac_cs_config=`$as_echo $ac_configure_args | sed 's/^ //; s/[\\\`\$]//g'` ac_cs_version=\\ -ntfs-3g config.status 2014.2.15AR.2 +ntfs-3g config.status 2014.2.15AR.3 configured by $0, generated by GNU Autoconf 2.69, with options \\\$ac_cs_config\\ diff -Nru ntfs-3g-2014.2.15AR.2/configure.ac ntfs-3g-2014.2.15AR.3/configure.ac --- ntfs-3g-2014.2.15AR.2/configure.ac 2014-09-01 07:48:51.0 + +++ ntfs-3g-2014.2.15AR.3/configure.ac 2014-11-03 07:48:04.0 + @@ -24,8 +24,8 @@ # Autoconf AC_PREREQ(2.59) -AC_INIT([ntfs-3g],[2014.2.15AR.2],[ntfs-3g-de...@lists.sf.net]) -LIBNTFS_3G_VERSION=852 +AC_INIT([ntfs-3g],[2014.2.15AR.3],[ntfs-3g-de...@lists.sf.net]) +LIBNTFS_3G_VERSION=853 AC_CONFIG_SRCDIR([src/ntfs-3g.c]) # Environment diff -Nru ntfs-3g-2014.2.15AR.2/debian/changelog ntfs-3g-2014.2.15AR.3/debian/changelog --- ntfs-3g-2014.2.15AR.2/debian/changelog 2014-10-05 15:21:12.0 + +++ ntfs-3g-2014.2.15AR.3/debian/changelog 2014-11-15 14:42:16.0 + @@ -1,3 +1,10 @@ +ntfs-3g (1:2014.2.15AR.3-1) unstable; urgency=medium + + * New upstream release. + * Fix FUSE fallback for old 2.6.x kernels (closes: #766911). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Thu, 13 Nov 2014 05:43:59 + + ntfs-3g (1:2014.2.15AR.2-1) unstable; urgency=low * New upstream release. diff -Nru ntfs-3g-2014.2.15AR
Bug#769204: unblock: d3/3.4.13-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock D3, which fixes RC bug #768719 [1], missing build dependency in Jessie. I just removed it as it's needed for self-test only and was not working anyway. The debdiff is against the Sid version. It couldn't migrate since 23 days due to too tight dependency in python-xstatic-d3 . Thomas eased that since then even if it needs an unblock as well. Debdiffs attached. Thanks, Laszlo/GCS unblock d3/3.4.13-2 unblock python-xstatic-d3/3.4.11-2 [1] http://bugs.debian.org/768719 diff -Nru d3-3.4.13/debian/changelog d3-3.4.13/debian/changelog --- d3-3.4.13/debian/changelog 2014-10-18 14:29:17.0 + +++ d3-3.4.13/debian/changelog 2014-11-11 20:26:57.0 + @@ -1,3 +1,10 @@ +d3 (3.4.13-2) unstable; urgency=medium + + * Do not build depend on node-jsdom, it's too old to run tests +(closes: #768719). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Tue, 11 Nov 2014 20:23:28 + + d3 (3.4.13-1) unstable; urgency=medium * New upstream release. diff -Nru d3-3.4.13/debian/control d3-3.4.13/debian/control --- d3-3.4.13/debian/control 2014-10-18 14:29:41.0 + +++ d3-3.4.13/debian/control 2014-11-11 20:24:06.0 + @@ -2,7 +2,7 @@ Section: web Priority: optional Maintainer: Laszlo Boszormenyi (GCS) g...@debian.org -Build-Depends: debhelper (= 9), node-uglify, node-smash, node-vows, node-jsdom, npm +Build-Depends: debhelper (= 9), node-uglify, node-smash, node-vows, npm Standards-Version: 3.9.6 Homepage: http://d3js.org diff -Nru python-xstatic-d3-3.4.11/debian/changelog python-xstatic-d3-3.4.11/debian/changelog --- python-xstatic-d3-3.4.11/debian/changelog 2014-09-11 09:36:41.0 +0200 +++ python-xstatic-d3-3.4.11/debian/changelog 2014-10-27 08:53:25.0 +0100 @@ -1,3 +1,9 @@ +python-xstatic-d3 (3.4.11-2) unstable; urgency=medium + + * Relaxed version for libjs-d3. + + -- Thomas Goirand z...@debian.org Mon, 27 Oct 2014 07:53:04 + + python-xstatic-d3 (3.4.11-1) unstable; urgency=medium * New package to match the new version of libjs-d3. (Closes: #761109). diff -Nru python-xstatic-d3-3.4.11/debian/control python-xstatic-d3-3.4.11/debian/control --- python-xstatic-d3-3.4.11/debian/control 2014-09-11 09:36:41.0 +0200 +++ python-xstatic-d3-3.4.11/debian/control 2014-10-27 08:53:25.0 +0100 @@ -17,7 +17,7 @@ Package: python-xstatic-d3 Architecture: all Pre-Depends: dpkg (= 1.15.6~) -Depends: libjs-d3 ( 3.4.12), +Depends: libjs-d3 ( 3.5), libjs-d3 (= 3.4.11), python-xstatic, ${misc:Depends}, @@ -49,7 +49,7 @@ Package: python3-xstatic-d3 Architecture: all Pre-Depends: dpkg (= 1.15.6~) -Depends: libjs-d3 ( 3.4.12), +Depends: libjs-d3 ( 3.5), libjs-d3 (= 3.4.11), python3-xstatic, ${misc:Depends}, signature.asc Description: This is a digitally signed message part
Bug#769203: unblock: angular.js/1.2.26-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock angular.js and let it migrate to Jessie. It's more than a month (34 days) ago in Sid. Didn't migrate in time as Thomas Goirand blocked it with too tight dependency in python-xstatic-angular. He eased that, but the freeze started then. The package doesn't have any bugs. Thanks, Laszlo/GCS unblock angular.js/1.2.26-1 signature.asc Description: This is a digitally signed message part
Bug#768356: unblock: sqlite3/3.8.7.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please consider the latest upload of sqlite3. Its an immediate bugfix release to fix important issues. Quoting upstream[1]: In PRAGMA journal_mode=TRUNCATE mode, call fsync() immediately after truncating the journal file to ensure that the transaction is durable across a power loss. * Fix an assertion fault that can occur when updating the NULL value of a field at the end of a table that was added using ALTER TABLE ADD COLUMN. * Do not attempt to use the strchrnul() function from the standard C library unless the HAVE_STRCHRNULL compile-time option is set. * Fix a couple of problems associated with running an UPDATE or DELETE on a VIEW with a rowid in the WHERE clause. Such releases are rare and should (must) have updates. The code debdiff is attached. I've the whole debdiff as well, but that contains many small HTML updates in documentation and being big. Thanks, Laszlo/GCS unblock sqlite3/3.8.7.1-1 [1] http://www.sqlite.org/releaselog/3_8_7_1.html diff -Nur sqlite3-3.8.7/src/delete.c sqlite3-3.8.7.1/src/delete.c --- sqlite3-3.8.7/src/delete.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/delete.c 2014-10-29 21:13:32.0 + @@ -481,7 +481,7 @@ assert( nKey==nPk ); /* OP_Found will use an unpacked key */ assert( !IsVirtual(pTab) ); if( aToOpen[iDataCur-iTabCur] ){ -assert( pPk!=0 ); +assert( pPk!=0 || pTab-pSelect!=0 ); sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, addrBypass, iKey, nKey); VdbeCoverage(v); } diff -Nur sqlite3-3.8.7/src/os_unix.c sqlite3-3.8.7.1/src/os_unix.c --- sqlite3-3.8.7/src/os_unix.c 2014-11-06 16:17:55.0 + +++ sqlite3-3.8.7.1/src/os_unix.c 2014-10-29 21:13:32.0 + @@ -97,7 +97,7 @@ # include sys/mman.h #endif -#if SQLITE_ENABLE_LOCKING_STYLE || OS_VXWORKS || defined(__GNU__) +#if SQLITE_ENABLE_LOCKING_STYLE || OS_VXWORKS # include sys/ioctl.h # if OS_VXWORKS # include semaphore.h @@ -2235,7 +2235,7 @@ ** Omit this section if SQLITE_ENABLE_LOCKING_STYLE is turned off or if ** compiling for VXWORKS. */ -#if (SQLITE_ENABLE_LOCKING_STYLE !OS_VXWORKS) || defined(__GNU__) +#if SQLITE_ENABLE_LOCKING_STYLE !OS_VXWORKS /* ** Retry flock() calls that fail with EINTR @@ -5016,7 +5016,7 @@ 0 /* xShmMap method */ ) -#if (SQLITE_ENABLE_LOCKING_STYLE !OS_VXWORKS) || defined(__GNU__) +#if SQLITE_ENABLE_LOCKING_STYLE !OS_VXWORKS IOMETHODS( flockIoFinder,/* Finder function name */ flockIoMethods, /* sqlite3_io_methods object name */ @@ -7484,8 +7484,6 @@ static sqlite3_vfs aVfs[] = { #if SQLITE_ENABLE_LOCKING_STYLE (OS_VXWORKS || defined(__APPLE__)) UNIXVFS(unix, autolockIoFinder ), -#elif defined(__GNU__) -UNIXVFS(unix, flockIoFinder ), #else UNIXVFS(unix, posixIoFinder ), #endif diff -Nur sqlite3-3.8.7/src/pager.c sqlite3-3.8.7.1/src/pager.c --- sqlite3-3.8.7/src/pager.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/pager.c 2014-10-29 21:13:32.0 + @@ -1941,6 +1941,14 @@ rc = SQLITE_OK; }else{ rc = sqlite3OsTruncate(pPager-jfd, 0); +if( rc==SQLITE_OK pPager-fullSync ){ + /* Make sure the new file size is written into the inode right away. + ** Otherwise the journal might resurrect following a power loss and + ** cause the last transaction to roll back. See + ** https://bugzilla.mozilla.org/show_bug.cgi?id=1072773 + */ + rc = sqlite3OsSync(pPager-jfd, pPager-syncFlags); +} } pPager-journalOff = 0; }else if( pPager-journalMode==PAGER_JOURNALMODE_PERSIST diff -Nur sqlite3-3.8.7/src/printf.c sqlite3-3.8.7.1/src/printf.c --- sqlite3-3.8.7/src/printf.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/printf.c 2014-10-29 21:13:32.0 + @@ -21,11 +21,7 @@ ** the glibc version so the glibc version is definitely preferred. */ #if !defined(HAVE_STRCHRNUL) -# if defined(linux) -# define HAVE_STRCHRNUL 1 -# else -# define HAVE_STRCHRNUL 0 -# endif +# define HAVE_STRCHRNUL 0 #endif diff -Nur sqlite3-3.8.7/src/sqliteLimit.h sqlite3-3.8.7.1/src/sqliteLimit.h --- sqlite3-3.8.7/src/sqliteLimit.h 2014-11-06 16:17:55.0 + +++ sqlite3-3.8.7.1/src/sqliteLimit.h 2014-10-29 21:13:32.0 + @@ -169,7 +169,7 @@ ** SQLite will choose on its own. */ #ifndef SQLITE_MAX_DEFAULT_PAGE_SIZE -# define SQLITE_MAX_DEFAULT_PAGE_SIZE 32768 +# define SQLITE_MAX_DEFAULT_PAGE_SIZE 8192 #endif #if SQLITE_MAX_DEFAULT_PAGE_SIZESQLITE_MAX_PAGE_SIZE # undef SQLITE_MAX_DEFAULT_PAGE_SIZE diff -Nur sqlite3-3.8.7/src/update.c sqlite3-3.8.7.1/src/update.c --- sqlite3-3.8.7/src/update.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/update.c 2014-10-29
Bug#768356: unblock: sqlite3/3.8.7.1-1
On Thu, 2014-11-06 at 19:51 +0100, Laszlo Boszormenyi (GCS) wrote: The code debdiff is attached. I've the whole debdiff as well, but that contains many small HTML updates in documentation and being big. Ups, sent a wrong one. The correct one is attached to this mail. Laszlo/GCS diff -Nur sqlite3-3.8.7/src/delete.c sqlite3-3.8.7.1/src/delete.c --- sqlite3-3.8.7/src/delete.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/delete.c 2014-10-29 21:13:32.0 + @@ -481,7 +481,7 @@ assert( nKey==nPk ); /* OP_Found will use an unpacked key */ assert( !IsVirtual(pTab) ); if( aToOpen[iDataCur-iTabCur] ){ -assert( pPk!=0 ); +assert( pPk!=0 || pTab-pSelect!=0 ); sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, addrBypass, iKey, nKey); VdbeCoverage(v); } diff -Nur sqlite3-3.8.7/src/pager.c sqlite3-3.8.7.1/src/pager.c --- sqlite3-3.8.7/src/pager.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/pager.c 2014-10-29 21:13:32.0 + @@ -1941,6 +1941,14 @@ rc = SQLITE_OK; }else{ rc = sqlite3OsTruncate(pPager-jfd, 0); +if( rc==SQLITE_OK pPager-fullSync ){ + /* Make sure the new file size is written into the inode right away. + ** Otherwise the journal might resurrect following a power loss and + ** cause the last transaction to roll back. See + ** https://bugzilla.mozilla.org/show_bug.cgi?id=1072773 + */ + rc = sqlite3OsSync(pPager-jfd, pPager-syncFlags); +} } pPager-journalOff = 0; }else if( pPager-journalMode==PAGER_JOURNALMODE_PERSIST diff -Nur sqlite3-3.8.7/src/printf.c sqlite3-3.8.7.1/src/printf.c --- sqlite3-3.8.7/src/printf.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/printf.c 2014-10-29 21:13:32.0 + @@ -21,11 +21,7 @@ ** the glibc version so the glibc version is definitely preferred. */ #if !defined(HAVE_STRCHRNUL) -# if defined(linux) -# define HAVE_STRCHRNUL 1 -# else -# define HAVE_STRCHRNUL 0 -# endif +# define HAVE_STRCHRNUL 0 #endif diff -Nur sqlite3-3.8.7/src/update.c sqlite3-3.8.7.1/src/update.c --- sqlite3-3.8.7/src/update.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/update.c 2014-10-29 21:13:32.0 + @@ -431,8 +431,8 @@ /* Top of the update loop */ if( okOnePass ){ -if( aToOpen[iDataCur-iBaseCur] ){ - assert( pPk!=0 ); +if( aToOpen[iDataCur-iBaseCur] !isView ){ + assert( pPk ); sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelBreak, regKey, nKey); VdbeCoverageNeverTaken(v); } diff -Nur sqlite3-3.8.7/src/vdbe.c sqlite3-3.8.7.1/src/vdbe.c --- sqlite3-3.8.7/src/vdbe.c 2014-10-17 18:38:28.0 + +++ sqlite3-3.8.7.1/src/vdbe.c 2014-10-29 21:13:32.0 + @@ -2441,7 +2441,7 @@ if( pOp-p4type==P4_MEM ){ sqlite3VdbeMemShallowCopy(pDest, pOp-p4.pMem, MEM_Static); }else{ -MemSetTypeFlag(pDest, MEM_Null); +sqlite3VdbeMemSetNull(pDest); } goto op_column_out; } signature.asc Description: This is a digitally signed message part
