Bug#1070659: transition: re2
Package: release.debian.org Severity: normal X-Debbugs-Cc: r...@packages.debian.org Control: affects -1 + src:re2 User: release.debian@packages.debian.org Usertags: transition Control: block -1 with 1070649 1053409 It has taken a while to prepare the next re2 transition, because it included a new dependency on abseil. This broke most of the reverse-dependencies. It also means that transitions will get more frequent, as every abseil transition will change re2's ABI. I think the state of the reverse-dependencies is reasonable, now. I just did a rebuild of them all, and got these failures: yaramod FTBFS (#1037908): https://debusine.debian.net/artifact/66513/yaramod_3.6.0-1.1_amd64-2024-05-06T14:59:09Z.build clickhouse FTBFS (#1070658): https://debusine.debian.net/artifact/66521/clickhouse_18.16.1+ds-7.4_amd64-2024-05-06T14:59:16Z.build libvmod-re2 FTBFS Looks like a libre2-11 regression, but simple: #1070649: https://debusine.debian.net/artifact/66531/libvmod-re2_2.0.0-2_amd64-2024-05-06T15:18:37Z.build qtwebengine-opensource-src FTBFS libre2-11 regression, patch pending: #1053409: https://debusine.debian.net/artifact/66545/qtwebengine-opensource-src_5.15.15+dfsg-3_amd64-2024-05-06T15:31:32Z.build Ben file: title = "re2"; is_affected = .depends ~ "libre2-10" | .depends ~ "libre2-11"; is_good = .depends ~ "libre2-11"; is_bad = .depends ~ "libre2-10"; Stefano
Bug#1070158: bullseye-pu: package distro-info-data/0.51+deb11u6
Package: release.debian.org Severity: normal Tags: bullseye X-Debbugs-Cc: distro-info-d...@packages.debian.org Control: affects -1 + src:distro-info-data User: release.debian@packages.debian.org Usertags: pu This is a regular distro-info-data update. [ Reason ] This update adds: 1. bullseye and bookworm LTS & ELTS. 2. Ubuntu 24.10 Oracular Oriole [ Impact ] $ ubuntu-distro-info -d ubuntu-distro-info: Distribution data outdated. $ debian-distro-info --lts -f --date=2024-09-01 $ [ Tests ] We have automated tests that check the basic CSV data structure. Manually verified the affected Debian & Ubuntu releases. [ Risks ] Minimal, this is a data-only package, and there are no schema changes. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Update data to 0.61: - Declare LTS and ELTS intentions for bullseye and bookworm - debian: Fix LTS EOL date for bullseye - debian.csv: Fix EOL date for 2.2 - Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136) diff -Nru distro-info-data-0.51+deb11u5/debian/changelog distro-info-data-0.51+deb11u6/debian/changelog --- distro-info-data-0.51+deb11u5/debian/changelog 2023-10-29 08:57:15.0 -0400 +++ distro-info-data-0.51+deb11u6/debian/changelog 2024-04-30 20:54:51.0 -0400 @@ -1,3 +1,13 @@ +distro-info-data (0.51+deb11u6) bullseye; urgency=medium + + * Update data to 0.61: +- Declare LTS and ELTS intentions for bullseye and bookworm +- debian: Fix LTS EOL date for bullseye +- debian.csv: Fix EOL date for 2.2 +- Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136) + + -- Stefano Rivera Tue, 30 Apr 2024 20:54:51 -0400 + distro-info-data (0.51+deb11u5) bullseye; urgency=medium * Update data to 0.59: diff -Nru distro-info-data-0.51+deb11u5/debian.csv distro-info-data-0.51+deb11u6/debian.csv --- distro-info-data-0.51+deb11u5/debian.csv2023-10-29 08:57:15.0 -0400 +++ distro-info-data-0.51+deb11u6/debian.csv2024-04-30 20:54:51.0 -0400 @@ -4,7 +4,7 @@ 1.3,Bo,bo,1996-12-12,1997-06-05,1999-03-09 2.0,Hamm,hamm,1997-06-05,1998-07-24,2000-03-09 2.1,Slink,slink,1998-07-24,1999-03-09,2000-10-30 -2.2,Potato,potato,1999-03-09,2000-08-15,2003-07-30 +2.2,Potato,potato,1999-03-09,2000-08-15,2003-06-30 3.0,Woody,woody,2000-08-15,2002-07-19,2006-06-30 3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-31 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 @@ -14,8 +14,8 @@ 8,Jessie,jessie,2013-05-04,2015-04-26,2018-06-17,2020-06-30,2025-06-30 9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-18,2022-06-30,2027-06-30 10,Buster,buster,2017-06-17,2019-07-06,2022-09-10,2024-06-30,2029-06-30 -11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 -12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10 +11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14,2026-08-31,2031-06-30 +12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10,2028-06-30,2033-06-30 13,Trixie,trixie,2023-06-10 14,Forky,forky,2025-08-01 ,Sid,sid,1993-08-16 diff -Nru distro-info-data-0.51+deb11u5/ubuntu.csv distro-info-data-0.51+deb11u6/ubuntu.csv --- distro-info-data-0.51+deb11u5/ubuntu.csv2023-10-29 08:57:15.0 -0400 +++ distro-info-data-0.51+deb11u6/ubuntu.csv2024-04-30 20:54:51.0 -0400 @@ -39,3 +39,4 @@ 23.04,Lunar Lobster,lunar,2022-10-20,2023-04-20,2024-01-25 23.10,Mantic Minotaur,mantic,2023-04-20,2023-10-12,2024-07-11 24.04 LTS,Noble Numbat,noble,2023-10-12,2024-04-25,2029-05-31,2029-05-31,2034-04-25 +24.10,Oracular Oriole,oracular,2024-04-25,2024-10-10,2025-07-10
Bug#1070157: bookworm-pu: package distro-info-data/0.58+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: distro-info-d...@packages.debian.org Control: affects -1 + src:distro-info-data User: release.debian@packages.debian.org Usertags: pu This is a regular distro-info-data update. [ Reason ] This update adds: 1. bullseye and bookworm LTS & ELTS. 2. Ubuntu 24.10 Oracular Oriole [ Impact ] $ ubuntu-distro-info -d ubuntu-distro-info: Distribution data outdated. $ debian-distro-info --lts -f --date=2024-09-01 $ [ Tests ] We have automated tests that check the basic CSV data structure. Manually verified the affected Debian & Ubuntu releases. [ Risks ] Minimal, this is a data-only package, and there are no schema changes. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] * Update data to 0.61: - Declare LTS and ELTS intentions for bullseye and bookworm - debian: Fix LTS EOL date for bullseye - debian.csv: Fix EOL date for 2.2 - Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136) diff -Nru distro-info-data-0.58+deb12u1/debian/changelog distro-info-data-0.58+deb12u2/debian/changelog --- distro-info-data-0.58+deb12u1/debian/changelog 2023-10-29 06:12:45.0 -0400 +++ distro-info-data-0.58+deb12u2/debian/changelog 2024-04-30 20:41:56.0 -0400 @@ -1,3 +1,13 @@ +distro-info-data (0.58+deb12u2) bookworm; urgency=medium + + * Update data to 0.61: +- Declare LTS and ELTS intentions for bullseye and bookworm +- debian: Fix LTS EOL date for bullseye +- debian.csv: Fix EOL date for 2.2 +- Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136) + + -- Stefano Rivera Tue, 30 Apr 2024 20:41:56 -0400 + distro-info-data (0.58+deb12u1) bookworm; urgency=medium * Update data to 0.59: diff -Nru distro-info-data-0.58+deb12u1/debian.csv distro-info-data-0.58+deb12u2/debian.csv --- distro-info-data-0.58+deb12u1/debian.csv2023-10-29 06:12:45.0 -0400 +++ distro-info-data-0.58+deb12u2/debian.csv2024-04-30 20:41:56.0 -0400 @@ -4,7 +4,7 @@ 1.3,Bo,bo,1996-12-12,1997-06-05,1999-03-09 2.0,Hamm,hamm,1997-06-05,1998-07-24,2000-03-09 2.1,Slink,slink,1998-07-24,1999-03-09,2000-10-30 -2.2,Potato,potato,1999-03-09,2000-08-15,2003-07-30 +2.2,Potato,potato,1999-03-09,2000-08-15,2003-06-30 3.0,Woody,woody,2000-08-15,2002-07-19,2006-06-30 3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-31 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 @@ -14,8 +14,8 @@ 8,Jessie,jessie,2013-05-04,2015-04-26,2018-06-17,2020-06-30,2025-06-30 9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-18,2022-06-30,2027-06-30 10,Buster,buster,2017-06-17,2019-07-06,2022-09-10,2024-06-30,2029-06-30 -11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 -12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10 +11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14,2026-08-31,2031-06-30 +12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10,2028-06-30,2033-06-30 13,Trixie,trixie,2023-06-10 14,Forky,forky,2025-08-01 ,Sid,sid,1993-08-16 diff -Nru distro-info-data-0.58+deb12u1/ubuntu.csv distro-info-data-0.58+deb12u2/ubuntu.csv --- distro-info-data-0.58+deb12u1/ubuntu.csv2023-10-29 06:12:45.0 -0400 +++ distro-info-data-0.58+deb12u2/ubuntu.csv2024-04-30 20:41:56.0 -0400 @@ -39,3 +39,4 @@ 23.04,Lunar Lobster,lunar,2022-10-20,2023-04-20,2024-01-25 23.10,Mantic Minotaur,mantic,2023-04-20,2023-10-12,2024-07-11 24.04 LTS,Noble Numbat,noble,2023-10-12,2024-04-25,2029-05-31,2029-05-31,2034-04-25 +24.10,Oracular Oriole,oracular,2024-04-25,2024-10-10,2025-07-10
Bug#1065326: bookworm-pu: package python3.11/3.11.2-6+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: python3...@packages.debian.org, d...@debian.org Control: affects -1 + src:python3.11 User: release.debian@packages.debian.org Usertags: pu [ Reason ] A use-after-free causing a SEGV was found in python 3.11, affecting the the Zulip chat server. The bug is known to affect python 3.11.0 - 3.11.4. And since being fixed upstream, there have been no known related regressions. [ Impact ] Potential SEGV in python3. Known to be triggered by zulip's CI when running under coverage. [ Tests ] The Python stdlib testsuite is extensive and passes with this patch. There is a stand-alone reproducer that I've manually reproduced the bug with and verified that it's fixed. [ Risks ] The code is pretty straight-forward. It asserts that the f_frame hasn't already been freed before freeing. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable diff -Nru python3.11-3.11.2/debian/changelog python3.11-3.11.2/debian/changelog --- python3.11-3.11.2/debian/changelog 2023-03-13 08:18:29.0 -0400 +++ python3.11-3.11.2/debian/changelog 2024-03-02 16:28:50.0 -0400 @@ -1,3 +1,11 @@ +python3.11 (3.11.2-6+deb12u1) bookworm; urgency=medium + + [ Anders Kaseorg ] + * Fix a use-after-free crash when deallocating a frame object +(closes: #1050843). + + -- Stefano Rivera Sat, 02 Mar 2024 16:28:50 -0400 + python3.11 (3.11.2-6) unstable; urgency=high [ Stefano Rivera ] diff -Nru python3.11-3.11.2/debian/patches/frame_dealloc-crash.diff python3.11-3.11.2/debian/patches/frame_dealloc-crash.diff --- python3.11-3.11.2/debian/patches/frame_dealloc-crash.diff 1969-12-31 20:00:00.0 -0400 +++ python3.11-3.11.2/debian/patches/frame_dealloc-crash.diff 2024-03-02 16:28:50.0 -0400 @@ -0,0 +1,54 @@ +Description: Fix use-after-free crash in frame_dealloc + It was possible for the trashcan to delay the deallocation of a + PyFrameObject until after its corresponding _PyInterpreterFrame has + already been freed. So frame_dealloc needs to avoid dereferencing the + f_frame pointer unless it first checks that the pointer still points + to the interpreter frame within the frame object. +Origin: https://github.com/python/cpython/commit/46cae02085311481dc8b1ea9a5110969d9325bc7 +Bug-upstream: https://github.com/python/cpython/issues/106092 +Bug-Debian: https://bugs.debian.org/1050843 +Author: Anders Kaseorg +Last-Update: 2023-08-29 +Applied-Upstream: 3.11.5 + +--- + .../2023-07-18-16-13-51.gh-issue-106092.bObgRM.rst | 2 ++ + Objects/frameobject.c | 13 +++-- + 2 files changed, 9 insertions(+), 6 deletions(-) + create mode 100644 Misc/NEWS.d/next/Core and Builtins/2023-07-18-16-13-51.gh-issue-106092.bObgRM.rst + +--- /dev/null b/Misc/NEWS.d/next/Core and Builtins/2023-07-18-16-13-51.gh-issue-106092.bObgRM.rst +@@ -0,0 +1,2 @@ ++Fix a segmentation fault caused by a use-after-free bug in ``frame_dealloc`` ++when the trashcan delays the deallocation of a ``PyFrameObject``. +--- a/Objects/frameobject.c b/Objects/frameobject.c +@@ -851,9 +851,6 @@ + /* It is the responsibility of the owning generator/coroutine + * to have cleared the generator pointer */ + +-assert(f->f_frame->owner != FRAME_OWNED_BY_GENERATOR || +-_PyFrame_GetGenerator(f->f_frame)->gi_frame_state == FRAME_CLEARED); +- + if (_PyObject_GC_IS_TRACKED(f)) { + _PyObject_GC_UNTRACK(f); + } +@@ -861,10 +858,14 @@ + Py_TRASHCAN_BEGIN(f, frame_dealloc); + PyCodeObject *co = NULL; + ++/* GH-106092: If f->f_frame was on the stack and we reached the maximum ++ * nesting depth for deallocations, the trashcan may have delayed this ++ * deallocation until after f->f_frame is freed. Avoid dereferencing ++ * f->f_frame unless we know it still points to valid memory. */ ++_PyInterpreterFrame *frame = (_PyInterpreterFrame *)f->_f_frame_data; ++ + /* Kill all local variables including specials, if we own them */ +-if (f->f_frame->owner == FRAME_OWNED_BY_FRAME_OBJECT) { +-assert(f->f_frame == (_PyInterpreterFrame *)f->_f_frame_data); +-_PyInterpreterFrame *frame = (_PyInterpreterFrame *)f->_f_frame_data; ++if (f->f_frame == frame && frame->owner == FRAME_OWNED_BY_FRAME_OBJECT) { + /* Don't clear code object until the end */ + co = frame->f_code; + frame->f_code = NULL; diff -Nru python3.11-3.11.2/debian/patches/series python3.11-3.11.2/debian/patches/series --- python3.11-3.11.2/debian/patches/series 2023-03-01 05:58:01.0 -0400 +++ python3.11-3.11.2/debian/patches/series 2024-03-02 16:28:50.0 -0400 @@ -39,3 +39,4 @@ fix-py_compile.diff ntpath-import.diff shutdown-deadlock.diff +frame_dealloc-crash.diff
Bug#1062660: bookworm-pu: package pypy3/7.3.11+dfsg-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: py...@packages.debian.org Control: affects -1 + src:pypy3 [ Reason ] A user ran into a JIT bug in pypy3 in bookworm that has been resolved upstream. It's a simple bug and trivial to backport the fix for. [ Impact ] More users may run into this particular JIT bug. [ Tests ] The bug comes with a regression test, that passes. [ Risks ] The change is very simple. The patch applied cleanly and that code hasn't been modified upstream, since this patch. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] An assert that crashes the interpreter is replaced by an exception that will drop back out of the JIT. diff -Nru pypy3-7.3.11+dfsg/debian/changelog pypy3-7.3.11+dfsg/debian/changelog --- pypy3-7.3.11+dfsg/debian/changelog 2023-02-06 10:12:43.0 -0400 +++ pypy3-7.3.11+dfsg/debian/changelog 2024-02-01 20:41:13.0 -0400 @@ -1,3 +1,10 @@ +pypy3 (7.3.11+dfsg-2+deb12u1) bookworm; urgency=medium + + * Avoid an rpython assertion error in the JIT if integer ranges don't +overlap in a loop. (Closes: #1062460) + + -- Stefano Rivera Thu, 01 Feb 2024 20:41:13 -0400 + pypy3 (7.3.11+dfsg-2) unstable; urgency=medium * Mark pypy3 as being EXTERNALLY-MANAGED. diff -Nru pypy3-7.3.11+dfsg/debian/patches/int-jit-assert.patch pypy3-7.3.11+dfsg/debian/patches/int-jit-assert.patch --- pypy3-7.3.11+dfsg/debian/patches/int-jit-assert.patch 1969-12-31 20:00:00.0 -0400 +++ pypy3-7.3.11+dfsg/debian/patches/int-jit-assert.patch 2024-02-01 20:41:13.0 -0400 @@ -0,0 +1,100 @@ +From: Carl Friedrich Bolz-Tereick +Date: Fri, 3 Mar 2023 14:15:42 +0100 +Subject: Upstream: #3892: fix wrong assert in intutils, + it should be an InvalidLoop instead + +I introduced the assert in 5909f5e0a75c. before that, inconsistent intersects +would just do nothing, which I am not sure is a better solution than raising +InvalidLoop + +Bug-Debian: https://bugs.debian.org/1062460 +Origin: upstream, https://github.com/pypy/pypy/commit/ba8a3c45b9afe068c06780b4c34709c852ae20ea +--- + rpython/jit/metainterp/optimizeopt/intutils.py | 8 +- + .../metainterp/optimizeopt/test/test_intbound.py | 5 ++-- + rpython/jit/metainterp/test/test_ajit.py | 33 ++ + 3 files changed, 42 insertions(+), 4 deletions(-) + +diff --git a/rpython/jit/metainterp/optimizeopt/intutils.py b/rpython/jit/metainterp/optimizeopt/intutils.py +index 381d0a2..e9ba7f7 100644 +--- a/rpython/jit/metainterp/optimizeopt/intutils.py b/rpython/jit/metainterp/optimizeopt/intutils.py +@@ -129,7 +129,13 @@ class IntBound(AbstractInfo): + return 0 <= self.lower + + def intersect(self, other): +-assert not self.known_gt(other) and not self.known_lt(other) ++from rpython.jit.metainterp.optimize import InvalidLoop ++if self.known_gt(other) or self.known_lt(other): ++# they don't overlap, which makes the loop invalid ++# this never happens in regular linear traces, but it can happen in ++# combination with unrolling/loop peeling ++raise InvalidLoop("two integer ranges don't overlap") ++ + r = False + if self.make_ge_const(other.lower): + r = True +diff --git a/rpython/jit/metainterp/optimizeopt/test/test_intbound.py b/rpython/jit/metainterp/optimizeopt/test/test_intbound.py +index d4a0db4..ea9b74c 100644 +--- a/rpython/jit/metainterp/optimizeopt/test/test_intbound.py b/rpython/jit/metainterp/optimizeopt/test/test_intbound.py +@@ -225,13 +225,12 @@ def test_intersect(): + assert not b.contains(n) + + def test_intersect_bug(): ++from rpython.jit.metainterp.optimize import InvalidLoop + b1 = bound(17, 17) + b2 = bound(1, 1) +-with pytest.raises(AssertionError): ++with pytest.raises(InvalidLoop): + b1.intersect(b2) + +- +- + def test_add_bound(): + for _, _, b1 in some_bounds(): + for _, _, b2 in some_bounds(): +diff --git a/rpython/jit/metainterp/test/test_ajit.py b/rpython/jit/metainterp/test/test_ajit.py +index 29a8bf8..68e7d60 100644 +--- a/rpython/jit/metainterp/test/test_ajit.py b/rpython/jit/metainterp/test/test_ajit.py +@@ -3256,6 +3256,39 @@ class BasicTests: + res = self.interp_operations(f, [127 - 256 * 29]) + assert res == 127 + ++def test_bug_inline_short_preamble_can_be_inconsistent_in_optimizeopt(self): ++myjitdriver = JitDriver(greens = [], reds = "auto") ++class Str(object): ++_immutable_fields_ = ['s'] ++def __init__(self, s): ++self.s = s ++ ++empty = Str("") ++space =
Bug#1055022: bullseye-pu: package distro-info-data/0.51+deb11u5
Hi David (2023.11.03_18:59:13_+0200) > Short version: > Would you consider modifying this bullseye-pu for > distro-info-data/0.51+deb11u5 into a bullseye-pu for a > distro-info-data/0.59~deb11u1 instead? That may make more sense in the future. But in the past, it wasn't really an option, and consistency is useful. We have had some format changes in the last few years that have made new versions not as backportable as one would have hoped. And data changes that broke test suites in other packages. Both of these were addressed in the most recent round of updates. So, the data should be fully backportable right now (provided sufficient Breaks). > I recently independently discovered Debian bug #711238[2] with > devscripts and I would would like to see it fixed in unstable and > my desired fix of adding to it a Build-Depends on > ``` > distro-info-data (>= 0.58~) > ``` I don't really see the point in bumping Build-Depends like that. You aren't requiring any format change or anything like that, just a version that has the *current* stable (or development, not sure of the specifics of that bug) versions. We ensure that distro-info-data is kept up to date in all supported releases. Probably devscripts should become a little more tolerant about outdated data? Stefano -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#1055022: bullseye-pu: package distro-info-data/0.51+deb11u5, distro-info/1.0+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: distro-info-d...@packages.debian.org Control: affects -1 + src:distro-info-data Bullseye version of #1055009. [ Reason ] This is a regular distro-info-data update, adding Ubuntu 24.04 LTS. It includes some corrections to historical data, one of which affects the distro-info test-suite. So, included is a coupled update of distro-info to expect the new values in its test-suite. In unstable, I updated Build-Depends and Depends on distro-info-data to help autopkgtests. For stable I just updated the Build-Depends. In addition to the changes backported in bullseye is a set of patches to ensure distro-info's Python packaging metadata version PEP-440 compliant. [ Impact ] Stable systems would be unaware of the new Ubuntu LTS. [ Tests ] distro-info-data is just CSV data, with some automated tests to verify the structure and sanity-check the values. distro-info has a more complex test suite that covers real-world tests with old stable releases. This needed to be updated for the data changes. Build tests and autopkgtests pass in both packages. Manually verified that the Python package has valid PEP-440 metadata. [ Risks ] Trivial, low risk. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] distro-info-data (0.51+deb11u5) bullseye; urgency=medium * Update data to 0.59: - Add Ubuntu 24.04 LTS Noble Numbat (LP: #2041662). - Correct Ubuntu 6.10 EOL date to 2008-04-25 - Correct Ubuntu 16.04 ESM begin to 2021-04-30 - Move Ubuntu 12.04 ESM end date back to Friday, 2019-04-26 - Correct Debian 3.1 EOL date to 2008-03-31 - Correct Debian 7 EOL date to 2016-04-25 - Move Debian 9 EOL to the 9.13 release date 2020-07-18 - Move Debian 10 EOL to the 10.13 release date 2022-09-10 distro-info (1.0+deb11u1) bullseye; urgency=medium * python: - Assert that Python version is PEP440 compliant - Handle more Debian versions correctly in make_pep440_compliant * Update tests for distro-info-data 0.51+deb11u5, which adjusted Debian 7's EoL (Closes: #1054946) diff --git a/debian.csv b/debian.csv index 8272895..2646246 100644 --- a/debian.csv +++ b/debian.csv @@ -6,14 +6,14 @@ version,codename,series,created,release,eol,eol-lts,eol-elts 2.1,Slink,slink,1998-07-24,1999-03-09,2000-10-30 2.2,Potato,potato,1999-03-09,2000-08-15,2003-07-30 3.0,Woody,woody,2000-08-15,2002-07-19,2006-06-30 -3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-30 +3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-31 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31,2016-02-29 -7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26,2018-05-31,2020-06-30 +7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-25,2018-05-31,2020-06-30 8,Jessie,jessie,2013-05-04,2015-04-26,2018-06-17,2020-06-30,2025-06-30 -9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-06,2022-06-30,2027-06-30 -10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2029-06-30 +9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-18,2022-06-30,2027-06-30 +10,Buster,buster,2017-06-17,2019-07-06,2022-09-10,2024-06-30,2029-06-30 11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10 13,Trixie,trixie,2023-06-10 diff --git a/debian/changelog b/debian/changelog index ea4f4da..aee8df2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +distro-info-data (0.51+deb11u5) bullseye; urgency=medium + + * Update data to 0.59: +- Add Ubuntu 24.04 LTS Noble Numbat (LP: #2041662). +- Correct Ubuntu 6.10 EOL date to 2008-04-25 +- Correct Ubuntu 16.04 ESM begin to 2021-04-30 +- Move Ubuntu 12.04 ESM end date back to Friday, 2019-04-26 +- Correct Debian 3.1 EOL date to 2008-03-31 +- Correct Debian 7 EOL date to 2016-04-25 +- Move Debian 9 EOL to the 9.13 release date 2020-07-18 +- Move Debian 10 EOL to the 10.13 release date 2022-09-10 + + -- Stefano Rivera Sun, 29 Oct 2023 14:57:15 +0200 + distro-info-data (0.51+deb11u4) bullseye; urgency=medium * Update data to 0.58: diff --git a/ubuntu.csv b/ubuntu.csv index 14ef832..3667f04 100644 --- a/ubuntu.csv +++ b/ubuntu.csv @@ -3,7 +3,7 @@ version,codename,series,created,release,eol,eol-server,eol-esm 5.04,Hoary Hedgehog,hoary,2004-10-20,2005-04-08,2006-10-31 5.10,Breezy Badger,breezy,2005-04-08,2005-10-12,2007-04-13 6.06 LTS,Dapper Drake,dapper,2005-10-12,2006-06-01,2009-07-14,2011-06-01 -6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-26 +6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-25 7.04,Feisty Fawn,feisty,2006-10-26,2007-04-19,2008-10-19 7.10,Gutsy Gibbon,gutsy,2007-04-19,2007-10
Bug#1055009: bookworm-pu: package distro-info-data/0.58+deb12u1, distro-info/1.5+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: distro-info-d...@packages.debian.org Control: affects -1 + src:distro-info-data [ Reason ] This is a regular distro-info-data update, adding Ubuntu 24.04 LTS. It includes some corrections to historical data, one of which affects the distro-info test-suite. So, included is a coupled update of distro-info to expect the new values in its test-suite. In unstable, I updated Build-Depends and Depends on distro-info-data to help autopkgtests. For stable I just updated the Build-Depends. [ Impact ] Stable systems would be unaware of the new Ubuntu LTS. [ Tests ] distro-info-data is just CSV data, with some automated tests to verify the structure and sanity-check the values. distro-info has a more complex test suite that covers real-world tests with old stable releases. This needed to be updated for the data changes. Build tests and autopkgtests pass in both packages. [ Risks ] Trivial, low risk. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] distro-info-data (0.58+deb12u1) bookworm; urgency=medium * Update data to 0.59: - Add Ubuntu 24.04 LTS Noble Numbat (LP: #2041662). - Correct Ubuntu 6.10 EOL date to 2008-04-25 - Correct Ubuntu 16.04 ESM begin to 2021-04-30 - Move Ubuntu 12.04 ESM end date back to Friday, 2019-04-26 - Correct Debian 3.1 EOL date to 2008-03-31 - Correct Debian 7 EOL date to 2016-04-25 - Move Debian 9 EOL to the 9.13 release date 2020-07-18 - Move Debian 10 EOL to the 10.13 release date 2022-09-10 distro-info (1.5+deb12u1) bookworm; urgency=medium * Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL (Closes: #1054946) diff --git a/debian.csv b/debian.csv index 8272895..2646246 100644 --- a/debian.csv +++ b/debian.csv @@ -6,14 +6,14 @@ version,codename,series,created,release,eol,eol-lts,eol-elts 2.1,Slink,slink,1998-07-24,1999-03-09,2000-10-30 2.2,Potato,potato,1999-03-09,2000-08-15,2003-07-30 3.0,Woody,woody,2000-08-15,2002-07-19,2006-06-30 -3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-30 +3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-31 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31,2016-02-29 -7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26,2018-05-31,2020-06-30 +7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-25,2018-05-31,2020-06-30 8,Jessie,jessie,2013-05-04,2015-04-26,2018-06-17,2020-06-30,2025-06-30 -9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-06,2022-06-30,2027-06-30 -10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2029-06-30 +9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-18,2022-06-30,2027-06-30 +10,Buster,buster,2017-06-17,2019-07-06,2022-09-10,2024-06-30,2029-06-30 11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10 13,Trixie,trixie,2023-06-10 diff --git a/debian/changelog b/debian/changelog index 7550d74..c01e3fc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +distro-info-data (0.58+deb12u1) bookworm; urgency=medium + + * Update data to 0.59: +- Add Ubuntu 24.04 LTS Noble Numbat (LP: #2041662). +- Correct Ubuntu 6.10 EOL date to 2008-04-25 +- Correct Ubuntu 16.04 ESM begin to 2021-04-30 +- Move Ubuntu 12.04 ESM end date back to Friday, 2019-04-26 +- Correct Debian 3.1 EOL date to 2008-03-31 +- Correct Debian 7 EOL date to 2016-04-25 +- Move Debian 9 EOL to the 9.13 release date 2020-07-18 +- Move Debian 10 EOL to the 10.13 release date 2022-09-10 + + -- Stefano Rivera Sun, 29 Oct 2023 12:12:45 +0200 + distro-info-data (0.58) unstable; urgency=medium * Add Ubuntu 23.10 Mantic Minotaur (LP: #2018028) diff --git a/ubuntu.csv b/ubuntu.csv index 14ef832..3667f04 100644 --- a/ubuntu.csv +++ b/ubuntu.csv @@ -3,7 +3,7 @@ version,codename,series,created,release,eol,eol-server,eol-esm 5.04,Hoary Hedgehog,hoary,2004-10-20,2005-04-08,2006-10-31 5.10,Breezy Badger,breezy,2005-04-08,2005-10-12,2007-04-13 6.06 LTS,Dapper Drake,dapper,2005-10-12,2006-06-01,2009-07-14,2011-06-01 -6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-26 +6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-25 7.04,Feisty Fawn,feisty,2006-10-26,2007-04-19,2008-10-19 7.10,Gutsy Gibbon,gutsy,2007-04-19,2007-10-18,2009-04-18 8.04 LTS,Hardy Heron,hardy,2007-10-18,2008-04-24,2011-05-12,2013-05-09 @@ -14,7 +14,7 @@ version,codename,series,created,release,eol,eol-server,eol-esm 10.10,Maverick Meerkat,maverick,2010-04-29,2010-10-10,2012-04-10 11.04,Natty Narwhal,natty,2010-10-10,2011-04-28,2012-10-28 11.10,Oneiric Ocelot,oneiric,2011-04-28,2011-10-13,2013-05-09 -12.04 LTS
