Bug#658829: transition: db5.3
On Wed, Jun 4, 2014, at 19:19, Emilio Pozuelo Monfort wrote: Control: reopen -1 On 04/06/14 19:07, Emilio Pozuelo Monfort wrote: This seems to be long done, so I'm closing this bug. Let me know if I missed something and this should be kept open. My bad, libdb5.1 is still in testing. Sorry for the noise. Maybe we can remove clisp and xindy from testing for a moment? This will only break the texlive-full and can be easily fixed by removing xindy from Depends. Norbert, can you do that for us to finish db5.1 to db5.3 transition? O. -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401973147.16384.125504233.2ed32...@webmail.messagingengine.com
Bug#745603: transition: php5
Hi Emilio, On Tue, May 27, 2014, at 22:22, Emilio Pozuelo Monfort wrote: Control: tags 745603 + confirmed On 27/05/14 16:22, Ondřej Surý wrote: Hey again, I have uploaded php-mysql-ms and xcache with PHP 5.6 support to experimental, and that resolved the rest of the blocking bugs, so I think we are good to go and upload. From a quick glance I don't see any clashing transition, so that's also good, right? Could you please ack? I see that #745602 is still open. I assume you will fix that and it shouldn't cause any delays? Everything else looks good and the clashes (vtk6 and ruby2.0-rm) shouldn't cause any problems, so please go ahead. Let me know when binnmus are needed. the transition is complete. Thank you for the cooperation, this was my smoothest transition ever :) Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401812178.18376.124711689.0b996...@webmail.messagingengine.com
Bug#745603: transition: php5
Hey, I think that php-apcu and libkolab had minimal changes, so they are good to go. I can't say anything about redland-bindings since there was a new upstream version upload, so I would rather be cautious. On the otherhand the popcon numbers are quite low: http://qa.debian.org/popcon.php?package=redland-bindings so not much harm would be done anyway. It's your call after all. Ondrej On Tue, Jun 3, 2014, at 21:02, Emilio Pozuelo Monfort wrote: On 03/06/14 18:16, Ondřej Surý wrote: the transition is complete. Thank you for the cooperation, this was my smoothest transition ever :) Hey, no problem :) However this isn't complete until it migrates to testing (though as you say we're almost there!). php-apcu, redland-bindings and libkolab are not valid candidates yet as they're not old enough. I can age them so they are ready sooner. What do you think? Cheers, Emilio -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401827697.531.124809949.7c74e...@webmail.messagingengine.com
Bug#749497: pu: package php5/5.4.4-14+deb7u11
JFTR we have released deb7u10 with some security fixes meanwhile, so this is deb7u11 now - no changes, just rebased the debian/patches on top of the deb7u10. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401829256.10194.124820797.60b37...@webmail.messagingengine.com
Bug#736492: pu: package cyrus-imapd-2.4/2.4.16-4+deb7u2
Thanks, fixed the changelog and uploaded it to ftp-master. Ondrej On Tue, Jun 3, 2014, at 23:12, Adam D. Barratt wrote: Control: tags -1 + confirmed On Sun, 2014-06-01 at 23:18 +0200, Ondřej Surý wrote: On Tue, Mar 11, 2014, at 23:43, Adam D. Barratt wrote: On Fri, 2014-01-24 at 10:27 +0100, Ondřej Surý wrote: [...] * Fix missing GUID for binary appends (Closes: #709799) * Apply upstream fix to unbroke nntpd (Closes: #734648) As far as I can see, based on the bug reports and looking at the code, both of these issues affect the package in unstable and are not yet fixed there. If that's correct, please come back to us once the fixes are in the archive; otherwise, please clarify the situation. The package with fixes has now migrated from unstable to testing, so I think we are good to go. Thanks for the update. -cyrus-imapd-2.4 (2.4.16-4+deb7u1) wheezy; urgency=high +cyrus-imapd-2.4 (2.4.16-4+deb7u2) stable; urgency=low [...] +cyrus-imapd-2.4 (2.4.16-4+deb7u1) stable; urgency=low That change looks unintentional. Other than that, please go ahead. Regards, Adam -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401832801.27209.124839921.5c32a...@webmail.messagingengine.com
Bug#745603: transition: php5
Skipped DELAYED/0 since it would be triggered since yesterday anyway. $ dput -f ftp-master libkolab_0.4.2-7.2_amd64.changes Checking signature on .changes gpg: Signature made 2014-06-01T23:41:53 CEST using RSA key ID F4FCBB07 gpg: Good signature from Ondřej Surý ond...@sury.org gpg: aka Ondřej Surý ond...@debian.org gpg: aka [jpeg image of size 3934] Good signature on /home/ondrej/Projects/pkg-php/tmp/build-area/libkolab_0.4.2-7.2_amd64.changes. Checking signature on .dsc gpg: Signature made 2014-06-01T23:41:50 CEST using RSA key ID F4FCBB07 gpg: Good signature from Ondřej Surý ond...@sury.org gpg: aka Ondřej Surý ond...@debian.org gpg: aka [jpeg image of size 3934] Good signature on /home/ondrej/Projects/pkg-php/tmp/build-area/libkolab_0.4.2-7.2.dsc. Uploading to ftp-master (via ftp to ftp-master.debian.org): Uploading libkolab0_0.4.2-7.2_amd64.deb: done. Uploading php-kolab_0.4.2-7.2_amd64.deb: done. Uploading python-kolab_0.4.2-7.2_amd64.deb: done. Uploading libkolab-dev_0.4.2-7.2_amd64.deb: done. Uploading libkolab_0.4.2-7.2.dsc: done. Uploading libkolab_0.4.2-7.2.debian.tar.xz: done. Uploading libkolab_0.4.2-7.2_amd64.changes: done. Successfully uploaded packages. O. On Mon, Jun 2, 2014, at 13:44, Emilio Pozuelo Monfort wrote: On 01/06/14 23:29, Ondřej Surý wrote: On Sat, May 31, 2014, at 12:09, Emilio Pozuelo Monfort wrote: On 31/05/14 01:21, Emilio Pozuelo Monfort wrote: Scheduled level 1, with a dep-wait for mips and sparc. Note that libkolab FTBFS, so I didn't schedule that one. See #747808. So far these are failing: libkolab, as said earlier, php-apcu xcache Can you take a look? php-apcu and xcache is fixed, I am working on libkolab, the fix looks simple enough. I will upload it to DELAYED/2, feel free to bump the days to /0 if you need it for cross-transitions. I see no reason not to upload to DELAYED/0. The maintainer seems inactive and the upload is minimal and fixes a RC bug that is blocking a transition. Can you move it? I don't know if I can do it for you, unless I make a new upload... Thanks, Emilio -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401723657.14087.124234385.7b21b...@webmail.messagingengine.com
Autoremovals wrong on alternatives (Fwd: cyrus-imapd-2.4 is marked for autoremoval from testing)
Hi, the cyrus-common-2.4 depends on: ssmtp | mail-transport-agent but even though non-RC-buggy alternative exists the packages is still marked for autoremoval. Could this be improved, please? Cheers, Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server - Original message - From: Debian testing autoremoval watch nore...@release.debian.org To: cyrus-imapd-...@packages.debian.org Subject: cyrus-imapd-2.4 is marked for autoremoval from testing Date: Sat, 31 May 2014 04:39:12 + cyrus-imapd-2.4 2.4.17+caldav~beta9-5 is marked for autoremoval from testing on 2014-06-20 It (build-)depends on packages with these RC bugs: 584162: ssmtp: Partial loss of message body, sending message to wrong recipicients ___ Pkg-Cyrus-imapd-Debian-devel mailing list pkg-cyrus-imapd-debian-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401657337.10986.123942245.3777e...@webmail.messagingengine.com
Bug#736492: pu: package cyrus-imapd-2.4/2.4.16-4+deb7u2
Hi Adam and release team, On Tue, Mar 11, 2014, at 23:43, Adam D. Barratt wrote: Control: tags -1 + moreinfo On Fri, 2014-01-24 at 10:27 +0100, Ondřej Surý wrote: I have prepared an updated for the cyrus-imapd-2.4 package in wheezy: Apologies for the delay in getting back to you about this. Changelog * Fix missing GUID for binary appends (Closes: #709799) * Apply upstream fix to unbroke nntpd (Closes: #734648) As far as I can see, based on the bug reports and looking at the code, both of these issues affect the package in unstable and are not yet fixed there. If that's correct, please come back to us once the fixes are in the archive; otherwise, please clarify the situation. The package with fixes has now migrated from unstable to testing, so I think we are good to go. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401657537.11744.123943257.5fc25...@webmail.messagingengine.com
Bug#745603: transition: php5
On Sat, May 31, 2014, at 12:09, Emilio Pozuelo Monfort wrote: On 31/05/14 01:21, Emilio Pozuelo Monfort wrote: Scheduled level 1, with a dep-wait for mips and sparc. Note that libkolab FTBFS, so I didn't schedule that one. See #747808. So far these are failing: libkolab, as said earlier, php-apcu xcache Can you take a look? php-apcu and xcache is fixed, I am working on libkolab, the fix looks simple enough. I will upload it to DELAYED/2, feel free to bump the days to /0 if you need it for cross-transitions. O. -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401658192.14356.123945937.3e548...@webmail.messagingengine.com
Re: Autoremovals wrong on alternatives (Fwd: cyrus-imapd-2.4 is marked for autoremoval from testing)
On Sun, Jun 1, 2014, at 23:33, Julien Cristau wrote: On Sun, Jun 1, 2014 at 23:15:37 +0200, Ondřej Surý wrote: Hi, the cyrus-common-2.4 depends on: ssmtp | mail-transport-agent but even though non-RC-buggy alternative exists the packages is still marked for autoremoval. Could this be improved, please? I don't think it should. Okay. the way to depend on a MTA is 'default-mta | mail-transport-agent', or 'exim4 | mail-transport-agent'. 'ssmtp | mail-transport-agent' is just wrong, IMO. The fix is already on the way. Personally I don't even remember how 'ssmtp' got there, it might be there from before I become maintainer. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401658847.16597.123947325.21dc7...@webmail.messagingengine.com
Bug#745603: transition: php5
Hi Emilio, On Tue, May 27, 2014, at 22:22, Emilio Pozuelo Monfort wrote: Control: tags 745603 + confirmed On 27/05/14 16:22, Ondřej Surý wrote: Hey again, I have uploaded php-mysql-ms and xcache with PHP 5.6 support to experimental, and that resolved the rest of the blocking bugs, so I think we are good to go and upload. From a quick glance I don't see any clashing transition, so that's also good, right? Could you please ack? I see that #745602 is still open. I assume you will fix that and it shouldn't cause any delays? Just messed upload (-2 instead of -1), fixed now. Everything else looks good and the clashes (vtk6 and ruby2.0-rm) shouldn't cause any problems, so please go ahead. Uploaded, thanks for the ack. Let me know when binnmus are needed. mips+mipsel are still not up-to-date and sparc has missing build-deps, so I guess the binNMUs should be scheduled when at least mips(el) will catch up. Or if you can schedule binNMUs and exclude mips,mipsel,sparc then please go ahead with binNMUs, so the unstable is not broken for long enough. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401367105.1555.122863073.5be39...@webmail.messagingengine.com
Bug#745603: transition: php5
Hey again, I have uploaded php-mysql-ms and xcache with PHP 5.6 support to experimental, and that resolved the rest of the blocking bugs, so I think we are good to go and upload. From a quick glance I don't see any clashing transition, so that's also good, right? Could you please ack? Thank you, Ondrej On Mon, May 5, 2014, at 10:15, Ondřej Surý wrote: Hi release team, PHP 5.6.0 got into the beta(2) stage so we would like to go ahead and upload it into unstable, so we have a plenty of time to sort all unforeseen bugs before freeze, etc. 745599: src:libkolabxml: FTBFS with undefined reference to symbol '_ZTVN5boost6detail16thread_data_baseE' NMU from Evgeni Golov in DELAYED/10 (2 days remaining) 745598: src:libkolab: FTBFS in dh_python2 (missing Build-Conflicts?) NMU from Evgeni Golov in DELAYED/10 (2 days remaining) 745602: src:php-mysqlnd-ms: FTBFS with PHP 5.6 Leaf package with PHP team as maintainer, so we will sort it out internally... 745601: src:xcache: FTBFS with PHP 5.6 Not in testing due different RC bug. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401200567.25693.122009533.1fc80...@webmail.messagingengine.com
Bug#745603: transition: php5
Hi release team, PHP 5.6.0 got into the beta(2) stage so we would like to go ahead and upload it into unstable, so we have a plenty of time to sort all unforeseen bugs before freeze, etc. 745599: src:libkolabxml: FTBFS with undefined reference to symbol '_ZTVN5boost6detail16thread_data_baseE' NMU from Evgeni Golov in DELAYED/10 (2 days remaining) 745598: src:libkolab: FTBFS in dh_python2 (missing Build-Conflicts?) NMU from Evgeni Golov in DELAYED/10 (2 days remaining) 745602: src:php-mysqlnd-ms: FTBFS with PHP 5.6 Leaf package with PHP team as maintainer, so we will sort it out internally... 745601: src:xcache: FTBFS with PHP 5.6 Not in testing due different RC bug. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1399277736.14798.113696533.730ab...@webmail.messagingengine.com
Bug#745603: transition: php5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi release team, the PHP 5.6 hit beta1, so we would like to start to plan the transition from PHP 5.5 (PHPAPI 20121212) to PHP 5.6 (PHPAPI 20131226). We already have the php5 (5.6.x) packages in experimental and from the past experience there should not be any big hiccups this time since we now have a slighly better supporting infrastructure for php (dh_php5). List of affected packages together with status: exactimage OK ffmpeg-php #694143 (UNRELATED) gdcm OK graphviz OK lasso OK libexpect-php5 OK libkolab #745598 (UNRELATED) libkolabxml #745599 (UNRELATED) libpuzzle OK mapserver #745600 ming OK owfs OK php-adodb OK php-apcu OK php-gearman OK php-geoip OK php-gnupg OK php-horde-lz4 OK php-igbinary OK php-imagick OK php-imlib OK php-json OK php-memcache OK php-memcached OK php-mongo OK php-msgpack OK php-mysqlnd-ms #745602 php-oauth OK php-pecl-http OK php-pinba OK php-propro OK php-ps OK php-radius OK php-raphf OK php-redis OK php-rrd OK php-sasl OK php-solr OK php-ssh2 OK php-stomp OK php-svn OK php-tokyo-tyrant OK php-zmq OK php5-midgard2 OK redland-bindings OK remctl OK tarantool-php OK uwsgi OK wikidiff2 OK xcache #745601 xdebug OK xhprof OK zeroc-ice OK There are only three packages (and two of them under PHP PECL team umbrella) failing with new PHP 5.6, so we are quite safe, and PHP 5.6 might be uploaded into unstable almost immediately. We not in a hurry since the PHP 5.6 is in beta now, so plan the transition on your convenience. On the other hand, if you find a time slot that's convenient for you we don't really need to wait for PHP 5.6 RC to upload to unstable. Ben file: title = php5; is_affected = .depends ~ /phpapi-20121212.*/ | .depends ~ /phpapi-20131226.*/; is_good = .depends ~ /phpapi-20131226.*/; is_bad = .depends ~ /phpapi-20121212.*/; - -- System Information: Debian Release: 7.4 APT prefers stable APT policy: (900, 'stable'), (800, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJTV3czAAoJEAyZtw70/LsHM1cP/39Jy98POrvTNJOqoNZv3Tmr 5aR4/pomWakFUu1JPB6pYcAjf5/K5tIcwgsBhntME5Iuh4kLlH2WbwnzTahkTvYy aQwNy46dFmMiH+fjSI6fsmi7RiZaAB9iwutZFIC0yqUERNnCgNjvNGDLLh0RE9zX F5DdzZYcJvKw029E7SEV6IHAra3RVO/7oH454k2lLbV5qNBzE0zfwI/4Mm3GSdaI jMSjeYiZgakRPAQuBo79db7BI1Si0mUpdTgYBoWyOQPYqYSyIChP0xdVvnT+4T9W C78S4T6Jx6CPQnJyBZK8FggEQvcvqthVAWho+K08lUeK3+fwgnSn8U2uePhx52PE VncL3FdH5huR6nlxGKGY2XpHlNz6yX992ZMhSEKP8qtToGfJ7XvYGOAFgassx21o +LuiYeSzjc69wlvVFpyFoAt1U9NFPx67tUoYzVj7ba+vUTJiIP9h8Ljs0W/wJ2Kk bCcw8r9BjOCumUYVjIV16zF7PnIOlD+Zv75lN8QlZNP3ZBI+Zs62c7FCXSCGh59O 72NmbSUoPVMs32iViyl6XMBANuJjiPE2sl5seX1sUr/vYydCbnIl2XLjl+O7Ioma nfL0yP/yUVClPRqLFFDjWysJIFT0Qyo+VGqu/YO6LYGvpfGl4Q3lGZAi+SY42G3b ZBL77/Cx5qq7h6eI54xH =nuni -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140423081757.11982.82016.report...@howl.nic.cz
Bug#706895: transition: db5.3
Hi, could you please rename the transition tracker from db6.0 to db5.3? The db5.1 to db6.0 transition won't happen due to the relicensing to AGPLv3 that happened in db 6.0.x (and finally applied to the upstream package in 6.0.20). And could we talk about the schedule of this transition? Seems like this will be last Berkeley DB transition ever :). O. -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1382878594.3414.39260641.5f90d...@webmail.messagingengine.com
Bug#727007: pu: package nsd3/3.2.12-3+deb7u1
Hi Niels, nsd3 3.2.16-3 has now migrated in the testing and thus there's nothing preventing to fix the bug in the stable as well, right? O. On Tue, Oct 22, 2013, at 9:11, Niels Thykier wrote: On 2013-10-21 15:03, Ondřej Surý wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Hi, this is really simple bugfix adding $network to Required-Start to /etc/init.d/nsd3 since the daemon needs the network interfaces to be up. $ diffstat nsd3_3.2.12-3+deb7u1.debdiff changelog |6 ++ gbp.conf |4 ++-- init |2 +- 3 files changed, 9 insertions(+), 3 deletions(-) O. [...] Hi, Thanks for working on fixing bugs in stable. The bug in question (#694930) is still marked as affecting unstable and testing. We would like the bug to be fixed in unstable before accepting the changes in stable. If the bug is already fixed in the unstable version, please close the bug with the version that contained the fix[1]. If the bug does not apply to the unstable version for other reasons, then please add the wheezy tag to the bug. ~Niels [1] The following template might be useful: To: 694930-d...@bugs.debian.org Subject: Already fixed in sid Version: version here ... message to the submitter ... -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1382892747.27882.39348413.22761...@webmail.messagingengine.com
Bug#727007: pu: package nsd3/3.2.12-3+deb7u1
Hi Niels, I have prepared nsd_4.0.0~rc2-2 that will replace nsd3 in unstable and os waiting in NEW thus it seems to be a little pointless to update nsd3, but I can do that if you think it would be better. O. -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server On 22. 10. 2013, at 10:11, Niels Thykier ni...@thykier.net wrote: On 2013-10-21 15:03, Ondřej Surý wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Hi, this is really simple bugfix adding $network to Required-Start to /etc/init.d/nsd3 since the daemon needs the network interfaces to be up. $ diffstat nsd3_3.2.12-3+deb7u1.debdiff changelog |6 ++ gbp.conf |4 ++-- init |2 +- 3 files changed, 9 insertions(+), 3 deletions(-) O. [...] Hi, Thanks for working on fixing bugs in stable. The bug in question (#694930) is still marked as affecting unstable and testing. We would like the bug to be fixed in unstable before accepting the changes in stable. If the bug is already fixed in the unstable version, please close the bug with the version that contained the fix[1]. If the bug does not apply to the unstable version for other reasons, then please add the wheezy tag to the bug. ~Niels [1] The following template might be useful: To: 694930-d...@bugs.debian.org Subject: Already fixed in sid Version: version here ... message to the submitter ...