Bug#768072: unblock: rdesktop/1.8.2-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please consider the latest upload of rdesktop. The bug it fixes[1] is far from being RC. But it would be a shame that a Windows remote desktop solution can't use the Windows key in Jessie. The fix is from upstream[2] and a very trivial two liners. Debdiff is attached. Thanks, Laszlo/GCS unblock rdesktop/1.8.2-3 [1] http://bugs.debian.org/768066 [2] http://sourceforge.net/p/rdesktop/code/1816/ diff -Nru rdesktop-1.8.2/debian/changelog rdesktop-1.8.2/debian/changelog --- rdesktop-1.8.2/debian/changelog 2014-10-16 16:22:13.0 + +++ rdesktop-1.8.2/debian/changelog 2014-11-04 17:16:05.0 + @@ -1,3 +1,9 @@ +rdesktop (1.8.2-3) unstable; urgency=low + + * Backport fix to handle Windows key (closes: #768066). + + -- Laszlo Boszormenyi (GCS) g...@debian.org Tue, 04 Nov 2014 17:06:04 + + rdesktop (1.8.2-2) unstable; urgency=medium * Update config.{sub,guess} for the AArch64 port (closes: #727953). diff -Nru rdesktop-1.8.2/debian/patches/Fix_constant_naming_and_enabled_windowskey_by_default.patch rdesktop-1.8.2/debian/patches/Fix_constant_naming_and_enabled_windowskey_by_default.patch --- rdesktop-1.8.2/debian/patches/Fix_constant_naming_and_enabled_windowskey_by_default.patch 1970-01-01 00:00:00.0 + +++ rdesktop-1.8.2/debian/patches/Fix_constant_naming_and_enabled_windowskey_by_default.patch 2014-11-04 17:08:32.0 + @@ -0,0 +1,22 @@ +--- a/constants.h b/constants.h +@@ -321,7 +321,7 @@ + #define RDP_LOGON_AUTO 0x0008 + #define RDP_LOGON_NORMAL 0x0033 + #define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ +-#define RDP_LOGON_BLOB 0x0100 ++#define RDP_LOGON_ENABLEWINDOWSKEY 0x0100 + #define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ + #define RDP_LOGON_LEAVE_AUDIO 0x2000 + #define RDP_LOGON_PASSWORD_IS_SC_PIN 0x4 +--- a/rdesktop.c b/rdesktop.c +@@ -562,7 +562,7 @@ + act.sa_flags = 0; + sigaction(SIGPIPE, act, NULL); + +- flags = RDP_LOGON_NORMAL; ++ flags = RDP_LOGON_NORMAL | RDP_LOGON_ENABLEWINDOWSKEY; + prompt_password = False; + g_seamless_spawn_cmd[0] = domain[0] = g_password[0] = shell[0] = directory[0] = 0; + g_embed_wnd = 0; diff -Nru rdesktop-1.8.2/debian/patches/series rdesktop-1.8.2/debian/patches/series --- rdesktop-1.8.2/debian/patches/series 2014-08-31 15:14:15.0 + +++ rdesktop-1.8.2/debian/patches/series 2014-11-04 17:09:42.0 + @@ -19,3 +19,4 @@ 01_paging.patch 20_update_manpage.dpatch 80_handle_nostrip_option.dpatch +Fix_constant_naming_and_enabled_windowskey_by_default.patch signature.asc Description: This is a digitally signed message part
Bug#767955: unblock: libdbi/0.9.0-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the new upload of libdbi. It fixes RC bug 764130 [1] with upstream commit[2]. I attach the debdiff. Thanks, Laszlo/GCS unblock libdbi/0.9.0-4 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764130 [2] http://sourceforge.net/p/libdbi/libdbi/ci/cdc447994cf767ae03fa6b0ca663a6b2a89469dd/ diff -Nru libdbi-0.9.0/debian/changelog libdbi-0.9.0/debian/changelog --- libdbi-0.9.0/debian/changelog 2014-09-21 08:57:48.0 + +++ libdbi-0.9.0/debian/changelog 2014-11-01 15:12:02.0 + @@ -1,3 +1,10 @@ +libdbi (0.9.0-4) unstable; urgency=medium + + * Backport fix for double-free in dbi_shutdown_r() (closes: #764130). + * Update Standards-Version to 3.9.6 . + + -- Laszlo Boszormenyi (GCS) g...@debian.org Sat, 01 Nov 2014 12:06:55 + + libdbi (0.9.0-3) unstable; urgency=medium * Backport important upstream patches: diff -Nru libdbi-0.9.0/debian/control libdbi-0.9.0/debian/control --- libdbi-0.9.0/debian/control 2014-04-04 15:34:26.0 + +++ libdbi-0.9.0/debian/control 2014-11-01 14:30:18.0 + @@ -7,7 +7,7 @@ dh-autoreconf, docbook-dsssl, jadetex -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/collab-maint/libdbi.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/libdbi.git Homepage: http://libdbi.sourceforge.net/ diff -Nru libdbi-0.9.0/debian/patches/fix_double-free_in_dbi_shutdown_r.patch libdbi-0.9.0/debian/patches/fix_double-free_in_dbi_shutdown_r.patch --- libdbi-0.9.0/debian/patches/fix_double-free_in_dbi_shutdown_r.patch 1970-01-01 00:00:00.0 + +++ libdbi-0.9.0/debian/patches/fix_double-free_in_dbi_shutdown_r.patch 2014-11-01 15:06:28.0 + @@ -0,0 +1,32 @@ +Description: dbi_conn_close(): do not return early if conn-connection is NULL +Origin: upstream, http://sourceforge.net/p/libdbi/libdbi/ci/cdc447994cf767ae03fa6b0ca663a6b2a89469dd/tree/src/dbi_main.c?diff=06e738a61a06f3e6720c84210b7cce47b82e0c7f +Bug-Debian: https://bugs.debian.org/764130 +Author: Markus Hoenicka markus.hoeni...@mhoenicka.de +Last-Update: 2014-11-01 + +--- + +--- libdbi-0.9.0.orig/src/dbi_main.c libdbi-0.9.0/src/dbi_main.c +@@ -592,13 +592,17 @@ void dbi_conn_close(dbi_conn Conn) { + return; + } + +- if (!(conn-connection)) { +- free(conn); +- return; +- } ++ /* if (!(conn-connection)) { */ ++ /* free(conn); */ ++ /* return; */ ++ /* } */ + + _update_internal_conn_list(conn, -1); + ++ /* give drivers a chance to clean up even if there is no ++ connection. It is assumed that ++ driver-functions-disconnects() checks the existence of ++ conn-connection */ + conn-driver-functions-disconnect(conn); + conn-driver = NULL; + dbi_conn_clear_options(Conn); diff -Nru libdbi-0.9.0/debian/patches/series libdbi-0.9.0/debian/patches/series --- libdbi-0.9.0/debian/patches/series 2014-09-21 09:02:20.0 + +++ libdbi-0.9.0/debian/patches/series 2014-11-01 15:02:53.0 + @@ -1,2 +1,3 @@ fix_memory_leak_if_not_connected.patch fix_possible_access_to_unallocated_memory.patch +fix_double-free_in_dbi_shutdown_r.patch signature.asc Description: This is a digitally signed message part
Bug#767958: unblock: mongodb/1:2.4.10-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock The last upload of mongodb fixes systemd support. Its bug[1] is not RC severity. But not starting/stopping a daemon if systemd is used can be considered at least very important. The fix is one-liner in rules , I have to take care of dh_systemd_enable in override_dh_installinit. The debdiff is attached. Upstream released 2.6.0 too late for Jessie, then started to work for 2.8.0. Then I was blind to see they backport important fixes for the 2.4.x tree. The 2.4.11 [2] and 2.4.12 [3] changelogs are available, as well the upcoming 2.4.13 [4]. I suspect it's too late to let them enter Jessie, but I'd be happy to package them if allowed. At least I ask permission to use the security fix[5] and disabling of the SSLv3 ciphers[6]. Which path may I take? Thanks, Laszlo/GCS unblock mongodb/1:2.4.10-3 [1] http://bugs.debian.org/767211 [2] https://jira.mongodb.org/browse/SERVER/fixforversion/13795 [3] https://jira.mongodb.org/browse/SERVER/fixforversion/14288 [4] https://jira.mongodb.org/browse/SERVER/fixforversion/14488 [5] https://jira.mongodb.org/browse/SERVER-14268 [6] https://jira.mongodb.org/browse/SERVER-15673 diff -Nru mongodb-2.4.10/debian/changelog mongodb-2.4.10/debian/changelog --- mongodb-2.4.10/debian/changelog 2014-06-21 21:03:15.0 +0200 +++ mongodb-2.4.10/debian/changelog 2014-11-02 01:42:59.0 +0100 @@ -1,3 +1,10 @@ +mongodb (1:2.4.10-3) unstable; urgency=medium + + * Enable systemd unit file (closes: #767211). + * Update Standards-Version to 3.9.6 . + + -- Laszlo Boszormenyi (GCS) g...@debian.org Wed, 29 Oct 2014 22:43:27 + + mongodb (1:2.4.10-2) unstable; urgency=low * Enable systemd service (closes: #745674). diff -Nru mongodb-2.4.10/debian/control mongodb-2.4.10/debian/control --- mongodb-2.4.10/debian/control 2014-06-21 20:40:58.0 +0200 +++ mongodb-2.4.10/debian/control 2014-11-02 01:13:05.0 +0100 @@ -21,7 +21,7 @@ libv8-dev (= 3.12), python-pymongo, scons -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/collab-maint/mongodb.git Vcs-Browser: http://anonscm.debian.org/git/collab-maint/mongodb.git Homepage: http://www.mongodb.org diff -Nru mongodb-2.4.10/debian/copyright mongodb-2.4.10/debian/copyright --- mongodb-2.4.10/debian/copyright 2013-11-13 10:14:31.0 +0100 +++ mongodb-2.4.10/debian/copyright 2014-11-02 01:30:21.0 +0100 @@ -16,6 +16,7 @@ Antonin Kral Roberto C. Sanchez +Laszlo Boszormenyi (GCS) Copyright: diff -Nru mongodb-2.4.10/debian/rules mongodb-2.4.10/debian/rules --- mongodb-2.4.10/debian/rules 2014-06-21 20:59:43.0 +0200 +++ mongodb-2.4.10/debian/rules 2014-10-29 23:44:37.0 +0100 @@ -48,10 +48,11 @@ scons $(DEB_SCONS_INSTALL) override_dh_installinit: + dh_systemd_enable --name=mongodb dh_installinit -pmongodb-server --name=mongodb %: - dh $@ --parallel --with-systemd + dh $@ --parallel --with=systemd .PHONY: override_dh_clean override_dh_auto_build override_dh_auto_test \ override_dh_auto_install override_dh_installinit signature.asc Description: This is a digitally signed message part
Bug#768010: future mongodb unblock
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Upstream released MongoDB 2.6.0 too late for Jessie and started to work for 2.8.0. Then I was blind to see they backport important fixes for the 2.4.x tree. The 2.4.11 [1] and 2.4.12 [2] changelogs are available, as well the upcoming 2.4.13 [3]. I suspect it's too late to let them enter Jessie, but I'd be happy to package them if allowed. At least I ask permission to use the security fix[4] and disabling of the SSLv3 ciphers[5]. Which path may I take? I should emphasize that the fixes included went through the 2.5 development cycle and part of the current stable, 2.6 release tree. The fixes backport done and tested by upstream itself. I've already packaged 2.4.12 for Sid and all I had to change is to adjust a small patch to apply clean without fuzz. I'll backport the SSLv3 disable patch from 2.4.13 soon to the package. Thanks for consideration, Laszlo/GCS [1] https://jira.mongodb.org/browse/SERVER/fixforversion/13795 [2] https://jira.mongodb.org/browse/SERVER/fixforversion/14288 [3] https://jira.mongodb.org/browse/SERVER/fixforversion/14488 [4] https://jira.mongodb.org/browse/SERVER-14268 [5] https://jira.mongodb.org/browse/SERVER-15673 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1415082609.3542.8.ca...@debian.org
Bug#765948: binNMU for ntfs-3g 1:2014.2.15AR.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi Release Managers, ntfs-3g changed its provides to libntfs-3g852 (virtual library). This prevents its migration due to that testdisk and partclone was built for the previous version, libntfs-3g851. As this ntfs-3g is just a stable update, would be nice to have for Jessie. nmu testdisk_6.14-3 . ALL . -m rebuild against ntfs-3g 1:2014.2.15AR.2-1 nmu partclone_0.2.73-2 . ALL . -m rebuild against ntfs-3g 1:2014.2.15AR.2-1 Thanks, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1413725880.26428.3.ca...@debian.org
Re: pre-approval for sqlite3/3.7.13-2 upload
On Mon, 2013-04-29 at 19:05 +0100, Adam D. Barratt wrote: On Sun, 2013-04-28 at 19:34 +, Laszlo Boszormenyi (GCS) wrote: SQLite3 used umask to control file access permissions on newly created files. But umask affects the whole process and in multi-thread applications this means if an other thread creates a file that will use that setting as well. This is bad as for short period of times SQLite3 set umask to 0, effectively causing world readable and writable files. That sounds okay, assuming it's just the patch in the bug report. I would like to point out that unstable was fixed a month ago, so I'm not particularly happy about this only being requested now. Sure, it was a too long testing phase. Please use 3.7.13-1+deb7u1 as the package version and upload ASAP. Uploaded, only with the upstream fix as a separate patch. Used the mentioned package version. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1367269839.14333.103.camel@julia
pre-approval for sqlite3/3.7.13-2 upload