Bug#1054589: unblock: libapache2-mod-python/3.5.0+git20211031.e6458ec-1+b1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: libapache2-mod-pyt...@packages.debian.org Control: affects -1 + src:libapache2-mod-python Please unblock package libapache2-mod-python [ Reason ] * In 03_debian-version.patch, strip the debian part of the version. BinNMUs were resulting in invalid PEP-440 versions. (Closes: #1054587) * Patch: Fix segfaults when releasing threads. (Closes: #1019299) [ Impact ] The segfault issue seems rather serious. The PEP-440 issue breaks any attempt to enumerate installed packages on the system with pkg_resources. [ Tests ] Manually tested that mod_python runs and serves content. [ Risks ] Segfault patch is trivial and taken from upstream. Version patch is trivial, and Debian-specific. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock libapache2-mod-python/3.5.0+git20211031.e6458ec-1+b1 diff -Nru libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/changelog libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/changelog --- libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/changelog 2022-04-18 06:22:40.0 +0200 +++ libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/changelog 2023-10-26 15:07:51.0 +0200 @@ -1,3 +1,12 @@ +libapache2-mod-python (3.5.0+git20211031.e6458ec-1+deb12u1) bookworm; urgency=medium + + * Team upload. + * In 03_debian-version.patch, strip the debian part of the version. BinNMUs +were resulting in invalid PEP-440 versions. (Closes: #1054587) + * Patch: Fix segfaults when releasing threads. (Closes: #1019299) + + -- Stefano Rivera Thu, 26 Oct 2023 15:07:51 +0200 + libapache2-mod-python (3.5.0+git20211031.e6458ec-1) unstable; urgency=medium * Team upload. diff -Nru libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/03_debian-version.patch libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/03_debian-version.patch --- libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/03_debian-version.patch 2022-04-18 06:22:40.0 +0200 +++ libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/03_debian-version.patch 2023-10-26 15:07:51.0 +0200 @@ -9,7 +9,7 @@ 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/dist/version.sh b/dist/version.sh -index e5d..9ee18ac 100755 +index e5d..f97084a 100755 --- a/dist/version.sh +++ b/dist/version.sh @@ -1,21 +1,4 @@ @@ -35,4 +35,4 @@ - -echo $MAJ.$MIN.$PCH$GIT +cd $(dirname $0)/.. -+exec dpkg-parsechangelog -S Version ++dpkg-parsechangelog -S Version | cut -d - -f 1 diff -Nru libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/15_py310_threadstate_clear.patch libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/15_py310_threadstate_clear.patch --- libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/15_py310_threadstate_clear.patch 1970-01-01 02:00:00.0 +0200 +++ libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/15_py310_threadstate_clear.patch 2023-10-26 15:07:51.0 +0200 @@ -0,0 +1,27 @@ +From: Gregory Trubetskoy +Date: Fri, 16 Jun 2023 18:29:50 -0400 +Subject: 3.10 and up do not need a PyThreadState_Clear() + +Closes #100 + +Bug-Upstream: https://github.com/grisha/mod_python/issues/100 +Bug-Debian: https://bugs.debian.org/1019299 +Origin: upstream, https://github.com/grisha/mod_python/commit/7e863bb4652ca4edeb158bf42eb26120e0e54040 +--- + src/mod_python.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/mod_python.c b/src/mod_python.c +index 6259c1b..11af968 100644 +--- a/src/mod_python.c b/src/mod_python.c +@@ -303,7 +303,9 @@ static void release_interpreter(interpreterdata *idata) + { + PyThreadState *tstate = PyThreadState_Get(); + #ifdef WITH_THREAD ++#if PY_MAJOR_VERSION <= 3 && PY_MINOR_VERSION < 10 + PyThreadState_Clear(tstate); ++#endif + if (idata) + APR_ARRAY_PUSH(idata->tstates, PyThreadState *) = tstate; + else diff -Nru libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/series libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/series --- libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/series 2022-04-18 06:22:40.0 +0200 +++ libapache2-mod-python-3.5.0+git20211031.e6458ec/debian/patches/series 2023-10-26 15:07:51.0 +0200 @@ -6,3 +6,4 @@ 12_py310_collections_import.patch 13_py310_minor_version.patch 14_sphinx_py3.patch +15_py310_threadstate_clear.patch
Bug#1052692: bookworm-pu: package spamprobe/1.4d-16+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: spampr...@packages.debian.org Control: affects -1 + src:spamprobe [ Reason ] Spamprobe is unmaintained upstream and in Debian. In bookworm it has been crashing a lot when parsing images (#1037422) The solution is relatively simple, add missing return statements to bool functions, even though the return is ignored. [ Impact ] Spamprobe crashes enough in bookworm to not be useable. [ Tests ] Manually tested it on 600 odd spam emails that previously crashed it, and it didn't crash. [ Risks ] Changes are very simple. The return values don't even matter, because they are ignored. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add missing return values to bool functions. diff -Nru spamprobe-1.4d/debian/changelog spamprobe-1.4d/debian/changelog --- spamprobe-1.4d/debian/changelog 2023-02-20 18:12:05.0 +0530 +++ spamprobe-1.4d/debian/changelog 2023-09-26 12:15:17.0 +0530 @@ -1,3 +1,11 @@ +spamprobe (1.4d-16+deb12u1) bookworm; urgency=medium + + * QA Upload. + * Patch: Add missing return statements, fixing crashes parsing JPEG +attachments. (Closes: #1037422) + + -- Stefano Rivera Tue, 26 Sep 2023 12:15:17 +0530 + spamprobe (1.4d-16) unstable; urgency=medium * QA upload. diff -Nru spamprobe-1.4d/debian/patches/missing-returns.patch spamprobe-1.4d/debian/patches/missing-returns.patch --- spamprobe-1.4d/debian/patches/missing-returns.patch 1970-01-01 05:30:00.0 +0530 +++ spamprobe-1.4d/debian/patches/missing-returns.patch 2023-09-26 12:15:17.0 +0530 @@ -0,0 +1,47 @@ +Description: spamprobe crashes when parsing jpeg mime attachment +Author: Torsten Hilbrich + +Bug-Debian: https://bugs.debian.org/1037422 +Bug-Upstream: https://sourceforge.net/p/spamprobe/bugs/39/ +Forwarded: https://sourceforge.net/p/spamprobe/bugs/39/ + +--- a/src/parser/GifParser.cc b/src/parser/GifParser.cc +@@ -91,6 +91,7 @@ + openImage(); + digestImage(); + parseImageRecords(); ++return true; + } catch (runtime_error ) { + return false; + } +--- a/src/parser/JpegParser.cc b/src/parser/JpegParser.cc +@@ -61,6 +61,7 @@ + initializeSource(); + digestImage(); + tokenizeImage(); ++return true; + } catch (runtime_error ) { + return false; + } +--- a/src/parser/MbxMailMessageReader.cc b/src/parser/MbxMailMessageReader.cc +@@ -86,6 +86,7 @@ + cerr << "MBX: SKIPPED DELETED MESSAGE" << endl; + } + } ++ return true; + } + + OWNED MailMessage *MbxMailMessageReader::readMessage() +--- a/src/parser/PngParser.cc b/src/parser/PngParser.cc +@@ -73,6 +73,7 @@ + try { + digestImage(); + initializeImage(); ++return true; + } catch (runtime_error ) { + return false; + } diff -Nru spamprobe-1.4d/debian/patches/series spamprobe-1.4d/debian/patches/series --- spamprobe-1.4d/debian/patches/series2023-02-20 18:12:05.0 +0530 +++ spamprobe-1.4d/debian/patches/series2023-09-26 12:15:17.0 +0530 @@ -7,3 +7,4 @@ giflib5.diff gcc-11.patch fix-typos.patch +missing-returns.patch
Bug#1037931: transition: platformdirs
Hi Simon (2023.06.14_13:49:15_+) > python3-platformdirs 3.x makes python3-virtualenv and python3-poetry > uninstallable; reporting this as a transition to get it on the release > team's radar. Uploaded both of those to unstick it. They were both staged in experimental, but I'd forgotten that they were needed :) Stefano -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#1035635: tox: Upgrading to tox 4
Hi Release Team! For the tox 4 transition, I have changes in dh-python staged (and in experimental) but the autopkgtests require tox 4, so I can't upload them until we're ready to pull the trigger on the transition. All the fallout I could find is documented in blocking bugs of this bug and the dh-python bug (1035675). Some of the fixes were staged in experimental, because we were in freeze at the time. Some of the packages need upstream work, and would have to be removed from testing for the transition. Please let me know when we should go ahead with this. Stefano -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#1037079: unblock: configobj/5.0.8-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: config...@packages.debian.org Control: affects -1 + src:configobj Please unblock package configobj [ Reason ] Resolves a (minor) security issue. The patch only became available recently. It resolves a ReDoS attack (regular expression denial of service) potentially caused by parsing untrusted configuration files. [ Impact ] Ship with an outstanding (very minor) security issue. [ Tests ] The patch includes a regression test. The package test suite passes. [ Risks ] Trivial change to a regex, which looks reasonable. The upstream hasn't reviewed it, yet. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock configobj/5.0.8-2 diff -Nru configobj-5.0.8/debian/changelog configobj-5.0.8/debian/changelog --- configobj-5.0.8/debian/changelog2023-01-26 18:57:36.0 -0400 +++ configobj-5.0.8/debian/changelog2023-06-03 16:23:41.0 -0400 @@ -1,3 +1,11 @@ +configobj (5.0.8-2) unstable; urgency=medium + + * Patch: Resolve CVE-2023-26112, a Regular Expression Denial of Service +attack. (Closes: #1034152) + * Clean correctly. + + -- Stefano Rivera Sat, 03 Jun 2023 16:23:41 -0400 + configobj (5.0.8-1) unstable; urgency=medium * New upstream release! diff -Nru configobj-5.0.8/debian/clean configobj-5.0.8/debian/clean --- configobj-5.0.8/debian/clean1969-12-31 20:00:00.0 -0400 +++ configobj-5.0.8/debian/clean2023-06-03 16:23:41.0 -0400 @@ -0,0 +1 @@ +src/configobj.egg-info/* diff -Nru configobj-5.0.8/debian/patches/CVE-2023-26112 configobj-5.0.8/debian/patches/CVE-2023-26112 --- configobj-5.0.8/debian/patches/CVE-2023-26112 1969-12-31 20:00:00.0 -0400 +++ configobj-5.0.8/debian/patches/CVE-2023-26112 2023-06-03 16:23:41.0 -0400 @@ -0,0 +1,48 @@ +From: cdcadman +Date: Wed, 17 May 2023 03:57:08 -0700 +Subject: Address CVE-2023-26112 ReDoS + +Origin: https://github.com/DiffSK/configobj/pull/236 +--- + src/configobj/validate.py | 2 +- + src/tests/test_validate_errors.py | 10 +- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/configobj/validate.py b/src/configobj/validate.py +index 9267a3f..98d879f 100644 +--- a/src/configobj/validate.py b/src/configobj/validate.py +@@ -541,7 +541,7 @@ class Validator(object): + """ + + # this regex does the initial parsing of the checks +-_func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL) ++_func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL) + + # this regex takes apart keyword arguments + _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$', re.DOTALL) +diff --git a/src/tests/test_validate_errors.py b/src/tests/test_validate_errors.py +index 399daa8..f7d6c27 100644 +--- a/src/tests/test_validate_errors.py b/src/tests/test_validate_errors.py +@@ -3,7 +3,7 @@ import os + import pytest + + from configobj import ConfigObj, get_extra_values, ParseError, NestingError +-from configobj.validate import Validator ++from configobj.validate import Validator, VdtUnknownCheckError + + @pytest.fixture() + def thisdir(): +@@ -77,3 +77,11 @@ def test_no_parent(tmpdir, specpath): + ini.write('[[haha]]') + with pytest.raises(NestingError): + conf = ConfigObj(str(ini), configspec=specpath, file_error=True) ++ ++ ++def test_re_dos(val): ++value = "aaa" ++i = 165100 ++attack = '\x00'*i + ')' + '('*i ++with pytest.raises(VdtUnknownCheckError): ++val.check(attack, value) diff -Nru configobj-5.0.8/debian/patches/series configobj-5.0.8/debian/patches/series --- configobj-5.0.8/debian/patches/series 1969-12-31 20:00:00.0 -0400 +++ configobj-5.0.8/debian/patches/series 2023-06-03 16:23:41.0 -0400 @@ -0,0 +1 @@ +CVE-2023-26112
Bug#1037078: unblock: dh-python/5.20230603
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: dh-pyt...@packages.debian.org, pi...@debian.org Control: affects -1 + src:dh-python Please unblock package dh-python [ Reason ] Re-adds some Breaks+Replaces to help upgrade scenarios that Andreas Beckmann discovered through piuparts (bug #1036943). [ Impact ] Upgrades buster -> bullseye -> bookworm will be broken, if the user didn't manually uninstall the old python2 package. [ Tests ] It's just Breaks+Replaces. Manually verified that it works in a manual scenario where buster's python2 package was still installed. [ Risks ] Trivial change. Present in bullseye, but reverted after it. This re-introduces the change. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock dh-python/5.20230603 diff -Nru dh-python-5.20230130/debian/changelog dh-python-5.20230603/debian/changelog --- dh-python-5.20230130/debian/changelog 2023-01-30 12:30:45.0 -0400 +++ dh-python-5.20230603/debian/changelog 2023-06-03 10:49:36.0 -0400 @@ -1,3 +1,10 @@ +dh-python (5.20230603) unstable; urgency=medium + + * Reintroduce Breaks+Replaces on python2 needed to help apt in some upgrade +scenarios. (Closes: #1036943) + + -- Stefano Rivera Sat, 03 Jun 2023 10:49:36 -0400 + dh-python (5.20230130) unstable; urgency=medium * pybuild.pm: Export SETUPTOOLS_SCM_PRETEND_VERSION for packages using diff -Nru dh-python-5.20230130/debian/control dh-python-5.20230603/debian/control --- dh-python-5.20230130/debian/control 2023-01-30 12:30:45.0 -0400 +++ dh-python-5.20230603/debian/control 2023-06-03 10:49:36.0 -0400 @@ -29,6 +29,9 @@ Breaks: # due to /usr/bin/dh_python3 and debhelper files python3 (<< 3.3.2-4~), +# due to debhelper files + python2 (<< 2.7.18-2) +Replaces: python2 (<< 2.7.18-2) Description: Debian helper tools for packaging Python libraries and applications This package contains: * pybuild - invokes various build systems for requested Python versions in
Bug#1036031: unblock: python-mitogen/0.3.3-9
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: python-mito...@packages.debian.org Control: affects -1 + src:python-mitogen Please unblock package python-mitogen [ Reason ] This resolves bug 1036018. Apparently ansible has grown the number of open file handles over time, causing select() to become unusable. Use poll() instead of select. python-mitogen development is somewhat sporadic at the moment. We patched it to support Ansible 6, even though upstream hadn't declared support, yet. That probably contributed to this bug appearing. Upstream hasn't picked up this patch, yet. But it's been sitting on GitHub since early Feb, and resolves the issue. [ Impact ] Some users will hit "filedescriptor out of range in select()" errors when using ansible with miteogen. [ Tests ] I've manually tested ansible with mitogen, and it seems to work. The automated test suite passes. Some of the GitHub actions tests for this PR failed. But the affected platforms don't seem relevant to us. [ Risks ] Patch is relatively straightforward. Replacing one drop-in class in place of another. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-mitogen/0.3.3-9 diff -Nru python-mitogen-0.3.3/debian/changelog python-mitogen-0.3.3/debian/changelog --- python-mitogen-0.3.3/debian/changelog 2022-12-13 22:43:51.0 -0400 +++ python-mitogen-0.3.3/debian/changelog 2023-05-13 09:45:14.0 -0400 @@ -1,3 +1,10 @@ +python-mitogen (0.3.3-9) unstable; urgency=medium + + * Patch: Use poll() in the broker to handle more file descriptors. +(Closes: #1036018) + + -- Stefano Rivera Sat, 13 May 2023 09:45:14 -0400 + python-mitogen (0.3.3-8) unstable; urgency=medium * Team upload. diff -Nru python-mitogen-0.3.3/debian/patches/poll-poller python-mitogen-0.3.3/debian/patches/poll-poller --- python-mitogen-0.3.3/debian/patches/poll-poller 1969-12-31 20:00:00.0 -0400 +++ python-mitogen-0.3.3/debian/patches/poll-poller 2023-05-13 09:45:14.0 -0400 @@ -0,0 +1,28 @@ +From: Luca Berruti +Date: Wed, 8 Feb 2023 14:05:25 +0100 +Subject: Fix: filedescriptor out of range in select() + +Bug-Debian: https://bugs.debian.org/1036018 +Bug-Upstream: https://github.com/mitogen-hq/mitogen/issues/957 +Origin: https://github.com/mitogen-hq/mitogen/pull/984 +--- + ansible_mitogen/process.py | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/ansible_mitogen/process.py b/ansible_mitogen/process.py +index 63caa88..8c19c37 100644 +--- a/ansible_mitogen/process.py b/ansible_mitogen/process.py +@@ -285,8 +285,10 @@ class Broker(mitogen.master.Broker): + the exuberant syscall expense of EpollPoller, so override it and restore + the poll() poller. + """ +-poller_class = mitogen.core.Poller +- ++if mitogen.parent.PollPoller.SUPPORTED: ++poller_class = mitogen.parent.PollPoller ++else: ++poller_class = mitogen.core.Poller + + class Binding(object): + """ diff -Nru python-mitogen-0.3.3/debian/patches/series python-mitogen-0.3.3/debian/patches/series --- python-mitogen-0.3.3/debian/patches/series 2022-12-13 20:24:51.0 -0400 +++ python-mitogen-0.3.3/debian/patches/series 2023-05-13 09:45:14.0 -0400 @@ -6,3 +6,4 @@ skip-python2.7-test ansible-6 hack-remove-cleanup +poll-poller
Bug#1035105: bullseye-pu: package distro-info-data/0.51+deb11u4
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: distro-info-d...@packages.debian.org, bdr...@debian.org Control: affects -1 + src:distro-info-data As usual, a distro-info-data update. [ Reason ] There's a new Ubuntu development release, a bookworm release date, and some minor Ubuntu EoL changes. * Update data to 0.58: - Add Debian 14 "forky" with a vague creation date. - Correct Ubuntu 23.04 release date to 2023-04-20. - Tighten validate-csv-data heuristics, restricting Ubuntu EoLs to Tue-Thursday. - Document Ubuntu ESM overlap period (LP: #2003949) - Add Ubuntu 23.10 Mantic Minotaur (LP: #2018028) - Set the planned release date for Debian bookworm (and an EoL based on it). - Adjust trixie's creation date to match bookworm's release. [ Impact ] Debian stable is unaware of the current Ubuntu development release, and Debian bookworm release dates. Currently: $ debian-distro-info -t --date=2023-06-10 bookworm $ debian-distro-info -s --date=2023-06-10 bullseye $ ubuntu-distro-info -df ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. Expected: $ debian-distro-info -t --date=2023-06-10 trixie $ debian-distro-info -s --date=2023-06-10 bookworm $ ubuntu-distro-info -df Ubuntu 23.10 "Mantic Minotaur" [ Tests ] Autopkgtests passed. The changes include some updates to tests around the Ubuntu EoL dates. Manually tested as above. [ Risks ] Data-only package, this will bring it up to parity with unstable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable diff -Nru distro-info-data-0.51+deb11u3/debian/changelog distro-info-data-0.51+deb11u4/debian/changelog --- distro-info-data-0.51+deb11u3/debian/changelog 2022-10-30 07:31:55.0 -0400 +++ distro-info-data-0.51+deb11u4/debian/changelog 2023-04-29 14:30:57.0 -0400 @@ -1,3 +1,17 @@ +distro-info-data (0.51+deb11u4) bullseye; urgency=medium + + * Update data to 0.58: +- Add Debian 14 "forky" with a vague creation date. +- Correct Ubuntu 23.04 release date to 2023-04-20. +- Tighten validate-csv-data heuristics, restricting Ubuntu EoLs to + Tue-Thursday. +- Document Ubuntu ESM overlap period (LP: #2003949) +- Add Ubuntu 23.10 Mantic Minotaur (LP: #2018028) +- Set the planned release date for Debian bookworm (and an EoL based on it). +- Adjust trixie's creation date to match bookworm's release. + + -- Stefano Rivera Sat, 29 Apr 2023 14:30:57 -0400 + distro-info-data (0.51+deb11u3) bullseye; urgency=medium * Update data to 0.55: diff -Nru distro-info-data-0.51+deb11u3/debian.csv distro-info-data-0.51+deb11u4/debian.csv --- distro-info-data-0.51+deb11u3/debian.csv2022-10-30 07:31:55.0 -0400 +++ distro-info-data-0.51+deb11u4/debian.csv2023-04-29 14:30:57.0 -0400 @@ -15,7 +15,8 @@ 9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-06,2022-06-30,2027-06-30 10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2029-06-30 11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 -12,Bookworm,bookworm,2021-08-14 -13,Trixie,trixie,2023-08-01 +12,Bookworm,bookworm,2021-08-14,2023-06-10,2026-06-10 +13,Trixie,trixie,2023-06-10 +14,Forky,forky,2025-08-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff -Nru distro-info-data-0.51+deb11u3/ubuntu.csv distro-info-data-0.51+deb11u4/ubuntu.csv --- distro-info-data-0.51+deb11u3/ubuntu.csv2022-10-30 07:31:55.0 -0400 +++ distro-info-data-0.51+deb11u4/ubuntu.csv2023-04-29 14:30:57.0 -0400 @@ -26,14 +26,15 @@ 16.10,Yakkety Yak,yakkety,2016-04-21,2016-10-13,2017-07-20 17.04,Zesty Zapus,zesty,2016-10-13,2017-04-13,2018-01-13 17.10,Artful Aardvark,artful,2017-04-13,2017-10-19,2018-07-19 -18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-04-26,2023-04-26,2028-04-26 +18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-05-31,2023-05-31,2028-04-26 18.10,Cosmic Cuttlefish,cosmic,2018-04-26,2018-10-18,2019-07-18 19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-23 19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17 -20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-04-23,2025-04-23,2030-04-23 +20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-05-29,2025-05-29,2030-04-23 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-20 21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 -22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-04-21,2027-04-21,2032-04-21 +22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-06-01,2027-06-01,2032-04-21 22.10,Kinetic Kudu,kinetic,20
Bug#1034284: unblock: wheel/0.38.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: wh...@packages.debian.org Control: affects -1 + src:wheel Please unblock package wheel Fixed an RC bug: The source package wasn't cleaning correctly. [ Reason ] RC Bug fix. [ Impact ] Stable will ship with the source-level RC bug. [ Tests ] Verified by hand. [ Risks ] Change is trivial. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock wheel/0.38.4-2 diff -Nru wheel-0.38.4/debian/changelog wheel-0.38.4/debian/changelog --- wheel-0.38.4/debian/changelog 2022-11-10 06:24:48.0 -0400 +++ wheel-0.38.4/debian/changelog 2023-04-11 14:10:59.0 -0400 @@ -1,3 +1,9 @@ +wheel (0.38.4-2) unstable; urgency=medium + + * Correctly clean. (Closes: #1034079) + + -- Stefano Rivera Tue, 11 Apr 2023 14:10:59 -0400 + wheel (0.38.4-1) unstable; urgency=medium * New upstream release. diff -Nru wheel-0.38.4/debian/clean wheel-0.38.4/debian/clean --- wheel-0.38.4/debian/clean 2022-11-10 06:24:48.0 -0400 +++ wheel-0.38.4/debian/clean 2023-04-11 14:10:59.0 -0400 @@ -1 +1,6 @@ -docs/_build +.tox/ +dist/ +docs/_build/ +src/*.egg-info/ +tests/testdata/*/*.egg-info/ +tests/testdata/*/build/
Re: Bug#993590: distro-info-data: Store a mapping from distro to gpg keyring
> On Fri, 03 Sep 2021 15:16:54 +0200 Johannes Schauer Marin Rodrigues > wrote: > > please consider storing a mapping from distro to keyring in > > /usr/share/keyring. Currently there is no reliable way to retrieve the > > authoritative keyring for a given distro name. Even when limiting > > oneself to only Debian, it is not obvious for which suites one needs > > /usr/share/keyrings/debian-archive-keyring.gpg and for which one needs > > /usr/share/keyrings/debian-archive-removed-keys.gpg. > > I am not sure whether distro-info-data is the right place for it. Are > there rules when keys move from debian-archive-keyring.gpg to debian- > archive-removed-keys.gpg? Shouldn't that information better be shipped > by debian-archive-keyring? Can someone from the release team answer how this works? Thanks, Stefano -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#1028436: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: r...@packages.debian.org Control: affects -1 + src:re2 Sorry for a last minute request. I was just looking through my packages on the weekend and noticed that re2 had tagged a new release, but I hadn't seen it due to the GitHub layout change last year. This is a very minor ABI break in the C++ library, caused by changing class layout. The in the 6 months since the previous release, they've only made 22 commits. Which also means that if it misses the freeze, it's probably not a big deal. The new version is currently sitting in experimental bin-NEW. I've test-built the reverse dependencies, they all build, except for unrelated failures: $ grep ^Status *.build chromium_amd64.build:Status: successful clickhouse_amd64.build:Status: successful dnsdist_amd64.build:Status: successful effcee_amd64.build:Status: attempted grpc_amd64.build:Status: successful inspircd_amd64.build:Status: successful libphonenumber_amd64.build:Status: successful libpog_amd64.build:Status: successful libre-engine-re2-perl_amd64.build:Status: successful libvmod-re2_amd64.build:Status: successful node-re2_amd64.build:Status: successful pytorch-text_amd64.build:Status: given-back qt6-webengine_amd64.build:Status: successful qtwebengine-opensource-src_amd64.build:Status: attempted re2_20221201+dfsg-1_amd64.build:Status: successful ruby-re2_amd64.build:Status: successful sphinxsearch_amd64.build:Status: successful effcee: FTBFS with GCC-11: #984048 pytorch-text: FTBFS with Python 3.10 (yes 3.10, not 3.11): #1008924 qtwebengine-opensource-src: FTBFS with Python 3.11 (fixed in 5.15.12+dfsg-1 in experimental) Ben file: title = "re2"; is_affected = .depends ~ "libre2-9" | .depends ~ "libre2-10"; is_good = .depends ~ "libre2-10"; is_bad = .depends ~ "libre2-9"; Thanks for the consideration! Stefano
Re: Python 3.11 for bookworm?