Bug#727007: pu: package nsd3/3.2.12-3+deb7u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, this is really simple bugfix adding $network to Required-Start to /etc/init.d/nsd3 since the daemon needs the network interfaces to be up. $ diffstat nsd3_3.2.12-3+deb7u1.debdiff changelog |6 ++ gbp.conf |4 ++-- init |2 +- 3 files changed, 9 insertions(+), 3 deletions(-) O. - -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlJlJicACgkQ9OZqfMIN8nN7lwCff+A64txAWaYiHX3jPUIvQ+ur +Z8An3f06o+8yXEqmEAQlMUPGaaG3JBR =XdIs -END PGP SIGNATURE- diff -Nru nsd3-3.2.12/debian/changelog nsd3-3.2.12/debian/changelog --- nsd3-3.2.12/debian/changelog 2013-02-19 13:23:22.0 +0100 +++ nsd3-3.2.12/debian/changelog 2013-10-21 14:50:15.0 +0200 @@ -1,3 +1,9 @@ +nsd3 (3.2.12-3+deb7u1) unstable; urgency=low + + * Add $network to Required-Start (Closes: #694930) + + -- Ondřej Surý ond...@debian.org Mon, 21 Oct 2013 14:49:55 +0200 + nsd3 (3.2.12-3) unstable; urgency=low * Cleanup autoreconf -fi stuff in dh_auto_clean target diff -Nru nsd3-3.2.12/debian/gbp.conf nsd3-3.2.12/debian/gbp.conf --- nsd3-3.2.12/debian/gbp.conf 2013-02-19 13:23:22.0 +0100 +++ nsd3-3.2.12/debian/gbp.conf 2013-10-21 14:50:15.0 +0200 @@ -1,5 +1,5 @@ [DEFAULT] -debian-branch = debian-sid +debian-branch = debian-wheezy debian-tag = debian/%(version)s pristine-tar = True -upstream-branch = upstream-sid +upstream-branch = upstream-wheezy diff -Nru nsd3-3.2.12/debian/init nsd3-3.2.12/debian/init --- nsd3-3.2.12/debian/init 2013-02-19 13:23:22.0 +0100 +++ nsd3-3.2.12/debian/init 2013-10-21 14:50:15.0 +0200 @@ -1,7 +1,7 @@ #!/bin/sh -e ### BEGIN INIT INFO # Provides: nsd3 -# Required-Start:$syslog $remote_fs +# Required-Start:$syslog $remote_fs $network # Required-Stop: $syslog $remote_fs # Should-Start: $local_fs # Should-Stop: $local_fs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 21 Oct 2013 14:49:55 +0200 Source: nsd3 Binary: nsd3 nsd Architecture: source amd64 all Version: 3.2.12-3+deb7u1 Distribution: stable Urgency: low Maintainer: Ondřej Surý ond...@debian.org Changed-By: Ondřej Surý ond...@debian.org Description: nsd- authoritative name domain server (transitional package) nsd3 - authoritative domain name server (3.x series) Closes: 694930 Changes: nsd3 (3.2.12-3+deb7u1) unstable; urgency=low . * Add $network to Required-Start (Closes: #694930) Checksums-Sha1: 92011b3f853e6dd32a955468d9fc7557e9eb61e5 1293 nsd3_3.2.12-3+deb7u1.dsc 5eb876888eb4968609813d3165fa871bae4604fb 33167 nsd3_3.2.12-3+deb7u1.debian.tar.gz 2a2b9120a07035d83ee48955996537a082beb871 995230 nsd3_3.2.12-3+deb7u1_amd64.deb 8d16c566cfe5c8a598db367a1e7bc621563e5bc6 40766 nsd_3.2.12-3+deb7u1_all.deb Checksums-Sha256: 87a3d21a5c48892718ca90c47f1d54450fca5df00605fcc5f3c8b5c0f6673c98 1293 nsd3_3.2.12-3+deb7u1.dsc 5e791b1cb2e3154df16c4edabe6711367f064e4d4cc2d4671b9c1c74ddb15c56 33167 nsd3_3.2.12-3+deb7u1.debian.tar.gz 06e6fdf6c42086ebee46218e18c35fda9b9d655e066a6641d66f8193d118d50a 995230 nsd3_3.2.12-3+deb7u1_amd64.deb f335606beb56ffa4d56c5f3b40a224d7c69c2a2b2aa1b75d8c473b64a9293e04 40766 nsd_3.2.12-3+deb7u1_all.deb Files: 7a44396fee635f4d51ed06ea72d16295 1293 net extra nsd3_3.2.12-3+deb7u1.dsc 14cd21eec55323934dc204363757033a 33167 net extra nsd3_3.2.12-3+deb7u1.debian.tar.gz 825dd2cbd2bada3b1a93f043e70769f2 995230 net extra nsd3_3.2.12-3+deb7u1_amd64.deb a1d0c0682866477ad8f6c152b6d18fc0 40766 oldlibs extra nsd_3.2.12-3+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlJlJYQACgkQ9OZqfMIN8nPFYACdFqfSoZ1fxG77FctwEMd1lGEM DkoAn04myjWGzNsvNQuhAuuuLHRAqBMw =Bxl9 -END PGP SIGNATURE- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 3.0 (quilt) Source: nsd3 Binary: nsd3, nsd Architecture: any all Version: 3.2.12-3+deb7u1 Maintainer: Ondřej Surý ond...@debian.org Homepage: http://www.nlnetlabs.nl/nsd/ Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/nsd3.git Vcs-Git: git://git.debian.org/pkg-nlnetlabs/nsd3.git Build-Depends: debhelper (= 7.0.50~), dpkg-dev (= 1.16.1.1~), autoconf, automake, autotools-dev, bison, flex, libssl-dev Package-List: nsd deb oldlibs extra nsd3 deb net extra Checksums-Sha1: dd8606a05525f6a493dfacb7ddfa7e1fa3c6a85b 889490 nsd3_3.2.12.orig.tar.gz 5eb876888eb4968609813d3165fa871bae4604fb 33167 nsd3_3.2.12-3+deb7u1.debian.tar.gz Checksums-Sha256: 73d78e3de88efdf5ebb0106fe3580cb887f5d2adc9ab147d15cf835de7de508e 889490 nsd3_3.2.12.orig.tar.gz
Bug#725246: pu: package php5/5.4.4-14+deb7u5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Hi release team, this is yet another round of php5 stable updates, and it introduces for three fixes for crashes, memory corruptions when using traits and one fix for annoying warning when using sessions. * Fix zend_mm_heap corrupted when using traits (Closes: #719507) * Fix inheritance with Traits failing with error (Closes: #721127) * Fix segfault when using traits a lot (Closes: #721336) * Don't reset mod_user_is_open in destroy (Closes: #72) + Removes an annoying warning when using sessions Full description from our git changelog with references to upstream bugs: commit b0601db355914872ea4a8d2dd36bda603e20850c Author: William Dauchy will...@gandi.net Date: Tue Sep 10 20:14:22 2013 +0200 upstream fix: Don't reset mod_user_is_open in destroy 6566ea6 Fix #63379 - Don't reset mod_user_is_open in destroy It removes an annoying warning when using session_regenerate_id with a SessionHandler PHP Warning: Unknown: Parent session handler is not open in Unknown on line 0 Closes: #72 commit d04ff04b801bb1b4c15f558e3f9634bde0013c19 Author: William Dauchy will...@gandi.net Date: Tue Oct 1 15:27:18 2013 +0200 upstream fix: Segfault when using traits a lot 6d1bebf Fixed bug #62358 (Segfault when using traits a lot) d39aa98 Refix #62358, previous has side-affect 6c0508f Fixed bug #62907 (Double free when use traits) Closes: #721336 commit 8d1ba951d046f5ea25f37377700b978c276a11c3 Author: William Dauchy will...@gandi.net Date: Tue Sep 10 20:08:36 2013 +0200 upstream fix: Inheritance with Traits failed with error 42437dd Fixed bug #64070 (Inheritance with Traits failed with error) Closes: #721127 commit 6987eb272ea3fdf438362eb452a346d4e449aa0e Author: William Dauchy will...@gandi.net Date: Tue Sep 10 20:04:56 2013 +0200 upstream fix: zend_mm_heap corrupted with traits 74228c5: Fixed bug #63305 (zend_mm_heap corrupted with traits) Closes: #719507 The patches are small, contained to the area where there's the fix and were pulled directly from upstream git. diffstat: $ diffstat php5_5.4.4-14+deb7u5.debdiff debian/patches/Dont-reset-mod_user_is_open-in-destroy.patch| 146 + debian/patches/Inheritance-with-Traits-failed-with-error.patch | 102 ++ debian/patches/Segfault-when-using-traits-a-lot.patch | 159 ++ debian/patches/zend_mm_heap-corrupted-with-traits.patch| 84 + php5-5.4.4/debian/changelog| 15 php5-5.4.4/debian/control |3 php5-5.4.4/debian/patches/series |4 7 files changed, 512 insertions(+), 1 deletion(-) Full debdiff attached to this email. Kudos go to William, who have prepared this update. Thanks, Ondrej diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,18 @@ +php5 (5.4.4-14+deb7u5) stable; urgency=low + + [ William Dauchy ] + * Fix zend_mm_heap corrupted when using traits (Closes: #719507) + * Fix inheritance with Traits failing with error (Closes: #721127) + * Fix segfault when using traits a lot (Closes: #721336) + * Don't reset mod_user_is_open in destroy (Closes: #72) ++ Removes an annoying warning when using sessions + * Add myself to maintainers + + [ OndÅej Surý ] + * Upload to stable-proposed-updates + + -- OndÅej Surý ond...@debian.org Wed, 02 Oct 2013 12:47:02 +0200 + php5 (5.4.4-14+deb7u4) stable; urgency=low * [CVE-2013-4248]: Fix handling of certs with NULL bytes (Closes: #719765) diff -u php5-5.4.4/debian/control php5-5.4.4/debian/control --- php5-5.4.4/debian/control +++ php5-5.4.4/debian/control @@ -5,7 +5,8 @@ Uploaders: OndÅej Surý ond...@debian.org, Sean Finney sean...@debian.org, Thijs Kinkhorst th...@debian.org, - Lior Kaplan kap...@debian.org + Lior Kaplan kap...@debian.org, + William Dauchy wdau...@gmail.com Build-Depends: apache2-prefork-dev, autoconf (= 2.63), automake (= 1.11) | automake1.11, diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -89,0 +90,4 @@ +zend_mm_heap-corrupted-with-traits.patch +Inheritance-with-Traits-failed-with-error.patch +Segfault-when-using-traits-a-lot.patch +Dont-reset-mod_user_is_open-in-destroy.patch only in patch2: unchanged: --- php5-5.4.4.orig/debian/patches/zend_mm_heap-corrupted-with-traits.patch +++ php5-5.4.4/debian/patches/zend_mm_heap-corrupted-with-traits.patch @@ -0,0 +1,84 @@ +commit 74228c515197c8a3bda878a077d30c9b14482eb2 +Author: Xinchen Hui larue...@php.net +Date: Tue Oct 23 11:34:25 2012 +0800 +
Re: automake transition breakages
Hi Eric, On Mon, Sep 30, 2013, at 4:50, Eric Dorland wrote: * Ondřej Surý (ond...@sury.org) wrote: Hi, recent automake transition to 1.14 broke (FTBFS) at least two of my packages. Would it be possible to coordinate the (next) transition better than uploaddeal with breakages like we do with the rest of our packages? Did the transition from automake 1.13 to automake 1.14 cause your package to FTBFS? Can you point me at logs because that's not supposed to happen under the new versioning scheme upstream is following (ie 1.X versions should now be backwards compatible). If you were going from an earlier version to 1.14 (or 1.13) I have seen a few reports of problems with unit test framework. I have seen these two breakages (so far): libgd2: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724841 gyrus: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724917 both packages has been successfully built in wheezy (gyrus) or jessie (libgd2). Right now the automake package is always tracking the latest upstream version and new versions sometimes break things. If you're worried about that kind of breakage then build depending on a specific version of automake might be a better bet. If people don't like this current scheme we can discuss if the current scheme is a bad idea. I am not worried about the scheme, but about the process. I don't know if this was an one time fling, or it will happen more frequently, but if the updates starts breaking things more often then uploading the new automake version to experimental and then trying to rebuild (at least part of) the archive, or adding an lintian checks, etc. would be a good way how to improve the process. But maybe I am just an exception to the rule with my two out of ~80 packages breaking. Ondrej -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1380532166.5916.28054821.3053b...@webmail.messagingengine.com
automake transition breakages
Hi, recent automake transition to 1.14 broke (FTBFS) at least two of my packages. Would it be possible to coordinate the (next) transition better than uploaddeal with breakages like we do with the rest of our packages? O. -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1380474955.16141.27835205.4f731...@webmail.messagingengine.com
Re: Algorithm for selecting between packages providing the same phpapi-20100525, change between squeeze - wheezy
On Tue, Jul 9, 2013 at 5:36 PM, Julien Cristau jcris...@debian.org wrote: On Tue, Jul 9, 2013 at 14:25:59 +0200, Ondřej Surý wrote: David, will this bug get fixed in wheezy? More people are starting to complain they get libapache2-mod-php5filter installed: #709027 I am still have no idea how to fix that in wheezy apart from fixing the selection algorithm in apt. I'm pretty sure what needs to happen here is to have exactly one package providing phpapi-20121212. You are quite right. I have prepared an php5 upload where only php5-common package provide phpapi-20121212 and the Provides: part have been dropped from various SAPIs. This will of course break all packages depending only on php5-module without declaring dependency on php5 (or specific php5 SAPI). After cleaning the list (grep-dctrl generated) by removing php libraries and various optional modules, where the php5 dependency is provided by main package (like fusionforge, mediawiki, nordugrid, horde), I have been left with this list: Package: bandwidthd-pgsql Depends: dbconfig-common, php5-gd, postgresql-client, ucf, debconf (= 0.5) | debconf-2.0, libc6 (= 2.14), libgd3 (= 2.1.0~alpha~), libpcap0.8 (= 0.9.8), libpng12-0 (= 1.2.13-4), libpq5 Package: davical Depends: debconf (= 1.0.32), php5-pgsql, postgresql-client (= 8.1), libawl-php (= 0.53-1~), libawl-php ( 0.54), libdbd-pg-perl, libyaml-perl On the other hand it will fix all packages declaring Depends: php5-module, php5 since the php5 SAPI dependency will be correctly resolved by dependency order in php5. We might be able to do the same for wheezy if we can push the fix for bandwidth-pgsql and davical to wheezy in the same run. That's probably up to release team to say if they would ack such action. O. -- Ondřej Surý ond...@sury.org
Bug#711345: transition: cyrus-sasl2
On Tue, Jul 9, 2013 at 11:48 PM, Julien Cristau jcris...@debian.org wrote: On Thu, Jun 6, 2013 at 14:39:46 +0200, Ondřej Surý wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Upstream SOVER change to fix #665476. So, err. If we've shipped the new ABI in wheezy already, do we really want to go through the pain of an unnecessary SONAME bump now? Or is there some more ABI breakage in this release? I don't think so. But: a) do we really want to divert from upstream? b) I think it's nice to know that we are actually able to bump the SONAME at all, because the packages were not ready for SONAME bump at all. Anyway I will not struggle hard if you decide it's not worth it. O. -- Ondřej Surý ond...@sury.org
Bug#714924: RM: falconpl/0.9.6.9-git20120606-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is last package blocking libgd2 transition. The RC bug (#711787) is open for almost a month without reaction and I have pinged Kartik via email (also without responsed) last week. According to dak (dak rm -Rn -s unstable falconpl), it has no rev-deps: Checking reverse dependencies... No dependency problem found. Thanks, O. - -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHVZEgACgkQ9OZqfMIN8nOX0gCeNzHBkdSeW3njco8btcsnC9OR bJwAoIm82I/m0KdR/VxglD2RrLjyxjbx =NNJq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130704120219.13239.26636.report...@howl.nic.cz
Bug#714245: RM: plplot/5.9.9-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, please remote plplot from testing, it has two RC bugs (one of it is FTBFS) and it's one of the last packages blocking libgd2 transition. Thanks, Ondrej - -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHL9esACgkQ9OZqfMIN8nPapwCfaZtVZE1QLXSrZ5MwY6293QfX GjgAoKm1OlOjeayCTkCFBt2GG3ybpF23 =87zT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130627082059.8267.95198.report...@howl.nic.cz
Bug#714245: RM: plplot/5.9.9-5
Um, could we also remove the r-deps? :) I tried to fix the FTBFS and I can fix the current python2.7 failure, but I am unable to fix the D v1 to D v2 without leaving my sanity somewhere in the middle of CMake files (CMake is unable to find working gdc compiler, so the build fails on missing D bindings). As a side note... I think I will strangle the next person to tell me we should use CMake instead of autotools, because it's simpler... O. On Thu, Jun 27, 2013 at 10:49 AM, Julien Cristau jcris...@debian.orgwrote: Control: tags -1 moreinfo On Thu, Jun 27, 2013 at 10:20:59 +0200, Ondřej Surý wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, please remote plplot from testing, it has two RC bugs (one of it is FTBFS) and it's one of the last packages blocking libgd2 transition. # Broken Depends: cl-plplot: cl-plplot gnudatalanguage: gnudatalanguage pdl: pdl # Broken Build-Depends: cl-plplot: libplplot-dev gnudatalanguage: libplplot-dev pdl: libplplot-dev Dependency problem found. Cheers, Julien -- Ondřej Surý ond...@sury.org
Bug#714245: RM: plplot/5.9.9-5
On Thu, Jun 27, 2013 at 4:30 PM, Julien Cristau jcris...@debian.org wrote: On Thu, Jun 27, 2013 at 16:13:05 +0200, Ondřej Surý wrote: Um, could we also remove the r-deps? :) That amounts to: plplot cl-plplot gnudatalanguage pdl libpadre-plugin-pdl-perl libpdl-io-hdf5-perl libpdl-linearalgebra-perl libpdl-netcdf-perl libpdl-stats-perl libtfbs-perl altree Somebody should probably check popcon stats for those before we start removing that amount of stuff... libcsiro0 3823 2.52% 4919 (src:plplot) libplplot11 1299 0.86% 8352 (src:plplot) cl-plplot 28 0.02% 38033 gnudatalanguage 490 0.32% 13031 pdl 2354 1.55% 6248 libpadre-plugin-pdl-perl 15 0.01% 46409 libpdl-io-hdf5-perl 11 0.01% 50880 libpdl-linearalgebra-perl 4 0.00% 66749 libpdl-netcdf-perl 22 0.01% 41176 libpdl-stats-perl 78 0.05% 27455 libtfbs-perl 17 0.01% 44572 altree 192 0.13% 19416 Here you are... Ondrej -- Ondřej Surý ond...@sury.org
Fix M-A bugs in stable?
Hi, follow-up to #713932. For some strange reason I did put a non-M-A file into libsasl2-2 instead of sasl2-bin where it's used, should I fix it in stable as well? Ondrej -- Ondřej Surý ond...@sury.org
Bug#658829: Bug#706895: transition: db5.3
The git version was 8 commits behind, I did push the remaining changes few hours ago. Ondřej Surý On 15. 6. 2013, at 13:33, Bernhard R. Link brl...@debian.org wrote: * Ondřej Surý ond...@debian.org [130611 08:27]: the information from Matthias was correct, and Berkeley DB 6.0 has been released today, + packaged and uploaded to unstable. db-defaults has been updated to 6.0 dependencies and uploaded to experimental. Are those package also available somewhere while it is still stuck in NEW? I managed to build something from git but that needed to remove a patch that already seems to be applied upstream and removing some signature check to make it build. I don't expect bigger problems with the transition since I think we went through the biggest hell when transitioning from db4.{7,8} to db5.1, but there might be still some packages which will need some patching to support major version bump (although I think I have provided patches for most of those when the bump from 4 to 5 happened). The API changes from 5 - 6 at least break reprepro. Bernhard R. Link -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/632a0d22-98fb-42de-ad32-5957a26b5...@sury.org
Bug#658829: Bug#706895: transition: db5.3
Hi release team and Matthias, the information from Matthias was correct, and Berkeley DB 6.0 has been released today, + packaged and uploaded to unstable. db-defaults has been updated to 6.0 dependencies and uploaded to experimental. I don't expect bigger problems with the transition since I think we went through the biggest hell when transitioning from db4.{7,8} to db5.1, but there might be still some packages which will need some patching to support major version bump (although I think I have provided patches for most of those when the bump from 4 to 5 happened). We will just remove db5.3 from the archive when python-bsddb3 will transition from db5.3 to db6.0. Regards, Ondrej On Mon, May 6, 2013 at 7:18 PM, Ondřej Surý ond...@sury.org wrote: If the information is true then I don't mind waiting couple of months for BDB 6. I just wish Berkeley DB was acquired by some more open company :-/. The new major version number is also often a culprit for breakages, although I think I have fixed most if not all of them in 4-5 transition. Ondřej Surý On 6. 5. 2013, at 18:47, Matthias Klose d...@debian.org wrote: Am 06.05.2013 08:25, schrieb Ondřej Surý: BTW do you have any information on db 6.x? I haven't seen any nor I have been able to find any information about it. see http://bugs.python.org/issue17477 -- Ondřej Surý ond...@sury.org
Bug#711328: pu: package cyrus-sasl2/2.1.25.dfsg1-6+deb7u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I must confess that I have somehow neglected cyrus-sasl2 before the release, so some of the bugs have slipped under my radar. I would like to make amends with pu now. The updated package fixes three bugs: * Fix heavy CPU usage in saslauthd (Closes: #708552) * Send LOGOUT before closing connection in auth_rimap (Closes: #708547) * Fix garbage in output buffer when using canonuser_plugin: ldapdb (Closes: #689346) The first two patches are (mostly) isolated in auth_rimap.c affecting dovecot users. The last patch adds missing \0 in ldapdb string which might lead to garbled canonical user authname. $ diffstat cyrus-sasl2_2.1.25.dfsg1-6+deb7u1.debdiff changelog |9 + gbp.conf |4 patches/0034-fix_dovecot_authentication.patch | 40 ++-- patches/0038-send_imap_logout.patch | 48 ++ patches/0039-fix-canonuser-ldapdb-garbage-in-out-buffer.patch | 10 ++ patches/series|2 6 files changed, 102 insertions(+), 11 deletions(-) Thank you for considering this update. Ondrej - -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGwbHsACgkQ9OZqfMIN8nOfZgCcCb2Rp30ddQMm5gEy7vkZXZVN pd0An1P89csp8wP8moVvdAYkj9kza9pw =aGJO -END PGP SIGNATURE- diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/changelog cyrus-sasl2-2.1.25.dfsg1/debian/changelog --- cyrus-sasl2-2.1.25.dfsg1/debian/changelog 2012-10-26 14:06:17.0 +0200 +++ cyrus-sasl2-2.1.25.dfsg1/debian/changelog 2013-06-06 12:46:29.0 +0200 @@ -1,3 +1,12 @@ +cyrus-sasl2 (2.1.25.dfsg1-6+deb7u1) unstable; urgency=low + + * Fix heavy CPU usage in saslauthd (Closes: #708552) + * Send LOGOUT before closing connection in auth_rimap (Closes: #708547) + * Fix garbage in output buffer when using canonuser_plugin: ldapdb +(Closes: #689346) + + -- Ondřej Surý ond...@debian.org Fri, 17 May 2013 18:11:26 +0200 + cyrus-sasl2 (2.1.25.dfsg1-6) unstable; urgency=low * Fix failures when the host have broken hostname (Closes: #683555) diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/gbp.conf cyrus-sasl2-2.1.25.dfsg1/debian/gbp.conf --- cyrus-sasl2-2.1.25.dfsg1/debian/gbp.conf 2012-10-26 14:06:17.0 +0200 +++ cyrus-sasl2-2.1.25.dfsg1/debian/gbp.conf 2013-06-06 12:46:29.0 +0200 @@ -1,7 +1,7 @@ [DEFAULT] -debian-branch = debian-sid +debian-branch = master-wheezy debian-tag = debian/%(version)s -upstream-branch = upstream-sid +upstream-branch = upstream-wheezy upstream-tag = upstream/%(version)s pristine-tar = True diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/patches/0034-fix_dovecot_authentication.patch cyrus-sasl2-2.1.25.dfsg1/debian/patches/0034-fix_dovecot_authentication.patch --- cyrus-sasl2-2.1.25.dfsg1/debian/patches/0034-fix_dovecot_authentication.patch 2012-10-26 14:06:17.0 +0200 +++ cyrus-sasl2-2.1.25.dfsg1/debian/patches/0034-fix_dovecot_authentication.patch 2013-06-06 12:46:29.0 +0200 @@ -1,18 +1,20 @@ a/saslauthd/auth_rimap.c -+++ b/saslauthd/auth_rimap.c +Index: cyrus-sasl2-2.1.25.dfsg1/saslauthd/auth_rimap.c +=== +--- cyrus-sasl2-2.1.25.dfsg1.orig/saslauthd/auth_rimap.c 2013-05-16 15:36:35.0 + cyrus-sasl2-2.1.25.dfsg1/saslauthd/auth_rimap.c 2013-05-16 15:43:24.0 + @@ -1,3 +1,4 @@ + /* MODULE: auth_rimap */ /* COPYRIGHT -@@ -367,6 +368,30 @@ auth_rimap ( +@@ -367,6 +368,39 @@ alarm(NETWORK_IO_TIMEOUT); rc = read(s, rbuf, sizeof(rbuf)); alarm(0); +if ( rc0 ) { +/* check if there is more to read */ +fd_set perm; -+intfds, ret; ++intfds, ret, loopc; +struct timeval timeout; + +FD_ZERO(perm); @@ -21,6 +23,7 @@ + +timeout.tv_sec = 1; +timeout.tv_usec = 0; ++loopc = 0; +while( select (fds, perm, NULL, NULL, timeout ) 0 ) { + if ( FD_ISSET(s, perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); @@ -28,6 +31,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc
Bug#711328: pu: package cyrus-sasl2/2.1.25.dfsg1-6+deb7u1
Fair enough, 2.1.25.dfsg1-7 was just uploaded to unstable Why 2.1.25.dfsg1-7~deb7u1 and not 2.1.25.dfsg1-6+deb7u1? (I probably won't include the autoreconf fix in wheezy version – I consider the autotools magic to fragile to mangle.) O. On Thu, Jun 6, 2013 at 1:12 PM, Cyril Brulebois k...@debian.org wrote: Control: tag -1 moreinfo Hi, Ondřej Surý ond...@debian.org (06/06/2013): I must confess that I have somehow neglected cyrus-sasl2 before the release, so some of the bugs have slipped under my radar. I would like to make amends with pu now. please fix bugs in sid first, so that bugfixes get tested, and possible regressions get spotted. If 2.1.25.dfsg1-7 is OK in sid, you can propose a 2.1.25.dfsg1-7~deb7u1 (targetting wheezy or stable, rather than unstable ;)). Mraw, KiBi. -- Ondřej Surý ond...@sury.org
Bug#711345: transition: cyrus-sasl2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Upstream SOVER change to fix #665476. Ben file: title = cyrus-sasl2; is_affected = .depends ~ libsasl2-2 | .depends ~ libsasl2-3; is_good = .depends ~ libsasl2-3; is_bad = .depends ~ libsasl2-2; - -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGwgw8ACgkQ9OZqfMIN8nNodgCgokg2I0b/2RkrgWW0yK/uzEyv 7UEAnR1kf4uLgBEqbbXIBMX+nlICh7Ys =c+jH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130606123946.16290.74280.report...@howl.nic.cz
Bug#708248: transition: json-c
Hi Michael, it's the dreaded directories-not-replaced-by-symlink bug for transitional packages. I will upload fixed packages. O. On Thu, Jun 6, 2013 at 7:18 PM, Michael Biebl bi...@debian.org wrote: Am 17.05.2013 12:27, schrieb Ondřej Surý: I have verified that libjson0 with just symlinks works (running psensor), and building with libjson0-dev ends with libjson-c2 as dependency (upstart). Thus I am ready to upload the package to unstable. The libjson0-dev package that landed in unstable is broken. The /usr/lib/*/libjson.so symlink is dangling and points to /lib. Also /usr/include/json is simply an empty directory while I assume it should be a symlink to /usr/include/json-c. This causes one of my packages to ftbfs, as it includes json/json.h. Ondřej, could you please upload a fixed compat package to unstable? Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Ondřej Surý ond...@sury.org
Bug#708248: transition: json-c
Michael, you can depend on 0.11-2, it should hopefully have all the stuff you mentioned fixed. O. On Thu, Jun 6, 2013 at 7:56 PM, Ondřej Surý ond...@debian.org wrote: Hi Michael, it's the dreaded directories-not-replaced-by-symlink bug for transitional packages. I will upload fixed packages. O. On Thu, Jun 6, 2013 at 7:18 PM, Michael Biebl bi...@debian.org wrote: Am 17.05.2013 12:27, schrieb Ondřej Surý: I have verified that libjson0 with just symlinks works (running psensor), and building with libjson0-dev ends with libjson-c2 as dependency (upstart). Thus I am ready to upload the package to unstable. The libjson0-dev package that landed in unstable is broken. The /usr/lib/*/libjson.so symlink is dangling and points to /lib. Also /usr/include/json is simply an empty directory while I assume it should be a symlink to /usr/include/json-c. This causes one of my packages to ftbfs, as it includes json/json.h. Ondřej, could you please upload a fixed compat package to unstable? Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Ondřej Surý ond...@sury.org -- Ondřej Surý ond...@sury.org
Bug#711178: pu: package php5/5.4.4-14+deb7u2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi release team, since the next point release is not out, I am asking for another pu for php5. This update bring one bugfix and one small improvement: debian/patches/fix-filter-SAPI-REQUEST_TIME.patch: 1. Fix $_SERVER[REQUEST_TIME] in filter SAPI (Closes: #709023) - - The patch is small and contained only in libapache2-mod-php5filter debian/control: 2. Make the Breaks on php5-suhosin versioned to allow suhosin backports when there's a new upstream version (Acked by suhosin maintainer) - - We had unversioned Breaks: php5-suhosin, because of the mess created by Laszlo Boszormenyi (as explained in #675312). I was approached by Jan Wagner (the _real_ maintainer of php-suhosin), if I could add versioned Breaks, so he can provide backports of php5-suhosin for wheezy users. It's safe thing to do now when wheezy is out, so I am adding the versioned Breaks. $ diffstat php5_5.4.4-14+deb7u2.debdiff debian/patches/fix-filter-SAPI-REQUEST_TIME.patch | 21 + php5-5.4.4/debian/changelog |8 php5-5.4.4/debian/control |2 +- php5-5.4.4/debian/patches/series |1 + 4 files changed, 31 insertions(+), 1 deletion(-) Thank you, Ondrej - -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGu+YMACgkQ9OZqfMIN8nMoXwCggTjF7eakE/pp5DboGtUjd/IO W2YAoKOE6oXpjbnLxrOjXMCwEv5z21Ct =uhm+ -END PGP SIGNATURE- diff -u php5-5.4.4/debian/control php5-5.4.4/debian/control --- php5-5.4.4/debian/control +++ php5-5.4.4/debian/control @@ -106,7 +106,7 @@ php-kolab-filter (= 0.1.9-4), horde3 (= 3.3.12+debian0-1), moodle (= 1.9.9.dfsg2-4), - php5-suhosin + php5-suhosin ( 0.9.34) Description: Common files for packages built from the php5 source This package contains the documentation and example files relevant to all the other packages built from the php5 source. diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,11 @@ +php5 (5.4.4-14+deb7u2) stable; urgency=low + + * Fix $_SERVER[REQUEST_TIME] in filter SAPI (Closes: #709023) + * Make the Breaks on php5-suhosin versioned to allow suhosin backports +when there's a new upstream version (Acked by suhosin maintainer) + + -- Ondřej Surý ond...@debian.org Wed, 05 Jun 2013 09:35:56 +0200 + php5 (5.4.4-14+deb7u1) stable; urgency=low * Pull upstream fix for FPM drops connection while receiving some binary diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -85,0 +86 @@ +fix-filter-SAPI-REQUEST_TIME.patch only in patch2: unchanged: --- php5-5.4.4.orig/debian/patches/fix-filter-SAPI-REQUEST_TIME.patch +++ php5-5.4.4/debian/patches/fix-filter-SAPI-REQUEST_TIME.patch @@ -0,0 +1,21 @@ +From 2019062cfc6e4b4832aaca3b73891d93adc115a8 Mon Sep 17 00:00:00 2001 +From: Felipe Pena felipe...@gmail.com +Date: Sun, 8 Jul 2012 14:05:28 -0300 +Subject: [PATCH] - Fixed bug #62507 (['REQUEST_TIME'] under mod_php5 returns + miliseconds instead of seconds) + +--- + sapi/apache2filter/sapi_apache2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c +@@ -311,7 +311,7 @@ php_apache_disable_caching(ap_filter_t * + static double php_apache_sapi_get_request_time(TSRMLS_D) + { + php_struct *ctx = SG(server_context); +- return apr_time_as_msec(ctx-r-request_time); ++ return ((double) apr_time_as_msec(ctx-r-request_time)) / 1000.0; + } + + extern zend_module_entry php_apache_module;
Bug#708631: pu: package cyrus-imapd-2.4/2.4.16-4+deb7u1
I have uploaded a version to ftp-master, but nothing much has happened. Has something went wrong? O. On Tue, May 21, 2013 at 11:24 PM, Cyril Brulebois k...@debian.org wrote: Control: tag -1 confirmed Ondřej Surý ond...@debian.org (17/05/2013): Thanks for the review. Attached is fixed debdiff. Looks good to me; feel free to downgrade urgency to low though, it doesn't make much sense for spu. Mraw, KiBi. -- Ondřej Surý ond...@sury.org
Bug#709634: RM: ruby-activesupport-2.3/2.3.14-7, ruby-actionmailer-2.3/2.3.14-3, ruby-actionpack-2.3/2.3.14-5, ruby-activerecord-2.3/2.3.14-6, ruby-activeresource-2.3/2.3.14-3, ruby-rails-2.3/2.3.14-4
rails is sitting in NEW. ruby-activeldap is waiting for ruby-gettext-i18n-rails, which is (surprise, surprise) sitting in NEW. I think it would be fairly safe to remove both rails and ruby-activeldap from testing as well instead of waiting for transition from sid to testing of those new packages, but it's your call. O. On Fri, May 24, 2013 at 8:20 PM, Adam D. Barratt a...@adam-barratt.org.ukwrote: Control: tags -1 + moreinfo On Fri, 2013-05-24 at 17:38 +0200, Ondřej Surý wrote: please kill rails 2.3 from testing. It has been replaced by rails 3.2 We can't right now: $ dak rm -Rn -s testing ruby-active{support,record,resource}-2.3 ruby-rails-2.3 ruby-action{pack,mailer}-2.3 [...] # Broken Depends: rails: rails ruby-actionmailer ruby-actionpack ruby-activerecord ruby-activeresource ruby-activesupport ruby-activeldap: ruby-activeldap Regards, Adam -- Ondřej Surý ond...@sury.org
Bug#709634: RM: ruby-activesupport-2.3/2.3.14-7, ruby-actionmailer-2.3/2.3.14-3, ruby-actionpack-2.3/2.3.14-5, ruby-activerecord-2.3/2.3.14-6, ruby-activeresource-2.3/2.3.14-3, ruby-rails-2.3/2.3.14-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, please kill rails 2.3 from testing. It has been replaced by rails 3.2 (And hopefully by rails 4.0 before jessie is out, so we don't end up with having two version of RubyGemHell(TM) next time). I will ask for RM, but it will need some checking with our r-deps: Checking reverse dependencies... # Broken Depends: puppet: puppet-testsuite ruby-feedtools[1]: ruby-feedtools ruby-gettext-activerecord[1]: ruby-gettext-activerecord ruby-gettext-rails[1]: ruby-gettext-rails ruby-recaptcha: ruby-recaptcha ruby-roxml[1]: ruby-roxml # Broken Build-Depends: ruby-bson[1]: ruby-activesupport ruby-escape-utils[1]: ruby-actionpack ruby-fast-gettext[1]: ruby-activerecord ruby-haml-magic-translations[1]: ruby-actionpack ruby-i18n[1]: ruby-activesupport ruby-roxml[1]: ruby-activerecord ruby-activesupport ruby-timecop[1]: ruby-activesupport ruby-treetop[1]: ruby-activesupport 1. Will be handled internally by ruby-pkg-extra team, so I won't be officially filling a transition bug, but I will just fill bugs to puppet and ruby-recaptcha, and help the maintainers of those to migrate. O. -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130524153820.20890.5697.reportbug@howl-office
Re: Bug#709145: [CVE-2009-3546]: contains embedded (and outdated) copy of libgd2
On Tue, May 21, 2013 at 11:24 AM, Norbert Preining prein...@logic.at wrote: On Di, 21 Mai 2013, Ondřej Surý wrote: The new upload of texlive-bin contains and uses an outdated embedded copy of GD library and must not enter testing until texlive-bin is using the system GD library again. Wrong. Containing an embedded copy that is even compiled, but not linked against any program is not a reason for a serious bug. I am not going to play BTS ping-pong, but you should close this bug only when you start using the system libgd again. texlive-bin MUST NOT migrate to testing with embedded outdated libgd. The only program in TeX Live that is linked against libgd is dvipng and this is built outside of TeX live. Care to elaborate? Either you need the sources or you do not. The TL infrastructure *needs* to build the library or use the system library. If it builds the library you should fix the CVEs or at least check that the affected code in not used by dvipng. Since using the sys library is currently impossible, we include a copy of the *not*used* libgd library. That's not true, I have already uploaded fixed libgd2 to unstable. My opinion is that you should have asked me when there will be fixed version of libgd2 uploaded to unstable before rushing things. O. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG8Jye+tc8Ck+y0DkhK3-N=3o1co4efau0xhvuueaar...@mail.gmail.com
Bug#708248: transition: json-c
I have verified that libjson0 with just symlinks works (running psensor), and building with libjson0-dev ends with libjson-c2 as dependency (upstart). Thus I am ready to upload the package to unstable. Ondrej On Thu, May 16, 2013 at 1:29 PM, Ondřej Surý ond...@sury.org wrote: Good question. I guess I got stuck in the upstream way of 'compatibility'. That's the best solution. I'll prepare the packages in experimental and we'll see. Ondřej Surý On 16. 5. 2013, at 12:03, Julien Cristau jcris...@debian.org wrote: On Thu, May 16, 2013 at 08:25:32 +0200, Ondřej Surý wrote: Hi Steve, On Thu, May 16, 2013 at 5:41 AM, Steve Langasek vor...@debian.org wrote: Hi Ondřej, On Tue, May 14, 2013 at 03:12:02PM +0200, Ondřej Surý wrote: JSON-C upstream has renamed the library from libjson.so to libjson-c.so, headers are now in /usr/include/json-c and pkg-config is called json-c. There's a compatibility layer (symlinks and libjson.so.0), but since the library has so few r-deps, I feel that we might not need it to make things more simple in the future. The upstream is planning to drop the compatibility layer in next release anyway, so we would have to do the transition in some other point in time. Not necessarily. If the ABI has not changed, there is no reason that we should not keep the compatibility layer in place in Debian *indefinitely*. For another example of this, see libcurl3-gnutls. There are some new symbols in libjson-c library and _no_ symbols in libjson Why isn't libjson.so.0 a symlink to libjson-c.so.2 then? Cheers, Julien -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg9hkixqfjqym7ydimdyghzcyvy-yhqjl-ovm0d3y8n...@mail.gmail.com
Bug#708631: pu: package cyrus-imapd-2.4/2.4.16-4+deb7u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Hi, this update fixes some obsolete links in the READMEs and fixes a grave bug when upgrading cyrus database which use Berkeley DB as backend (no data is lost, but cyrus-imapd cannot be started). $ diffstat cyrus-imapd-2.4_2.4.16-4+deb7u1.debdiff README.Debian| 11 +-- UPGRADE.Debian |4 ++-- changelog|9 + cyrus-upgrade-db |3 +-- gbp.conf |4 ++-- 5 files changed, 19 insertions(+), 12 deletions(-) Ondrej -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru cyrus-imapd-2.4-2.4.16/debian/changelog cyrus-imapd-2.4-2.4.16/debian/changelog --- cyrus-imapd-2.4-2.4.16/debian/changelog 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/changelog 2013-05-17 13:38:57.0 +0200 @@ -1,3 +1,12 @@ +cyrus-imapd-2.4 (2.4.16-4+deb7u1) unstable; urgency=high + + * Fix links in the README.Debian and UPGRADE.Debian (courtesy of Gijs +Hillenius) + * When piping data to while loop the subshell is created and variables +are lost (Closes: #706862) + + -- Ondřej Surý ond...@debian.org Wed, 15 May 2013 08:54:27 +0200 + cyrus-imapd-2.4 (2.4.16-4) unstable; urgency=low * Update normalize patch to correctly set the normalize option in the diff -Nru cyrus-imapd-2.4-2.4.16/debian/cyrus-upgrade-db cyrus-imapd-2.4-2.4.16/debian/cyrus-upgrade-db --- cyrus-imapd-2.4-2.4.16/debian/cyrus-upgrade-db 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/cyrus-upgrade-db 2013-05-17 13:38:57.0 +0200 @@ -97,7 +97,6 @@ fi BERKELEY_DB_FOUND= -cat $OLD_LIST | \ while read -r OLD_DBKEY OLD_DBVALUE ; do NEW_DBVALUE=$(LC_ALL=C gawk /^${OLD_DBKEY}[[:blank:]]/ { print \$2 } $NEW_LIST) @@ -180,7 +179,7 @@ upgradedb $DBFILE $OLD_DBVALUE $NEW_DBVALUE fi fi -done +done $OLD_LIST # Create Berkeley DB checkpoint and remove old logs if [ -n ${DO_UPGRADE_BDB} -a -d $CONFIG_DIR/db ]; then if [ -n ${BERKELEY_DB_FOUND} ]; then diff -Nru cyrus-imapd-2.4-2.4.16/debian/gbp.conf cyrus-imapd-2.4-2.4.16/debian/gbp.conf --- cyrus-imapd-2.4-2.4.16/debian/gbp.conf 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/gbp.conf 2013-05-17 13:38:57.0 +0200 @@ -1,7 +1,7 @@ [DEFAULT] -debian-branch = debian-sid +debian-branch = master-wheezy debian-tag = debian/%(version)s -upstream-branch = upstream-sid +upstream-branch = upstream-wheezy upstream-tag = upstream/%(version)s pristine-tar = True diff -Nru cyrus-imapd-2.4-2.4.16/debian/README.Debian cyrus-imapd-2.4-2.4.16/debian/README.Debian --- cyrus-imapd-2.4-2.4.16/debian/README.Debian 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/README.Debian 2013-05-17 13:38:57.0 +0200 @@ -15,12 +15,11 @@ email through LMTP, IMAP and POP3 *only*. No direct file access to the email store is supposed to take place. -For more information, please consult http://asg.web.cmu.edu/cyrus/imapd/ and -http://asg.web.cmu.edu/twiki/bin/view/Cyrus/WebHome (Cyrus WiKi). There is -also Cyrus-HOWTO (Cyrus-IMAP.txt) available as part of the LDP HOWTO -collection. Upgrade hints are in UPGRADE.Debian.gz Outdated documentation -will cause you much grief, so beware of that when hunting anywhere else than -the Cyrus mailinglist for information. +For more information, please consult http://cyrusimap.org/. +There is also Cyrus-HOWTO (Cyrus-IMAP.txt) available as part of the +LDP HOWTO collection. Upgrade hints are in UPGRADE.Debian.gz Outdated +documentation will cause you much grief, so beware of that when +hunting anywhere else than the Cyrus mailinglist for information. Backports of the latest packages for Debian Stable are available from http://www.backports.org diff -Nru cyrus-imapd-2.4-2.4.16/debian/UPGRADE.Debian cyrus-imapd-2.4-2.4.16/debian/UPGRADE.Debian --- cyrus-imapd-2.4-2.4.16/debian/UPGRADE.Debian 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/UPGRADE.Debian 2013-05-17 13:38:57.0 +0200 @@ -1,7 +1,7 @@ For more information, see README.Debian[.gz] in /usr/share/doc/cyrus-common-2.4/ -and the web page below, part of the cyrus-utils project at SourceForge: +and the web page below, part of the Cyrus project at http://cyrusimap.org/ - http://cyrus-utils.sourceforge.net/faq + http://cyrusimap.org/mediawiki/index.php/FAQ Upgrading from 2.2.x to 2.4 ===
Bug#708631: pu: package cyrus-imapd-2.4/2.4.16-4+deb7u1
Thanks for the review. Attached is fixed debdiff. Ondrej On Fri, May 17, 2013 at 2:45 PM, Cyril Brulebois k...@debian.org wrote: Hi, some comments below: Ondřej Surý ond...@debian.org (17/05/2013): […] diff -Nru cyrus-imapd-2.4-2.4.16/debian/changelog cyrus-imapd-2.4-2.4.16/debian/changelog --- cyrus-imapd-2.4-2.4.16/debian/changelog 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/changelog 2013-05-17 13:38:57.0 +0200 @@ -1,3 +1,12 @@ +cyrus-imapd-2.4 (2.4.16-4+deb7u1) unstable; urgency=high You want to target stable or wheezy. diff -Nru cyrus-imapd-2.4-2.4.16/debian/README.Debian cyrus-imapd-2.4-2.4.16/debian/README.Debian --- cyrus-imapd-2.4-2.4.16/debian/README.Debian 2013-03-13 11:47:43.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/README.Debian 2013-05-17 13:38:57.0 +0200 @@ -15,12 +15,11 @@ email through LMTP, IMAP and POP3 *only*. No direct file access to the email store is supposed to take place. -For more information, please consult http://asg.web.cmu.edu/cyrus/imapd/ and -http://asg.web.cmu.edu/twiki/bin/view/Cyrus/WebHome (Cyrus WiKi). There is -also Cyrus-HOWTO (Cyrus-IMAP.txt) available as part of the LDP HOWTO -collection. Upgrade hints are in UPGRADE.Debian.gz Outdated documentation -will cause you much grief, so beware of that when hunting anywhere else than -the Cyrus mailinglist for information. +For more information, please consult http://cyrusimap.org/. +There is also Cyrus-HOWTO (Cyrus-IMAP.txt) available as part of the +LDP HOWTO collection. Upgrade hints are in UPGRADE.Debian.gz Outdated +documentation will cause you much grief, so beware of that when +hunting anywhere else than the Cyrus mailinglist for information. Want some punctuation before “Outdated” I guess, while you're at it? Mraw, KiBi. -- Ondřej Surý ond...@sury.org cyrus-imapd-2.4_2.4.16-4+deb7u1.debdiff Description: Binary data
Bug#706828: transition: libgd2
Package: release.debian.org Followup-For: Bug #706828 User: release.debian@packages.debian.org Usertags: transition Hi, please update Ben file for tracking libgd2 transition after the package name change as agreed on #debian-release. New Ben file: is_affected = .build-depends ~ /libgd(|2|2-noxpm|2-xpm)-dev/ is_good = .depends ~ /libgd3/ is_bad = .depends ~ /libgd2-(noxpm|xpm|3)/ Thanks, Ondrej -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130517134153.27751.7409.reportbug@localhost6.localdomain6
Bug#708248: transition: json-c
Hi Steve, On Thu, May 16, 2013 at 5:41 AM, Steve Langasek vor...@debian.org wrote: Hi Ondřej, On Tue, May 14, 2013 at 03:12:02PM +0200, Ondřej Surý wrote: JSON-C upstream has renamed the library from libjson.so to libjson-c.so, headers are now in /usr/include/json-c and pkg-config is called json-c. There's a compatibility layer (symlinks and libjson.so.0), but since the library has so few r-deps, I feel that we might not need it to make things more simple in the future. The upstream is planning to drop the compatibility layer in next release anyway, so we would have to do the transition in some other point in time. Not necessarily. If the ABI has not changed, there is no reason that we should not keep the compatibility layer in place in Debian *indefinitely*. For another example of this, see libcurl3-gnutls. There are some new symbols in libjson-c library and _no_ symbols in libjson There are no library symbols removed (just added), so the transition should be relatively painless (you will just have to do s/json/json-c/ in your packages). Ben file: title = json-c; is_affected = .depends ~ libjson0 | .depends ~ libjson-c2; is_good = .depends ~ libjson-c2; is_bad = .depends ~ libjson0; It looks like you're coupling a transition of the runtime library package name with a transition of the build-time API. The first is not required at all - the runtime library package name should change IFF there is a backwards-incompatible ABI change, which there isn't in this case *unless* we drop the compat symlink (which we therefore should just never do). The second could arguably be made a soft transition, with backwards-compatibility support added so that this doesn't gum up testing transitions unnecessarily; but as you point out, the set of affected packages is small, and as long as it's not coupled with an unnecessary change to the runtime lib package name this is probably acceptable - but this is a question the release team should decide on. The upstream compatibility layer consists of: symlink in /usr/include/json/ - json-c json.pc in /usr/lib/pkgconfig and libjson.so.0 which has no symbols, and just links to libjson-c.so.2. My knowledge of dynamic linker isn't that great, but I very much doubt this is a drop-in replacement for original libjson.so.0 _with_ symbols, so at least bin-NMU would be needed. But I might be mistaken here. Also since libjson0 has dropped original symbols, it needs SONAME bump, so we would have libjson1. If there's a need to keep the compatibility layer I am inclined to: - drop libjson0 - keep libjson0-dev with the symlink and modified json.pc with -ljson-c. This might still break applications which hardcode the library name (e.g. they don't use pkg-config), so I am still quite unsure it's worth from long term. So overall I would still suggest short term pain, which can be solved by coordinated uploads and NMUs on those few packages which will break. But I would leave that decision in the hands of our release managers. Ondrej P.S.: I can prepare both variants (with and without libjson0{-dev}, so you can check them. I already have that buried somewhere in the git, since my first update of the package was with libjson0{-dev} compatibility layer kept. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG9LZ=MCYTzHTt1_=vzg10qef+lwo1ybjsyr3kuthac...@mail.gmail.com
