Bug#1072035: bookworm-pu: package dns-root-data/2024041801
On May 27, Jonas Meier wrote: > [ ] attach debdiff against the package in (old)stable diff -Nru dns-root-data-2023010101/debian/changelog dns-root-data-2024041801~deb12u1/debian/changelog --- dns-root-data-2023010101/debian/changelog 2023-01-11 16:00:11.0 +0100 +++ dns-root-data-2024041801~deb12u1/debian/changelog 2024-05-30 14:02:49.0 +0200 @@ -1,3 +1,19 @@ +dns-root-data (2024041801~deb12u1) bookworm; urgency=medium + + * Rebuild for bookworm. (Closes: #1072035) + + -- Marco d'Itri Thu, 30 May 2024 14:02:49 +0200 + +dns-root-data (2024041801) unstable; urgency=medium + + * Add myself to the Uploaders field, as discussed with Ondřej. + * Fix the package description. (Closes: #1064829) + * Update the expired Verisign GRS PGP key. + * Update the root hints file to version 2024041801, with: ++ updated A and records for B. (Closes: #1054393) + + -- Marco d'Itri Tue, 21 May 2024 16:25:44 +0200 + dns-root-data (2023010101) unstable; urgency=medium * merge current root hints and signatures (same contents as before) diff -Nru dns-root-data-2023010101/debian/control dns-root-data-2024041801~deb12u1/debian/control --- dns-root-data-2023010101/debian/control 2022-12-21 00:52:11.0 +0100 +++ dns-root-data-2024041801~deb12u1/debian/control 2024-05-21 16:25:42.0 +0200 @@ -4,6 +4,7 @@ Maintainer: dns-root-data packagers Uploaders: Daniel Kahn Gillmor , + Marco d'Itri , Ondřej Surý , Robert Edmonds , Build-Depends: @@ -13,7 +14,7 @@ openssl, unbound-anchor, xml2, -Standards-Version: 4.6.1 +Standards-Version: 4.7.0.0 Homepage: https://data.iana.org/root-anchors/ Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data @@ -24,7 +25,7 @@ Multi-Arch: foreign Depends: ${misc:Depends}, -Description: DNS root data including root zone and DNSSEC key +Description: DNS root hints and DNSSEC trust anchor This package contains various root zone related data as published by IANA to be used by various DNS software as a common source of DNS root zone data, namely: Binary files /tmp/osYYJAlpQA/dns-root-data-2023010101/registry-admin.key and /tmp/1ohQbBsBE0/dns-root-data-2024041801~deb12u1/registry-admin.key differ diff -Nru dns-root-data-2023010101/root.hints dns-root-data-2024041801~deb12u1/root.hints --- dns-root-data-2023010101/root.hints 2023-01-11 08:22:00.0 +0100 +++ dns-root-data-2024041801~deb12u1/root.hints 2024-05-21 16:25:42.0 +0200 @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR-RS.INTERNIC.NET ; -; last update: January 01, 2023 -; related version of root zone: 2023010101 +; last update: April 18, 2024 +; related version of root zone: 2024041801 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,8 +21,8 @@ ; FORMERLY NS1.ISI.EDU ; .360 NSB.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 360 A 199.9.14.201 -B.ROOT-SERVERS.NET. 360 2001:500:200::b +B.ROOT-SERVERS.NET. 360 A 170.247.170.2 +B.ROOT-SERVERS.NET. 360 2801:1b8:10::b ; ; FORMERLY C.PSI.NET ; Binary files /tmp/osYYJAlpQA/dns-root-data-2023010101/root.hints.sig and /tmp/1ohQbBsBE0/dns-root-data-2024041801~deb12u1/root.hints.sig differ -- ciao, Marco signature.asc Description: PGP signature
Bug#1057089: bullseye-pu: package usrmerge/37~deb12u1
On Nov 29, Andreas Beckmann wrote: > Improve the usrmerge experience in bookworm. Great idea, thank you for working on this! -- ciao, Marco signature.asc Description: PGP signature
Bug#1050681: bookworm-pu: package inn2/2.7.1-1~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: i...@packages.debian.org Control: affects -1 + src:inn2 This stable upload contains two patches backported from the upstream repository on request of the upstream maintainer. The patches are also part of the package which is currently in testing. One patch fixes hangs in nnrpd, while the other allows the package to process the high-precision syslog timestamps format which is currently the default for Debian. The package also contains a minor security fix which changes the default permissions of two configuration files which contain secrets, which has already been added to the next unstable upload. For a better view of the changes please see https://salsa.debian.org/md/inn2/-/commits/bookworm . -- ciao, Marco diff -Nru inn2-2.7.1/debian/changelog inn2-2.7.1/debian/changelog --- inn2-2.7.1/debian/changelog 2023-05-01 19:25:42.0 +0200 +++ inn2-2.7.1/debian/changelog 2023-08-28 02:04:59.0 +0200 @@ -1,3 +1,13 @@ +inn2 (2.7.1-1~deb12u1) bookworm; urgency=medium + + * Added patch backport_a1f2e9323: this upstream commit fixes nnrpd hangs +when compression is enabled. + * Added patch backport_f7d111aad: this upstream commit adds support for +high-precision syslog timestamps which now are the default in Debian. + * Made inn-{radius,secrets}.conf not world readable. + + -- Marco d'Itri Mon, 28 Aug 2023 02:04:59 +0200 + inn2 (2.7.1-1) unstable; urgency=medium * New upstream release. diff -Nru inn2-2.7.1/debian/patches/backport_a1f2e9323 inn2-2.7.1/debian/patches/backport_a1f2e9323 --- inn2-2.7.1/debian/patches/backport_a1f2e9323 1970-01-01 01:00:00.0 +0100 +++ inn2-2.7.1/debian/patches/backport_a1f2e9323 2023-08-28 02:04:59.0 +0200 @@ -0,0 +1,154 @@ +From: Enrik Berkhan +Subject: nnrpd: avoid hang due to misplaced select() +Origin: upstream, commit:a1f2e932338a17eb4111243f29fcade52d39e0a7 + +The select() call in nnrpd's input data processing is moved right +before the related read() call to avoid blocking when it shouldn't. + +Without this change, there could still remain data to be inflated, that +has already been read, if compression had been activated. The select() +can then time out because the client might already have sent all data +before, and the yet to be inflated data will not be used until after +the timeout. + +Resolves: #269 + +diff --git a/nnrpd/line.c b/nnrpd/line.c +index fc68b15dd..6c048720c 100644 +--- a/nnrpd/line.c b/nnrpd/line.c +@@ -79,12 +79,11 @@ line_reset(struct line *line) + } + + /* +-** Timeout is used only if HAVE_OPENSSL is defined. + ** Returns -2 on timeout, -1 on read error, and otherwise the number of + ** bytes read. + */ + static ssize_t +-line_doread(void *p, size_t len, int timeout UNUSED) ++line_doread(void *p, size_t len, int timeout) + { + ssize_t n; + +@@ -122,6 +121,22 @@ line_doread(void *p, size_t len, int timeout UNUSED) + } + #endif /* HAVE_ZLIB */ + ++/* It seems that the SSL_read cannot be mixed with select() ++ * as in the current code. TLS communicates in its own data ++ * blocks and handshaking. The line_doread using SSL_read ++ * could return, but still with a partial line in the SSL_read ++ * buffer. Then the server TLS routine would sit there waiting ++ * for completion of that data block while nnrpd sat at the ++ * select() routine waiting for more data from the server. ++ * ++ * Here, we decide to just bypass the select() wait. Unlike ++ * innd with multiple threads, the select on nnrpd is just ++ * waiting on a single file descriptor, so it is not really ++ * essential with blocked read like SSL_read. Using an alarm ++ * signal around SSL_read for non active timeout, TLS works ++ * without dead locks. However, without the select() wait, ++ * the IDLE timer stat won't be collected... ++ */ + #ifdef HAVE_OPENSSL + if (tls_conn) { + int err; +@@ -152,9 +167,38 @@ line_doread(void *p, size_t len, int timeout UNUSED) + xsignal(SIGALRM, SIG_DFL); + } else + #endif /* HAVE_OPENSSL */ ++{ ++fd_set rmask; ++int i; ++ ++/* Wait for activity on stdin, updating timer stats as we go. */ ++do { ++struct timeval t; ++ ++FD_ZERO(); ++FD_SET(STDIN_FILENO, ); ++t.tv_sec = timeout; ++t.tv_usec = 0; ++TMRstart(TMR_IDLE); ++i = select(STDIN_FILENO + 1, , NULL, NULL, ); ++TMRstop(TMR_IDLE); ++if (i == -1 && errno != EINTR) { ++syswarn("%s can't select", Client.host); ++break; ++} ++} while (i == -1); ++ ++
Bug#1050542: bookworm-pu: package openbsd-inetd/0.20221205-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu Control: affects -1 + src:openbsd-inetd This is needed to fix #1050208, introduced in bookworm, which makes inetd crash on configuration reloads. The fix is in the change to patches/default_v4v6, everything else is improvements to the test suite and more tests (also to catch this specific problem). 0.20221205-2+deb12u1 is a no changes rebuild of the package currently in testing. For a better view of the changes please see https://salsa.debian.org/md/openbsd-inetd/-/commits/master . -- ciao, Marco diff -Nru openbsd-inetd-0.20221205/debian/changelog openbsd-inetd-0.20221205/debian/changelog --- openbsd-inetd-0.20221205/debian/changelog 2023-01-02 14:33:50.0 +0100 +++ openbsd-inetd-0.20221205/debian/changelog 2023-08-26 00:34:16.0 +0200 @@ -1,8 +1,21 @@ +openbsd-inetd (0.20221205-2+deb12u1) bookworm; urgency=medium + + * Rebuilt for bookworm. + + -- Marco d'Itri Sat, 26 Aug 2023 00:34:16 +0200 + +openbsd-inetd (0.20221205-2) unstable; urgency=medium + + * Updated the Debian patch default_v4v6 to fix fix a double free and +a memory leak on configuration reloads. (Closes: #1050208) + + -- Marco d'Itri Wed, 23 Aug 2023 12:49:41 +0200 + openbsd-inetd (0.20221205-1) unstable; urgency=medium * New CVS snapshot. * When just "tcp" or "udp" is specified in inetd.conf, now inetd defaults -to runnning two servers: one for IPv4 and one for IPv6 traffic. +to running two servers: one for IPv4 and one for IPv6 traffic. This is identical to specifying both e.g. "tcp4" and "tcp6". The old semantics of only accepting IPv4 connections can be restored by using "tcp4" or "udp4". diff -Nru openbsd-inetd-0.20221205/debian/copyright openbsd-inetd-0.20221205/debian/copyright --- openbsd-inetd-0.20221205/debian/copyright 2023-01-01 22:49:25.0 +0100 +++ openbsd-inetd-0.20221205/debian/copyright 2023-08-23 03:00:22.0 +0200 @@ -29,10 +29,3 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. -setproctitle.c and discard_stupid_environment() come from netkit 0.17, -patched by the USAGI project. - -strlcpy.c comes from the openbsd source tree, slightly edited. - -bsd-closefrom.c comes from the openssh source tree, slightly edited. - diff -Nru openbsd-inetd-0.20221205/debian/NEWS openbsd-inetd-0.20221205/debian/NEWS --- openbsd-inetd-0.20221205/debian/NEWS 2023-01-02 03:09:21.0 +0100 +++ openbsd-inetd-0.20221205/debian/NEWS 2023-08-23 12:46:59.0 +0200 @@ -1,7 +1,7 @@ openbsd-inetd (0.20221205-1) unstable; urgency=medium * When just "tcp" or "udp" is specified in inetd.conf, now inetd defaults -to runnning two servers: one for IPv4 and one for IPv6 traffic. +to running two servers: one for IPv4 and one for IPv6 traffic. This is identical to specifying both e.g. "tcp4" and "tcp6". The old semantics of only accepting IPv4 connections can be restored by using "tcp4" or "udp4". diff -Nru openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst --- openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst 2023-01-02 02:45:43.0 +0100 +++ openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst 2023-08-23 03:06:12.0 +0200 @@ -54,14 +54,6 @@ install) create_inetd ;; - -upgrade|abort-upgrade) -;; - -*) -echo "$0 called with unknown argument '$1'" >&2 -exit 1 -;; esac #DEBHELPER# diff -Nru openbsd-inetd-0.20221205/debian/patches/default_v4v6 openbsd-inetd-0.20221205/debian/patches/default_v4v6 --- openbsd-inetd-0.20221205/debian/patches/default_v4v6 2023-01-02 02:30:41.0 +0100 +++ openbsd-inetd-0.20221205/debian/patches/default_v4v6 2023-08-23 02:45:43.0 +0200 @@ -44,37 +44,35 @@ int val; int argc; + static int proto_override; -+ static char *saved_cp; ++ static char saved_line[1024]; sep = calloc(1, sizeof(struct servtab)); if (sep == NULL) { -@@ -1165,6 +1167,14 @@ getconfigent(void) +@@ -1165,6 +1167,11 @@ getconfigent(void) more: freeconfig(sep); + if (proto_override) { + /* process again the same configuration entry */ -+ cp = saved_cp; -+ saved_cp = NULL; ++ cp = saved_line; + } else { -+ if (saved_cp) -+ free(saved_cp); + while ((cp = nextline(fconfig)) && *cp == '#') ; if (cp == NULL) { -@@ -1172,6 +1182,10 @@ more: +@@ -1172,6 +1179,11 @@ more: return (NULL); } -+ /* keep a copy of the configuration entry */ -+ saved_cp = newstr(cp); -+ } /* proto_override */ ++ /* keep a copy of the configuration entry */ ++ strcpy(saved_line, cp); ++ ++ } /* !proto_override */ + memset(sep, 0, sizeof *sep);
Re: Bug#1038853: usrmerge: clean up the unused empty biarch directories
Release managers, I would like to upload to 12.1 a new package to fix this (and other minor issues). On Jun 22, Andreas Beckmann wrote: > Package: usrmerge > Version: 35 > Severity: important > Tags: patch > > bootstrapping a merged-/usr system or earlier conversions may have > created empty biarch directories and links to them, e.g. > /usr/libx32 > /libx32 -> /usr/libx32 > > Since glibc 2.35-4 this is handled by the respective glibc packages > and usrmerge has stopped creating them. > > So let's clean them up (once) on upgrades of the usrmerge/usr-is-merged > packages if they are not owned by any package according to the dpkg > database. Otherwise they might suddenly disappear after installation and > removal of a package "owning" them. > > While the existence/disappearance of these directories and links is > harmless for a regular system, it is nasty for doing QA testing since > that may trigger an error on sudden disappearance of files/directories > (at non-volatile locations). Ignoring these locations is not a good > idea, since it might hide actual bugs mishandling the biarc locations. > > I've been running piuparts bullseye -> bookworm upgrade tests with this > patch applied and that solved all the unexpected disappearance of biarch > directories and links. > > > Andreas > >From 6a07b047055ef2d05ab3381f9f7ce64c21f6b60b Mon Sep 17 00:00:00 2001 > From: Andreas Beckmann > Date: Sun, 28 May 2023 14:20:21 +0200 > Subject: [PATCH] postinst: Clean up the unused empty biarch directories > > bootstrapping or earlier conversions may have created empty biarch > directories and links. glibc 2.35-4 or later will create them if > needed, so clean up the unused (and unowned) ones > > Closes: # > --- > debian/usr-is-merged.postinst | 28 > debian/usrmerge.postinst | 22 +- > 2 files changed, 49 insertions(+), 1 deletion(-) > create mode 100644 debian/usr-is-merged.postinst > > diff --git a/debian/usr-is-merged.postinst b/debian/usr-is-merged.postinst > new file mode 100644 > index 000..3d0e0c5 > --- /dev/null > +++ b/debian/usr-is-merged.postinst > @@ -0,0 +1,28 @@ > +#!/bin/sh > +set -e > + > +cleanup_biarch_dirs() { > + # bootstrapping or earlier conversions may have created empty biarch > + # directories and links. glibc 2.35-4 or later will create them if needed, > + # so clean up the unused (and unowned) ones > + local arch_directories="/lib64 /lib32 /libo32 /libx32" > + for dir in $arch_directories; do > +[ -e "$dir" ] || continue > +if ! dpkg-query -S $dir >/dev/null 2>&1; then > + rm -v $dir > + if [ -e /usr$dir ] && ! dpkg-query -S /usr$dir >/dev/null 2>&1 ; then > +rmdir --ignore-fail-on-non-empty -v /usr$dir > + fi > +fi > + done > +} > + > +case "$1" in > +configure) > + if dpkg --compare-versions "$2" lt "36~" ; then > +cleanup_biarch_dirs > + fi > +;; > +esac > + > +#DEBHELPER# > diff --git a/debian/usrmerge.postinst b/debian/usrmerge.postinst > index 257f0e5..057b7f1 100644 > --- a/debian/usrmerge.postinst > +++ b/debian/usrmerge.postinst > @@ -1,4 +1,5 @@ > -#!/bin/sh -e > +#!/bin/sh > +set -e > > is_fs() { >local fs_type > @@ -49,6 +50,22 @@ END >/usr/lib/usrmerge/convert-usrmerge || return $? > } > > +cleanup_biarch_dirs() { > + # bootstrapping or earlier conversions may have created empty biarch > + # directories and links. glibc 2.35-4 or later will create them if needed, > + # so clean up the unused (and unowned) ones > + local arch_directories="/lib64 /lib32 /libo32 /libx32" > + for dir in $arch_directories; do > +[ -e "$dir" ] || continue > +if ! dpkg-query -S $dir >/dev/null 2>&1; then > + rm -v $dir > + if [ -e /usr$dir ] && ! dpkg-query -S /usr$dir >/dev/null 2>&1 ; then > +rmdir --ignore-fail-on-non-empty -v /usr$dir > + fi > +fi > + done > +} > + > case "$1" in > configure) > # Skip the conversion for buildds. > @@ -59,6 +76,9 @@ case "$1" in > echo "W: /etc/unsupported-skip-usrmerge-conversion exists." >&2 > else > maybe_convert "$@" || { echo "E: usrmerge failed." >&2; exit 1; } > + if dpkg --compare-versions "$2" lt "36~" ; then > + cleanup_biarch_dirs > + fi > /usr/lib/usrmerge/convert-etc-shells > fi > ;; > -- > 2.20.1 > -- ciao, Marco signature.asc Description: PGP signature
Bug#1035673: unblock: whois/5.5.17
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: wh...@packages.debian.org Control: affects -1 + src:whois Please unblock package whois It contains a few database updates. unblock whois/5.5.17 diff --git a/debian/changelog b/debian/changelog index 741c74a..13123bc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +whois (5.5.17) unstable; urgency=medium + + [ Robert Scheck ] + * Added the .cd TLD server. + * Updated the -kg NIC handles server name. + + [ Marco d'Itri ] + * Removed 2 new gTLDs which are no longer active. + + -- Marco d'Itri Wed, 03 May 2023 14:24:37 +0200 + whois (5.5.16) unstable; urgency=medium * Add bash completion support, courtesy of Ville Skyttä. diff --git a/new_gtlds_list b/new_gtlds_list index 760c79f..12ff5b8 100644 --- a/new_gtlds_list +++ b/new_gtlds_list @@ -573,7 +573,6 @@ lilly limited limo lincoln -linde link lipsy live @@ -596,7 +595,6 @@ ltda lundbeck luxe luxury -macys madrid maif maison diff --git a/nic_handles_list b/nic_handles_list index 870ebd6..3fae1dd 100644 --- a/nic_handles_list +++ b/nic_handles_list @@ -8,7 +8,7 @@ -dkwhois.dk-hostmaster.dk -ilwhois.isoc.org.il -iswhois.isnic.is --kgwhois.domain.kg +-kgwhois.kg -coop whois.nic.coop -frnic whois.nic.fr -lrms whois.afilias.info diff --git a/servers_charset_list b/servers_charset_list index cc81a38..fa85e4e 100644 --- a/servers_charset_list +++ b/servers_charset_list @@ -38,7 +38,7 @@ whois.isnic.isiso-8859-1 whois.nic.it utf-8 whois.jprs.jp iso-2022-jp whois.nic.ad.jpiso-2022-jp -whois.domain.kgcp1251 +whois.kg cp1251 whois.nic.or.krutf-8 whois.kr utf-8 whois.nic.kz utf-8 diff --git a/tld_serv_list b/tld_serv_list index 948f005..cb480da 100644 --- a/tld_serv_list +++ b/tld_serv_list @@ -113,7 +113,7 @@ .co.ca whois.co.ca .cawhois.cira.ca .ccVERISIGN ccwhois.verisign-grs.com -.cdNONE +.cdwhois.nic.cd .cfNONE .cgNONE# www.nic.cg .chwhois.nic.ch -- ciao, Marco signature.asc Description: PGP signature
Bug#1035672: unblock: inn2/2.7.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: i...@packages.debian.org Control: affects -1 + src:inn2 Please unblock package inn2 This is the diff betwwen 2.7.1 RC1 and 2.7.1. It contains many documentation fixes, small fixes to pullnews and a significant for ovsqlite-util. It also adds a versioned Breaks on manpages-dev which fixes the RC bug #1035098. The 2.7.1 package is being used in production on one of my news servers. Follows the git diff between debian/2.7.1_20230322-1 and debian/2.7.1-1, abridged of whitespace and documentation changes. The full changelog can be consulted at https://salsa.debian.org/md/inn2/-/commits/master . The package has a fairly decent autopkgtest but it currently cannot work on the Debian infrastructure, because the workers do not have valid hostnames. I will find a solution after the release, so please bear with me once more. :-) unblock inn2/2.7.1-1 diff --git a/Makefile.global.in b/Makefile.global.in index db42dee2e..3a84f23e7 100644 --- a/Makefile.global.in +++ b/Makefile.global.in @@ -20,7 +20,7 @@ ## be complying with the NNTP protocol. VERSION= 2.7.1 -VERSION_EXTRA = rc1 version +VERSION_EXTRA = ## The absolute path to the top of the build directory, used to find the ## libraries built as part of INN. Using relative paths confuses libtool diff --git a/backends/news2mail.in b/backends/news2mail.in index bef6ca86a..952cf4610 100644 --- a/backends/news2mail.in +++ b/backends/news2mail.in @@ -104,9 +104,15 @@ sub mailto { my ($t, $s, @a) = @_; my $sendmail = $INN::Config::mta; +# Remove %s and -f from the mta command line (we'll explicitly set +# recipients and an envelope sender below). +# Remove -oem as we'll set -oee so that sendmail exits with a +# non-zero status only if the mail cannot be sent. $sendmail =~ s!\s*%s!!; +$sendmail =~ s!(^|\s+)-f\s*\S*!!; +$sendmail =~ s!(^|\s+)-oem!!; my @command = ( -split(' ', $sendmail), '-ee', '-odq', "-f$s", +split(' ', $sendmail), '-oee', '-odq', "-f$s", "-pNNTP:$INN::Config::pathhost", @a ); diff --git a/debian/changelog b/debian/changelog index eff319e64..eeaf10caa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +inn2 (2.7.1-1) unstable; urgency=medium + + * New upstream release. + * Breaks manpages-dev << 6.03-2 to make upgrades smoother, because of +file(3) and list(3) removed from inn2-dev 2.6.5-1. (Closes: #1035098) + + -- Marco d'Itri Mon, 01 May 2023 19:25:42 +0200 + inn2 (2.7.1~20230322-1) unstable; urgency=medium * New release candidate 1 of the stable branch. diff --git a/debian/control b/debian/control index 93d37618c..8d7089372 100644 --- a/debian/control +++ b/debian/control @@ -63,6 +63,7 @@ Package: inn2-dev Section: devel Architecture: any Depends: ${misc:Depends} +Breaks: manpages-dev (<< 6.03-2) Conflicts: inn Description: libinn.a library, headers and man pages You will only need this if you are going to compile programs that diff --git a/frontends/pullnews.in b/frontends/pullnews.in index b21ce29b4..0d8809cec 100644 --- a/frontends/pullnews.in +++ b/frontends/pullnews.in @@ -100,6 +100,7 @@ my $defaultRetryTime = 1; my $defaultProgressWidth = 50; my $defaultMaxArts; my $lockfile; +my $runEndBlock = 0; # Check whether pullnews is run inside INN. my $use_inn_shlock = 0; @@ -120,6 +121,8 @@ if (not $use_inn_shlock) { } END { +return unless $runEndBlock; + # In case we bail out, while holding a lock. if ($use_inn_shlock) { INN::Utils::Shlock::releaselocks(); @@ -423,7 +426,7 @@ if ($use_inn_shlock) { INN::Utils::Shlock::lock($lockfile) or die "cannot create lockfile $lockfile\n"; } else { -sysopen(LOCK, "$lockfile", O_RDWR | O_CREAT, 0700) +sysopen(LOCK, "$lockfile", O_RDWR | O_CREAT, 0644) or die "cannot create lockfile $lockfile: $!\n"; $oldfh = select; select LOCK; @@ -439,6 +442,9 @@ if ($use_inn_shlock) { print LOCK "$$\n"; } +# Now that a lock file has been created, ensure we release it when this process +# ends or is stopped. +$runEndBlock = 1; print LOG scalar(localtime(time)), " start\n\n" unless $quiet; @@ -554,6 +560,7 @@ if (not $quiet and not $quietness) { } my $connectionAttempts = 0; +my %groupsStarted = (); UPSTREAM: foreach my $server (@servers) { @@ -683,6 +690,7 @@ foreach my $server (@servers) { } continue { # Reinitialize the counter for the next server. $connectionAttempts = 0; +%groupsStarted = (); } saveConfig(); @@ -768,7 +776,8 @@ sub stats { sub saveConfig { return if $no_op; -$SIG{INT} = $SIG{QUIT} = 'IGNORE'; +local $SIG{INT} = 'IGNORE'; +local $SIG{QUIT} = 'IGNORE'; open(FILE, ">$groupFile"