Dear Release Team, SQLite3 used umask to control file access permissions on newly created files. But umask affects the whole process and in multi-thread applications this means if an other thread creates a file that will use that setting as well. This is bad as for short period of times SQLite3 set umask to 0, effectively causing world readable and writable files. This affects Apache for example while serving Subversion repositories. Fixed in 3.7.16 with using fchmod instead of umask[1]. Debian bug[2] is filed as normal, but on multiuser systems it is RC as users can write arbitrary files affected by this bug. The version in Wheezy affected as well and such I've prepared an upload. Would it be accepted with the mentioned upstream patch[1]? An other change would be to make -dev multi-arch: same . This is also fixed in unstable[3], but not for Wheezy. Severity set to important, but considered critical for dependencies that want to multi-arch crossbuild. Thanks for considering, Laszlo/GCS [1] http://www.sqlite.org/src/info/6c4c2b7dba?sbs=0 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703465 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683588 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1367177657.14333.41.camel@julia
Bug#702195: unblock: syslog-ng/3.3.5-3
On Sun, 2013-03-17 at 15:37 +, Jonathan Wiltshire wrote: On Sun, Mar 17, 2013 at 03:06:17PM +, Jonathan Wiltshire wrote: On Sun, Mar 03, 2013 at 08:02:32PM +, Laszlo Boszormenyi (GCS) wrote: There are several important, RC bugfix over syslog-ng/3.3.5-2 in Wheezy. Approved the t-p-u upload, thanks. Actually, not. With the lack of threading and my trying to catch up on my mailbox, I hadn't yet seen the discussion about this one. Please prepare an updated t-p-u upload. Done. 3.3.5-4 is uploaded to t-p-u. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1363801695.12547.67.camel@julia
Bug#702195: symlink conffiles are not supported, causing problems for dpkg on upgrade/removal and incorrect debsums reports
On Wed, 2013-03-06 at 13:17 +0100, Michael Biebl wrote: 1/ as you no longer mark the symlinks as conffiles, the cleanup in syslog-ng-core.postrm is not necessary. Removed. 2/ you need to remove the existing conffile symlinks in syslog-ng-core.preinst so dpkg converts it to non-conffiles on upgrades Remove those in preinst. 3/ please drop the line ExecStartPre=/bin/systemctl stop systemd-kmsg-syslogd.service from syslog-ng.service. The systemd-kmsg-syslogd.service service has been removed a long time ago and future versions of systemd will generate an error if you stop a non-existing service. Gergely told he had this change in his Git repo already. Line removed, added other fixes from the Git repo. Please re-check it from: dget -x http://www.barcikacomp.hu/gcs/syslog-ng_3.3.5-3.dsc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1362591911.18324.32.camel@julia
Bug#702195: symlink conffiles are not supported, causing problems for dpkg on upgrade/removal and incorrect debsums reports
On Tue, 2013-03-05 at 21:05 +0100, Michael Biebl wrote: On 03.03.2013 22:53, Michael Biebl wrote: Seeing the poor handling of symlinked conffiles, I'm wondering if we should also remove them for the other affected packages, which do that: [...] After a closer look, all those packages do *not* mark the symlinks as conffiles, so are not affected by this problem. So I wouldn't suggest any changes at this stage of the release. As for syslog-ng-core, I think the simplest solution for wheezy is to add the symlinks back to the package /etc/systemd/system/syslog.service /etc/systemd/system/multi-user.target.wants/syslog-ng.service but does *not* mark them as conffiles. + the usual cleanup of the existing conffiles via preinst. The first iteration is ready to check[1]. I don't recall previous conffiles, but on purge the files are removed. Laszlo/GCS [1] dget -x http://www.barcikacomp.hu/gcs/syslog-ng_3.3.5-3.dsc -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1362521428.18324.27.camel@julia
Bug#702195: unblock: syslog-ng/3.3.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception thanks Hi Release Team, There are several important, RC bugfix over syslog-ng/3.3.5-2 in Wheezy. First is virtual console differences between Linux and kFreeBSD[1]. It's tty10 on the former and ttyva on the latter. Without fixing #697042 , syslog-ng would flood kFreeBSD logs with: Error opening file for writing; filename='/dev/tty10', error='Operation not supported (45)' The default syslog-ng configuration used wrong path for mail related logs, as noted in #692056 [2]. Don't use symlinked systemd configuration files, as noted in #690067 [3]. This caused all short of problems as dpkg doesn't support it. Last but not least the one which affects the DSA team is #702131 [4]. The fix is to handle EINVAL as well for eventfd2 errors. The fixes are small and usually one liners. Debdiff is attached. Thanks, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697042 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692056 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690067 [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702131 diff -Nru syslog-ng-3.3.5/debian/changelog syslog-ng-3.3.5/debian/changelog --- syslog-ng-3.3.5/debian/changelog 2012-05-13 00:47:21.0 +0200 +++ syslog-ng-3.3.5/debian/changelog 2013-03-03 19:22:00.0 +0100 @@ -1,3 +1,22 @@ +syslog-ng (3.3.5-3) testing-proposed-updates; urgency=low + + [ Gergely Nagy alger...@madhouse-project.org ] + * Don't mark systemd symlinks in /etc as conffiles. + * Instead of installing systemd service file symlinks, install a +conffile, that includes the real service file (closes: #690067). + * Do not forcibly remove the systemd service files, that code is not +needed anymore. + * Use the standard /var/log/mail.{info,err,warn} location for the various +mail-related logs (closes: #692056). + * Use /dev/ttyva on kFreeBSD as the target of the d_console_all +destination (closes: #697042). + + [ Laszlo Boszormenyi (GCS) ] + * Fix ivykis fallback on eventfd2 errors with the addition of +ivykis_fallback_fix.patch (closes: #702131). + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Sun, 03 Mar 2013 17:57:00 +0100 + syslog-ng (3.3.5-2) unstable; urgency=low [ Gergely Nagy alger...@madhouse-project.org ] diff -Nru syslog-ng-3.3.5/debian/patches/ivykis_fallback_fix.patch syslog-ng-3.3.5/debian/patches/ivykis_fallback_fix.patch --- syslog-ng-3.3.5/debian/patches/ivykis_fallback_fix.patch 1970-01-01 01:00:00.0 +0100 +++ syslog-ng-3.3.5/debian/patches/ivykis_fallback_fix.patch 2013-03-03 17:53:25.0 +0100 @@ -0,0 +1,31 @@ +Description: make ivykis properly fallback on eventfd2 errors + The Linux glibc eventfd() wrapper function (around the SYS_eventfd{,2} + system calls) returns EINVAL if it is given a nonzero flags argument + and SYS_eventfd2 (which is the variant of SYS_eventfd that takes a flags + argument) isn't implemented, while iv_event_raw was expecting to get + either ENOSYS or success. + . + Instead of falling back on SYS_eventfd by calling the eventfd() wrapper + again with a zero flags argument and then setting the O_NONBLOCK and + O_CLOEXEC flags by hand, disable use of eventfd on systems that have + SYS_eventfd but not SYS_eventfd2 as a minimally invasive fix for the + stable branches. + Taken from: https://github.com/buytenh/ivykis/commit/89f67f97477aeba24aebfc58ae1a17e5bea69724.patch +Author: Lennert Buytenhek buyt...@wantstofly.org +Bug-Debian: http://bugs.debian.org/702131 +Forwarded: not-needed +Last-Update: 2012-12-09 + +--- + +--- syslog-ng-3.3.5.orig/lib/ivykis/modules/iv_event_raw.c syslog-ng-3.3.5/lib/ivykis/modules/iv_event_raw.c +@@ -91,7 +91,7 @@ int iv_event_raw_register(struct iv_even + + ret = eventfd2(0, EFD_NONBLOCK | EFD_CLOEXEC); + if (ret 0) { +- if (errno != ENOSYS) { ++ if (errno != ENOSYS errno != EINVAL) { + perror(eventfd2); + return -1; + } diff -Nru syslog-ng-3.3.5/debian/patches/series syslog-ng-3.3.5/debian/patches/series --- syslog-ng-3.3.5/debian/patches/series 2012-05-03 10:25:19.0 +0200 +++ syslog-ng-3.3.5/debian/patches/series 2013-03-03 17:48:08.0 +0100 @@ -1 +1,2 @@ no_make_in_debian.patch +ivykis_fallback_fix.patch diff -Nru syslog-ng-3.3.5/debian/rules syslog-ng-3.3.5/debian/rules --- syslog-ng-3.3.5/debian/rules 2012-05-13 00:49:52.0 +0200 +++ syslog-ng-3.3.5/debian/rules 2013-03-03 18:52:18.0 +0100 @@ -26,7 +26,7 @@ # to it. ## ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS))) - EXTRA_CONFIGURE_OPTS += --enable-debug +EXTRA_CONFIGURE_OPTS += --enable-debug endif DEFAULT_MODULES = affile,afprog,afsocket,afuser,afsql,basicfuncs,csvparser,dbparser,syslogformat @@ -129,10 +129,6 @@ override_dh_auto_install: dh_auto_install ${MAKE} -C debian/build-tree/lib/ivykis install DESTDIR=$(CURDIR)/debian/tmp - ln -sf /lib/systemd/system/syslog-ng.service
Re: Uploading new s3ql to testing-proposed-updates
Hi Nikolaus, On Sun, 2013-02-24 at 18:41 -0800, Nikolaus Rath wrote: I'd like to upload a new version of S3QL to testing-proposed-updates to fix bug #701350. Unstable already contains a newer upstream release (1.12), so I cannot upload there. [...] The necessary patch is one line (adding fflush() in the right place). While it's not tagged RC, it is as it can causes data-loss as I read. It means it must be fixed in Wheezy. It'll be accepted IMHO as the fix is one liner. The proposed patch looks fine for me. May I upload this to testing-proposed-updates? It's not my task to allow or disallow uploads to t-p-u. There's a team in Debian, called Release Managers[1]. They need to ACK it, as Wheezy in deep freeze now. Will check the rules in the afternoon. Did you ask on debian-project@ ? Cheers, Laszlo/GCS [1] http://wiki.debian.org/Teams/ReleaseTeam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1361772825.14479.178.camel@julia
Bug#692797: unblock: python-greenlet/0.3.1-2.1
Hi Adam, On Wed, 2012-12-19 at 19:55 +, Adam D. Barratt wrote: On Sat, 2012-11-24 at 13:34 +, Adam D. Barratt wrote: On Fri, 2012-11-09 at 23:08 +0100, Jelmer Vernooij wrote: On Fri, 2012-11-09 at 06:08 +, Adam D. Barratt wrote: It also itself FTBFS on a few architectures - see https://buildd.debian.org/status/package.php?p=python-greenletsuite=wheezy ; armel and mips{,el} are regressions from the current testing package. Thanks, I should've noticed that but hadn't. This is quite surprising too, I don't see anything in the NMU that might be the cause of this. I suspect the issue was already there - see #665890, which is also fixed in sid already. Laszlo, any chance of a fixed version? The good is that upstream uses git, I could check the individual commits. The bad is that the places where it FTBFS are assembly codes. Upstream reworked that parts with the relevant C code as well. So it's not easy, I'd say impossible for me to backport those changes. I don't speak ARM nor Sparc ASM at least. Would it be acceptable to let 0.4.0-1 migrate to Wheezy? It fixes all the problems, in the archive since August without any problem. Last, but not least it fixes several packaging problems as well. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1356130240.15123.958.camel@julia
Bug#682172: unblock: couchdb/1.2.0-2
On Wed, 2012-11-21 at 19:36 +0100, Julien Cristau wrote: On Tue, Nov 20, 2012 at 21:17:21 +, Laszlo Boszormenyi (GCS) wrote: Thanks, I think that should be acceptable. OK, -3 will be uploaded if you nod on the s/couchdb/$COUCHDB/ change. See below. - logrotate will properly own the rotated files. OK, I guess. Though why is the dir owned by couchdb in the first place instead of root? It's common for daemons to own their logdir and logfiles, even weird owners do exist. See Apache2, its logdir is root:adm /var/log/apache2/ , for Exim it's Debian-exim:adm /var/log/exim4/ . But for the former, see MongoDB: mongodb:mongodb /var/log/mongodb/ , MySQL: mysql:adm /var/log/mysql/ , Redis: redis:redis /var/log/redis/ . CouchDB uses the same, its logdir is couchdb:couchdb /var/log/couchdb/ , can't give you a special reason for that. +--- couchdb-1.2.0.orig/etc/init/couchdb.tpl.in couchdb-1.2.0/etc/init/couchdb.tpl.in +@@ -102,6 +102,8 @@ stop_couchdb () { + # Stop the running Apache CouchDB process. + + run_command $COUCHDB -d /dev/null ++while [ $(couchdb -s 2/dev/null | grep -c process) -eq 1 ]; \ ++do echo -n .; sleep 1; done; + } + + display_status () { Slightly weird to use $COUCHDB everywhere except in this one place where you write couchdb. Tested on the CLI, then copied late in the evening. Will be: ++while [ $($COUCHDB -s 2/dev/null | grep -c process) -eq 1 ]; \ ++do echo -n .; sleep 1; done; Is it okay to upload -3 with the discussed changes? Cheers, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1353530389.15123.335.camel@julia