Bug#708248: transition: json-c
Good question. I guess I got stuck in the upstream way of 'compatibility'. That's the best solution. I'll prepare the packages in experimental and we'll see. Ondřej Surý On 16. 5. 2013, at 12:03, Julien Cristau jcris...@debian.org wrote: On Thu, May 16, 2013 at 08:25:32 +0200, Ondřej Surý wrote: Hi Steve, On Thu, May 16, 2013 at 5:41 AM, Steve Langasek vor...@debian.org wrote: Hi Ondřej, On Tue, May 14, 2013 at 03:12:02PM +0200, Ondřej Surý wrote: JSON-C upstream has renamed the library from libjson.so to libjson-c.so, headers are now in /usr/include/json-c and pkg-config is called json-c. There's a compatibility layer (symlinks and libjson.so.0), but since the library has so few r-deps, I feel that we might not need it to make things more simple in the future. The upstream is planning to drop the compatibility layer in next release anyway, so we would have to do the transition in some other point in time. Not necessarily. If the ABI has not changed, there is no reason that we should not keep the compatibility layer in place in Debian *indefinitely*. For another example of this, see libcurl3-gnutls. There are some new symbols in libjson-c library and _no_ symbols in libjson Why isn't libjson.so.0 a symlink to libjson-c.so.2 then? Cheers, Julien -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8716426e-fbf1-4890-86f7-ddc538576...@sury.org
Bug#661958: Bug#707024: Bug#661958: Reboot Apache2 2.4 transition
On Thu, May 16, 2013 at 8:12 PM, Arno Töll a...@debian.org wrote: Hi, On 13.05.2013 10:51, Ondřej Surý wrote: I can ack that PHP 5.5 RC1 is prepared to enter the unstable. This will also trigger the libgd and php5.5 transitions. jcristau and me wondered if you want us to wait until you have a libgd package ready? There seems to be some discussion going on on d-devel related to that. Could you please clarify? I have contacted all upstream binding authors and all of them, who get back to me, report success, so I think we are safe to go. Right now I have added one more patch (reported in Debian, fixed in upstream) and I will be uploading to unstable. Ondrej -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg9viwamz6e18kai8zdnujywo-jfsufrsb6qurlos6-...@mail.gmail.com
Bug#708248: Acknowledgement (transition: json-c)
JFTR I got ACK from current maintainer, so I am ready to upload whenever release team seems fit. O. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG-_aCd9YHR5d9p7Q58ZnkOgLQjtqTu2CCGb=G+yjV=d...@mail.gmail.com
Bug#708248: transition: json-c
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi release team and affected maintainers, Disclaimer: I need new json-c to fix RC licensing bug in php5 (thus I do care about this package more than I do care for some other). JSON-C upstream has renamed the library from libjson.so to libjson-c.so, headers are now in /usr/include/json-c and pkg-config is called json-c. There's a compatibility layer (symlinks and libjson.so.0), but since the library has so few r-deps, I feel that we might not need it to make things more simple in the future. The upstream is planning to drop the compatibility layer in next release anyway, so we would have to do the transition in some other point in time. I wrote to fabien, and I still need to hear from him, but I took the liberty to build the packages and you can find preliminary updated packages here: https://www.sury.org/json-c/ There are no library symbols removed (just added), so the transition should be relatively painless (you will just have to do s/json/json-c/ in your packages). Anyway here's the list of affected maintainers and their packages: Andrew Chadwick a.t.chadw...@gmail.com mypaint (U) Cleto Martín cl...@debian.org grive (U) Dain Nilsson d...@yubico.com yubikey-personalization (U) Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org kamailio Fabien Boucher fabien.dot.bouc...@gmail.com libxr Fredrik Thulin fred...@yubico.com yubikey-personalization (U) Gürkan Sengün gur...@phys.ethz.ch mypaint Henning Westerholt henning.westerh...@1und1.de kamailio (U) James Hunt james.h...@ubuntu.com upstart (U) Jean-Philippe Orsini jea...@gmail.com psensor José Luis Segura Lucas josel.seg...@gmx.es grive Kilian Krause kil...@debian.org kamailio (U) Klas Lindfors k...@yubico.com yubikey-personalization (U) Laszlo Boszormenyi (GCS) g...@debian.hu syslog-ng Luke Faraone lfara...@debian.org pianobar Martin-Éric Racine martin-eric.rac...@iki.fi pulseaudio (U) Michael Biebl bi...@debian.org rsyslog Nico Golde n...@debian.org newsbeuter Pulseaudio maintenance team pkg-pulseaudio-de...@lists.alioth.debian.org pulseaudio Python Applications Packaging Team python-apps-t...@lists.alioth.debian.org mypaint Romain Beauxis to...@rastageeks.org pianobar (U) Scott James Remnant sc...@netsplit.com upstart (U) Simon Josefsson si...@yubico.com yubikey-personalization (U) Sjoerd Simons sjo...@debian.org pulseaudio (U) Soeren Sonnenburg so...@debian.org shogun Steve Langasek vor...@debian.org upstart Tollef Fog Heen tfh...@debian.org yubikey-personalization Tzafrir Cohen tzaf...@debian.org kamailio (U) Victor Seva linuxman...@torreviejawireless.org kamailio (U) Ben file: title = json-c; is_affected = .depends ~ libjson0 | .depends ~ libjson-c2; is_good = .depends ~ libjson-c2; is_bad = .depends ~ libjson0; -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130514131202.7d5d1c3...@howl.nic.cz
Bug#661958: Bug#707024: Bug#661958: Reboot Apache2 2.4 transition
I can ack that PHP 5.5 RC1 is prepared to enter the unstable. This will also trigger the libgd and php5.5 transitions. O. On Mon, May 13, 2013 at 10:36 AM, Arno Töll a...@debian.org wrote: Hi, would the Release Team be comfortable with an upload of Apache 2.4 to Sid on May, 20? That's a bit sooner than I expected, but on the other hand there is not much to gain to wait longer. We made good progress with our list of critical reverse dependencies so that only one is missing. Hence I believe, an upload on that date is feasible. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg_utkhwvcgfu9rrgdxnuh2p27-xzi1x4qt+pmcrl5z...@mail.gmail.com
Bug#661958: [php-maint] Reboot Apache2 2.4 transition
Arno, I have a question on default behaviour of apache2_invoke. If I do: apt-get install libapache2-mod-somemodule a2dismod somemodule apt-get update apt-get upgrade # libapache2-mod-somemodule gets updated Will that get somemodule reenabled? # Automatically added by dh_apache2 if [ $1 = configure ] true; then if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then . /usr/share/apache2/apache2-maintscript-helper for conf in wsgi ; do apache2_invoke enmod $conf || exit $? done fi fi You probably need to change the inserted code to: for conf in modulelist; do if [ -z $2 ]; then apache2_invoke enmod $conf || exit $? else if a2query -q -m $conf; then apache2_reload restart || exit $? fi done (And why there's the true part?) O. On Sat, May 4, 2013 at 6:12 PM, Arno Töll a...@debian.org wrote: Hi there, Now that Wheezy is ehrm virtually released ..., we'd like to reboot the Apache 2.4 transition process as soon as possible. In other words, we'd like to break Sid - as far as Apache is involved - in a foreseeable future. With your permission to proceed as suggested pending, we'd like to propose this procedure to continue with the Apache 2.4 transition: *) Aim for an upload of Apache 2.4 in June. The exact date is not fixed and determined by two factors: You approving the process itself, and the availability of a 2.4 port for certain reverse dependencies (see next point). *) Since this upload is going to break all existing module reverse dependencies, this causes bad breakage to users of Apache in Sid. We're aware of that, but it can't be avoided entirely since a transition in Experimental only does not seem to work out that well, as we're trying to prod the maintainers of affected packages for over a year. However, to smoothen the transition as much as possible, we'd like to wait with an upload to Sid until these reverse dependencies have updated packages available and then do a coordinated upload with the respective maintainers (they're all CC:-ed): - mod_php - mod_security - mod_wsgi - mod_dnssd (gnome-user-share) - mod_jk - mod_fcgid - subversion This is a somewhat biased choice, based on the popularity of the modules, and their relative importance in the Apache eco-system itself. PHP, and WSGI for example have reverse dependencies on their own, which are affected by our transition, too. Please maintainers of these package, do help us so that we can do the upload in a timely manner. Maintainers, if you need help us to transition with these modules, let the Apache maintainers know. We'll help you. *) Once the package is uploaded to Unstable together with a reasonably small subset of reverse dependencies as defined above, we'd like to successively increase the amount of transitioned packages to a larger amount (see the full list in previous posts) before considering a migration to Testing. It is up to decide together with you when exactly this is going to happen, but I do not suspect this being the case until (end of) summer. At some point we'd like to ask you to remove remaining non-transitioned packages from Testing so that we migrate the already transitioned packages, including our own. Until then, we'd file a testing migration blocking bug against our own package, so that it can't migrate to Testing by accident. *) Once the package has reached Testing, we'd like to address a transition of web-applications reverse depending on Apache. This cannot be parallelized easily, because most of them are depending on some other third party module, too. On the upside, web applications are somewhat broken during the migration, but this may only affect the integration of the Apache web server, whereas the application itself remains functional. Does this make sense to you? -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg94zhtspaus33vm7vppzkvqcmlsrqoc7n_thjr6vvo...@mail.gmail.com
Bug#706830: Mistake on my side
Hi, I did a mistake in the first Ben file, here's the correct one: title = php 5.5; is_affected = .build-depends ~ php5-dev; is_good = .depends ~ phpapi-20121212; is_bad = .depends ~ phpapi-20100525; notes = #706830; Sorry, -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG9x8EvVDHtDGP756=hk8pthqwb2-gqrifzklcwrdtb...@mail.gmail.com
Bug#658829: Bug#706895: transition: db5.3
On Mon, May 6, 2013 at 3:37 AM, Matthias Klose d...@debian.org wrote: Am 05.05.2013 23:22, schrieb Ondřej Surý: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, it's that time again we should prepare to switch to new Berkeley DB upstream version. This time it's the 5.1 to 5.3 transition. I expect that there might be another upstream release before jessie is out, but since the Berkeley DB transitions are so painful, I think it's a good idea to practice it a bit, since we only did it correctly once for wheezy. I won't be uploading new db-defaults to unstable before you ack this transition. is this really necessary with db 6.x on the horizon? Absolutelly necessary? No, and I do expect another transition before the jessie is out (unless we really speed up our release cycles :-)). But my goal is to get the archive in such shape, so the transitions from one BDB version to another are smooth as possible, and there are only very rare case when the package needs to B-D on specific BDB version. So, I won't be filling RC bugs when the transition to db 5.3 doesn't happen, but I will actively work with maintainers[1] to make this happen. BTW do you have any information on db 6.x? I haven't seen any nor I have been able to find any information about it. O. 1. I'll happily leave out the python and openldap off my list. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg_xvfx6qobaxayozs+uhx6v8pnft9upwaabkf4rszp...@mail.gmail.com
Bug#658829: Bug#706895: transition: db5.3
If the information is true then I don't mind waiting couple of months for BDB 6. I just wish Berkeley DB was acquired by some more open company :-/. The new major version number is also often a culprit for breakages, although I think I have fixed most if not all of them in 4-5 transition. Ondřej Surý On 6. 5. 2013, at 18:47, Matthias Klose d...@debian.org wrote: Am 06.05.2013 08:25, schrieb Ondřej Surý: BTW do you have any information on db 6.x? I haven't seen any nor I have been able to find any information about it. see http://bugs.python.org/issue17477 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/7f318775-1069-48b8-91a3-eaff61bf1...@sury.org
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org Followup-For: Bug #706848 User: release.debian@packages.debian.org Usertags: pu Hello Adam, version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). $ diffstat php5_5.4.4-14+deb7u1.debdiff debian/patches/CVE-2013-1643.patch | 135 -- debian/patches/CVE-2013-1824.patch | 142 +++ debian/patches/fix-crash-in-garbage-collection.patch | 35 debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++ debian/patches/libmagic-vision-fix.patch | 11 + debian/patches/pdo_dblib.patch | 29 +++ php5-5.4.4/debian/changelog | 13 + php5-5.4.4/debian/patches/series |6 8 files changed, 281 insertions(+), 136 deletions(-) And debdiff attached, sorry for to forgotting to attach it, I had it already prepared, but somehow I didn't attach it. O. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,16 @@ +php5 (5.4.4-14+deb7u1) unstable; urgency=low + + * Pull upstream fix for FPM drops connection while receiving some binary +values in FastCGI requests (Closes: #703056) + * Fix crash in garbage collection (patch courtesy of Michal Cihar) +(Closes: #706082) + * Update libmagic detection of MS Office documents (Closes: #703504) + * Fix mssql connector to work with Azure SQL (Closes: #702079) + * [CVE-2013-1824]: CVE-2013-1643 was incomplete fix; this pulls full +upstream patch (5.4.4-14 already had all the relevant security parts) + + -- Ondřej Surý ond...@debian.org Mon, 06 May 2013 18:15:49 +0200 + php5 (5.4.4-14) unstable; urgency=high * [CVE-2013-1635] Fixed external entity loading diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -81 +81,5 @@ -CVE-2013-1643.patch +CVE-2013-1824.patch +fix-dropping-connections-in-FPM.patch +fix-crash-in-garbage-collection.patch +libmagic-vision-fix.patch +pdo_dblib.patch reverted: --- php5-5.4.4/debian/patches/CVE-2013-1643.patch +++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch @@ -1,135 +0,0 @@ a/ext/libxml/libxml.c -+++ b/ext/libxml/libxml.c -@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml) - libxml_globals-error_buffer.c = NULL; - libxml_globals-error_list = NULL; - libxml_globals-entity_loader.fci.size = 0; -+ libxml_globals-entity_loader_disabled = 0; - } - - static void _php_libxml_destroy_fci(zend_fcall_info *fci) -@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v - } - - static xmlParserInputBufferPtr --php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) --{ -- return NULL; --} -- --static xmlParserInputBufferPtr - php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) - { - xmlParserInputBufferPtr ret; - void *context = NULL; -+ TSRMLS_FETCH(); -+ -+ if (LIBXML(entity_loader_disabled)) { -+ return NULL; -+ } - - if (URI == NULL) - return(NULL); -@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors) - } - /* }}} */ - -+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) -+{ -+ zend_bool old = LIBXML(entity_loader_disabled); -+ -+ LIBXML(entity_loader_disabled) = disable; -+ return old; -+} -+ - /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) -Disable/Enable ability to load external entities */ - static PHP_FUNCTION(libxml_disable_entity_loader) - { - zend_bool disable = 1; -- xmlParserInputBufferCreateFilenameFunc old; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, |b, disable) == FAILURE) { - return; - } - -- if (disable == 0) { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); -- } else { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); -- } -- -- if (old == php_libxml_input_buffer_noload) { -- RETURN_TRUE; -- } -- -- RETURN_FALSE; -+ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); - } - /* }}} */ - a/ext/libxml/php_libxml.h -+++ b/ext/libxml/php_libxml.h -@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) - zend_fcall_info fci; - zend_fcall_info_cache fcc; - } entity_loader; -+ zend_bool entity_loader_disabled; - ZEND_END_MODULE_GLOBALS(libxml) - - typedef struct _libxml_doc_props { -@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error - PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); - PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC
Bug#706828: transition: libgd2
On Mon, May 6, 2013 at 10:35 PM, Julien Cristau jcris...@debian.org wrote: On Sun, May 5, 2013 at 14:57:38 +0200, Ondřej Surý wrote: is_good = .depends ~ /libgd2-3/; Why is the package name not libgd3, if the SONAME is libgd.so.3? Upstream policy is to keep API stable for major (=2) releases, so it seemed to be a good idea to express that into a library name and keep it aligned with -dev package names. However my preferrence is not solid here, and if you think this should be renamed to libgd3 I won't resist (and will do that with upload when uploading to unstable). O. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg-f_0uootj_+7mvgjovvkzjes6bmzchkhfw5jp+aoi...@mail.gmail.com
Bug#706828: transition: libgd2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I took over maintainership of libgd2 and also sort of become part of the upstream. We are preparing libgd 2.1.0 release (mainly merged parts of embedded libgd library in PHP) and API cleanup (visibility of the symbols). There's also change from {xpm,noxpm} versions to just one library (shared and development), it has never worked well and now the difference between the dependencies are really around ~5MB (and not the full X11 stack). The new libgd 2.1.0 will be needed for PHP 5.5. Ondrej Ben file: title = libgd2; is_affected = .depends ~ /libgd2-(noxpm|xpm)$/ | .depends ~ /libgd2-(noxpm|xpm)-dev/ | .depends ~ /libgd2-3/ | .depends ~ /libgd2-dev/; is_good = .depends ~ /libgd2-3/ | .depends ~ /libgd2-dev/; is_bad = .depends ~ /libgd2-(noxpm|xpm)$/ | .depends ~ /libgd2-(noxpm|xpm)-dev/; -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505120023.22840.85443.reportbug@localhost6.localdomain6
Bug#706830: transition: php5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition PHP 5.5 will be next stable PHP release. The beta version is is already packaged in experimental and works quite well (or at least it builds ok and all more serious problems were solved - mainly the non functional GD extension). Please note that this transition will go with Apache 2.4 transition, thus there will be no PHP 5.4 for Apache 2.4. Ben file: title = php5; is_affected = .depends ~ phpapi-20121212 | .depends ~ phpapi-20100525; is_good = .depends ~ phpapi-20100525; is_bad = .depends ~ phpapi-20121212; -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505120622.13351.64263.reportbug@localhost6.localdomain6
Bug#706828: transition: libgd2
Should I fill separate bug report or is bundling this into this bugreport is ok? I will send it separate since Gmail has a bad habit of wrapping the lines... On Sun, May 5, 2013 at 2:24 PM, Julien Cristau jcris...@debian.org wrote: On Sun, May 5, 2013 at 14:00:23 +0200, Ondřej Surý wrote: Ben file: title = libgd2; is_affected = .depends ~ /libgd2-(noxpm|xpm)$/ | .depends ~ /libgd2-(noxpm|xpm)-dev/ | .depends ~ /libgd2-3/ | .depends ~ /libgd2-dev/; is_good = .depends ~ /libgd2-3/ | .depends ~ /libgd2-dev/; is_bad = .depends ~ /libgd2-(noxpm|xpm)$/ | .depends ~ /libgd2-(noxpm|xpm)-dev/; The -dev stuff needs to be separate if we want to be able to tell what needs a rebuild. Also not sure about the $s. Cheers, Julien -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG8m0cwFz82zR2coH5_QYg97\4-xjcqzk2cye1ca-...@mail.gmail.com
Bug#706828: transition: libgd2
Package: release.debian.org Followup-For: Bug #706828 User: release.debian@packages.debian.org Usertags: transition And those two Ben files here: Ben file: title = libgd2; is_affected = .depends ~ /libgd2-(noxpm|xpm)/ | .depends ~ /libgd2-3/; is_good = .depends ~ /libgd2-3/; is_bad = .depends ~ /libgd2-(noxpm|xpm)/; and this: Ben file: title = libgd2-dev; is_affected = .depends ~ /libgd2-(noxpm|xpm)-dev/ | .depends ~ /libgd2-dev/ | .build-depends ~ /libgd2-(noxpm|xpm)-dev/ | .build-depends ~ /libgd2-dev/; is_good = .depends ~ /libgd2-dev/ | .build-depends ~ /libgd2-dev/; is_bad = .depends ~ /libgd2-(noxpm|xpm)-dev/ | .build-depends ~ /libgd2-(noxpm|xpm)-dev/; -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505125738.7192.48047.reportbug@localhost6.localdomain6
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu $ diffstat php5_5.4.4-16.debdiff debian/patches/CVE-2013-1643.patch | 135 -- debian/patches/CVE-2013-1824.patch | 142 +++ debian/patches/fix-crash-in-garbage-collection.patch | 35 debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++ debian/patches/libmagic-vision-fix.patch | 11 + debian/patches/pdo_dblib.patch | 29 +++ php5-5.4.4/debian/changelog | 18 ++ php5-5.4.4/debian/patches/series |6 8 files changed, 286 insertions(+), 136 deletions(-) CVE-2013-1643 is almost the same patch (it was already in -15, but we didn't unblock it because the former includes the important bits of the later. The rest of the patches fixes these respective bugs (in the same order): * Pull upstream fix for FPM drops connection while receiving some binary values in FastCGI requests (Closes: #703056) * Fix crash in garbage collection (patch courtesy of Michal Cihar) (Closes: #706082) * Update libmagic detection of MS Office documents (Closes: #703504) * Fix mssql connector to work with Azure SQL (Closes: #702079) Ondrej -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505131755.15575.14101.reportbug@localhost6.localdomain6
Bug#706828: transition: libgd2
Ok, thanks, the transitional packages are there, so just drop that part and I'll fill individual bugs for the -dev part for affected packages when the time comes. Ondřej Surý On 5. 5. 2013, at 17:42, Julien Cristau jcris...@debian.org wrote: On Sun, May 5, 2013 at 14:57:11 +0200, Ondřej Surý wrote: Should I fill separate bug report or is bundling this into this bugreport is ok? I will send it separate since Gmail has a bad habit of wrapping the lines... I don't think the -dev part is something -release needs to be involved in, actually, since there should be transitional packages as long as stuff still (build-)depends on them. Cheers, Julien -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/7cd7eda4-3135-489e-a768-3c58fe3c8...@sury.org