Hi Timo (2022.12.22_12:56:20_+) > > There have been rebuilds in Ubuntu that give us some idea of how much > > work remains. I think it's tractable, but also will have some package > > casualties. > I have some spare time right now, and I am happy to help > work on problematic cases, so hopefully nobody will feel left out in > the cold with their favorite packages. Offhand, the one I most expect trouble with is numba. We were reliant on upstream for the 3.10 transition, and probably will be for 3.11. Thanks for your help with pony ORM, Timo. I didn't think we'd be able to port that without upstream, but it did end up being tractable. I'm expecting to have more time in the upcoming weeks, too. So, release team, I still think we should go ahead! SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Re: Python 3.11 for bookworm?
Hi Sandro (2022.12.22_00:13:36_+) > It appears there has been little work in preparing the work to > introduce python3.11 from its maintainer, instead that works has been > pushed downstream to maintainers. That is, I'm afraid, the only realistic approach for handling new Python versions. It is too much work for one or two people to do. It needs the help of the team and upstreams to make it happen. Yes, a maintainer could take all this work on their shoulders, but if we require them to, I don't think we'll ship even vaguely current Python versions. > if we continue with the plan as described above, several python > libraries/applications maintainers will be left with the short end of > the stick and deal with an unknown amount of issues (upstream fixes > not available, not ready and or/ not released, rushed, etc) with less > than a month from the beginning of the transition freeze[2] That will almost certainly be the case, yes. So we have a trade-off to make between shipping a new Python upstream release, that many of our users would definitely appreciate, and having some libraries / apps miss the release, that many of our users would probably be affected by. > [2] also highlights at the very beginning "Plan your changes for > bullseye", this change appears as if it was not planned and we should > be skeptical to proceed without further (and in advance) understanding > of the impact it may have on Bullseye. We discussed this transition at DebConf 22, and decided to approach it the way that it has been approached. Where we currently are in the release, I would lean towards going through with the transition. So far, it seems to have been roughly as difficult as previous Python transitions. There have been rebuilds in Ubuntu that give us some idea of how much work remains. I think it's tractable, but also will have some package casualties. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#1023118: bullseye-pu: package distro-info-data/0.51+deb11u3
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: bdr...@debian.org As usual, a distro-info-data update. [ Reason ] There's a new Ubuntu development release, and also some minor Debian changes. * Update data to 0.55: - Update Debian ELTS dates to ~10 years of support (Closes: #1014837) - Correct release date of Debian 8 (jessie) to 2015-04-26 - Add dates for Ubuntu 23.04, Lunar Lobster (LP: #1993667) [ Impact ] Debian stable is unaware of the current Ubuntu development release, and Debian ELTS support periods. Currently: $ ubuntu-distro-info -d ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. $ debian-distro-info --elts stretch Expected: $ ubuntu-distro-info -d lunar $ debian-distro-info --elts jessie stretch [ Tests ] Autopkgtests passed. Manually tested as above. [ Risks ] Data-only package, this will bring it up to parity with unstable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable commit 9fb1990fe6d70cfbac351ad780b672bf4478a8e5 Author: Stefano Rivera Date: Sun Oct 30 13:32:12 2022 +0200 Update data to 0.55: * Update data to 0.55: - Update Debian ELTS dates to ~10 years of support (Closes: #1014837) - Correct release date of Debian 8 (jessie) to 2015-04-26 - Add dates for Ubuntu 23.04, Lunar Lobster (LP: #1993667) diff --git a/debian.csv b/debian.csv index 967a3f0..6d06e13 100644 --- a/debian.csv +++ b/debian.csv @@ -11,9 +11,9 @@ version,codename,series,created,release,eol,eol-lts,eol-elts 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31,2016-02-29 7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26,2018-05-31,2020-06-30 -8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-17,2020-06-30,2022-06-30 -9,Stretch,stretch,2015-04-25,2017-06-17,2020-07-06,2022-06-30,2024-06-30 -10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2026-06-30 +8,Jessie,jessie,2013-05-04,2015-04-26,2018-06-17,2020-06-30,2025-06-30 +9,Stretch,stretch,2015-04-26,2017-06-17,2020-07-06,2022-06-30,2027-06-30 +10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2029-06-30 11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 12,Bookworm,bookworm,2021-08-14 13,Trixie,trixie,2023-08-01 diff --git a/debian/changelog b/debian/changelog index 4e7670c..8e078e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +distro-info-data (0.51+deb11u3) bullseye; urgency=medium + + * Update data to 0.55: +- Update Debian ELTS dates to ~10 years of support (Closes: #1014837) +- Correct release date of Debian 8 (jessie) to 2015-04-26 +- Add dates for Ubuntu 23.04, Lunar Lobster (LP: #1993667) + + -- Stefano Rivera Sun, 30 Oct 2022 13:31:55 +0200 + distro-info-data (0.51+deb11u2) bullseye; urgency=medium * Update data to 0.53: diff --git a/ubuntu.csv b/ubuntu.csv index eeaacff..4706da8 100644 --- a/ubuntu.csv +++ b/ubuntu.csv @@ -36,3 +36,4 @@ version,codename,series,created,release,eol,eol-server,eol-esm 21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-04-21,2027-04-21,2032-04-21 22.10,Kinetic Kudu,kinetic,2022-04-21,2022-10-20,2023-07-20 +23.04,Lunar Lobster,lunar,2022-10-20,2023-04-27,2024-01-25
Bug#1011939: bullseye-pu: package hdmi2usb-mode-switch/0.0.1-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: debconf-vi...@lists.debian.org [ Reason ] Linux started to have multiple /dev/video device nodes in linux-image-4.19.0-5-amd64 (#1011938). This broke hdmi2usb-udev because we wouldn't know which /dev/video device to capture video from. The DebConf Video team has known about this problem since buster, but has only recently figured out the (fairly straightforward) solution. Blame COVID-19 for us not meeting in person again, and dealing with it. [ Impact ] hdmi2usb-udev doesn't give you an unambiguous device to capture video from, for your hdmi2usb hardware. There is very little of this hardware in the wild, so the DebConf video team are almost the only affected people. [ Tests ] Manually tested at the Hamburg Debian Reunion 2022. [ Risks ] Pretty trivial changes. Extremely low popcon :) Rare, out of production hardware. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] 1. Add a suffix to the device node, from information provided by 60-persistent-v4l.rules 2. Sort the udev rule *after* 60-persistent-v4l.rules. diff -Nru hdmi2usb-mode-switch-0.0.1/debian/changelog hdmi2usb-mode-switch-0.0.1/debian/changelog --- hdmi2usb-mode-switch-0.0.1/debian/changelog 2018-01-19 09:28:58.0 +0200 +++ hdmi2usb-mode-switch-0.0.1/debian/changelog 2022-05-27 12:22:19.0 +0200 @@ -1,3 +1,11 @@ +hdmi2usb-mode-switch (0.0.1-2+deb11u1) bullseye; urgency=low + + * Patch: Udev: Add a suffix to /dev/video device nodes to disambiguate them. +(Closes: #1011938) + * Move udev rules to priority 70, to come after 60-persistent-v4l.rules. + + -- Stefano Rivera Fri, 27 May 2022 12:22:19 +0200 + hdmi2usb-mode-switch (0.0.1-2) unstable; urgency=medium * Update symlinks for ixo-usb-jtag 0.0.1. diff -Nru hdmi2usb-mode-switch-0.0.1/debian/patches/disambiguate-video-device-nodes hdmi2usb-mode-switch-0.0.1/debian/patches/disambiguate-video-device-nodes --- hdmi2usb-mode-switch-0.0.1/debian/patches/disambiguate-video-device-nodes 1970-01-01 02:00:00.0 +0200 +++ hdmi2usb-mode-switch-0.0.1/debian/patches/disambiguate-video-device-nodes 2022-05-27 12:22:19.0 +0200 @@ -0,0 +1,52 @@ +From: Nicolas Dandrimont +Date: Thu, 26 May 2022 22:17:33 +0200 +Subject: Add a suffix to the video device name when no capture capability is + detected + +Recent versions of the linux kernel generate multiple device nodes for +each uvcvideo capture card. The HDMI2USB-generated video symlinks end up +stomping on one another until the last one wins. + +Recent versions of udev's id_v4l script add a ID_V4L_CAPABILITIES +variable that we can use to distinguish both devices. We give the +metadata device a `-metadata` suffix to distinguish it from the capture +node. + +Origin: https://github.com/litex-hub/litex-buildenv-udev/pull/9 +Bug-Debian: https://bugs.debian.org/1011938 +--- + udev/99-hdmi2usb-aliases.rules | 15 ++- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/udev/99-hdmi2usb-aliases.rules b/udev/99-hdmi2usb-aliases.rules +index 8ae7f48..e0863ca 100644 +--- a/udev/99-hdmi2usb-aliases.rules b/udev/99-hdmi2usb-aliases.rules +@@ -119,17 +119,22 @@ SUBSYSTEM=="tty", ENV{ID_HDMI2USB}=="1", ENV{NUM_HDMI2USB_TTY}!="", ENV{NUM_HDMI + SYMLINK+="hdmi2usb/by-num/$env{ID_HDMI2USB_BOARD}$env{NUM_HDMI2USB_BOARD}/tty$env{NUM_HDMI2USB_TTY}" + + # Video capture device ++SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{ID_V4L_CAPABILITIES}=="*:capture:*" \ ++ENV{HDMI2USB_VIDEO_SUFFIX}:="" ++SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{ID_V4L_CAPABILITIES}!="*:capture:*" \ ++ENV{HDMI2USB_VIDEO_SUFFIX}:="-metadata" ++ + SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{ID_SERIAL_SHORT}!="" \ +- SYMLINK+="hdmi2usb/by-serial/$env{ID_SERIAL_SHORT}/video" ++ SYMLINK+="hdmi2usb/by-serial/$env{ID_SERIAL_SHORT}/video$env{HDMI2USB_VIDEO_SUFFIX}" + + SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{ID_PATH}!="" \ +- SYMLINK+="hdmi2usb/by-path/$env{ID_PATH}/video" ++ SYMLINK+="hdmi2usb/by-path/$env{ID_PATH}/video$env{HDMI2USB_VIDEO_SUFFIX}" + + SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{ID_PATH_HUMAN}!="" \ +- SYMLINK+="hdmi2usb/by-path/$env{ID_PATH_HUMAN}/video" ++ SYMLINK+="hdmi2usb/by-path/$env{ID_PATH_HUMAN}/video$env{HDMI2USB_VIDEO_SUFFIX}" + + SUBSYSTEM=="video4linux", ENV{ID_HDMI2USB}=="1", ENV{NUM_HDMI2USB}
Bug#1011360: buster-pu: package python-scrapy/1.5.1-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: mouzan...@gmail.com, w...@debian.org [ Reason ] Hi, there were some security issues in python-scrapy, that were deemed no-DSA [ Impact ] Known security issues, with the risk of credential-exposure. [ Tests ] They both include unit tests, which pass. [ Risks ] There are behavioural changes, that could affect users of this code, if they are scraping sites that need authentication. However, this is unavoidable for the issues being fixed. This matches what was uploaded to stretch-security, although the patch isn't identical. So, anyone upgrading from stretch-lts would hit a regression if this wasn't updated. Risks both ways. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Security fix for CVE-2021-41125: Don't send authentication data with all requests. Provide a http_auth_domain spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. * Security Fix CVE-2022-0577: Don't expose cookies cross-domain when redirected. (Closes: #1008234) [ Other info ] See also Bug #1011359 for bullseye. diff -Nru python-scrapy-1.5.1/debian/changelog python-scrapy-1.5.1/debian/changelog --- python-scrapy-1.5.1/debian/changelog2018-09-29 08:51:15.0 -0400 +++ python-scrapy-1.5.1/debian/changelog2022-05-20 16:14:25.0 -0400 @@ -1,3 +1,15 @@ +python-scrapy (1.5.1-1+deb10u1) buster; urgency=medium + + * Team upload. + * Security fix for CVE-2021-41125: Don't send authentication data with all +requests. Provide a http_auth_domain spider attribute to control which +domains are allowed to receive the configured HTTP authentication +credentials. + * Security fix CVE-2022-0577: Don't expose cookies cross-domain when +redirected. (Closes: #1008234) + + -- Stefano Rivera Fri, 20 May 2022 16:14:25 -0400 + python-scrapy (1.5.1-1) unstable; urgency=medium [ Ondřej Nový ] diff -Nru python-scrapy-1.5.1/debian/patches/CVE-2021-41125.patch python-scrapy-1.5.1/debian/patches/CVE-2021-41125.patch --- python-scrapy-1.5.1/debian/patches/CVE-2021-41125.patch 1969-12-31 20:00:00.0 -0400 +++ python-scrapy-1.5.1/debian/patches/CVE-2021-41125.patch 2022-05-20 16:14:25.0 -0400 @@ -0,0 +1,206 @@ +From: Andrey Rakhmatullin +Date: Fri, 16 Aug 2019 14:53:42 +0500 +Subject: Add http_auth_domain to HttpAuthMiddleware. + +Fixes CVE-2021-41125 +Origin: upstream, https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 +--- + docs/topics/downloader-middleware.rst | 18 +- + scrapy/downloadermiddlewares/httpauth.py| 21 ++- + tests/test_downloadermiddleware_httpauth.py | 85 - + 3 files changed, 118 insertions(+), 6 deletions(-) + +diff --git a/docs/topics/downloader-middleware.rst b/docs/topics/downloader-middleware.rst +index dfe4c13..73e7e0f 100644 +--- a/docs/topics/downloader-middleware.rst b/docs/topics/downloader-middleware.rst +@@ -309,8 +309,21 @@ HttpAuthMiddleware + This middleware authenticates all requests generated from certain spiders + using `Basic access authentication`_ (aka. HTTP auth). + +-To enable HTTP authentication from certain spiders, set the ``http_user`` +-and ``http_pass`` attributes of those spiders. ++To enable HTTP authentication for a spider, set the ``http_user`` and ++``http_pass`` spider attributes to the authentication data and the ++``http_auth_domain`` spider attribute to the domain which requires this ++authentication (its subdomains will be also handled in the same way). ++You can set ``http_auth_domain`` to ``None`` to enable the ++authentication for all requests but usually this is not needed. ++ ++.. warning:: ++In the previous Scrapy versions HttpAuthMiddleware sent the ++authentication data with all requests, which is a security problem if ++the spider makes requests to several different domains. Currently if ++the ``http_auth_domain`` attribute is not set, the middleware will use ++the domain of the first request, which will work for some spider but ++not for others. In the future the middleware will produce an error ++instead. + + Example:: + +@@ -320,6 +333,7 @@ HttpAuthMiddleware + + http_user = 'someuser' + http_pass = 'somepass' ++http_auth_domain = 'intranet.example.com' + name = 'intranet.example.com' + + # .. rest of the spider code omitted ... +diff --git a/scrapy/downloadermiddlewares/httpauth.py b/scrapy/downloadermiddlewares/httpauth.py +index 7aa7a62..b9030f7 100644 +--- a/scrapy/downloadermiddlewares
Bug#1011359: bullseye-pu: package python-scrapy/2.4.1-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: mouzan...@gmail.com, w...@debian.org [ Reason ] Hi, there were some security issues in python-scrapy, that were deemed no-DSA [ Impact ] Known security issues, with the risk of credential-exposure. [ Tests ] They both include unit tests, which pass. [ Risks ] There are behavioural changes, that could affect users of this code, if they are scraping sites that need authentication. However, this is unavoidable for the issues being fixed. This matches what was uploaded to stretch-security, although the patch isn't identical. So, anyone upgrading from stretch-lts would hit a regression if this wasn't updated. Risks both ways. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Security fix for CVE-2021-41125: Don't send authentication data with all requests. Provide a http_auth_domain spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. * Security Fix CVE-2022-0577: Don't expose cookies cross-domain when redirected. (Closes: #1008234) diff -Nru python-scrapy-2.4.1/debian/changelog python-scrapy-2.4.1/debian/changelog --- python-scrapy-2.4.1/debian/changelog2021-02-28 09:55:45.0 -0400 +++ python-scrapy-2.4.1/debian/changelog2022-05-20 16:11:00.0 -0400 @@ -1,3 +1,15 @@ +python-scrapy (2.4.1-2+deb11u1) bullseye; urgency=medium + + * Team upload. + * Security fix for CVE-2021-41125: Don't send authentication data with all +requests. Provide a http_auth_domain spider attribute to control which +domains are allowed to receive the configured HTTP authentication +credentials. + * Security Fix CVE-2022-0577: Don't expose cookies cross-domain when +redirected. (Closes: #1008234) + + -- Stefano Rivera Fri, 20 May 2022 16:11:00 -0400 + python-scrapy (2.4.1-2) unstable; urgency=medium * Skip tests that require network access (Closes: #980901). diff -Nru python-scrapy-2.4.1/debian/patches/CVE-2021-41125.patch python-scrapy-2.4.1/debian/patches/CVE-2021-41125.patch --- python-scrapy-2.4.1/debian/patches/CVE-2021-41125.patch 1969-12-31 20:00:00.0 -0400 +++ python-scrapy-2.4.1/debian/patches/CVE-2021-41125.patch 2022-05-20 16:11:00.0 -0400 @@ -0,0 +1,206 @@ +From: Andrey Rakhmatullin +Date: Fri, 16 Aug 2019 14:53:42 +0500 +Subject: Add http_auth_domain to HttpAuthMiddleware. + +Fixes CVE-2021-41125 +Origin: upstream, https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 +--- + docs/topics/downloader-middleware.rst | 18 +- + scrapy/downloadermiddlewares/httpauth.py| 21 ++- + tests/test_downloadermiddleware_httpauth.py | 85 - + 3 files changed, 118 insertions(+), 6 deletions(-) + +diff --git a/docs/topics/downloader-middleware.rst b/docs/topics/downloader-middleware.rst +index 6801adc..e0a3205 100644 +--- a/docs/topics/downloader-middleware.rst b/docs/topics/downloader-middleware.rst +@@ -323,8 +323,21 @@ HttpAuthMiddleware + This middleware authenticates all requests generated from certain spiders + using `Basic access authentication`_ (aka. HTTP auth). + +-To enable HTTP authentication from certain spiders, set the ``http_user`` +-and ``http_pass`` attributes of those spiders. ++To enable HTTP authentication for a spider, set the ``http_user`` and ++``http_pass`` spider attributes to the authentication data and the ++``http_auth_domain`` spider attribute to the domain which requires this ++authentication (its subdomains will be also handled in the same way). ++You can set ``http_auth_domain`` to ``None`` to enable the ++authentication for all requests but usually this is not needed. ++ ++.. warning:: ++In the previous Scrapy versions HttpAuthMiddleware sent the ++authentication data with all requests, which is a security problem if ++the spider makes requests to several different domains. Currently if ++the ``http_auth_domain`` attribute is not set, the middleware will use ++the domain of the first request, which will work for some spider but ++not for others. In the future the middleware will produce an error ++instead. + + Example:: + +@@ -334,6 +347,7 @@ HttpAuthMiddleware + + http_user = 'someuser' + http_pass = 'somepass' ++http_auth_domain = 'intranet.example.com' + name = 'intranet.example.com' + + # .. rest of the spider code omitted ... +diff --git a/scrapy/downloadermiddlewares/httpauth.py b/scrapy/downloadermiddlewares/httpauth.py +index 089bf0d..1bee3e2 100644 +--- a/scrapy/downloadermiddlewares
Bug#1010613: bullseye-pu: package twisted/20.3.0-7+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: d...@debian.org [ Reason ] Catching up on outstanding security issues. Security team deemed them no-dsa. [ Impact ] Outstanding security issues remain unresolved. [ Tests ] Twisted has a comprehensive test-suite, the relevant updates come with tests, and no regressions were noticed. [ Risks ] The same patches are carried in Ubuntu, and in Debian LTS * ELTS. They did need some backporting to older releases, but nothing too risky. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. This was a regression introduced by the patch to expat for CVE-2022-25236. The resolution upstream was to just delete the test. [ Other info ] (Anything else the release team should know.) diff -Nru twisted-20.3.0/debian/changelog twisted-20.3.0/debian/changelog --- twisted-20.3.0/debian/changelog 2021-04-24 12:36:24.0 -0400 +++ twisted-20.3.0/debian/changelog 2022-05-05 09:59:26.0 -0400 @@ -1,3 +1,30 @@ +twisted (20.3.0-7+deb11u1) bullseye; urgency=medium + + * Team upload. + * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie +and authorization headers when following cross origin redirects +- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are + removed when forming requests, in src/twisted/web/client.py, + src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. +- Thanks Canonical for backporting the patches. + * CVE-2022-21716: Parsing of SSH version identifier field during an SSH +handshake can result in a denial of service when excessively large packets +are received +- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received + handshake buffer is checked, prior to processing version string in + src/twisted/conch/ssh/transport.py and + src/twisted/conch/test/test_transport.py +- Thanks Canonical for backporting the patches. + * CVE-2022-24801: Correct several defects in HTTP request parsing that could +permit HTTP request smuggling: disallow signed Content-Length headers, +forbid illegal characters in chunked extensions, forbid 0x prefix to chunk +lengths, and only strip space and horizontal tab from header values. +- debian/patches/CVE-2022-24801-*.patch + * Patch: remove spurious test for illegal whitespace in xmlns, to allow +tests to pass, again. + + -- Stefano Rivera Thu, 05 May 2022 09:59:26 -0400 + twisted (20.3.0-7) unstable; urgency=medium * Team upload. diff -Nru twisted-20.3.0/debian/patches/CVE-2022-21712-10.patch twisted-20.3.0/debian/patches/CVE-2022-21712-10.patch --- twisted-20.3.0/debian/patches/CVE-2022-21712-10.patch 1969-12-31 20:00:00.0 -0400 +++ twisted-20.3.0/debian/patches/CVE-2022-21712-10.patch 2022-05-05 09:59:26.0 -0400 @@ -0,0 +1,29 @@ +From 0c44b4806a27d258baf13d6f714f06eddb28da5a Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Sun, 23 Jan 2022 15:31:51 -0800 +Subject: [PATCH] correct docstring to suggest the right order + +--- + src/twisted/web/iweb.py | 10 +- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/src/twisted/web/iweb.py b/src/twisted/web/iweb.py +@@ -716,12 +716,12 @@ class IAgent(Interface): + obtained by combining a number of (hypothetical) implementations:: + + baseAgent = Agent(reactor) +-redirect = BrowserLikeRedirectAgent(baseAgent, limit=10
Bug#1010194: bullseye-pu: package distro-info-data/0.51+deb11u2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu As usual, a distro-info-data update. [ Reason ] This one only has Ubuntu changes, but still worth keeping up-to-date in stable. * Update data to 0.53: - Add Ubuntu 22.10, Kinetic Kudu. [ Impact ] Debian stable is unaware of the current Ubuntu development release: $ ubuntu-distro-info -d ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. [ Tests ] Autopkgtests passed. Manually tested: $ ubuntu-distro-info -df Ubuntu 22.10 "Kinetic Kudu" [ Risks ] Data-only package, this will bring it up to parity with unstable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Update data to 0.53: - Add Ubuntu 22.10, Kinetic Kudu. [ Other info ] Bug for the last update: #1001389 diff -Nru distro-info-data-0.51+deb11u1/debian/changelog distro-info-data-0.51+deb11u2/debian/changelog --- distro-info-data-0.51+deb11u1/debian/changelog 2021-12-09 09:40:48.0 -0400 +++ distro-info-data-0.51+deb11u2/debian/changelog 2022-04-25 20:32:17.0 -0400 @@ -1,3 +1,10 @@ +distro-info-data (0.51+deb11u2) bullseye; urgency=medium + + * Update data to 0.53: +- Add Ubuntu 22.10, Kinetic Kudu. + + -- Stefano Rivera Mon, 25 Apr 2022 20:32:17 -0400 + distro-info-data (0.51+deb11u1) bullseye; urgency=medium * Update data to 0.52: diff -Nru distro-info-data-0.51+deb11u1/ubuntu.csv distro-info-data-0.51+deb11u2/ubuntu.csv --- distro-info-data-0.51+deb11u1/ubuntu.csv2021-12-09 09:40:48.0 -0400 +++ distro-info-data-0.51+deb11u2/ubuntu.csv2022-04-25 20:32:17.0 -0400 @@ -35,3 +35,4 @@ 21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-20 21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-04-21,2027-04-21,2032-04-21 +22.10,Kinetic Kudu,kinetic,2022-04-21,2022-10-20,2023-07-20
Bug#1010193: buster-pu: package distro-info-data/0.41+deb10u5
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu As usual, a distro-info-data update. [ Reason ] This one only has Ubuntu changes, but still worth keeping up-to-date in stable. * Update data to 0.53, without new columns: - Add Ubuntu 22.04 LTS, Jammy Jellyfish. - Add Ubuntu 22.10, Kinetic Kudu. [ Impact ] Debian oldstable doesn't know the current development Ubuntu release: $ ubuntu-distro-info -d ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. Or the current LTS release: $ ubuntu-distro-info -f --lts Ubuntu 20.04 LTS "Focal Fossa" $ ubuntu-distro-info -f -s Ubuntu 21.10 "Impish Indri" [ Tests ] It's just a data package. There are automated tests for correctness. The data was copied from the version uploaded to unstable. Manually tested, and looks sane. [ Risks ] Negligible, it's two new entries in the Ubuntu releases table. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] - Add Ubuntu 22.04 LTS, Jammy Jellyfish. - Add Ubuntu 22.10, Kinetic Kudu. [ Other info ] Last update's bug: #987372 diff -Nru distro-info-data-0.41+deb10u4/debian/changelog distro-info-data-0.41+deb10u5/debian/changelog --- distro-info-data-0.41+deb10u4/debian/changelog 2021-09-17 18:30:21.0 -0400 +++ distro-info-data-0.41+deb10u5/debian/changelog 2022-04-25 20:18:22.0 -0400 @@ -1,3 +1,11 @@ +distro-info-data (0.41+deb10u5) buster; urgency=medium + + * Update data to 0.53, without new columns: +- Add Ubuntu 22.04 LTS, Jammy Jellyfish. +- Add Ubuntu 22.10, Kinetic Kudu. + + -- Stefano Rivera Mon, 25 Apr 2022 20:18:22 -0400 + distro-info-data (0.41+deb10u4) buster; urgency=medium * Update data to 0.51, without new columns: diff -Nru distro-info-data-0.41+deb10u4/ubuntu.csv distro-info-data-0.41+deb10u5/ubuntu.csv --- distro-info-data-0.41+deb10u4/ubuntu.csv2021-09-17 18:30:21.0 -0400 +++ distro-info-data-0.41+deb10u5/ubuntu.csv2022-04-25 20:18:22.0 -0400 @@ -34,3 +34,5 @@ 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-20 21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 +22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-04-21 +22.10,Kinetic Kudu,kinetic,2022-04-21,2022-10-20,2023-07-20