Bug#682172: unblock: couchdb/1.2.0-2
On Wed, 2012-11-21 at 21:44 +0100, Michael Biebl wrote: On 21.11.2012 21:39, Laszlo Boszormenyi (GCS) wrote: Tested on the CLI, then copied late in the evening. Will be: ++while [ $($COUCHDB -s 2/dev/null | grep -c process) -eq 1 ]; \ ++do echo -n .; sleep 1; done; Is it okay to upload -3 with the discussed changes? Thanks, that looks a bit better. My only concern now would be, that you can end up in a endless loop if the couchdb instance doesn't want to die. Can such a situation happen or will couchdb -d forcefully kill the processes automatically? I don't think it'll be forcefully killed, but not sure. I'm not good in Erlang. But I propose the following then just to be sure: RET=1; for i in $(seq 1 30); do status=`$COUCHDB -s 2/dev/null | grep -c process`; if [ $status -eq 0 ]; then RET=0; break; fi; echo -n .; sleep 1s; done; return $RET Should the time be increased or maybe decreased? Half a minute sounds acceptable for me, but you may think otherwise. Cheers, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1353533165.15123.340.camel@julia
Bug#682172: unblock: couchdb/1.2.0-2
On Mon, 2012-11-19 at 11:07 +0100, Julien Cristau wrote: On Mon, Nov 19, 2012 at 01:18:34 +, Laszlo Boszormenyi (GCS) wrote: Agree. That's an other thing upstream should fix. However I don't think that would happen soon, at least not for Wheezy. I'll ask about it. Until then this sleep may fixes the majority (maybe all) of the problems. Why can't this be fixed in your init script if upstream won't fix it in time? Touché! First I thought it's not possible. 'couchdb -d' sends a signal to the running process that it should stop. It returns immediately and doesn't wait until it completely ends. Then found 'couchdb -s' which display the status of the daemon. While it's not my initscript, I've changed that to wait until the status is running. Changes between the current Wheezy version and the planned 1.2.0-3 upload is attached. In short, it fixes four RC bugs: - now properly create a couchdb owned rundir, - wait for complete stop of the daemon, and this allows to: - purge the package properly, - restart the service without failing, - logrotate will properly own the rotated files. Hope it's now ready to go and will have the promise to be unblocked when its time comes. Regards, Laszlo/GCS diff -Nur couchdb-1.2.0-1/debian/changelog couchdb-1.2.0-3/debian/changelog --- couchdb-1.2.0-1/debian/changelog 2012-06-29 20:31:16.0 +0200 +++ couchdb-1.2.0-3/debian/changelog 2012-11-20 21:36:00.0 +0100 @@ -1,3 +1,17 @@ +couchdb (1.2.0-3) unstable; urgency=low + + * Rework couchdb own run directory (updates: #681549). + * Wait until complete stop of service (closes: #692295). + * Use couchdb user for logrotate (closes: #652172). + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Sun, 18 Nov 2012 12:24:24 +0100 + +couchdb (1.2.0-2) unstable; urgency=low + + * Make couchdb user own its run directory (closes: #681549). + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Thu, 19 Jul 2012 20:13:25 +0200 + couchdb (1.2.0-1) unstable; urgency=low * New major upstream release (closes: #672141). diff -Nur couchdb-1.2.0-1/debian/patches/couchdb_own_rundir.patch couchdb-1.2.0-3/debian/patches/couchdb_own_rundir.patch --- couchdb-1.2.0-1/debian/patches/couchdb_own_rundir.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/couchdb_own_rundir.patch 2012-11-18 21:32:47.0 +0100 @@ -0,0 +1,20 @@ +Description: Initscript creates RUN_DIR , make sure it's owned by couchdb + Use install to make COUCHDB_USER own the RUN_DIR being created. +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/681549 +Last-Update: 2012-11-18 + +--- + +--- couchdb-1.2.0.orig/etc/init/couchdb.tpl.in couchdb-1.2.0/etc/init/couchdb.tpl.in +@@ -83,7 +83,8 @@ run_command () { + start_couchdb () { + # Start Apache CouchDB as a background process. + +-mkdir -p $RUN_DIR ++test -e $RUN_DIR || \ ++install -m 755 -o $COUCHDB_USER -g $COUCHDB_USER -d $RUN_DIR + command=$COUCHDB -b + if test -n $COUCHDB_STDOUT_FILE; then + command=$command -o $COUCHDB_STDOUT_FILE diff -Nur couchdb-1.2.0-1/debian/patches/logrotate_as_couchdb.patch couchdb-1.2.0-3/debian/patches/logrotate_as_couchdb.patch --- couchdb-1.2.0-1/debian/patches/logrotate_as_couchdb.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/logrotate_as_couchdb.patch 2012-11-18 21:31:42.0 +0100 @@ -0,0 +1,16 @@ +Description: Use logrotate as couchdb user + Use su and create to make logfiles owned by couchdb +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/652172 +Last-Update: 2012-11-18 +--- + +--- couchdb-1.2.0.orig/etc/logrotate.d/couchdb.tpl.in couchdb-1.2.0/etc/logrotate.d/couchdb.tpl.in +@@ -6,4 +6,6 @@ +compress +notifempty +missingok ++ su couchdb couchdb ++ create 0640 couchdb couchdb + } diff -Nur couchdb-1.2.0-1/debian/patches/series couchdb-1.2.0-3/debian/patches/series --- couchdb-1.2.0-1/debian/patches/series 2011-11-27 09:19:17.0 +0100 +++ couchdb-1.2.0-3/debian/patches/series 2012-11-20 21:35:33.0 +0100 @@ -1 +1,4 @@ force-reload.patch +couchdb_own_rundir.patch +logrotate_as_couchdb.patch +wait_for_couchdb_stop.patch diff -Nur couchdb-1.2.0-1/debian/patches/wait_for_couchdb_stop.patch couchdb-1.2.0-3/debian/patches/wait_for_couchdb_stop.patch --- couchdb-1.2.0-1/debian/patches/wait_for_couchdb_stop.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/wait_for_couchdb_stop.patch 2012-11-20 21:52:18.0 +0100 @@ -0,0 +1,20 @@ +Description: Wait for complete stop of CouchDB + Check if CouchDB is already stopped and wait for a second if not before + checking again. + . +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/692295 +Last-Update: 2012-11-20 +--- + +--- couchdb-1.2.0.orig/etc/init/couchdb.tpl.in couchdb-1.2.0/etc/init/couchdb.tpl.in +@@ -102,6 +102,8 @@ stop_couchdb
Bug#682172: unblock: couchdb/1.2.0-2
On Mon, 2012-11-12 at 21:28 +, Adam D. Barratt wrote: On Fri, 2012-10-12 at 05:22 +, Laszlo Boszormenyi (GCS) wrote: On Thu, 2012-10-11 at 23:18 +0200, Julien Cristau wrote: [ about CouchDB storing its PID file as root ] Ping. Is this getting fixed? Upstream knows about this issue, promised a fix which won't be easy as I can remember. Now they are busy with releasing 1.3.0 and a bugfix branch of 1.2.0 . Don't know exactly if it's included, but will ping them. Any news on that? Nope. :( Upstream is still busy on how 1.3.0 should be released. I don't get any answer as of yet. Asking about upload permission of -3 targeting Wheezy with the attached changes. Fixes four RC bugs. The first one is that couchdb needs some time to stop. Added three seconds wait time to stop in initscript and to postrm (the latter comes from Ubuntu). Otherwise couchdb can't be restarted and can't be purged. The rundir is now created with the help of 'install', only if it doesn't existed before. Last, but not least the logrotate configuration is fixed. Now creates and rotates logfiles as couchdb. Regards, Laszlo/GCS diff -Nur couchdb-1.2.0-1/debian/changelog couchdb-1.2.0-3/debian/changelog --- couchdb-1.2.0-1/debian/changelog 2012-06-29 20:31:16.0 +0200 +++ couchdb-1.2.0-3/debian/changelog 2012-11-18 21:11:08.0 +0100 @@ -1,3 +1,22 @@ +couchdb (1.2.0-3) unstable; urgency=low + + * Rework couchdb own run directory (updates: #652172). + * Wait a bit for complete stop of service (closes: #692295). + * Use couchdb user for logrotate (closes: #652172). + + [ Jason Gerard DeRose ] + * Added a short sleep delay in couchdb.postrm so couchdb is more likely to +have actually terminated by the time we `deluser couchdb`, which is needed +for `sudo apt-get purge couchdb` to work when couchdb is running + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Sun, 18 Nov 2012 12:24:24 +0100 + +couchdb (1.2.0-2) unstable; urgency=low + + * Make couchdb user own its run directory (closes: #681549). + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Thu, 19 Jul 2012 20:13:25 +0200 + couchdb (1.2.0-1) unstable; urgency=low * New major upstream release (closes: #672141). diff -Nur couchdb-1.2.0-1/debian/patches/couchdb_own_rundir.patch couchdb-1.2.0-3/debian/patches/couchdb_own_rundir.patch --- couchdb-1.2.0-1/debian/patches/couchdb_own_rundir.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/couchdb_own_rundir.patch 2012-11-18 21:32:47.696128156 +0100 @@ -0,0 +1,20 @@ +Description: Initscript creates RUN_DIR , make sure it's owned by couchdb + Use install to make COUCHDB_USER own the RUN_DIR being created. +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/681549 +Last-Update: 2012-11-18 + +--- + +--- couchdb-1.2.0.orig/etc/init/couchdb.tpl.in couchdb-1.2.0/etc/init/couchdb.tpl.in +@@ -83,7 +83,8 @@ run_command () { + start_couchdb () { + # Start Apache CouchDB as a background process. + +-mkdir -p $RUN_DIR ++test -e $RUN_DIR || \ ++install -m 755 -o $COUCHDB_USER -g $COUCHDB_USER -d $RUN_DIR + command=$COUCHDB -b + if test -n $COUCHDB_STDOUT_FILE; then + command=$command -o $COUCHDB_STDOUT_FILE diff -Nur couchdb-1.2.0-1/debian/patches/logrotate_as_couchdb.patch couchdb-1.2.0-3/debian/patches/logrotate_as_couchdb.patch --- couchdb-1.2.0-1/debian/patches/logrotate_as_couchdb.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/logrotate_as_couchdb.patch 2012-11-18 21:31:42.084124771 +0100 @@ -0,0 +1,16 @@ +Description: Use logrotate as couchdb user + Use su and create to make logfiles owned by couchdb +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/652172 +Last-Update: 2012-11-18 +--- + +--- couchdb-1.2.0.orig/etc/logrotate.d/couchdb.tpl.in couchdb-1.2.0/etc/logrotate.d/couchdb.tpl.in +@@ -6,4 +6,6 @@ +compress +notifempty +missingok ++ su couchdb couchdb ++ create 0640 couchdb couchdb + } diff -Nur couchdb-1.2.0-1/debian/patches/series couchdb-1.2.0-3/debian/patches/series --- couchdb-1.2.0-1/debian/patches/series 2011-11-27 09:19:17.0 +0100 +++ couchdb-1.2.0-3/debian/patches/series 2012-11-18 21:16:56.0 +0100 @@ -1 +1,4 @@ force-reload.patch +couchdb_own_rundir.patch +logrotate_as_couchdb.patch +wait_for_couchdb_stop.patch diff -Nur couchdb-1.2.0-1/debian/patches/wait_for_couchdb_stop.patch couchdb-1.2.0-3/debian/patches/wait_for_couchdb_stop.patch --- couchdb-1.2.0-1/debian/patches/wait_for_couchdb_stop.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0-3/debian/patches/wait_for_couchdb_stop.patch 2012-11-18 21:20:05.0 +0100 @@ -0,0 +1,17 @@ +Description: Wait three seconds to let couchdb really stop + As couchdb needs some time to stop, wait a bit for that. +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/692295 +Last
Bug#682172: unblock: couchdb/1.2.0-2
On Mon, 2012-11-19 at 01:56 +0100, Michael Biebl wrote: On 18.11.2012 21:42, Laszlo Boszormenyi (GCS) wrote: Fixes four RC bugs. The first one is that couchdb needs some time to stop. Added three seconds wait time to stop in initscript and to postrm (the latter comes from Ubuntu). Otherwise couchdb can't be restarted and can't be purged. Such sleeps are really icky. Who says 3 seconds are enough? That entirely depends on your hardware and in what situation your system is in (load, etc). If couchdb -d, which is used on stop, does not block until the server has been safely shutdown, then this needs to be fixed, properly. Agree. That's an other thing upstream should fix. However I don't think that would happen soon, at least not for Wheezy. I'll ask about it. Until then this sleep may fixes the majority (maybe all) of the problems. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1353287914.15123.279.camel@julia