Bug#706895: transition: db5.3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, it's that time again we should prepare to switch to new Berkeley DB upstream version. This time it's the 5.1 to 5.3 transition. I expect that there might be another upstream release before jessie is out, but since the Berkeley DB transitions are so painful, I think it's a good idea to practice it a bit, since we only did it correctly once for wheezy. I won't be uploading new db-defaults to unstable before you ack this transition. O. Ben file: title = db5.3; is_affected = .depends ~ /libdb5\.1.*/ | .depends ~ /libdb5\.3.*/; is_good = .depends ~ /libdb5\.3.*/; is_bad = .depends ~ /libdb5\.1.*/; -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505212223.5087.25665.reportbug@localhost6.localdomain6
Bug#703707: unblock: php5/5.4.4-15
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php5 The previous fix was CVE-2013-1643 was incomplete and it had been issued an additional CVE-2013-1824 which should be complete now. $ diffstat php5_5.4.4-15.debdiff debian/patches/CVE-2013-1643.patch | 135 --- debian/patches/CVE-2013-1824.patch | 142 + php5-5.4.4/debian/changelog|7 + php5-5.4.4/debian/patches/series |2 4 files changed, 150 insertions(+), 136 deletions(-) unblock php5/5.4.4-15 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,10 @@ +php5 (5.4.4-15) unstable; urgency=high + + * [CVE-2013-1824]: CVE-2013-1643 had incomplete fix for external entity +loading + + -- Ondřej Surý ond...@debian.org Fri, 22 Mar 2013 13:51:47 +0100 + php5 (5.4.4-14) unstable; urgency=high * [CVE-2013-1635] Fixed external entity loading diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -81 +81 @@ -CVE-2013-1643.patch +CVE-2013-1824.patch reverted: --- php5-5.4.4/debian/patches/CVE-2013-1643.patch +++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch @@ -1,135 +0,0 @@ a/ext/libxml/libxml.c -+++ b/ext/libxml/libxml.c -@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml) - libxml_globals-error_buffer.c = NULL; - libxml_globals-error_list = NULL; - libxml_globals-entity_loader.fci.size = 0; -+ libxml_globals-entity_loader_disabled = 0; - } - - static void _php_libxml_destroy_fci(zend_fcall_info *fci) -@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v - } - - static xmlParserInputBufferPtr --php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) --{ -- return NULL; --} -- --static xmlParserInputBufferPtr - php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) - { - xmlParserInputBufferPtr ret; - void *context = NULL; -+ TSRMLS_FETCH(); -+ -+ if (LIBXML(entity_loader_disabled)) { -+ return NULL; -+ } - - if (URI == NULL) - return(NULL); -@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors) - } - /* }}} */ - -+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) -+{ -+ zend_bool old = LIBXML(entity_loader_disabled); -+ -+ LIBXML(entity_loader_disabled) = disable; -+ return old; -+} -+ - /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) -Disable/Enable ability to load external entities */ - static PHP_FUNCTION(libxml_disable_entity_loader) - { - zend_bool disable = 1; -- xmlParserInputBufferCreateFilenameFunc old; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, |b, disable) == FAILURE) { - return; - } - -- if (disable == 0) { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); -- } else { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); -- } -- -- if (old == php_libxml_input_buffer_noload) { -- RETURN_TRUE; -- } -- -- RETURN_FALSE; -+ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); - } - /* }}} */ - a/ext/libxml/php_libxml.h -+++ b/ext/libxml/php_libxml.h -@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) - zend_fcall_info fci; - zend_fcall_info_cache fcc; - } entity_loader; -+ zend_bool entity_loader_disabled; - ZEND_END_MODULE_GLOBALS(libxml) - - typedef struct _libxml_doc_props { -@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error - PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); - PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); - PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); -+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); - - /* Init/shutdown functions*/ - PHP_LIBXML_API void php_libxml_initialize(void); a/ext/soap/php_xml.c -+++ b/ext/soap/php_xml.c -@@ -20,6 +20,7 @@ - /* $Id$ */ - - #include php_soap.h -+#include ext/libxml/php_libxml.h - #include libxml/parser.h - #include libxml/parserInternals.h - -@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char * - ctxt = xmlCreateFileParserCtxt(filename); - PG(allow_url_fopen) = old_allow_url_fopen; - if (ctxt) { -+ zend_bool old; -+ - ctxt-keepBlanks = 0; - ctxt-sax-ignorableWhitespace = soap_ignorableWhitespace; - ctxt-sax-comment = soap_Comment; - ctxt-sax-warning = NULL; - ctxt-sax-error = NULL; - /*ctxt-sax-fatalError = NULL;*/ -+ old
Bug#701817: unblock: botan1.10/1.10.4-1
On Fri, Mar 15, 2013 at 9:43 PM, Jonathan Wiltshire j...@debian.org wrote: Control: tag -1 moreinfo Hi Ondřej, On Wed, Feb 27, 2013 at 02:52:52PM +0100, Ondřej Surý wrote: Please unblock package botan1.10 Hi, I would like to pre-mediate the inclusion of 1.10.4 (e.g. new upstream version). The patch is very small and fixes three issues. Upstream changelog: What is the impact and severity of these issues? I don't have enough knowledge of the package to assess this from the upstream release notes, and the BTS is lacking any clues. Not sure if this helps, but Jack Lloyd (upstream author) replied: In botan, for RSA, blinding is used by default so a timing channel would be at least relatively difficult to exploit there, and ECDSA uses Montgomery representation natively and never uses the affected codepaths. The fixed windows used in the modular exponentation (3 to 5 bits) also greatly reduces the information gained. I would assess that DSA signers, especially ones that were willing to sign many attacker controlled inputs, are at substantial risk, as recovering only a few bits of k over many signatures can allow fully recovery of the key in that algorithm. But I would say that I am not going to risk the release and I will push this update through p-s-u after we release. Do you agree? O. -- Ondřej Surý ond...@sury.org On Fri, Mar 15, 2013 at 9:43 PM, Jonathan Wiltshire j...@debian.org wrote: Control: tag -1 moreinfo Hi Ondřej, On Wed, Feb 27, 2013 at 02:52:52PM +0100, Ondřej Surý wrote: Please unblock package botan1.10 Hi, I would like to pre-mediate the inclusion of 1.10.4 (e.g. new upstream version). The patch is very small and fixes three issues. Upstream changelog: What is the impact and severity of these issues? I don't have enough knowledge of the package to assess this from the upstream release notes, and the BTS is lacking any clues. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- Ondřej Surý ond...@sury.org
Bug#703409: unblock: ruby-actionpack-2.3/2.3.14-5, ruby-actionpack-3.2/3.2.6-6, ruby-activerecord-2.3/2.3.14-6, ruby-activerecord-3.2/3.2.6-5, ruby-activesupport-2.3/2.3.14-7, ruby-activesupport-3.2/3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ruby-activesupport-3.2 http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/ Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible. Please check out these links for the security fixes: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS vulnerability in sanitize_css in Action Pack CVE-2013-1856 XML Parsing Vulnerability affecting JRuby users CVE-2013-1857 XSS Vulnerability in the sanitize helper of Ruby on Rails All versions of Rails are impacted by one or more of these security issues, but per our maintenance policy, only versions 3.2.13, 3.1.12, and 2.3.18 have been released. $ diffstat ruby-actionpack-2.3_2.3.14-5.debdiff changelog |7 + patches/CVE-2013-1855.patch | 38 ++ patches/CVE-2013-1857.patch | 54 patches/series |2 + 4 files changed, 101 insertions(+) $ diffstat ruby-actionpack-3.2_3.2.6-6.debdiff changelog |7 +++ patches/CVE-2013-1855.patch | 22 ++ patches/CVE-2013-1857.patch | 20 patches/series |2 ++ 4 files changed, 51 insertions(+) $ diffstat ruby-activerecord-2.3_2.3.14-6.debdiff changelog |6 ++ patches/CVE-2013-1854.patch | 22 ++ patches/series |1 + 3 files changed, 29 insertions(+) $ diffstat ruby-activerecord-3.2_3.2.6-5.debdiff changelog |7 +++ control |1 + control.in |3 ++- patches/CVE-2013-1854.patch | 22 ++ patches/series |1 + 5 files changed, 33 insertions(+), 1 deletion(-) $ diffstat ruby-activesupport-2.3_2.3.14-7.debdiff changelog |6 ++ patches/CVE-2013-1854.patch | 14 ++ patches/series |1 + 3 files changed, 21 insertions(+) $ diffstat ruby-activesupport-3.2_3.2.6-6.debdiff changelog |7 +++ control.in |2 +- patches/CVE-2013-1856.patch | 38 ++ patches/series |1 + 4 files changed, 47 insertions(+), 1 deletion(-) * - the control.in changes are harmless (since it does only apply when there's new upstream release) and there's one re-adding of me as a maintainer of the package. It just doesn't made sense to branch of just to keep this little changes off, since they don't affect anything. unblock ruby-actionpack-2.3/2.3.14-5 unblock ruby-actionpack-3.2/3.2.6-6 unblock ruby-activerecord-2.3/2.3.14-6 unblock ruby-activerecord-3.2/3.2.6-5 unblock ruby-activesupport-2.3/2.3.14-7 unblock ruby-activesupport-3.2/3.2.6-6 -- System Information: Debian Release: 7.0 Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru ruby-actionpack-2.3-2.3.14/debian/changelog ruby-actionpack-2.3-2.3.14/debian/changelog --- ruby-actionpack-2.3-2.3.14/debian/changelog 2012-06-29 19:49:41.0 +0200 +++ ruby-actionpack-2.3-2.3.14/debian/changelog 2013-03-19 09:27:01.0 +0100 @@ -1,3 +1,10 @@ +ruby-actionpack-2.3 (2.3.14-5) unstable; urgency=high + + * [CVE-2013-1855]: Fix XSS vulnerability in sanitize_css in Action Pack + * [CVE-2013-1857]: Fix XSS Vulnerability in the sanitize helper of Ruby on Rails + + -- Ondřej Surý ond...@debian.org Tue, 19 Mar 2013 09:26:18 +0100 + ruby-actionpack-2.3 (2.3.14-4) unstable; urgency=low * Team upload. diff -Nru ruby-actionpack-2.3-2.3.14/debian/patches/CVE-2013-1855.patch ruby-actionpack-2.3-2.3.14/debian/patches/CVE-2013-1855.patch --- ruby-actionpack-2.3-2.3.14/debian/patches/CVE-2013-1855.patch 1970-01-01 01:00:00.0 +0100 +++ ruby-actionpack-2.3-2.3.14/debian/patches/CVE-2013-1855.patch 2013-03-19 09:27:01.0 +0100 @@ -0,0 +1,38 @@ +--- a/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +@@ -106,8 +106,8 @@ module HTML + style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') + + # gauntlet +- if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\[\s\w]+\|\([\d,\s]+\))*$/ || +- style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/ ++ if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\[\s\w]+\|\([\d,\s]+\))*\z/ || ++ style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/ + return '' + end + +@@ -117,8 +117,8 @@ module HTML + clean prop + ': ' + val + ';' + elsif
Bug#701817: unblock: botan1.10/1.10.4-1
Jack, can you answer the question of our release manager, please? We are very close to the next stable release and thus our release managers are very picky what change they allow to go in. I know that minor botan releases are meant to be API/ABI compatible, and those changes don't seem to mangle the API, but we want to strictly follow our release process, so we don't accidentaly introduce some breakage at this point of time. If those issues are not severe enough it might be better idea to get them in using other mechanisms (stable-proposed-updates) in next point minor Debian release. Thank you very much, Ondrej -- Forwarded message -- From: Jonathan Wiltshire j...@debian.org Date: Fri, Mar 15, 2013 at 9:43 PM Subject: Re: Bug#701817: unblock: botan1.10/1.10.4-1 To: OndÅ?ej Surý ond...@debian.org, 701...@bugs.debian.org Control: tag -1 moreinfo Hi Ondřej, On Wed, Feb 27, 2013 at 02:52:52PM +0100, Ondřej Surý wrote: Please unblock package botan1.10 Hi, I would like to pre-mediate the inclusion of 1.10.4 (e.g. new upstream version). The patch is very small and fixes three issues. Upstream changelog: What is the impact and severity of these issues? I don't have enough knowledge of the package to assess this from the upstream release notes, and the BTS is lacking any clues. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- Ondřej Surý ond...@sury.org signature.asc Description: PGP signature
Bug#702954: unblock: cyrus-imapd-2.4/2.4.16-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package cyrus-imapd-2.4 It has been discovered that we are distributing an incomplete patch, which normalizes all username in the authentication even when the normalization is not enabled. This basically disallows users with CamelCase account names to log into the mail server. I would classify this bug as important/normal since the fraction of users with CamelCaseAccountNames is (hopefully) very low, but I might be mistaken and it might hit a quite large userbase. So I guess it's better to be safe than sorry. Other part of this patch is a purely cosmetic; it just removes mentions of DRAC (pop-before-smtp) which has been disabled some time ago, but I already got one report about the confusion this creates. Thanks. $ diffstat cyrus-imapd-2.4_2.4.16-4.debdiff changelog |8 +++ control|5 imapd.conf |7 -- patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch | 11 ++ 4 files changed, 19 insertions(+), 12 deletions(-) unblock cyrus-imapd-2.4/2.4.16-4 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru cyrus-imapd-2.4-2.4.16/debian/changelog cyrus-imapd-2.4-2.4.16/debian/changelog --- cyrus-imapd-2.4-2.4.16/debian/changelog 2013-02-26 12:37:22.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/changelog 2013-03-13 11:47:43.0 +0100 @@ -1,3 +1,11 @@ +cyrus-imapd-2.4 (2.4.16-4) unstable; urgency=low + + * Update normalize patch to correctly set the normalize option in the +global library (Closes: #702941) + * Remove disabled DRAC from description + + -- Ondřej Surý ond...@debian.org Wed, 13 Mar 2013 11:12:57 +0100 + cyrus-imapd-2.4 (2.4.16-3) unstable; urgency=low * Use find -H instead of plain find to fix the permissions inside the diff -Nru cyrus-imapd-2.4-2.4.16/debian/control cyrus-imapd-2.4-2.4.16/debian/control --- cyrus-imapd-2.4-2.4.16/debian/control 2013-02-26 12:37:22.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/control 2013-03-13 11:47:43.0 +0100 @@ -52,7 +52,6 @@ including support for: - running the daemon without root privileges; - POP3 and NNTP in addition to plain IMAP; - - POP/IMAP-before-SMTP using DRAC; - secure IMAP using SSL; - server-side filtering with Sieve; - mail users without login accounts; @@ -83,7 +82,6 @@ including support for: - running the daemon without root privileges; - POP3 and NNTP in addition to plain IMAP; - - POP/IMAP-before-SMTP using DRAC; - secure IMAP using SSL; - server-side filtering with Sieve; - mail users without login accounts; @@ -109,7 +107,6 @@ including support for: - running the daemon without root privileges; - POP3 and NNTP in addition to plain IMAP; - - POP/IMAP-before-SMTP using DRAC; - secure IMAP using SSL; - server-side filtering with Sieve; - mail users without login accounts; @@ -135,7 +132,6 @@ including support for: - running the daemon without root privileges; - POP3 and NNTP in addition to plain IMAP; - - POP/IMAP-before-SMTP using DRAC; - secure IMAP using SSL; - server-side filtering with Sieve; - mail users without login accounts; @@ -248,7 +244,6 @@ including support for: - running the daemon without root privileges; - POP3 and NNTP in addition to plain IMAP; - - POP/IMAP-before-SMTP using DRAC; - secure IMAP using SSL; - server-side filtering with Sieve; - mail users without login accounts; diff -Nru cyrus-imapd-2.4-2.4.16/debian/imapd.conf cyrus-imapd-2.4-2.4.16/debian/imapd.conf --- cyrus-imapd-2.4-2.4.16/debian/imapd.conf 2013-02-26 12:37:22.0 +0100 +++ cyrus-imapd-2.4-2.4.16/debian/imapd.conf 2013-03-13 11:47:43.0 +0100 @@ -116,13 +116,6 @@ # specified in the script. Valid methods are null, log, zephyr, mailto #sievenotifier: zephyr -# DRAC (pop-before-smtp, imap-before-smtp) support -# Set dracinterval to the time in minutes to call DRAC while a user is -# connected to the imap/pop services. Set to 0 to disable DRAC (default) -# Set drachost to the host where the rpc drac service is running -#dracinterval: 0 -#drachost: localhost - # If enabled, the partitions will also be hashed, in addition to the hashing # done on configuration directories. This is recommended if one partition has a # very bushy mailbox tree. diff -Nru cyrus-imapd-2.4-2.4.16/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch cyrus-imapd-2.4-2.4.16/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch --- cyrus-imapd-2.4-2.4.16
Re: libnl3: provide static libraries severity
Hi release-team, it might not be in violation of Debian policy to not provide static libraries, but I would still consider this as important with freeze-exception because it is easily fixable, does not introduce anything new library wise, and it prevents successful using of -dev package to link static binaries (which is not common, but still needed sometimes). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693939 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693940 So I would ask you kindly to consider allowing to fix this bug (e.g. freeze-exception). Ondrej -- Ondřej Surý ond...@sury.org
Bug#701817: unblock: botan1.10/1.10.5-1
Package: release.debian.org Followup-For: Bug #701817 User: release.debian@packages.debian.org Usertags: unblock And the patches... -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash # # # patch src/pubkey/dh/dh.cpp # from [87394105b44ac22e9f8727335586b5ae9c95acbb] #to [fd216f648a465f32e2626653acd54b4a36e27d97] # --- src/pubkey/dh/dh.cpp 87394105b44ac22e9f8727335586b5ae9c95acbb +++ src/pubkey/dh/dh.cpp fd216f648a465f32e2626653acd54b4a36e27d97 @@ -87,6 +87,9 @@ SecureVectorbyte DH_KA_Operation::agre { BigInt input = BigInt::decode(w, w_len); + if(input = 1 || input = p - 1) + throw Invalid_Argument(DH agreement - invalid key provided); + BigInt r = blinder.unblind(powermod_x_p(blinder.blind(input))); return BigInt::encode_1363(r, p.bytes());
Bug#701817: unblock: botan1.10/1.10.5-1
Package: release.debian.org Followup-For: Bug #701817 User: release.debian@packages.debian.org Usertags: unblock Hi, I know this is a bold move to ask for inclusion of new upstream release, but I have checked individual patches between 1.10.3 and 1.10.5 and those non-security is only a small cruft which can be (in my opinion) safely included. So I would like to avoid a confusion of our users to create 1.10.3 with most of the patches between 1.10.3 and 1.10.5. In case you will reject this, I will take the SECURITY PATCHES part and upload it via t-p-u. I would like to avoid it, but I am prepared to do that. Apart from full debdiff I am also including these individual patches: SECURITY PATCHES check_for_out_of_range_DH_values.patch [mtnlog] Check for DH inputs out of range, was removed in the pk_op refactoring. fix_potential_crash_in_AES-NI.patch [chglog] A potential crash in the AES-NI implementation of the AES-192 key schedule (caused by misaligned loads) has been fixed. [mtnlog] Avoid a potentially unaligned __m128i load in the AES-NI implementation of the AES-192 key schedule. fix_side_channel_attack_in_power_mod.patch [chglog] Avoid a conditional operation in the power mod implementations on if a nibble of the exponent was zero or not. This may help protect against certain forms of side channel attacks. [mtnlog] Avoid a conditional in the power mod implementations on if the nibble is zero or not. Likely an attacker would still be able to tell if it was zero or not, especially for fixed window where we just multiply by 1, but it can't hurt. fix_timing_attack_in_montgomery.patch [chglog] A previously conditional operation in Montgomery multiplication and squaring is now always performed, removing a possible timing channel. [mntlog] Always perform the add/subtract even if the final value would end up being zero, so our timing does not depend on the input. reject_invalid_SRP_values.patch [chglog] The SRP6 code was checking for invalid values as specified in RFC 5054, specifically values equal to zero mod p. However SRP would accept negative A/B values, or ones larger than p, neit her of which should occur in a normal run of the protocol. These values are now rejected. Credits to Timothy Prepscius for pointing out these values are not normally used and probably signal something fishy. [mtnlog] In SRP reject values that are negative or larger than p - this is safe to accept but still likely bogus. And doing two compares is cheaper than a modular reduction so a win there as well. RANDOM CRUFT clang_parameters.patch [chglog] Use correct flags for creating a shared library on OS X under Clang. [mtnlog] Use correct Darwin/Clang dynamic link flags [doesn't affect any compiled code] version_bump.patch - Just stuff related to version bump (e.g. version numbers and changelog) [doesn't affect any compiled code] deleted_obsolete_examples.patch - Drop obsolete CMS examples [doesn't affect any compiled code] VC++2012_incompatibility_fix.patch [chglog] Fix a compile time incompatability with Visual C++ 2012. [mtnlog] Attempted fix at compile time incompatability with VC 2012 [some C++ dark magick, but should not affect anything] make_version_string_fixed.patch [chglog] The return value of version_string is now a compile time constant string, so version information can be more easily extracted from binaries. [mtnlog] Make the result of version_string a compile time constant string, so we can find the complete value by running strings on a binary file. [mtnlog] Handle gcc -dumpversion producing only two numbers. Bug 215. [looks harmless to me] unblock botan1.10/1.10.5-1 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130304084724.27086.82964.reportbug@localhost6.localdomain6
Bug#701817: unblock: botan1.10/1.10.5-1