Bug#1006883: bullseye-pu: package python2-pip/20.3.4-4+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: python-...@packages.debian.org [ Reason ] There is a race-condition in pip querying metadata from PyPI in parallel, e.g. for "pip list --outdated". I suspect upstream never saw it because we were using zipimports for pip's dependencies, where they vendor them. The race-condition seems to be specific to their home-grown parallel map() implementation, that has later been replaced by Python's native map(). [ Impact ] pip list --outdated can fail with a very obscure traceback. See #1006150. [ Tests ] Manually reproduced the race, fairly frequently. With this patch I haven't seen the race again. [ Risks ] Trivial change, following something upstream did in a later version, when dropping support for older Python releases. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Use Python's native map() instead of pip's home-grown map_multithread(). [ Other info ] N/A diff -Nru python-pip-20.3.4/debian/changelog python-pip-20.3.4/debian/changelog --- python-pip-20.3.4/debian/changelog 2021-07-01 16:44:29.0 -0400 +++ python-pip-20.3.4/debian/changelog 2022-03-07 11:19:24.0 -0400 @@ -1,3 +1,10 @@ +python-pip (20.3.4-4+deb11u1) bullseye; urgency=medium + + * Use native map() to avoid a zipimport race in pip list --outdated. +(Closes: #1006150) + + -- Stefano Rivera Mon, 07 Mar 2022 11:19:24 -0400 + python-pip (20.3.4-4) unstable; urgency=medium * No-change upload against distlib 0.3.2+really+0.3.1-0.1. diff -Nru python-pip-20.3.4/debian/patches/native-map.patch python-pip-20.3.4/debian/patches/native-map.patch --- python-pip-20.3.4/debian/patches/native-map.patch 1969-12-31 20:00:00.0 -0400 +++ python-pip-20.3.4/debian/patches/native-map.patch 2022-03-07 11:19:24.0 -0400 @@ -0,0 +1,33 @@ +From: Stefano Rivera +Date: Mon, 7 Mar 2022 11:17:31 -0400 +Subject: Use native map() instead of map_multithread() + +Avoids a race-condition when using zip-imported dependencies. + +Origin: upstream, https://github.com/pypa/pip/commit/0252c04a16cd93fe422cebf0b48453b559a2e404 +Bug-Debian: https://bugs.debian.org/1006150 +--- + src/pip/_internal/commands/list.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/pip/_internal/commands/list.py b/src/pip/_internal/commands/list.py +index 10720b2..8e63eea 100644 +--- a/src/pip/_internal/commands/list.py b/src/pip/_internal/commands/list.py +@@ -20,7 +20,6 @@ from pip._internal.utils.misc import ( + write_output, + ) + from pip._internal.utils.packaging import get_installer +-from pip._internal.utils.parallel import map_multithread + from pip._internal.utils.typing import MYPY_CHECK_RUNNING + + if MYPY_CHECK_RUNNING: +@@ -234,7 +233,7 @@ class ListCommand(IndexGroupCommand): + dist.latest_filetype = typ + return dist + +-for dist in map_multithread(latest_info, packages): ++for dist in map(latest_info, packages): + if dist is not None: + yield dist + diff -Nru python-pip-20.3.4/debian/patches/series python-pip-20.3.4/debian/patches/series --- python-pip-20.3.4/debian/patches/series 2021-07-01 16:44:29.0 -0400 +++ python-pip-20.3.4/debian/patches/series 2022-03-07 11:19:24.0 -0400 @@ -10,3 +10,4 @@ debug-command-for-unbundled.patch str-version.patch git-split-ascii.patch +native-map.patch
Bug#1002620: bullseye-pu: package pypy3/7.3.5+dfsg-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] An extraneous #endif in import.h makes using it impossible. This was fixed upstream, in unstable & testing. [ Impact ] C extension modules that include import.h can't be built. [ Tests ] Autopkgtests pass, but they do not exercise import.h. Manually confirmed the issue in the existing binary package, and verified that the new version resolves the issue. [ Risks ] Trivial change in a rarely-touched file, upstream. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Remove the extra #endif. diff -Nru pypy3-7.3.5+dfsg/debian/changelog pypy3-7.3.5+dfsg/debian/changelog --- pypy3-7.3.5+dfsg/debian/changelog 2021-06-03 15:59:21.0 -0400 +++ pypy3-7.3.5+dfsg/debian/changelog 2021-12-25 11:54:46.0 -0400 @@ -1,3 +1,9 @@ +pypy3 (7.3.5+dfsg-2+deb11u1) bullseye; urgency=medium + + * Patch: Remove extraneous #endif from import.h (Closes: #1001519) + + -- Stefano Rivera Sat, 25 Dec 2021 11:54:46 -0400 + pypy3 (7.3.5+dfsg-2) unstable; urgency=medium * Upload to unstable. diff -Nru pypy3-7.3.5+dfsg/debian/patches/import-h-endif pypy3-7.3.5+dfsg/debian/patches/import-h-endif --- pypy3-7.3.5+dfsg/debian/patches/import-h-endif 1969-12-31 20:00:00.0 -0400 +++ pypy3-7.3.5+dfsg/debian/patches/import-h-endif 2021-12-25 11:54:46.0 -0400 @@ -0,0 +1,23 @@ +From: Matti Picus +Date: Sat, 25 Dec 2021 11:50:49 -0400 +Subject: cpyext: typo in import.h + +Bug-Debian: https://bugs.debian.org/1001519 +Origin: upstream, https://foss.heptapod.net/pypy/pypy/-/commit/f8d0f6ad0832af43ef0cd0feabad9f0f408b0110 +--- + pypy/module/cpyext/include/import.h | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/pypy/module/cpyext/include/import.h b/pypy/module/cpyext/include/import.h +index f03457b..7460c0a 100644 +--- a/pypy/module/cpyext/include/import.h b/pypy/module/cpyext/include/import.h +@@ -18,8 +18,6 @@ PyAPI_FUNC(PyObject *) PyImport_ImportModuleLevel( + #define PyImport_ImportModuleEx(n, g, l, f) \ + PyImport_ImportModuleLevel(n, g, l, f, 0) + +-#endif +- + #ifdef __cplusplus + } + #endif diff -Nru pypy3-7.3.5+dfsg/debian/patches/series pypy3-7.3.5+dfsg/debian/patches/series --- pypy3-7.3.5+dfsg/debian/patches/series 2021-06-03 15:59:21.0 -0400 +++ pypy3-7.3.5+dfsg/debian/patches/series 2021-12-25 11:54:46.0 -0400 @@ -21,3 +21,4 @@ tkinter-import noise python3-sphinx +import-h-endif
Bug#1001389: bullseye-pu: package distro-info-data/0.51+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu As usual, a distro-info-data update. [ Reason ] This one only has Ubuntu changes, but still worth keeping up-to-date in stable. * Update data to 0.52: - Extend Ubuntu 14.04 and 16.04 ESM out to 10 years in total. - Add Ubuntu 22.04 LTS, Jammy Jellyfish. [ Impact ] Debian stable doesn't know the current development Ubuntu release, or ESM dates. [ Tests ] Autopkgtest passed. Manually tested: $ ubuntu-distro-info -d [ Risks ] Data-only package, this will bring it up to parity with unstable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Data updates. [ Other info ] Uploaded to the queue. diff -Nru distro-info-data-0.51/debian/changelog distro-info-data-0.51+deb11u1/debian/changelog --- distro-info-data-0.51/debian/changelog 2021-07-23 20:41:20.0 -0400 +++ distro-info-data-0.51+deb11u1/debian/changelog 2021-12-09 09:40:48.0 -0400 @@ -1,3 +1,11 @@ +distro-info-data (0.51+deb11u1) bullseye; urgency=medium + + * Update data to 0.52: +- Extend Ubuntu 14.04 and 16.04 ESM out to 10 years in total. +- Add Ubuntu 22.04 LTS, Jammy Jellyfish. + + -- Stefano Rivera Thu, 09 Dec 2021 09:40:48 -0400 + distro-info-data (0.51) unstable; urgency=medium * Update bullseye's release date, bookworm's creation date, and buster's EoL diff -Nru distro-info-data-0.51/ubuntu.csv distro-info-data-0.51+deb11u1/ubuntu.csv --- distro-info-data-0.51/ubuntu.csv2021-07-23 20:41:20.0 -0400 +++ distro-info-data-0.51+deb11u1/ubuntu.csv2021-12-09 09:40:48.0 -0400 @@ -18,11 +18,11 @@ 12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-05-16 13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-27 13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17 -14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-25,2019-04-25,2022-04-25 +14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-25,2019-04-25,2024-04-25 14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23 15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-02-04 15.10,Wily Werewolf,wily,2015-04-23,2015-10-22,2016-07-28 -16.04 LTS,Xenial Xerus,xenial,2015-10-22,2016-04-21,2021-04-21,2021-04-21,2024-04-23 +16.04 LTS,Xenial Xerus,xenial,2015-10-22,2016-04-21,2021-04-21,2021-04-21,2026-04-23 16.10,Yakkety Yak,yakkety,2016-04-21,2016-10-13,2017-07-20 17.04,Zesty Zapus,zesty,2016-10-13,2017-04-13,2018-01-13 17.10,Artful Aardvark,artful,2017-04-13,2017-10-19,2018-07-19 @@ -34,3 +34,4 @@ 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-20 21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 +22.04 LTS,Jammy Jellyfish,jammy,2021-10-14,2022-04-21,2027-04-21,2027-04-21,2032-04-21
Bug#1001388: bullseye-pu: package python-virtualenv/20.4.0+ds-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu An easy bug fix in python-virtualenv on bullseye, for a bug in one of our patches. Already fixed in unstable, without any reported regressions. [ Reason ] This fails on bullseye, at the moment: $ virtualenv -p python3 --no-setuptools testve The patch fixes it. [ Impact ] While --no-setuptools is probably an unusual flag, a user filed the bug, so it's hitting people in the real world. [ Tests ] Autopkgtests pass. I manually tested the affected code. [ Risks ] Very minimal change. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Avoid a KeyError in python by not looking up the key unless we've verified it's in the dict. [ Other info ] Uploaded to the queue. diff -Nru python-virtualenv-20.4.0+ds/debian/changelog python-virtualenv-20.4.0+ds/debian/changelog --- python-virtualenv-20.4.0+ds/debian/changelog2021-06-20 17:31:30.0 -0400 +++ python-virtualenv-20.4.0+ds/debian/changelog2021-12-09 09:34:08.0 -0400 @@ -1,3 +1,10 @@ +python-virtualenv (20.4.0+ds-2+deb11u1) bullseye; urgency=medium + + * include-pkg_resources.patch: Avoid KeyError when building a virtualenv +with --no-setuptools, thanks Mathieu Parent. (Closes: #994953) + + -- Stefano Rivera Thu, 09 Dec 2021 09:34:08 -0400 + python-virtualenv (20.4.0+ds-2) unstable; urgency=medium * Patch: Fix --upgrade-embed-wheels. diff -Nru python-virtualenv-20.4.0+ds/debian/patches/include-pkg_resources.patch python-virtualenv-20.4.0+ds/debian/patches/include-pkg_resources.patch --- python-virtualenv-20.4.0+ds/debian/patches/include-pkg_resources.patch 2021-06-20 17:31:30.0 -0400 +++ python-virtualenv-20.4.0+ds/debian/patches/include-pkg_resources.patch 2021-12-09 09:34:08.0 -0400 @@ -6,9 +6,9 @@ Forwarded: not-needed Last-Update: 2021-07-20 --- - src/virtualenv/seed/embed/pip_invoke.py| 9 - - src/virtualenv/seed/embed/via_app_data/via_app_data.py | 9 - - 2 files changed, 16 insertions(+), 2 deletions(-) + src/virtualenv/seed/embed/pip_invoke.py| 9 - + src/virtualenv/seed/embed/via_app_data/via_app_data.py | 10 +- + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/virtualenv/seed/embed/pip_invoke.py b/src/virtualenv/seed/embed/pip_invoke.py index c935c02..275330b 100644 @@ -45,7 +45,7 @@ cmd.extend(["--find-links", str(folder)]) yield cmd diff --git a/src/virtualenv/seed/embed/via_app_data/via_app_data.py b/src/virtualenv/seed/embed/via_app_data/via_app_data.py -index 9a98a70..4d82594 100644 +index 9a98a70..9c879cc 100644 --- a/src/virtualenv/seed/embed/via_app_data/via_app_data.py +++ b/src/virtualenv/seed/embed/via_app_data/via_app_data.py @@ -10,7 +10,8 @@ from threading import Lock, Thread @@ -58,14 +58,15 @@ from virtualenv.util.path import Path from .pip_install.copy import CopyPipInstall -@@ -123,6 +124,12 @@ class FromAppData(BaseEmbed): +@@ -123,6 +124,13 @@ class FromAppData(BaseEmbed): thread.start() for thread in threads: thread.join() + +# Debian specific: Since Debian splits out pkg_resources from +# setuptools, for a local virtualenv, we need to add it to the base. -+if name_to_whl['setuptools'].path.is_relative_to(BUNDLE_FOLDER): ++if ('setuptools' in name_to_whl and ++name_to_whl['setuptools'].path.is_relative_to(BUNDLE_FOLDER)): +_get('pkg_resources', Version.bundle) + if fail:
Bug#996929: buster-pu: package python-virtualenv/15.1.0+ds-2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] python-virtualenv recently had a regression in buster caused by a server-side change on pypi.org (#994952). It started to 404 (breaking virtualenv) where it had previously returned an empty directory listing for the pkg_resources package. pip, setuptools, and pkg_resources are bootstrapped into virtualenvs. pkg_resources is part of the setuptools PyPI package, upstream. But in Debian its packaged as its own binary package, so we have some patches in Debian to explicitly install pkg_resources. The old behaviour is currently back on pypi.org, see https://github.com/pypa/warehouse/issues/10081 But the fix to avoid virtualenv from depending on this empty directory listing is very simple, so we should probably apply it. [ Impact ] Reliance on pypi.org serving a workaround for our virtualenv version. Without that workaround, virtualenv fails (unless explicitly run with --no-download) [ Tests ] Manually tested behaviour with and without --no-download. [ Risks ] Trivial patch. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] When bootstrapping setuptools and pip into the virtualenv *from PyPI*, don't ask pip to install pkg_resources. [ Other info ] (Anything else the release team should know.) diff -Nru python-virtualenv-15.1.0+ds/debian/changelog python-virtualenv-15.1.0+ds/debian/changelog --- python-virtualenv-15.1.0+ds/debian/changelog2018-12-13 11:19:35.0 -0800 +++ python-virtualenv-15.1.0+ds/debian/changelog2021-10-20 15:48:33.0 -0700 @@ -1,3 +1,9 @@ +python-virtualenv (15.1.0+ds-2+deb10u1) buster; urgency=medium + + * Avoid attempting to install pkg_resources from PyPI. (Closes: #994952) + + -- Stefano Rivera Wed, 20 Oct 2021 15:48:33 -0700 + python-virtualenv (15.1.0+ds-2) unstable; urgency=medium [ Vincent Bernat ] diff -Nru python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch --- python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch 2018-12-13 11:19:35.0 -0800 +++ python-virtualenv-15.1.0+ds/debian/patches/use-wheels.patch 2021-10-20 15:48:33.0 -0700 @@ -22,8 +22,8 @@ scripts/virtualenv | 9 +++ setup.py| 4 ++-- virtualenv.egg-info/SOURCES.txt | 4 ++-- - virtualenv.py | 52 ++--- - 4 files changed, 62 insertions(+), 7 deletions(-) + virtualenv.py | 53 ++--- + 4 files changed, 63 insertions(+), 7 deletions(-) diff --git a/scripts/virtualenv b/scripts/virtualenv index 418bd79..7dd0203 100644 @@ -126,7 +126,7 @@ if cert_data is not None: cert_file = tempfile.NamedTemporaryFile(delete=False) cert_file.write(cert_data) -@@ -928,8 +948,34 @@ def create_environment(home_dir, site_packages=False, clear=False, +@@ -928,8 +948,35 @@ def create_environment(home_dir, site_packages=False, clear=False, to_install = [] @@ -157,7 +157,8 @@ + if not no_setuptools: to_install.append('setuptools') -+to_install.append('pkg_resources') ++if not download: ++to_install.append('pkg_resources') if not no_pip: to_install.append('pip')
Bug#987372: buster-pu: package distro-info-data/0.41+deb10u3 OR (distro-info/1.0~deb10u1 AND distro-info-data/0.47~deb10u1)
Hi SRMs (2021.04.22_09:57:49_-0700) Given the lack of reply here, let's stick with the minimal option. There have been more changes since the last patch, so here's an updated debdiff. Uploaded to buster-proposed-updates. > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in stable > [x] the issue is verified as fixed in unstable Still true. Changes: distro-info-data (0.41+deb10u4) buster; urgency=medium * Update data to 0.51, without new columns: - Add estimated date for Buster EOL. - Correct the EOL date for Debian Jessie. - Add Debian 13 "Trixie", with a rough date. - Add Ubuntu 21.10, Impish Indri. - Move Ubuntu EoLs off weekends. - Validate that Ubuntu EoLs occur during the week. - Set bullseye's release date, bookworm's creation date, and buster's EoL date based on the updated planned bullseye release date. -- Stefano Rivera Fri, 17 Sep 2021 15:30:21 -0700 SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 diff -Nru distro-info-data-0.41+deb10u3/debian/changelog distro-info-data-0.41+deb10u4/debian/changelog --- distro-info-data-0.41+deb10u3/debian/changelog 2020-11-02 12:44:14.0 -0800 +++ distro-info-data-0.41+deb10u4/debian/changelog 2021-09-17 15:30:21.0 -0700 @@ -1,3 +1,17 @@ +distro-info-data (0.41+deb10u4) buster; urgency=medium + + * Update data to 0.51, without new columns: +- Add estimated date for Buster EOL. +- Correct the EOL date for Debian Jessie. +- Add Debian 13 "Trixie", with a rough date. +- Add Ubuntu 21.10, Impish Indri. +- Move Ubuntu EoLs off weekends. +- Validate that Ubuntu EoLs occur during the week. +- Set bullseye's release date, bookworm's creation date, and buster's EoL + date based on the updated planned bullseye release date. + + -- Stefano Rivera Fri, 17 Sep 2021 15:30:21 -0700 + distro-info-data (0.41+deb10u3) buster; urgency=medium * Update data to 0.45: diff -Nru distro-info-data-0.41+deb10u3/debian.csv distro-info-data-0.41+deb10u4/debian.csv --- distro-info-data-0.41+deb10u3/debian.csv2020-11-02 12:44:14.0 -0800 +++ distro-info-data-0.41+deb10u4/debian.csv2021-09-17 15:30:21.0 -0700 @@ -11,10 +11,11 @@ 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31 7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26 -8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-06 +8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-17 9,Stretch,stretch,2015-04-25,2017-06-17,2020-07-06 -10,Buster,buster,2017-06-17,2019-07-06 -11,Bullseye,bullseye,2019-07-06 -12,Bookworm,bookworm,2021-08-01 +10,Buster,buster,2017-06-17,2019-07-06,2022-08-14 +11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 +12,Bookworm,bookworm,2021-08-14 +13,Trixie,trixie,2023-08-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff -Nru distro-info-data-0.41+deb10u3/ubuntu.csv distro-info-data-0.41+deb10u4/ubuntu.csv --- distro-info-data-0.41+deb10u3/ubuntu.csv2020-11-02 12:44:14.0 -0800 +++ distro-info-data-0.41+deb10u4/ubuntu.csv2021-09-17 15:30:21.0 -0700 @@ -32,4 +32,5 @@ 19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17 20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-04-23 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 -21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-22 +21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-20 +21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14 diff -Nru distro-info-data-0.41+deb10u3/validate-csv-data distro-info-data-0.41+deb10u4/validate-csv-data --- distro-info-data-0.41+deb10u3/validate-csv-data 2020-11-02 12:44:14.0 -0800 +++ distro-info-data-0.41+deb10u4/validate-csv-data 2021-09-17 15:30:21.0 -0700 @@ -21,6 +21,7 @@ import optparse import os import sys +from datetime import date _COLUMNS = { "debian": ("version", "codename", "series", "created", "release", "eol"), @@ -121,6 +122,17 @@ "to the given date in column `%s'") error(filename, csvreader.line_num, msg, date1, date2) failures += 1 +# Check that Ubuntu EOL lands on a weekday +if distro == 'ubuntu': +for column, eol_date in row.items(): +if not column.startswith('eol'): +continue +if not eol_date: +continue +if eol_date.weekday() > 5 and eol_date >= date(2021, 1, 1): +msg = '%s for %s lands on a weekend (%s)' +error(filename, csvreader.line_num, msg, column, + row['codename'], date) return failures == 0
Bug#991560: unblock: six/1.16.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: cjwat...@debian.org Please unblock package six six (1.16.0-2) unstable; urgency=medium * Team upload. [ Andreas Beckmann ] * python-six/python3-six: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to ensure removal of the unversioned python packages (and some persisting obsolete Python 2 module packages) on upgrades from buster. In some upgrade scenarios (mostly involving openstack packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores than python2.7. python-six/python3-six are usually very high scoring Python module packages in these cases, making them ideal candidates for such copies of the Breaks. (Closes: #991433) [ Reason ] Smoother python 2 -> 3 upgrades. [ Impact ] Users upgrading from buster could be left using a removed python 2 stack, rather than being upgraded to python 3. [ Tests ] Verified that they upgrade from buster without issue. [ Risks ] Adds breaks only. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock six/1.16.0-2 diff -Nru six-1.16.0/debian/changelog six-1.16.0/debian/changelog --- six-1.16.0/debian/changelog 2021-05-09 06:40:54.0 -0400 +++ six-1.16.0/debian/changelog 2021-07-27 11:44:18.0 -0400 @@ -1,3 +1,21 @@ +six (1.16.0-2) unstable; urgency=medium + + * Team upload. + + [ Andreas Beckmann ] + * python-six/python3-six: Copy Breaks: python (<< 2.7.18), +python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), +python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to +ensure removal of the unversioned python packages (and some persisting +obsolete Python 2 module packages) on upgrades from buster. In some +upgrade scenarios (mostly involving openstack packages) these Breaks in +python2.7 were ineffective because the unversioned python packages got +higher scores than python2.7. python-six/python3-six are usually very +high scoring Python module packages in these cases, making them ideal +candidates for such copies of the Breaks. (Closes: #991433) + + -- Stefano Rivera Tue, 27 Jul 2021 11:44:18 -0400 + six (1.16.0-1) unstable; urgency=medium * New upstream release. diff -Nru six-1.16.0/debian/control six-1.16.0/debian/control --- six-1.16.0/debian/control 2021-05-09 06:40:54.0 -0400 +++ six-1.16.0/debian/control 2021-07-27 11:44:18.0 -0400 @@ -26,6 +26,11 @@ Multi-Arch: foreign Depends: ${misc:Depends}, ${python:Depends}, +Breaks: python (<< 2.7.18), +python-minimal (<< 2.7.18), +libpython-stdlib (<< 2.7.18), +python-iso8601 (<< 0.1.12-2~), +python-pbr (<< 5.4.5), Description: Python 2 and 3 compatibility library (Python 2 interface) Six is a Python 2 and 3 compatibility library. It provides utility functions for smoothing over the differences between the Python versions @@ -40,6 +45,9 @@ Multi-Arch: foreign Depends: ${misc:Depends}, ${python3:Depends}, +Breaks: python (<< 2.7.18), +python-minimal (<< 2.7.18), +libpython-stdlib (<< 2.7.18), Description: Python 2 and 3 compatibility library (Python 3 interface) Six is a Python 2 and 3 compatibility library. It provides utility functions for smoothing over the differences between the Python versions diff -Nru six-1.16.0/debian/.gitignore six-1.16.0/debian/.gitignore --- six-1.16.0/debian/.gitignore2021-05-09 06:40:54.0 -0400 +++ six-1.16.0/debian/.gitignore1969-12-31 20:00:00.0 -0400 @@ -1 +0,0 @@ -/files
Bug#991454: unblock: distro-info-data/0.51
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data distro-info-data (0.51) unstable; urgency=medium * Update bullseye's release date, bookworm's creation date, and buster's EoL date based on the updated planned bullseye release date. [ Reason ] The bullseye tentative release date got finalized, to 2 weeks later. [ Impact ] Incorrect data from distro-info. [ Tests ] Manually tested around the release date, things seem correct. Automated tests verify that the format is sane. [ Risks ] Data-only package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock distro-info-data/0.51 diff -Nru distro-info-data-0.50/debian/changelog distro-info-data-0.51/debian/changelog --- distro-info-data-0.50/debian/changelog 2021-06-17 11:01:52.0 -0400 +++ distro-info-data-0.51/debian/changelog 2021-07-23 20:41:20.0 -0400 @@ -1,3 +1,10 @@ +distro-info-data (0.51) unstable; urgency=medium + + * Update bullseye's release date, bookworm's creation date, and buster's EoL +date based on the updated planned bullseye release date. + + -- Stefano Rivera Fri, 23 Jul 2021 20:41:20 -0400 + distro-info-data (0.50) unstable; urgency=medium * Update buster's EOL day to bullseye's (tentative) release date +1y. diff -Nru distro-info-data-0.50/debian.csv distro-info-data-0.51/debian.csv --- distro-info-data-0.50/debian.csv2021-06-17 11:01:52.0 -0400 +++ distro-info-data-0.51/debian.csv2021-07-23 20:41:20.0 -0400 @@ -13,9 +13,9 @@ 7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26,2018-05-31,2020-06-30 8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-17,2020-06-30,2022-06-30 9,Stretch,stretch,2015-04-25,2017-06-17,2020-07-06,2022-06-30,2024-06-30 -10,Buster,buster,2017-06-17,2019-07-06,2022-07-31,2024-06-30,2026-06-30 -11,Bullseye,bullseye,2019-07-06,2021-07-31,2024-07-31 -12,Bookworm,bookworm,2021-07-31 +10,Buster,buster,2017-06-17,2019-07-06,2022-08-14,2024-06-30,2026-06-30 +11,Bullseye,bullseye,2019-07-06,2021-08-14,2024-08-14 +12,Bookworm,bookworm,2021-08-14 13,Trixie,trixie,2023-08-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16