Bug#682172: unblock: couchdb/1.2.0-2
On Thu, 2012-10-11 at 23:18 +0200, Julien Cristau wrote: [ about CouchDB storing its PID file as root ] Ping. Is this getting fixed? Upstream knows about this issue, promised a fix which won't be easy as I can remember. Now they are busy with releasing 1.3.0 and a bugfix branch of 1.2.0 . Don't know exactly if it's included, but will ping them. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1350019343.25403.12.camel@julia
Re: RFC: plan to NMU python-greenlet for Wheezy
On Thu, 2012-09-13 at 14:42 +0200, Mehdi Dogguy wrote: On 25/08/12 16:34, Laszlo Boszormenyi (GCS) wrote: I plan to take over of python-eventlet . It has a FTBFS bug[1] in Wheezy due to the bug in python-greenlet [2]. It is fixed, but not migrated to testing due to an other RC bug[3]. Tried to reach its maintainer, Örjan, but no success yet. As he is MIA for two hundred days, I plan to do an NMU targeting wheezy-proposed-updates. Would the Release Team let me to do this? The debdiff is attached. The debdiff looks okay, but what about #650293? Installed a Wheezy/i386 system and indeed, #650293 affects Wheezy. However, with the proposed debdiff python-greenlet fixes both bugs. The segmentation faults on i386 and python-eventlet will be buildable again. Örjan, do you allow me to add myself as the maintainer while you will remain as well and do a normal upload targeting Wheezy? Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1349806252.11633.227.camel@julia
Re: RFC: plan to NMU python-greenlet for Wheezy
On Mon, 2012-10-08 at 14:02 +0200, Mehdi Dogguy wrote: On 13/09/2012 14:42, Mehdi Dogguy wrote: On 25/08/12 16:34, Laszlo Boszormenyi (GCS) wrote: I plan to take over of python-eventlet . It has a FTBFS bug[1] in Wheezy due to the bug in python-greenlet [2]. It is fixed, but not migrated to testing due to an other RC bug[3]. Tried to reach its maintainer, Örjan, but no success yet. As he is MIA for two hundred days, I plan to do an NMU targeting wheezy-proposed-updates. The debdiff looks okay, but what about #650293? Ping? My fault, I was ill and it's just better. Will test it on i386 today or tomorrow. Just for the record, Örjan is available since then. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1349711092.11633.222.camel@julia
unblock: cvs2svn/2.3.0-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception thanks Hi Release Team, Previously cvs2svn tests were failing due to a subversion behavior change. The fix is from upstream[1] SVN r5381 . The debdiff is attached. Regards, Laszlo/GCS [1] http://cvs2svn.tigris.org/ds/viewMessage.do?dsForumId=1716dsMessageId=2950121 diff -u cvs2svn-2.3.0/debian/changelog cvs2svn-2.3.0/debian/changelog --- cvs2svn-2.3.0/debian/changelog +++ cvs2svn-2.3.0/debian/changelog @@ -1,3 +1,10 @@ +cvs2svn (2.3.0-3) unstable; urgency=low + + * Fix some test cases to deal with non-deterministic dump output +(closes: #665028), thanks to Salvatore Bonaccorso for the heads-up. + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Sat, 25 Aug 2012 13:21:49 +0200 + cvs2svn (2.3.0-2) unstable; urgency=low * Pass '--prefix=/usr' to 'setup.py install' needed for the upcoming Python diff -u cvs2svn-2.3.0/debian/rules cvs2svn-2.3.0/debian/rules --- cvs2svn-2.3.0/debian/rules +++ cvs2svn-2.3.0/debian/rules @@ -29,7 +29,8 @@ python setup.py clean # clean up - rm -rf $(CURDIR)/build/ $(CURDIR)/tmp/ $(CURDIR)/cvs2svn-tmp/ + rm -rf $(CURDIR)/build/ $(CURDIR)/tmp/ $(CURDIR)/cvs2svn-tmp/ \ + $(CURDIR)/svn-test-work/local_tmp/ rm -f $(CURDIR)/svntest/*.pyc \ $(CURDIR)/cvs2svn_rcsparse/*.pyc $(CURDIR)/cvs2svn_lib/*.pyc rm -rf $(CURDIR)/debian/locale/ only in patch2: unchanged: --- cvs2svn-2.3.0.orig/run-tests.py +++ cvs2svn-2.3.0/run-tests.py @@ -3174,19 +3174,15 @@ verify that --use-internal-co works rcs_conv = ensure_conversion( - 'main', args=['--use-rcs', '--default-eol=native'], + 'main', args=['--use-rcs', '--default-eol=native'], dumpfile='use-rcs-rcs.dump', ) conv = ensure_conversion( - 'main', args=['--default-eol=native'], + 'main', args=['--default-eol=native'], dumpfile='use-rcs-int.dump', ) if conv.output_found(r'WARNING\: internal problem\: leftover revisions'): raise Failure() - rcs_lines = run_program( - svntest.main.svnadmin_binary, None, 'dump', '-q', '-r', '1:HEAD', - rcs_conv.repos) - lines = run_program( - svntest.main.svnadmin_binary, None, 'dump', '-q', '-r', '1:HEAD', - conv.repos) + rcs_lines = list(open(rcs_conv.dumpfile, 'rb')) + lines = list(open(conv.dumpfile, 'rb')) # Compare all lines following the repository UUID: if lines[3:] != rcs_lines[3:]: raise Failure() @@ -3199,19 +3195,17 @@ rcs_conv = ensure_conversion( 'internal-co', args=['--use-rcs', '--exclude=BRANCH', '--default-eol=native'], + dumpfile='internal-co-exclude-rcs.dump', ) conv = ensure_conversion( 'internal-co', args=['--exclude=BRANCH', '--default-eol=native'], + dumpfile='internal-co-exclude-int.dump', ) if conv.output_found(r'WARNING\: internal problem\: leftover revisions'): raise Failure() - rcs_lines = run_program( - svntest.main.svnadmin_binary, None, 'dump', '-q', '-r', '1:HEAD', - rcs_conv.repos) - lines = run_program( - svntest.main.svnadmin_binary, None, 'dump', '-q', '-r', '1:HEAD', - conv.repos) + rcs_lines = list(open(rcs_conv.dumpfile, 'rb')) + lines = list(open(conv.dumpfile, 'rb')) # Compare all lines following the repository UUID: if lines[3:] != rcs_lines[3:]: raise Failure()
RFC: plan to NMU python-greenlet for Wheezy
Hi Release Team, I plan to take over of python-eventlet . It has a FTBFS bug[1] in Wheezy due to the bug in python-greenlet [2]. It is fixed, but not migrated to testing due to an other RC bug[3]. Tried to reach its maintainer, Örjan, but no success yet. As he is MIA for two hundred days, I plan to do an NMU targeting wheezy-proposed-updates. Would the Release Team let me to do this? The debdiff is attached. Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684852 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640577 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665890 diff -Nru python-greenlet-0.3.1/debian/changelog python-greenlet-0.3.1/debian/changelog --- python-greenlet-0.3.1/debian/changelog 2011-08-23 00:33:20.0 +0200 +++ python-greenlet-0.3.1/debian/changelog 2012-08-25 16:05:43.0 +0200 @@ -1,3 +1,12 @@ +python-greenlet (0.3.1-2.1) wheezy-proposed-updates; urgency=low + + * Non-maintainer upload. + * Add missing .egg-info file for Wheezy. + * Fix packaging SCM browser location. + * Fix copyright use template lintian error. + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Sat, 25 Aug 2012 15:52:00 +0200 + python-greenlet (0.3.1-2) unstable; urgency=low * Build for architecture any (Closes: #607805). diff -Nru python-greenlet-0.3.1/debian/control python-greenlet-0.3.1/debian/control --- python-greenlet-0.3.1/debian/control 2011-08-23 00:33:20.0 +0200 +++ python-greenlet-0.3.1/debian/control 2012-08-25 15:59:04.0 +0200 @@ -7,7 +7,7 @@ Standards-Version: 3.9.1 Section: python Homepage: http://pypi.python.org/pypi/greenlet -Vcs-Browser: http://git.42mm.org/?p=python-greenlet +Vcs-Browser: http://git.42mm.org/?p=python-greenlet.git Vcs-Git: git://git.42mm.org/git/python-greenlet Package: python-greenlet-dbg diff -Nru python-greenlet-0.3.1/debian/copyright python-greenlet-0.3.1/debian/copyright --- python-greenlet-0.3.1/debian/copyright 2011-08-23 00:33:20.0 +0200 +++ python-greenlet-0.3.1/debian/copyright 2012-08-25 16:03:48.0 +0200 @@ -4,7 +4,7 @@ It was downloaded from http://pypi.python.org/pypi/greenlet -Upstream Author(s): +Upstream Authors: Kyle Ambroff k...@ambroff.com Armin Rigo ar...@ulb.ac.be diff -Nru python-greenlet-0.3.1/debian/python-greenlet.install python-greenlet-0.3.1/debian/python-greenlet.install --- python-greenlet-0.3.1/debian/python-greenlet.install 2011-08-23 00:33:20.0 +0200 +++ python-greenlet-0.3.1/debian/python-greenlet.install 2012-08-25 15:54:37.0 +0200 @@ -1 +1,2 @@ usr/lib/python*/*-packages/*[!_][!_].so +usr/lib/python*/*-packages/*.egg-info
Bug#682172: unblock: couchdb/1.2.0-2
On Fri, 2012-07-27 at 22:55 +0200, Julien Cristau wrote: On Thu, Jul 19, 2012 at 23:43:56 +, Laszlo Boszormenyi (GCS) wrote: On new installs /var/run/couchdb is created to store the pidfile in, but as root:root . Then the couchdb user can't store its pid there, due to owner problems. Filed as important, but can be RC as couchdb fails to start if can't store the pidfile. The fix is oneliner: +++ couchdb-1.2.0/etc/init/couchdb.tpl.in mkdir -p $RUN_DIR +chown -R $COUCHDB_USER $RUN_DIR command=$COUCHDB -b Can't the pidfile be written to before dropping privs? chown -R feels rather ick, I can't see why the -R should be necessary and I can see a few ways it could be bad. Agree, -R can be problematic. What about [ -d $RUN_DIR ] || (mkdir -p $RUN_DIR; chown $COUCHDB_USER $RUN_DIR) ? It would change ownership only at creation time, own that dir only to $COUCHDB_USER . Doesn't change anything below that directory and in fact, after its creation it'll be empty anyway. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1345586876.14167.326.camel@julia
unblock: couchdb/1.2.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception thanks Hi, Please unblock couchdb/1.2.0-2 which fixes #681549 [1]. On new installs /var/run/couchdb is created to store the pidfile in, but as root:root . Then the couchdb user can't store its pid there, due to owner problems. Filed as important, but can be RC as couchdb fails to start if can't store the pidfile. The fix is oneliner: +++ couchdb-1.2.0/etc/init/couchdb.tpl.in mkdir -p $RUN_DIR +chown -R $COUCHDB_USER $RUN_DIR command=$COUCHDB -b But complete debdiff is attached. Thanks, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681549 diff -Nru couchdb-1.2.0/debian/changelog couchdb-1.2.0/debian/changelog --- couchdb-1.2.0/debian/changelog 2012-06-29 20:31:16.0 +0200 +++ couchdb-1.2.0/debian/changelog 2012-07-19 20:35:03.0 +0200 @@ -1,3 +1,9 @@ +couchdb (1.2.0-2) unstable; urgency=low + + * Make couchdb user own its run directory (closes: #681549). + + -- Laszlo Boszormenyi (GCS) g...@debian.hu Thu, 19 Jul 2012 20:13:25 +0200 + couchdb (1.2.0-1) unstable; urgency=low * New major upstream release (closes: #672141). diff -Nru couchdb-1.2.0/debian/patches/couchdb_own_rundir.patch couchdb-1.2.0/debian/patches/couchdb_own_rundir.patch --- couchdb-1.2.0/debian/patches/couchdb_own_rundir.patch 1970-01-01 01:00:00.0 +0100 +++ couchdb-1.2.0/debian/patches/couchdb_own_rundir.patch 2012-07-19 20:57:00.0 +0200 @@ -0,0 +1,18 @@ +Description: Initscript creates RUN_DIR , make sure it's owned by couchdb + Add chown after the mkdir to make COUCHDB_USER own the RUN_DIR being created. +Author: Laszlo Boszormenyi (GCS) g...@debian.hu +Bug-Debian: http://bugs.debian.org/681549 +Last-Update: 2012-07-19 + +--- + +--- couchdb-1.2.0.orig/etc/init/couchdb.tpl.in couchdb-1.2.0/etc/init/couchdb.tpl.in +@@ -84,6 +84,7 @@ start_couchdb () { + # Start Apache CouchDB as a background process. + + mkdir -p $RUN_DIR ++chown -R $COUCHDB_USER $RUN_DIR + command=$COUCHDB -b + if test -n $COUCHDB_STDOUT_FILE; then + command=$command -o $COUCHDB_STDOUT_FILE diff -Nru couchdb-1.2.0/debian/patches/series couchdb-1.2.0/debian/patches/series --- couchdb-1.2.0/debian/patches/series 2011-11-27 09:19:17.0 +0100 +++ couchdb-1.2.0/debian/patches/series 2012-07-19 20:46:55.0 +0200 @@ -1 +1,2 @@ force-reload.patch +couchdb_own_rundir.patch
Re: Collaborative maintenance of mime-support (was Re: Using FreeDesktop MIME entries directly in mime-support).