version information can be more easily extracted from + binaries. + * Imported Upstream version 1.10.5 + + A potential crash in the AES-NI implementation of the AES-192 key + schedule (caused by misaligned loads) has been fixed. + + A previously conditional operation in Montgomery multiplication and + squaring is now always performed, removing a possible timing channel. + + Use correct flags for creating a shared library on OS X under Clang. + + Fix a compile time incompatibility with Visual C++ 2012. + + -- Ondřej Surý ond...@debian.org Mon, 04 Mar 2013 09:24:12 +0100 + botan1.10 (1.10.3-1) unstable; urgency=high * Imported Upstream version 1.10.3 diff -Nru botan1.10-1.10.3/doc/examples/cms_dec.cpp botan1.10-1.10.5/doc/examples/cms_dec.cpp --- botan1.10-1.10.3/doc/examples/cms_dec.cpp 2012-07-10 15:39:56.0 +0200 +++ botan1.10-1.10.5/doc/examples/cms_dec.cpp 1970-01-01 01:00:00.0 +0100 @@ -1,120 +0,0 @@ -/* -* (C) 2009 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include botan/botan.h -#include botan/pkcs8.h -#include botan/cms_dec.h -using namespace Botan; - -#include iostream -#include memory - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - std::cout Usage: argv[0] filename\n; - return 1; - } - - Botan::LibraryInitializer init; - - try { - AutoSeeded_RNG rng; - - X509_Certificate mycert(mycert.pem); - PKCS8_PrivateKey* mykey = PKCS8::load_key(mykey.pem, rng, cut); - - X509_Certificate yourcert(yourcert.pem); - X509_Certificate cacert(cacert.pem); - X509_Certificate int_ca(int_ca.pem); - - X509_Store store; - store.add_cert(mycert); - store.add_cert(yourcert); - store.add_cert(cacert, true); - store.add_cert(int_ca); - - DataSource_Stream message(argv[1]); - - CMS_Decoder decoder(message, store, mykey); - - while(decoder.layer_type() != CMS_Decoder::DATA) - { - CMS_Decoder::Status status = decoder.layer_status(); - CMS_Decoder::Content_Type content = decoder.layer_type(); - - if(status == CMS_Decoder::FAILURE) -{ -std::cout Failure reading CMS data std::endl; -break; -} - - if(content == CMS_Decoder::DIGESTED) -{ -std::cout Digested data, hash = decoder.layer_info() - std::endl; -std::cout Hash is - ((status == CMS_Decoder::GOOD) ? good : bad) - std::endl; -} - - if(content == CMS_Decoder::SIGNED) -{ -// how to handle multiple signers? they can all exist within a -// single level... - -std::cout Signed by decoder.layer_info() std::endl; -//std::cout Sign time: decoder.xxx() std::endl; -std::cout Signature is ; -if(status == CMS_Decoder::GOOD) - std::cout valid; -else if(status == CMS_Decoder::BAD) - std::cout bad; -else if(status == CMS_Decoder::NO_KEY) - std::cout (cannot check, no known cert); -std::cout std::endl; -} - if(content == CMS_Decoder::ENVELOPED || -content == CMS_Decoder::COMPRESSED || -content == CMS_Decoder::AUTHENTICATED) -{ -if(content == CMS_Decoder::ENVELOPED) - std::cout Enveloped; -if(content == CMS_Decoder::COMPRESSED) - std::cout Compressed; -if(content == CMS_Decoder::AUTHENTICATED) - std::cout MACed; - -std::cout , algo = decoder.layer_info() std::endl; - -if(content == CMS_Decoder::AUTHENTICATED) - { - std::cout MAC status is ; - if(status == CMS_Decoder::GOOD) - std::cout valid; - else if(status == CMS_Decoder::BAD) - std::cout bad; - else if(status == CMS_Decoder::NO_KEY) - std::cout (cannot check, no key); - std::cout std::endl; - } -} - decoder.next_layer(); - } - - if(decoder.layer_type() == CMS_Decoder::DATA) - std::cout Message is \ decoder.get_data() -'' std::endl; - else - std::cout No data anywhere? std::endl; - } - catch(std::exception e) - { - std::cerr e.what() std::endl; - } - return 0; - } diff -Nru botan1.10-1.10.3/doc/examples/cms_enc.cpp botan1.10-1.10.5/doc/examples/cms_enc.cpp --- botan1.10-1.10.3/doc/examples/cms_enc.cpp 2012-07-10 15:39:56.0 +0200 +++ botan1.10-1.10.5/doc/examples/cms_enc.cpp 1970-01-01 01:00:00.0 +0100 @@ -1,59 +0,0 @@ -/* -* (C) 2009 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include botan/botan.h -#include
Bug#702253: unblock: php5/5.4.4-14
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php5 Bug#702221: php5: CVE-2013-1635 CVE-2013-1643 Hi, two issues have been reported in php5. CVE-2013-1635 doesn't classify as a security issue per the Debian Security policy, but if the fix is non-intrusive we could include it nonetheless: CVE-2013-1643 http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36 CVE-2013-1635 http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 $ diffstat php5_5.4.4-14.debdiff debian/patches/CVE-2013-1635.patch | 44 debian/patches/CVE-2013-1643.patch | 135 + php5-5.4.4/debian/changelog|8 ++ php5-5.4.4/debian/patches/series |2 4 files changed, 189 insertions(+) Debdiff attached, squeeze version has been already uploaded to security-master. unblock php5/5.4.4-14 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,11 @@ +php5 (5.4.4-14) unstable; urgency=high + + * [CVE-2013-1635] Fixed external entity loading + * [CVE-2013-1643] Check if soap.wsdl_cache_dir confirms to open_basedir +(Closes: #702221) + + -- Ondřej Surý ond...@debian.org Mon, 04 Mar 2013 14:30:16 +0100 + php5 (5.4.4-13) unstable; urgency=high * Add yet another patch to fix unlimited recursion in session extension diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -79,0 +80,2 @@ +CVE-2013-1635.patch +CVE-2013-1643.patch only in patch2: unchanged: --- php5-5.4.4.orig/debian/patches/CVE-2013-1635.patch +++ php5-5.4.4/debian/patches/CVE-2013-1635.patch @@ -0,0 +1,44 @@ +--- a/ext/soap/soap.c b/ext/soap/soap.c +@@ -497,10 +497,40 @@ ZEND_INI_MH(OnUpdateCacheMode) + return SUCCESS; + } + ++static PHP_INI_MH(OnUpdateCacheDir) ++{ ++ /* Only do the open_basedir check at runtime */ ++ if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { ++ char *p; ++ ++ if (memchr(new_value, '\0', new_value_length) != NULL) { ++ return FAILURE; ++ } ++ ++ /* we do not use zend_memrchr() since path can contain ; itself */ ++ if ((p = strchr(new_value, ';'))) { ++ char *p2; ++ p++; ++ if ((p2 = strchr(p, ';'))) { ++p = p2 + 1; ++ } ++ } else { ++ p = new_value; ++ } ++ ++ if (PG(open_basedir) *p php_check_open_basedir(p TSRMLS_CC)) { ++ return FAILURE; ++ } ++ } ++ ++ OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); ++ return SUCCESS; ++} ++ + PHP_INI_BEGIN() + STD_PHP_INI_ENTRY(soap.wsdl_cache_enabled, 1, PHP_INI_ALL, OnUpdateCacheEnabled, + cache_enabled, zend_soap_globals, soap_globals) +-STD_PHP_INI_ENTRY(soap.wsdl_cache_dir, /tmp, PHP_INI_ALL, OnUpdateString, ++STD_PHP_INI_ENTRY(soap.wsdl_cache_dir, /tmp, PHP_INI_ALL, OnUpdateCacheDir, + cache_dir, zend_soap_globals, soap_globals) + STD_PHP_INI_ENTRY(soap.wsdl_cache_ttl, 86400, PHP_INI_ALL, OnUpdateLong, + cache_ttl, zend_soap_globals, soap_globals) only in patch2: unchanged: --- php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch +++ php5-5.4.4/debian/patches/CVE-2013-1643.patch @@ -0,0 +1,135 @@ +--- a/ext/libxml/libxml.c b/ext/libxml/libxml.c +@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml) + libxml_globals-error_buffer.c = NULL; + libxml_globals-error_list = NULL; + libxml_globals-entity_loader.fci.size = 0; ++ libxml_globals-entity_loader_disabled = 0; + } + + static void _php_libxml_destroy_fci(zend_fcall_info *fci) +@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v + } + + static xmlParserInputBufferPtr +-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) +-{ +- return NULL; +-} +- +-static xmlParserInputBufferPtr + php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) + { + xmlParserInputBufferPtr ret; + void *context = NULL; ++ TSRMLS_FETCH(); ++ ++ if (LIBXML(entity_loader_disabled)) { ++ return NULL; ++ } + + if (URI == NULL) + return(NULL); +@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors) + } + /* }}} */ + ++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) ++{ ++ zend_bool old = LIBXML(entity_loader_disabled); ++ ++ LIBXML(entity_loader_disabled) = disable; ++ return old; ++} ++ + /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) +Disable/Enable ability to load external entities */ + static
Bug#702001: unblock: opendnssec/1:1.3.9-5
Package: release.debian.org Followup-For: Bug #702001 User: release.debian@packages.debian.org Usertags: unblock Yet another version :( $ diffstat opendnssec_1.3.9-5.debdiff changelog | 12 control | 26 ++ libhsm-bin.install |1 - opendnssec-auditor.install |1 - opendnssec-doc.dirs |4 opendnssec-doc.install |4 opendnssec-enforcer.install |1 - opendnssec-signer.install |1 - rules | 12 +++- 9 files changed, 49 insertions(+), 13 deletions(-) -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog --- opendnssec-1.3.9/debian/changelog 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/changelog 2013-03-03 16:00:34.0 +0100 @@ -1,3 +1,15 @@ +opendnssec (1:1.3.9-5) unstable; urgency=low + + * Add procps to build dependencies, so ods-ksmutil can HUP enforcer +(Closes: #701703) + * Create arch:all new opendnssec-doc package and move the doxygen +documentation there + * Split dh_auto_build to arch and indep, so doxygen documentation is +built only once + * Run dh_installdoc on opendnssec-doc too, so it gets it's own copyright + + -- Ondřej Surý ond...@debian.org Fri, 01 Mar 2013 14:52:33 +0100 + opendnssec (1:1.3.9-4) unstable; urgency=low * Move the information about dropping the foreign key to README.Debian diff -Nru opendnssec-1.3.9/debian/control opendnssec-1.3.9/debian/control --- opendnssec-1.3.9/debian/control 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/control 2013-03-03 16:00:34.0 +0100 @@ -24,9 +24,10 @@ libldns-dev (= 1.6.12~), libcunit1-dev, opensc, - rdoc, - graphviz, - doxygen + procps +Build-Depends-Indep: rdoc, + graphviz, + doxygen Standards-Version: 3.9.2 Homepage: http://www.opendnssec.org/ Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/opendnssec.git @@ -75,6 +76,7 @@ Depends: ${misc:Depends}, opendnssec-enforcer-sqlite3 | opendnssec-enforcer, opendnssec-signer, + opendnssec-doc, libhsm-bin Recommends: opendnssec-auditor Suggests: softhsm @@ -86,11 +88,27 @@ . This meta-package depends on the standard distribution of OpenDNSSEC. +Package: opendnssec-doc +Section: misc +Architecture: all +Depends: ${misc:Depends} +Suggests: opendnssec, softhsm +Replaces: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) +Breaks: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) +Description: documentation for OpenDNSSEC suite + OpenDNSSEC is a complete DNSSEC zone signing system which is very + easy to use with stability and security in mind. There are a lot of + details in signing zone files with DNSSEC and OpenDNSSEC covers most + of it. + . + This package contains doxygen documentation for OpenDNSSEC. + Package: opendnssec-enforcer Section: admin Architecture: all Depends: ${misc:Depends}, - opendnssec-enforcer-backend + opendnssec-enforcer-backend, + procps Recommends: opendnssec-signer, opendnssec-auditor Suggests: opendnssec, softhsm Description: tool to prepare DNSSEC keys (common package) diff -Nru opendnssec-1.3.9/debian/libhsm-bin.install opendnssec-1.3.9/debian/libhsm-bin.install --- opendnssec-1.3.9/debian/libhsm-bin.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/libhsm-bin.install 2013-03-03 16:00:34.0 +0100 @@ -1,3 +1,2 @@ usr/bin/ods-hsm* usr/share/man/man1/ods-hsm* -build-sqlite3/libhsm/doxygen-doc/html /usr/share/doc/libhsm-bin/ diff -Nru opendnssec-1.3.9/debian/opendnssec-auditor.install opendnssec-1.3.9/debian/opendnssec-auditor.install --- opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-03-03 16:00:34.0 +0100 @@ -4,4 +4,3 @@ usr/lib/opendnssec/kasp_auditor/ usr/share/man/man1/ods-auditor.1 usr/share/man/man1/ods-kaspcheck.1 -build-sqlite3/auditor/doc/* /usr/share/doc/opendnssec-auditor/html/ diff -Nru opendnssec-1.3.9/debian/opendnssec-doc.dirs opendnssec-1.3.9/debian/opendnssec-doc.dirs --- opendnssec-1.3.9/debian/opendnssec-doc.dirs 1970-01-01 01:00:00.0 +0100 +++ opendnssec-1.3.9/debian/opendnssec-doc.dirs 2013-03-03 16:00:34.0 +0100 @@ -0,0 +1,4 @@ +/usr/share/doc/opendnssec-signer/ +/usr/share/doc/opendnssec-enforcer/ +/usr/share/doc/opendnssec-auditor/html/ +/usr/share/doc/libhsm-bin/ diff -Nru opendnssec-1.3.9/debian/opendnssec
Bug#702001: unblock: opendnssec/1:1.3.9-5
Yeah, my fault. I know and I am building the package again with: Replaces: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) Breaks: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) It will be uploaded shortly. Ondrej On Sat, Mar 2, 2013 at 7:35 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On Sat, 2013-03-02 at 18:31 +, Jonathan Wiltshire wrote: On Fri, Mar 01, 2013 at 03:47:41PM +0100, Ondřej Surý wrote: Please unblock package opendnssec [...] You'll have to take a trip through NEW so better ping ftp-masters too, otherwise there's a danger it's going to be too late. For the record, ftp-master looked at -5 earlier today and rejected it from NEW due to missing Replaces on the packages from which the documentation was split out. Regards, Adam -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg_tnwfwtrnj+k7e5kfg8oqar7qccyhwxslde6wkeqn...@mail.gmail.com
Bug#702001: unblock: opendnssec/1:1.3.9-5
Package: release.debian.org Followup-For: Bug #702001 User: release.debian@packages.debian.org Usertags: unblock New debdiff is attached. $ diffstat opendnssec_1.3.9-5.debdiff changelog | 12 control | 26 ++ libhsm-bin.install |1 - opendnssec-auditor.install |1 - opendnssec-doc.dirs |4 opendnssec-doc.install |4 opendnssec-enforcer.install |1 - opendnssec-signer.install |1 - rules | 12 +++- 9 files changed, 49 insertions(+), 13 deletions(-) Ondrej -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog --- opendnssec-1.3.9/debian/changelog 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/changelog 2013-03-02 20:58:36.0 +0100 @@ -1,3 +1,15 @@ +opendnssec (1:1.3.9-5) unstable; urgency=low + + * Add procps to build dependencies, so ods-ksmutil can HUP enforcer +(Closes: #701703) + * Create arch:all new opendnssec-doc package and move the doxygen +documentation there + * Split dh_auto_build to arch and indep, so doxygen documentation is +built only once + * Run dh_installdoc on opendnssec-doc too, so it gets it's own copyright + + -- Ondřej Surý ond...@debian.org Fri, 01 Mar 2013 14:52:33 +0100 + opendnssec (1:1.3.9-4) unstable; urgency=low * Move the information about dropping the foreign key to README.Debian diff -Nru opendnssec-1.3.9/debian/control opendnssec-1.3.9/debian/control --- opendnssec-1.3.9/debian/control 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/control 2013-03-02 20:58:36.0 +0100 @@ -24,9 +24,10 @@ libldns-dev (= 1.6.12~), libcunit1-dev, opensc, - rdoc, - graphviz, - doxygen + procps +Build-Depends-Indep: rdoc, + graphviz, + doxygen Standards-Version: 3.9.2 Homepage: http://www.opendnssec.org/ Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/opendnssec.git @@ -75,6 +76,7 @@ Depends: ${misc:Depends}, opendnssec-enforcer-sqlite3 | opendnssec-enforcer, opendnssec-signer, + opendnssec-doc, libhsm-bin Recommends: opendnssec-auditor Suggests: softhsm @@ -86,11 +88,25 @@ . This meta-package depends on the standard distribution of OpenDNSSEC. +Package: opendnssec-doc +Section: misc +Architecture: all +Depends: ${misc:Depends} +Suggests: opendnssec, softhsm +Description: documentation for OpenDNSSEC suite + OpenDNSSEC is a complete DNSSEC zone signing system which is very + easy to use with stability and security in mind. There are a lot of + details in signing zone files with DNSSEC and OpenDNSSEC covers most + of it. + . + This package contains doxygen documentation for OpenDNSSEC. + Package: opendnssec-enforcer Section: admin Architecture: all Depends: ${misc:Depends}, - opendnssec-enforcer-backend + opendnssec-enforcer-backend, + procps Recommends: opendnssec-signer, opendnssec-auditor Suggests: opendnssec, softhsm Description: tool to prepare DNSSEC keys (common package) @@ -224,6 +240,8 @@ Section: debug Priority: extra Architecture: any +Replaces: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) +Breaks: opendnssec-auditor ( 1:1.3.9-5), opendnssec-signer ( 1:1.3.9-5), opendnssec-enforcer ( 1:1.3.9-5), libhsm-bin ( 1:1.3.9-5) Description: Debug symbols for OpenDNSSEC (Enforcer with SQLite3 support) This package provides the debug symbols for OpenDNSSEC needed for properly debugging errors in OpenDNSSEC with gdb. diff -Nru opendnssec-1.3.9/debian/libhsm-bin.install opendnssec-1.3.9/debian/libhsm-bin.install --- opendnssec-1.3.9/debian/libhsm-bin.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/libhsm-bin.install 2013-03-02 20:58:36.0 +0100 @@ -1,3 +1,2 @@ usr/bin/ods-hsm* usr/share/man/man1/ods-hsm* -build-sqlite3/libhsm/doxygen-doc/html /usr/share/doc/libhsm-bin/ diff -Nru opendnssec-1.3.9/debian/opendnssec-auditor.install opendnssec-1.3.9/debian/opendnssec-auditor.install --- opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-03-02 20:58:36.0 +0100 @@ -4,4 +4,3 @@ usr/lib/opendnssec/kasp_auditor/ usr/share/man/man1/ods-auditor.1 usr/share/man/man1/ods-kaspcheck.1 -build-sqlite3/auditor/doc/* /usr/share/doc/opendnssec-auditor/html/ diff -Nru opendnssec-1.3.9/debian/opendnssec-doc.dirs opendnssec-1.3.9/debian/opendnssec-doc.dirs --- opendnssec-1.3.9/debian/opendnssec-doc.dirs 1970-01-01 01:00:00.0 +0100
Bug#702001: unblock: opendnssec/1:1.3.9-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package opendnssec Hi, I have split the doxygen generated documentation to separate package named opendnssec-doc, which is arch-indep, so it doesn't get built on buildds. This is a workaround for failing doxygen on kfreebsd-i386 (#701832), e.g. you can set it wheezy-ignore. This has also the advantage that the size of binary packages has dropped by one magnitude, since the doxygen documentation is 52M unpacked. I should have noticed this earlier :(. This debian release also fixes a small problem when configure didn't know about pkill from procps and thus some reload commands didn't work properly (#701703). While not critical, this is an annoying bug with very small fix. Debdiff attached. $ diffstat opendnssec_1.3.9-5.debdiff changelog | 12 control | 24 libhsm-bin.install |1 - opendnssec-auditor.install |1 - opendnssec-doc.dirs |4 opendnssec-doc.install |4 opendnssec-enforcer.install |1 - opendnssec-signer.install |1 - rules | 12 +++- 9 files changed, 47 insertions(+), 13 deletions(-) unblock opendnssec/1:1.3.9-5 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog --- opendnssec-1.3.9/debian/changelog 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/changelog 2013-03-01 15:37:48.0 +0100 @@ -1,3 +1,15 @@ +opendnssec (1:1.3.9-5) unstable; urgency=low + + * Add procps to build dependencies, so ods-ksmutil can HUP enforcer +(Closes: #701703) + * Create arch:all new opendnssec-doc package and move the doxygen +documentation there + * Split dh_auto_build to arch and indep, so doxygen documentation is +built only once + * Run dh_installdoc on opendnssec-doc too, so it gets it's own copyright + + -- Ondřej Surý ond...@debian.org Fri, 01 Mar 2013 14:52:33 +0100 + opendnssec (1:1.3.9-4) unstable; urgency=low * Move the information about dropping the foreign key to README.Debian diff -Nru opendnssec-1.3.9/debian/control opendnssec-1.3.9/debian/control --- opendnssec-1.3.9/debian/control 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/control 2013-03-01 15:37:48.0 +0100 @@ -24,9 +24,10 @@ libldns-dev (= 1.6.12~), libcunit1-dev, opensc, - rdoc, - graphviz, - doxygen + procps +Build-Depends-Indep: rdoc, + graphviz, + doxygen Standards-Version: 3.9.2 Homepage: http://www.opendnssec.org/ Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/opendnssec.git @@ -75,6 +76,7 @@ Depends: ${misc:Depends}, opendnssec-enforcer-sqlite3 | opendnssec-enforcer, opendnssec-signer, + opendnssec-doc, libhsm-bin Recommends: opendnssec-auditor Suggests: softhsm @@ -86,11 +88,25 @@ . This meta-package depends on the standard distribution of OpenDNSSEC. +Package: opendnssec-doc +Section: misc +Architecture: all +Depends: ${misc:Depends} +Suggests: opendnssec, softhsm +Description: documentation for OpenDNSSEC suite + OpenDNSSEC is a complete DNSSEC zone signing system which is very + easy to use with stability and security in mind. There are a lot of + details in signing zone files with DNSSEC and OpenDNSSEC covers most + of it. + . + This package contains doxygen documentation for OpenDNSSEC. + Package: opendnssec-enforcer Section: admin Architecture: all Depends: ${misc:Depends}, - opendnssec-enforcer-backend + opendnssec-enforcer-backend, + procps Recommends: opendnssec-signer, opendnssec-auditor Suggests: opendnssec, softhsm Description: tool to prepare DNSSEC keys (common package) diff -Nru opendnssec-1.3.9/debian/libhsm-bin.install opendnssec-1.3.9/debian/libhsm-bin.install --- opendnssec-1.3.9/debian/libhsm-bin.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/libhsm-bin.install 2013-03-01 15:37:48.0 +0100 @@ -1,3 +1,2 @@ usr/bin/ods-hsm* usr/share/man/man1/ods-hsm* -build-sqlite3/libhsm/doxygen-doc/html /usr/share/doc/libhsm-bin/ diff -Nru opendnssec-1.3.9/debian/opendnssec-auditor.install opendnssec-1.3.9/debian/opendnssec-auditor.install --- opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-01-15 10:30:29.0 +0100 +++ opendnssec-1.3.9/debian/opendnssec-auditor.install 2013-03-01 15:37:48.0 +0100 @@ -4,4 +4,3 @@ usr/lib/opendnssec/kasp_auditor/ usr/share/man/man1/ods-auditor.1 usr/share/man/man1/ods-kaspcheck.1 -build-sqlite3/auditor/doc/* /usr/share/doc/opendnssec-auditor/html/ diff -Nru
Bug#701817: unblock: botan1.10/1.10.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package botan1.10 Hi, I would like to pre-mediate the inclusion of 1.10.4 (e.g. new upstream version). The patch is very small and fixes three issues. Upstream changelog: http://botan.randombit.net/relnotes/1_10_4.html --cut here-- * Avoid a conditional operation in the power mod implementations on if a nibble of the exponent was zero or not. This may help protect against certain forms of side channel attacks. * The SRP6 code was checking for invalid values as specified in RFC 5054, specifically values equal to zero mod p. However SRP would accept negative A/B values, or ones larger than p, neither of which should occur in a normal run of the protocol. These values are now rejected. Credits to Timothy Prepscius for pointing out these values are not normally used and probably signal something fishy. * The return value of version_string is now a compile time constant string, so version information can be more easily extracted from binaries. --cut here-- The first two issues are security issues and the third could be included just for the sake of clarity. $ git diff upstream/1.10.3..upstream/1.10.4 | diffstat botan_version.py |6 +++--- configure.py | 23 ++- doc/log.txt| 18 ++ readme.txt |2 +- src/constructs/srp6/srp6.cpp |4 ++-- src/math/numbertheory/powm_fw.cpp | 20 src/math/numbertheory/powm_mnt.cpp | 37 +++-- src/pubkey/dh/dh.cpp |3 +++ src/utils/version.cpp | 32 +--- 9 files changed, 93 insertions(+), 52 deletions(-) Attached is the 1.10.3 to 1.10.4 patch (I have tried to dig the individual patches from monotone, but I have discovered that I don't have a time to learn yet another revision system with weird syntax, so unless you force me to do it, I would like to skip this part.) unblock botan1.10/1.10.4-1 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff --git a/botan_version.py b/botan_version.py index 1ad9b89..72fda66 100644 --- a/botan_version.py +++ b/botan_version.py @@ -1,9 +1,9 @@ release_major = 1 release_minor = 10 -release_patch = 3 +release_patch = 4 -release_vc_rev = 'mtn:7b193c2f27bc5bdbdd4297c5e53acfe4e4624bdb' +release_vc_rev = 'mtn:d7a8dbe5ea390b354623a869b96f95c4b2a37bae' release_so_abi_rev = 0 -release_datestamp = 20120710 +release_datestamp = 20120107 diff --git a/configure.py b/configure.py index 71d2a3d..b606e06 100755 --- a/configure.py +++ b/configure.py @@ -1780,7 +1780,7 @@ def main(argv = None): gcc_version = stdout.strip() logging.info('Detected gcc version %s' % (gcc_version)) -return gcc_version +return map(int, gcc_version.split('.')[0:2]) except OSError: logging.warning('Could not execute %s for version check' % (gcc_bin)) return None @@ -1792,24 +1792,29 @@ def main(argv = None): gcc_version = get_gcc_version(options.compiler_binary or cc.binary_name) +def gcc_version_matches(matches): +for match in matches.items(): +if gcc_version[0] != match[0]: +continue + +for minor in match[1]: +if minor == gcc_version[1]: +return True +return False + if gcc_version: if not is_64bit_arch(options.arch) and not options.dumb_gcc: -matching_version = '(4\.[01234]\.)|(3\.[34]\.)|(2\.95\.[0-4])' - -if re.search(matching_version, gcc_version): +if gcc_version_matches({ 4 : [0, 1, 2, 3, 4], 3 : [3, 4], 2 : [95] }): options.dumb_gcc = True -versions_without_tr1 = '(4\.0\.)|(3\.[0-4]\.)|(2\.95\.[0-4])' - if options.with_tr1 == None and \ - re.search(versions_without_tr1, gcc_version): +gcc_version_matches({ 4 : [0], 3 : [0,1,2,3,4], 2 : [95] }): logging.info('Disabling TR1 support for this gcc, too old') options.with_tr1 = 'none' -versions_without_visibility = '(3\.[0-4]\.)|(2\.95\.[0-4])' if options.with_visibility == None and \ - re.search(versions_without_visibility, gcc_version): +gcc_version_matches({ 3 : [0,1,2,3,4], 2 : [95] }): logging.info('Disabling DSO visibility support for this gcc, too old')