Bug#990812: unblock: python-authlib/0.15.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-authlib [ Reason ] Upstream made a security point release. No CVE. [ Impact ] Security vulnerability. [ Tests ] Added a unit test to cover the issue. Package builds and tests pass. [ Risks ] Tiny diff, looks good. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-authlib/0.15.4-1 diff -Nru python-authlib-0.15.3/authlib/consts.py python-authlib-0.15.4/authlib/consts.py --- python-authlib-0.15.3/authlib/consts.py 2021-01-15 09:51:55.0 -0400 +++ python-authlib-0.15.4/authlib/consts.py 2021-06-05 03:07:38.0 -0400 @@ -1,5 +1,5 @@ name = 'Authlib' -version = '0.15.3' +version = '0.15.4' author = 'Hsiaoming Yang ' homepage = 'https://authlib.org/' default_user_agent = '{}/{} (+{})'.format(name, version, homepage) diff -Nru python-authlib-0.15.3/authlib/jose/rfc7519/claims.py python-authlib-0.15.4/authlib/jose/rfc7519/claims.py --- python-authlib-0.15.3/authlib/jose/rfc7519/claims.py2021-01-15 09:51:55.0 -0400 +++ python-authlib-0.15.4/authlib/jose/rfc7519/claims.py2021-06-05 03:07:38.0 -0400 @@ -58,10 +58,10 @@ def _validate_claim_value(self, claim_name): option = self.options.get(claim_name) -value = self.get(claim_name) -if not option or not value: +if not option: return +value = self.get(claim_name) option_value = option.get('value') if option_value and value != option_value: raise InvalidClaimError(claim_name) diff -Nru python-authlib-0.15.3/debian/changelog python-authlib-0.15.4/debian/changelog --- python-authlib-0.15.3/debian/changelog 2021-01-20 14:21:23.0 -0400 +++ python-authlib-0.15.4/debian/changelog 2021-07-07 19:32:08.0 -0400 @@ -1,3 +1,9 @@ +python-authlib (0.15.4-1) unstable; urgency=medium + + * New upstream point release, fixing a security issue. + + -- Stefano Rivera Wed, 07 Jul 2021 19:32:08 -0400 + python-authlib (0.15.3-1) unstable; urgency=medium [ Stefano Rivera ] diff -Nru python-authlib-0.15.3/tests/core/test_jose/test_jwt.py python-authlib-0.15.4/tests/core/test_jose/test_jwt.py --- python-authlib-0.15.3/tests/core/test_jose/test_jwt.py 2021-01-15 09:51:55.0 -0400 +++ python-authlib-0.15.4/tests/core/test_jose/test_jwt.py 2021-06-05 03:07:38.0 -0400 @@ -73,6 +73,20 @@ claims.validate, ) +def test_validate_expected_issuer_received_None(self): +id_token = jwt.encode({'alg': 'HS256'}, {'iss': None, 'sub': None}, 'k') +claims_options = { +'iss': { +'essential': True, +'values': ['foo'] +} +} +claims = jwt.decode(id_token, 'k', claims_options=claims_options) +self.assertRaises( +errors.InvalidClaimError, +claims.validate +) + def test_validate_aud(self): id_token = jwt.encode({'alg': 'HS256'}, {'aud': 'foo'}, 'k') claims_options = {
Bug#990416: unblock: python-pip/20.3.4-3
Control: retitle -1 unblock: python-pip/20.3.4-4 Changes: python-pip (20.3.4-4) unstable; urgency=medium . * No-change upload against distlib 0.3.2+really+0.3.1-0.1. See #990549. unblock python-pip/20.3.4-4 SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#990416: unblock: python-pip/20.3.4-3
Hrm, the original email got truncated at a "." line. Sounds like some broken SMTP thing somewhere... Please unblock package python-pip python-pip (20.3.4-3) unstable; urgency=medium * Modify hands-off-system-packages.patch to act correctly under PyPy3, which shares dist-packages with cPython, but has a different sys.prefix. [ Reason ] PyPy and cPython on Debian share a common dist-packages directory (/usr/lib/python3/dist-packages). However, not everything in there is importable in PyPy. Generally C extensions are only built against cPython. So, users wanting to use numpy, for example, would pip install it. However, unless one is very careful, pip will uninstall the numpy from dist-packages, which should be managed by apt, not pip. Pip has a patch to avoid this, but it wasn't working correctly under PyPy, because it assumed sys.prefix == /usr. This upload hard-codes prefix in the patch, making pip refuse to remove files from dist-packages, when run under cPython or PyPy. Bug describing this: https://salsa.debian.org/debian/pypy/-/issues/2 [ Impact ] Users can fairly easily break their python3-* packages, by using pip as root, to install modules for pypy3. [ Tests ] Manually tested installing & upgrading modules with pip under cpython and pypy3. [ Risks ] Change is a noop on cpython, and fixes a bug on PyPy. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-pip/20.3.4-3 diff -Nru python-pip-20.3.4/debian/changelog python-pip-20.3.4/debian/changelog --- python-pip-20.3.4/debian/changelog 2021-05-12 08:39:26.0 -0400 +++ python-pip-20.3.4/debian/changelog 2021-06-28 12:20:17.0 -0400 @@ -1,3 +1,10 @@ +python-pip (20.3.4-3) unstable; urgency=medium + + * Modify hands-off-system-packages.patch to act correctly under PyPy3, which +shares dist-packages with cPython, but has a different sys.prefix. + + -- Stefano Rivera Mon, 28 Jun 2021 12:20:17 -0400 + python-pip (20.3.4-2) unstable; urgency=medium * Add myself to uploaders. diff -Nru python-pip-20.3.4/debian/patches/debian-python2.7-sysconfig-workaround.patch python-pip-20.3.4/debian/patches/debian-python2.7-sysconfig-workaround.patch --- python-pip-20.3.4/debian/patches/debian-python2.7-sysconfig-workaround.patch 2021-05-12 08:39:26.0 -0400 +++ python-pip-20.3.4/debian/patches/debian-python2.7-sysconfig-workaround.patch 2021-06-28 12:20:17.0 -0400 @@ -37,10 +37,10 @@ # Use getusersitepackages if this is present, as it ensures that the # value is initialised properly. diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py -index 706937d..ebe5f29 100644 +index 459312f..b8795cc 100644 --- a/src/pip/_internal/utils/misc.py +++ b/src/pip/_internal/utils/misc.py -@@ -429,11 +429,7 @@ def dist_is_editable(dist): +@@ -430,11 +430,7 @@ def dist_is_editable(dist): """ Return True if given Distribution is an editable install. """ diff -Nru python-pip-20.3.4/debian/patches/hands-off-system-packages.patch python-pip-20.3.4/debian/patches/hands-off-system-packages.patch --- python-pip-20.3.4/debian/patches/hands-off-system-packages.patch 2021-05-12 08:39:26.0 -0400 +++ python-pip-20.3.4/debian/patches/hands-off-system-packages.patch 2021-06-28 12:20:17.0 -0400 @@ -15,14 +15,14 @@ Patch-Name: hands-off-system-packages.patch --- - src/pip/_internal/utils/misc.py | 36 +++- - 1 file changed, 27 insertions(+), 9 deletions(-) + src/pip/_internal/utils/misc.py | 37 - + 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py -index 4fb64d2..706937d 100644 +index 4fb64d2..459312f 100644 --- a/src/pip/_internal/utils/misc.py +++ b/src/pip/_internal/utils/misc.py -@@ -365,25 +365,43 @@ def renames(old, new): +@@ -365,25 +365,44 @@ def renames(old, new): def is_local(path): # type: (str) -> bool """ @@ -48,7 +48,8 @@ -return path.startswith(normalize_path(sys.prefix)) + +path = normalize_path(path) -+prefix = normalize_path(sys.prefix) ++# Hard-coded becouse PyPy uses a different sys.prefix on Debian ++prefix = '/usr' + +if running_under_virtualenv(): +return path.startswith(normalize_path(sys.prefix))
Bug#990549: unblock: distlib/0.3.2+really+0.3.1-0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: d...@debian.org Control: block 990416 with -1 Please unblock package distlib. [ Reason ] To migrate python-pip (#990416) which bundles distlib, I need distlib to migrate. A new upstream point-release had been uploaded to unstable, so I've reverted it (with Matthias' consent): distlib (0.3.2+really+0.3.1-0.1) unstable; urgency=medium * Non-maintainer upload. * Revert to 0.3.1 for Debian bullseye. -- Stefano Rivera Thu, 01 Jul 2021 13:40:03 -0400 distlib (0.3.2-1) unstable; urgency=medium * New upstream version. -- Matthias Klose Mon, 21 Jun 2021 10:28:59 +0200 [ Impact ] This is a noop change. [ Tests ] Package builds and autopkgtests pass. [ Risks ] This is a noop change. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock distlib/0.3.2+really+0.3.1-0.1 diff -Nru distlib-0.3.1/debian/changelog distlib-0.3.2+really+0.3.1/debian/changelog --- distlib-0.3.1/debian/changelog 2020-07-17 04:20:12.0 -0400 +++ distlib-0.3.2+really+0.3.1/debian/changelog 2021-07-01 13:40:03.0 -0400 @@ -1,3 +1,16 @@ +distlib (0.3.2+really+0.3.1-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * Revert to 0.3.1 for Debian bullseye. + + -- Stefano Rivera Thu, 01 Jul 2021 13:40:03 -0400 + +distlib (0.3.2-1) unstable; urgency=medium + + * New upstream version. + + -- Matthias Klose Mon, 21 Jun 2021 10:28:59 +0200 + distlib (0.3.1-1) unstable; urgency=medium * New upstream version.
Bug#989881: [pre-approval] unblock: python-urllib3/1.26.5-1
Control: block 990416 with -1 > I'm really sorry unfortunately I made a stupid error, I used `dch -r > experimental` but it's the wrong syntax and I even did not noticed the URL of > http://debomatic-amd64.debian.net/distribution#unstable/python-urllib3/1.26.5-1~exp1/buildlog > because I clicked on the label in the home page... so I unfortunately upload > urllib3 to unstable :( Yes with the ~exp1... I was going to ask you to ping me if this unblock was approved, so we could do a new python-pip upload, bundling this urllib3 in it. But now I don't need to :) I have an upload pending unblock that built against python-urllib3/1.26.5-1~exp1 in bug 990416. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#990297: unblock: pyyaml/5.3.1-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@debian.org Please unblock package pyyaml pyyaml (5.3.1-5) unstable; urgency=medium . * Team upload. . [ Andreas Beckmann ] * python3-yaml: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18) from python2.7 and add Breaks: python-yaml (<< 5.3.1-2) for smoother upgrades from buster. In some upgrade scenarios (mostly involving ros-* packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores. Copying the Breaks to python3-yaml which is the first python package scoring higher than the to-be-removed packages solves these issues. (Closes: #989930) [ Reason ] Improve upgrades from buster. [ Impact ] More manual package upgrades and cleanup required, without this patch. [ Tests ] From #989930: > I've run a lot of upgrade tests and the results look very promising that > we can improve the number of clean upgrade paths with this patch. From my PoV, the change seems safe enough. Built and test-installed. [ Risks ] Dependency-only change. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock pyyaml/5.3.1-5 diff -Nru pyyaml-5.3.1/debian/changelog pyyaml-5.3.1/debian/changelog --- pyyaml-5.3.1/debian/changelog 2021-05-21 11:11:00.0 -0400 +++ pyyaml-5.3.1/debian/changelog 2021-06-24 19:02:58.0 -0400 @@ -1,3 +1,19 @@ +pyyaml (5.3.1-5) unstable; urgency=medium + + * Team upload. + + [ Andreas Beckmann ] + * python3-yaml: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), +libpython-stdlib (<< 2.7.18) from python2.7 and add +Breaks: python-yaml (<< 5.3.1-2) for smoother upgrades from buster. +In some upgrade scenarios (mostly involving ros-* packages) these Breaks +in python2.7 were ineffective because the unversioned python packages got +higher scores. Copying the Breaks to python3-yaml which is the first +python package scoring higher than the to-be-removed packages solves these +issues. (Closes: #989930) + + -- Stefano Rivera Thu, 24 Jun 2021 19:02:58 -0400 + pyyaml (5.3.1-4) unstable; urgency=medium * Team upload. diff -Nru pyyaml-5.3.1/debian/control pyyaml-5.3.1/debian/control --- pyyaml-5.3.1/debian/control 2021-05-21 11:11:00.0 -0400 +++ pyyaml-5.3.1/debian/control 2021-06-24 19:02:58.0 -0400 @@ -15,6 +15,11 @@ Architecture: any Multi-Arch: allowed Depends: ${python3:Depends}, ${shlibs:Depends}, ${misc:Depends} +Breaks: + python (<< 2.7.18), + python-minimal (<< 2.7.18), + libpython-stdlib (<< 2.7.18), + python-yaml (<< 5.3.1-2), Description: YAML parser and emitter for Python3 Python3-yaml is a complete YAML 1.1 parser and emitter for Python3. It can parse all examples from the specification. The parsing algorithm is simple
Bug#990111: unblock: python-virtualenv/20.4.0+ds-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-virtualenv python-virtualenv (20.4.0+ds-2) unstable; urgency=medium . * Patch: Fix --upgrade-embed-wheels. * Replace the pkg_resources addition part of debian_update_for_available_wheels.patch with include-pkg_resources.patch which will only include pkg_resources when using Debian's bundled setuptools wheel. (Closes: #976796) [ Reason ] The --upgrade-embed-wheels option was not working at all, it would crash, if you attempted to use it. This was fixed upstream later in 20.4.x, so cherry-picked that trivial patch. Relatedly, we got to the bottom of #976796, which was caused by upgraded wheels, which would include pkg_resources in the setuptools wheel (Debian splits it into its own binary package). This could cause a race on unpacking, crashing. [ Impact ] If a user has an upgraded virtualenv wheel cache, then virtualenv becomes unreliable, due to a race (two threads unpacking the target files). [ Tests ] Manually tested 4 variants: --seeder pip before and after --upgrade-embed-wheels --seeder app-data and after --upgrade-embed-wheels Autopkgtests verify that the basic functionality is unaffected. [ Risks ] The changes are relatively straightforward, and should improve robustness. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-virtualenv/20.4.0+ds-2 diff -Nru python-virtualenv-20.4.0+ds/debian/changelog python-virtualenv-20.4.0+ds/debian/changelog --- python-virtualenv-20.4.0+ds/debian/changelog2021-01-22 23:40:18.0 -0400 +++ python-virtualenv-20.4.0+ds/debian/changelog2021-06-20 17:31:30.0 -0400 @@ -1,3 +1,13 @@ +python-virtualenv (20.4.0+ds-2) unstable; urgency=medium + + * Patch: Fix --upgrade-embed-wheels. + * Replace the pkg_resources addition part of +debian_update_for_available_wheels.patch with include-pkg_resources.patch +which will only include pkg_resources when using Debian's bundled +setuptools wheel. (Closes: #976796) + + -- Stefano Rivera Sun, 20 Jun 2021 17:31:30 -0400 + python-virtualenv (20.4.0+ds-1) unstable; urgency=medium * New upstream release. diff -Nru python-virtualenv-20.4.0+ds/debian/patches/debian_update_for_available_wheels.patch python-virtualenv-20.4.0+ds/debian/patches/debian_update_for_available_wheels.patch --- python-virtualenv-20.4.0+ds/debian/patches/debian_update_for_available_wheels.patch 2021-01-22 23:40:18.0 -0400 +++ python-virtualenv-20.4.0+ds/debian/patches/debian_update_for_available_wheels.patch 2021-06-20 17:31:30.0 -0400 @@ -1,42 +1,17 @@ -From: Debian Python Modules Team - -Date: Sat, 21 Mar 2020 03:16:18 -0400 +From: Scott Kitterman +Date: Sun, 20 Jun 2021 13:49:30 -0400 Subject: Update base embed to include pip provided wheels for --no-download Generate wheel lists and attributes for base install to match pip wheel versions and add pkg_resources to the base install for no download. -Author: Scott Kitterman Origin: vendor Forwarded: not-needed Last-Update: 2020-07-15 --- - src/virtualenv/seed/embed/base_embed.py | 7 ++- src/virtualenv/seed/wheels/embed/__init__.py | 15 +++ - 2 files changed, 21 insertions(+), 1 deletion(-) + 1 file changed, 15 insertions(+) -diff --git a/src/virtualenv/seed/embed/base_embed.py b/src/virtualenv/seed/embed/base_embed.py -index c794e83..bc9cec8 100644 a/src/virtualenv/seed/embed/base_embed.py -+++ b/src/virtualenv/seed/embed/base_embed.py -@@ -43,11 +43,16 @@ class BaseEmbed(Seeder): - } - - def distribution_to_versions(self): --return { -+dv = { - distribution: getattr(self, "{}_version".format(distribution)) - for distribution in self.distributions() - if getattr(self, "no_{}".format(distribution)) is False - } -+# Debian specific: Since Debian splits out pkg_resources from -+# setuptools, for a local virtualenv, we need to add it to the base. -+if not self.download: -+dv['pkg_resources'] = None -+return dv - - @classmethod - def add_parser_arguments(cls, parser, interpreter, app_data): diff --git a/src/virtualenv/seed/wheels/embed/__init__.py b/src/virtualenv/seed/wheels/embed/__init__.py index f63ec1d..4c1a4a7 100644 --- a/src/virtualenv/seed/wheels/embed/__init__.py diff -Nru python-virtualenv-20.4.0+ds/debian/patches/disable-periodic-update.patch python-virtualenv-20.4.0+ds/debian/patches/disable-periodic-update.patch --- python-virtualenv-20.4.0+ds/debian/patches/disable-periodic-update.patch 2021-01-22 23:40:18.0 -0400 +++ python-virtualenv-20.4.0+ds/debian/patches/disable-periodic-update.patch 2021-06-20 17:31:30.0 -0400 @
Bug#990036: unblock: xdot/1.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package xdot [ Reason ] Fixing a (non-filed) RC bug - missing dependency on numpy. https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1496 [ Impact ] The package may not be usable, if the user doesn't have numpy installed, already. [ Tests ] No automated tests. Manually tested that the package is still installable, and works. [ Risks ] Trivial change. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock xdot/1.2-2 diff -Nru xdot-1.2/debian/changelog xdot-1.2/debian/changelog --- xdot-1.2/debian/changelog 2020-11-23 16:08:19.0 -0400 +++ xdot-1.2/debian/changelog 2021-06-18 10:01:16.0 -0400 @@ -1,3 +1,9 @@ +xdot (1.2-2) unstable; urgency=medium + + * Add missing dependency on python3-numpy, introduced in 1.2. + + -- Stefano Rivera Fri, 18 Jun 2021 10:01:16 -0400 + xdot (1.2-1) unstable; urgency=low [ Stefano Rivera ] diff -Nru xdot-1.2/debian/control xdot-1.2/debian/control --- xdot-1.2/debian/control 2020-11-23 16:08:19.0 -0400 +++ xdot-1.2/debian/control 2021-06-18 10:01:16.0 -0400 @@ -22,6 +22,7 @@ graphviz, python3-gi, python3-gi-cairo, + python3-numpy, ${misc:Depends}, ${python3:Depends} Description: interactive viewer for Graphviz dot files
Bug#989864: unblock: distro-info-data/0.48
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: bdr...@debian.org Please unblock package distro-info-data distro-info-data (0.48) unstable; urgency=medium * Correct typo in changelog. * Set a release date for Debian bullseye (and bookworm creation), based on the release team's tentative estimate. [ Reason ] We've got a tentative release date, let's roll with it. If we slip, we can do a follow-up upload. [ Impact ] Bullseye will ship with distro-info that doesn't know the current development release. [ Tests ] Data package. With some sanity-check tests. [ Risks ] Just a data package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock distro-info-data/0.48 diff -Nru distro-info-data-0.47/debian/changelog distro-info-data-0.48/debian/changelog --- distro-info-data-0.47/debian/changelog 2021-04-22 10:30:18.0 -0400 +++ distro-info-data-0.48/debian/changelog 2021-06-14 17:47:09.0 -0400 @@ -1,6 +1,14 @@ +distro-info-data (0.48) unstable; urgency=medium + + * Correct typo in changelog. + * Set a release date for Debian bullseye (and bookworm creation), based on +the release team's tentative estimate. + + -- Stefano Rivera Mon, 14 Jun 2021 17:47:09 -0400 + distro-info-data (0.47) unstable; urgency=medium - * Add Ubuntu 21.04, Impish Indri. + * Add Ubuntu 21.10, Impish Indri. -- Stefano Rivera Thu, 22 Apr 2021 10:30:18 -0400 diff -Nru distro-info-data-0.47/debian.csv distro-info-data-0.48/debian.csv --- distro-info-data-0.47/debian.csv2021-04-22 10:30:18.0 -0400 +++ distro-info-data-0.48/debian.csv2021-06-14 17:47:09.0 -0400 @@ -14,8 +14,8 @@ 8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-17,2020-06-30,2022-06-30 9,Stretch,stretch,2015-04-25,2017-06-17,2020-07-06,2022-06-30 10,Buster,buster,2017-06-17,2019-07-06,2022-07-06,2024-06-30 -11,Bullseye,bullseye,2019-07-06 -12,Bookworm,bookworm,2021-08-01 +11,Bullseye,bullseye,2019-07-06,2021-07-31,2024-07-31 +12,Bookworm,bookworm,2021-07-31 13,Trixie,trixie,2023-08-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16
Bug#989216: unblock: python-ddt/1.4.1-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-CC: Thomas Goirand Please unblock package python-ddt Changes: python-ddt (1.4.1-2.1) unstable; urgency=medium . * Non-maintainer upload. * Patch: Support pyyaml's security patch in 5.3.1-4 (from 5.4 upstream). (Closes: #989009) [ Reason ] Updated python-ddt to build-against pyyaml's recent security update (#988926) [ Impact ] Fixes FTBFS with the new pyyaml. [ Tests ] The affected code is the test suite. [ Risks ] Change is from upstream, affecting only unit tests, so negligible. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-ddt/1.4.1-2.1 diff -Nru python-ddt-1.4.1/debian/changelog python-ddt-1.4.1/debian/changelog --- python-ddt-1.4.1/debian/changelog 2020-10-14 04:11:28.0 -0400 +++ python-ddt-1.4.1/debian/changelog 2021-05-23 11:51:10.0 -0400 @@ -1,3 +1,11 @@ +python-ddt (1.4.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Patch: Support pyyaml's security patch in 5.3.1-4 (from 5.4 upstream). +(Closes: #989009) + + -- Stefano Rivera Sun, 23 May 2021 11:51:10 -0400 + python-ddt (1.4.1-2) unstable; urgency=medium * Uploading to unstable. diff -Nru python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch --- python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 1969-12-31 20:00:00.0 -0400 +++ python-ddt-1.4.1/debian/patches/pyyaml-unsafeloader.patch 2021-05-23 11:50:57.0 -0400 @@ -0,0 +1,56 @@ +From 97f0a2315736e50f1b34a015447cd751da66ecb6 Mon Sep 17 00:00:00 2001 +From: Dirk Mueller +Date: Mon, 25 Jan 2021 22:49:04 +0100 +Subject: [PATCH] Use Yaml's UnsafeLoader for Python embedding tests + +In newer PyYAML versions the default FullLoader has +python/object/* integration removed. One has to use +UnsafeLoader instead. see this issue for details: + +https://github.com/yaml/pyyaml/issues/321 +Bug-Debian: https://bugs.debian.org/989009 +--- + test/test_example.py| 2 +- + test/test_functional.py | 10 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +--- a/test/test_example.py b/test/test_example.py +@@ -151,7 +151,7 @@ + + @ddt + class YamlOnlyTestCase(unittest.TestCase): +-@file_data('data/test_custom_yaml_loader.yaml', yaml.FullLoader) ++@file_data('data/test_custom_yaml_loader.yaml', yaml.UnsafeLoader) + def test_custom_yaml_loader(self, instance, expected): + """Test with yaml tags to create specific classes to compare""" + self.assertEqual(expected, instance) +--- a/test/test_functional.py b/test/test_functional.py +@@ -427,7 +427,7 @@ + loader allowing python tags is passed. + """ + +-from yaml import FullLoader ++from yaml import UnsafeLoader + from yaml.constructor import ConstructorError + + def str_to_type(class_name): +@@ -444,13 +444,13 @@ + raise AssertionError() + + @ddt +-class YamlFullLoaderTest(object): +-@file_data('data/test_functional_custom_tags.yaml', FullLoader) ++class YamlUnsafeLoaderTest(object): ++@file_data('data/test_functional_custom_tags.yaml', UnsafeLoader) + def test_cls_is_instance(self, instance, expected): + assert isinstance(instance, str_to_type(expected)) + +-tests = list(filter(_is_test, YamlFullLoaderTest.__dict__)) +-obj = YamlFullLoaderTest() ++tests = list(filter(_is_test, YamlUnsafeLoaderTest.__dict__)) ++obj = YamlUnsafeLoaderTest() + + if not tests: + raise AssertionError('No tests have been found.') diff -Nru python-ddt-1.4.1/debian/patches/series python-ddt-1.4.1/debian/patches/series --- python-ddt-1.4.1/debian/patches/series 1969-12-31 20:00:00.0 -0400 +++ python-ddt-1.4.1/debian/patches/series 2021-05-23 11:50:33.0 -0400 @@ -0,0 +1 @@ +pyyaml-unsafeloader.patch
Bug#988967: unblock: mercurial/5.6.1-3