Bug#1034468: unblock: inn2/2.7.1~20230322-1
On Apr 26, Paul Gevers wrote: > PS: have you considered adding a non-superficial autopkgtest to your package > such that you don't need to wait for us to unblock your package? Yes, long story. There is actually one but it is not run, because it needs to be significantly modified to actually work on our CI infrastructure, because inn2 cannot be installed on systems without a valid hostname. -- ciao, Marco signature.asc Description: PGP signature
Bug#1034468: unblock: inn2/2.7.1~20230322-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: i...@packages.debian.org Control: affects -1 + src:inn2 Please unblock package inn2 This is tagged as a snapshot but is actually 2.7.1 RC1. It contains many documentation fixes, small improvements and fixes to pullnews, and the new ovsqlite-util program which can be used to debug and repair an ovsqlite database. The new package has been used in production for 3 weeks on one of my servers. I am attaching the git diff between debian/2.7.1_20230306-1 and debian/2.7.1_20230322-1, abridged of documentation changes. The full changelog can be consulted at https://salsa.debian.org/md/inn2/-/commits/master . unblock inn2/2.7.1~20230322-1 -- ciao, Marco diff --git a/.gitignore b/.gitignore index 274716315..9960002af 100644 --- a/.gitignore +++ b/.gitignore @@ -176,6 +176,7 @@ /storage/ovmethods.h /storage/buffindexed/buffindexed_d /storage/ovsqlite/ovsqlite-server +/storage/ovsqlite/ovsqlite-util /storage/ovsqlite/sql-init.c /storage/ovsqlite/sql-init.h /storage/ovsqlite/sql-main.c diff --git a/MANIFEST b/MANIFEST index 35e05aef2..7254d27aa 100644 --- a/MANIFEST +++ b/MANIFEST @@ -210,6 +210,7 @@ doc/man/ovdb_server.8 Manpage for ovdb_server doc/man/ovdb_stat.8 Manpage for ovdb_stat doc/man/overchan.8Manpage for overchan backend doc/man/ovsqlite-server.8 Manpage for ovsqlite-server +doc/man/ovsqlite-util.8 Manpage for ovsqlite-util doc/man/ovsqlite.5Manpage for the ovsqlite overview module doc/man/passwd.nntp.5 Manpage for passwd.nntp config file doc/man/perl-nocem.8 Manpage for perl-nocem @@ -331,6 +332,7 @@ doc/pod/ovdb_server.pod Master file for ovdb_server.8 doc/pod/ovdb_stat.pod Master file for ovdb_stat.8 doc/pod/overchan.pod Master file for overchan.8 doc/pod/ovsqlite-server.pod Master file for ovsqlite-server.8 +doc/pod/ovsqlite-util.pod Master file for ovsqlite-util.8 doc/pod/ovsqlite.pod Master file for ovsqlite.5 doc/pod/passwd.nntp.pod Master file for passwd.nntp.5 doc/pod/procbatch.pod Master file for procbatch.8 @@ -774,6 +776,7 @@ storage/ovsqlite/ovmethod.mk Make rules for ovsqlite storage/ovsqlite/ovsqlite-private.c Private code for ovsqlite storage/ovsqlite/ovsqlite-private.h Private header for ovsqlite storage/ovsqlite/ovsqlite-server.cSQLite database exclusive owner +storage/ovsqlite/ovsqlite-util.in Utility program for ovsqlite storage/ovsqlite/ovsqlite.c ovsqlite implementation storage/ovsqlite/ovsqlite.h ovsqlite interface storage/ovsqlite/sql-init.c Generated database setup implementation diff --git a/Makefile.global.in b/Makefile.global.in index 8a185ed39..db42dee2e 100644 --- a/Makefile.global.in +++ b/Makefile.global.in @@ -20,7 +20,7 @@ ## be complying with the NNTP protocol. VERSION = 2.7.1 -VERSION_EXTRA = prerelease +VERSION_EXTRA = rc1 version ## The absolute path to the top of the build directory, used to find the ## libraries built as part of INN. Using relative paths confuses libtool diff --git a/debian/changelog b/debian/changelog index ffbb0e6a6..eff319e64 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +inn2 (2.7.1~20230322-1) unstable; urgency=medium + + * New release candidate 1 of the stable branch. + + -- Marco d'Itri Mon, 27 Mar 2023 04:30:21 +0200 + inn2 (2.7.1~20230306-1) unstable; urgency=medium * New upstream snapshot of the stable branch. diff --git a/doc/man/Makefile b/doc/man/Makefile index 906725ebd..30a87587f 100644 --- a/doc/man/Makefile +++ b/doc/man/Makefile @@ -30,9 +30,9 @@ SEC8 = actsync.8 archive.8 batcher.8 buffchan.8 ckpasswd.8 \ innupgrade.8 innwatch.8 innxbatch.8 innxmit.8 mailpost.8 makedbz.8 \ makehistory.8 mod-active.8 news.daily.8 news2mail.8 ninpaths.8 \ nnrpd.8 nntpsend.8 ovdb_init.8 ovdb_monitor.8 ovdb_server.8 \ - ovdb_stat.8 overchan.8 ovsqlite-server.8 perl-nocem.8 procbatch.8 \ - prunehistory.8 radius.8 \ - rc.news.8 scanlogs.8 scanspool.8 send-ihave.8 send-uucp.8 sendinpaths.8 \ + ovdb_stat.8 overchan.8 ovsqlite-server.8 ovsqlite-util.8 perl-nocem.8 \ + procbatch.8 prunehistory.8 radius.8 rc.news.8 \ + scanlogs.8 scanspool.8 send-ihave.8 send-uucp.8 sendinpaths.8 \ tally.control.8 tdx-util.8 tinyleaf.8 writelog.8 all: diff --git a/doc/pod/Makefile b/doc/pod/Makefile index 792ccf568..2fe219533 100644 --- a/doc/pod/Makefile +++ b/doc/pod/Makefile @@ -48,6 +48,7 @@ MAN8 = ../man/actsync.8 ../man/archive.8 ../man/auth_krb5.8 \ ../man/nnrpd.8 ../man/nntpsend.8 \ ../man/ovdb_init.8 ../man/ovdb_monitor.8 ../man/ovdb_server.8 \ ../man/ovdb_stat.8 ../man/overchan.8 ../man/ovsqlite-server.8 \ + ../man/ovsqlite-util.8 \ ../man/procbatch.8
Bug#1033694: unblock: gortr/0.14.7-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: go...@packages.debian.org Control: affects -1 + src:gortr Please unblock package gortr I do not want to ship gortr in bookworm because it is unmaintained, but other software needs the Go library which comes from this same package. So I made minimal changes to the package to only build the library. Full diff attached. unblock gortr/0.14.7-2 -- ciao, Marco diff -Nru gortr-0.14.7/debian/changelog gortr-0.14.7/debian/changelog --- gortr-0.14.7/debian/changelog 2021-01-03 09:17:16.0 +0100 +++ gortr-0.14.7/debian/changelog 2023-03-27 22:43:29.0 +0200 @@ -1,3 +1,10 @@ +gortr (0.14.7-2) unstable; urgency=medium + + * Stop building gortr because it is unmaintained and has been generally +replaced by stayrtr. + + -- Marco d'Itri Mon, 27 Mar 2023 22:43:29 +0200 + gortr (0.14.7-1) unstable; urgency=medium * New upstream release. diff -Nru gortr-0.14.7/debian/control gortr-0.14.7/debian/control --- gortr-0.14.7/debian/control 2021-01-03 09:16:21.0 +0100 +++ gortr-0.14.7/debian/control 2023-03-27 22:42:40.0 +0200 @@ -4,36 +4,27 @@ Section: net Testsuite: autopkgtest-pkg-go Priority: optional -Build-Depends: debhelper-compat (= 12), dh-golang, +Build-Depends: debhelper-compat (= 13), dh-golang, golang-any, golang-github-prometheus-client-golang-dev, golang-github-stretchr-testify-dev, golang-golang-x-crypto-dev, golang-logrus-dev, -Standards-Version: 4.5.0 +Standards-Version: 4.6.2.0 Vcs-Browser: https://salsa.debian.org/md/gortr Vcs-Git: https://salsa.debian.org/md/gortr.git Homepage: https://github.com/cloudflare/gortr Rules-Requires-Root: no XS-Go-Import-Path: github.com/cloudflare/gortr -Package: gortr -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, - adduser -Built-Using: ${misc:Built-Using} -Description: Cloudflare's RPKI to Router server - GoRTR is an implementation of the RPKI to Router protocol (RFC 6810): - it can be used to publish Resource Public Key Infrastructure (RFC 6480) - prefix origin data from a trusted cache to BGP routers. - Package: golang-github-cloudflare-gortr-dev Architecture: all -Section: devel +Section: golang Depends: ${misc:Depends}, golang-github-prometheus-client-golang-dev, golang-github-stretchr-testify-dev, golang-golang-x-crypto-dev, golang-logrus-dev, +Multi-Arch: foreign Description: Cloudflare's RPKI to router library GoRTR is an implementation of the RPKI to router protocol (RFC 6810). diff -Nru gortr-0.14.7/debian/rules gortr-0.14.7/debian/rules --- gortr-0.14.7/debian/rules 2021-01-03 09:16:21.0 +0100 +++ gortr-0.14.7/debian/rules 2023-03-27 22:33:18.0 +0200 @@ -1,5 +1,11 @@ #!/usr/bin/make -f +# only build the library +export DH_GOLANG_EXCLUDES := cmd/ + %: dh $@ --builddirectory=_build --buildsystem=golang --with=golang +override_dh_auto_install: + dh_auto_install --destdir=debian/tmp + signature.asc Description: PGP signature
Bug#1033693: unblock: stayrtr/0.5.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: stay...@packages.debian.org Control: affects -1 + src:stayrtr Please unblock package stayrtr stayrtr is better integrated with rpki-client than octorpki, which has not been getting new features in a long time. Accordingly recommend rpki-client and use it as the data source by default. Full diff attached. unblock stayrtr/0.5.1-2 -- ciao, Marco diff -Nru stayrtr-0.5.1/debian/changelog stayrtr-0.5.1/debian/changelog --- stayrtr-0.5.1/debian/changelog 2023-03-05 01:11:49.0 +0100 +++ stayrtr-0.5.1/debian/changelog 2023-03-28 23:09:15.0 +0200 @@ -1,3 +1,11 @@ +stayrtr (0.5.1-2) unstable; urgency=medium + + * Default to use /var/lib/rpki-client/json (from rpki-client) as the source +instead of the octorpki URL, since they are much better integrated. + * Recommend rpki-client. + + -- Marco d'Itri Tue, 28 Mar 2023 23:09:15 +0200 + stayrtr (0.5.1-1) unstable; urgency=medium * New upstream release. diff -Nru stayrtr-0.5.1/debian/control stayrtr-0.5.1/debian/control --- stayrtr-0.5.1/debian/control 2023-02-27 03:23:32.0 +0100 +++ stayrtr-0.5.1/debian/control 2023-03-27 06:20:23.0 +0200 @@ -24,6 +24,7 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Recommends: rpki-client Conflicts: gortr Built-Using: ${misc:Built-Using} Description: RPKI to Router server diff -Nru stayrtr-0.5.1/debian/stayrtr.default stayrtr-0.5.1/debian/stayrtr.default --- stayrtr-0.5.1/debian/stayrtr.default 2023-02-27 03:18:52.0 +0100 +++ stayrtr-0.5.1/debian/stayrtr.default 2023-03-27 06:20:38.0 +0200 @@ -1,5 +1,5 @@ # Run "stayrtr -h" to see the available command line options and their # defaults. -STAYRTR_ARGS=-bind :323 -cache http://localhost:9880/output.json +STAYRTR_ARGS=-bind :323 -cache /var/lib/rpki-client/json signature.asc Description: PGP signature
Bug#1033536: unblock: inn2/2.7.1~20230306-1
gz.in $(FIX) ; $(FIX) -i archivegz.in -authmysql: authmysql.in $(FIX) ; $(FIX) -i authmysql.in -backlogstat: backlogstat.in $(FIX) ; $(FIX) backlogstat.in -cleannewsgroups: cleannewsgroups.in $(FIX) ; $(FIX) cleannewsgroups.in -count_overview: count_overview.in $(FIX) ; $(FIX) -i count_overview.in -delayer: delayer.in $(FIX) ; $(FIX) -i delayer.in -findreadgroups: findreadgroups.in $(FIX) ; $(FIX) findreadgroups.in -fixhist: fixhist.in $(FIX) ; $(FIX) -i fixhist.in -innconfcheck:innconfcheck.in$(FIX) ; $(FIX) -i innconfcheck.in -makeexpctl: makeexpctl.in $(FIX) ; $(FIX) makeexpctl.in -makestorconf:makestorconf.in$(FIX) ; $(FIX) makestorconf.in -mkbuf: mkbuf.in $(FIX) ; $(FIX) -i mkbuf.in -nnrp.access2readers.conf: nnrp.access2readers.conf.in $(FIX) ; $(FIX) -i nnrp.access2readers.conf.in -stathist:stathist.in$(FIX) ; $(FIX) -i stathist.in -thdexpire: thdexpire.in $(FIX) ; $(FIX) thdexpire.in -tunefeed:tunefeed.in$(FIX) ; $(FIX) -i tunefeed.in +analyze-traffic: analyze-traffic.in $(FIXSCRIPT) ; $(FIX) -i analyze-traffic.in +archivegz: archivegz.in $(FIXSCRIPT) ; $(FIX) -i archivegz.in +authmysql: authmysql.in $(FIXSCRIPT) ; $(FIX) -i authmysql.in +backlogstat: backlogstat.in $(FIXSCRIPT) ; $(FIX) backlogstat.in +cleannewsgroups: cleannewsgroups.in $(FIXSCRIPT) ; $(FIX) cleannewsgroups.in +count_overview: count_overview.in $(FIXSCRIPT) ; $(FIX) -i count_overview.in +delayer: delayer.in $(FIXSCRIPT) ; $(FIX) -i delayer.in +findreadgroups: findreadgroups.in $(FIXSCRIPT) ; $(FIX) findreadgroups.in +fixhist: fixhist.in $(FIXSCRIPT) ; $(FIX) -i fixhist.in +innconfcheck:innconfcheck.in$(FIXSCRIPT) ; $(FIX) -i innconfcheck.in +makeexpctl: makeexpctl.in $(FIXSCRIPT) ; $(FIX) makeexpctl.in +makestorconf:makestorconf.in$(FIXSCRIPT) ; $(FIX) makestorconf.in +mkbuf: mkbuf.in $(FIXSCRIPT) ; $(FIX) -i mkbuf.in +nnrp.access2readers.conf: nnrp.access2readers.conf.in $(FIXSCRIPT) + $(FIX) -i nnrp.access2readers.conf.in +stathist:stathist.in$(FIXSCRIPT) ; $(FIX) -i stathist.in +thdexpire: thdexpire.in $(FIXSCRIPT) ; $(FIX) thdexpire.in +tunefeed:tunefeed.in$(FIXSCRIPT) ; $(FIX) -i tunefeed.in diff --git a/control/Makefile b/control/Makefile index 19b1888fb..7c4092ea7 100644 --- a/control/Makefile +++ b/control/Makefile @@ -44,13 +44,13 @@ $(FIXSCRIPT): ## Build rules. LINK = $(LIBLD) $(LDFLAGS) -o $@ -FIX = $(FIXSCRIPT) +FIX = $(SHELL) $(FIXSCRIPT) -controlbatch: controlbatch.in $(FIX) ; $(FIX) controlbatch.in -controlchan: controlchan.in $(FIX) ; $(FIX) controlchan.in -docheckgroups: docheckgroups.in $(FIX) ; $(FIX) docheckgroups.in -perl-nocem: perl-nocem.in$(FIX) ; $(FIX) perl-nocem.in -pgpverify: pgpverify.in $(FIX) ; $(FIX) pgpverify.in +controlbatch: controlbatch.in $(FIXSCRIPT) ; $(FIX) controlbatch.in +controlchan: controlchan.in $(FIXSCRIPT) ; $(FIX) controlchan.in +docheckgroups: docheckgroups.in $(FIXSCRIPT) ; $(FIX) docheckgroups.in +perl-nocem: perl-nocem.in$(FIXSCRIPT) ; $(FIX) perl-nocem.in +pgpverify: pgpverify.in $(FIXSCRIPT) ; $(FIX) pgpverify.in ../doc/man/perl-nocem.8: perl-nocem.in $(POD2MAN) -s 8 -n "PERL-NOCEM" $? > $@ diff --git a/debian/changelog b/debian/changelog index 83259fbb6..ffbb0e6a6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +inn2 (2.7.1~20230306-1) unstable; urgency=medium + + * New upstream snapshot of the stable branch. + + -- Marco d'Itri Thu, 09 Mar 2023 12:18:11 +0100 + inn2 (2.7.1~20230220-1) unstable; urgency=medium * New upstream snapshot of the stable branch. diff --git a/debian/patches/dash-unbatch b/debian/patches/dash-unbatch index 40d5ad028..0dfaa006d 100644 --- a/debian/patches/dash-unbatch +++ b/debian/patches/dash-unbatch @@ -1,7 +1,7 @@ --- a/frontends/Makefile +++ b/frontends/Makefile -@@ -101,15 +101,15 @@ pullnews: pullnews.in $(FIX) ; $(FI - scanspool: scanspool.in $(FIX) ; $(FIX) scanspool.in +@@ -114,15 +114,15 @@ pullnews: pullnews.in $(FIXSCRIPT) + scanspool: scanspool.in $(FIXSCRIPT) ; $(FIX) scanspool.in bunbatch: Makefile ../Makefile.global - ( echo '#! $(SHELL)' ; echo 'exec $(BZIP2) -d -c' ) > $@ diff --git a/expire/Makefile b/expire/Makefile index 5c0434816..8241b2889 100644 --- a/expire/Makefile +++ b/expire/Makefile @@ -39,7 +39,7 @@ LINK= $(LIBLD) $(LDFLAGS) -o $@ INNLIBS = $(LIBINN) $(LIBS) STORELIBS = $(BOTH) $(STORAGE_LIBS) $(LIBS) -FIX = $(FIXSCRIPT) +FIX = $(SHELL) $(FIXSCRIPT) $(FIXSCRIPT): @echo Run configure before running make. See INSTALL for details. @@ -54,7 +54,7 @@ makedbz: makedbz.o $(LIBINN) ; $(LINK) makedbz.o $(INNLIBS) makehistory: makehistory.o $(BOTH) ; $(LINK) makehistor
Bug#1033180: unblock: stayrtr/0.5.1-1
hangelog 2023-03-05 01:11:49.0 +0100 @@ -1,3 +1,9 @@ +stayrtr (0.5.1-1) unstable; urgency=medium + + * New upstream release. + + -- Marco d'Itri Sun, 05 Mar 2023 01:11:49 +0100 + stayrtr (0.5.0-1) unstable; urgency=medium * New upstream release. diff -Nru stayrtr-0.5.0/debian/patches/series stayrtr-0.5.1/debian/patches/series --- stayrtr-0.5.0/debian/patches/series 2023-02-27 03:20:33.0 +0100 +++ stayrtr-0.5.1/debian/patches/series 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -commit-8a3a71e diff -Nru stayrtr-0.5.0/go.mod stayrtr-0.5.1/go.mod --- stayrtr-0.5.0/go.mod2023-02-23 22:35:40.0 +0100 +++ stayrtr-0.5.1/go.mod2023-03-01 15:36:19.0 +0100 @@ -7,6 +7,6 @@ github.com/prometheus/client_golang v1.11.1 github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.4.0 - golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 + golang.org/x/crypto v0.6.0 + golang.org/x/sys v0.5.0 ) signature.asc Description: PGP signature
Bug#987013: Release goal proposal: Remove Berkeley DB
On Feb 04, Paul Gevers wrote: > I don't see the preparation happening in time for bookworm, so if the > preparations are done for trixie, Berkeley DB can be removed in forky. I object again to removing Berkeley DB: it is mature software and it works fine. At least inn2 uses it, and a "transition" (i.e. rebuilding the overview database with a different indexing method) for a non-trivial server may require hours of downtime. -- ciao, Marco signature.asc Description: PGP signature
Bug#1005273: bullseye-pu: package libretls/3.4.1-2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu As discussed with Moritz Mühlenhoff of the security team I would like to explore the possibility of adding the librtls package to a bullseye point release, to be able to update rpki-client to a newer release via bullseye-security. Backgroud from my precedent message to the security team: https://rpki.exposed/ lists a long number of vulnerabilities affecting software in Debian stable: fort-validator, cfrpki, and rpki-client. (Not routinator, because it is an unpackagable mess of Rust.) (To make a long story short, RPKI is a way to digitally sign BGP routes and all network operators and IXPs are progressively deploying at least a couple of servers each to run the validators.) The RPKI ecosystem is very young, so this was hardly unexpected. While I did significant work trying to establish Debian as the go-to platform for deploying RPKI validators, at this point nobody will use the validators currently in Debian stable. It is not really practical to extract and backport all these patches, so I would like to know from the release managers if they would strongly consider an upload to stable of the current releases of these packages or if I should request instead that they are all removed from stable. fort-validator and cfrpki are currently in proposed-updates, but at the time I did not notice that newer versions of rpki-client require libretls, which did not get in testing in time for the bullseye release. -- ciao, Marco signature.asc Description: PGP signature
Re: multiple RPKI-related vulnerabilities in stable
On Nov 30, Moritz Muehlenhoff wrote: > > https://rpki.exposed/ lists a long number of vulnerabilities affecting > Ironically this website is unreachable since at least yesterday :-) This was the linked page: https://docs.google.com/spreadsheets/d/1uuDlO6g1DLATV5OVCa20kU9OOiX9XWBFoZT2OkOezi8/edit#gid=0 > > It is not really practical to extract and backport all these patches, so > > Let's fix these via bullseye-security, version numbers would be: > rpki-client 7.5-1~deb11u1 > fort-validator 1.5.3-1~deb11u1 > cfrpki 1.4.2-1~deb11u1 Thank you, I have uploaded fort-validator and cfrpki. I forgot that rpki-client now requires libretls, which is not in bullseye, so I will do a backport and discuss what to do with the upstream authors. -- ciao, Marco signature.asc Description: PGP signature
multiple RPKI-related vulnerabilities in stable
https://rpki.exposed/ lists a long number of vulnerabilities affecting software in Debian stable: fort-validator, cfrpki, and rpki-client. (Not routinator, because it is an unpackagable mess of Rust.) (To make a long story short, RPKI is a way to digitally sign BGP routes and all network operators and IXPs are progressively deploying at least a couple of servers each to run the validators.) The RPKI ecosystem is very young, so this was hardly unexpected. While I did significant work trying to establish Debian as the go-to platform for deploying RPKI validators, at this point nobody will use the validators currently in Debian stable. It is not really practical to extract and backport all these patches, so I would like to know from the release managers if they would strongly consider an upload to stable of the current releases of these packages or if I should request instead that they are all removed from stable. Please Cc: me on replies. -- ciao, Marco signature.asc Description: PGP signature
Bug#993049: bullseye-pu: package rpki-trust-anchors/20210817-1+deb11u1
On Aug 27, "Adam D. Barratt" wrote: > The version number for a stable upload needs to be lower than the > version currently in unstable. As a no-change rebuild, the convention > would be 20210817-1~deb11u1, in the same style as backports. > > With that change in mind, please go ahead. Done. But I have also mistakenly uploaded the old +deb11u1 package, sorry. -- ciao, Marco signature.asc Description: PGP signature