Bug#701697: unblock: cyrus-imapd-2.4/2.4.16-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package cyrus-imapd-2.4 This update fixes one remote crash, one more crash found in upstream git, missing permissions on clean install (due /etc/sieve - /var/spool/sieve symlink) and one cosmetic fix which will really delete stale files in proc and state dirs instead of printing them. $ diffstat cyrus-imapd-2.4_2.4.16-3.debdiff changelog | 11 +++ cyrus-common.cyrus-imapd.init |4 - cyrus-makedirs| 12 ++-- patches/fix_consistent_crash_fetching_message_parts.patch | 42 ++ patches/fix_crash_in_sync_client.patch| 14 patches/series|2 6 files changed, 77 insertions(+), 8 deletions(-) Debdiff attached... Thank you. unblock cyrus-imapd-2.4/2.4.16-3 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru cyrus-imapd-2.4-2.4.16/debian/changelog cyrus-imapd-2.4-2.4.16/debian/changelog --- cyrus-imapd-2.4-2.4.16/debian/changelog 2012-10-26 13:54:37.0 +0200 +++ cyrus-imapd-2.4-2.4.16/debian/changelog 2013-02-26 12:37:22.0 +0100 @@ -1,3 +1,14 @@ +cyrus-imapd-2.4 (2.4.16-3) unstable; urgency=low + + * Use find -H instead of plain find to fix the permissions inside the +sieve dir (Closes: #693507) + * Really clean (instead of printing) the stale lock and proc directories +(Closes: #629609) + * Pull fix for crashes when fetching message parts (Closes: #700801) + * Fix crash in sync client (found in upstream git) + + -- Ondřej Surý ond...@debian.org Tue, 26 Feb 2013 12:37:09 +0100 + cyrus-imapd-2.4 (2.4.16-2) unstable; urgency=low [ Gregor Herrman ] diff -Nru cyrus-imapd-2.4-2.4.16/debian/cyrus-common.cyrus-imapd.init cyrus-imapd-2.4-2.4.16/debian/cyrus-common.cyrus-imapd.init --- cyrus-imapd-2.4-2.4.16/debian/cyrus-common.cyrus-imapd.init 2012-10-26 13:54:37.0 +0200 +++ cyrus-imapd-2.4-2.4.16/debian/cyrus-common.cyrus-imapd.init 2013-02-26 12:37:22.0 +0100 @@ -145,8 +145,8 @@ # 2 if daemon could not be started # Clean stale entries -find $LOCK_DIR -mindepth 1 -depth -size 0 # -delete -find $PROC_DIR -mindepth 1 -depth -name '[0-9]*' # -delete +find $LOCK_DIR -mindepth 1 -depth -size 0 -delete +find $PROC_DIR -mindepth 1 -depth -name '[0-9]*' -delete start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test /dev/null \ || return 1 diff -Nru cyrus-imapd-2.4-2.4.16/debian/cyrus-makedirs cyrus-imapd-2.4-2.4.16/debian/cyrus-makedirs --- cyrus-imapd-2.4-2.4.16/debian/cyrus-makedirs 2012-10-26 13:54:37.0 +0200 +++ cyrus-imapd-2.4-2.4.16/debian/cyrus-makedirs 2013-02-26 12:37:22.0 +0100 @@ -89,7 +89,7 @@ [ -d $confdir/$i/$j ] || mkdir $confdir/$i/$j done done -find $confdir \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; +find -H $confdir \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; # Now, create the spool partitions for i in $partitions ; do @@ -102,9 +102,9 @@ done } [ -d $i/stage. ] || mkdir $i/stage. - find $i \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; + find -H $i \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; # and kill any squatter indexes - [ $killsquat -ne 0 ] find $i -name 'cyrus.squat' -type f -exec rm -f {} \; + [ $killsquat -ne 0 ] find -H $i -name 'cyrus.squat' -type f -exec rm -f {} \; done # And the sieve directory structure @@ -115,7 +115,7 @@ [ -d $sievedir/$j ] || mkdir $sievedir/$j chmod 755 $sievedir/$j done - find $sievedir \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; + find -H $sievedir \( -not -user cyrus -or -not -group mail \) -execdir chown cyrus:mail '{}' \; } [ x${CYRUSOPTFILESYS} != x1 ] exit 0 @@ -133,11 +133,11 @@ case ${i} in ext2) echo Setting attributes to +S for ${partsys%% *}... - find ${partsys%% *} -type d -exec chattr +S {} \; + find -H ${partsys%% *} -type d -exec chattr +S {} \; ;; ext3) echo Setting attributes to -S -j for ${partsys%% *}... - find ${partsys%% *} -type d -exec chattr -S -j {} \; + find -H ${partsys%% *} -type d -exec chattr -S -j {} \; ;; esac partsys=${partsys#* } diff -Nru cyrus-imapd-2.4-2.4.16/debian/patches/fix_consistent_crash_fetching_message_parts.patch cyrus-imapd-2.4-2.4.16/debian/patches/fix_consistent_crash_fetching_message_parts.patch --- cyrus-imapd-2.4-2.4.16/debian/patches/fix_consistent_crash_fetching_message_parts.patch 1970
Bug#699900: unblock: nsd3/3.2.12-2
Hi, 3.2.12-3 has the requested changes: $ debdiff nsd3_3.2.12-2.dsc nsd3_3.2.12-3.dsc diff -Nru nsd3-3.2.12/debian/changelog nsd3-3.2.12/debian/changelog --- nsd3-3.2.12/debian/changelog2013-02-06 14:16:06.0 +0100 +++ nsd3-3.2.12/debian/changelog2013-02-19 13:23:22.0 +0100 @@ -1,3 +1,9 @@ +nsd3 (3.2.12-3) unstable; urgency=low + + * Cleanup autoreconf -fi stuff in dh_auto_clean target + + -- Ondřej Surý ond...@debian.org Tue, 19 Feb 2013 13:11:59 +0100 + nsd3 (3.2.12-2) unstable; urgency=low * Add Response Rate Limiting patch (Courtesy of Matthijs Mekking of NLnet Labs) diff -Nru nsd3-3.2.12/debian/rules nsd3-3.2.12/debian/rules --- nsd3-3.2.12/debian/rules2013-02-06 14:16:06.0 +0100 +++ nsd3-3.2.12/debian/rules2013-02-19 13:23:22.0 +0100 @@ -26,6 +26,8 @@ dh $@ override_dh_auto_configure: + -test \! -f debian/config.h.in mv config.h.in debian/config.h.in + -test \! -f debian/configure mv configure debian/configure autoreconf -fi dh_auto_configure -- \ --with-configdir=/etc/nsd3 \ @@ -40,6 +42,11 @@ --enable-mmap \ --enable-ratelimit +override_dh_auto_clean: + dh_auto_clean + -test -f debian/config.h.in mv debian/config.h.in config.h.in + -test -f debian/configure mv debian/configure configure + override_dh_auto_install: dh_auto_install -- DESTDIR=$(CURDIR)/debian/nsd3 rmdir $(CURDIR)/debian/nsd3/var/run/nsd3 I choose to save/restore the files, so I don't get bug reports like I run debclean and now the ./configure is gone It was almost the same amount of work. So please unblock nsd3/3.2.12-3 if this was the only objection you had. Ondrej On Fri, Feb 8, 2013 at 10:50 PM, Julien Cristau jcris...@debian.org wrote: On Fri, Feb 8, 2013 at 08:55:59 +0100, Ondřej Surý wrote: On Thu, Feb 7, 2013 at 8:54 PM, Julien Cristau jcris...@debian.org wrote: On Thu, Feb 7, 2013 at 20:33:24 +0100, Ondřej Surý wrote: On Thu, Feb 7, 2013 at 8:05 PM, Julien Cristau jcris...@debian.org wrote: debian/rules doesn't seem to have a 'clean' rule change to go with the 'autoreconf' addition? I am not sure I get what exactly do you have in mind? Do you want to clean-up generated files (autom4ke, ...) or something else? Well, clean is supposed to undo whatever the build process did. So, yes... The autoreconf -fi just modifies configure and config.h.in (just checked, there's on Automake stuff), do you really think we need to jump through circles to save the old versions and restore them on clean? I could do that, but it seems to be just bureaucratic since this doesn't break the build process and the package can be built twice in a row. The usual way is to remove files in clean that get regenerated by autoreconf. No need to save/restore the old versions. Cheers, Julien -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg-xwov4rnq0emmgvm-gh8u6mxshixaqz+om7uualf1...@mail.gmail.com
Bug#700438: unblock: ruby-activemodel-3.2/3.2.6-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ruby-activemodel-3.2, ruby-activerecord-2.3 and ruby-activeresource-2.3. Hi, another round of ruby on rails CVEs, and one FTBFS fix and a CVE fix; debdiffs are attached. $ diffstat /tmp/ruby-activemodel-3.2_3.2.6-3.debdiff changelog |6 ++ patches/CVE-2013-0276.patch | 34 ++ patches/series |1 + 3 files changed, 41 insertions(+) $ diffstat /tmp/ruby-activerecord-2.3_2.3.14-5.debdiff changelog |7 + patches/CVE-2013-0276.patch | 38 patches/CVE-2013-0277.patch | 58 patches/series |2 + 4 files changed, 105 insertions(+) $ diffstat /tmp/ruby-activeresource-2.3_2.3.14-3.debdiff changelog | 10 patches/0003-remove-test-for-XML-YAML-parsing.patch | 48 patches/series |1 3 files changed, 59 insertions(+) Ondrej unblock ruby-activemodel-3.2/3.2.6-3 unblock ruby-activerecord-2.3/2.3.14-5 unblock ruby-activeresource-2.3/2.3.14-3 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru ruby-activemodel-3.2-3.2.6/debian/changelog ruby-activemodel-3.2-3.2.6/debian/changelog --- ruby-activemodel-3.2-3.2.6/debian/changelog 2012-06-25 00:24:14.0 +0200 +++ ruby-activemodel-3.2-3.2.6/debian/changelog 2013-02-12 16:58:28.0 +0100 @@ -1,3 +1,9 @@ +ruby-activemodel-3.2 (3.2.6-3) unstable; urgency=low + + * Fix circumvention of attr_protected [CVE-2013-0276] + + -- Ondřej Surý ond...@debian.org Tue, 12 Feb 2013 16:58:09 +0100 + ruby-activemodel-3.2 (3.2.6-2) unstable; urgency=low * Bump build dependency on gem2deb to - 0.3.0~ diff -Nru ruby-activemodel-3.2-3.2.6/debian/patches/CVE-2013-0276.patch ruby-activemodel-3.2-3.2.6/debian/patches/CVE-2013-0276.patch --- ruby-activemodel-3.2-3.2.6/debian/patches/CVE-2013-0276.patch 1970-01-01 01:00:00.0 +0100 +++ ruby-activemodel-3.2-3.2.6/debian/patches/CVE-2013-0276.patch 2013-02-12 16:58:28.0 +0100 @@ -0,0 +1,34 @@ +From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001 +From: joernchen of Phenoelit joernc...@phenoelit.de +Date: Sat, 9 Feb 2013 15:46:44 -0800 +Subject: [PATCH] Fix issue with attr_protected where malformed input could + circumvent protection + +Fixes: CVE-2013-0276 +--- + activemodel/lib/active_model/attribute_methods.rb | 2 +- + activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/lib/active_model/attribute_methods.rb b/lib/active_model/attribute_methods.rb +@@ -365,7 +365,7 @@ module ActiveModel + end + + @prefix, @suffix = options[:prefix] || '', options[:suffix] || '' +-@regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/ ++@regex = /\A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})\z/ + @method_missing_target = #{@prefix}attribute#{@suffix} + @method_name = #{prefix}%s#{suffix} + end +--- a/lib/active_model/mass_assignment_security/permission_set.rb b/lib/active_model/mass_assignment_security/permission_set.rb +@@ -19,7 +19,7 @@ module ActiveModel + protected + + def remove_multiparameter_id(key) +-key.to_s.gsub(/\(.+/, '') ++key.to_s.gsub(/\(.+/m, '') + end + end + diff -Nru ruby-activemodel-3.2-3.2.6/debian/patches/series ruby-activemodel-3.2-3.2.6/debian/patches/series --- ruby-activemodel-3.2-3.2.6/debian/patches/series 2012-06-16 14:41:53.0 +0200 +++ ruby-activemodel-3.2-3.2.6/debian/patches/series 2013-02-12 16:58:28.0 +0100 @@ -1 +1,2 @@ remove-rubygems-requirement.patch +CVE-2013-0276.patch diff -Nru ruby-activeresource-2.3-2.3.14/debian/changelog ruby-activeresource-2.3-2.3.14/debian/changelog --- ruby-activeresource-2.3-2.3.14/debian/changelog 2012-06-29 20:17:48.0 +0200 +++ ruby-activeresource-2.3-2.3.14/debian/changelog 2013-02-12 16:56:48.0 +0100 @@ -1,3 +1,13 @@ +ruby-activeresource-2.3 (2.3.14-3) unstable; urgency=high + + [Sebastian Ramacher] + * debian/patches/0003-remove-test-for-XML-YAML-parsing.patch: Backport patch +from upstream to disable test for XML YAML parsing. XML YAML parsing has +been removed in ruby-activesupport-2.3/2.3.14-5 to fix CVE-2013-0156. +(Closes: #699255) + + -- Ondřej Surý ond...@debian.org Sun, 10 Feb 2013 22:46:39 +0100 + ruby-activeresource-2.3 (2.3.14-2) unstable; urgency=low
Bug#699900: unblock: nsd3/3.2.12-2
On Thu, Feb 7, 2013 at 8:54 PM, Julien Cristau jcris...@debian.org wrote: On Thu, Feb 7, 2013 at 20:33:24 +0100, Ondřej Surý wrote: On Thu, Feb 7, 2013 at 8:05 PM, Julien Cristau jcris...@debian.org wrote: debian/rules doesn't seem to have a 'clean' rule change to go with the 'autoreconf' addition? I am not sure I get what exactly do you have in mind? Do you want to clean-up generated files (autom4ke, ...) or something else? Well, clean is supposed to undo whatever the build process did. So, yes... The autoreconf -fi just modifies configure and config.h.in (just checked, there's on Automake stuff), do you really think we need to jump through circles to save the old versions and restore them on clean? I could do that, but it seems to be just bureaucratic since this doesn't break the build process and the package can be built twice in a row. Ondrej -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg-9fjhefjrx8ctx7rtdlikejnhvsa2nbto0_wr5p-2...@mail.gmail.com
Bug#699900: unblock: nsd3/3.2.12-2
On Thu, Feb 7, 2013 at 8:05 PM, Julien Cristau jcris...@debian.org wrote: debian/rules doesn't seem to have a 'clean' rule change to go with the 'autoreconf' addition? I am not sure I get what exactly do you have in mind? Do you want to clean-up generated files (autom4ke, ...) or something else? Ondrej -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg9ngwuafjy0oldkrg-vjih+hu5hctorvz8mo+sm3rc...@mail.gmail.com
Bug#698915: unblock: php5/5.4.4-12
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php5 Fixes grave bug. Infinite recursion in session handling when using fusionforge/mediawiki after apache2 reload. Pulled patch from upstream and from s...@debian.org. Confirmed by the reporter that 5.4.4-12 fixes the issue. $ diffstat php5_5.4.4-12.debdiff debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch | 33 ++ php5-5.4.4/debian/changelog | 7 ++ php5-5.4.4/debian/patches/series | 1 3 files changed, 41 insertions(+) unblock php5/5.4.4-12 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,10 @@ +php5 (5.4.4-12) unstable; urgency=low + + * Apply two workaround patches for crashes caused by infinite recursion +in php_rfc1867_callback (Closes: #694473, #691318) + + -- Ondřej Surý ond...@debian.org Mon, 21 Jan 2013 11:02:25 +0100 + php5 (5.4.4-11) unstable; urgency=low * Install logrotate script in php5-fpm package (Closes: #673558) diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -77,0 +78 @@ +session.c_rfc1867_crashes_php_even_though_turned_off.patch only in patch2: unchanged: --- php5-5.4.4.orig/debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch +++ php5-5.4.4/debian/patches/session.c_rfc1867_crashes_php_even_though_turned_off.patch @@ -0,0 +1,33 @@ +--- a/ext/session/session.c b/ext/session/session.c +@@ -2192,8 +2192,10 @@ static PHP_MINIT_FUNCTION(session) /* {{ + #ifdef HAVE_LIBMM + PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU); + #endif +- php_session_rfc1867_orig_callback = php_rfc1867_callback; +- php_rfc1867_callback = php_session_rfc1867_callback; ++ if (php_rfc1867_callback != php_session_rfc1867_callback) { ++ php_session_rfc1867_orig_callback = php_rfc1867_callback; ++ php_rfc1867_callback = php_session_rfc1867_callback; ++ } + + /* Register interface */ + INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions); +@@ -2384,13 +2386,14 @@ static int php_session_rfc1867_callback( + php_session_rfc1867_progress *progress; + int retval = SUCCESS; + +- if (php_session_rfc1867_orig_callback) { +- retval = php_session_rfc1867_orig_callback(event, event_data, extra TSRMLS_CC); +- } + if (!PS(rfc1867_enabled)) { + return retval; + } + ++ if (php_session_rfc1867_orig_callback) { ++ retval = php_session_rfc1867_orig_callback(event, event_data, extra TSRMLS_CC); ++ } ++ + progress = PS(rfc1867_progress); + + switch(event) {
Bug#694542: unblock: opendnssec/1.3.9-3
Hi Adam, On Sat, Dec 29, 2012 at 12:47 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Hi, Apologies for the delay in getting back to you about this. same here. On Wed, 2012-11-28 at 08:33 +0100, Ondřej Surý wrote: On Tue, Nov 27, 2012 at 9:37 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On Tue, 2012-11-27 at 14:55 +0100, Ondřej Surý wrote: + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work [...] +If you have created your database in version 1.3.9, you should run +following statement in your OpenDNSSEC MySQL database: + +alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1; Apologies for a possibly stupid question, but is there any way that could be automated rather than users having to make manual changes? Not stupid question at all. I thought about automating the process myself, but then I realized that I have no way of knowing if the database was created with version 1.3.9. Would something along the lines of if key exists alter table be feasible? Presumably if the key exists then the likelihood is that the package created it. Well, I tried and I have ended with a scary patch which I am attaching for a reference. I don't think it's good idea to go this way at this moment. E.g. this is triggered (and the alter table should be run) only in rare circumstances when the user has installed opendnssec 1.3.9-X from wheezy for a first time. People upgrading from squeeze or people upgrading from older releases should not be affected by this bug. This also means that all opendnssec users upgrading from squeeze will potentially be presented with the prompt, which isn't an ideal upgrade experience. True. I have decided to remove the NEWS file, since the conditions of triggering this bug are rare (deleting all keys), and number people using MySQL with OpenDNSSEC is low. I just put the text to README.Debian, where it could happily live. I will be uploading new version with those changes today. O. -- Ondřej Surý ond...@sury.org dropFK.patch Description: Binary data
Bug#694542: unblock: opendnssec/1.3.9-3
retitle 694542 unblock: opendnssec/1.3.9-4 thank you Debdiff against -2 attached, diffstat: README.Debian| 16 ++ changelog| 17 +++ patches/011-return_if_open_parse_of_zonelist.xml_fails.patch | 26 +++ patches/012-fix_RRSIGs_with_glue.patch | 18 +++ patches/013-fix_zone_delete_with_MySQL.patch | 23 + patches/series |3 + 6 files changed, 102 insertions(+), 1 deletion(-) Ondrej On Tue, Jan 15, 2013 at 10:28 AM, Ondřej Surý ond...@debian.org wrote: Hi Adam, On Sat, Dec 29, 2012 at 12:47 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Hi, Apologies for the delay in getting back to you about this. same here. On Wed, 2012-11-28 at 08:33 +0100, Ondřej Surý wrote: On Tue, Nov 27, 2012 at 9:37 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On Tue, 2012-11-27 at 14:55 +0100, Ondřej Surý wrote: + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work [...] +If you have created your database in version 1.3.9, you should run +following statement in your OpenDNSSEC MySQL database: + +alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1; Apologies for a possibly stupid question, but is there any way that could be automated rather than users having to make manual changes? Not stupid question at all. I thought about automating the process myself, but then I realized that I have no way of knowing if the database was created with version 1.3.9. Would something along the lines of if key exists alter table be feasible? Presumably if the key exists then the likelihood is that the package created it. Well, I tried and I have ended with a scary patch which I am attaching for a reference. I don't think it's good idea to go this way at this moment. E.g. this is triggered (and the alter table should be run) only in rare circumstances when the user has installed opendnssec 1.3.9-X from wheezy for a first time. People upgrading from squeeze or people upgrading from older releases should not be affected by this bug. This also means that all opendnssec users upgrading from squeeze will potentially be presented with the prompt, which isn't an ideal upgrade experience. True. I have decided to remove the NEWS file, since the conditions of triggering this bug are rare (deleting all keys), and number people using MySQL with OpenDNSSEC is low. I just put the text to README.Debian, where it could happily live. I will be uploading new version with those changes today. O. -- Ondřej Surý ond...@sury.org -- Ondřej Surý ond...@sury.org opendnssec_1.3.9-4.debdiff Description: Binary data
Bug#698281: unblock: php5/5.4.4-11
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php5 This time the debdiff is really small, I just forgot to install the logrotate scripts to fix the log filling by php5-fpm. diff -u php5-5.4.4/debian/rules php5-5.4.4/debian/rules --- php5-5.4.4/debian/rules +++ php5-5.4.4/debian/rules @@ -767,6 +767,7 @@ rm -rf debian/$$package/usr/share/doc/$$package; \ ln -s php5-common debian/$$package/usr/share/doc/$$package; \ done + dh_installlogrotate -pphp5-fpm dh_installcron -pphp5-common --name=php5 dh_installchangelogs -pphp5-common NEWS dh_installinit diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,9 @@ +php5 (5.4.4-11) unstable; urgency=low + + * Install logrotate script in php5-fpm package (Closes: #673558) + + -- Ondřej Surý ond...@debian.org Mon, 17 Dec 2012 09:09:18 +0100 + php5 (5.4.4-10) unstable; urgency=low [ Lior Kaplan ] unblock php5/5.4.4-11 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130116074110.16648.78891.reportbug@localhost6.localdomain6