Control: retitle -1 unblock: mercurial/5.6.1-4 Made one more change to get a build on mips64el: mercurial (5.6.1-4) unstable; urgency=medium * Revert -mno-lra workaround on mips64el, #871514 was fixed. Fixes occasional FTBFS on mips64el. -- Stefano Rivera Sun, 23 May 2021 08:37:06 -0400 It has now built on all release architectures. diff --git a/debian/rules b/debian/rules index 49272a8e..d6a5d5bc 100755 --- a/debian/rules +++ b/debian/rules @@ -10,10 +10,6 @@ PYVERS=$(shell py3versions -vs) PYVER_DEFAULT=$(shell py3versions -vd) include /usr/share/dpkg/architecture.mk -ifeq ($(DEB_HOST_ARCH),mips64el) -# Work around #871514 -export DEB_CFLAGS_MAINT_APPEND = -mno-lra -endif override_dh_python3: dh_python3 --shebang=/usr/bin/python3 unblock mercurial/5.6.1-4 SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#988967: unblock: mercurial/5.6.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Tristan Seligmann , Julien Cristau Please unblock package mercurial mercurial (5.6.1-3) unstable; urgency=medium * Team upload. [ Helmut Grohne ] * Annotate test dependencies (closes: #980337). [ Stefano Rivera ] * python-3.9.2.patch: Use "&" instead of ";" as query string separator in test-archive.t to fix FTBFS with Python 3.9.2, which changed its urllib.parse.parse_qsl() behavior to only accept "&" as a separator by default. (closes: #986514) -- Stefano Rivera Fri, 21 May 2021 12:06:47 -0400 [ Reason ] Fixes FTBFS with Python 3.9.2+. See #986514 [ Impact ] FTBFS + autopkgtest failure. [ Tests ] It's a test change (and marking dependencies ) [ Risks ] Patch is from upstream, and Ubuntu has carried it for a month, without issue. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock mercurial/5.6.1-3 diff -Nru mercurial-5.6.1/debian/changelog mercurial-5.6.1/debian/changelog --- mercurial-5.6.1/debian/changelog2021-02-01 12:47:09.0 -0400 +++ mercurial-5.6.1/debian/changelog2021-05-21 12:06:47.0 -0400 @@ -1,3 +1,18 @@ +mercurial (5.6.1-3) unstable; urgency=medium + + * Team upload. + + [ Helmut Grohne ] + * Annotate test dependencies (closes: #980337). + + [ Stefano Rivera ] + * python-3.9.2.patch: Use "&" instead of ";" as query string separator +in test-archive.t to fix FTBFS with Python 3.9.2, which changed its +urllib.parse.parse_qsl() behavior to only accept "&" as a separator by +default. (closes: #986514) + + -- Stefano Rivera Fri, 21 May 2021 12:06:47 -0400 + mercurial (5.6.1-2) unstable; urgency=medium * tests: make test-subrepo-git.t compatible with git's master->main diff -Nru mercurial-5.6.1/debian/control mercurial-5.6.1/debian/control --- mercurial-5.6.1/debian/control 2021-02-01 12:39:12.0 -0400 +++ mercurial-5.6.1/debian/control 2021-05-21 12:06:47.0 -0400 @@ -10,14 +10,14 @@ debhelper-compat (= 13), dh-python, gettext, - netbase, - patchutils (>= 0.2.25), + netbase , + patchutils (>= 0.2.25) , python3-all-dev, python3-docutils, python3-roman, - rename, - unzip, - zip, + rename , + unzip , + zip , less , Standards-Version: 4.5.0 Homepage: https://www.mercurial-scm.org/ diff -Nru mercurial-5.6.1/debian/patches/python-3.9.2.patch mercurial-5.6.1/debian/patches/python-3.9.2.patch --- mercurial-5.6.1/debian/patches/python-3.9.2.patch 1969-12-31 20:00:00.0 -0400 +++ mercurial-5.6.1/debian/patches/python-3.9.2.patch 2021-05-21 12:06:47.0 -0400 @@ -0,0 +1,34 @@ +From: Martin von Zweigbergk +Date: Fri, 21 May 2021 12:03:33 -0400 +Subject: tests: make test-archive.t pass on py3.9 (issue6504) + +Something got stricter at parsing URL query parameters and now the +parameters need to be separated by "&"; ";" is no longer allowed. See +issue6504 for details. + +Differential Revision: https://phab.mercurial-scm.org/D10472 + +Origin: upstream, https://www.mercurial-scm.org/repo/hg/rev/dc8976cc3a6e +Bug-Debian: https://bugs.debian.org/986514 +Bug-upstream: https://bz.mercurial-scm.org/show_bug.cgi?id=6504 +--- + tests/test-archive.t | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/test-archive.t b/tests/test-archive.t +index 606c9e2..384a04a 100644 +--- a/tests/test-archive.t b/tests/test-archive.t +@@ -334,10 +334,10 @@ invalid arch type should give 404 + > pass + > if len(sys.argv) <= 3: + > node, archive = sys.argv[1:] +- > requeststr = 'cmd=archive;node=%s;type=%s' % (node, archive) ++ > requeststr = 'cmd=archive=%s=%s' % (node, archive) + > else: + > node, archive, file = sys.argv[1:] +- > requeststr = 'cmd=archive;node=%s;type=%s;file=%s' % (node, archive, file) ++ > requeststr = 'cmd=archive=%s=%s=%s' % (node, archive, file) + > try: + > stdout = sys.stdout.buffer + > except AttributeError: diff -Nru mercurial-5.6.1/debian/patches/series mercurial-5.6.1/debian/patches/series --- mercurial-5.6.1/debian/patches/series 2021-02-01 12:46:24.0 -0400 +++ mercurial-5.6.1/debian/patches/series 2021-05-21 12:06:47.0 -0400 @@ -4,3 +4,4 @@ deb_specific__optional-dependencies deb_specific__disable_libdir_replacement.patch 0005-Tolerate-SIGINT-getting-the-kill-in-test-stdio.py.patch +python-3.9.2.patch
Bug#988961: unblock: python-libnacl/1.7.2-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Colin Watson Please unblock package python-libnacl python-libnacl (1.7.2-3) unstable; urgency=medium * Team upload. * Patch: Fix crypto_kdf_derive_from_key() on 32-bit platforms. (Closes: #988102) -- Stefano Rivera Fri, 21 May 2021 16:35:48 -0400 [ Reason ] Fixes a crash on 32bit platforms. [ Impact ] libnacl's KDF is broken on 32bit platforms. [ Tests ] The test suite covers the affected code. Test-built (running the test suite) on i386 and armhf. [ Risks ] Trivial change. Patch is carried by Gentoo, too. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-libnacl/1.7.2-3 diff -Nru python-libnacl-1.7.2/debian/changelog python-libnacl-1.7.2/debian/changelog --- python-libnacl-1.7.2/debian/changelog 2020-11-14 08:40:57.0 -0400 +++ python-libnacl-1.7.2/debian/changelog 2021-05-21 16:35:48.0 -0400 @@ -1,3 +1,11 @@ +python-libnacl (1.7.2-3) unstable; urgency=medium + + * Team upload. + * Patch: Fix crypto_kdf_derive_from_key() on 32-bit platforms. +(Closes: #988102) + + -- Stefano Rivera Fri, 21 May 2021 16:35:48 -0400 + python-libnacl (1.7.2-2) unstable; urgency=medium * Add Breaks: python3-duniterpy (<< 0.60.1) (see #974655). diff -Nru python-libnacl-1.7.2/debian/.gitignore python-libnacl-1.7.2/debian/.gitignore --- python-libnacl-1.7.2/debian/.gitignore 2020-11-14 08:40:57.0 -0400 +++ python-libnacl-1.7.2/debian/.gitignore 1969-12-31 20:00:00.0 -0400 @@ -1,6 +0,0 @@ -*.debhelper* -*.substvars -debhelper-build-stamp -files -python-libnacl -python3-libnacl diff -Nru python-libnacl-1.7.2/debian/patches/32bit-kdf.patch python-libnacl-1.7.2/debian/patches/32bit-kdf.patch --- python-libnacl-1.7.2/debian/patches/32bit-kdf.patch 1969-12-31 20:00:00.0 -0400 +++ python-libnacl-1.7.2/debian/patches/32bit-kdf.patch 2021-05-21 16:35:48.0 -0400 @@ -0,0 +1,24 @@ +From: =?utf-8?b?TWljaGHFgiBHw7Nybnk=?= +Date: Fri, 21 May 2021 16:25:27 -0400 +Subject: Fix crypto_kdf_derive_from_key() on 32-bit platforms + +Bug-Upstream: https://github.com/saltstack/libnacl/issues/126 +Bug-Debian: https://bugs.debian.org/988102 +Forwarded: https://github.com/saltstack/libnacl/pull/130 +--- + libnacl/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libnacl/__init__.py b/libnacl/__init__.py +index 98a53d9..f799b23 100644 +--- a/libnacl/__init__.py b/libnacl/__init__.py +@@ -1195,7 +1195,7 @@ def crypto_kdf_derive_from_key(subkey_size, subkey_id, context, master_key): + """ + size = int(subkey_size) + buf = ctypes.create_string_buffer(size) +-nacl.crypto_kdf_derive_from_key(buf, subkey_size, subkey_id, context, master_key) ++nacl.crypto_kdf_derive_from_key(buf, subkey_size, ctypes.c_ulonglong(subkey_id), context, master_key) + return buf.raw + + diff -Nru python-libnacl-1.7.2/debian/patches/series python-libnacl-1.7.2/debian/patches/series --- python-libnacl-1.7.2/debian/patches/series 1969-12-31 20:00:00.0 -0400 +++ python-libnacl-1.7.2/debian/patches/series 2021-05-21 16:35:48.0 -0400 @@ -0,0 +1 @@ +32bit-kdf.patch
Bug#988960: unblock: eclipse-titan/7.2.0-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Gergely Pilisi Please unblock package eclipse-titan eclipse-titan (7.2.0-1.1) unstable; urgency=medium * Non-maintainer upload. * Re-instate the --no-parallel option, fixing FTBFS on multi-core machines. (Closes: #987646) -- Stefano Rivera Fri, 21 May 2021 14:58:09 -0400 [ Reason ] Fixes FTBFS. [ Impact ] Expecting auto-removal, if not granted. [ Tests ] FTBFS without this change, for me. Doesn't with it. [ Risks ] Nothing significant. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock eclipse-titan/7.2.0-1.1 diff -Nru eclipse-titan-7.2.0/debian/changelog eclipse-titan-7.2.0/debian/changelog --- eclipse-titan-7.2.0/debian/changelog2021-02-16 05:25:17.0 -0400 +++ eclipse-titan-7.2.0/debian/changelog2021-05-21 14:58:09.0 -0400 @@ -1,3 +1,11 @@ +eclipse-titan (7.2.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Re-instate the --no-parallel option, fixing FTBFS on multi-core machines. +(Closes: #987646) + + -- Stefano Rivera Fri, 21 May 2021 14:58:09 -0400 + eclipse-titan (7.2.0-1) unstable; urgency=medium * New release. diff -Nru eclipse-titan-7.2.0/debian/rules eclipse-titan-7.2.0/debian/rules --- eclipse-titan-7.2.0/debian/rules2021-02-16 05:20:17.0 -0400 +++ eclipse-titan-7.2.0/debian/rules2021-05-21 14:48:25.0 -0400 @@ -3,7 +3,7 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+all %: - dh $@ --verbose + dh $@ --verbose --no-parallel override_dh_shlibdeps: dh_shlibdeps -l$(CURDIR)/Install/lib
Bug#988957: unblock: pydantic/1.7.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Michael Banck Please unblock package pydantic pydantic (1.7.4-1) unstable; urgency=medium * Team upload. * New upstream point release. - Fixes CVE-2021-29510: Date and datetime parsing could cause an infinite loop by passing either 'infinity' or float('inf') (Closes: #988480) * Update watch file to version 4 with current uscan(1) recommended regex. -- Stefano Rivera Fri, 21 May 2021 16:05:17 -0400 [ Reason ] New upstream point release, with (only) a security fix (DoS). [ Impact ] Without this patch, pydantic can be DoSed with "infinity" as a timestamp. [ Tests ] Upstream unit test suite runs during the package build. There are unit tests for the changes in this release. [ Risks ] Upstream maintains support branches, and provided this point release. So we're not relying on any untested patches. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock pydantic/1.7.4-1 diff -Nru pydantic-1.7.3/debian/changelog pydantic-1.7.4/debian/changelog --- pydantic-1.7.3/debian/changelog 2021-01-08 03:31:43.0 -0400 +++ pydantic-1.7.4/debian/changelog 2021-05-21 16:05:17.0 -0400 @@ -1,3 +1,13 @@ +pydantic (1.7.4-1) unstable; urgency=medium + + * Team upload. + * New upstream point release. +- Fixes CVE-2021-29510: Date and datetime parsing could cause an infinite + loop by passing either 'infinity' or float('inf') (Closes: #988480) + * Update watch file to version 4 with current uscan(1) recommended regex. + + -- Stefano Rivera Fri, 21 May 2021 16:05:17 -0400 + pydantic (1.7.3-1) unstable; urgency=medium [ Sandro Tosi ] diff -Nru pydantic-1.7.3/debian/watch pydantic-1.7.4/debian/watch --- pydantic-1.7.3/debian/watch 2021-01-08 03:31:43.0 -0400 +++ pydantic-1.7.4/debian/watch 2021-05-21 16:05:17.0 -0400 @@ -1,2 +1,4 @@ -version=3 -https://github.com/samuelcolvin/pydantic/releases .*/archive/v([\d.]+)\.tar\.gz +version=4 +opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%" \ +https://github.com/samuelcolvin/pydantic/releases \ +(?:.*?/)?v?(\d[\d.]*)\.tar\.gz diff -Nru pydantic-1.7.3/.github/workflows/ci.yml pydantic-1.7.4/.github/workflows/ci.yml --- pydantic-1.7.3/.github/workflows/ci.yml 2020-11-30 19:33:24.0 -0400 +++ pydantic-1.7.4/.github/workflows/ci.yml 2021-05-11 15:04:58.0 -0400 @@ -80,20 +80,20 @@ COMPILED: yes DEPS: yes -- name: uninstall deps - run: pip uninstall -y cython email-validator typing-extensions devtools python-dotenv - -- name: test compiled without deps - run: make test - -- run: coverage xml -- uses: codecov/codecov-action@v1.0.14 - with: -file: ./coverage.xml -env_vars: COMPILED,DEPS,PYTHON,OS - env: -COMPILED: yes -DEPS: no +#- name: uninstall deps +# run: pip uninstall -y cython email-validator typing-extensions devtools python-dotenv +# +#- name: test compiled without deps +# run: make test +# +#- run: coverage xml +#- uses: codecov/codecov-action@v1.0.14 +# with: +#file: ./coverage.xml +#env_vars: COMPILED,DEPS,PYTHON,OS +# env: +#COMPILED: yes +#DEPS: no - name: remove compiled binaries run: | @@ -159,11 +159,12 @@ with: python-version: '3.7' -- name: install - run: make install-testing - -- name: test - run: make test-fastapi +- run: echo "skip fastapi for now" +#- name: install +# run: make install-testing +# +#- name: test +# run: make test-fastapi benchmark: name: run benchmarks diff -Nru pydantic-1.7.3/HISTORY.md pydantic-1.7.4/HISTORY.md --- pydantic-1.7.3/HISTORY.md 2020-11-30 19:33:24.0 -0400 +++ pydantic-1.7.4/HISTORY.md 2021-05-11 15:04:58.0 -0400 @@ -1,3 +1,9 @@ +## v1.7.4 (2021-05-11) + +* **Security fix:** Fix `date` and `datetime` parsing so passing either `'infinity'` or `float('inf')` + (or their negative values) does not cause an infinite loop, + See security advisory [CVE-2021-29510](https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh) + ## v1.7.3 (2020-11-30) Thank you to pydantic's sponsors: diff -Nru pydantic-1.7.3/pydantic/datetime_parse.py pydantic-1.7.4/pydantic/datetime_parse.py --- pydantic-1.7.3/pydantic/datetime_parse.py 2020-11-30 19:33:24.0 -0400 +++ pydantic-1.7.4/pydantic/datetime_parse.py 2021-05-11 15:04:58.0 -0400 @@ -58,6 +58,8 @@ # if greater than this, the number is in ms, if less than or equal it's in seconds # (in seconds this is 11th October 2603, in ms it's 20th August 1970) MS_WATERSHED = int(2e10) +# slightl
Bug#988939: unblock: whipper/0.9.0-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Krzysztof Krzyżaniak (eloy) Please unblock package whipper Adds a couple of missing dependencies, and fixes up a stale description talking about Python 2.7. [ Reason ] Fixes RC bugs for missing dependencies. [ Impact ] Without this, I'd expect auto-removal :) [ Tests ] Checked that the package installs and runs --help, which it didn't before. [ Risks ] Changes are trivial. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] Changelog is kinda weird, but I was mostly just sponsoring an upload for a DD, so shrug. unblock whipper/0.9.0-7 diff -Nru whipper-0.9.0/debian/changelog whipper-0.9.0/debian/changelog --- whipper-0.9.0/debian/changelog 2020-05-29 02:17:36.0 -0400 +++ whipper-0.9.0/debian/changelog 2021-04-27 08:22:21.0 -0400 @@ -1,3 +1,26 @@ +whipper (0.9.0-7) unstable; urgency=medium + + [ Krzysztof Krzyżaniak (eloy) ] + * control: Update dependencies, added flac package (Closes: #978166) + + [ Stefano Rivera ] + * Depend on python3-distutils, it's used at runtime (Closes: #971628) + + -- Krzysztof Krzyżaniak (eloy) Tue, 27 Apr 2021 14:22:21 +0200 + +whipper (0.9.0-6) unstable; urgency=medium + + * Non maintainer upload by the Reproducible Builds team. + * No source change upload to rebuild on buildd with .buildinfo files. + + -- Krzysztof Krzyżaniak (eloy) Fri, 01 Jan 2021 22:04:03 +0100 + +whipper (0.9.0-5) unstable; urgency=medium + + * control: Update description (closes: #968880) + + -- Krzysztof Krzyżaniak (eloy) Sun, 23 Aug 2020 13:39:11 +0200 + whipper (0.9.0-4) unstable; urgency=medium * control: Add cdrdao to depends. (Closes: #961758) diff -Nru whipper-0.9.0/debian/control whipper-0.9.0/debian/control --- whipper-0.9.0/debian/control2020-05-29 02:05:48.0 -0400 +++ whipper-0.9.0/debian/control2021-04-27 08:22:21.0 -0400 @@ -22,6 +22,7 @@ Depends: ${python3:Depends}, ${shlibs:Depends}, ${misc:Depends}, + python3-distutils, python3-musicbrainzngs, python3-cdio, python3-requests, @@ -31,8 +32,9 @@ sox, cd-paranoia, cdrdao, -Description: CD-DA ripper based - Whipper is a Python 2.7 CD-DA ripper based on the morituri project + flac +Description: CD ripping utility focusing on accuracy over speed + Whipper is a Python CD-DA ripper based on the morituri project (CDDA ripper for *nix systems aiming for accuracy over speed). It enhances morituri which development seems to have halted merging old ignored pull requests, improving it with bugfixes and new features.
Bug#988926: unblock: pyyaml/5.3.1-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: Scott Kitterman , Michael Hudson-Doyle Please unblock package pyyaml pyyaml (5.3.1-4) unstable; urgency=medium * Team upload. [ Debian Janitor ] * Apply multi-arch hints. + python3-yaml-dbg: Add Multi-Arch: same. [ Stefano Rivera ] * Resolve CVE-2020-14343, more trivial RCEs in .load() and FullLoader. (Closes: #966233) -- Stefano Rivera Fri, 21 May 2021 11:11:00 -0400 [ Reason ] Fixes a security issue (#966233, CVE-2020-14343). Not expecting it to be 100% secure, that requires more significant API changes, but at least it's a bit better. https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation [ Impact ] Known RCE risk in a parsing library. [ Tests ] Manually tested that the example exploits are mitigated. [ Risks ] Haven't checked reverse-dependencies (there are a lot of them) for breakage. Ubuntu has carried this patch for a month, with no known issues. I saw one issue mentioned on github, but that doesn't trigger an FTBFS for us (no build-dep on pyyaml): https://github.com/networkx/networkx/issues/4569 [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock pyyaml/5.3.1-4 diff -Nru pyyaml-5.3.1/debian/changelog pyyaml-5.3.1/debian/changelog --- pyyaml-5.3.1/debian/changelog 2020-10-22 19:33:33.0 -0400 +++ pyyaml-5.3.1/debian/changelog 2021-05-21 11:11:00.0 -0400 @@ -1,3 +1,17 @@ +pyyaml (5.3.1-4) unstable; urgency=medium + + * Team upload. + + [ Debian Janitor ] + * Apply multi-arch hints. ++ python3-yaml-dbg: Add Multi-Arch: same. + + [ Stefano Rivera ] + * Resolve CVE-2020-14343, more trivial RCEs in .load() and FullLoader. +(Closes: #966233) + + -- Stefano Rivera Fri, 21 May 2021 11:11:00 -0400 + pyyaml (5.3.1-3) unstable; urgency=medium [ Ondřej Nový ] diff -Nru pyyaml-5.3.1/debian/control pyyaml-5.3.1/debian/control --- pyyaml-5.3.1/debian/control 2020-10-22 19:33:33.0 -0400 +++ pyyaml-5.3.1/debian/control 2021-05-21 11:11:00.0 -0400 @@ -25,6 +25,7 @@ Section: debug Architecture: any Depends: python3-yaml (= ${binary:Version}), python3-dbg, ${shlibs:Depends}, ${misc:Depends} +Multi-Arch: same Description: YAML parser and emitter for Python3 (debug build) Python3-yaml is a complete YAML 1.1 parser and emitter for Python3. It can parse all examples from the specification. The parsing algorithm is simple diff -Nru pyyaml-5.3.1/debian/patches/cve-2020-14343.patch pyyaml-5.3.1/debian/patches/cve-2020-14343.patch --- pyyaml-5.3.1/debian/patches/cve-2020-14343.patch1969-12-31 20:00:00.0 -0400 +++ pyyaml-5.3.1/debian/patches/cve-2020-14343.patch2021-05-21 11:11:00.0 -0400 @@ -0,0 +1,127 @@ +From: =?utf-8?q?Ingy_d=C3=B6t_Net?= +Date: Sat, 9 Jan 2021 10:53:23 -0500 +Subject: Fix for CVE-2020-14343 + +Per suggestion https://github.com/yaml/pyyaml/issues/420#issuecomment-663888344 +move a few constructors from full_load to unsafe_load. + +Bug-Debian: https://bugs.debian.org/966233 +Bug-Upstream: https://github.com/yaml/pyyaml/issues/420 +Origin: upstream, https://github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc +--- + lib/yaml/constructor.py | 24 + lib3/yaml/constructor.py | 24 + tests/lib/test_recursive.py | 2 +- + tests/lib3/test_recursive.py | 2 +- + 4 files changed, 26 insertions(+), 26 deletions(-) + +diff --git a/lib/yaml/constructor.py b/lib/yaml/constructor.py +index 794681c..c42ee34 100644 +--- a/lib/yaml/constructor.py b/lib/yaml/constructor.py +@@ -722,18 +722,6 @@ FullConstructor.add_multi_constructor( + u'tag:yaml.org,2002:python/name:', + FullConstructor.construct_python_name) + +-FullConstructor.add_multi_constructor( +-u'tag:yaml.org,2002:python/module:', +-FullConstructor.construct_python_module) +- +-FullConstructor.add_multi_constructor( +-u'tag:yaml.org,2002:python/object:', +-FullConstructor.construct_python_object) +- +-FullConstructor.add_multi_constructor( +-u'tag:yaml.org,2002:python/object/new:', +-FullConstructor.construct_python_object_new) +- + class UnsafeConstructor(FullConstructor): + + def find_python_module(self, name, mark): +@@ -750,6 +738,18 @@ class UnsafeConstructor(FullConstructor): + return super(UnsafeConstructor, self).set_python_instance_state( + instance, state, unsafe=True) + ++UnsafeConstructor.add_multi_constructor( ++u'tag:yaml.org,2002:python/module:', ++UnsafeConstructor.construct_python_module) ++ ++UnsafeConstructor.add_multi_constructor( ++u'tag:yaml.org,2002:python/object:', ++UnsafeConstructor.construct_python_object) ++ ++UnsafeConstructor.add_multi_constructor( ++u'tag:yaml.org,2002:python/object
Bug#988628: unblock: six/1.16.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: cjwat...@debian.org Control: block 988418 with -1 Please unblock package six There is a new six in unstable that python-pip built against, it needs to migrate for pip to be able to. [ Reason ] New upstream release, with minor improvement for Python 3.10. [ Impact ] python-pip won't migrate (#988418). [ Tests ] Upstream tests are run at build. But the changed code isn't covered by any new tests. [ Risks ] Minimal changes in a very stable library. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock six/1.16.0-1 diff -Nru six-1.15.0/CHANGES six-1.16.0/CHANGES --- six-1.15.0/CHANGES 2020-05-21 11:25:33.0 -0400 +++ six-1.16.0/CHANGES 2021-05-05 10:17:58.0 -0400 @@ -3,6 +3,12 @@ This file lists the changes in each six version. +1.16.0 +-- + +- Pull request #343, issue #341, pull request #349: Port _SixMetaPathImporter to + Python 3.10. + 1.15.0 -- @@ -100,7 +106,7 @@ - Issue #98: Fix `six.moves` race condition in multi-threaded code. -- Pull request #51: Add `six.view(keys|values|itmes)`, which provide dictionary +- Pull request #51: Add `six.view(keys|values|items)`, which provide dictionary views on Python 2.7+. - Issue #112: `six.moves.reload_module` now uses the importlib module on @@ -227,7 +233,7 @@ - Issue #40: Add import mapping for the Python 2 gdbm module. - Issue #35: On Python versions less than 2.7, print_ now encodes unicode - strings when outputing to standard streams. (Python 2.7 handles this + strings when outputting to standard streams. (Python 2.7 handles this automatically.) 1.4.1 diff -Nru six-1.15.0/debian/changelog six-1.16.0/debian/changelog --- six-1.15.0/debian/changelog 2020-11-09 20:16:45.0 -0400 +++ six-1.16.0/debian/changelog 2021-05-09 06:40:54.0 -0400 @@ -1,3 +1,9 @@ +six (1.16.0-1) unstable; urgency=medium + + * New upstream release. + + -- Colin Watson Sun, 09 May 2021 11:40:54 +0100 + six (1.15.0-2) unstable; urgency=medium [ Ondřej Nový ] diff -Nru six-1.15.0/PKG-INFO six-1.16.0/PKG-INFO --- six-1.15.0/PKG-INFO 2020-05-21 11:25:53.508234700 -0400 +++ six-1.16.0/PKG-INFO 2021-05-05 10:18:16.777235000 -0400 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: six -Version: 1.15.0 +Version: 1.16.0 Summary: Python 2 and 3 compatibility utilities Home-page: https://github.com/benjaminp/six Author: Benjamin Peterson diff -Nru six-1.15.0/six.egg-info/PKG-INFO six-1.16.0/six.egg-info/PKG-INFO --- six-1.15.0/six.egg-info/PKG-INFO2020-05-21 11:25:53.0 -0400 +++ six-1.16.0/six.egg-info/PKG-INFO2021-05-05 10:18:16.0 -0400 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: six -Version: 1.15.0 +Version: 1.16.0 Summary: Python 2 and 3 compatibility utilities Home-page: https://github.com/benjaminp/six Author: Benjamin Peterson diff -Nru six-1.15.0/six.py six-1.16.0/six.py --- six-1.15.0/six.py 2020-05-21 11:25:33.0 -0400 +++ six-1.16.0/six.py 2021-05-05 10:17:58.0 -0400 @@ -29,7 +29,7 @@ import types __author__ = "Benjamin Peterson " -__version__ = "1.15.0" +__version__ = "1.16.0" # Useful for very coarse version differentiation. @@ -71,6 +71,11 @@ MAXSIZE = int((1 << 63) - 1) del X +if PY34: +from importlib.util import spec_from_loader +else: +spec_from_loader = None + def _add_doc(func, doc): """Add documentation to a function.""" @@ -186,6 +191,11 @@ return self return None +def find_spec(self, fullname, path, target=None): +if fullname in self.known_modules: +return spec_from_loader(fullname, self) +return None + def __get_module(self, fullname): try: return self.known_modules[fullname] @@ -223,6 +233,12 @@ return None get_source = get_code # same as get_code +def create_module(self, spec): +return self.load_module(spec.name) + +def exec_module(self, module): +pass + _importer = _SixMetaPathImporter(__name__)
Bug#988418: unblock: python-pip/20.3.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-pip [ Reason ] Pick up the security fix from #988399. Apply another security update to pip itself. This has no CVE (yet?). Also included: Minor improvements to autopkgtests, making them more rugged and the result logs more readable. [ Impact ] A known security issue. [ Tests ] The package has basic autopkgtest coverage that ensures pip broadly functions. The affected code isn't covered by tests, but has been part of 2 upstream releases, without needing to be touched again. [ Risks ] pip is virtually a leaf package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-pip/20.3.4-2 diff -Nru python-pip-20.3.4/debian/changelog python-pip-20.3.4/debian/changelog --- python-pip-20.3.4/debian/changelog 2021-03-01 17:03:20.0 -0400 +++ python-pip-20.3.4/debian/changelog 2021-05-12 08:39:26.0 -0400 @@ -1,3 +1,14 @@ +python-pip (20.3.4-2) unstable; urgency=medium + + * Add myself to uploaders. + * Mark autopkgtests that use PyPI as needs-internet. + * Mark autopkgtests that use PyPI as allow-stderr. Retried http requests, +common in Ubuntu CI, will result in logging to stderr. set -e to catch +real errors. + * Security: Don't split git references on unicode separators. + + -- Stefano Rivera Wed, 12 May 2021 08:39:26 -0400 + python-pip (20.3.4-1) unstable; urgency=medium [ Stefano Rivera ] diff -Nru python-pip-20.3.4/debian/control python-pip-20.3.4/debian/control --- python-pip-20.3.4/debian/control2021-03-01 17:03:20.0 -0400 +++ python-pip-20.3.4/debian/control2021-05-12 08:39:26.0 -0400 @@ -4,6 +4,7 @@ Maintainer: Debian Python Team Uploaders: Carl Chenet , Scott Kitterman , + Stefano Rivera Homepage: https://pip.pypa.io/en/stable/ Build-Depends: debhelper-compat (= 11), dh-python, diff -Nru python-pip-20.3.4/debian/patches/git-split-ascii.patch python-pip-20.3.4/debian/patches/git-split-ascii.patch --- python-pip-20.3.4/debian/patches/git-split-ascii.patch 1969-12-31 20:00:00.0 -0400 +++ python-pip-20.3.4/debian/patches/git-split-ascii.patch 2021-05-12 08:39:26.0 -0400 @@ -0,0 +1,40 @@ +From: Pradyun Gedam +Date: Tue, 11 May 2021 20:04:10 -0400 +Subject: Security: Don't split git references on unicode separators + +Previously, maliciously formatted tags could be used to hijack a +commit-based pin. Using the fact that the split here allowed for +all of unicode's whitespace characters as separators -- which git allows +as a part of a tag name -- it is possible to force a different revision +to be installed; if an attacker gains access to the repository. + +This change stops splitting the string on unicode characters, by forcing +the splits to happen on newlines and ASCII spaces. + +Origin: upstream, https://github.com/pypa/pip/pull/9827 +--- + src/pip/_internal/vcs/git.py | 10 -- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py +index 565961a..4423a91 100644 +--- a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py +@@ -149,9 +149,15 @@ class Git(VersionControl): + on_returncode='ignore', + ) + refs = {} +-for line in output.strip().splitlines(): ++# NOTE: We do not use splitlines here since that would split on other ++# unicode separators, which can be maliciously used to install a ++# different revision. ++for line in output.strip().split("\n"): ++line = line.rstrip("\r") ++if not line: ++continue + try: +-sha, ref = line.split() ++sha, ref = line.split(" ", maxsplit=2) + except ValueError: + # Include the offending line to simplify troubleshooting if + # this error ever occurs. diff -Nru python-pip-20.3.4/debian/patches/series python-pip-20.3.4/debian/patches/series --- python-pip-20.3.4/debian/patches/series 2021-03-01 17:03:20.0 -0400 +++ python-pip-20.3.4/debian/patches/series 2021-05-12 08:39:26.0 -0400 @@ -9,3 +9,4 @@ debian-python2.7-sysconfig-workaround.patch debug-command-for-unbundled.patch str-version.patch +git-split-ascii.patch diff -Nru python-pip-20.3.4/debian/tests/control python-pip-20.3.4/debian/tests/control --- python-pip-20.3.4/debian/tests/control 2021-03-01 17:03:20.0 -0400 +++ python-pip-20.3.4/debian/tests/control 2021-05-12 08:39:26.0 -0400 @@ -1,8 +1,8 @@ Tests: pip3-root.sh -Restrictions: breaks-testbed, needs-root +Restrictions: allow-stderr, breaks-testbed, needs-internet, nee