Bug#993049: bullseye-pu: package rpki-trust-anchors/20210817-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu rpki-trust-anchors is a data package containing public keys, similar to dns-root-data, which are used by RPKI validators (cfrpki, fort-validator, rpki-client, stayrtr). A stable update is needed because an https URL was finally added to the LACNIC trust anchor. This allows the software currently in stable to use https to download the certificates instead of the problematic and deprecated rsync method. Also, the same package from testing which I have rebuilt here gained a new debconf translation. -- ciao, Marco diff -Nru rpki-trust-anchors-20210417/debian/changelog rpki-trust-anchors-20210817/debian/changelog --- rpki-trust-anchors-20210417/debian/changelog 2021-04-17 11:55:56.0 +0200 +++ rpki-trust-anchors-20210817/debian/changelog 2021-08-27 00:21:41.0 +0200 @@ -1,3 +1,15 @@ +rpki-trust-anchors (20210817-1+deb11u1) bullseye; urgency=medium + + * Rebuilt for the stable distribution. + + -- Marco d'Itri Fri, 27 Aug 2021 00:21:41 +0200 + +rpki-trust-anchors (20210817-1) unstable; urgency=medium + + * Added the https URL to the LACNIC TAL. + + -- Marco d'Itri Tue, 17 Aug 2021 01:03:51 +0200 + rpki-trust-anchors (20210417-1) unstable; urgency=medium * Updated the https URL for the APNIC TAL. diff -Nru rpki-trust-anchors-20210417/debian/control rpki-trust-anchors-20210817/debian/control --- rpki-trust-anchors-20210417/debian/control 2021-04-17 11:53:53.0 +0200 +++ rpki-trust-anchors-20210817/debian/control 2021-08-17 00:53:56.0 +0200 @@ -2,7 +2,7 @@ Section: net Priority: optional Maintainer: Marco d'Itri -Standards-Version: 4.4.1.1 +Standards-Version: 4.5.1.0 Rules-Requires-Root: no Build-Depends: debhelper-compat (= 12), po-debconf Vcs-Git: https://salsa.debian.org/md/rpki-trust-anchors.git diff -Nru rpki-trust-anchors-20210417/debian/po/es.po rpki-trust-anchors-20210817/debian/po/es.po --- rpki-trust-anchors-20210417/debian/po/es.po 1970-01-01 01:00:00.0 +0100 +++ rpki-trust-anchors-20210817/debian/po/es.po 2021-08-17 00:39:31.0 +0200 @@ -0,0 +1,47 @@ +# rpki-trust-anchors po-debconf translation to Spanish. +# Copyright (C) 2021 +# This file is distributed under the same license as the rpki-trust-anchors package. +# Camaleón , 2021. +# +msgid "" +msgstr "" +"Project-Id-Version: rpki-trust-anchors\n" +"Report-Msgid-Bugs-To: rpki-trust-anch...@packages.debian.org\n" +"POT-Creation-Date: 2019-12-14 17:54+0100\n" +"PO-Revision-Date: 2021-04-18 10:31+0200\n" +"Last-Translator: Camaleón \n" +"Language-Team: Debian Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "Do you accept the ARIN Relying Party Agreement (RPA)?" +msgstr "¿Acepta el acuerdo de confianza (Relying Party Agreement, RPA) de ARIN?" + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "" +"ARIN forbids third parties from distributing the Trust Anchor Locator (TAL) " +"for their RPKI repository, hence this package can download it only if you " +"will agree to ARIN's conditions." +msgstr "" +"ARIN prohíbe la distribución a terceras partes del localizador de ancla de " +"confianza (Trust Anchor Locator, TAL) desde su repositorio RPKI, por lo que " +"solo puede descargar este paquete si acepta las condiciones de ARIN." + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "" +"If you want that this package automatically download and installs the ARIN " +"TAL, then you need to accept the ARIN Relying Party Agreement (RPA): https://; +"www.arin.net/resources/manage/rpki/rpa.pdf ." +msgstr "" +"Si desea que este paquete se descargue automáticamente e instale el TAL de " +"ARIN, tiene que aceptar el acuerdo de confianza de ARIN (Relying Party " +"Agreement, RPA): «https://www.arin.net/resources/manage/rpki/rpa.pdf».; \ Manca newline alla fine del file diff -Nru rpki-trust-anchors-20210417/tals/lacnic.tal rpki-trust-anchors-20210817/tals/lacnic.tal --- rpki-trust-anchors-20210417/tals/lacnic.tal 2021-04-17 03:31:46.0 +0200 +++ rpki-trust-anchors-20210817/tals/lacnic.tal 2021-08-17 00:42:23.0 +0200 @@ -1,3 +1,4 @@ +https://rrdp.lacnic.net/ta/rta-lacnic-rpki.cer rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR signature.asc Description: PGP signature
Bug#990778: unblock: whois/5.5.10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois It has been in unstable for 30 days now and it only contains database changes (and one fix for the build process which caused the wrong version to be reported). * Updated the .lb TLD server. * Removed 5 new gTLDs which are no longer active. * Updated the charset for whois.lacnic.net, whois.ax, whois.cira.ca and whois.dns.pt. * Fixed reporting an older version number when using --version. unblock whois/5.5.10 -- ciao, Marco diff -Nru whois-5.5.9/debian/changelog whois-5.5.10/debian/changelog --- whois-5.5.9/debian/changelog 2021-03-28 00:38:20.0 +0100 +++ whois-5.5.10/debian/changelog 2021-06-06 19:54:13.0 +0200 @@ -1,3 +1,13 @@ +whois (5.5.10) unstable; urgency=medium + + * Updated the .lb TLD server. + * Removed 5 new gTLDs which are no longer active. + * Updated the charset for whois.lacnic.net, whois.ax, whois.cira.ca +and whois.dns.pt. + * Fixed reporting an older version number when using --version. + + -- Marco d'Itri Sun, 06 Jun 2021 19:54:13 +0200 + whois (5.5.9) unstable; urgency=medium * Updated the .ga TLD server. diff -Nru whois-5.5.9/Makefile whois-5.5.10/Makefile --- whois-5.5.9/Makefile 2019-12-31 12:14:30.0 +0100 +++ whois-5.5.10/Makefile 2021-06-06 04:13:35.0 +0200 @@ -141,7 +141,7 @@ cd po && $(MAKE) install distclean: clean - rm -f po/whois.pot + rm -f version.h po/whois.pot clean: rm -f Makefile.depend as_del.h as32_del.h ip_del.h ip6_del.h \ diff -Nru whois-5.5.9/new_gtlds_list whois-5.5.10/new_gtlds_list --- whois-5.5.9/new_gtlds_list 2021-02-28 12:58:38.0 +0100 +++ whois-5.5.10/new_gtlds_list 2021-06-06 01:01:07.0 +0200 @@ -383,7 +383,6 @@ frontier ftr fujitsu -fujixerox fun fund furniture @@ -511,7 +510,6 @@ istanbul itau itv -iveco jaguar java jcb @@ -664,7 +662,6 @@ mutual nab nagoya -nationwide natura navy nba @@ -711,7 +708,6 @@ ong onl online -onyourside ooo open oracle @@ -907,7 +903,6 @@ space sport spot -spreadbetting srl stada staples diff -Nru whois-5.5.9/servers_charset_list whois-5.5.10/servers_charset_list --- whois-5.5.9/servers_charset_list 2020-10-03 17:44:03.0 +0200 +++ whois-5.5.10/servers_charset_list 2021-06-06 03:55:46.0 +0200 @@ -4,15 +4,15 @@ whois.corenic.net utf-8 -C UTF-8 whois.online.rs.corenic.net utf-8 -C UTF-8 whois.site.rs.corenic.net utf-8 -C UTF-8 -whois.lacnic.net iso-8859-1 +whois.lacnic.net utf-8 whois.museum utf-8 -C UTF-8 whois.ripe.net iso-8859-1 whois.aeda.net.ae utf-8 whois.nic.ar utf-8 -whois.ax iso-8859-1 +whois.ax utf-8 whois.registro.br iso-8859-1 -whois.cira.ca iso-8859-1 +whois.cira.ca utf-8 whois.nic.ch utf-8 whois.nic.cl utf-8 whois.cnnic.cn utf-8 @@ -47,7 +47,7 @@ whois.iis.nu utf-8 whois.registry.om utf-8 whois.registry.pf utf-8 -whois.dns.pt iso-8859-1 +whois.dns.pt utf-8 whois.registry.qa utf-8 whois.nic.re utf-8 whois.rnids.rs utf-8 diff -Nru whois-5.5.9/tld_serv_list whois-5.5.10/tld_serv_list --- whois-5.5.9/tld_serv_list 2021-02-28 13:25:23.0 +0100 +++ whois-5.5.10/tld_serv_list 2021-06-06 01:00:35.0 +0200 @@ -196,7 +196,7 @@ .ky whois.kyregistry.ky .kz whois.nic.kz .la whois.nic.la -.lb WEB https://web.aub.edu.lb/cgi-bin/lbdr.pl +.lb whois.lbdr.org.lb .lc whois2.afilias-grs.net .li whois.nic.li .lk whois.nic.lk diff -Nru whois-5.5.9/version.h whois-5.5.10/version.h --- whois-5.5.9/version.h 2021-02-16 01:54:39.0 +0100 +++ whois-5.5.10/version.h 1970-01-01 01:00:00.0 +0100 @@ -1,2 +0,0 @@ -#define VERSION "5.5.8" -#define IDSTRING "Md5.5.8" signature.asc Description: PGP signature
Bug#988259: unblock: usrmerge/25
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package usrmerge [ Reason ] Adds a new translation and removes years-dead code. [ Impact ] Spanish users will miss the translation for a package which is going to be used to upgrade all Debian systems. [ Tests ] I do not believe that this package can be automatically tested. [ Risks ] Not really. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] (Anything else the release team should know.) unblock usrmerge/25 -- ciao, Marco diff -Nru usrmerge-24/debian/changelog usrmerge-25/debian/changelog --- usrmerge-24/debian/changelog 2021-01-16 06:02:21.0 +0100 +++ usrmerge-25/debian/changelog 2021-04-27 01:21:48.0 +0200 @@ -1,3 +1,12 @@ +usrmerge (25) unstable; urgency=medium + + * Remove prerm, which has not been needed or even possibly used since +usrmerge version 19 started removing /etc/dpkg/dpkg.cfg.d/usrmerge on +upgrades. (Closes: #982867) + * New debconf translation(s): es. (Closes: #987519) + + -- Marco d'Itri Tue, 27 Apr 2021 01:21:48 +0200 + usrmerge (24) unstable; urgency=medium * Moved the scripts to /usr/lib/usrmerge/ on request of Ubuntu for better diff -Nru usrmerge-24/debian/po/es.po usrmerge-25/debian/po/es.po --- usrmerge-24/debian/po/es.po 1970-01-01 01:00:00.0 +0100 +++ usrmerge-25/debian/po/es.po 2021-04-27 01:17:21.0 +0200 @@ -0,0 +1,54 @@ +# usrmerge po-debconf translation to Spanish. +# Copyright (C) 2021 +# This file is distributed under the same license as the usrmerge package. +# Camaleón , 2021. +# +msgid "" +msgstr "" +"Project-Id-Version: usrmerge\n" +"Report-Msgid-Bugs-To: usrme...@packages.debian.org\n" +"POT-Creation-Date: 2016-02-12 03:06+0100\n" +"PO-Revision-Date: 2021-04-14 08:41+0200\n" +"Last-Translator: Camaleón \n" +"Language-Team: Debian Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: title +#. Description +#: ../usrmerge.templates:1001 +msgid "Automatic conversion to merged /usr" +msgstr "Conversión automática a /usr combinado" + +#. Type: boolean +#. Description +#: ../usrmerge.templates:2001 +msgid "" +"Do you want to convert this system to the merged /usr directories scheme?" +msgstr "" +"¿Desea configurar este sistema para usar el esquema de directorios " +"combinados /usr?" + +#. Type: boolean +#. Description +#: ../usrmerge.templates:2001 +msgid "" +"The usrmerge package will automatically convert the system to the merged /" +"usr directory scheme, in which the /{bin,sbin,lib}/ directories are " +"symlinked to their counterparts in /usr/." +msgstr "" +"El paquete usrmerge ajustará automáticamente el sistema para utilizar " +"un esquema de directorios combinados /usr, en el que los directorios " +"/{bin,sbin,lib}/ están enlazados simbólicamente con sus homólogos en /usr/." + +#. Type: boolean +#. Description +#: ../usrmerge.templates:2001 +msgid "" +"There is no automatic method to restore the precedent configuration, so " +"there is no going back once the conversion has been started." +msgstr "" +"No existe un método automático para restablecer la configuración anterior, " +"por lo que una vez iniciado el proceso de conversión, no podrá revertirlo." diff -Nru usrmerge-24/debian/usrmerge.prerm usrmerge-25/debian/usrmerge.prerm --- usrmerge-24/debian/usrmerge.prerm 2016-02-28 01:53:38.0 +0100 +++ usrmerge-25/debian/usrmerge.prerm 1970-01-01 01:00:00.0 +0100 @@ -1,35 +0,0 @@ -#!/bin/sh -e - -can_remove() { - dpkgconf='/etc/dpkg/dpkg.cfg.d/usrmerge' - - [ -e "$dpkgconf" ] || return 0 - - local pkgs="$(awk '/^# [^ ]+$/ { print $2 }' $dpkgconf)" - [ "$pkgs" ] || return 0 - - local installed="$(dpkg-query --showformat='${Package}\n' --show $pkgs 2> /dev/null)" - - if [ "$installed" ]; then -cat < signature.asc Description: PGP signature
Bug#987649: unblock: libxcrypt/1:4.4.18-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libxcrypt [ Reason ] This fixes some related issues which sometimes caused upgrades to fail, by moving the library back from /usr/lib/ to /lib/ . [ Impact ] Some upgrades to bullseye will randomly fail and we really do not want this. [ Tests ] autopkgtests passed. [ Risks ] The actual change (moving the library back to /lib/) is trivial, and since nothing broke spectacularly as soon as I uploaded the new package then it very probably is fine. There are no changes at all to the udeb. unblock libxcrypt/1:4.4.18-4 -- ciao, Marco diff -Nru libxcrypt-4.4.18/debian/changelog libxcrypt-4.4.18/debian/changelog --- libxcrypt-4.4.18/debian/changelog 2021-03-27 17:11:11.0 +0100 +++ libxcrypt-4.4.18/debian/changelog 2021-04-19 02:46:31.0 +0200 @@ -1,3 +1,24 @@ +libxcrypt (1:4.4.18-4) unstable; urgency=high + + * Move back the .pc file (and also .so and .a) to /usr/lib/ to fix a +regression introduced by the precedent upload. (Closes: #987130) + + -- Marco d'Itri Mon, 19 Apr 2021 02:46:31 +0200 + +libxcrypt (1:4.4.18-3) unstable; urgency=high + + [ Ivo De Decker ] + * Make sure takeover of libcrypt.so.1 from libc6 works correctly on upgrades +from buster to bullseye (Closes: #974552): +- Move the library back from /usr/lib/ to /lib/, because that's where it + was in the old libc6 (Closes: #953562). +- Remove breaks from libcrypt1, to allow installing libcrypt1 before libc6 + is upgraded. +- Mark libcrypt1 as Important and Protected, to prevent removal after a + partial upgrade. + + -- Marco d'Itri Sat, 17 Apr 2021 04:04:04 +0200 + libxcrypt (1:4.4.18-2) unstable; urgency=medium * Stop depending on libltdl-dev and instead just include in the package diff -Nru libxcrypt-4.4.18/debian/control libxcrypt-4.4.18/debian/control --- libxcrypt-4.4.18/debian/control 2021-03-27 17:11:11.0 +0100 +++ libxcrypt-4.4.18/debian/control 2021-04-17 03:43:28.0 +0200 @@ -15,11 +15,8 @@ Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} -Breaks: - libc6 (<< 2.29-4), - libc6.1 (<< 2.29-4) [alpha ia64], - libc0.1 (<< 2.29-4) [kfreebsd-amd64 kfreebsd-i386], - libc0.3 (<< 2.29-4) [hurd-i386], +XB-Important: yes +Protected: yes Replaces: libc6 (<< 2.29-4), libc6.1 (<< 2.29-4) [alpha ia64], diff -Nru libxcrypt-4.4.18/debian/rules libxcrypt-4.4.18/debian/rules --- libxcrypt-4.4.18/debian/rules 2021-03-27 16:02:25.0 +0100 +++ libxcrypt-4.4.18/debian/rules 2021-04-19 02:36:41.0 +0200 @@ -96,6 +96,11 @@ cd build-deb1/ && \ $(MAKE) install DESTDIR=$D + # Move the shared library back to /lib/ because this is where the + # libc6 package used to install it (see #953562 for details). + mkdir -p $D/lib/$(DEB_HOST_MULTIARCH) + mv $D/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypt.so.1* $D/lib/$(DEB_HOST_MULTIARCH)/ + ln -sf /lib/$(DEB_HOST_MULTIARCH)/libcrypt.so.1 $D/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypt.so ifeq ($(BUILD_DEV_VER), 1) dh_movefiles -plibcrypt-dev --sourcedir=debian/libcrypt1/ else signature.asc Description: PGP signature
Bug#987117: unblock: rpki-trust-anchors/20210417-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package rpki-trust-anchors [ Reason ] Contains one new debconf translation and a very important update of the APNIC trust anchor. This change has been requested by APNIC and by one of the rpki-client upstream maintainers, and will also be required by the next release of rpki-client which expects the RRDP and rsync files to have the same name. [ Impact ] Without this change, at least, the next release of rpki-client will not work at all. Since the old URL is not actually the official one, for all I know it may be retired hence breaking all RPKI clients. [ Tests ] I have no idea of how this package could automatically be tested. [ Risks ] Pretty much none, this is a very simple change and the reverse dependencies of rpki-trust-anchors are few packages with (currently) a small user base. unblock rpki-trust-anchors/20210417-1 -- ciao, Marco diff -Nru rpki-trust-anchors-20200621/debian/changelog rpki-trust-anchors-20210417/debian/changelog --- rpki-trust-anchors-20200621/debian/changelog 2020-06-21 19:13:33.0 +0200 +++ rpki-trust-anchors-20210417/debian/changelog 2021-04-17 11:55:56.0 +0200 @@ -1,3 +1,15 @@ +rpki-trust-anchors (20210417-1) unstable; urgency=medium + + * Updated the https URL for the APNIC TAL. + + -- Marco d'Itri Sat, 17 Apr 2021 11:55:56 +0200 + +rpki-trust-anchors (20200621-2) unstable; urgency=medium + + * Added a debconf translation: pt. (Closes: #982337) + + -- Marco d'Itri Sun, 28 Mar 2021 00:30:51 +0100 + rpki-trust-anchors (20200621-1) unstable; urgency=high * Fixed the https URL of the APNIC TAL. (Closes: #963268) diff -Nru rpki-trust-anchors-20200621/debian/po/pt.po rpki-trust-anchors-20210417/debian/po/pt.po --- rpki-trust-anchors-20200621/debian/po/pt.po 1970-01-01 01:00:00.0 +0100 +++ rpki-trust-anchors-20210417/debian/po/pt.po 2021-04-17 11:53:54.0 +0200 @@ -0,0 +1,49 @@ +# Translation of rpki-trust-anchors debconf messages to European Portuguese. +# Copyright (C) 2021 THE rpki-trust-anchors'S COPYRIGHT HOLDER +# This file is distributed under the same license as the rpki-trust-anchors package. +# Américo Monteiro , 2021. +# +msgid "" +msgstr "" +"Project-Id-Version: rpki-trust-anchors_20200621-1\n" +"Report-Msgid-Bugs-To: rpki-trust-anch...@packages.debian.org\n" +"POT-Creation-Date: 2019-12-14 17:54+0100\n" +"PO-Revision-Date: 2021-02-08 23:33+\n" +"Last-Translator: Américo Monteiro \n" +"Language-Team: Portuguese <>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 2.0\n" + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "Do you accept the ARIN Relying Party Agreement (RPA)?" +msgstr "Você aceita o Acordo ARIN Relying Party Agreement (RPA)?" + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "" +"ARIN forbids third parties from distributing the Trust Anchor Locator (TAL) " +"for their RPKI repository, hence this package can download it only if you " +"will agree to ARIN's conditions." +msgstr "" +"ARIN proíbe terceiros de distribuir o Trust Anchor Locator (TAL) para os " +"seus repositórios RPKI, por isso este pacote apenas o pode descarregar se " +"você concordar com as condições do ARIN." + +#. Type: boolean +#. Description +#: ../rpki-trust-anchors.templates:1001 +msgid "" +"If you want that this package automatically download and installs the ARIN " +"TAL, then you need to accept the ARIN Relying Party Agreement (RPA): https://; +"www.arin.net/resources/manage/rpki/rpa.pdf ." +msgstr "" +"Se você quiser isso, este pacote descarrega e instala automaticamente o " +"ARIN TAL, depois você precisa de aceitar o acordo ARIN Relying Party " +"Agreement (RPA): https://www.arin.net/resources/manage/rpki/rpa.pdf ." diff -Nru rpki-trust-anchors-20200621/tals/apnic.tal rpki-trust-anchors-20210417/tals/apnic.tal --- rpki-trust-anchors-20200621/tals/apnic.tal 2020-06-21 19:06:44.0 +0200 +++ rpki-trust-anchors-20210417/tals/apnic.tal 2021-04-17 03:31:46.0 +0200 @@ -1,4 +1,4 @@ -https://tal.apnic.net/apnic.cer +https://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8 signature.asc Description: PGP signature
Bug#987071: unblock: netbase/6.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package netbase One port added. unblock netbase/6.3 -- ciao, Marco diff -Nru netbase-6.2/debian/changelog netbase-6.3/debian/changelog --- netbase-6.2/debian/changelog 2020-10-04 18:06:02.0 +0200 +++ netbase-6.3/debian/changelog 2021-03-27 23:33:28.0 +0100 @@ -1,3 +1,12 @@ +netbase (6.3) unstable; urgency=medium + + * services: added ntske (4460/tcp). (Closes: #983592) + * services: removed the disclaimer about non-used transports. +It is not relevant anymore because all such entries for ports assigned to +non-used transports should have been removed starting from release 5.4. + + -- Marco d'Itri Sat, 27 Mar 2021 23:33:28 +0100 + netbase (6.2) unstable; urgency=medium * services: added https (443/udp) which was removed in 5.4 but now is diff -Nru netbase-6.2/etc/services netbase-6.3/etc/services --- netbase-6.2/etc/services 2020-10-04 16:27:46.0 +0200 +++ netbase-6.3/etc/services 2021-03-27 23:32:57.0 +0100 @@ -1,9 +1,5 @@ # Network services, Internet style # -# Note that it is presently the policy of IANA to assign a single well-known -# port number for both TCP and UDP; hence, officially ports have two entries -# even if the protocol doesn't support UDP operations. -# # Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml . # # New ports will be added on request if they have been officially assigned @@ -217,6 +213,7 @@ epmd 4369/tcp # Erlang Port Mapper Daemon remctl 4373/tcp # Remote Authenticated Command Service f5-iquery 4353/tcp # F5 iQuery +ntske 4460/tcp # Network Time Security Key Establishment ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947] iax 4569/udp # Inter-Asterisk eXchange mtn 4691/tcp # monotone Netsync Protocol signature.asc Description: PGP signature
Bug#987072: unblock: whois/5.5.9