Bug#694542: unblock: opendnssec/1.3.9-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package opendnssec Hi, please unblock opendnssec, I have included couple of critical upstream fixes (after consulation with upstream). + OPENDNSSEC-303: ods-ksmutil update zonelist will delete all zones if unable to open/parse zonelist.xml + OPENDNSSEC-282: RRSIGs are left in the signed zone when authoritative RRsets become glue. + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work Debdiff attached (and reasonably small). unblock opendnssec/1.3.9-3 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog --- opendnssec-1.3.9/debian/changelog 2012-09-18 09:27:50.0 +0200 +++ opendnssec-1.3.9/debian/changelog 2012-11-27 14:35:11.0 +0100 @@ -1,3 +1,15 @@ +opendnssec (1:1.3.9-3) unstable; urgency=low + + * Pull couple of critical upstream fixes: ++ OPENDNSSEC-303: for ods-ksmutil update zonelist will delete all + zones if unable to open/parse zonelist.xml ++ OPENDNSSEC-282: RRSIGs are left in the signed zone when + authoritative RRsets become glue. ++ OPENDNSSEC-338: ods-ksmutil zone delete --all does not work + + + -- Ondřej Surý ond...@debian.org Tue, 27 Nov 2012 14:26:11 +0100 + opendnssec (1:1.3.9-2) unstable; urgency=low * Replace documentation directory with symlink. (Courtesy of Salvatore diff -Nru opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS --- opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 1970-01-01 01:00:00.0 +0100 +++ opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 2012-11-27 14:35:11.0 +0100 @@ -0,0 +1,15 @@ +opendnssec (1:1.3.9-3) unstable; urgency=low + + * Previous versions of OpenDNSSEC had an invalid foreign key in the +MySQL database, which causes issues when deleting --all zones from +KASP database. + +If you have created your database in version 1.3.9, you should run +following statement in your OpenDNSSEC MySQL database: + +alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1; + +For more information see: + https://issues.opendnssec.org/browse/OPENDNSSEC-338 + + -- Ondřej Surý ond...@debian.org Tue, 27 Nov 2012 14:26:47 +0100 diff -Nru opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch --- opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 1970-01-01 01:00:00.0 +0100 +++ opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 2012-11-27 14:35:11.0 +0100 @@ -0,0 +1,26 @@ +--- a/enforcer/utils/ksmutil.c b/enforcer/utils/ksmutil.c +@@ -1294,9 +1294,11 @@ cmd_listzone () + xmlFreeTextReader(reader); + if (ret != 0) { + printf(%s : failed to parse\n, zonelist_filename); ++return 1; + } + } else { + printf(Unable to open %s\n, zonelist_filename); ++return 1; + } + + /* Allocate space for the list of zone IDs */ +@@ -4710,9 +4712,11 @@ int update_zones(char* zone_list_filenam + xmlFreeTextReader(reader); + if (ret != 0) { + printf(%s : failed to parse\n, zone_list_filename); ++return 1; + } + } else { + printf(Unable to open %s\n, zone_list_filename); ++return 1; + } + + /* Allocate space for the list of zone IDs */ diff -Nru opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch --- opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 1970-01-01 01:00:00.0 +0100 +++ opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 2012-11-27 14:35:11.0 +0100 @@ -0,0 +1,18 @@ +--- a/signer/src/signer/domain.c b/signer/src/signer/domain.c +@@ -1,5 +1,5 @@ + /* +- * $Id: domain.c 4975 2011-04-19 11:54:20Z matthijs $ ++ * $Id: domain.c 6448 2012-06-20 11:57:01Z matthijs $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * +@@ -963,7 +963,7 @@ domain_print(FILE* fd, domain_type* doma + */ + if (print_glue (rrset-rr_type == LDNS_RR_TYPE_A || + rrset-rr_type == LDNS_RR_TYPE_)) { +-rrset_print(fd, rrset, 0); ++rrset_print(fd, rrset, 1); + } + } else { + rrset_print(fd, rrset, 0); diff -Nru opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch opendnssec
Bug#694542: unblock: opendnssec/1.3.9-3
On Tue, Nov 27, 2012 at 9:37 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Tue, 2012-11-27 at 14:55 +0100, Ondřej Surý wrote: + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work [...] +If you have created your database in version 1.3.9, you should run +following statement in your OpenDNSSEC MySQL database: + +alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1; Apologies for a possibly stupid question, but is there any way that could be automated rather than users having to make manual changes? Not stupid question at all. I thought about automating the process myself, but then I realized that I have no way of knowing if the database was created with version 1.3.9. E.g. this is triggered (and the alter table should be run) only in rare circumstances when the user has installed opendnssec 1.3.9-X from wheezy for a first time. People upgrading from squeeze or people upgrading from older releases should not be affected by this bug. I guess that database handling will need some improvements in general, but I would leave that to opendnssec 1.4.x and jessie. O. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg8m-jjfxvpkhr9hmrjuoguhbwixcqngvpwxzfaykm7...@mail.gmail.com
Re: [php-maint] Bug#692613: Bug#692613: php5: non-free files in upstream tarball (The Software shall be used for, Good, not Evil)
I think the best course of action is to contact debian-release team and ask for an exception (e.g. in Cc:). Unless we get upstream to change the license (which is unlikely), it's too late in release cycle for any radical change (like stripping the json out completely). On Thu, Nov 15, 2012 at 7:09 PM, Lior Kaplan kap...@debian.org wrote: On Thu, Nov 15, 2012 at 7:51 PM, Michael Biebl bi...@debian.org wrote: Since Fedora doesn't consider the json license as good [1], it seems we are not the only ones having this problem. Have you checked what other distros are doing about that, especially Fedora? Fedora says it's bad, but they still provide it (checked php-5.4.1-1.fc17.src.rpm from Fedora 17). Kaplan ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg_qm_eat2ruq9fkqraied4dg5k91x7s2eq7g8qc7kj...@mail.gmail.com
Bug#693228: RM: knot/1.0.6-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, while my heart bleeds, since I am also an upstream for this package, I am requesting a removal of Knot DNS from testing, because 1.0.x branch is not stable enough to be kept in next stable Debian and it's too late (and too many upstream changes away) to pull 1.1.x branch from unstable, which we would be the reasonable thing to do if the freeze was not in effect. Thank you, Ondrej -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121114133527.16401.66933.reportbug@localhost6.localdomain6
Bug#691910: unblock: php5/5.4.4-9
On Thu, Nov 1, 2012 at 9:05 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Apologies if I missed it, but why was use_system_crypt_fixes.patch disabled? You're right, it misses the explanation. Because the test which was patched in use_system_crypt_fixes.patch is correct again after extended DES was fixed. The crypt() should fail when the salt starts with '_', but doesn't contain correct salt. Anyway the tests are still not used to check whether the build should fail or not, so it's purely cosmetic anyway. O. -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg94x0ja6s_j8o1m4s1yaacfha3svc8h9fk0+uwd511...@mail.gmail.com
Bug#691908: unblock: cyrus-sasl2/2.1.25.dfsg1-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package cyrus-sasl2 The update pulls an upstream patch to fix auth failures when there is a problem with hostname. Diffstat: changelog |6 +++ patches/0037-abort_if_no_fqdn_fix.patch | 59 patches/series |1 3 files changed, 66 insertions(+) unblock cyrus-sasl2/2.1.25.dfsg1-6 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/changelog cyrus-sasl2-2.1.25.dfsg1/debian/changelog --- cyrus-sasl2-2.1.25.dfsg1/debian/changelog 2012-08-06 13:35:13.0 +0200 +++ cyrus-sasl2-2.1.25.dfsg1/debian/changelog 2012-10-26 14:06:17.0 +0200 @@ -1,3 +1,9 @@ +cyrus-sasl2 (2.1.25.dfsg1-6) unstable; urgency=low + + * Fix failures when the host have broken hostname (Closes: #683555) + + -- Ondřej Surý ond...@debian.org Fri, 26 Oct 2012 14:06:11 +0200 + cyrus-sasl2 (2.1.25.dfsg1-5) unstable; urgency=low * New sourceful upload (Closes: #676914) diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/patches/0037-abort_if_no_fqdn_fix.patch cyrus-sasl2-2.1.25.dfsg1/debian/patches/0037-abort_if_no_fqdn_fix.patch --- cyrus-sasl2-2.1.25.dfsg1/debian/patches/0037-abort_if_no_fqdn_fix.patch 1970-01-01 01:00:00.0 +0100 +++ cyrus-sasl2-2.1.25.dfsg1/debian/patches/0037-abort_if_no_fqdn_fix.patch 2012-10-26 14:06:17.0 +0200 @@ -0,0 +1,59 @@ +--- a/lib/saslutil.c b/lib/saslutil.c +@@ -555,32 +555,44 @@ int get_fqhostname( + NULL, /* don't care abour service/port */ + hints, + result) != 0) { +- /* errno on Unix, WSASetLastError on Windows are already done by the function */ +- return (-1); ++if (abort_if_no_fqdn) { ++ /* errno on Unix, WSASetLastError on Windows are already done by the function */ ++ return (-1); ++ } else { ++ goto LOWERCASE; ++ } + } + +-if (abort_if_no_fqdn (result == NULL || result-ai_canonname == NULL)) { ++if (result == NULL || result-ai_canonname == NULL) { + freeaddrinfo (result); ++if (abort_if_no_fqdn) { + #ifdef WIN32 +- WSASetLastError (WSANO_DATA); ++ WSASetLastError (WSANO_DATA); + #elif defined(ENODATA) +- errno = ENODATA; ++ errno = ENODATA; + #elif defined(EADDRNOTAVAIL) +- errno = EADDRNOTAVAIL; ++ errno = EADDRNOTAVAIL; + #endif +- return (-1); ++ return (-1); ++ } else { ++ goto LOWERCASE; ++ } + } + +-if (abort_if_no_fqdn strchr (result-ai_canonname, '.') == NULL) { ++if (strchr (result-ai_canonname, '.') == NULL) { + freeaddrinfo (result); ++if (abort_if_no_fqdn) { + #ifdef WIN32 +- WSASetLastError (WSANO_DATA); ++ WSASetLastError (WSANO_DATA); + #elif defined(ENODATA) +- errno = ENODATA; ++ errno = ENODATA; + #elif defined(EADDRNOTAVAIL) +- errno = EADDRNOTAVAIL; ++ errno = EADDRNOTAVAIL; + #endif +- return (-1); ++ return (-1); ++ } else { ++ goto LOWERCASE; ++ } + } + + diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/patches/series cyrus-sasl2-2.1.25.dfsg1/debian/patches/series --- cyrus-sasl2-2.1.25.dfsg1/debian/patches/series 2012-08-06 13:35:13.0 +0200 +++ cyrus-sasl2-2.1.25.dfsg1/debian/patches/series 2012-10-26 14:06:17.0 +0200 @@ -21,3 +21,4 @@ 0034-fix_dovecot_authentication.patch 0035-temporary_multiarch_fixes.patch 0036-add-reference-to-LDAP_SASLAUTHD-file.patch +0037-abort_if_no_fqdn_fix.patch
Bug#691909: unblock: ldns/1.6.13-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ldns Sorry to send this so late. I have converted the package to dh_python2 (and moved ldns-config to -dev package). Very small changes in packaging. (But no hurt feelings if you reject this.) unblock ldns/1.6.13-3 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru ldns-1.6.13/debian/changelog ldns-1.6.13/debian/changelog --- ldns-1.6.13/debian/changelog 2012-05-28 09:40:48.0 +0200 +++ ldns-1.6.13/debian/changelog 2012-09-07 14:43:04.0 +0200 @@ -1,3 +1,16 @@ +ldns (1.6.13-3) unstable; urgency=low + + * Also move manual page for ldns-config to libldns-dev package + + -- Ondřej Surý ond...@debian.org Fri, 07 Sep 2012 14:36:11 +0200 + +ldns (1.6.13-2) unstable; urgency=low + + * Convert python-ldns package to dh_python2 + * Move ldns-config to /usr/sbin and to libldns-dev where it belongs + + -- Ondřej Surý ond...@debian.org Fri, 13 Jul 2012 12:43:03 +0200 + ldns (1.6.13-1) unstable; urgency=low [ Daniel Baumann ] diff -Nru ldns-1.6.13/debian/control ldns-1.6.13/debian/control --- ldns-1.6.13/debian/control 2012-05-28 09:40:48.0 +0200 +++ ldns-1.6.13/debian/control 2012-09-07 14:43:04.0 +0200 @@ -8,16 +8,15 @@ libtool, libpcap-dev, doxygen, - python-all-dev, + python-all-dev (= 2.6.6-3~), swig, - python-support, hardening-wrapper, chrpath, autoconf, automake, pkg-config -XS-Python-Version: = 2.5 -Standards-Version: 3.9.2 +X-Python-Version: = 2.5 +Standards-Version: 3.9.3 Section: net Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/ldns.git Vcs-Git: git://git.debian.org/pkg-nlnetlabs/ldns.git @@ -51,6 +50,8 @@ Package: libldns-dev Section: libdevel Architecture: any +Replaces: ldnsutil ( 1.6.13-2) +Breaks: ldnsutil ( 1.6.13-2) Depends: libldns1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, diff -Nru ldns-1.6.13/debian/libldns-dev.install ldns-1.6.13/debian/libldns-dev.install --- ldns-1.6.13/debian/libldns-dev.install 2012-05-28 09:40:48.0 +0200 +++ ldns-1.6.13/debian/libldns-dev.install 2012-09-07 14:43:04.0 +0200 @@ -1,4 +1,6 @@ +debian/tmp/usr/sbin/ldns-config debian/tmp/usr/include/* debian/tmp/usr/lib/libldns.a debian/tmp/usr/lib/libldns.so debian/tmp/usr/share/man/man3/* +debian/tmp/usr/share/man/man1/ldns-config.* diff -Nru ldns-1.6.13/debian/rules ldns-1.6.13/debian/rules --- ldns-1.6.13/debian/rules 2012-05-28 09:40:48.0 +0200 +++ ldns-1.6.13/debian/rules 2012-09-07 14:43:04.0 +0200 @@ -15,7 +15,7 @@ BUILD_GOST=$(shell dpkg --compare-versions $(OPENSSLVER) gt 1.0.0 echo --enable-gost || echo --disable-gost) %: - dh --with quilt --with python-support ${@} + dh --with quilt --with python2 ${@} override_dh_auto_clean: [ -e $(CURDIR)/libtool ] || ln -s /usr/bin/libtool @@ -77,11 +77,18 @@ mv $(CURDIR)/debian/tmp$${PYTHON_DIR}/$$(readlink $(CURDIR)/debian/tmp$${PYTHON_DIR}/_ldns.so) $(CURDIR)/debian/tmp$${PYTHON_DIR}/_ldns.so; \ chrpath -d $(CURDIR)/debian/tmp$${PYTHON_DIR}/_ldns.so; \ done + mkdir $(CURDIR)/debian/tmp/usr/sbin + mv $(CURDIR)/debian/tmp/usr/bin/ldns-config $(CURDIR)/debian/tmp/usr/sbin/ override_dh_strip: dh_strip -p libldns1 --dbg-package=libldns1-dbg dh_strip -a --remaining-packages +override_dh_install: + dh_install -p libldns-dev + rm $(CURDIR)/debian/tmp/usr/share/man/man1/ldns-config.* + dh_install -a --remaining-packages + override_dh_makeshlibs: if dpkg --compare-versions $(OPENSSLVER) gt 1.0.0; \ then \
Bug#691910: unblock: php5/5.4.4-9
dropped non-standard - definitions for PHP that might affect any systems using PHP 5 running - as CGI or FastCGI. The following definitions were dropped: + definitions for PHP, which might affect any systems using PHP 5 + running as CGI or FastCGI. The following definitions were dropped: application/x-httpd-phpphtml pht php application/x-httpd-php-source phps @@ -14,10 +14,20 @@ The php5-cgi package mitigates any known issues by creating a (dummy) apache2 module php5_cgi with a configuration containing handlers for all previously defined extensions. Even though we believe that this - configuration should keep your PHP scripts interpreted, it might be a + configuration should keep your PHP scripts working, it might be a good idea to check your apache2 site-wide configuration as well as any specific PHP configuration for websites running on your system. + The new (dummy) php5_cgi configuration uses the SetHandler directive, + which might interfere with existing custom configurations such as + FastCGI (mod_fcgid or mod_fastcgi). If so, you can reenable the + existing functionality of your custom configuration by disabling the + php5_cgi module (a2dismod php5_cgi), but you are also advised to + check whether your custom configuration is vulnerable to foo.php.jpeg + attacks. The php5_cgi configuration snippet can be used as a base - + it's important to use the FilesMatch or Files directive to limit the + handling to the last extension. + As far as we know definitions from the mime-support packages are not used in any other webserver included in Debian, but it might affect any application which relies on system MIME types to interpret PHP diff -u php5-5.4.4/debian/control php5-5.4.4/debian/control --- php5-5.4.4/debian/control +++ php5-5.4.4/debian/control @@ -105,7 +105,8 @@ phpreports (= 0.4.9-2), php-kolab-filter (= 0.1.9-4), horde3 (= 3.3.12+debian0-1), - moodle (= 1.9.9.dfsg2-4) + moodle (= 1.9.9.dfsg2-4), + php5-suhosin Description: Common files for packages built from the php5 source This package contains the documentation and example files relevant to all the other packages built from the php5 source. diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,26 @@ +php5 (5.4.4-9) unstable; urgency=low + + * Add logrotate script for php5-fpm (Closes: #683415) + * Add more warning text about new php5_cgi apache2 module (Closes: #687307) + * Add Breaks: php5-suhosin so people don't try to use it with PHP 5.4 + + -- Ondřej Surý ond...@debian.org Fri, 26 Oct 2012 14:32:02 +0200 + +php5 (5.4.4-8) unstable; urgency=low + + * Remove IfModule to always interpret PHP if the module is enabled +(Closes: #690413) + * Fix extended DES crypt() when salt != 9 (Closes: #687031) + * Fix libphp5-embed linking (Closes: #690173): ++ Expose all installed (and not built time) SAPIs via php-config + --php-sapis ++ Add /usr/lib/php5 to php-config --ldflags output to allow linking + with libphp5.so ++ Remove useless libtool file in libphp5-embed + * Add new lintian-overrides for libphp5-embed + + -- Ondřej Surý ond...@debian.org Thu, 25 Oct 2012 13:23:08 +0200 + php5 (5.4.4-7) unstable; urgency=low * Add explanatory text about MultiViews negotiation support to diff -u php5-5.4.4/debian/libapache2-mod-php5.conf php5-5.4.4/debian/libapache2-mod-php5.conf --- php5-5.4.4/debian/libapache2-mod-php5.conf +++ php5-5.4.4/debian/libapache2-mod-php5.conf @@ -1,29 +1,27 @@ -IfModule mod_php5.c -FilesMatch .+\.ph(p[345]?|t|tml)$ -SetHandler application/x-httpd-php -/FilesMatch -FilesMatch .+\.phps$ -SetHandler application/x-httpd-php-source -# Deny access to raw php sources by default -# To re-enable it's recommended to enable access to the files -# only in specific virtual host or directory -Order Deny,Allow -Deny from all -/FilesMatch -# Deny access to files without filename (e.g. '.php') -FilesMatch ^\.ph(p[345]?|t|tml|ps)$ -Order Deny,Allow -Deny from all -/FilesMatch +FilesMatch .+\.ph(p[345]?|t|tml)$ +SetHandler application/x-httpd-php +/FilesMatch +FilesMatch .+\.phps$ +SetHandler application/x-httpd-php-source +# Deny access to raw php sources by default +# To re-enable it's recommended to enable access to the files +# only in specific virtual host or directory +Order Deny,Allow +Deny from all +/FilesMatch +# Deny access to files without filename (e.g. '.php') +FilesMatch ^\.ph(p[345]?|t|tml|ps)$ +Order Deny,Allow +Deny from all +/FilesMatch -# Running PHP scripts in user directories is disabled by default -# -# To re-enable PHP in user directories comment the following lines -# (from IfModule ... to /IfModule.) Do NOT set it to On as it -# prevents .htaccess files from
Re: Bug#669213: bind9: new upstream release: 9.9
On Mon, Oct 29, 2012 at 9:30 PM, LaMont Jones lam...@mmjgroup.com wrote: On Mon, Oct 29, 2012 at 05:22:10PM +, Adam D. Barratt wrote: Indeed. In any case, were the new version to be accepted in to the release then the appropriate route would be via unstable, not direct to t-p-u. Works for me. I'll toss 9.8.4 into sid. As for getting it into wheezy, it'll make the support life easier for the inevitable security fixes that will follow. There are probably other reasons. I can do a manual code review for debian-release team if they are interested. I concur with LaMont that we need latest 9.8.x branch to keep the sanity of the maintainer. Ondrej -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG8gX7yfSYmK=8x+27hynhyvi-jmgz_on1ks_h9vox0...@mail.gmail.com
Re: Bug#665476: libsasl2-2 - ABI change without changing ABI name
Please revert, this will only break everything around and we don't really want transition sasl right now. The only thing which broke was openldap due some really deep internal library symbols, which are not used anywhere else, and it's already fixed, so I don't think this deserves transition. Debian release might have different opinion though, but if not I suggest to set this as wheezy-ignore. O. On Sun, Oct 14, 2012 at 10:53 AM, Michael Gilbert mgilb...@debian.org wrote: control: tag -1 patch Hi, I've uploaded an nmu fixing this issue to delayed/5. Please let me know if I should delay longer. See attached patch. Best wishes, Mike ___ Pkg-cyrus-sasl2-debian-devel mailing list pkg-cyrus-sasl2-debian-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG-rvBABWLqWsOnMO+pk9hMy_jogu=ypxu0zbpyc6b6...@mail.gmail.com
Re: Bug#665476: libsasl2-2 - ABI change without changing ABI name
And your patch is wrong, you have bumped soname, but left the package name same, which is even more wrong the this subtle breakage in the first place. On Sun, Oct 14, 2012 at 11:29 AM, Ondřej Surý ond...@sury.org wrote: Please revert, this will only break everything around and we don't really want transition sasl right now. The only thing which broke was openldap due some really deep internal library symbols, which are not used anywhere else, and it's already fixed, so I don't think this deserves transition. Debian release might have different opinion though, but if not I suggest to set this as wheezy-ignore. O. On Sun, Oct 14, 2012 at 10:53 AM, Michael Gilbert mgilb...@debian.org wrote: control: tag -1 patch Hi, I've uploaded an nmu fixing this issue to delayed/5. Please let me know if I should delay longer. See attached patch. Best wishes, Mike ___ Pkg-cyrus-sasl2-debian-devel mailing list pkg-cyrus-sasl2-debian-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel -- Ondřej Surý ond...@sury.org -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caljhhg92fv2bafpoj-sxacrvvsp5exvfshnxrdw2frtwb5b...@mail.gmail.com
Bug#688016: unblock: opendnssec/1.3.9-2
Hi Salvatore, it looks like as some bug in doxygen :(, which includes some invalid code - maybe it's compiled against new arm architecture and run on old? Ccing doxygen maintainer and Aurelien, who might hopefully shed some light into this... Ondrej On Thu, Oct 4, 2012 at 8:32 PM, Salvatore Bonaccorso car...@debian.org wrote: Hi Ondřej I had a look why opendnssec did not yet migrate to wheezy: Unfortunately it seems that the package cannot migrate to testing, as the package failed to build (twice already on differenct build hosts) on armel[1]. [1]: https://buildd.debian.org/status/logs.php?pkg=opendnssecarch=armel Regards, Salvatore -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCgAGBQJQbdYlAAoJEHidbwV/2GP+SU4P/RmHs7rNzyMdEq2UpFTBPgWo rIyihSauSLTZig0xZs4Tc1fPoxt5JRm+lqR0ya9lLx54GQPEP/CKtuhZ1aLuNL0n pC0Cv/4TkjjKW0ITkg/vE+jhkrm4zo5jk+E+fnCBZ/VdNjdMlW5VOicbfWG+Z7Cg E3YiPRzd0wK4rfe3xbt3k9MTfXECKarccQRqxVEuP9ecYJGdAzJnLNJMP8o73KVy td3bXS0YBz4ezUegBJGCwSxLMCF8BQvmNpin93BLLO0JvcQKJVjiD+ZAXtPiB5IT bpdvsuiJLr7HM1hTddpxFNwCW6IG573n7nKEj0NaEHr7+hW8eCg8CbWrR2lNiWph f6sat1gjeakI+kfIkcMq8kLTPZHzgF/f0sIXccMA0jThaVxO30UrFZyW+hB/I/sa I3LfMXwyg3+Hz7/1ATjqRALkb+IcvoDbv/UHnOHwbHr+vEGftai2YhSf+t1FJLcM cP/J/WvXc6lXWPV1Z8DLZe3LLk5hvNVDELkvsFQ8gfIdbOW2sRugTbk1ZdX71pEX 6zNoF12B3Zp8KgtDgLkMq1sEUBOHOnHuUpIr+Gdead9ZqUwPck/elKgnWKBYVmYq RTg/vm9/i32tsyg2JwWkT8puCVq9PDGsCxNinSdikIv7nrJsnKO/9e7zGWon2118 jTUTTvzONvnGje1GdrRP =2ew0 -END PGP SIGNATURE- -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALjhHG--hsAxDSq0ztubHboWF=tj48_8ogjdso6a5f+m6-8...@mail.gmail.com
Bug#685744: unblock: mime-support/3.52-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mime-support A very simple upload, adding non-magic MIME-Types for PHP to re-enable mod_negotation magic in Apache 2 (two RC bugs #664691, #670945). It has been uploaded to DELAYED/0 and thus should be available shortly in unstable. I am pre-requesting this since I am leaving for a weekend and I could forgot to do that after the weekend :). Debdiff attached. (Please note that it is native package, but it doesn't follow the versioning of native packages, but that's something I have kept and it's up to new maintainers to fix that - thus appologies for the debhelper.log, it was already there in the first place.) unblock mime-support/3.52-1.1 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru mime-support-3.52/debian/changelog mime-support-3.52/debian/changelog --- mime-support-3.52/debian/changelog 2012-02-12 21:06:53.0 +0100 +++ mime-support-3.52/debian/changelog 2012-08-24 09:49:59.0 +0200 @@ -1,3 +1,10 @@ +mime-support (3.52-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Add (non-magic) MIME-Types for PHP (Closes: #670945) + + -- Ondřej Surý ond...@debian.org Thu, 23 Aug 2012 10:12:35 +0200 + mime-support (3.52-1) unstable; urgency=low * removed application/x-httpd-* types (closes: 589384) diff -Nru mime-support-3.52/debian/debhelper.log mime-support-3.52/debian/debhelper.log --- mime-support-3.52/debian/debhelper.log 2012-02-12 21:05:17.0 +0100 +++ mime-support-3.52/debian/debhelper.log 2012-08-24 09:51:56.0 +0200 @@ -10,3 +10,4 @@ dh_md5sums dh_md5sums dh_md5sums +dh_md5sums diff -Nru mime-support-3.52/mime.types mime-support-3.52/mime.types --- mime-support-3.52/mime.types 2012-02-12 21:04:20.0 +0100 +++ mime-support-3.52/mime.types 2012-08-24 09:49:59.0 +0200 @@ -780,6 +780,8 @@ text/x-pascal p pas text/x-pcs-gcd gcd text/x-perl pl pm +text/x-php php phtml php3 php4 php5 pht +text/x-php-sourcephps text/x-python py text/x-scala scala text/x-server-parsed-html