Bug#988399: unblock: python-urllib3/1.26.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: er...@debian.org Please unblock package python-urllib3 This is a upstream point release, that fixes a security issue (CVE-2021-28363). All the changes are either inconsequential documentation noise or targeted bug fixes. The diff is small enough that I'll immediately upload to unstable. [ Reason ] Pick up an upstream security fix, and bug fixes in a point release. [ Impact ] Known security issue. [ Tests ] Upstream unit test suite covers the changes. [ Risks ] Minimal. It's a popular Python package, the point release is over a month old and hasn't had regressions reported. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I'll follow-up with a security update to pip that will update its bundled urllib3. unblock python-urllib3/1.26.4-1 diff -Nru python-urllib3-1.26.2/CHANGES.rst python-urllib3-1.26.4/CHANGES.rst --- python-urllib3-1.26.2/CHANGES.rst 2020-11-12 18:16:30.0 -0400 +++ python-urllib3-1.26.4/CHANGES.rst 2021-03-15 11:03:47.0 -0400 @@ -1,6 +1,23 @@ Changes === +1.26.4 (2021-03-15) +--- + +* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy + during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. + + +1.26.3 (2021-01-26) +--- + +* Fixed bytes and string comparison issue with headers (Pull #2141) + +* Changed ``ProxySchemeUnknown`` error message to be + more actionable if the user supplies a proxy URL without + a scheme. (Pull #2107) + + 1.26.2 (2020-11-12) --- diff -Nru python-urllib3-1.26.2/debian/changelog python-urllib3-1.26.4/debian/changelog --- python-urllib3-1.26.2/debian/changelog 2020-12-30 21:22:32.0 -0400 +++ python-urllib3-1.26.4/debian/changelog 2021-05-11 20:30:00.0 -0400 @@ -1,3 +1,12 @@ +python-urllib3 (1.26.4-1) unstable; urgency=medium + + * Team upload. + * New upstream release. +- Enforces certificate validation in some cases involving HTTPS to HTTPS + proxies CVE-2021-28363. + + -- Stefano Rivera Tue, 11 May 2021 20:30:00 -0400 + python-urllib3 (1.26.2-1) unstable; urgency=medium * New upstream version 1.26.2 diff -Nru python-urllib3-1.26.2/debian/patches/01_do-not-use-embedded-python-six.patch python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch --- python-urllib3-1.26.2/debian/patches/01_do-not-use-embedded-python-six.patch 2020-12-30 21:22:32.0 -0400 +++ python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch 2021-05-11 20:30:00.0 -0400 @@ -76,7 +76,7 @@ __all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"] diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py -index 660d679..826f8d7 100644 +index 45580b7..1cddda4 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -9,9 +9,9 @@ import warnings @@ -160,7 +160,7 @@ __all__ = ["inject_into_urllib3", "extract_from_urllib3"] diff --git a/src/urllib3/exceptions.py b/src/urllib3/exceptions.py -index d69958d..31a779b 100644 +index cba6f3f..053758e 100644 --- a/src/urllib3/exceptions.py +++ b/src/urllib3/exceptions.py @@ -1,6 +1,6 @@ @@ -294,7 +294,7 @@ def is_fp_closed(obj): diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index ee51f92..8c275a8 100644 +index d25a41b..e11f585 100644 --- a/src/urllib3/util/retry.py +++ b/src/urllib3/util/retry.py @@ -17,7 +17,7 @@ from ..exceptions import ( diff -Nru python-urllib3-1.26.2/docs/conf.py python-urllib3-1.26.4/docs/conf.py --- python-urllib3-1.26.2/docs/conf.py 2020-11-12 18:16:30.0 -0400 +++ python-urllib3-1.26.4/docs/conf.py 2021-03-15 11:03:47.0 -0400 @@ -78,8 +78,8 @@ html_theme_options = { "announcement": """ https://opencollective.com/urllib3\;> -Sponsor urllib3 v2.0 on Open Collective + href=\"https://github.com/sponsors/urllib3\;> +Support urllib3 on GitHub Sponsors """, "sidebar_hide_name": True, diff -Nru python-urllib3-1.26.2/docs/sponsors.rst python-urllib3-1.26.4/docs/sponsors.rst --- python-urllib3-1.26.2/docs/sponsors.rst 2020-11-12 18:16:30.0 -0400 +++ python-urllib3-1.26.4/docs/sponsors.rst 2021-03-15 11:03:33.0 -0400 @@ -15,7 +15,7 @@ `Get in contact <mailto:sethmichaellar...@gmail.com>`_ for additional details on sponsorship and perks before making a contribution - through `Open Collective <https://opencollective.com/urllib3>`_ if you have questions. + through `GitHub Sponsors <https://github.com/sponsors/urllib3
Bug#987957: unblock: pypy/7.3.3+dfsg-2 pypy3/7.3.3+dfsg-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock packages pypy & pypy3: pypy (7.3.3+dfsg-2) unstable; urgency=medium . * Move pypy dependencies to Pre-Depends, as the pypy binary is used in package maintainer scripts. (Closes: #987213) pypy3 (7.3.3+dfsg-4) unstable; urgency=medium . * Move pypy3 dependencies to Pre-Depends, as the pypy3 binary is used in package maintainer scripts. (Closes: #987908) * Remove pydoc getfile feature. (CVE-2021-3426) * security: Restrict ftplib PASV hosts (no CVE assigned). [ Reason ] Promoting pypy dependencies from Depends to Pre-Depends, so that reverse-dependencies maintainer script execution is delayed until pypy's dependencies are in in place. (See: #987213) pypy3 (not a key package) gets the same patch, and a couple of security updates from upstream hg. [ Impact ] Upgrades of pypy libraries from buster to bullseye may fail, without this patch. [ Tests ] autopkgtests verify the broad functionality of the language. piuparts testing will be the best way to see that upgrading is now reliable. [ Risks ] Increasing Pre-Depends isn't ideal, and some of these libraries aren't needed for pypycompile/pypy3compile to run. But manually splitting the Pre-Depends and Depends risks more complexity and mistakes in the future. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing unblock pypy/7.3.3+dfsg-2 unblock pypy3/7.3.3+dfsg-4 SR diff -Nru pypy3-7.3.3+dfsg/debian/changelog pypy3-7.3.3+dfsg/debian/changelog --- pypy3-7.3.3+dfsg/debian/changelog 2021-02-25 14:55:51.0 -0400 +++ pypy3-7.3.3+dfsg/debian/changelog 2021-05-02 12:34:45.0 -0400 @@ -1,3 +1,12 @@ +pypy3 (7.3.3+dfsg-4) unstable; urgency=medium + + * Move pypy3 dependencies to Pre-Depends, as the pypy3 binary is used in +package maintainer scripts. (Closes: #987908) + * Remove pydoc getfile feature. (CVE-2021-3426) + * security: Restrict ftplib PASV hosts (no CVE assigned). + + -- Stefano Rivera Sun, 02 May 2021 12:34:45 -0400 + pypy3 (7.3.3+dfsg-3) unstable; urgency=medium * Patch: CVE-2021-23336: Only use '&' as a query string separator. diff -Nru pypy3-7.3.3+dfsg/debian/control pypy3-7.3.3+dfsg/debian/control --- pypy3-7.3.3+dfsg/debian/control 2021-02-25 14:55:51.0 -0400 +++ pypy3-7.3.3+dfsg/debian/control 2021-05-02 12:34:45.0 -0400 @@ -36,11 +36,15 @@ Package: pypy3 Architecture: any -Depends: pypy3-lib (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Depends: ${misc:Depends} Breaks: pypy3-dev (<< ${source:Version}) Provides: ${pypy3-abi} Suggests: pypy3-doc, pypy3-tk (= ${binary:Version}) -Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends} +Pre-Depends: + dpkg (>= 1.15.6~), + pypy3-lib (= ${binary:Version}), + ${misc:Pre-Depends}, + ${shlibs:Pre-Depends} Description: fast alternative implementation of Python 3.x - PyPy interpreter PyPy is a fast, compliant alternative implementation of the Python language (3.x). It has several advantages and distinct features: diff -Nru pypy3-7.3.3+dfsg/debian/patches/cve-2021-3426 pypy3-7.3.3+dfsg/debian/patches/cve-2021-3426 --- pypy3-7.3.3+dfsg/debian/patches/cve-2021-3426 1969-12-31 20:00:00.0 -0400 +++ pypy3-7.3.3+dfsg/debian/patches/cve-2021-3426 2021-05-02 12:34:45.0 -0400 @@ -0,0 +1,77 @@ +From: Matti Picus +Date: Sun, 2 May 2021 10:57:58 -0400 +Subject: Stdlib: Remove the pydoc getfile feature (bpo 42988) (CVE-2021-3426) + +Bug-cPython: https://bugs.python.org/issue42988 +Origin: upstream, https://foss.heptapod.net/pypy/pypy/-/commit/f66a96388f8a0ba125005d5d524a31dfd3878a18 +--- + lib-python/3/pydoc.py | 18 -- + lib-python/3/test/test_pydoc.py | 6 -- + 2 files changed, 24 deletions(-) + +diff --git a/lib-python/3/pydoc.py b/lib-python/3/pydoc.py +index b521a55..5247ef9 100644 +--- a/lib-python/3/pydoc.py b/lib-python/3/pydoc.py +@@ -2312,9 +2312,6 @@ def _url_handler(url, content_type="text/html"): + %s%s%s + ''' % (title, css_link, html_navbar(), contents) + +-def filelink(self, url, path): +-return '%s' % (url, path) +- + + html = _HTMLDoc() + +@@ -2400,19 +2397,6 @@ def _url_handler(url, content_type="text/html"): + 'key = %s' % key, '#ff', '#ee77aa', ''.join(results)) + return 'Search Results', contents + +-def html_getfile(path): +-"""Get and display a source file listing safely.""" +-path = urllib.parse.unquote(path) +-with tokenize.open(path) as fp: +-lines = html.escape(fp.read()) +-body = '%s' % lines +-heading = html.heading( +-'File Listing', +-'#ff', '#7799ee') +-contents = heading +
Bug#987411: unblock: soupsieve/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package soupsieve New upstream point release fixing a single bug, fairly minimally. [ Reason ] Fixes: https://github.com/facelessuser/soupsieve/issues/216 [ Impact ] Unable to parse documents with an XML namespace named "self". [ Tests ] The package has good test suite coverage, which is run at build time and in autopkgtests. [ Risks ] The change is pretty straightforward, and makes the code a little simpler (passing a dict instead of kwargs). This is a key package. The new version has already aged for 25 days. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock soupsieve/2.2.1-1 diff -Nru soupsieve-2.2/debian/changelog soupsieve-2.2.1/debian/changelog --- soupsieve-2.2/debian/changelog 2021-02-11 17:00:48.0 -0400 +++ soupsieve-2.2.1/debian/changelog2021-03-28 14:15:20.0 -0400 @@ -1,3 +1,9 @@ +soupsieve (2.2.1-1) unstable; urgency=medium + + * New upstream point release. + + -- Stefano Rivera Sun, 28 Mar 2021 11:15:20 -0700 + soupsieve (2.2-1) unstable; urgency=medium * New upstream release. diff -Nru soupsieve-2.2/docs/src/markdown/about/changelog.md soupsieve-2.2.1/docs/src/markdown/about/changelog.md --- soupsieve-2.2/docs/src/markdown/about/changelog.md 2021-02-09 15:57:00.0 -0400 +++ soupsieve-2.2.1/docs/src/markdown/about/changelog.md2021-03-19 00:59:26.0 -0400 @@ -1,5 +1,9 @@ # Changelog +## 2.2.1 + +- **FIX**: Fix an issue with namespaces when one of the keys is `self`. + ## 2.2 - **NEW**: `:link` and `:any-link` no longer include `#!html ` due to a change in the level 4 selector diff -Nru soupsieve-2.2/docs/src/markdown/selectors/pseudo-classes.md soupsieve-2.2.1/docs/src/markdown/selectors/pseudo-classes.md --- soupsieve-2.2/docs/src/markdown/selectors/pseudo-classes.md 2021-02-09 15:57:00.0 -0400 +++ soupsieve-2.2.1/docs/src/markdown/selectors/pseudo-classes.md 2021-03-19 00:59:26.0 -0400 @@ -867,7 +867,7 @@ Level 4 CSS adds the additional pattern in the form `an+b of S` where `S` represents a selector list. `an+b` can also be substituted with `even` or `odd`. -Wen using the pattern `an+b of S`, the pattern will select elements from a sub-group of sibling elements that all +When using the pattern `an+b of S`, the pattern will select elements from a sub-group of sibling elements that all match the selector list (`[of S]?`), based on their position within that sub-group, using the pattern `an+b`, for every positive integer or zero value of `n`. The index of the first element is `1`. The values `a` and `b` must both be integers. @@ -961,7 +961,7 @@ Level 4 CSS adds the additional pattern in the form `an+b of S` where `S` represents a selector list. `an+b` can also be substituted with `even` or `odd`. -Wen using the pattern `an+b of S`, the pattern will select elements from a sub-group of sibling elements that all +When using the pattern `an+b of S`, the pattern will select elements from a sub-group of sibling elements that all match the selector list (`[of S]?`), based on their position within that sub-group, using the pattern `an+b`, for every positive integer or zero value of `n`. The index of the first element is `1`. The values `a` and `b` must both be integers. Elements will be counted from the end. diff -Nru soupsieve-2.2/PKG-INFO soupsieve-2.2.1/PKG-INFO --- soupsieve-2.2/PKG-INFO 2021-02-09 15:57:13.208084600 -0400 +++ soupsieve-2.2.1/PKG-INFO2021-03-19 00:59:30.715582600 -0400 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: soupsieve -Version: 2.2 +Version: 2.2.1 Summary: A modern CSS selector implementation for Beautiful Soup. Home-page: https://github.com/facelessuser/soupsieve Author: Isaac Muse diff -Nru soupsieve-2.2/requirements/docs.txt soupsieve-2.2.1/requirements/docs.txt --- soupsieve-2.2/requirements/docs.txt 2021-02-09 15:57:00.0 -0400 +++ soupsieve-2.2.1/requirements/docs.txt 2021-03-19 00:59:26.0 -0400 @@ -1,4 +1,4 @@ -mkdocs_pymdownx_material_extras==1.1.3 +mkdocs_pymdownx_material_extras==1.2.2 mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin pyspelling diff -Nru soupsieve-2.2/soupsieve/css_types.py soupsieve-2.2.1/soupsieve/css_types.py --- soupsieve-2.2/soupsieve/css_types.py2021-02-09 15:57:00.0 -0400 +++ soupsieve-2.2.1/soupsieve/css_types.py 2021-03-19 00:59:26.0 -0400 @@ -89,10 +89,10 @@ class ImmutableDict(Mapping): """Hashable, immutable dictionary.""" -def __init__(self, *args, **kwargs): +def __init__(self, arg): """Initialize.""" -arg = args[0] if
Bug#987372: buster-pu: package distro-info-data/0.41+deb10u3 OR (distro-info/1.0~deb10u1 AND distro-info-data/0.47~deb10u1)
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: bdr...@debian.org There's a new Ubuntu release, so it's time to upload a distro-info-data update for buster. I missed 0.46, but there was nothing urgent in it. The changes in unstable since the last update are: distro-info-data (0.47) unstable; urgency=medium * Add Ubuntu 21.04, Impish Indri. -- Stefano Rivera Thu, 22 Apr 2021 10:30:18 -0400 distro-info-data (0.46) unstable; urgency=medium * Add "eol-server" dates matching "eol", for LTS releases, as there hasn't been a distinction between the two, for a while. (Closes: #922090, LP: #1814976). * Add "eol-esm" column: EOL for Ubuntu Extended Security Maintenance support. (LP: #1808038) * Drop ancient Replaces: distro-info (<< 0.3~). No longer needed. * Add "eol-lts" for Debian LTS (Closes: #782685) * Add estimated dates for Buster EOL and Buster LTS EOL. * Publish the data to GitLab pages. (Closes: #973904) * Bump Standards-Version to 4.5.1, no changes needed. * Bump copyright years. * Correct the EOL date for Debian Jessie. * Add Debian 13 "Trixie", with a rough date. * Add "up-to-date" testing tool. * Add an autopkgtest, running the validation and up-to-date tests. * "black" Python. * Add "eol-elts" for Debian ELTS. * Tweak eol and eol-esm dates, by a couple of days, for Ubuntu 6.10, 9.10, 10.04, 12.04, 15.04, 15.10, 19.04 to match announced EOL dates. -- Stefano Rivera Fri, 29 Jan 2021 13:41:20 -0700 [ Reason ] I want to update distro-info-data, so that it knows about the current Ubuntu development release, and future Debian releases. [ Impact ] Currently on a Buster system: $ ubuntu-distro-info --devel ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. With this change: $ ubuntu-distro-info --devel impish [ Tests ] distro-info-data is just a data package. There are automated tests for correctness and freshness. distro-info has automated unit and integration tests. [ Risks ] The intention for distro-info and distro-info-data was that the data could always be trivially backported to stable releases, however this time there are a few changes there that make this a non-trivial update. They got batched together, because once you're breaking the world, you may as well do it properly: 1. New columns. distro-info didn't support unknown columns in the CSV data until 1.0. 2. Date corrections. distro-info used historical dates in the test suite, so changes break build time tests and autopkgtests. So, I offer you two choices: 1. We backport distro-info-data 0.47 and distro-info 1.0 to buster. Bringing new features, and simplified unmodified backport data updates in the future. * distro-info_1.0~deb10u1.debdiff * distro-info-data_0.47~deb10u1.debdiff 2. We cherry-pick the important changes in distro-info-data (excluding those historical date corrections that break tests, and new columns). Future updates for buster will have to continue to do this. * distro-info-data_0.41+deb10u4.debdiff With the backport approach: Users will need to install 2 updates together: distro-info Depends: distro-info-data (>= 0.46~) distro-info-data Breaks: distro-info (<< 1.0~) Other code that interprets distro-info-data directly may be surprised by new columns. All reverse-dependencies in the archive have been checked, and won't be affected. With the cherry-pick approach: Negligible risk to users, it's a new entry in the Debian & Ubuntu releases tables, and EOL updates for Jessie and Buster (guessed). Future updates will have to continue to cherry-pick, which means they won't be tested as well as straight backports. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] backport approach: distro-info-data (0.47~deb10u1) buster; urgency=medium * Backport 0.47 to buster. Highlights: - Add "eol-esm" for Ubuntu Extended Security Maintenance support. - Add "eol-lts" for Debian LTS (Closes: #782685) - Add "eol-elts" for Debian ELTS. - Add estimated dates for Buster EOL and Buster LTS EOL. - Add Debian 13 "Trixie", with a rough date. - Correct the EOL date for Debian Jessie. - Tweak eol and eol-esm dates, by a couple of days, for Ubuntu 6.10, 9.10, 10.04, 12.04, 15.04, 15.10, 19.04 to match announced EOL dates. - Add Ubuntu 21.04, Impish Indri. -- Stefano Rivera Thu, 22 Apr 2021 11:46:22 -0400 distro-info-data (0.
Bug#987367: unblock: distro-info-data/0.47
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data Only change is: * Add Ubuntu 21.04, Impish Indri. When we get a release date for Bullseye, I'll want to ship another upload with it, too. [ Reason ] The new Ubuntu codename is now known. [ Impact ] Without this update, ubuntu-distro-info will report "Distribution data outdated." [ Tests ] There are automated tests, but not covering this specific new line of data. Manually tested by Ubuntu people in: https://bugs.launchpad.net/ubuntu/+source/distro-info-data/+bug/1925484 [ Risks ] Minimal, we do this every 6 months. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock distro-info-data/0.47 diff -Nru distro-info-data-0.46/debian/changelog distro-info-data-0.47/debian/changelog --- distro-info-data-0.46/debian/changelog 2021-01-29 16:41:20.0 -0400 +++ distro-info-data-0.47/debian/changelog 2021-04-22 10:30:18.0 -0400 @@ -1,3 +1,9 @@ +distro-info-data (0.47) unstable; urgency=medium + + * Add Ubuntu 21.04, Impish Indri. + + -- Stefano Rivera Thu, 22 Apr 2021 10:30:18 -0400 + distro-info-data (0.46) unstable; urgency=medium * Add "eol-server" dates matching "eol", for LTS releases, as there hasn't diff -Nru distro-info-data-0.46/ubuntu.csv distro-info-data-0.47/ubuntu.csv --- distro-info-data-0.46/ubuntu.csv2021-01-29 16:41:20.0 -0400 +++ distro-info-data-0.47/ubuntu.csv2021-04-22 10:30:18.0 -0400 @@ -33,3 +33,4 @@ 20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-04-23,2025-04-23,2030-04-23 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-22 +21.10,Impish Indri,impish,2021-04-22,2021-10-14,2022-07-14
Bug#983499: unblock: python3-defaults/3.9.2~rc1-1, python3.9/3.9.2~rc1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: d...@debian.org Please unblock package python3-defaults and python3.9 Adding a new binary package, -full, to both source packages. Both are currently in binNEW. Sorry, should have probably filed this a couple of weeks ago. Once we saw this coming. [ Reason ] The reason for this change is laid out in https://lists.debian.org/debian-python/2021/02/msg00035.html TL;DR: Debian heard of some upstream Python grumpyness about our standard library splits, recently. This is all very badly timed for the freeze. Including a python3-full and python3.x-full packages, that Depends on the entire stdlib, is a compromise position to help them to support Python users on Debian (and derivative) platforms. These packages would be dependency-only packages, and only directly installed by end-users, not used as a dependency of other packages. We intend to try to backport this to stable releases too. [ Impact ] Impact, if this isn't granted, is continuation of status-quo. We'd probably attempt to add it in a point release. [ Tests ] Not relevant. [ Risks ] While the source packages at question are core to the system, this is just the addition of leaf packages. [ Checklist ] unblock python3-defaults/3.9.2~rc1-1 unblock python3.9/3.9.2~rc1-1 diff --git a/.gitignore b/.gitignore index 1f20116..0717416 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,7 @@ debian/python3-dbg debian/python3-dev debian/python3-doc debian/python3-examples +debian/python3-full debian/python3-minimal debian/python3-venv diff --git a/debian/changelog b/debian/changelog index 19ee73a..f360209 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +python3-defaults (3.9.2~rc1-1) experimental; urgency=medium + + * Bump version to 3.9.2 rc1. + + [ Stefano Rivera ] + * Improve package descriptions, describing venv, stdlib, and lib2to3 package +contents. + + [ Matthias Klose ] + * Build a python3-full package. + + -- Matthias Klose Thu, 18 Feb 2021 12:16:46 +0100 + python3-defaults (3.9.1-1) unstable; urgency=medium * Bump version to 3.9.1. diff --git a/debian/control b/debian/control index 59ed6f6..0087ed5 100644 --- a/debian/control +++ b/debian/control @@ -39,13 +39,19 @@ Architecture: any Multi-Arch: allowed Depends: python3.9-venv (>= 3.9.1-1~), python3 (= ${binary:Version}), python3-distutils (>= 3.9.1-1~), ${misc:Depends} -Description: pyvenv-3 binary for python3 (default python3 version) - Python, the high-level, interactive object oriented language, - includes an extensive class library with lots of goodies for - network programming, system administration, sounds and graphics. +Description: venv module for python3 (default python3 version) + This package contains the venv module for the Python language (default python3 + version). + . + The venv module provides support for creating lightweight "virtual + environments" with their own site directories, optionally isolated from system + site directories. Each virtual environment has its own Python binary (which + matches the version of the binary that was used to create this environment) + and can have its own independent set of installed Python packages in its site + directories. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's venv module (currently v3.9). Package: python3-minimal Architecture: any @@ -68,7 +74,7 @@ Description: examples for the Python language (default version) the upstream Python distribution. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's examples (currently v3.9). Package: python3-dev Architecture: any @@ -83,7 +89,7 @@ Description: header files and a static library for Python (default) in applications. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's headers (currently v3.9). Package: libpython3-dev Architecture: any @@ -98,19 +104,18 @@ Description: header files and a static library for Python (default) in applications. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's headers (currently v3.9). Package: libpython3-stdlib Architecture: any Multi-Arch: same Depends: libpython3.9-stdlib (>= 3.9.1-1~), ${misc:Depends} Description: interactive high-level object-oriented language (default python3 version) - Python, the high-level, interactive object oriented language, - includes an extensive class library with lots of goodies for - network programming, system administration, sounds and graphics. + This package contains the majority of the standard library for the Python + language (default python3 version).