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois [ Reason ] Updated the internal databases. [ Impact ] Will not work correctly for some domains. [ Tests ] No, anybody who cares feel free to contribute some. [ Risks ] Only data changes. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] Yes, VERSION is obviously wrong but it is in the package in testing as well. unblock whois/5.5.9 -- ciao, Marco diff -Nru whois-5.5.8/debian/changelog whois-5.5.9/debian/changelog --- whois-5.5.8/debian/changelog 2021-02-16 01:53:57.0 +0100 +++ whois-5.5.9/debian/changelog 2021-03-28 00:38:20.0 +0100 @@ -1,3 +1,11 @@ +whois (5.5.9) unstable; urgency=medium + + * Updated the .ga TLD server. + * Removed the .cd and cf TLD servers. + * Removed 72 new gTLDs which are no longer active. + + -- Marco d'Itri Sun, 28 Mar 2021 00:38:20 +0100 + whois (5.5.8) unstable; urgency=medium * Added the .xn--4dbrk0ce (.ישראל, Israel) TLD server. diff -Nru whois-5.5.8/new_gtlds_list whois-5.5.9/new_gtlds_list --- whois-5.5.8/new_gtlds_list 2020-10-27 18:29:26.0 +0100 +++ whois-5.5.9/new_gtlds_list 2021-02-28 12:58:38.0 +0100 @@ -19,7 +19,6 @@ accountant accountants aco -active actor adac ads @@ -32,7 +31,6 @@ agakhan agency aig -aigo airbus airforce airtel @@ -121,14 +119,12 @@ bio black blackfriday -blanco blockbuster blog bloomberg blue bms bmw -bnl bnpparibas boats boehringer @@ -138,7 +134,6 @@ boo book booking -boots bosch bostik boston @@ -179,10 +174,8 @@ career careers cars -cartier casa case -caseih cash casino catering @@ -191,7 +184,6 @@ cbn cbre cbs -ceb center ceo cern @@ -204,10 +196,8 @@ chat cheap chintai -chloe christmas chrome -chrysler church cipriani circle @@ -301,11 +291,8 @@ dnp docs doctor -dodge dog -doha domains -doosan dot download drive @@ -313,7 +300,6 @@ dubai duck dunlop -duns dupont durban dvag @@ -329,19 +315,16 @@ engineer engineering enterprises -epost epson equipment ericsson erni esq estate -esurance etisalat eurovision eus events -everbank exchange expert exposed @@ -381,7 +364,6 @@ flir florist flowers -flsmidth fly foo food @@ -441,7 +423,6 @@ goldpoint golf goo -goodhands goodyear goog google @@ -487,7 +468,6 @@ homes homesense honda -honeywell horse hospital host @@ -499,7 +479,6 @@ house how hsbc -htc hughes hyatt hyundai @@ -509,7 +488,6 @@ icu ieee ifm -iinet ikano imamat imdb @@ -523,29 +501,24 @@ institute insurance insure -intel international intuit investments ipiranga irish -iselect ismaili ist istanbul itau itv iveco -iwc jaguar java jcb -jcp jeep jetzt jewelry jio -jlc jll jmp jnj @@ -578,12 +551,10 @@ kuokgroup kyoto lacaixa -ladbrokes lamborghini lamer lancaster lancia -lancome land landrover lanxess @@ -601,7 +572,6 @@ lego lexus lgbt -liaison lidl life lifeinsurance @@ -635,7 +605,6 @@ ltd ltda lundbeck -lupin luxe luxury macys @@ -655,8 +624,6 @@ maserati mattel mba -mcd -mcdonalds mckinsey med media @@ -666,9 +633,7 @@ memorial men menu -meo merckmsd -metlife miami microsoft mini @@ -679,7 +644,6 @@ mls mma mobile -mobily moda moe moi @@ -687,8 +651,6 @@ monash money monster -montblanc -mopar mormon mortgage moscow @@ -696,15 +658,11 @@ motorcycles mov movie -movistar msd mtn -mtpc mtr mutual -mutuelle nab -nadex nagoya nationwide natura @@ -716,7 +674,6 @@ network neustar new -newholland news next nextdirect @@ -760,16 +717,13 @@ oracle orange organic -orientexpress origins osaka otsuka ott ovh page -pamperedchef panasonic -panerai paris pars partners @@ -788,7 +742,6 @@ photography photos physio -piaget pics pictet pictures @@ -858,7 +811,6 @@ rich richardli ricoh -rightathome ril rio rip @@ -886,7 +838,6 @@ sandvikcoromant sanofi sap -sapo sarl sas save @@ -903,7 +854,6 @@ schwarz science scjohnson -scor scot search seat @@ -931,7 +881,6 @@ shouji show showtime -shriram silk sina singles @@ -956,19 +905,15 @@ soy spa space -spiegel sport spot spreadbetting srl -srt stada staples star -starhub statebank statefarm -statoil stc stcgroup stockholm @@ -989,7 +934,6 @@ swiftcover swiss sydney -symantec systems tab taipei @@ -1006,8 +950,6 @@ team tech technology -telecity -telefonica temasek tennis teva @@ -1051,7 +993,6 @@ tvs ubank ubs -uconnect unicom university uno @@ -1075,8 +1016,6 @@ virgin visa vision -vista -vistaprint viva vivo vlaanderen @@ -1093,7 +1032,6 @@ walter wang wanggou -warman watch watches weather @@ -1146,8 +1084,6 @@ xn--6qq986b3xl xn--80adxhks xn--80aqecdr1a -xn--80asehdb -xn--80aswg xn--8y0a063a xn--9dbq2a xn
Bug#987013: Release goal proposal: Remove Berkeley DB
On Apr 16, Bastian Blank wrote: > postfix is easy. Would inn2 be license compliant with a AGPL licensed > BDB, aka able to provide the source to it's users, or what is the plan > anyway? The plan is to continue using 5.3, not upgrading. > slapd defaults to LMDB since several years and you need to > explicitely specify the bdb or hdb backend. Sure, but the point was how to convert existing systems. -- ciao, Marco signature.asc Description: PGP signature
Bug#987013: Release goal proposal: Remove Berkeley DB
On Apr 15, Bastian Blank wrote: > After this time we really should try to get rid of this package, which > even is NMU maintained since three years. I am not persuaded. I maintain libberkeleydb-perl and it works fine, it is mature software. But even if we agree that all the libdb5.3 reverse dependencies must migrate to a different database then probably we will need to keep around db5.3-util (and its dependency libdb5.3) to allow dumping and restoring the databases. Not all software uses libdb as a cache which can just be regenerated and/or supports multiple databases and has internal dump/restore tools. And then all the packages currently depending on libdb5.3 will need to implement, or at least document, a transition strategy. Let me just mention postfix (easy), inn2 (possible but very resources intensive) and slapd (I am not sure, but it is critical and scary). -- ciao, Marco signature.asc Description: PGP signature
Bug#939526: buster-pu: package inn2/2.6.3-1+deb10u1
Control: retitle -1 buster-pu: package inn2/2.6.3-1+deb10u2 Bug #931256 explains in detail why TLS is broken in inn2 in buster, due to the policies of newer openssl versions. As noticed by Adam D. Barratt, the original patch had a bug: it was then solved by the upstream maintainer and the fix has been one month in testing now. diff -Nru inn2-2.6.3/debian/changelog inn2-2.6.3/debian/changelog --- inn2-2.6.3/debian/changelog 2019-02-17 17:52:36.0 +0100 +++ inn2-2.6.3/debian/changelog 2019-10-06 00:51:59.0 +0200 @@ -1,3 +1,11 @@ +inn2 (2.6.3-1+deb10u2) buster; urgency=medium + + * Backported upstream changeset 10344 to fix negotiation of DHE +ciphersuites. (See #931256.) + * Backported upstream changeset 10348 to fix upstream changeset 10344. + + -- Marco d'Itri Sun, 06 Oct 2019 00:51:59 +0200 + inn2 (2.6.3-1) unstable; urgency=medium * New upstream release. diff -Nru inn2-2.6.3/debian/patches/changeset_10344 inn2-2.6.3/debian/patches/changeset_10344 --- inn2-2.6.3/debian/patches/changeset_10344 1970-01-01 01:00:00.0 +0100 +++ inn2-2.6.3/debian/patches/changeset_10344 2019-09-05 22:34:04.0 +0200 @@ -0,0 +1,202 @@ +Index: a/nnrpd/tls.c +=== +--- a/nnrpd/tls.c (revision 10342) a/nnrpd/tls.c (revision 10344) +@@ -96,45 +96,58 @@ + + /* +-** Hardcoded DH parameter files, from OpenSSL. +-** For information on how these files were generated, see +-** "Assigned Number for SKIP Protocols" +-** <http://www.skip-vpn.org/spec/numbers.html>. +-*/ +-static const char file_dh512[] = ++** Hardcoded DH parameter files. ++** These are pre-defined DH groups recommended by RFC 7919 (Appendix A), ++** that have been audited and therefore supposed to be more ++** resistant to attacks than ones randomly generated. ++*/ ++static const char file_ffdhe2048[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak\n\ +-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC\n\ ++MIIBCAKCAQEA//+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n\ +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n\ ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n\ ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n\ ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n\ ++ssbzSibBsu/6iGtCOGEoXJf//wIBAg==\n\ + -END DH PARAMETERS-\n"; + +-static const char file_dh1024[] = ++static const char file_ffdhe4096[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY\n\ +-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6\n\ +-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC\n\ ++MIICCAKCAgEA//+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n\ +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n\ ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n\ ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n\ ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n\ ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n\ ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n\ ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n\ ++8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n\ ++iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n\ ++zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//8CAQI=\n\ + -END DH PARAMETERS-\n"; + +-static const char file_dh2048[] = ++static const char file_ffdhe8192[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\ +-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\ +-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\ +-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\ +-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\ +-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\ +--END DH PARAMETERS-\n"; +- +-static const char file_dh4096[] = +-"-BEGIN DH PARAMETERS-\n\ +-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ\n\ +-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt\n\ +-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS\n\ +-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98\n\ +-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc\n\ +-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM\n\ +-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9\n\ +-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte\n\ +-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH\n\ +-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL\n\ +-KWbuHn491xN
Bug#939526: buster-pu: package inn2/2.6.3-1~deb10u1
On Sep 17, "Adam D. Barratt" wrote: > Shouldn't the assignment to "r" be outside of the conditional? Otherwise, if > ffdheX has previously been initialised, the function will return NULL rather > than the previously loaded buffer. Thank you, upstream confirmed. I did a new upload to unstable and will re-upload to pu next week. -- ciao, Marco signature.asc Description: PGP signature
Bug#939526: buster-pu: package inn2/2.6.3-1~deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Bug #931256 explains in detail why TLS is broken in inn2 in buster, due to the policies of newer openssl versions. This same patch has been in 2.6.3-2 in unstable/testing for two weeks. diff -Nru inn2-2.6.3/debian/changelog inn2-2.6.3/debian/changelog --- inn2-2.6.3/debian/changelog 2019-02-17 17:52:36.0 +0100 +++ inn2-2.6.3/debian/changelog 2019-09-05 23:25:56.0 +0200 @@ -1,3 +1,10 @@ +inn2 (2.6.3-1~deb10u1) buster; urgency=medium + + * Backported upstream changeset 10344 to fix negotiation of DHE +ciphersuites. (See #931256.) + + -- Marco d'Itri Thu, 05 Sep 2019 23:25:56 +0200 + inn2 (2.6.3-1) unstable; urgency=medium * New upstream release. diff -Nru inn2-2.6.3/debian/patches/changeset_10344 inn2-2.6.3/debian/patches/changeset_10344 --- inn2-2.6.3/debian/patches/changeset_10344 1970-01-01 01:00:00.0 +0100 +++ inn2-2.6.3/debian/patches/changeset_10344 2019-09-05 22:34:04.0 +0200 @@ -0,0 +1,202 @@ +Index: a/nnrpd/tls.c +=== +--- a/nnrpd/tls.c (revision 10342) a/nnrpd/tls.c (revision 10344) +@@ -96,45 +96,58 @@ + + /* +-** Hardcoded DH parameter files, from OpenSSL. +-** For information on how these files were generated, see +-** "Assigned Number for SKIP Protocols" +-** <http://www.skip-vpn.org/spec/numbers.html>. +-*/ +-static const char file_dh512[] = ++** Hardcoded DH parameter files. ++** These are pre-defined DH groups recommended by RFC 7919 (Appendix A), ++** that have been audited and therefore supposed to be more ++** resistant to attacks than ones randomly generated. ++*/ ++static const char file_ffdhe2048[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak\n\ +-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC\n\ ++MIIBCAKCAQEA//+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n\ +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n\ ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n\ ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n\ ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n\ ++ssbzSibBsu/6iGtCOGEoXJf//wIBAg==\n\ + -END DH PARAMETERS-\n"; + +-static const char file_dh1024[] = ++static const char file_ffdhe4096[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY\n\ +-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6\n\ +-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC\n\ ++MIICCAKCAgEA//+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n\ +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n\ ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n\ ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n\ ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n\ ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n\ ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n\ ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n\ ++8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n\ ++iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n\ ++zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//8CAQI=\n\ + -END DH PARAMETERS-\n"; + +-static const char file_dh2048[] = ++static const char file_ffdhe8192[] = \ + "-BEGIN DH PARAMETERS-\n\ +-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\ +-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\ +-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\ +-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\ +-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\ +-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\ +--END DH PARAMETERS-\n"; +- +-static const char file_dh4096[] = +-"-BEGIN DH PARAMETERS-\n\ +-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ\n\ +-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt\n\ +-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS\n\ +-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98\n\ +-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc\n\ +-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM\n\ +-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9\n\ +-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte\n\ +-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH\n\ +-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL\n\ +-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\ ++MIIECAKCBAEA//+t+FRYortKm
Bug#930429: unblock: whois/5.4.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois because RIPE was assigned a new network by IANA and without this change it will report all newly allocated networks in Europe as "unknown" (es: "whois 2a10:::"). The timing is a bit unfortunate since the last update of this data was in 2006... unblock whois/5.4.3 diff -Nru whois-5.4.2/debian/changelog whois-5.4.3/debian/changelog --- whois-5.4.2/debian/changelog2019-03-28 00:48:28.0 +0100 +++ whois-5.4.3/debian/changelog2019-06-12 15:03:56.0 +0200 @@ -1,3 +1,9 @@ +whois (5.4.3) unstable; urgency=medium + + * Added the new 2a10:::/12 IPv6 assignment to RIPE. + + -- Marco d'Itri Wed, 12 Jun 2019 15:03:56 +0200 + whois (5.4.2) unstable; urgency=medium * Added the .ss and .xn--mgbah1a3hjkrd (موريتانيا, Mauritania) TLD diff -Nru whois-5.4.2/ip6_del_list whois-5.4.3/ip6_del_list --- whois-5.4.2/ip6_del_list2018-01-21 01:24:51.0 +0100 +++ whois-5.4.3/ip6_del_list2019-06-12 15:01:48.0 +0200 @@ -41,5 +41,6 @@ 2620:::/23 arin 2800:::/12 lacnic 2A00:::/12 ripe +2A10:::/12 ripe 2C00:::/12 afrinic -- ciao, Marco signature.asc Description: PGP signature
Bug#930394: unblock: usrmerge/22
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package usrmerge to support installing the fixed molly-guard in buster. unblock usrmerge/22 diff -Nru usrmerge-21/debian/changelog usrmerge-22/debian/changelog --- usrmerge-21/debian/changelog2019-02-17 17:44:25.0 +0100 +++ usrmerge-22/debian/changelog2019-06-09 14:54:21.0 +0200 @@ -1,3 +1,10 @@ +usrmerge (22) unstable; urgency=medium + + * Added a version to the conflict with molly-guard (see #914716). +(Closes: #914716) + + -- Marco d'Itri Sun, 09 Jun 2019 14:54:21 +0200 + usrmerge (21) unstable; urgency=medium * Added a version to the conflict with ebtables (see #912046). diff -Nru usrmerge-21/debian/control usrmerge-22/debian/control --- usrmerge-21/debian/control 2019-02-17 17:41:06.0 +0100 +++ usrmerge-22/debian/control 2019-06-07 23:58:57.0 +0200 @@ -2,7 +2,7 @@ Section: admin Priority: optional Maintainer: Marco d'Itri -Standards-Version: 4.2.1.1 +Standards-Version: 4.3.0.3 Rules-Requires-Root: no Build-Depends: debhelper (>= 10), po-debconf Vcs-Git: https://salsa.debian.org/md/usrmerge.git @@ -34,7 +34,7 @@ libpng12-0 (<< 1.2.54-4~), libusb-0.1-4 (<< 2:0.1.12-28~), mksh (<< 52b-1~), - molly-guard, + molly-guard (<< 0.7.1+exp1~), musl-dev (<< 1.1.9-1.1~), nano (<< 2.3.99pre3-1~), open-iscsi (<< 2.0.873+git0.3b4b4500-13~), -- ciao, Marco signature.asc Description: PGP signature
Bug#929625: unblock: bird/1.6.6-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the bird package because the version in testing has some serious bugs about routes propagation, better explained in the attached diff. This was discussed in #928141, where one of the upstream maintainers recommended that 1.6.6 should get into testing. The version currently in unstable has been in unstable for three months without any issues, and is the one that I am using in production (while the one currently in testing was toxic in my environment). I am not the bird maintainer, but Ondřej looks busy and I am sure that he will not mind me requesting this. I am attaching a debdiff from which I removed the generated files and some documentation/example changes not relevant for the Debian package. unblock bird/1.6.6-1 -- ciao, Marco diff -Nru bird-1.6.5/ChangeLog bird-1.6.6/ChangeLog --- bird-1.6.5/ChangeLog 2019-01-07 16:29:04.0 +0100 +++ bird-1.6.6/ChangeLog 2019-03-01 00:13:32.0 +0100 @@ -1,3 +1,86 @@ +commit b5d1903bf6ce454716e97828e6e4062bf17ac000 +Author: Ondrej Zajicek (work) +Date: Tue Feb 26 18:10:04 2019 +0100 + +NEWS and version update + +commit 2e7ee1c9d3158603c3b01bbef8559092ae46ae84 +Author: Ondrej Zajicek (work) +Date: Fri Feb 22 02:33:01 2019 +0100 + +Nest: Do not compare rte.flags during rte_update() + +Route flags are mosty internal state of rtable, they are not significant +to whether a route has changed. With the old code, all routes received as +a part of enhanced route refresh are always re-announced to other peers +due to change in REF_STALE. + +commit 797969983d38149f4a0ea1f960becfac88fc2b8e +Author: Ondrej Zajicek (work) +Date: Tue Feb 19 18:32:45 2019 +0100 + +Doc: Detect SP/OpenSP automatically + +commit b3fceeba30bd6a685de0aa17dbe6bcfd77d1ca29 +Author: Ondrej Zajicek (work) +Date: Tue Feb 19 16:21:52 2019 +0100 + +Nest: Prevent withdraws from propagation back to source protocol (for accepted mode) + +Update for one of previous patches, handles the the issue for +first-accepted mode of route propagation. + +commit 2dd9800ab51a309add1c56aa9659c41f30481299 +Author: Ondrej Zajicek (work) +Date: Tue Feb 19 16:00:30 2019 +0100 + +Nest: Improve export counter handling + +One of previous workarounds for phantom route avoidance breaks export +counters by expanding sending of spurious withdraws, which are send when +we are not sure whether we have advertised that routes in the past. +If not, then export counter is decreased, but it was not increased +before, so it overflows under zero. + +The patch fixes that by sending spurious withdraws, but not counting them +on export counter. That may lead to error in the other direction, but +that happens only as a race condition (i.e., in normal operation filters +return proper values about old route export state). + +commit b4438e40efa498325f38f0bf4681ecb2bbba4da7 +Author: Ondrej Zajicek (work) +Date: Wed Jan 30 17:03:30 2019 +0100 + +Nest: Prevent withdraws from propagation back to source protocol + +The earlier fix loosen conditions for not running filters on old +route when deciding about route propagation to a protocol to avoid +issues with ghost routes in some race conditions. + +Unfortunately, the fix also caused back-propagation of withdraws. For +regular updates, back-propagation is prevented in import_control hooks, +but these are not called on withdraws. For them, import_control hooks +are called on old routes instead, changing (old, NULL) notification +to (NULL, NULL), which is ignored. By not calling export processing +in some cases, the withdraw is not ignored and is back-propagated. + +This patch fixes that by contract conditions so the earlier fix is not +applied to back-propagated updates. + +commit ccb37330d062712935b3f3b9c236322d20c177f6 +Author: Ondrej Zajicek (work) +Date: Sat Jan 26 21:03:36 2019 +0100 + +Doc: Add documentation for OSPF retransmit delay option + +Thanks to Igor Podlesny for notification. + +commit e99e7d1c2de3a9b1a737735be2936dadf6ed1ab4 +Author: Ondrej Filip +Date: Mon Jan 7 12:26:21 2019 +0100 + +Added documentation for 'disable after cease' + commit ef8974b7ca7595bc2685b222aa4822c13349a2e1 Author: Ondrej Zajicek (work) Date: Sat Jan 5 00:37:31 2019 +0100 diff -Nru bird-1.6.5/debian/changelog bird-1.6.6/debian/changelog --- bird-1.6.5/debian/changelog 2019-01-15 09:56:09.0 +0100 +++ bird-1.6.6/debian/changelog 2019-03-03 08:56:10.0 +0100 @@ -1,3 +1,9 @@ +bird (1.6.6-1) unstable; urgency=medium + + * New upstream version 1.6.6 + + -- Ondřej Surý Sun, 03 Mar 2019 07:56:10 + + bird (1.6.5-1) unstable; urgency=medium * New upstream version 1.6.5 @@ -187,7 +193,7 @@ bird (1.4.2-1) unstable; urgency=medium * New upstream version
Re: fixing debian-security-support upgrades from stretch (for good)
On May 13, Holger Levsen wrote: > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. I strongly object to adding this package, and its dependency gettext-base, to the transitive essential set. There are many situations where this package is not needed (e.g. containers, where Debian is already quite suboptimal) and it is wrong to force it on every system because it wastes disk space and may cause future troubles (and it already doing this now). This is not acceptable for a package with such a low popcon ranking. I tried installing it (I had never heard of it before) and I see that it immediately complains about the version of binutils currently in unstable, so I also have serious doubts about the usefulness of a security tool which will always report an alarm. -- ciao, Marco signature.asc Description: PGP signature