Answering to my own mail. On Tue, 2012-07-17 at 05:38 +, Laszlo Boszormenyi (GCS) wrote: On Tue, 2012-07-17 at 09:27 +0900, Charles Plessy wrote: 2) Install in Alioth's collab-maint a git repository made with the --debsnap option of git-import-dscs, unless we try to go deeper in time ? Set up commits emails to go to the PTS. I've created an empty git collab-maint repository on Alioth, still not visible over the web interface. As I know, it just need some time. It is now visible: http://anonscm.debian.org/gitweb/?p=collab-maint/mime-support.git;a=summary Empty at the moment. I used git-debimport , the result is at GitHub for review: https://github.com/gcsideal/mime-support If it's OK, I'll rebase to git.debian.org . Regards, Laszlo/GCS signature.asc Description: This is a digitally signed message part
Re: Using FreeDesktop MIME entries directly in mime-support (Re: Fixing the mime horror ini Debian).
Hi Cyril, On Mon, 2012-07-16 at 22:49 +0200, Cyril Brulebois wrote: Charles Plessy ple...@debian.org (16/07/2012): If nobody else volunteers, I propose to start a maintenance group for the mime-support package, that I would store in a Git repository on Alioth's collab-maint group. Just for the record, Charles has an advanced knowledge regarding MIME in general. Hope we can work together. I think that's a perfect use case for collab-maint. László, do you really need a dedicated group for that? My intention was to limit people who can commit to mime-support. It seems there are multiple viewpoints for example about application/x-httpd-* types. One may do more harm with a commit if not consulted by a group of more advanced people. But I'm fine with normal collab-maint as well if you and Charles would like that. Cheers, Laszlo/GCS signature.asc Description: This is a digitally signed message part
Re: Using FreeDesktop MIME entries directly in mime-support (Re: Fixing the mime horror ini Debian).
On Mon, 2012-07-16 at 23:35 +0200, Cyril Brulebois wrote: Laszlo Boszormenyi (GCS) g...@debian.org (16/07/2012): My intention was to limit people who can commit to mime-support. It seems there are multiple viewpoints for example about application/x-httpd-* types. One may do more harm with a commit if not consulted by a group of more advanced people. But I'm fine with normal collab-maint as well if you and Charles would like that. As someone processing alioth-related requests, I would find it nice to use collab-maint for such projects; but I'm willing to hear about arguments against that. As a random developer, I would really hate to see people fight through commits. In case that would happen, I think that can be fixed, IIRC collab-maint has some abuse clauses or something similar. (IOW: I'm not convinced you need a dedicated group; quite the contrary.) I already wrote my reason and that a normal collab-maint place is fine with me. So I just need to login to git.debian.org and create a repository under /git/collab-maint/ right? Charles, I would add myself as Maintainer and you as an uploader or the vica-versa whichever suits you better. Is this OK with you? Regards, Laszlo/GCS signature.asc Description: This is a digitally signed message part
Re: Collaborative maintenance of mime-support (was Re: Using FreeDesktop MIME entries directly in mime-support).
On Tue, 2012-07-17 at 09:27 +0900, Charles Plessy wrote: how about the following (inspired by http://dep.debian.net/deps/dep2/) Maintainer: mime-supp...@packages.debian.org Uploaders: Laszlo Boszormenyi (GCS) g...@debian.org, Charles Plessy ple...@debian.org, Hope Brian will also join. May we add you? I propose the following action plan. 0) We subscribe to the PTS (done for me). For me as well, I assume Brian is also subscribed. 1) Upload to experimental an adopted package with the updated maintainer and uploaders list, the VCS fields updated, and the patch for #497779 applied. +1 2) Install in Alioth's collab-maint a git repository made with the --debsnap option of git-import-dscs, unless we try to go deeper in time ? Set up commits emails to go to the PTS. I've created an empty git collab-maint repository on Alioth, still not visible over the web interface. As I know, it just need some time. Made the config to send commits to the PTS. So, how deep should be the package import? The full history from snapshot.debian.org or just the last upload is enough? We will have the file history, but not the comment why happened and what. 3) Make crystal clear in the source package's READMEs that uncoordinated commits are an abuse of the collab-maint Alioth group. But perhaps we can allow developers to create topic branches related to bugs in the BTS if they like ? +1 , but I assume you know that others may create free and public git trees elsewhere, for example on GitHub. They may send a merge request when their work is done. The tree is still visible, separated and can be merged if needed. 4) Postpone any other change on the main branch until either #681687 (tech. comittee) is solved or Wheezy released. +1 Lastly, I would like to thank Brian for his impressively 16-years long work on mime-support. Brian, feel free to stay among the uploaders ! I join as well. Thanks Brian for your previous work! Hope you will be still close to the package and the recent events don't turn you down. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1342503504.8460.88.camel@julia
Re: (cryptmount #672678) unmet dependency on libdevmapper
Hi all, On Thu, 2012-05-24 at 02:50 +0300, Touko Korpela wrote: On Wed, May 23, 2012 at 11:31:33PM +0300, Touko Korpela wrote: This bug blocks lvm2 from migrating to testing. Maybe cryptmount should temporarily removed from testing? Or are tools wrong, and lvm2 update don't make situation any worse than it's now? Has release managers opinion about this? I'm the sponsor of Richard, the maintainer of cryptmount. He has fixed this issue some days ago and asked me about to upload that. However it changes old debian/copyright entries. He changes the 'closes: #xxx reason' lines to 'reason, closes: #xxx' ones. It's a bit unclear for me if it's advised or not. Can't recall any policy about this, but AFAICR, it should not be changed. In short, may I upload the package despite the altering of changelog wording? Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1337884100.29140.14.camel@julia
Bug#664078: transition: tokyocabinet
Hi Julien, On Sun, 2012-04-29 at 19:05 +0200, Julien Cristau wrote: On Wed, Apr 11, 2012 at 08:07:54 +0200, Tobias Frost wrote: seems that bogofilter can be fixed soon, it seems that Steven found an workaround in the sqlite3 library. (See #665363) What's up with that? The bug lies in SQLite3, in commit 2e8ab3cedf [1]. As src/mem1.c adds malloc_usable_size() to sqlite3MemSize() to get the available memory to use. On my amd64 system, malloc() calls are rounded up to n*24 bytes and that size may be usable. However as the manpage states: Returns the number of bytes available in the dynamically allocated buffer ptr, which may be greater than the requested size (but is guaranteed to be at least as large, if the request was successful). Typically, you should store the requested allocation size rather than use this function. So in general nothing is wrong if you use the size reported by this function. However when you set MALLOC_CHECK_ to 1 or 2, glibc enforces the requested size. This is where the problem lies. SQLite3 use the memory normally, a bit larger size than originally requested but not more than the maximum available. This is normal and doesn't cause memory corruption. But when asked via the MALLOC_CHECK_ setting, glibc detects the difference and issue a warning only (=1) or aborts (=2). Bogofilter asks for this check in src/tests/t.frame in line 173 and 174. It may be debatable where to fix this. Do not set glibc malloc enforcement in Bogofilter or disable this memory use in SQLite3 itself. Let's go on with the latter. By the way, attached a small example that demonstrates this problem on 64 bit archs. Compile with 'gcc -o check check.c' and run check with MALLOC_CHECK_ set to 0 and later set to 2. Regards, Laszlo/GCS [1] http://www.sqlite.org/src/info/2e8ab3cedf #include stdio.h #include stdlib.h #include malloc.h #include string.h int main(void) { void *p = NULL; size_t size = 7; /* allocate a small size of memory and inform the user */ printf(Size to malloc(): %u\n, size); p = malloc(size); /* check how much memory we got */ size = malloc_usable_size(p); printf(Size reported by malloc_usable_size(): %u\n, size); /* use that memory */ memset(p, 0x0, size); /* we don't need the memory anymore */ free(p); /* just inform the user about the exit */ printf(Program ends normally.\n); return 0; }
Re: binNMU sqlite3 and vice compilation on i386
On Wed, 2011-12-07 at 09:29 +0100, Julien Cristau wrote: On Wed, Dec 7, 2011 at 07:19:54 +0100, Laszlo Boszormenyi wrote: I got a bugreport against SQLite3 Tcl bindings that it can't be loaded, see #650961 [1]. Indeed, the line which loads it is missing from its pkgIndex.tcl file. I've checked and it's missing on all archs, including kfreebsd-* ones. I've no idea how this happened, but a simple rebuilding fix this. Please schedule +b1 on all archs. I'd prefer to know why it happened before I do that. Tried to guess it, but no luck. There were no tcl8.5 upload around that time. It couldn't be my pbuilder environment as it's missing on all archs. Thus buildds made the same mistake. The person filed the bug, confirms that a simple rebuild fixes this issue. Did the rebuild in my pbuilder environment and it's also fixes the bug. On Sun, 2011-12-18 at 14:52 +, Adam D. Barratt wrote: Ping? I'm not at home but in the Alps and my internet possibilities are weak. Will arrive back on the 30th. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1324782867.7517.27.ca...@julia.gcs.org.hu
binNMU sqlite3 and vice compilation on i386
Hi Release Team! I got a bugreport against SQLite3 Tcl bindings that it can't be loaded, see #650961 [1]. Indeed, the line which loads it is missing from its pkgIndex.tcl file. I've checked and it's missing on all archs, including kfreebsd-* ones. I've no idea how this happened, but a simple rebuilding fix this. Please schedule +b1 on all archs. What's the minimum processor requirements that we support on i386? An other bugreport, #651246 [2] shows that the murphy buildd compiled a code which does not run on all x86 CPU. What can I do with this bugreport? Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650961 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651246 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1323238794.19746.47.ca...@julia.gcs.org.hu
Bug#630251: [Fwd: Bug#630251: patch for proposed updates / rdesktop sometimes fails to transfer files from win2k8]
Hi Adam, On Mon, 2011-06-13 at 20:48 +0100, Adam D. Barratt wrote: On Sun, 2011-06-12 at 20:09 +0200, Andreas Barth wrote: some programms make rdesktop to fail to keep up the directory forwarding to an win 2k8-server. Please see http://sourceforge.net/tracker/?func=detailaid=2812158group_id=24366atid=381349 for the bug, the fix is as follows: --- rdesktop-1.6.0.orig/disk.c 2009-06-19 09:06:27.0 -0400 +++ rdesktop-1.6.0/disk.c 2009-06-25 09:40:44.0 -0400 @@ -1096,10 +1101,24 @@ [...] This is nearly, but not quite, the same as the corresponding code in the current rdesktop package in unstable. Other than the printf(), the difference is that where the proposed fix has: + out_uint32_le(out, stat_fs.f_blocks); /* TotalAllocationUnits */ + out_uint32_le(out, 0); + out_uint32_le(out, stat_fs.f_bavail); /* CallerAvailableAllocationUnits */ + out_uint32_le(out, 0); the package in unstable has: out_uint32_le(out, stat_fs.f_blocks); /* Total allocation units low */ out_uint32_le(out, 0); /* Total allocation units high */ out_uint32_le(out, stat_fs.f_blocks); /* Caller allocation units low */ out_uint32_le(out, 0); /* Caller allocation units high */ I've CCed the rdesktop maintainers for any comments they might have. IMHO the former one is the correct, the changes in unstable seem to have a copypaste bug. stat_fs.f_blocks may has nothing to do with 'caller allocation units low'. Will ask upstream soon. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1308110821.4635.53.ca...@julia.gcs.org.hu
intend to remove sqlite package
Hi Release Team, For a long time, sqlite is not maintained by upstream. It is not even buildable anymore[1]. I don't want to carry it anymore. The following packages depends on it: kolab-webclient sympa serendipity roundcube-sqlite qsf phpbb3 pdns-backend-sqlite movabletype-opensource lire imms-common csync2 beancounter bacula-director-sqlite ansel1 For example, bacula can drop it and serendipity can switch to sqlite3 as I see. I need to investigate each package, but first I need the approval of the Release Team. Is it OK to start it right now or should I wait for something? Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618154 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1300217337.22284.17.ca...@julia.gcs.org.hu