Bug#928148: RM: libxcrypt/1:4.1.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Since more recent versions of the package have been stuck in NEW for over six months there is no point in shipping in buster this old version which nobody should use anyway. libxcrypt (libcrypt2, libcrypt2-dev) has no reverse depends. -- ciao, Marco signature.asc Description: PGP signature
Bug#925885: unblock: whois/5.4.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois .in and the related IDN TLDs do not work anymore without this patch. Also, added two new TLDs and some minor bug fixes. diff --git a/debian/changelog b/debian/changelog index 706a170..93cb4cc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +whois (5.4.2) unstable; urgency=medium + + * Added the .ss and .xn--mgbah1a3hjkrd (موريتانيا, Mauritania) TLD +servers. + * Updated the .in TLD and related IDN TLDs servers. + * Updated the .fm TLD server. + + -- Marco d'Itri Thu, 28 Mar 2019 00:48:28 +0100 + whois (5.4.1) unstable; urgency=medium * Added the .mw TLD server. diff --git a/po/pl.po b/po/pl.po index fa7ba40..4d021cf 100644 --- a/po/pl.po +++ b/po/pl.po (omitted) diff --git a/tld_serv_list b/tld_serv_list index 27b74e9..421daa5 100644 --- a/tld_serv_list +++ b/tld_serv_list @@ -141,7 +141,7 @@ .fiwhois.fi .fjwhois.usp.ac.fj .fkNONE# http://www.fidc.co.fk/ -.fmWEB http://dot.fm/whois/ +.fmwhois.nic.fm .fowhois.nic.fo .frwhois.nic.fr .gawhois.dot.ga# www.my.ga @@ -173,7 +173,7 @@ .iewhois.iedr.ie .ilwhois.isoc.org.il .imwhois.nic.im -.inwhois.inregistry.net# afilias +.inwhois.registry.in .iowhois.nic.io .iqwhois.cmc.iq# http://www.cmc.iq/en/iq.html .irwhois.nic.ir @@ -280,7 +280,7 @@ .snwhois.nic.sn .sowhois.nic.so .srNONE# www.register.sr -#.ss +.sswhois.nic.ss .stwhois.nic.st .suwhois.tcinet.ru .svWEB http://www.svnet.org.sv/ @@ -350,11 +350,11 @@ # AW means that I had to guess the whois server name, but I was not able # to find any registered subdomains to verify it. -.xn--2scrj9c whois.inregistry.net# India +.xn--2scrj9c whois.registry.in # India .xn--3e0b707e whois.kr# Korea, Republic of -.xn--3hcrj9c whois.inregistry.net# India -.xn--45br5cyl whois.inregistry.net# India -.xn--45brj9c whois.inregistry.net# India, Bengali AW +.xn--3hcrj9c whois.registry.in # India +.xn--45br5cyl whois.registry.in # India +.xn--45brj9c whois.registry.in # India, Bengali AW .xn--54b7fta0ccNONE# Bangladesh .xn--80ao21a whois.nic.kz# Kazakhstan .xn--90a3acwhois.rnids.rs # Serbia @@ -365,12 +365,12 @@ .xn--e1a4c whois.eu# European Union, Cyrillic AW .xn--fiqs8scwhois.cnnic.cn # China, Simplified Chinese .xn--fiqz9scwhois.cnnic.cn # China, Traditional Chinese -.xn--fpcrj9c3d whois.inregistry.net# India, Telugu AW +.xn--fpcrj9c3d whois.registry.in # India, Telugu AW .xn--fzc2c9e2c whois.nic.lk# Sri Lanka, Sinhala -.xn--gecrj9c whois.inregistry.net# India, Gujarati AW -.xn--h2breg3evewhois.inregistry.net# India -.xn--h2brj9c8c whois.inregistry.net# India -.xn--h2brj9c whois.inregistry.net# India, Hindi AW +.xn--gecrj9c whois.registry.in # India, Gujarati AW +.xn--h2breg3evewhois.registry.in # India +.xn--h2brj9c8c whois.registry.in # India +.xn--h2brj9c whois.registry.in # India, Hindi AW .xn--j1amh whois.dotukr.com# Ukraine .xn--j6w193g whois.hkirc.hk # Hong Kong .xn--kprw13d whois.twnic.net.tw # Taiwan, Simplified Chinese @@ -380,13 +380,14 @@ .xn--mgb9awbf whois.registry.om # Oman .xn--mgba3a4f16a whois.nic.ir# Iran .xn--mgbaam7a8hwhois.aeda.net.ae # United Arab Emirates +.xn--mgbah1a3hjkrd whois.nic.mr# Mauritania .xn--mgbai9azgqp6j NONE# Pakistan .xn--mgbayh7gpaWEB http://idn.jo/whois_a.aspx # Jordan -.xn--mgbbh1a71ewhois.inregistry.net# India, Urdu AW -.xn--mgbbh1a whois.inregistry.net# India +.xn--mgbbh1a71ewhois.registry.in # India, Urdu AW +.xn--mgbbh1a whois.registry.in # India .xn--mgbc0a9azcg NONE# Morocco .xn--mgberp4a5d4ar whois.nic.net.sa# Saudi Arabia -.xn--mgbgu82a whois.inregistry.net# India +.xn--mgbgu82a whois.registry.in # India .xn--mgbpl2fh NONE# Sudan .xn--mgbtx2b whois.cmc.iq# Iraq .xn--mgbx4cd0abwhois.mynic.my # Malaysia AW @@ -397,12 +398,12 @@ .xn--p1ai whois.tcinet.ru # Russian Federation .xn--pgbs0dh NONE# Tunisia .xn--qxam WEB https://grweb.ics.forth.gr
Bug#882391: nmu: inn2_2.6.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu inn2 needs to be rebuilt for i386 on stable to fix #882225, because the original package was built in a merged-/usr environment and the configure script picked up the wrong path for gzip. nmu inn2_2.6.1-2 . i386 . stretch . -m "binNMU to fix the gzip path. (Closes: #882225)" -- ciao, Marco signature.asc Description: PGP signature
Bug#869920: stretch-pu: package whois/5.2.17+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu ICANN mandated a whois output change that broke the .com, .net, .jobs, .bz, .cc and .tv gTLDs, so we need a stable update. At the same time I would also like to fix support for 6to4 IP addresses, which I forgot to upload in time for the release. The other changes are just database updates. diff -Nru whois-5.2.15/debian/changelog whois-5.2.17+deb9u1/debian/changelog --- whois-5.2.15/debian/changelog 2017-02-27 00:37:41.0 +0100 +++ whois-5.2.17+deb9u1/debian/changelog2017-07-27 17:45:04.0 +0200 @@ -1,3 +1,32 @@ +whois (5.2.17+deb9u1) unstable; urgency=high + + * Rebuilt for stretch. + + -- Marco d'Itri <m...@linux.it> Thu, 27 Jul 2017 17:45:04 +0200 + +whois (5.2.17) unstable; urgency=high + + * Fixed whois referrals for .com, .net, .jobs, .bz, .cc and .tv, broken +by an ICANN-mandated output change: +https://www.icann.org/resources/pages/rdds-labeling-policy-2017-02-01-en + * Added the .xn--2scrj9c (ಭಾರತ, India), .xn--3hcrj9c (ଭାରତ, India), +.xn--45br5cyl (ভাৰত, India), .xn--h2breg3eve (भारतम्, India), +.xn--h2brj9c8c (भारोत, India), .xn--mgbbh1a (ﺏﺍﺮﺗ, India), +.xn--mgbgu82a (ڀﺍﺮﺗ, India) and .xn--rvc1e0am3e (ഭാരതം, India) +TLD servers. + * Updated the list of new gTLDs. + * whois.1: fixed a typo. (Closes: #866742) + + -- Marco d'Itri <m...@linux.it> Thu, 27 Jul 2017 17:08:47 +0200 + +whois (5.2.16) unstable; urgency=medium + + * Fixed parsing of 6to4 addresses broken in 5.2.15. + * Updated the .do TLD server. + * Updated the list of new gTLDs. + + -- Marco d'Itri <m...@linux.it> Mon, 13 Mar 2017 01:40:38 +0100 + whois (5.2.15) unstable; urgency=medium * Updated the .gf and .mq TLD servers. diff -Nru whois-5.2.15/new_gtlds_list whois-5.2.17+deb9u1/new_gtlds_list --- whois-5.2.15/new_gtlds_list 2017-02-27 00:37:41.0 +0100 +++ whois-5.2.17+deb9u1/new_gtlds_list 2017-07-27 17:44:55.0 +0200 @@ -60,6 +60,7 @@ app apple aquarelle +arab aramco archi army @@ -333,6 +334,7 @@ esq estate esurance +etisalat eurovision eus events @@ -446,6 +448,7 @@ gratis green gripe +grocery group guardian gucci @@ -487,6 +490,7 @@ hosting hot hoteles +hotels hotmail house how @@ -635,6 +639,7 @@ man management mango +map market marketing markets @@ -655,6 +660,7 @@ men menu meo +merckmsd metlife miami microsoft @@ -768,6 +774,7 @@ pet pfizer pharmacy +phd philips phone photo @@ -855,6 +862,7 @@ rogers room rsvp +rugby ruhr run rwe @@ -890,6 +898,7 @@ scjohnson scor scot +search seat secure security @@ -1169,6 +1178,7 @@ xn--kput3i xn--mgba3a3ejt xn--mgba7c0bbn0a +xn--mgbaakc7dvf xn--mgbab2bd xn--mgbb9fbpob xn--mgbca7dzdo @@ -1178,6 +1188,7 @@ xn--mxtq1m xn--ngbc5azd xn--ngbe9e0a +xn--ngbrx xn--nqv7f xn--nqv7fs00ema xn--nyqy26a diff -Nru whois-5.2.15/tld_serv_list whois-5.2.17+deb9u1/tld_serv_list --- whois-5.2.15/tld_serv_list 2017-02-27 00:37:41.0 +0100 +++ whois-5.2.17+deb9u1/tld_serv_list 2017-07-27 17:44:55.0 +0200 @@ -127,7 +127,7 @@ .djWEB http://www.nic.dj/whois.php .dkwhois.dk-hostmaster.dk .dmwhois.nic.dm -.doWEB http://www.nic.do/whois-h.php3 +.dowhois.nic.do .dzwhois.nic.dz .ecwhois.nic.ec .eewhois.tld.ee @@ -183,7 +183,7 @@ .joWEB http://www.dns.jo/Whois.aspx .jpwhois.jprs.jp .kewhois.kenic.or.ke -.kgwhois.domain.kg +.kgwhois.kg .khNONE# http://www.trc.gov.kh/index.php/en/newsCategory/view?id=42_id=68 .kiwhois.nic.ki .kmNONE# www.domaine.km @@ -349,7 +349,10 @@ # AW means that I had to guess the whois server name, but I was not able # to find any registered subdomains to verify it. +.xn--2scrj9c whois.inregistry.net# India .xn--3e0b707e whois.kr# Korea, Republic of +.xn--3hcrj9c whois.inregistry.net# India +.xn--45br5cyl whois.inregistry.net# India .xn--45brj9c whois.inregistry.net# India, Bengali AW .xn--54b7fta0ccNONE# Bangladesh .xn--80ao21a whois.nic.kz# Kazakhstan @@ -364,6 +367,8 @@ .xn--fpcrj9c3d whois.inregistry.net# India, Telugu AW .xn--fzc2c9e2c whois.nic.lk# Sri Lanka, Sinhala .xn--gecrj9c whois.inregistry.net# India, Gujarati AW +.xn--h2breg3evewhois.inregistry.net# India +.xn--h2brj9c8c whois.inregistry.net# India .xn--h2brj9c whois.inregistry.net# India, Hindi AW .xn--j1amh whois.dotukr.com# Ukraine .xn--j6w193g whois.hkirc.hk # Hong Kong @@ -371,24 +376,27 @@ .xn--kpry57d whois.twnic.net.tw # Taiwan, Traditional Chinese .xn--l1acc NONE# Mongolia .xn--lgbbat1ad8j
Bug#863813: unblock: kmod/24-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package kmod A new upstream release with only bug fixes, it has been in unstable since february. https://anonscm.debian.org/cgit/users/md/kmod.git/log/ unblock kmod/24-1 -- ciao, Marco signature.asc Description: PGP signature
Bug#863812: unblock: whois/5.2.15
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois There is some noise not related to Debian, all the relevant changes are related to the database. unblock whois/5.2.15 diff -Nru whois-5.2.14/config.h whois-5.2.15/config.h --- whois-5.2.14/config.h 2015-01-09 03:49:00.0 +0100 +++ whois-5.2.15/config.h 2017-02-27 00:37:41.0 +0100 @@ -13,6 +13,10 @@ /* autoconf in cpp macros */ +#if defined __NetBSD__ || __OpenBSD__ +# include +#endif + #ifdef linux # define ENABLE_NLS #endif @@ -85,7 +89,7 @@ #if (defined __FreeBSD__ && __FreeBSD__ >= 9) || \ (defined __NetBSD__ && __NetBSD_Version__ >= 6) || \ (defined OpenBSD && OpenBSD >= 200805) || \ -(defined __APPLE__ && defined __MACH__) +(defined __APPLE__ && defined __MACH__ && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) # define HAVE_ARC4RANDOM_BUF # undef RANDOM_DEVICE #endif diff -Nru whois-5.2.14/debian/changelog whois-5.2.15/debian/changelog --- whois-5.2.14/debian/changelog 2016-12-29 23:12:19.0 +0100 +++ whois-5.2.15/debian/changelog 2017-02-27 00:37:41.0 +0100 @@ -1,3 +1,14 @@ +whois (5.2.15) unstable; urgency=medium + + * Updated the .gf and .mq TLD servers. + * Updated the list of new gTLDs. + * Updated the charset for whois.nic.kz. + * Fixed multiple portability issues on non-Linux platforms. + * Fixed a lot of minor compiler warnings with no practical effects. + * Added support for libidn2, not enabled yet. + + -- Marco d'Itri <m...@linux.it> Mon, 27 Feb 2017 00:37:41 +0100 + whois (5.2.14) unstable; urgency=medium * Updated the .ar, .bm and .fm TLD servers. diff -Nru whois-5.2.14/Makefile whois-5.2.15/Makefile --- whois-5.2.14/Makefile 2016-03-29 05:37:17.0 +0200 +++ whois-5.2.15/Makefile 2017-02-27 00:37:41.0 +0100 @@ -15,7 +15,7 @@ # FreeBSD #whois_LDADD += -liconv #LIBS += -L/usr/local/lib -lintl -#INCLUDES += -I/usr/local/include +#DEFS += -I/usr/local/include # OS/2 EMX #whois_LDADD += -lsocket @@ -32,10 +32,15 @@ DEFS += -DLOCALEDIR=\"$(BASEDIR)$(prefix)/share/locale\" endif +ifdef HAVE_LIBIDN2 +whois_LDADD += -lidn2 +DEFS += -DHAVE_LIBIDN2 +else ifdef HAVE_LIBIDN whois_LDADD += -lidn DEFS += -DHAVE_LIBIDN endif +endif ifdef HAVE_ICONV whois_OBJECTS += simple_recode.o diff -Nru whois-5.2.14/mkpasswd.c whois-5.2.15/mkpasswd.c --- whois-5.2.14/mkpasswd.c 2016-03-29 05:37:17.0 +0200 +++ whois-5.2.15/mkpasswd.c 2017-02-27 00:37:41.0 +0100 @@ -32,6 +32,7 @@ #endif #include #include +#include #include #include #ifdef HAVE_XCRYPT @@ -123,7 +124,7 @@ void generate_salt(char *const buf, const unsigned int len); void *get_random_bytes(const unsigned int len); -void display_help(int error); +void NORETURN display_help(int error); void display_version(void); void display_methods(void); @@ -150,7 +151,7 @@ /* prepend options from environment */ argv = merge_args(getenv("MKPASSWD_OPTIONS"), argv, ); -while ((ch = GETOPT_LONGISH(argc, argv, "hH:m:5P:R:sS:V", longopts, 0)) +while ((ch = GETOPT_LONGISH(argc, argv, "hH:m:5P:R:sS:V", longopts, NULL)) > 0) { switch (ch) { case '5': @@ -363,7 +364,8 @@ void* get_random_bytes(const unsigned int count) { char *buf; -int fd, bytes_read; +int fd; +ssize_t bytes_read; buf = NOFAIL(malloc(count)); fd = open(RANDOM_DEVICE, O_RDONLY); @@ -394,7 +396,7 @@ unsigned char *entropy; #if defined HAVE_ARC4RANDOM_BUF -void *entropy = NOFAIL(malloc(len)); +entropy = NOFAIL(malloc(len)); arc4random_buf(entropy, len); #else entropy = get_random_bytes(len); @@ -436,7 +438,7 @@ #endif /* RANDOM_DEVICE || HAVE_ARC4RANDOM_BUF */ -void display_help(int error) +void NORETURN display_help(int error) { fprintf((EXIT_SUCCESS == error) ? stdout : stderr, _("Usage: mkpasswd [OPTIONS]... [PASSWORD [SALT]]\n" diff -Nru whois-5.2.14/new_gtlds_list whois-5.2.15/new_gtlds_list --- whois-5.2.14/new_gtlds_list 2016-12-29 23:11:41.0 +0100 +++ whois-5.2.15/new_gtlds_list 2017-02-27 00:37:41.0 +0100 @@ -28,6 +28,7 @@ aetna afamilycompany afl +africa agakhan agency aig diff -Nru whois-5.2.14/servers_charset_list whois-5.2.15/servers_charset_list --- whois-5.2.14/servers_charset_list 2016-12-29 22:29:49.0 +0100 +++ whois-5.2.15/servers_charset_list 2017-02-27 00:37:41.0 +0100 @@ -36,9 +36,7 @@ whois.domain.kgcp1251 whois.nic.or.krutf-8 whois.kr utf-8 -# XXX I had to guess: the server is unable to fully transcode U+49b in the -# answer for xn--e1aybc.xn--80ao21a. Maybe it is cp1251 instead? -whois.nic.kz rk1048 +whois.nic.kz
Re: Merged /usr - supported in stretch?
On Mar 21, Adrian Bunkwrote: > Merged /usr does not seem to be ready for a stable release right now. I disagree: it works quite well. > Not limited to this bug, my general impression of the current state of > merged /usr is that it mostly works - but it is not yet in a state that > it should be used by normal users of Debian stable on production systems. Even if this were true, since it is not enabled by default I do not believe that it would be a concern. > a) be a properly supported and tested feature - including that >problems only visible with merged /usr are considered RC, or Not every bug is RC. > The usrmerge package contains versioned Conflicts on pre-stretch > packages, but the unversioned Conflicts on packages that are still > broken in stretch won't work in scenarios like: The packages which are still not compatible are: - ksh: a trivial patch was provided over one year ago, but the maintainer refuses to merge it - safe-rm: a patch was provided but the maintainer is unsure about how to fix the package - molly-guard: same problem (and same maintainer) of safe-rm I am sure that both safe-rm and molly-guard could be fixed, but I just have not had yet a personal interest in spending a few hours on them. > apt-get install usrmerge > apt-get remove usrmerge > apt-get install ksh While this would be inconvenient for whoever tries to do it, I do not believe that it justifies declaring merged-/usr so much broken to be unsuitable for a release. > yp-tools (no bug report?) I missed that it was fixed long ago, I am updating usrmerge. > What is the status of "dpkg -S" with merged /usr ? I understand that other people are working on improving it, but I think that this is only a cosmetic issue. > a) testing that all packages in stretch can be installed and uninstalled I think that somebody did it recently: this is how they discovered that the xfslibs-dev NMU was lost. > b) automated testing that there are no problems caused by /bin/foo and >/usr/bin/foo shipped in different packages I do this by periodically analysing the Contents files in the archive. > c) testing that the Conflicts of usrmerge cover all packages in jessie >that must be upgraded when installing the usrmerge package See above. > d) searching for packages in previous releases that are no longer in >stretch and that break usrmerge, to have them added to the usrmerge >Conflicts Since I have been working on this for almost three years now I am confident that I have covered packages in both wheezy and jessie. > After reading the wiki page I still don't understand what actual benefit > merged /usr brings that could make me recommend it to a user. Then maybe you should read more carefully the provided references (and find out that it really depends on how you define "user" here). -- ciao, Marco signature.asc Description: PGP signature
Re: OpenSSL 1.1.0
On Nov 16, Pau Garcia i Quileswrote: > * Some obscure feature (e. g. BlaBla20) may be missing or be difficult > to support on a limited number of packages (e. g. apache2) ChaCha20 is hardly obscure: if it is to you then I fear that your opinion on this issue is not informed enough to be useful. -- ciao, Marco signature.asc Description: PGP signature
Bug#782115: unblock: whois/5.2.7
., the Registry Operator for .TEL, NULL, +Tralliance, Inc., the Registry Operator for .travel, NULL, +Access to .XXX ICM REGISTRY WHOIS, NULL, /* .xxx */ /* new gTLDs */ Terms of Use: Users accessing the Donuts WHOIS, NULL, @@ -72,14 +67,19 @@ The whois information provided on this site, , /* mm-registry.com */ ; This data is provided by , NULL, /* ksregistry.net */ This whois service is provided by CentralNic Ltd, , +.Club Domains, LLC, the Registry Operator, NULL, +% Except for agreed Internet operational purposes, NULL, /* .berlin */ +TERMS OF USE: The information in the Whois database, NULL, /* .wang */ +The WHOIS service offered by Neustar, Inc, on behalf, NULL, +The WHOIS service offered by the Registry Operator, NULL, /* .science */ /* ccTLDs */ Access to CCTLD WHOIS information is provided, , /* Afilias */ -Access to ASNIC, by this policy., /* as */ -% The WHOIS service offered by DNS.be, % protect the privacy, /* be */ +This WHOIS information is provided, NULL,/* as */ +% The WHOIS service offered by DNS Belgium, , /* be */ % The WHOIS service offered by EURid, % of the database, /* eu */ -% WHOIS LEGAL STATEMENT AND TERMS CONDITIONS, , /* sx */ -NeuStar, Inc., the Registry, OF THE AVAILABILITY, /* us */ +% WHOIS LEGAL STATEMENT AND TERMS CONDITIONS, NULL,/* sx */ +NeuStar, Inc., the Registry Administrator for .US, NULL, NULL, NULL }; diff -Nru whois-5.2.5/debian/changelog whois-5.2.7/debian/changelog --- whois-5.2.5/debian/changelog2015-03-03 02:49:57.0 +0100 +++ whois-5.2.7/debian/changelog2015-03-25 23:04:46.0 +0100 @@ -1,3 +1,20 @@ +whois (5.2.7) unstable; urgency=medium + + * Removed a bogus disclaimer detection string. + * Updated the list of new gTLDs + + -- Marco d'Itri m...@linux.it Wed, 25 Mar 2015 23:04:44 +0100 + +whois (5.2.6) unstable; urgency=medium + + * Added the .edu.ph TLD server. + * Removed the .gov.py TLD server. (Closes: #780562) + * Updated the list of new gTLDs. + * Implemented hiding multiple disclaimers blocks to improve detection. + * Updated the disclaimer detection strings. + + -- Marco d'Itri m...@linux.it Mon, 23 Mar 2015 04:28:39 +0100 + whois (5.2.5) unstable; urgency=medium * Added the .xn--90ais (.бел, Belarus) TLD server. diff -Nru whois-5.2.5/mkpasswd.c whois-5.2.7/mkpasswd.c --- whois-5.2.5/mkpasswd.c 2015-01-09 03:49:00.0 +0100 +++ whois-5.2.7/mkpasswd.c 2015-03-23 04:32:55.0 +0100 @@ -279,8 +279,10 @@ } else { #ifdef HAVE_SOLARIS_CRYPT_GENSALT salt = crypt_gensalt(salt_prefix, NULL); - if (!salt) + if (!salt) { perror(crypt_gensalt); + exit(2); + } #elif defined HAVE_LINUX_CRYPT_GENSALT void *entropy = get_random_bytes(64); diff -Nru whois-5.2.5/new_gtlds_list whois-5.2.7/new_gtlds_list --- whois-5.2.5/new_gtlds_list 2015-03-03 02:49:57.0 +0100 +++ whois-5.2.7/new_gtlds_list 2015-03-25 23:04:07.0 +0100 @@ -4,11 +4,13 @@ # Any exceptions can be handled in tld_serv_list as usual, since it will # be checked first. +abbott abogado academy accountants active actor +ads adult agency airforce @@ -33,6 +35,7 @@ barclays bargains bayern +bbc beer berlin best @@ -78,9 +81,11 @@ center ceo cern +cfd channel chat cheap +chloe christmas chrome church @@ -119,6 +124,7 @@ dad dance dating +datsun day dclk deals @@ -150,7 +156,9 @@ engineer engineering enterprises +epson equipment +erni esq estate eurovision @@ -161,10 +169,12 @@ expert exposed fail +fan fans farm fashion feedback +film finance financial firmdale @@ -179,6 +189,7 @@ fly foo football +forex forsale foundation frl @@ -203,7 +214,10 @@ gmail gmo gmx +gold goldpoint +golf +goo goog google gop @@ -211,6 +225,7 @@ gratis green gripe +guge guide guitars guru @@ -236,6 +251,7 @@ immo immobilien industries +infiniti ing ink institute @@ -244,6 +260,7 @@ investments irish iwc +java jcb jetzt joburg @@ -264,6 +281,7 @@ lawyer lds lease +leclerc legal lgbt lidl @@ -280,11 +298,13 @@ luxe luxury madrid +maif maison management mango market marketing +markets marriott media meet @@ -303,16 +323,19 @@ moscow motorcycles mov +mtpc nagoya navy network neustar new +news nexus ngo nhk nico ninja +nissan nra nrw ntt @@ -321,11 +344,14 @@ one ong onl +online ooo +oracle organic osaka otsuka ovh +page paris partners parts @@ -335,12 +361,15 @@ photography photos physio +piaget pics +pictet pictures pink pizza place plumbing +plus pohl poker porn @@ -397,6 +426,7 @@ shoes shriram singles +site sky social software @@ -406,6 +436,7 @@ soy space spiegel +spreadbetting study style sucks @@ -421,6 +452,7 @@ tatar tattoo
Bug#780044: unblock: whois/5.2.5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois Data changes only. unblock whois/5.2.5 -- ciao, Marco diff -Nru whois-5.2.4/debian/changelog whois-5.2.5/debian/changelog --- whois-5.2.4/debian/changelog 2015-01-25 04:15:04.0 +0100 +++ whois-5.2.5/debian/changelog 2015-03-03 02:49:57.0 +0100 @@ -1,3 +1,12 @@ +whois (5.2.5) unstable; urgency=medium + + * Added the .xn--90ais (.бел, Belarus) TLD server. + * Updated the .ky TLD server. + * Updated the list of new gTLDs. + * Added new recovered IPv4 allocations. + + -- Marco d'Itri m...@linux.it Tue, 03 Mar 2015 02:15:57 +0100 + whois (5.2.4) unstable; urgency=medium * Fixed referrals handling for the .cc, .tv a .jobs TLDs. diff -Nru whois-5.2.4/ip_del_recovered.h whois-5.2.5/ip_del_recovered.h --- whois-5.2.4/ip_del_recovered.h 2014-09-14 12:52:10.0 +0200 +++ whois-5.2.5/ip_del_recovered.h 2015-03-03 02:49:57.0 +0100 @@ -2,9 +2,13 @@ { 736886784UL, 737411071UL, whois.apnic.net }, { 737476608UL, 738000895UL, whois.apnic.net }, { 738066432UL, 738197503UL, whois.apnic.net }, +{ 755236864UL, 755499007UL, whois.lacnic.net }, +{ 755499008UL, 756023295UL, whois.ripe.net }, { 756023296UL, 757071871UL, whois.arin.net }, { 757071872UL, 759169023UL, whois.arin.net }, { 759169024UL, 759238655UL, whois.apnic.net }, +{ 759431168UL, 759693311UL, whois.lacnic.net }, +{ 759693312UL, 760217599UL, whois.arin.net }, { 760217600UL, 761266175UL, whois.ripe.net }, { 761266176UL, 762314751UL, whois.afrinic.net }, { 762314752UL, 763363327UL, whois.apnic.net }, @@ -12,6 +16,8 @@ { 765460480UL, 767557631UL, whois.lacnic.net }, { 767557632UL, 769589247UL, whois.afrinic.net }, { 769654784UL, 770703359UL, whois.lacnic.net }, +{ 770703360UL, 771227647UL, whois.afrinic.net }, +{ 771227648UL, 771751935UL, whois.apnic.net }, { 2523594752UL, 2523660287UL, whois.apnic.net }, { 2525036544UL, 2525102079UL, whois.apnic.net }, { 2532442112UL, 2532507647UL, whois.apnic.net }, diff -Nru whois-5.2.4/new_gtlds_list whois-5.2.5/new_gtlds_list --- whois-5.2.4/new_gtlds_list 2015-01-25 04:15:04.0 +0100 +++ whois-5.2.5/new_gtlds_list 2015-03-03 02:49:57.0 +0100 @@ -16,6 +16,7 @@ alsace amsterdam android +apartments aquarelle archi army @@ -37,6 +38,7 @@ best bid bike +bingo bio black blackfriday @@ -44,6 +46,7 @@ blue bmw bnpparibas +boats boo boutique brussels @@ -58,6 +61,7 @@ camera camp cancerresearch +canon capetown capital caravan @@ -68,11 +72,14 @@ cartier casa cash +casino catering +cbn center ceo cern channel +chat cheap christmas chrome @@ -100,6 +107,7 @@ cooking cool country +courses credit creditcard cricket @@ -153,6 +161,7 @@ expert exposed fail +fans farm fashion feedback @@ -169,6 +178,7 @@ flsmidth fly foo +football forsale foundation frl @@ -180,6 +190,7 @@ gallery garden gbiz +gdn gent ggee gift @@ -192,6 +203,7 @@ gmail gmo gmx +goldpoint goog google gop @@ -244,6 +256,7 @@ koeln krd kred +kyoto lacaixa land lat @@ -298,9 +311,11 @@ nexus ngo nhk +nico ninja nra nrw +ntt nyc okinawa one @@ -366,9 +381,11 @@ sale samsung sarl +saxo sca scb schmidt +school schule schwarz science @@ -389,6 +406,9 @@ soy space spiegel +study +style +sucks supplies supply support @@ -403,6 +423,7 @@ tax technology temasek +tennis tienda tips tires @@ -411,6 +432,7 @@ tokyo tools top +toshiba town toys trade @@ -496,6 +518,7 @@ xyz yachts yandex +yodobashi yoga yokohama youtube diff -Nru whois-5.2.4/tld_serv_list whois-5.2.5/tld_serv_list --- whois-5.2.4/tld_serv_list 2015-01-25 04:15:04.0 +0100 +++ whois-5.2.5/tld_serv_list 2015-03-03 02:49:57.0 +0100 @@ -192,7 +192,7 @@ .kp NONE # NIC? http://www.star.co.kp/ .kr whois.kr .kw WEB http://www.kw/ -.ky WEB http://kynseweb.messagesecure.com/kywebadmin/ # http://www.icta.ky/ +.ky whois.kyregistry.ky .kz whois.nic.kz .la whois.nic.la .lb WEB http://www.aub.edu.lb/lbdr/ @@ -353,6 +353,7 @@ .xn--45brj9c whois.inregistry.net # India, Bengali AW .xn--80ao21a whois.nic.kz # Kazakhstan .xn--90a3ac whois.rnids.rs # Serbia +.xn--90ais whois.cctld.by # Belarus .xn--clchc0ea0b2g2a9gcd whois.sgnic.sg # Singapore, Tamil .xn--d1alf whois.marnet.mk # Macedonia .xn--fiqs8s cwhois.cnnic.cn # China, Simplified Chinese pgp0YGiPdRJDK.pgp Description: PGP signature
Bug#778766: unblock: whois/5.2.4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois. Some data updates and an important bug fix to restore the support for .cc, .tv and .jobs. unblock whois/5.2.4 https://github.com/rfc1036/whois/commits diff --git a/debian/changelog b/debian/changelog index ca6678a..c6d1187 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +whois (5.2.4) unstable; urgency=medium + + * Fixed referrals handling for the .cc, .tv a .jobs TLDs. + * Updated the list of new gTLDs. + + -- Marco d'Itri m...@linux.it Sun, 25 Jan 2015 04:07:20 +0100 + whois (5.2.3) unstable; urgency=medium * Added the .gw TLD server. diff --git a/new_gtlds_list b/new_gtlds_list index b9f6d91..5e571f8 100644 --- a/new_gtlds_list +++ b/new_gtlds_list @@ -26,7 +26,10 @@ audio autos axa band +bank bar +barclaycard +barclays bargains bayern beer @@ -104,10 +107,12 @@ crs cruises cuisinella cymru +dabur dad dance dating day +dclk deals degree delivery @@ -115,6 +120,7 @@ democrat dental dentist desi +design dev diamonds diet @@ -155,6 +161,7 @@ financial firmdale fish fishing +fit fitness flights florist @@ -185,6 +192,7 @@ globo gmail gmo gmx +goog google gop graphics @@ -195,10 +203,12 @@ guide guitars guru hamburg +hangout haus healthcare help here +hermes hiphop hiv holdings @@ -210,6 +220,7 @@ hosting house how ibm +ifm immo immobilien industries @@ -221,10 +232,12 @@ international investments irish iwc +jcb jetzt joburg juegos kaufen +kddi kim kitchen kiwi @@ -233,6 +246,7 @@ krd kred lacaixa land +lat latrobe lawyer lds @@ -247,6 +261,7 @@ limo link loans london +lotte lotto ltda luxe @@ -257,6 +272,7 @@ management mango market marketing +marriott media meet melbourne @@ -287,6 +303,7 @@ nra nrw nyc okinawa +one ong onl ooo @@ -361,6 +378,7 @@ sew sexy shiksha shoes +shriram singles sky social @@ -384,6 +402,7 @@ tatar tattoo tax technology +temasek tienda tips tires @@ -445,6 +464,7 @@ xn--6qq986b3xl xn--80adxhks xn--80asehdb xn--80aswg +xn--b4w605ferd xn--c1avg xn--cg4bki xn--czr694b diff --git a/tld_serv_list b/tld_serv_list index 46b7c5a..c07ba85 100644 --- a/tld_serv_list +++ b/tld_serv_list @@ -270,7 +270,7 @@ .sewhois.iis.se .sgwhois.sgnic.sg .shwhois.nic.sh -.siwhois.arnes.si +.siwhois.register.si .sjNONE# http://www.norid.no/domenenavnbaser/bv-sj.html .skwhois.sk-nic.sk .slwhois.nic.sl diff --git a/whois.c b/whois.c index fdb2824..accae8a 100644 --- a/whois.c +++ b/whois.c @@ -361,6 +361,9 @@ int handle_query(const char *hserver, const char *hport, if (!server) return 1; +if (*server == '\0') + return 0; + query_string = queryformat(server, flags, query); if (verb) { printf(_(Using server %s.\n), server); @@ -810,9 +813,10 @@ char *query_crsnic(const int sock, const char *query) is queried */ if (state == 0 strneq(buf,Domain Name:, 15)) state = 1; - if (state == 1 strneq(buf,Whois Server:, 16)) { - for (p = buf; *p != ':'; p++); /* skip until colon */ - for (p++; *p == ' '; p++); /* skip colon and spaces */ + if (state == 1 (strneq(buf,Whois Server:, 16) + || strneq(buf,WHOIS Server:, 16))) { + for (p = buf; *p != ':'; p++); /* skip until the colon */ + for (p++; *p == ' '; p++); /* skip the spaces */ referral_server = strdup(p); if ((p = strpbrk(referral_server, \r\n ))) *p = '\0'; -- ciao, Marco pgpwtlw23hlv1.pgp Description: PGP signature
Bug#770396: unblock: whois/5.2.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois. This release fixes a parser bug to allow looking up domains with a trailing dot (which is a surprisingly often requested feature that I broke some time ago) and contains the usual servers updates. No further code changes are expected before wheezy is released, so allowing this bug fix in would prevent me from having to manage a wheezy branch of the package. unblock whois/5.2.2 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- ciao, Marco diff -Nru whois-5.2.1/debian/changelog whois-5.2.2/debian/changelog --- whois-5.2.1/debian/changelog 2014-10-16 02:02:40.0 +0200 +++ whois-5.2.2/debian/changelog 2014-11-12 03:35:56.0 +0100 @@ -1,3 +1,12 @@ +whois (5.2.2) unstable; urgency=medium + + * Fixed the code that removes trailing dots. (Closes: #763834) + * Added the .xn--d1alf (.мкд, Macedonia) and .xn--node (.გე, Georgia) +TLD servers. + * Updated the list of new gTLDs. + + -- Marco d'Itri m...@linux.it Thu, 06 Nov 2014 03:47:43 +0100 + whois (5.2.1) unstable; urgency=medium * Added the .aw and .zm TLD servers. diff -Nru whois-5.2.1/new_gtlds_list whois-5.2.2/new_gtlds_list --- whois-5.2.1/new_gtlds_list 2014-10-16 01:57:19.0 +0200 +++ whois-5.2.2/new_gtlds_list 2014-11-12 03:35:56.0 +0100 @@ -33,6 +33,7 @@ bio black blackfriday +bloomberg blue bmw bnpparibas @@ -103,6 +104,7 @@ day deals degree +delivery democrat dental dentist @@ -120,6 +122,8 @@ eat education email +emerck +energy engineer engineering enterprises @@ -340,7 +344,9 @@ surf surgery suzuki +sydney systems +taipei tatar tattoo tax diff -Nru whois-5.2.1/servers_charset_list whois-5.2.2/servers_charset_list --- whois-5.2.1/servers_charset_list 2014-10-16 01:57:19.0 +0200 +++ whois-5.2.2/servers_charset_list 2014-11-12 03:35:56.0 +0100 @@ -41,6 +41,7 @@ whois.nic.li utf-8 whois.domreg.lt utf-8 whois.dns.lu iso-8859-1 +whois.marnet.mk utf-8 whois.nic.mu utf-8 whois.norid.no iso-8859-1 whois.iis.nu utf-8 diff -Nru whois-5.2.1/tld_serv_list whois-5.2.2/tld_serv_list --- whois-5.2.1/tld_serv_list 2014-10-16 01:57:19.0 +0200 +++ whois-5.2.2/tld_serv_list 2014-11-12 03:35:56.0 +0100 @@ -354,6 +354,7 @@ .xn--80ao21a whois.nic.kz # Kazakhstan .xn--90a3ac whois.rnids.rs # Serbia .xn--clchc0ea0b2g2a9gcd whois.sgnic.sg # Singapore, Tamil +.xn--d1alf whois.marnet.mk # Macedonia .xn--fiqs8s cwhois.cnnic.cn # China, Simplified Chinese .xn--fiqz9s cwhois.cnnic.cn # China, Traditional Chinese .xn--fpcrj9c3d whois.inregistry.net # India, Telugu AW @@ -374,6 +375,7 @@ .xn--mgbc0a9azcg NONE # Morocco .xn--mgberp4a5d4ar whois.nic.net.sa # Saudi Arabia .xn--mgbx4cd0ab whois.mynic.my # Malaysia AW +.xn--node whois.itdc.ge # Georgia .xn--o3cw4h whois.thnic.co.th # Thailand .xn--ogbpf8fl whois.tld.sy # Syria .xn--p1ai whois.tcinet.ru # Russian Federation diff -Nru whois-5.2.1/whois.c whois-5.2.2/whois.c --- whois-5.2.1/whois.c 2014-10-16 01:57:19.0 +0200 +++ whois-5.2.2/whois.c 2014-11-12 03:35:56.0 +0100 @@ -1110,7 +1110,7 @@ /* * Attempt to normalize a query by removing trailing dots and whitespace, * then convert the domain to punycode. - * The function assumes that the domain is the last token of they query. + * The function assumes that the domain is the last token of the query. * Returns a malloc'ed string which needs to be freed by the caller. */ char *normalize_domain(const char *dom) @@ -1121,10 +1121,15 @@ #endif ret = strdup(dom); -/* eat trailing dots and blanks */ -p = ret + strlen(ret); -for (; *p == '.' || *p == ' ' || *p == '\t' || p == ret; p--) +/* start from the last character */ +p = ret + strlen(ret) - 1; +/* and then eat trailing dots and blanks */ +while (p ret) { + if (!(*p == '.' || *p == ' ' || *p == '\t')) + break; *p = '\0'; + p--; +} #ifdef HAVE_LIBIDN /* find the start of the last word if there are spaces in the query */ pgp6G4OeyKKUl.pgp Description: PGP signature
Re: Bug#769046: inn2: Allow for better TLS configurability
Can I merge this for jessie? On Nov 11, christian mock c...@tahina.priv.at wrote: Source: inn2 Severity: wishlist Tags: patch Dear Maintainer, INN, at the moment, supports TLS connections to nnrpd, but does not allow any configuration besides the certificate and key. This means that Wheezy's nnrpd is currently susceptible to the CRIME (because TLS compression is on) and POODLE (because SSLv3 is supported) attacks, should those be exploitable with NNTP. In addition, it supports weak symmetrical ciphers (40 and 56 bit key length). I've patched nnrpd to allow for detailed TLS configuration: protocol versions, cipher suites, compression and whether the client or server choses the cipher can now be configured. With the default configuration, TLS behaviour is unchanged, as to not break existing setups. This patch is to be integrated upstream[0], but ideally I'd like it to be in the next Wheezy point release because I consider the current TLS config to be insecure. The patch, as attached, is against a clean 2.5.4 upstream source, but I'd be happy to provide a patch for quilt if you tell me which package version I should target. regards, cm. [0] https://lists.isc.org/pipermail/inn-workers/2014-November/018339.html diff --git a/doc/pod/inn.conf.pod b/doc/pod/inn.conf.pod index f8f5f79..98ebd6e 100644 --- a/doc/pod/inn.conf.pod +++ b/doc/pod/inn.conf.pod @@ -1054,6 +1054,28 @@ Ipathetc/key.pem. This file must only be readable by the news user or Bnnrpd will refuse to use it. +=item Itlsprotocols + +The list of TLS protocol versions to support. Valid protocols are +BSSLv2, BSSLv3, BTLSv1, BTLSv1.1 and BTLSv1.2. The default +value is B[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]. + +=item Itlsciphers + +The string describing the cipher suites OpenSSL will support. See +OpenSSL's Bcipher command documentation for details. The default is +unset, which uses OpenSSL's default cipher suite list. + +=item Itlsprefer_server_ciphers + +Whether to let the client or the server decide the preferred cipher. +This is a boolean and the default is false. + +=item Itlscompression + +Whether to enable or disable TLS compression support (boolean). The +default is true. + =back =head2 Monitoring diff --git a/doc/pod/news.pod b/doc/pod/news.pod index 4315b3f..64cd93b 100644 --- a/doc/pod/news.pod +++ b/doc/pod/news.pod @@ -1,3 +1,17 @@ +=head1 Changes in TLS configuration + +=over 2 + +=item * + +New parameters used by Bnnrpd to fine-tune the TLS configuration: +Itlsprotocols, Itlsciphers, Itlsprefer_server_ciphers and +Itls_compression. If you've been using TLS with Bnnrpd before, be +aware that the defaults of those parameters may differ from the +previous defaults (which depended on your OpenSSL version). + +=back + =head1 Changes in 2.5.4 =over 2 diff --git a/doc/pod/nnrpd.pod b/doc/pod/nnrpd.pod index 9c13821..32698ae 100644 --- a/doc/pod/nnrpd.pod +++ b/doc/pod/nnrpd.pod @@ -224,6 +224,12 @@ run Bnnrpd. (Change the path to Bnnrpd to match your installation.) You may need to replace Cnntps with C563 if Cnntps isn't defined in F/etc/services on your system. +Optionally, you may set the Itlsprotocols, Itlsciphers, +Itlsprefer_server_ciphers and Itlscompression parameters in +Finn.conf to fine-tune the behaviour of the TLS negotiation whenever +a new attack on the TLS protocol or some supported cipher suite is +discovered. + =head1 PROTOCOL DIFFERENCES Bnnrpd implements the NNTP commands defined in SRFC 3977 (NNTP), diff --git a/include/inn/innconf.h b/include/inn/innconf.h index ee16620..669255c 100644 --- a/include/inn/innconf.h +++ b/include/inn/innconf.h @@ -127,6 +127,10 @@ struct innconf { char *tlscapath;/* Path to a directory of CA certificates */ char *tlscertfile; /* Path to the SSL certificate to use */ char *tlskeyfile; /* Path to the key for the certificate */ +bool tlsprefer_server_ciphers; /* Make server select the cipher */ +bool tlscompression;/* Turn TLS compression on/off */ +struct vector *tlsprotocols; /* List of supported TLS versions */ +char *tlsciphers; /* openssl-style cipher string */ #endif /* HAVE_SSL */ /* Monitoring */ diff --git a/lib/innconf.c b/lib/innconf.c index ded674c..9e6183d 100644 --- a/lib/innconf.c +++ b/lib/innconf.c @@ -231,6 +231,10 @@ const struct config config_table[] = { { K(tlscapath), STRING (NULL) }, { K(tlscertfile), STRING (NULL) }, { K(tlskeyfile), STRING (NULL) }, +{ K(tlsprefer_server_ciphers), BOOL (false) }, +{ K(tlscompression), BOOL(true) }, +{ K(tlsprotocols),LIST(NULL) }, +{ K(tlsciphers), STRING (NULL) }, #endif /* HAVE_SSL */ /* The following settings are used by nnrpd and
Re: Bug#769046: inn2: Allow for better TLS configurability
clone 769046 -1 reassign -1 release.debian.org block 769046 by -1 thanks Can I merge this for jessie? On Nov 11, christian mock c...@tahina.priv.at wrote: This means that Wheezy's nnrpd is currently susceptible to the CRIME (because TLS compression is on) and POODLE (because SSLv3 is supported) attacks, should those be exploitable with NNTP. In addition, it supports weak symmetrical ciphers (40 and 56 bit key length). I've patched nnrpd to allow for detailed TLS configuration: protocol versions, cipher suites, compression and whether the client or server choses the cipher can now be configured. With the default configuration, TLS behaviour is unchanged, as to not break existing setups. This patch is to be integrated upstream[0], but ideally I'd like it to be in the next Wheezy point release because I consider the current TLS config to be insecure. The patch, as attached, is against a clean 2.5.4 upstream source, but I'd be happy to provide a patch for quilt if you tell me which package version I should target. regards, cm. [0] https://lists.isc.org/pipermail/inn-workers/2014-November/018339.html diff --git a/doc/pod/inn.conf.pod b/doc/pod/inn.conf.pod index f8f5f79..98ebd6e 100644 --- a/doc/pod/inn.conf.pod +++ b/doc/pod/inn.conf.pod @@ -1054,6 +1054,28 @@ Ipathetc/key.pem. This file must only be readable by the news user or Bnnrpd will refuse to use it. +=item Itlsprotocols + +The list of TLS protocol versions to support. Valid protocols are +BSSLv2, BSSLv3, BTLSv1, BTLSv1.1 and BTLSv1.2. The default +value is B[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]. + +=item Itlsciphers + +The string describing the cipher suites OpenSSL will support. See +OpenSSL's Bcipher command documentation for details. The default is +unset, which uses OpenSSL's default cipher suite list. + +=item Itlsprefer_server_ciphers + +Whether to let the client or the server decide the preferred cipher. +This is a boolean and the default is false. + +=item Itlscompression + +Whether to enable or disable TLS compression support (boolean). The +default is true. + =back =head2 Monitoring diff --git a/doc/pod/news.pod b/doc/pod/news.pod index 4315b3f..64cd93b 100644 --- a/doc/pod/news.pod +++ b/doc/pod/news.pod @@ -1,3 +1,17 @@ +=head1 Changes in TLS configuration + +=over 2 + +=item * + +New parameters used by Bnnrpd to fine-tune the TLS configuration: +Itlsprotocols, Itlsciphers, Itlsprefer_server_ciphers and +Itls_compression. If you've been using TLS with Bnnrpd before, be +aware that the defaults of those parameters may differ from the +previous defaults (which depended on your OpenSSL version). + +=back + =head1 Changes in 2.5.4 =over 2 diff --git a/doc/pod/nnrpd.pod b/doc/pod/nnrpd.pod index 9c13821..32698ae 100644 --- a/doc/pod/nnrpd.pod +++ b/doc/pod/nnrpd.pod @@ -224,6 +224,12 @@ run Bnnrpd. (Change the path to Bnnrpd to match your installation.) You may need to replace Cnntps with C563 if Cnntps isn't defined in F/etc/services on your system. +Optionally, you may set the Itlsprotocols, Itlsciphers, +Itlsprefer_server_ciphers and Itlscompression parameters in +Finn.conf to fine-tune the behaviour of the TLS negotiation whenever +a new attack on the TLS protocol or some supported cipher suite is +discovered. + =head1 PROTOCOL DIFFERENCES Bnnrpd implements the NNTP commands defined in SRFC 3977 (NNTP), diff --git a/include/inn/innconf.h b/include/inn/innconf.h index ee16620..669255c 100644 --- a/include/inn/innconf.h +++ b/include/inn/innconf.h @@ -127,6 +127,10 @@ struct innconf { char *tlscapath;/* Path to a directory of CA certificates */ char *tlscertfile; /* Path to the SSL certificate to use */ char *tlskeyfile; /* Path to the key for the certificate */ +bool tlsprefer_server_ciphers; /* Make server select the cipher */ +bool tlscompression;/* Turn TLS compression on/off */ +struct vector *tlsprotocols; /* List of supported TLS versions */ +char *tlsciphers; /* openssl-style cipher string */ #endif /* HAVE_SSL */ /* Monitoring */ diff --git a/lib/innconf.c b/lib/innconf.c index ded674c..9e6183d 100644 --- a/lib/innconf.c +++ b/lib/innconf.c @@ -231,6 +231,10 @@ const struct config config_table[] = { { K(tlscapath), STRING (NULL) }, { K(tlscertfile), STRING (NULL) }, { K(tlskeyfile), STRING (NULL) }, +{ K(tlsprefer_server_ciphers), BOOL (false) }, +{ K(tlscompression), BOOL(true) }, +{ K(tlsprotocols),LIST(NULL) }, +{ K(tlsciphers), STRING (NULL) }, #endif /* HAVE_SSL */ /* The following settings are used by nnrpd and rnews. */ diff --git a/nnrpd/tls.c b/nnrpd/tls.c index 62b1a51..22a00c7 100644 --- a/nnrpd/tls.c +++ b/nnrpd/tls.c @@
Bug#769279: Bug#769046: inn2: Allow for better TLS configurability
On Nov 12, Thijs Kinkhorst th...@debian.org wrote: Can you remove SSLv3 from the default list? I do not know the implications wrt clients support. Christian, did you do any tests? +=item Itlscompression +Whether to enable or disable TLS compression support (boolean). The +default is true. Can we default this to false? This is not really useful because CRIME cannot be exploited over NNTP. -- ciao, Marco pgpnrZJ4UZn8b.pgp Description: PGP signature
Re: Re-Proposal - preserve freedom of choice of init systems