Re: intend to remove sqlite package
On Tue, 2011-03-15 at 21:17 +0100, Julien Cristau wrote: On Tue, Mar 15, 2011 at 20:28:57 +0100, Laszlo Boszormenyi wrote: I need to investigate each package, but first I need the approval of the Release Team. I'm not following. Why would we need to be involved at this point? Not to crash with other transitions; the release team may would like to save sqlite; it may force other packages to be removed if they have no sqlite3 possibilities. OK, sorry for the noise; will file related bugs tomorrow. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1300223352.22284.26.ca...@julia.gcs.org.hu
Bug#611838: unblock: syslog-ng/3.1.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock syslog-ng 3.1.3-3 which fixes a grave bug with created directory and unix stream uid/gid are not set correctly. The patches are created by Zbigniew Krzystolik for PLD Linux and accepted by upstream[1][2]. They are backported for the version being in Debian. Thanks, Laszlo/GCS [1] http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commitdiff;h=967b1720c8487f3cbe49292c7e5ed3b871ab2de5 [2] http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commitdiff;h=abce2bfa9c59b4290609056da590277c1a8e50f9 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1296671687.3816.108.ca...@julia.gcs.org.hu
Re: RFC: syslog-ng #608791 and future unblock request
On Sun, 2011-01-30 at 19:53 +0100, Julien Cristau wrote: On Sat, Jan 29, 2011 at 18:28:53 +0100, Laszlo Boszormenyi wrote: There's a bug, #608791 [1] in syslog-ng, which I'd like to fix for Squeeze. If you ask for automated directory creation then its uid and gid settings are not working, but set to root:root. The problem is, the corresponding capabilities are not set for the process before fchown() calls. It's too late for severity:normal bug fixes at this point, sorry. It's set to normal and while it's not rc, I think it's important. Makes logging and/or log processing impossible if owner and group can not be set for log directories. Cheers, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1296414925.28241.126.ca...@julia.gcs.org.hu
RFC: syslog-ng #608791 and future unblock request
Hi Release Team! There's a bug, #608791 [1] in syslog-ng, which I'd like to fix for Squeeze. If you ask for automated directory creation then its uid and gid settings are not working, but set to root:root. The problem is, the corresponding capabilities are not set for the process before fchown() calls. I could solve this with the following patch. --- syslog-ng-3.1.3.orig/src/misc.c +++ syslog-ng-3.1.3/src/misc.c @@ -24,6 +24,7 @@ #include misc.h #include dnscache.h #include messages.h +#include gprocess.h #include sys/types.h #include sys/socket.h @@ -368,6 +369,7 @@ create_containing_directory(gchar *name, struct stat st; gint rc; gchar *p; + cap_t saved_caps; /* check that the directory exists */ dirname = g_path_get_dirname(name); @@ -401,12 +403,16 @@ create_containing_directory(gchar *name, { if (mkdir(name, dir_mode 0 ? 0700 : (mode_t) dir_mode) == -1) return FALSE; + saved_caps = g_process_cap_save(); + g_process_cap_modify(CAP_CHOWN, TRUE); + g_process_cap_modify(CAP_FOWNER, TRUE); if (dir_uid = 0) chown(name, (uid_t) dir_uid, -1); if (dir_gid = 0) chown(name, -1, (gid_t) dir_gid); if (dir_mode = 0) chmod(name, (mode_t) dir_mode); + g_process_cap_restore(saved_caps); } *p = '/'; p = strchr(p + 1, '/'); This way, I've to link pdbtool with libcap, so adding @DEPS_LIBS@ for it in Makefile.am is also necessary. Upstream support solved it a bit different. diff --git a/src/affile.c b/src/affile.c index b5e1bef..df79029 100644 --- a/src/affile.c +++ b/src/affile.c @@ -55,10 +55,20 @@ affile_open_file(gchar *name, gint flags, return FALSE; } - if (create_dirs !create_containing_directory(name, dir_uid, dir_gid, dir_mode)) -return FALSE; - saved_caps = g_process_cap_save(); + if (create_dirs) +{ + g_process_cap_modify(CAP_CHOWN, TRUE); + g_process_cap_modify(CAP_FOWNER, TRUE); + + if (!create_containing_directory(name, dir_uid, dir_gid, dir_mode)) + { + g_process_cap_restore(saved_caps); + return FALSE; + } + g_process_cap_restore(saved_caps); +} + if (privileged) { g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE); This way no extra linking is necessary, but the capabilities used for a slightly more time and even when dir_owner() and dir_group() are not set. Support ACK that my solution is better even for the extra linking. The bad news is that we still couldn't get feedback from the real upstream author of syslog-ng. If you accept it, which patch should I use and where should I upload? Can it go for t-p-u or via Sid maybe with priority=medium? Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608791 signature.asc Description: This is a digitally signed message part
Re: Your recent sqlite3 and neon27 uploads
On Fri, 2010-12-17 at 22:58 +, Adam D. Barratt wrote: Or I might just have confused myself instead *sigh* If you were suggesting uploading 0.29.5-2 with the shlibs change to use 0.29.3 and then leaving it in unstable and 0.29.3 in squeeze then yes, that would be fine. Please give a quick look at the package[1] or review the debdiff[2]. Adam (who promises to stop replying to himself, at least for tonight) No worries and sorry for the delay. I was abroad and later I didn't feel very good. If you allow this, I'll upload ASAP. Laszlo/GCS [1] http://www.routers.hu/gcs/neon27_0.29.5-2.dsc [2] http://www.routers.hu/gcs/neon27.diff -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1292962436.25876.62.ca...@julia.gcs.org.hu
Re: Your recent sqlite3 and neon27 uploads
Hi Adam, On Thu, 2010-12-16 at 19:21 +, Adam D. Barratt wrote: On Mon, 2010-12-13 at 22:48 +0100, Laszlo Boszormenyi wrote: [ about neon27 packages ] It doesn't *just* contain the fixes which were previously backported though, there are code changes included which were not present in 0.29.3-3. From a quick look, I'm not immediately convinced that those code changes are RC; the moving of the patches in to the upstream code certainly isn't. There are changes for win32 and Solaris; the changelog says: Fix possible Solaris linker errors if building static library Win32: Fix Kerberos authentication support with SSPI (Danil Shopyrin) Further fix for SSPI support on Win32 (Danil Shopyrin) Also fixes the following: Fix error handling when pulling a request body from an file (thanks to Lou Montulli) Fix ne_request_dispatch() return value for SOCKS proxy failure cases Tighten SSL cert ID checks to deny a wildcard match against an IP address The latter can be important, but I agree that other OSes fixes are not. The bigger issue is that because neon27 calls dh_makeshlibs with -V, the shlibs are bumped with every upload even if it's not necessary. Will remove that switch. Looking forward to hearing your thoughts on where we go from here. We've two routes. For the first and very last time, you let neon27 to go into Squeeze and I won't upload anything during freeze without asking and confirmation now and ever. Second, I upload a new neon27 package, with patches that back out all unrelated changes. In short, I make a v0.29.3 + previously backported changes from the v0.29.5 tree. If I should go this route, may I name it 0.29.5-1really0.29.3 ? BTW, I'm subscribed to the list and no need to Cc. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1292578278.3920.267.ca...@julia.gcs.org.hu
Re: Your recent sqlite3 and neon27 uploads
Hi Adam, On Fri, 2010-12-17 at 20:10 +, Adam D. Barratt wrote: The package descriptions of libneon27{,-gnutls} say WARNING: THE NEON API IS NOT YET STABLE so removing the versioning entirely might not be a good idea; on the basis that there don't appear to have been any obvious API changes since the version currently in squeeze, [...] This sounds like a very strict warning. The full story continues as: The neon API is subject to backwards-incompatible change over minor versions (0.24.x - 0.25.x) but is stable across patch releases (0.24.0 - 0.24.x). It's not completely true for a while now. The API changed since 0.24.0 to 0.25.0 and to 0.26.0 ... That's why there were neon24, neon25 and neon26 packages. As of 0.27.0, the API remained exactly the same to 0.28.0 and 0.29.0 even and still it is as 0.29.5 . how about something like: You mean leave 0.29.5 in the archive as is, but with shlibs as 0.29.3 ? Like I prepared the package[1] and as debdiff[2] shows? The usual approach is to re-upload the earlier upstream source using a version number such 0.29.5really0.29.3, making the binary 0.29.5really0.29.3-1. If I'm mistaken with the above, will do it ASAP; but please give me a day. Regards, Laszlo/GCS [1] dget http://www.routers.hu/gcs/neon27_0.29.5-2.dsc [2] http://www.routers.hu/gcs/neon27.diff -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1292621489.3920.307.ca...@julia.gcs.org.hu
Re: Your recent sqlite3 and neon27 uploads
Hi Adam, On Mon, 2010-12-13 at 21:30 +, Adam D. Barratt wrote: I noticed that you've recently uploaded new upstream versions of sqlite3 and neon27 to unstable. Were either of these uploads targetted at Squeeze? Yes, both. The easiest is neon27, which is a clean upload of the previous one which contained the fixes as backported patches. About sqlite3: it fixes important bugs like memory leaks[1][2][3][4][5], a segfault[6], a maybe memory leak[7] and a buffer overread[8] among others. Regards, Laszlo/GCS [1] http://www.sqlite.org/src/info/a04e42a3fc [2] http://www.sqlite.org/src/info/860399cc40 [3] http://www.sqlite.org/src/info/d3c95e3a4e [4] http://www.sqlite.org/src/info/1d17e3dc83 [5] http://www.sqlite.org/src/info/507027b70f [6] http://www.sqlite.org/src/info/f91471e723 [7] http://www.sqlite.org/src/info/d3c95e3a4e [8] http://www.sqlite.org/src/info/84194c4195 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1292276931.25794.64.ca...@julia.gcs.org.hu
Bug#605494: unblock: syslog-ng/3.1.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock syslog-ng 3.1.3-1 to Squeeze. It's an important bugfix only release from upstream. Fixes #603617 which make it able to parse the configuration file version correctly. Includes the following fixes as well[1]: test_csvparser: added testcase to cover empty values LogWriter: set msg_context to NULL in case of the failure path fixed compilation warning Limited number of hexadecimal and octal digits interpreted as one character fixed global configuration object possible use after free problem [logreader] Request a reopen if the FD is stale. logwriter flush (on exit) Fixed default permission if the opened file didn't exist Fixed a typo of octal value encoding Check in solaris 10 if syslog-ng really running, not just have left it's pidfile. cfg-lex.l: fixed hexadecimal number processing and added \xFF format character literals templates: make it possible to include a literal '$' in the template LogSource: the window size of source connections was messed up if a new connection was established afinter: fixed possible flow-control problem config file: accept 3.1 as a config version (or any other similarly well formatted value) fixed program_override() setting afsql: fix port() option mark_freq: fixed 100% CPU usage when mark_freq() is changed to 0 during a SIGHUP csvparser: remove the need to explicitly specify an escaping mode Regards, Laszlo/GCS [1] http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=shortlog -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1291136742.14018.120.ca...@julia.gcs.org.hu
RFC: syslog-ng important bugfix release
Hi Release Team, syslog-ng upstream, There are some critical bugfixes released as syslog-ng v3.1.3 from upstream. None of them are reported to our BTS, but the changelog follows: test_csvparser: added testcase to cover empty values LogWriter: set msg_context to NULL in case of the failure path fixed compilation warning Limited number of hexadecimal and octal digits interpreted as one character fixed global configuration object possible use after free problem [logreader] Request a reopen if the FD is stale. logwriter flush (on exit) Fixed default permission if the opened file didn't exist Fixed a typo of octal value encoding Check in solaris 10 if syslog-ng really running, not just have left it's pidfile. cfg-lex.l: fixed hexadecimal number processing and added \xFF format character literals templates: make it possible to include a literal '$' in the template LogSource: the window size of source connections was messed up if a new connection was established afinter: fixed possible flow-control problem config file: accept 3.1 as a config version (or any other similarly well formatted value) fixed program_override() setting afsql: fix port() option mark_freq: fixed 100% CPU usage when mark_freq() is changed to 0 during a SIGHUP csvparser: remove the need to explicitly specify an escaping mode Upstream commits can be checked in their git repository[1]. Would you allow its transition to Squeeze if uploaded or should I somehow cherry pick the most critical changes and put them as patches to the v3.1.2 release in testing? Regards, Laszlo/GCS [1] http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=shortlog -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1290574604.30225.148.ca...@julia.gcs.org.hu