In linux.debian.vote Ian Jackson ijack...@chiark.greenend.org.uk wrote: If people want to make Debian derivatives that work only with a particular init system, that's completely fine. The reverse - trying to put back support for sysvinit, if it gets taken out of Debian, would be very very difficult. As the upstream for our ecosystem, we in Debian have a special responsibility to retain the flexibility our downstreams might want. The only downstream distribution that choose to do this was Ubuntu, and they choose to stop using Upstart when it was not accepted as the default init system for Debian rather than keep trying to compete with systemd. Let's try to not conceive hypothetical problems just because you like their solution. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/m1re4i$aoa$1...@posted-at.bofh.it
Bug#733266: pu: package whois/5.1.0
If there are no objections, I will upload 5.1.1~deb7u1 to proposed-updates. FYI, I have no plan to systematically feed back to stable the database entries for the new gTLDs, since they will not be active for many months at least. -- ciao, Marco diff -Nru whois-5.1.0/config.h whois-5.1.1/config.h --- whois-5.1.0/config.h 2013-12-26 10:04:19.0 +0100 +++ whois-5.1.1/config.h 2014-01-11 00:51:03.0 +0100 @@ -1,5 +1,5 @@ /* Program version */ -#define VERSION 5.1.0 +#define VERSION 5.1.1 /* Configurable features */ diff -Nru whois-5.1.0/debian/changelog whois-5.1.1/debian/changelog --- whois-5.1.0/debian/changelog 2013-12-26 10:21:24.0 +0100 +++ whois-5.1.1/debian/changelog 2014-01-11 00:51:45.0 +0100 @@ -1,3 +1,9 @@ +whois (5.1.1) unstable; urgency=medium + + * Added the servers for 29 new gTLDs. + + -- Marco d'Itri m...@linux.it Sat, 11 Jan 2014 00:51:05 +0100 + whois (5.1.0) unstable; urgency=low * Added the .ga, .ml, .pf, .xn--l1acc (.МОН, Mongolia) and diff -Nru whois-5.1.0/tld_serv_list whois-5.1.1/tld_serv_list --- whois-5.1.0/tld_serv_list 2013-12-26 10:20:10.0 +0100 +++ whois-5.1.1/tld_serv_list 2014-01-11 00:50:36.0 +0100 @@ -63,60 +63,89 @@ .xxx whois.nic.xxx # new gTLDs -.academywhois.donuts.co -.bike whois.donuts.co -.buzz whois.nic.buzz -.cabwhois.donuts.co -.camera whois.donuts.co -.camp whois.donuts.co -.careerswhois.donuts.co -.center whois.donuts.co -.clothing whois.donuts.co -.companywhois.donuts.co -.computer whois.donuts.co -.construction whois.donuts.co -.contractorswhois.donuts.co -.diamonds whois.donuts.co -.directory whois.donuts.co -.domainswhois.donuts.co -.enterpriseswhois.donuts.co -.equipment whois.donuts.co -.estate whois.donuts.co -.gallerywhois.donuts.co -.graphics whois.donuts.co -.guru whois.donuts.co -.holdings whois.donuts.co -.kitchenwhois.donuts.co -.land whois.donuts.co -.lighting whois.donuts.co -.limo whois.donuts.co -.management whois.donuts.co -.menu whois.nic.menu -.photographywhois.donuts.co -.photos whois.donuts.co -.plumbing whois.donuts.co -.recipeswhois.donuts.co -.ruhr whois.nic.ruhr -.sexy whois.uniregistry.net -.shoes whois.donuts.co -.singleswhois.donuts.co -.supportwhois.donuts.co -.systemswhois.donuts.co -.tattoo whois.uniregistry.net -.technology whois.donuts.co -.tips whois.donuts.co -.today whois.donuts.co -.unowhois.nic.uno -.ventures whois.donuts.co -.viajes whois.donuts.co -.voyage whois.donuts.co -.xn--55qw42gwhois.conac.cn -.xn--80asehdb whois.online.rs.corenic.net -.xn--80aswg whois.site.rs.corenic.net -.xn--ngbc5azd whois.nic.xn--ngbc5azd -.xn--q9jyb4cdomain-registry-whois.l.google.com -.xn--unup4y whois.donuts.co -.xn--zfr164bwhois.conac.cn +.academy whois.donuts.co +.berlin whois.berlin.tld-box.at +.bike whois.donuts.co +.builders whois.donuts.co +.buzz whois.nic.buzz +.cab whois.donuts.co +.camera whois.donuts.co +.camp whois.donuts.co +.careers whois.donuts.co +.center whois.donuts.co +.ceo whois.nic.ceo +.clothing whois.donuts.co +.codes whois.donuts.co +.coffee whois.donuts.co +.company whois.donuts.co +.computer whois.donuts.co +.construction whois.donuts.co +.contractors whois.donuts.co +.diamonds whois.donuts.co +.directory whois.donuts.co +.domains whois.donuts.co +.education whois.donuts.co +.email whois.donuts.co +.enterprises whois.donuts.co +.equipment whois.donuts.co +.estate whois.donuts.co +.farm whois.donuts.co +.florist whois.donuts.co +.gallery whois.donuts.co +.glass whois.donuts.co +.graphics whois.donuts.co +.guru whois.donuts.co +.holdings whois.donuts.co +.holiday whois.donuts.co +.house whois.donuts.co +.immobilien whois.unitedtld.com +.institute whois.donuts.co +.international whois.donuts.co +.kaufen whois.unitedtld.com +.kitchen whois.donuts.co +.kiwi whois.dot-kiwi.com +.land whois.donuts.co +.lighting whois.donuts.co +.limo whois.donuts.co +.management whois.donuts.co +.menu whois.nic.menu +.ninja whois.unitedtld.com +.onl whois.afilias-srs.net +.photography whois.donuts.co +.photos whois.donuts.co +.plumbing whois.donuts.co +.recipes whois.donuts.co +.repair whois.donuts.co +.ruhr whois.nic.ruhr +.sexy whois.uniregistry.net +.shoes whois.donuts.co +.singles whois.donuts.co +.solar whois.donuts.co +.solutions whois.donuts.co +.support whois.donuts.co +.systems whois.donuts.co +.tattoo whois.uniregistry.net +.technology
Bug#733266: pu: package whois/5.1.0
On Dec 28, Adam D. Barratt a...@adam-barratt.org.uk wrote: This change isn't explicitly documented afaics. Have servers stopped supporting the S flag, or was it not actually supported to begin with? I have forgot the exact details of what it meant, but it was not commonly used and it is not supported anymore by servers: echo '-S 10.0.0.1' | nc whois.ripe.net 43 echo '-S 10.0.0.1' | nc whois.apnic.net 43 -- ciao, Marco signature.asc Description: Digital signature
Bug#733266: pu: package whois/5.1.0
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu whois in stable should be updated due to the many changes in the database. I think that the smartest choice would be to reupload the latest release, once it will have transitioned to testing. All the changes are either documentation and database changes or trivial fixes contributed by Red Hat. The complete diff, after removing the translation updates, is 44 KB, so maybe it is more practical to review the commits in the git repository available from https://github.com/rfc1036/whois . whois (5.1.0) unstable; urgency=low * Added the .ga, .ml, .pf, .xn--l1acc (.МОН, Mongolia) and .xn--mgba3a4f16a (.ﺍیﺭﺎﻧ, Iran) TLD servers. * Added the servers for 54 new gTLDs. * Updated the .bw, .gd, .hn, .sb, .xn--j1amh and .xn--mgberp4a5d4ar TLD servers. * Added new RIPE and APNIC ASN allocations. * Removed the .ck TLD server. * Updated one or more translations. * Applied multiple small fixes contributed by Petr Písař of Red Hat. * Correctly hide the disclaimers for .be and .sx. (Closes: #729366) * Direct queries for private ASN blocks to RIPE. (Closes: #724661) -- Marco d'Itri m...@linux.it Thu, 26 Dec 2013 10:05:43 +0100 whois (5.0.26) unstable; urgency=low * Added the .cf TLD server. * Updated the .bi TLD server. * Added a new ASN allocation. -- Marco d'Itri m...@linux.it Wed, 17 Jul 2013 00:48:12 +0200 whois (5.0.25) unstable; urgency=low * Added the .ax, .bn, .iq, .pw and .rw TLD servers. * Updated one or more translations. -- Marco d'Itri m...@linux.it Fri, 10 May 2013 05:13:47 +0200 whois (5.0.24) unstable; urgency=low * Merged documentation fixes and the whois.conf(5) man page, courtesy of Petr Písař of Red Hat. * Added a new ASN allocation. * Updated one or more translations. (Closes: #705163) -- Marco d'Itri m...@linux.it Thu, 18 Apr 2013 03:36:17 +0200 -- ciao, Marco signature.asc Description: Digital signature
Bug#705651: unblock: inn2/2.5.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package inn2 The first bug can be worked around but it makes the package seriously broken in the real world since it totally breaks control messages processing. The second bug is RC. diff -Nru inn2-2.5.3/debian/changelog inn2-2.5.3/debian/changelog --- inn2-2.5.3/debian/changelog 2012-06-29 02:03:17.0 +0200 +++ inn2-2.5.3/debian/changelog 2013-04-08 09:22:26.0 +0200 @@ -1,3 +1,20 @@ +inn2 (2.5.3-3) unstable; urgency=low + + * Fixed the fix for #690128. + + -- Marco d'Itri m...@linux.it Mon, 08 Apr 2013 09:21:53 +0200 + +inn2 (2.5.3-2) unstable; urgency=low + + * Fixed the fix for #652733, which totally broke pgpverify. +(Closes: #685007) + * Handle upstream renaming of our conffile /etc/news/motd.news to +non-conffile /etc/news/motd.nnrpd. If it has not been modified by +the admin then just remove it. Patch courtesy of Nick Leverton. +(Closes: #690128) + + -- Marco d'Itri m...@linux.it Sun, 07 Apr 2013 21:43:24 +0200 + inn2 (2.5.3-1) unstable; urgency=low * New upstream release. Fixes: diff -Nru inn2-2.5.3/debian/control inn2-2.5.3/debian/control --- inn2-2.5.3/debian/control 2012-06-29 02:24:13.0 +0200 +++ inn2-2.5.3/debian/control 2013-04-08 04:55:37.0 +0200 @@ -7,7 +7,7 @@ Package: inn2 Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, cron, exim4 | mail-transport-agent, time, procps, perl, ${PERLAPI}, libmime-tools-perl +Depends: ${shlibs:Depends}, ${misc:Depends}, cron, default-mta | mail-transport-agent, time, procps, perl, ${PERLAPI}, libmime-tools-perl Pre-Depends: inn2-inews (= 2.3.999+20030227-1) Suggests: gnupg, wget, libgd-gd2-noxpm-perl | libgd-gd2-perl, ${shlibs:Suggests} Replaces: inn, inewsinn, innfeed, ninpaths, inn2-dev @@ -37,7 +37,7 @@ Package: inn2-lfs Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, cron, exim4 | mail-transport-agent, time, procps, perl, ${PERLAPI}, libmime-tools-perl +Depends: ${shlibs:Depends}, ${misc:Depends}, cron, default-mta | mail-transport-agent, time, procps, perl, ${PERLAPI}, libmime-tools-perl Pre-Depends: inn2-inews (= 2.3.999+20030227-1) Suggests: gnupg, wget, libgd-gd2-noxpm-perl | libgd-gd2-perl, ${shlibs:Suggests} Replaces: inn, inewsinn, innfeed, ninpaths, inn2-dev diff -Nru inn2-2.5.3/debian/copyright inn2-2.5.3/debian/copyright --- inn2-2.5.3/debian/copyright 2011-04-14 00:26:37.0 +0200 +++ inn2-2.5.3/debian/copyright 2013-04-07 19:49:10.0 +0200 @@ -9,7 +9,7 @@ different licenses and/or copyrights is covered by the following copyright and license: - Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 + Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 by Internet Systems Consortium, Inc. (ISC) Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 by The Internet Software Consortium and Rich Salz diff -Nru inn2-2.5.3/debian/inn2.postinst inn2-2.5.3/debian/inn2.postinst --- inn2-2.5.3/debian/inn2.postinst 2012-06-28 17:49:56.0 +0200 +++ inn2-2.5.3/debian/inn2.postinst 2013-04-08 09:23:51.0 +0200 @@ -155,6 +155,18 @@ fi } +# #690128: if the old MOTD file has been amended by the admin from default, +# then copy it to the new non-conffile nnrpd MOTD file. +# If not then remove the old MOTD conffile, being sure to cater for rollback. +if [ $1 = configure -a $2 ] +dpkg --compare-versions $2 le-nl 2.5.3-1~; then +if [ -e /etc/news/motd.news.dpkg-backup -a ! -e /etc/news/motd.nnrpd ]; then +echo Renaming modified conffile /etc/news/motd.news to /etc/news/motd.nnrpd. +mv /etc/news/motd.news.dpkg-backup /etc/news/motd.nnrpd +fi +fi +dpkg-maintscript-helper rm_conffile /etc/news/motd.news 2.5.3-1~ -- $@ + case $1 in configure) init_inn_files diff -Nru inn2-2.5.3/debian/inn2.postrm inn2-2.5.3/debian/inn2.postrm --- inn2-2.5.3/debian/inn2.postrm 2011-04-14 00:26:37.0 +0200 +++ inn2-2.5.3/debian/inn2.postrm 2013-04-08 09:23:30.0 +0200 @@ -1,5 +1,10 @@ #!/bin/sh -e +# #690128: if the old MOTD file has been amended by the admin from default, +# then rename it to the new non-conffile nnrpd MOTD file. +# If not then remove the old MOTD conffile, being sure to cater for rollback. +dpkg-maintscript-helper rm_conffile /etc/news/motd.news 2.5.3-1~ -- $@ + if [ $1 = purge ]; then update-rc.d inn2 remove /dev/null if [ -e /var/lib/news/ ]; then diff -Nru inn2-2.5.3/debian/inn2.preinst inn2-2.5.3/debian/inn2.preinst --- inn2-2.5.3/debian/inn2.preinst 2011-04-14 00:26:37.0 +0200 +++ inn2-2.5.3/debian/inn2.preinst 2013-04-07 22:26:24.0 +0200 @@ -20,6 +20,11 @@ fi # 2.3.1-2 } +# #690128: if the old MOTD file has been amended by the admin from default, +# then copy it to the new non-conffile nnrpd MOTD file
Bug#705356: unblock: netbase/5.1
On Apr 15, Jonathan Wiltshire j...@debian.org wrote: * etc-services: removed console (782/tcp). Reverted because #658077 was totally bogus: this entry is not useful. Possibly, if this actually causes a problem. Is it harmless to leave it in place? It is harmful if appears in a release and somebody uses it, because then it will be much harder to remove. * etc-services: added urd (465/tcp). ssmtp and smtps kept as aliases. (Closes: #703175) Only severity normal... * etc-services: added db-lsp (17500/tcp). (Closes: #695708) ... wishlist ... * etc-protocols: added hopopt (0). (Closes: #675339) ... wishlist ... Yes, but they are all trivial changes. * Removed ip6-localnet and ip6-mcastprefix from the default /etc/hosts created by postinst because they have no purpose. (Closes: #688090) ... and normal. This has barely any effect since the code is triggered only if /etc/hosts does not exists (and usually it always exist, since d-i creates it and changed it this way long ago). If those severities aren't accurate please tell the bts. Otherwise, no they are no longer changes we consider urgent. They are all old bugs and could have been cleared up in plenty of time before now. OK, I suck as a maintainer and as a human being and I neglected my packages for most of the last year. But I'd rather move on and fix what can still be fixed. * Made the package Multi-Arch foreign. (Closes: #688396) Definitely not. Why? netbase is just four config files nowadays, it's not like declaring it foreign could break anything. * Slightly raised the ifupdown Breaks version to match Ubuntu. Is there are technical reason for this or just a courtesy to our derivatives? No technical reason, the delta is a few releases which only existed in unstable for a short time (and nobody is supposed to be using anymore due to them being quite experimental). -- ciao, Marco signature.asc Description: Digital signature
Bug#705355: unblock: whois/5.0.23
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package whois Wheeze should really have fixes for these issues. The version currently in testing is totally broken for: - 6to4 addresses (#699928) - Korean domains - Indonesian domains The other changes are trivial. All changes can be reviewed at https://github.com/rfc1036/whois/commits/master (please ignore the most recent changes, which are about version 5.0.24). unblock whois/5.0.23 -- ciao, Marco signature.asc Description: Digital signature
Bug#705356: unblock: netbase/5.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package netbase netbase (5.1) unstable; urgency=low * etc-services: removed console (782/tcp). Reverted because #658077 was totally bogus: this entry is not useful. * etc-services: added urd (465/tcp). ssmtp and smtps kept as aliases. (Closes: #703175) * etc-services: added db-lsp (17500/tcp). (Closes: #695708) * etc-protocols: added hopopt (0). (Closes: #675339) * Removed ip6-localnet and ip6-mcastprefix from the default /etc/hosts created by postinst because they have no purpose. (Closes: #688090) * Made the package Multi-Arch foreign. (Closes: #688396) * Slightly raised the ifupdown Breaks version to match Ubuntu. -- Marco d'Itri m...@linux.it Tue, 02 Apr 2013 02:31:27 +0200 All changes can also be reviewed at http://anonscm.debian.org/gitweb/?p=users/md/netbase.git . diff -Nru netbase-5.0/debian/changelog netbase-5.1/debian/changelog --- netbase-5.0/debian/changelog2012-05-14 01:11:15.0 +0200 +++ netbase-5.1/debian/changelog2013-04-02 02:31:32.0 +0200 @@ -1,3 +1,18 @@ +netbase (5.1) unstable; urgency=low + + * etc-services: removed console (782/tcp). +Reverted because #658077 was totally bogus: this entry is not useful. + * etc-services: added urd (465/tcp). ssmtp and smtps kept as aliases. +(Closes: #703175) + * etc-services: added db-lsp (17500/tcp). (Closes: #695708) + * etc-protocols: added hopopt (0). (Closes: #675339) + * Removed ip6-localnet and ip6-mcastprefix from the default /etc/hosts +created by postinst because they have no purpose. (Closes: #688090) + * Made the package Multi-Arch foreign. (Closes: #688396) + * Slightly raised the ifupdown Breaks version to match Ubuntu. + + -- Marco d'Itri m...@linux.it Tue, 02 Apr 2013 02:31:27 +0200 + netbase (5.0) unstable; urgency=medium * Removed the init script, added Breaks: ifupdown ( 0.7~rc1). diff -Nru netbase-5.0/debian/control netbase-5.1/debian/control --- netbase-5.0/debian/control 2012-05-14 00:55:49.0 +0200 +++ netbase-5.1/debian/control 2013-04-01 23:29:11.0 +0200 @@ -2,14 +2,17 @@ Section: admin Priority: important Maintainer: Marco d'Itri m...@linux.it -Standards-Version: 3.9.3.1 +Standards-Version: 3.9.4.0 Build-Depends: debhelper (= 7) +Vcs-Git: git://git.debian.org/users/md/netbase.git +Vcs-Browser: http://git.debian.org/?p=users/md/netbase.git Package: netbase Architecture: all +Multi-Arch: foreign Depends: lsb-base (= 3.0-6), ${misc:Depends} Conflicts: openbsd-inetd ( 0.20050402-3), inetutils-inetd ( 2:1.4.3+20060719-3) -Breaks: ifupdown ( 0.7~rc1) +Breaks: ifupdown ( 0.7) Recommends: ifupdown Description: Basic TCP/IP networking system This package provides the necessary infrastructure for basic TCP/IP based diff -Nru netbase-5.0/debian/netbase.postinst netbase-5.1/debian/netbase.postinst --- netbase-5.0/debian/netbase.postinst 2012-05-14 00:49:44.0 +0200 +++ netbase-5.1/debian/netbase.postinst 2013-04-01 23:48:42.0 +0200 @@ -6,8 +6,6 @@ cat /etc/hosts -EOF 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback - fe00::0 ip6-localnet - ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters diff -Nru netbase-5.0/debian/source/format netbase-5.1/debian/source/format --- netbase-5.0/debian/source/format2010-06-25 23:02:31.0 +0200 +++ netbase-5.1/debian/source/format2013-04-01 23:29:07.0 +0200 @@ -1 +1 @@ -1.0 +3.0 (native) diff -Nru netbase-5.0/etc-protocols netbase-5.1/etc-protocols --- netbase-5.0/etc-protocols 2011-06-26 13:38:56.0 +0200 +++ netbase-5.1/etc-protocols 2013-04-01 23:29:14.0 +0200 @@ -7,7 +7,7 @@ # If you need a huge list of used numbers please install the nmap package. ip 0 IP # internet protocol, pseudo protocol number -#hopopt0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883] +hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883] icmp 1 ICMP# internet control message protocol igmp 2 IGMP# Internet Group Management ggp3 GGP # gateway-gateway protocol diff -Nru netbase-5.0/etc-services netbase-5.1/etc-services --- netbase-5.0/etc-services2012-05-14 01:07:35.0 +0200 +++ netbase-5.1/etc-services2013-04-01 23:29:14.0 +0200 @@ -158,6 +158,7 @@ microsoft-ds 445/udp kpasswd464/tcp kpasswd464/udp +urd465/tcp ssmtp smtps # URL Rendesvous Directory for SSM saft 487/tcp # Simple Asynchronous File Transfer saft 487/udp isakmp 500/tcp # IPsec - Internet Security Association @@ -466,6 +467,7 @@ bpcd 13782/udp vopied 13783/tcp
please unblock whois
whois (5.0.20) unstable; urgency=low * Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. (Closes: #689486) * Added the .bw, .td, .xn--mgb9awbf (عمان., Oman), .xn--mgberp4a5d4ar (.السعودية, Saudi Arabia) and .xn--mgbx4cd0ab (ﻢﻠﻴﺴﻳﺍ., Malaysia) TLD servers. * Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (ایران., Iran) TLD servers. -- Marco d'Itri m...@linux.it Sun, 07 Oct 2012 01:25:05 +0200 whois (5.0.19) unstable; urgency=low * Added the .post TLD server. * Updated the .co.za SLD servers. (Closes: #687094) * Added the .alt.za, .net.za and .web.za SLD servers. * whois.ua changed (?) the encoding to utf-8. (Closes: #686715) * Fixed the parsing of 6to4 addresses like whois 2002:::. (LP#967311) * Modified the package version check in debian/rules to help Ubuntu maintainers. (Closes: #684526) -- Marco d'Itri m...@linux.it Mon, 17 Sep 2012 21:41:29 +0200 -- ciao, Marco signature.asc Description: Digital signature
Re: Reviewing/unblocking udev/175-7
On Aug 25, Cyril Brulebois k...@debian.org wrote: 1. This one appears twice: + * Moved 60-persistent-input.rules back from udev-gtk-udeb to udev-udeb. +(Closes: #666223) I suspect a copy/paste failure, since 50-udev-default.rules was moved to, but not mentioned in the changelog? It appears twice because I think that the first time I did it wrong (I was a bit confused myself by this as well, but the result looks correct). 2. You want to compress only source with that, right? No... Unless somebody strongly feels that XZ binary packages are not yet acceptable for udev then I will fix this in the next upload. 3. The libusb-dev epoch bump in build-depswasn't mentioned in the changelog. This was reported on debian-devel@, the old version was wrong but the change has no practical consequences. 4. Standards-Version was bumped with no mention in the changelog. Because it required no change to the package. 5. gir1.2-gudev-1.0's section was changed from libs to introspection with no mention in the changelog. The change merely reflects the actual status in the archive. 6. udev_conf_comments wasn't mentioned in the changelog. Following my theory that the change speaks for itself, and that if you do not see it then you do not need to care that something has changed. As mentioned on IRC, 17x vs. 18y for wheezy is for another day… Either way will require a lot of work, but I think that I will make a 18x upload to experimental. -- ciao, Marco signature.asc Description: Digital signature
Re: Possible release note for systems running PHP through CGI.
On Aug 20, Wouter Verhelst w...@uter.be wrote: But some sites accept file uploads with arbitrary names, perhaps expected to be a JPEG image, but actually named bar.php.jpeg and containing malicious server-side PHP which they could execute from the browser. Don't Do That Then(TM). I see that you are not in the web hosting business. g Millions of web sites do this, so now matter how a bad practice this is (and I agree that it is) we need to do everything possible to work around insecure web sites. Also, we are talking about PHP: if educating developers were possible, they would not use PHP in the first place. The right solution to this problem is instead to write your upload scripts so that they True. But you do not dictate solutions to the 16 year old webmaster who happens to be the cousin of your customer. -- ciao, Marco signature.asc Description: Digital signature
Re: Possible release note for systems running PHP through CGI.
On Aug 19, Charles Plessy ple...@debian.org wrote: - PHP scripts can be executed by Apache httpd through libapache2-mod-php5 or php5-cgi. Debian recommends libapache2-mod-php5, but there are still This is another issue which concerns me, since mod_php forces the use of preforking apache, which means that the server will either stop serving pages or OOM at the first hint of real traffic. (And obviously mod_php is wildly insecure for multitenants servers.) thousands of installations wich report the use of php5-cgi according to the Popularity Contest statistics. Yes, because sensible people who need PHP will try to use it as CGI/FastCGI (or FPM, finally in wheezy). - This breaks the websites executing PHP scripts through php5-cgi, and a solution is being be documented in the php5 package's NEWS file. http://anonscm.debian.org/gitweb/?p=pkg-php/php.git;a=commitdiff;h=f7a6351c620075a9d2a551fbed38ea26919f0d94 I think that this entry is too mild/vague: - including but possibly not limited to the Apache HTTPD Server: such a major issue justifies being specific about the affected packages - too many mays, while the entry should clearly state, maybe in caps, something like this will almost certainly break your server if you use PHP as CGI/FastCGI, and also leak your source code and passwords This will interrupt upgrade of servers using php5-cgi, but to avoid surprises, the rough consensus in #674089 is also to document the same information in the release notes. I agree with the interrupting upgrades for such a major package is going to be annoying. I am also concerned that a *simple* solution to restore the old behaviour in a secure way is not provided: maybe php5-cgi should install a sensible default configuration in /etc/apache2/conf.d/ ? -- ciao, Marco signature.asc Description: Digital signature
Re: please unblock kmod
On Aug 18, Julien Cristau jcris...@debian.org wrote: It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. What does this fix? The important changes seem to be in the previous version already, the remaining changes are essentially in the testsuite AFAICT? There are no major changes, mostly a few depmod fixes, but I see this as an argument in favour of transitioning the package since it was uploaded long ago and before the freeze. The second argument is that I need to include in the next upload an important bug fix from GIT[1] which applies to version 9, and I would rather not waste time managing t-p-u only uploads and making sure that the patch is both literally and logically compatible with version 8. [1] the last two commits: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git -- ciao, Marco signature.asc Description: Digital signature
please unblock kmod
It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. -- ciao, Marco signature.asc Description: Digital signature
please unblock tcp-wrappers
diff -urpN a/debian/changelog b/debian/changelog --- a/debian/changelog 2012-02-19 01:42:55.0 +0100 +++ b/debian/changelog 2012-07-30 03:54:25.0 +0200 @@ -1,3 +1,11 @@ +tcp-wrappers (7.6.q-24) unstable; urgency=low + + * Do not remove /etc/hosts.{allow,deny} on purge of libwrap0 if it is +installed for multiple architectures. (Closes: #682425) +Patch courtesy of Jonathan Nieder. + + -- Marco d'Itri m...@linux.it Mon, 30 Jul 2012 03:37:41 +0200 + tcp-wrappers (7.6.q-23) unstable; urgency=medium * Correctly install libwrap.{a,so} in the multiarch directory. diff -urpN a/debian/control b/debian/control --- a/debian/control2012-02-19 01:37:57.0 +0100 +++ b/debian/control2012-07-30 03:48:21.0 +0200 @@ -3,7 +3,7 @@ Section: net Priority: important Maintainer: Marco d'Itri m...@linux.it Build-Depends: debhelper (= 8.1.3), dpkg-dev (= 1.14.8) -Standards-Version: 3.9.2 +Standards-Version: 3.9.3.1 Package: tcpd Priority: optional diff -urpN a/debian/libwrap0.postrm b/debian/libwrap0.postrm --- a/debian/libwrap0.postrm2010-05-23 16:31:19.0 +0200 +++ b/debian/libwrap0.postrm2012-07-30 03:47:54.0 +0200 @@ -1,6 +1,7 @@ #!/bin/sh -e -if [ $1 = purge ]; then +if [ $1 = purge ] \ + [ $(dpkg-query --show libwrap0 2 /dev/null | wc -l) = 1 ]; then rm -f /etc/hosts.allow /etc/hosts.deny fi diff -urpN a/debian/source/options b/debian/source/options --- a/debian/source/options 1970-01-01 01:00:00.0 +0100 +++ b/debian/source/options 2012-07-30 03:50:57.0 +0200 @@ -0,0 +1 @@ +compression=xz -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120812140707.ga14...@bongo.bofh.it
Re: please unblock kmod
On Aug 12, Cyril Brulebois k...@debian.org wrote: Marco d'Itri m...@linux.it (12/08/2012): It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. Please be patient, we don't need noise. sure, but can you clarify which event I need to wait for, so that I will not create any other unnecessary noise? I also have a few minor changes waiting (building the udeb with -Os, documentation fixes): should I upload a new package right now or wait for this one to migrate to testing? -- ciao, Marco signature.asc Description: Digital signature
please unblock whois
diff -urNp whois-5.0.17/debian/changelog whois-5.0.18/debian/changelog --- whois-5.0.17/debian/changelog 2012-06-25 03:36:11.0 +0200 +++ whois-5.0.18/debian/changelog 2012-07-22 20:36:48.279334628 +0200 @@ -1,3 +1,11 @@ +whois (5.0.18) unstable; urgency=low + + * Updated the .ae and .xn--mgbaam7a8h (.امارات, United Arabs Emirates) +TLDs. + * Updated the server charset table for .fr and .it. + + -- Marco d'Itri m...@linux.it Sun, 22 Jul 2012 20:35:18 +0200 + whois (5.0.17) unstable; urgency=medium * Updated the .bi, .fo, .gr and .gt TLD servers. diff -urNp whois-5.0.17/servers_charset_list whois-5.0.18/servers_charset_list --- whois-5.0.17/servers_charset_list 2012-06-08 06:45:36.0 +0200 +++ whois-5.0.18/servers_charset_list 2012-07-22 20:35:10.590850093 +0200 @@ -3,7 +3,7 @@ whois.corenic.net utf-8 -C UTF-8 whois.cat utf-8 -C UTF-8 whois.museum utf-8 -C UTF-8 -whois.aeda.ae utf-8 +whois.aeda.net.ae utf-8 whois.nic.br iso-8859-1 whois.cira.ca iso-8859-1 whois.nic.ch utf-8 @@ -18,12 +18,13 @@ whois.eenet.ee iso-8859-1 whois.eu utf-8 whois.ficora.fiiso-8859-1 whois.nic.fo utf-8 -whois.nic.fr iso-8859-1 +whois.nic.fr utf-8 whois.hkirc.hk utf-8 whois.nic.hr utf-8 whois.nic.hu iso-8859-1 whois.nic.ir utf-8 whois.isnic.is iso-8859-1 +whois.nic.it utf-8 whois.jprs.jp iso-2022-jp whois.nic.ad.jpiso-2022-jp whois.nic.or.kreuc-kr diff -urNp whois-5.0.17/tld_serv_list whois-5.0.18/tld_serv_list --- whois-5.0.17/tld_serv_list 2012-06-25 03:27:50.0 +0200 +++ whois-5.0.18/tld_serv_list 2012-07-22 20:35:12.266859267 +0200 @@ -58,7 +58,7 @@ .acwhois.nic.ac .adNONE# www.nic.ad -.aewhois.aeda.ae +.aewhois.aeda.net.ae .afwhois.nic.af .agwhois.nic.ag .aiwhois.ai @@ -357,7 +357,7 @@ .xn--kpry57d whois.twnic.net.tw # Taiwan, Traditional Chinese .xn--lgbbat1ad8j whois.nic.dz# Algeria .xn--mgba3a4f16a whois.nic.ir# Iran -.xn--mgbaam7a8hwhois.aeda.ae # United Arab Emirates +.xn--mgbaam7a8hwhois.aeda.net.ae # United Arab Emirates .xn--mgbayh7gpaWEB http://idn.jo/whois_a.aspx # Jordan .xn--mgbbh1a71ewhois.registry.in # India, Urdu AW #.xn--mgbc0a9azcg whois.iam.net.ma# Morocco -- ciao, Marco signature.asc Description: Digital signature
please unblock kmod
It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. -- ciao, Marco signature.asc Description: Digital signature
Re: please unblock kmod
On Jul 27, Cyril Brulebois k...@debian.org wrote: Marco d'Itri m...@linux.it (27/07/2012): It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. NACK for now. Can you be a little more specific? -- ciao, Marco signature.asc Description: Digital signature
please unblock kmod
It was uploaded before the freeze cutoff, but it needs an ack by the d-i team. -- ciao, Marco signature.asc Description: Digital signature
Re: Thank you so much for breaking d-i!
On Jul 15, Cyril Brulebois k...@debian.org wrote: thanks to the totally uncoordinated switch from module-init-tools to kmod, d-i is badly broken. We're in freeze, neither debian-boot or debian-release were contacted, that's a huge success! WTF are you talking about? We switched from module-init-tools to kmod months ago, and the last time I discussed d-i and modules with debian-boot people my understanding was that modules are now loaded by busybox. module-init-tools is not coming back, if d-i still needs something from kmod then just let me know without getting crazy for no reason. -- ciao, Marco signature.asc Description: Digital signature
which udev release for wheezy?
Due to my day job commitments[1] I have been unable to work on udev for the last six months[2]. My original plan was to ship in wheezy udev 182, which was released in March, but I missed the freeze deadline and I know that uploading it now without comments would not be approved by the release team. There are no significant functional differences between 175 and 182, except for it depending on devtmpfs (which is not a problem for us), but the source trees are very different due to some big source reorganization which happened in release 176 (files were moved and some external binaries have become builtin). I believe that the very small number of changes since 176 (released on january 11) show that upstream udev 182 is a stable release suitable for wheezy. The alternative is to ship udev 175 (the version currently in testing) with 35-40 backported patches to fix its bugs. As the udev maintainer and frequent upstream contributor since it exists, it is my opinion that attempting to ship udev 175 + patches would be very time consuming and probably deliver a package with more bugs. While it may be be possible to backport all the newer fixes to 175, I fear that this would introduce subtle bugs due to the big source changes in 183, and then we would end up anyway with something unsupported and hated by the upstream maintainers. My proposal for wheezy is to: - immediately fix a few major packaging issues of udev 175 in testing - upload udev 182 to unstable and keep it there for a few months - evaluate migrating 182 to testing later (in september?) [1] http://www.flickr.com/photos/seeweb/ are the photographic proofs [2] Why I did not search for co-maintainers? It did not work for ppp -- ciao, Marco signature.asc Description: Digital signature
3.x kernels fix for the stable module-init-tools
Please approve the updated module-init-tools package, the trivial patch comes from upstream and has been in testing for months. diff -u module-init-tools-3.12/debian/changelog module-init-tools-3.12/debian/changelog --- module-init-tools-3.12/debian/changelog +++ module-init-tools-3.12/debian/changelog @@ -1,3 +1,9 @@ +module-init-tools (3.12-2) stable; urgency=low + + * Backported upstream commit 3328d17 to support 3.x kernels. + + -- Marco d'Itri m...@linux.it Sun, 30 Oct 2011 03:09:19 +0100 + module-init-tools (3.12-1) unstable; urgency=low * New upstream release. diff -u module-init-tools-3.12/debian/patches/series module-init-tools-3.12/debian/patches/series --- module-init-tools-3.12/debian/patches/series +++ module-init-tools-3.12/debian/patches/series @@ -1,3 +1,5 @@ +commit-3328d17 + # fixes to be pushed upstream document_depmod_m only in patch2: unchanged: --- module-init-tools-3.12.orig/debian/patches/commit-3328d17 +++ module-init-tools-3.12/debian/patches/commit-3328d17 @@ -0,0 +1,24 @@ +commit 3328d178247017affd90b7897393699f2f45227d +Author: Michal Marek mma...@suse.cz +Date: Mon May 30 15:58:43 2011 +0200 + +depmod: Handle X.Y kernel versions + +What a stupid check. + +Signed-off-by: Michal Marek mma...@suse.cz +Signed-off-by: Jon Masters j...@jonmasters.org + +diff --git a/depmod.c b/depmod.c +index abfb11e..98a5efa 100644 +--- a/depmod.c b/depmod.c +@@ -247,7 +247,7 @@ static int is_version_number(const char *version) + { + unsigned int dummy; + +- return (sscanf(version, %u.%u.%u, dummy, dummy, dummy) == 3); ++ return (sscanf(version, %u.%u, dummy, dummy) == 2); + } + + static int old_module_version(const char *version) -- ciao, Marco signature.asc Description: Digital signature
please unblock udev
-- ciao, Marco signature.asc Description: Digital signature
please unblock udev
-- ciao, Marco signature.asc Description: Digital signature
please unblock udev
-- ciao, Marco signature.asc Description: Digital signature
please unblock ppp
ppp (2.4.5-5) unstable; urgency=medium * Updated debconf translation: da. (Closes: #601791) -- Marco d'Itri m...@linux.it Wed, 19 Jan 2011 23:24:16 +0100 -- ciao, Marco signature.asc Description: Digital signature
please unblock udev
udev (164-4) unstable; urgency=medium * Backported multiple keymap and documentation bug fixes. * Removed dead usplash support code from initramfs.top. (Closes: #609279) * Updated one or more debconf translations. (Closes: #606997) -- Marco d'Itri m...@linux.it Wed, 19 Jan 2011 23:32:40 +0100 -- ciao, Marco signature.asc Description: Digital signature
please unblock netbase
netbase (4.45) unstable; urgency=high * etc-services: added 4691 (mtn). (Closes: #607858) * etc-protocols: added dccp (33). (Closes: #610536) -- Marco d'Itri m...@linux.it Wed, 19 Jan 2011 23:14:59 +0100 -- ciao, Marco signature.asc Description: Digital signature
Re: Bug#603710: root and swap devices on lvm do not correctly show up in udev (missing symlinks)
On Dec 24, Julien Cristau jcris...@debian.org wrote: I don't know. You say there's a RC bug in our lvm package, so you could provide a patch or NMU, or at least give some details about this since you seem to know what this is about and there's no details in the bug log... This is what the upstream maintainer had to say on the matter: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590665#20 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593625#25 I had to revert the change discussed in #593625 because the LVM rules have not been updated. I do not know lvm enough to provide a reasonably safe patch. -- ciao, Marco signature.asc Description: Digital signature
Re: udev 164-3 in squeeze?
On Dec 18, Christian PERRIER bubu...@debian.org wrote: Is udev 164-3 OK for release? I don't really know the impact of the Yes, and I still have one pending translation to merge. -- ciao, Marco signature.asc Description: Digital signature
Re: Bug#603710: root and swap devices on lvm do not correctly show up in udev (missing symlinks)
On Dec 16, Julien Cristau jcris...@debian.org wrote: CCing the release team to raise awareness for this issue. I have no idea what this is about, but it seems you guys need to fight LVM is unreliable in squeeze. it out and then come back to us when you have packages you want to see in squeeze? The upstream maintainer requested that the udev rules are updated, and so I did. I even added back a bug to udev because this was not fixed. The maintainer did not provide any counterargument. What else should I do? -- ciao, Marco signature.asc Description: Digital signature
Re: Bug#598135: Severity
On Dec 01, Neil McGovern ne...@debian.org wrote: I'm currently wondering why #598135 is RC. Would someone care to explain what I'm missing? :) Causes data loss. I am working on a new package with this fix and the changes stuck in 2.5.2-2 because of libdb5. -- ciao, Marco signature.asc Description: Digital signature
please unblock whois 5.0.10
whois (5.0.10) unstable; urgency=medium * Added new IPv4 allocations. -- Marco d'Itri m...@linux.it Tue, 30 Nov 2010 23:51:59 +0100 whois (5.0.9) unstable; urgency=low * Added new IPv4 allocations. -- Marco d'Itri m...@linux.it Sun, 12 Nov 2010 22:24:42 +0100 -- ciao, Marco signature.asc Description: Digital signature
Re: Further udev uploads?
On Nov 19, Christian PERRIER bubu...@debian.org wrote: So, are there plans to have the needed fixes in squeeze, avoid this regression and, as a side effect, get Updated one or more debconf translations. (Closes: #601182) in squeeze? I always have a plan. :-) -- ciao, Marco signature.asc Description: Digital signature
please unblock libberkeleydb-perl 0.42-1~squeeze1
0.42-1 has been stuck in unstable since february. libberkeleydb-perl (0.42-1~squeeze1) testing-proposed-updates; urgency=medium * Package rebuilt for squeeze with libdb 4.8 since libdb 5.0 has not migrated to testing in time. -- Marco d'Itri m...@linux.it Sat, 23 Oct 2010 01:32:16 +0200 -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101106232749.ga1...@bongo.bofh.it
Re: Further udev uploads?
On Nov 01, Christian PERRIER bubu...@debian.org wrote: May I ask you what are your plans about futher uploads of udev? Uploads with new translations and bug fixes will continue as usual. I have been away a few days, I will upload 164-2 soon. -- ciao, Marco signature.asc Description: Digital signature
please unblock whois 5.0.8
whois (5.0.8) unstable; urgency=medium * Added the .xn--fzc2c9e2c (.ලංකා, Sri Lanka, Sinhala), .xn--mgbayh7gpa (.الاردن, Jordan) and .xn--pgbs0dh (.تونس, Tunisia) domains. * Added the .xn--o3cw4h (.ไทย, Thailand) and .xn--ygbi2ammx (.فلسطين, Palestinian Territory) TLD servers. * Updated the .bd and .ps TLD servers. * Removed the .lk TLD server. -- Marco d'Itri m...@linux.it Wed, 06 Oct 2010 17:57:40 +0200 -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101018102440.ga16...@bongo.bofh.it
Re: please unblock openbsd-inetd 0.20080125-5
On Aug 23, Adam D. Barratt a...@adam-barratt.org.uk wrote: * Added --oknodo to the init script. (Closes: #592582) The package doesn't appear to contain any changes to the init script: Oops... 0.20080125-6 is now ready for testing. -- ciao, Marco signature.asc Description: Digital signature
please unblock openbsd-inetd 0.20080125-5
openbsd-inetd (0.20080125-5) unstable; urgency=medium * Added --oknodo to the init script. (Closes: #592582) -- Marco d'Itri m...@linux.it Mon, 16 Aug 2010 21:33:09 +0200 -- ciao, Marco signature.asc Description: Digital signature
please unblock whois 5.0.7
whois (5.0.7) unstable; urgency=medium * Added new IPv4 allocations. * Added the .xn--j6w193g (.香港, Hong Kong), .xn--kprw13d (.台湾, Taiwan) and .xn--kpry57d (.台灣, Taiwan) TLD servers. * Updated the .bd, .bo, .cm, .co, .cu, .dz, .gr, .hk, .lb, .ni, .rw, .tw and .tz TLD servers. -- Marco d'Itri m...@linux.it Mon, 09 Aug 2010 00:58:21 +0200 -- ciao, Marco signature.asc Description: Digital signature
Re: libdb5, mips and squeeze
On Aug 13, Clint Adams sch...@debian.org wrote: Inasmuch as three months ago there was no reason to believe that mips would still be suffering from all kinds of toolchain breakage, I suppose. I still have seen no answers from the MIPS porters. Is there anybody home? -- ciao, Marco signature.asc Description: Digital signature
libdb5, mips and squeeze
libdb5 has been failing to build on mips and mipsel for over 5 weeks, and apparently nobody cares. I have multiple packages linked to it which have not been able to move to testing, should I rebuild them for tpu or can I expect this to be solved in a reasonable timeframe? -- ciao, Marco signature.asc Description: Digital signature
Re: libdb5, mips and squeeze
On Aug 12, Julien Cristau jcris...@debian.org wrote: Is there a particular reason for not using the default (4.8) libdb version for those 2 packages? They're the only reverse-depends of db5.0 in the archive afaict. Not really, but was there a particular reason for not using the latest release of the library? Three months ago there was no reason to believe that it would not be releasable. -- ciao, Marco signature.asc Description: Digital signature
please hint udev
It will also fix the symptoms of #586404. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100806140418.gb20...@bongo.bofh.it
Re: lxc linux image flavour
On Jan 24, maximilian attems m...@stro.at wrote: the plan as decided in Portland was to go forward with openvz if upstream provides us with a patch in time. as currently this looks quite bad (latest available patch is for 2.6.27, there is no sign of a patch for 2.6.32, nor any schedule like it happened to be for Lenny). I expect that it will be released after the first beta of RHEL 6. On the negative side it doesn't have yet checkpointing support and not all net/ has netns support yet. It's not just that, AFAIK there is no match for many of the user_beancounters features (especially the accounting part) and e.g. lack of the equivalent of vzctl enter is a critical issue for my applications. While I am happy to see better support for lxc in Debian, it does not look like an openvz replacement yet. -- ciao, Marco signature.asc Description: Digital signature
RM: inn2-lfs/testing [kfreebsd-amd64 kfreebsd-i386] -- NBS; not built anymore on kfreebsd-*
The packages was built by mistake by precedent releases but it is only needed on old 32 bit architectures. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#546365: What about uploading pmount to stable ?
On Oct 13, Philipp Kern pk...@debian.org wrote: Were those deprecated sysfs features dropped from the kernel or could they still be activated even on newer ones, although they are disabled by default? This would probably break udev. -- ciao, Marco signature.asc Description: Digital signature
Re: [Lenny,regression] Bug#524505: qcontrol: no longer works with udev in lenny
On Sep 08, Frans Pop elen...@planet.nl wrote: - upload a new version of qcontrol to follow udev Probably the simplest option. I strongly doubt there are any other users of the persistent device name. Probably the best solution, since I just backported an upstream bug fix (that name with a missing component was broken and should not have been used in the first place). -- ciao, Marco signature.asc Description: Digital signature
Re: [Lenny,regression] Bug#524505: qcontrol: no longer works with udev in lenny
On Sep 08, Frans Pop elen...@planet.nl wrote: Especially when you know (well, assuming perfect memory ;-) that the device name in question is being used and changing it is known to break another package. I'll happily assume that you did simply forget or overlooked that fact when preparing the upload, but it would still be nice if you could keep this in mind for future stable udev updates. I did not notice that the name changed, and probably the upstream maintainer assumed that nobody was using these names anyway. Indeed, my plan was to only add new names in that update. -- ciao, Marco signature.asc Description: Digital signature
Re: Future of the s390 port
On Aug 31, Bastian Blank wa...@debian.org wrote: I doubt that I would be able to push this port through another release in the current state. The consequence would by that the port dies completely and with it the only free and released distribution for this machines. Is this really an important problem? Does a significant number of people actually use Debian/s390 on production servers? And if they exist, why they are not helping? -- ciao, Marco signature.asc Description: Digital signature