Bug#602707: unblock: syslog-ng/3.1.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock syslog-ng 3.1.2-2 , which fixes an initscript bug[1] on reload. The diff is small: --- debian/syslog-ng.init 2010-08-04 21:12:39.0 +0200 +++ debian/syslog-ng.init 2010-11-04 19:15:31.0 +0100 @@ -91,7 +91,7 @@ if $SYSLOGNG -s $SYSLOGNG_OPTS then start-stop-daemon --stop --signal 1 --quiet --exec $SYSLOGNG \ ---pidfile $PIDFILE $SYSLOGNG_OPTS +--pidfile $PIDFILE RET=$? log_end_msg $RET return $RET Thanks, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599276 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1289134812.23986.192.ca...@julia.gcs.org.hu
Bug#602530: unblock: neon27/0.29.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock neon27 , which fixes #480041 [1] , an SSL cert failure with the patch that got accepted upstream. It's simple, it repeats GnuTLS handshake while it needs to be retried: --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -1789,7 +1789,9 @@ } sock-ops = iofns_ssl; -ret = gnutls_handshake(sock-ssl); +do { +ret = gnutls_handshake(sock-ssl); +} while (RETRY_GNUTLS(sock, ret)); if (ret 0) { error_gnutls(sock, ret); return NE_SOCK_ERROR; Thanks, Laszlo/GCS [1] http://bugs.debian.org/480041 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1288976603.23986.75.ca...@julia.gcs.org.hu
Re: RFC: SQLite3 in Squeeze
Hi Julien, On Mon, 2010-08-30 at 11:00 +0200, Julien Cristau wrote: On Thu, Aug 26, 2010 at 00:21:14 +0200, Laszlo Boszormenyi wrote: Please note that upstream recently fixed a segfault bug[2] and when the former bug[1] will be fixed, I'll ask for its freeze exception as well. Is there any chance of that happening this week? We're getting packages stuck behind sqlite3 in unstable. It's a very good question. I supplied upstream a test case, got a reply that they are working on it and DRH gave me a Banshee side workaround. Later, as I couldn't see any progress, pinged them. No answer so far. :-( I think v3.7.2-1 should migrate to Squeeze ASAP as it fixes a regression and two database corruption issues. Also, the lag could be migrated to Squeeze as well. When 3.7.3 will be released, I'll upload it and ask for an other unfreeze request. It'll be an important release as well, fixing at least a segfault and a memory leak among other bugfixes. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1283182786.8165.49.ca...@julia.gcs.org.hu
Re: RFC: SQLite3 in Squeeze
Hi Salvatore, On Wed, 2010-08-25 at 23:30 +0200, Salvatore Bonaccorso wrote: Are there plans to the 3.7.2 to be in squeeze? Definitely. Version 3.7.2 fixes a database corruption, v3.7.1 fixes a regression issue and v3.7.0.1 fixes another database corruption. Thus hereby I ask the release team to allow v3.7.2 into Squeeze. I know, #591298 [1] is still not fixed, but the previous ones warrant an update. I don't know when the latter will be fixed; I gave a working test case to upstream and they said that they are working on it. Please note that upstream recently fixed a segfault bug[2] and when the former bug[1] will be fixed, I'll ask for its freeze exception as well. Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591298 [2] http://www.sqlite.org/src/info/7f2f71cc9e3c39093f09231f44 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1282774874.8165.27.ca...@julia.gcs.org.hu
Re: RFC: SQLite3 in Squeeze
On Wed, 2010-08-18 at 16:53 +0200, Mehdi Dogguy wrote: On 08/18/2010 04:34 PM, Julien Cristau wrote: Sounds like we should go back to 3.6.x in testing and sid. If we go that way, we will have to rebuild some packages [1] (red ones). I think we should run forward and ship the upcoming v3.7.1 with Squeeze. On Wed, 2010-08-18 at 12:57 +0900, Ansgar Burchardt wrote: This might also be the cause of failures in the test suite of libdbd-sqlite3-perl (#59 [0]): [...] [0] http://bugs.debian.org/59 It is, at least it builds with sqlite3 version 3.6.23.1 in the same environment. On the other hand, I have found a slowness and can reproduce it with a test case. Contacted upstream and waiting for an answer. On Wed, 2010-08-18 at 19:10 +0200, Mike Hommey wrote: If only sqlite had a symbols file... Will have. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1282380361.3511.355.ca...@julia.gcs.org.hu
RFC: SQLite3 in Squeeze
Hi Release Team, There's a problem with SQLite3 3.7.0 in Squeeze. The version in testing (3.6.23.1-4) was suitable to release. Next major upstream version (3.7.0) was released, which was uploaded to unstable. Then freeze happened. The latest release came with problems, like slow song change with Banshee (reported as #591298 [1]). In that bugreport I noted that v3.7.0 has a database corruption issue as well and I'm waiting for v3.7.0.1 to be released. Then I had to travel for some days. The bad thing is, that Iain Lane was so disappointed with the slow Banshee song change that he prepared an NMU of SQLite3 with a backported fix of that slowness. Julien Cristau uploaded his NMU, with high urgency. Both of them ignored the fact that there's an unfixed database corruption issue in that NMU. The bad thing is, somehow 3.7.0-1.1 migrated to Squeeze, even if it was not affected by this bug. As 3.7.0.1 was released (fixing an other performance regression and the potential database corruption), I have uploaded it to unstable and it's ready to migrate. The problem is, the performance regression hit by Banshee is still present. While it would be good to have 3.7.0.1-1 in testing, it's still not suitable to release because of the latter problem. What should I do? I don't have package version 3.6.23.1-4 anymore and I don't know when this bug will be fixed or if it will be easily backportable. Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591298 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1282067389.3511.266.ca...@julia.gcs.org.hu
please hint sqlite3 3.5.9-6
Hi Release Team, Please hint sqlite3 3.5.9-6 into Lenny. The only change is below, fixes #502370 [1], which was filed as serious. The fix is uploaded on January 21st. Fixes the upgrade problem which may happen if a newer sqlite3 binary would use an old and incompatible version of its library. --- sqlite3-3.5.9/debian/control2009-02-11 20:15:40.0 + +++ sqlite3-3.5.9/debian/control2009-02-11 20:15:42.0 + @@ -22,7 +22,7 @@ Package: sqlite3 Section: misc Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, libsqlite3-0 (= ${binary:Version}) Suggests: sqlite3-doc Description: A command line interface for SQLite 3 SQLite is a C library that implements an SQL database engine. Thanks, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502370 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
unblock request for sqlite3 3.5.9-5
Hi, Please unblock sqlite3 3.5.9-5 . This fixes two RC bugs, #488864 [1] and #500792 [2]. The former is NaN handling on i386, causing divisions returning incorrect results. The latter is a bug in distinct usage on indexes. Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488864 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500792 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unblock request for rdesktop and linux-patch-grsecurity2
Dear Release-Team, Hereby I'm asking for unblock request for rdesktop 1.6.0-2 and linux-patch-grsecurity2 2.1.12+2.6.26.2+200808091136-1 . The rdesktop package is now compiled with IPv6 support which would be very good to have for reaching Vista boxes and other IPv6 hosts. Its in Sid for two weeks, no new bug reported. Other changes include removed obsolete x-dev build dependency, policy 10.1 conformance (don't strip binaries if nostrip specified in DEB_BUILD_OPTIONS) and update to Standards-Version 3.8.0 . About linux-patch-grsecurity2 : It contains an updated patchset for Lenny 2.6.26 kernels as Moritz recommended. Also updated Japanese debconf translation. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
please unblock neon27 0.28.2-4
Hi Release Team, Please do unblock neon27 0.28.2-4 , it fixes a security issue, CVE-2008-3746 . It contains other backported fixes from upstream 0.28.3: - fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash); - distinguish the error message for an SSL handshake which fails after a client cert was requested; - proper casts for safe and warning free compilation on LFS archs. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
upload of sqlite3 3.5.8-2
Hi, Upstream source changed from time to time and I still missed to re-enable load extension support. It is not part of the core/public API, still some package may use it. Currently two bugs filed against it, the severity of the former[1] is serious, the latter[2] shows the diff to enable it again. I need to specify --enable-load-extension in DEB_CONFIGURE_EXTRA_FLAGS . This upload affects the python2.5 transition, but without this upload it will block the transition (the former bugreport will prevent sqlite3 to enter Lenny). As the change is minimal and load extension was always enabled it won't cause any trouble. As the previous upload is fresh, it won't even make the transition notably slower. Please allow its upload. Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478337 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475084 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
intend to hijack GnuPG
Hi Release Team, I intend to hijack GnuPG[1], but as it builds an udeb and has priority important, I ask if the Release Team allow it. James seems to be MIA more than six months ago: activity-pgp:[Mon, 22 Oct 2007 23:02:33] 9BF0 93BC 475B ABF8 B6AE A5F6 D7C3 F131 AB2A 91F5 [EMAIL PROTECTED] archive/latest/102479 [EMAIL PROTECTED] activity-from:[Wed, 05 Sep 2007 19:44:23] James Troup [EMAIL PROTECTED] [EMAIL PROTECTED] archive/latest/167709 [EMAIL PROTECTED] Various people can't reach him[2]. On the other hand, he seems to be active on Ubuntu[3], he joined to Launchpad security this january at least. Moritz Muehlenhoff noted[4] that it should be hijacked and get in shape for Lenny. Thus I have created a preliminary package[5] which fixes some important bugs and get v1.4.9 to the archive. Does the Release Team allow this hijack, should I upload it as an NMU instead or just leave it alone? Regards, Laszlo/GCS [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476418 [2] http://lists.debian.org/debian-devel/2008/04/msg00476.html [3] https://launchpad.net/~elmo [4] http://lists.debian.org/debian-devel/2008/04/msg00517.html [5] dget http://www.routers.hu/gcs/gnupg_1.4.9-1.dsc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hint for vice/1.22-2
Hi Steve, On Sat, 2008-01-12 at 13:30 -0800, Steve Langasek wrote: On Sat, Jan 12, 2008 at 09:26:59PM +0100, Laszlo Boszormenyi wrote: That's not how hinting works. Thought so, but couldn't get porters to remove the false dependency. But that seems unlikely to happen, since you've removed s390 and sparc from the architecture list for this package for reasons completely unrelated to portability. If you need help getting action taken regarding a wrong dep-wait on a buildd, please ask debian-release -- but don't just decide to stop supporting an architecture. OK, please remove false liblame-dev dependency from m68k (sparc seems to be removed meanwhile). s390 may be a different matter since the package has been marked Not-for-us (grumble) by the buildd maintainer; but the binary still has to be removed from unstable to let the package propagate naturally into testing. So vice can be arch: all, even if s390 says not-for-us, right? Thanks, Laszlo/GCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hint for vice/1.22-2
Hi all involved, On Sun, 2008-01-13 at 12:54 +0100, Philipp Kern wrote: Please contact d-release next time to get the issue resolved. Will do. Not arch:all (architecture independent) but arch:any (as it's architecture dependent), but yes. The s390 porter noted to remove the not-for-us. I also reported a RC bug about this. Yes, noted arch:any just after sent my message. Bugreport noted, answered and fixed. Sorry for the noise and thanks, Laszlo/GCS signature.asc Description: This is a digitally signed message part
hint for vice/1.22-2
Hi, Please hint vice 1.22-2 into testing, it's blocked by s390 and sparc. As none of them in the archs field for now, it is ready for migration. Thanks, Laszlo/GCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]