Bug#973672: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Public ABI Breakage: The implementation of RE2::Arg was changed from preprocessor macros to C++ templates. It remains API-compatible, though. Reverse Dependencies: $ grep ^Status: *.build chromium_amd64.build:Status: successful clickhouse_amd64.build:Status: attempted dnsdist_amd64.build:Status: successful effcee_amd64.build:Status: successful libphonenumber_amd64.build:Status: successful libpog_amd64.build:Status: successful libre-engine-re2-perl_amd64.build:Status: successful node-re2_amd64.build:Status: successful qtwebengine-opensource-src_amd64.build:Status: successful re2_20201101+dfsg-1_amd64.build:Status: successful re2_20201101+dfsg-1_i386.build:Status: successful ruby-re2_amd64.build:Status: successful clickhouse FTBFS (#966439) is caused by GCC 10 and unrelated. Ben file: title = "re2"; is_affected = .depends ~ "libre2-8" | .depends ~ "libre2-9"; is_good = .depends ~ "libre2-9"; is_bad = .depends ~ "libre2-8"; The automatically generated ben files are usually correct. SR
Bug#973655: buster-pu: package distro-info-data/0.41+deb10u3
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] I want to update distro-info-data, so that it knows about the current Ubuntu development release. [ Impact ] Currently on a Buster system: $ ubuntu-distro-info --devel ubuntu-distro-info: Distribution data outdated. Please check for an update for distro-info-data. See /usr/share/doc/distro-info-data/README.Debian for details. With this change: $ ubuntu-distro-info --devel hirsute [ Tests ] It's just a data package. There are automated tests for correctness. The data was copied from the version uploaded to unstable. [ Risks ] Negligible, it's a new entry in the Ubuntu releases table. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] * Update data to 0.45: - Add Ubuntu 21.04, Hirsute Hippo. [ Other info ] Last update's bug: #958714 [ Debdiff ] diff -Nru distro-info-data-0.41+deb10u2/debian/changelog distro-info-data-0.41+deb10u3/debian/changelog --- distro-info-data-0.41+deb10u2/debian/changelog 2020-04-24 09:24:59.0 -0700 +++ distro-info-data-0.41+deb10u3/debian/changelog 2020-11-02 12:44:14.0 -0800 @@ -1,3 +1,10 @@ +distro-info-data (0.41+deb10u3) buster; urgency=medium + + * Update data to 0.45: +- Add Ubuntu 21.04, Hirsute Hippo. + + -- Stefano Rivera Mon, 02 Nov 2020 12:44:14 -0800 + distro-info-data (0.41+deb10u2) buster; urgency=medium * Update data to 0.44: diff -Nru distro-info-data-0.41+deb10u2/ubuntu.csv distro-info-data-0.41+deb10u3/ubuntu.csv --- distro-info-data-0.41+deb10u2/ubuntu.csv2020-04-24 09:24:59.0 -0700 +++ distro-info-data-0.41+deb10u3/ubuntu.csv2020-11-02 12:44:14.0 -0800 @@ -32,3 +32,4 @@ 19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17 20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-04-23 20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22 +21.04,Hirsute Hippo,hirsute,2020-10-22,2021-04-22,2022-01-22 SR
Bug#947351: cloud-init 20.2-2~deb10u1 flagged for acceptance
Hi Adam (2020.07.09_13:19:23_-0700) > The upload referenced by this bug report has been flagged for acceptance into > the proposed-updates queue for Debian buster. FWIW, this update included a change that broke the Debian images for at least one hosting provider. We noticed when provisioning a Debian 10.5 image on Hetzner Cloud, that no Ethernet interfaces where being configured. Hetzner had "include /etc/network/interfaces.d/*.cfg" in their /etc/network/interfaces. Before 19.2 cloud-init wrote /etc/network/interfaces.d/50-cloud-init.cfg After 19.2 cloud-init wrote /etc/network/interfaces.d/50-cloud-init Relevant upstream commit: https://github.com/canonical/cloud-init/commit/a6faf3acef02bd8cd4d46ac9efeebf24b3f21d81 This doesn't break Debian installs that had the default /etc/network/interfaces. But if it caused a regression for one provider, it probably caused regressions for others too. Not sure what the right approach in Debian is, here. Whether there should be a new bug filed against cloud-init in stable? We filed Hetzner Ticket#2020081703000394 with these details so they could fix their images. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#965023: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Public ABI Breakage: An entry was inserted into an enum, rather than appended to the end. Public API Breakage: None Reverse Dependencies: * dnsdist seems to have had uninstallable Build-Dependencies, in my testing yesterday, but built fine on the 5th. * Everything else builds without error. Ben file: title = "re2"; is_affected = .depends ~ "libre2-7" | .depends ~ "libre2-8"; is_good = .depends ~ "libre2-8"; is_bad = .depends ~ "libre2-7"; https://release.debian.org/transitions/html/auto-re2.html LGTM SR
Bug#960360: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Public ABI Breakage: Types changed from maps to vectors in a couple of functions. Nothing in Debian uses them. Public API Breakage: The deprecated RE2::Options::set_utf8 and RE2::Options::utf8 helper functions were removed from re2.h. https://github.com/google/re2/commit/58141dc9c92189ed8d046f494f5e034d5db91bea https://github.com/google/re2/commit/ac65d4531798ffc9bf807d1f7c09efb0eec70480 Reverse Dependencies: * Updated ruby-re2 to 1.2.0 to support this. * Chromium needs a patch: https://github.com/chromium/chromium/commit/ede390a0b18e4565abf8ac1e1ff717e1d43fc320 * Others build without error. Ben file: title = "re2"; is_affected = .depends ~ "libre2-6" | .depends ~ "libre2-7"; is_good = .depends ~ "libre2-7"; is_bad = .depends ~ "libre2-6"; https://release.debian.org/transitions/html/auto-re2.html LGTM SR
Bug#958714: buster-pu: package distro-info-data/0.41+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, I want to update distro-info-data, so that it knows about the current Ubuntu development release. While I'm here, I can make a guess at Stretch's EoL based on Buster's release date. If we get a better date, we should update it. Test cases: $ ubuntu-distro-info --devel groovy $ debian-distro-info --date=2020-08-01 --supported buster bullseye sid experimental (Yeah it doesn't know about LTS yet. That's https://salsa.debian.org/debian/distro-info-data/merge_requests/2 which I must just merge) Debdiff (uploaded): diff --git a/debian.csv b/debian.csv index 78abfed..d20aabf 100644 --- a/debian.csv +++ b/debian.csv @@ -12,7 +12,7 @@ version,codename,series,created,release,eol 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31 7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26 8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-06 -9,Stretch,stretch,2015-04-25,2017-06-17 +9,Stretch,stretch,2015-04-25,2017-06-17,2020-07-06 10,Buster,buster,2017-06-17,2019-07-06 11,Bullseye,bullseye,2019-07-06 12,Bookworm,bookworm,2021-08-01 diff --git a/debian/changelog b/debian/changelog index 8088798..b22e04e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +distro-info-data (0.41+deb10u2) buster; urgency=medium + + * Update data to 0.44: +- Add Ubuntu 20.10, Groovy Gorilla. +- Add a guessed EOL date for Debian Stretch. + + -- Stefano Rivera Fri, 24 Apr 2020 09:24:59 -0700 + distro-info-data (0.41+deb10u1) buster; urgency=medium [ Stefano Rivera ] diff --git a/ubuntu.csv b/ubuntu.csv index 08d442f..0236239 100644 --- a/ubuntu.csv +++ b/ubuntu.csv @@ -31,3 +31,4 @@ version,codename,series,created,release,eol,eol-server 19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-18 19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17 20.04 LTS,Focal Fossa,focal,2019-10-17,2020-04-23,2025-04-23 +20.10,Groovy Gorilla,groovy,2020-04-23,2020-10-22,2021-07-22
Bug#954288: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition C++. Lots of ABI breakage... Class members were reorganised, and mutability changed. Upstream chose to SONAME bump. https://github.com/google/re2/issues/243 In other news: Upstream is finally taking ownership of their soname \o/ https://release.debian.org/transitions/html/auto-re2.html looks good. I test built all of the rev-deps (on March 3rd) and they all built, except for clickhouse (known FTBFS: #950983). Ben file: title = "re2"; is_affected = .depends ~ "libre2-5" | .depends ~ "libre2-6"; is_good = .depends ~ "libre2-6"; is_bad = .depends ~ "libre2-5"; -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8), LANGUAGE=en_ZA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#931659: transition: rm python2
The current regex is using \bpython, which matches dh-python. I suggest this patch, using \s instead. Gets us down to 3455/4057. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 diff --git a/config/ongoing/python2-rm.ben b/config/ongoing/python2-rm.ben index ca4b33d..60d928c 100644 --- a/config/ongoing/python2-rm.ben +++ b/config/ongoing/python2-rm.ben @@ -1,6 +1,6 @@ title = "python2-rm"; notes = "Python 2 removal tracker (#931659)"; -is_affected = .depends ~ /\b(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/ | .build-depends ~ /\b(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/; -is_bad = .depends ~ /\b(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/ | .build-depends ~ /\b(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/; +is_affected = .depends ~ /\s(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/ | .build-depends ~ /\s(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/; +is_bad = .depends ~ /\s(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/ | .build-depends ~ /\s(python|python-minimal|python-dev|libpython-dev|libpython-stdlib|python-doc|python-dbg|libpython-dbg|python-all|python-all-dev|python-all-dbg|libpython-all-dev|libpython-all-dbg|python2|python2-minimal|python2-dev|libpython2-dev|libpython2-stdlib|python2-doc|python2-dbg|libpython2-dbg|python2.7|libpython2.7-stdlib|python2.7-minimal|libpython2.7-minimal|libpython2.7|python2.7-examples|python2.7-dev|libpython2.7-dev|libpython2.7-testsuite|idle-python2.7|python2.7-doc|python2.7-dbg|libpython2.7-dbg)\b/; is_good = .depends ~ "''";
Bug#930536: unblock: distro-info-data/0.41
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data This is a pure-data package, tracking Debian and Ubuntu releases. As the release date is now known, it needs an update. Since the last update, the most recent Ubuntu release has also received an animal name, so that is included, too. unblock distro-info-data/0.41 Thanks, SR diff -Nru distro-info-data-0.40/debian/changelog distro-info-data-0.41/debian/changelog --- distro-info-data-0.40/debian/changelog 2019-04-23 12:14:38.0 -0700 +++ distro-info-data-0.41/debian/changelog 2019-06-14 10:50:04.0 -0700 @@ -1,3 +1,11 @@ +distro-info-data (0.41) unstable; urgency=medium + + * Add final animal name for Ubuntu 19.10 Eoan Ermine. + * Set release date for Buster (and matching creation date for Bullseye). +It has been announced. + + -- Stefano Rivera Fri, 14 Jun 2019 10:50:04 -0700 + distro-info-data (0.40) unstable; urgency=medium * Correct EOL date for trusty. (LP: #1825553) diff -Nru distro-info-data-0.40/debian.csv distro-info-data-0.41/debian.csv --- distro-info-data-0.40/debian.csv2019-04-23 12:14:38.0 -0700 +++ distro-info-data-0.41/debian.csv2019-06-14 10:50:04.0 -0700 @@ -13,8 +13,8 @@ 7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26 8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-06 9,Stretch,stretch,2015-04-25,2017-06-17 -10,Buster,buster,2017-06-17 -11,Bullseye,bullseye,2019-08-01 +10,Buster,buster,2017-06-17,2019-07-06 +11,Bullseye,bullseye,2019-07-06 12,Bookworm,bookworm,2021-08-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff -Nru distro-info-data-0.40/ubuntu.csv distro-info-data-0.41/ubuntu.csv --- distro-info-data-0.40/ubuntu.csv2019-04-23 12:14:38.0 -0700 +++ distro-info-data-0.41/ubuntu.csv2019-06-14 10:50:04.0 -0700 @@ -29,4 +29,4 @@ 18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-04-26 18.10,Cosmic Cuttlefish,cosmic,2018-04-26,2018-10-18,2019-07-18 19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-18 -19.10,Eoan EANIMAL,eoan,2019-04-18,2019-10-17,2020-07-17 +19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17
Bug#927819: unblock: distro-info-data/0.40
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data This is a pure data package. This upload contains two updates to Ubuntu data: 1. Ubuntu 19.04 has released, and we have a provisional entry for 19.10. There is no animal name for it, yet. But no idea when we're going to get that. 2. Correction to the Ubuntu 14.04 EOL. (and a noop standards-version update) The package is pointless without up-to-date data. When we have an idea of the Buster release date, we'll probably want to do another upload. That could be a post-release SPU, if absolutely necessary. unblock distro-info-data/0.40 diff --git a/debian/changelog b/debian/changelog index a3645af..5433f38 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +distro-info-data (0.40) unstable; urgency=medium + + * Correct EOL date for trusty. (LP: #1825553) + * Add Ubuntu 19.10, with a provisional animal name. (LP: #1825379) + * Bump Standards-Version to 4.3.0, no changes needed. + + -- Stefano Rivera Tue, 23 Apr 2019 12:14:38 -0700 + distro-info-data (0.39) unstable; urgency=medium * Add Ubuntu 19.04 Disco Dingo. (LP: #1800656) diff --git a/debian/control b/debian/control index 8505040..095e4c2 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Benjamin Drung Uploaders: Stefano Rivera Build-Depends: debhelper (>= 9), python -Standards-Version: 4.1.4 +Standards-Version: 4.3.0 Vcs-Git: https://salsa.debian.org/debian/distro-info-data.git Vcs-Browser: https://salsa.debian.org/debian/distro-info-data Rules-Requires-Root: no diff --git a/ubuntu.csv b/ubuntu.csv index 1fb41a2..f35a640 100644 --- a/ubuntu.csv +++ b/ubuntu.csv @@ -18,7 +18,7 @@ version,codename,series,created,release,eol,eol-server 12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-05-16 13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-27 13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17 -14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-17 +14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-25 14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23 15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-01-23 15.10,Wily Werewolf,wily,2015-04-23,2015-10-22,2016-07-22 @@ -29,3 +29,4 @@ version,codename,series,created,release,eol,eol-server 18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-04-26 18.10,Cosmic Cuttlefish,cosmic,2018-04-26,2018-10-18,2019-07-18 19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-18 +19.10,Eoan EANIMAL,eoan,2019-04-18,2019-10-17,2020-07-17
Bug#925461: unblock: pypy/7.0.0+dfsg-3, backports.functools-lru-cache/1.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock pypy & backports.functools-lru-cache. A relatively last-minute feature in pypy was namespace package support (#920899). Unfortunately the path I picked isn't what dh_pypy (in dh-python) implemented, and I think Piotr's rationale for that was reasonable. But I didn't notice the incompatibility until after the freeze. So, #924676 and #924677. debdiffs attached. unblock pypy/7.0.0+dfsg-3 unblock backports.functools-lru-cache/1.5-3 Thanks, SR diff -Nru pypy-7.0.0+dfsg/debian/changelog pypy-7.0.0+dfsg/debian/changelog --- pypy-7.0.0+dfsg/debian/changelog2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/changelog2019-03-24 11:07:07.0 -0400 @@ -1,3 +1,12 @@ +pypy (7.0.0+dfsg-3) unstable; urgency=medium + + * Update watch file regex, upstream calls it pypy2.7 now. + * pypycompile and pypyclean now read namespaces from /usr/share/pypy/ns +(following dh_pypy). (Closes: #924676) +- Breaks old pypy-backports.functools-lru-cache, using the old location. + + -- Stefano Rivera Sun, 24 Mar 2019 11:07:07 -0400 + pypy (7.0.0+dfsg-2) unstable; urgency=medium * Remove dh_builddeb override, no longer necessary. diff -Nru pypy-7.0.0+dfsg/debian/control pypy-7.0.0+dfsg/debian/control --- pypy-7.0.0+dfsg/debian/control 2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/control 2019-03-24 11:07:07.0 -0400 @@ -18,8 +18,8 @@ procps, pypy [any-amd64 any-i386 armhf ppc64 ppc64el s390x] , python (>= 2.6.6-11~), - python-pycparser, python-docutils, + python-pycparser, python-sphinx (>= 1.0.7+dfsg), python2.7-dev, tcl-dev, @@ -36,7 +36,9 @@ Package: pypy Architecture: any Depends: pypy-lib (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} -Breaks: pypy-dev (<< ${source:Version}) +Breaks: + pypy-backports.functools-lru-cache (<< 1.5-3~), + pypy-dev (<< ${source:Version}) Provides: ${pypy-abi} Suggests: pypy-doc, pypy-tk (= ${binary:Version}) Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends} diff -Nru pypy-7.0.0+dfsg/debian/copyright pypy-7.0.0+dfsg/debian/copyright --- pypy-7.0.0+dfsg/debian/copyright2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/copyright2019-03-24 11:07:07.0 -0400 @@ -206,7 +206,7 @@ Floris Bruynooghe Christopher Pope Tristan Arthur - Christian Tismer + Christian Tismer Dan Stromberg Carl Meyer Florin Papa diff -Nru pypy-7.0.0+dfsg/debian/pypy.dirs pypy-7.0.0+dfsg/debian/pypy.dirs --- pypy-7.0.0+dfsg/debian/pypy.dirs2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/pypy.dirs2019-03-24 11:07:07.0 -0400 @@ -1,2 +1,2 @@ +/usr/share/pypy/ns /usr/local/lib/pypy2.7/dist-packages -/usr/lib/pypy/ns diff -Nru pypy-7.0.0+dfsg/debian/pypy.install pypy-7.0.0+dfsg/debian/pypy.install --- pypy-7.0.0+dfsg/debian/pypy.install 2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/pypy.install 2019-03-24 11:07:07.0 -0400 @@ -2,5 +2,5 @@ debian/scripts/pypycompile/usr/bin include/pypy_*.h /usr/lib/pypy/include lib_pypy/_*_cffi.*.so /usr/lib/pypy/lib_pypy -pypy/goal/pypy-c /usr/lib/pypy/bin pypy/goal/libpypy-c.so/usr/lib/pypy/bin +pypy/goal/pypy-c /usr/lib/pypy/bin diff -Nru pypy-7.0.0+dfsg/debian/pypy.links pypy-7.0.0+dfsg/debian/pypy.links --- pypy-7.0.0+dfsg/debian/pypy.links 2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/pypy.links 2019-03-24 11:07:07.0 -0400 @@ -1,2 +1,2 @@ -/usr/lib/pypy/bin/pypy-c /usr/bin/pypy /usr/lib/pypy/bin/libpypy-c.so /usr/lib/libpypy-c.so +/usr/lib/pypy/bin/pypy-c /usr/bin/pypy diff -Nru pypy-7.0.0+dfsg/debian/scripts/pypyclean pypy-7.0.0+dfsg/debian/scripts/pypyclean --- pypy-7.0.0+dfsg/debian/scripts/pypyclean2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/scripts/pypyclean2019-03-24 11:07:07.0 -0400 @@ -31,7 +31,7 @@ def installed_namespaces(): '''Return a dictionary of package: frozenset(namespaces)''' -ns_dir = '/usr/lib/pypy/ns' +ns_dir = '/usr/share/pypy/ns' ns_by_pkg = {} for pkg in os.listdir(ns_dir): ns_file = os.path.join(ns_dir, pkg) diff -Nru pypy-7.0.0+dfsg/debian/scripts/pypycompile pypy-7.0.0+dfsg/debian/scripts/pypycompile --- pypy-7.0.0+dfsg/debian/scripts/pypycompile 2019-02-12 17:41:21.0 -0500 +++ pypy-7.0.0+dfsg/debian/scripts/pypycompile 2019-03-24 11:07:07.0 -0400 @@ -45,7 +45,7 @@ '''Iterate through a package's ns file. Create all necessary__init__.pys, and yield them. ''' -ns_file = os.path.join('/usr/lib/pypy/ns', package) +ns_file = os.path.join('/usr/share/pypy/ns', package) if not os.path.exists(ns_file): return with open(ns_file) as f: diff -Nru py
Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1
Hi Release Team: > unblock chef/13.8.7-3 > unstable ohai/13.8.0-1 > OR > remove ruby-cheffish/13.1.0-2 I have a couple of packages that are part of the part of the chef stack and some were pulled out with it, through no fault of their own. So, I'd add to that, a unblock foodcritic/13.1.1-2 unblock ruby-knife-acl/1.0.3-2 Neither of those are critical to the maintenance of ci.debian.org, but they are of use to people managing Cheffed infrastructure, and don't have particularly high popcon or bug numbers. OR If we don't unblock the chef stack, can we also: remove chef-zero/13.1.0-2 It seems silly to keep it in the release, without chef. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#918501: transition: re2
Hi Emilio (2019.01.07_10:32:43_-0800) > Thanks, uploaded. I see dnsdist failed to binnmu on i386. I suspect this is a transient/intermittent test failure - it builds for me locally. Try a give-back? SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#918501: transition: re2
Hi Emilio (2019.01.07_19:05:02_+0200) > Go ahead. Thanks, uploaded. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#918501: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition re2 is a C++ regex library, requiring about a transition a year, for various symbol changes. Only 6 reverse dependencies in testing. The automated ben file looks fine: https://release.debian.org/transitions/html/auto-re2.html I've uploaded to experimental and test-built all of the reverse-deps. No regressions in amd64 buildability of them. Everything that's in testing rebuilt without patching. Still waiting for some MIPS*el builds, but those could take weeks... And not expecting any new FTBFS - I've test-built them on the porterbox. reportbug ben file: title = "re3"; is_affected = .depends ~ "libre2-4" | .depends ~ "libre2-5"; is_good = .depends ~ "libre2-5"; is_bad = .depends ~ "libre2-4"; SR
Bug#891185: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, re2 is C++ and likes to have transitions. Not many reverse-deps, though :) It's in experimental. I've test built the reverse-depends, and didn't see any new failures. I can't get chromium-browser to build before or after the transition, but presumably it's fine, Google would be targeting the latest re2 anyway. Reportbug Ben file: title = "re2"; is_affected = .depends ~ "libre2-3" | .depends ~ "libre2-4"; is_good = .depends ~ "libre2-4"; is_bad = .depends ~ "libre2-3"; https://release.debian.org/transitions/html/auto-re2.html Looks good, though. SR
Bug#864076: unblock: distro-info-data/0.36
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data This is a pre-upload unblock request for distro-info-data, now that the Jessie release date has been announced. While I was here, I realised that we didn't have EOL dates for Jessie or Wheezy yet :( We have a long-standing bug of not including LTS dates (#782685) so I've maintained the status-quo and did that for these two as well. Alternatively, I could just extend the support dates out to include LTS, but that seems like another bad idea :/ So, are you OK with this patch-set, and would you consider allowing it in, for Stretch? unblock distro-info-data/0.36 Thanks, SR diff --git a/debian.csv b/debian.csv index c1f0962..b476031 100644 --- a/debian.csv +++ b/debian.csv @@ -10,10 +10,10 @@ version,codename,series,created,release,eol 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31 -7,Wheezy,wheezy,2011-02-06,2013-05-04 -8,Jessie,jessie,2013-05-04,2015-04-25 -9,Stretch,stretch,2015-04-25 -10,Buster,buster,2018-07-01 +7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26 +8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-06 +9,Stretch,stretch,2015-04-25,2017-06-17 +10,Buster,buster,2017-06-17 11,Bullseye,bullseye,2020-11-05 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff --git a/debian/changelog b/debian/changelog index cec721c..130df23 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +distro-info-data (0.36) UNRELEASED; urgency=medium + + * Set EOL date for Debian Wheezy. This excludes LTS, which we haven't +supported in distro-info yet, for Debian, but matches what we did for +Squeeze. + * Set (provisional) EOL date for Debian Jessie. + * Set release date for Stretch (and matching creation date for Buster). It +has been announced. + + -- Stefano Rivera <stefa...@debian.org> Sat, 03 Jun 2017 18:07:40 -0700 + distro-info-data (0.35) unstable; urgency=medium * Correct Ubuntu Zesty release date.
Bug#860864: unblock: distro-info-data/0.35
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package distro-info-data Ubuntu 17.04 has now released, and we need to add 17.10. Of course there will still need to be one more update of distro-info-data once stretch has a release date (that could be after the release). unblock distro-info-data/0.35 Thanks, SR diff -Nru distro-info-data-0.33/debian/changelog distro-info-data-0.35/debian/changelog --- distro-info-data-0.33/debian/changelog 2017-01-15 15:53:52.0 -0800 +++ distro-info-data-0.35/debian/changelog 2017-04-20 19:43:47.0 -0700 @@ -1,3 +1,15 @@ +distro-info-data (0.35) unstable; urgency=medium + + * Correct Ubuntu Zesty release date. + + -- Stefano Rivera <stefa...@debian.org> Thu, 20 Apr 2017 19:43:47 -0700 + +distro-info-data (0.34) unstable; urgency=medium + + * Add Ubuntu 17.10, Artful Aardvark. + + -- Stefano Rivera <stefa...@debian.org> Thu, 20 Apr 2017 16:42:23 -0700 + distro-info-data (0.33) unstable; urgency=medium * Add Debian 11 codename (with provisional creation date) (Closes: #851447) diff -Nru distro-info-data-0.33/ubuntu.csv distro-info-data-0.35/ubuntu.csv --- distro-info-data-0.33/ubuntu.csv2016-10-21 15:48:30.0 -0700 +++ distro-info-data-0.35/ubuntu.csv2017-04-20 19:43:47.0 -0700 @@ -24,4 +24,5 @@ 15.10,Wily Werewolf,wily,2015-04-23,2015-10-22,2016-07-22 16.04 LTS,Xenial Xerus,xenial,2015-10-22,2016-04-21,2021-04-21 16.10,Yakkety Yak,yakkety,2016-04-21,2016-10-13,2017-07-20 -17.04,Zesty Zapus,zesty,2016-10-13,2017-04-20,2018-01-25 +17.04,Zesty Zapus,zesty,2016-10-13,2017-04-13,2018-01-25 +17.10,Artful Aardvark,artful,2017-04-13,2017-10-19,2018-07-19
Bug#855555: unblock: hdmi2usb-fx2-firmware/0.0.0~git20151225-1
Control: tags -1 - moreinfo > How soon can we have confirmed whether this upload fixes the issue with > Numato Opsis boards? If we unblock this, I would like to know it at > least fixes the issue we are unblocking it for. It works. I confirmed this yesterday, and with the package, as built in the archive, this morning. Thanks CarlFK for hooking up an Opsis for me :) SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#855555: unblock: hdmi2usb-fx2-firmware/0.0.0~git20151225-1
2 @@ install: - # Install sdcc - sudo apt-get install --force-yes -y sdcc - sdcc --version + - # doxygen & rubber are needed for generating the documentation + - sudo apt-get install -y doxygen rubber script: - make + - make docs + +after_success: + - ./.travis-push-docs.sh diff --git a/debian/changelog b/debian/changelog index 3541a3a..82797f3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,12 @@ -hdmi2usb-fx2-firmware (0.0.0~git20151018-1) unstable; urgency=low +hdmi2usb-fx2-firmware (0.0.0~git20151225-1) UNRELEASED; urgency=low + + * New upstream release (different git branch) +- Should actually build a working uart firmware for the opsis. + (Closes: #855548) + + -- Stefano Rivera <stefa...@debian.org> Mon, 28 Nov 2016 23:35:19 -0800 + +hdmi2usb-fx2-firmware (0.0.0~git20151128-1) unstable; urgency=low * Initial upload. (Closes: #796769) diff --git a/debian/rules b/debian/rules index c4f2158..152525d 100755 --- a/debian/rules +++ b/debian/rules @@ -4,12 +4,13 @@ dh $@ VER=$(shell dpkg-parsechangelog | sed -rne 's/^Version: (.+)-.*/\1/p') +BRANCH=opsis-uart-with-eeprom-serialno get-packaged-orig-source: - git clone https://github.com/mithro/fx2lib -b cdc-usb-serialno-from-eeprom + git clone https://github.com/mithro/fx2lib -b $(BRANCH) set -xe; \ GIT_DATE=$$(dpkg-parsechangelog | sed -rne 's/^Version: .*\~git()(..)(..)-.*/\1-\2-\3 00:00:00 UTC/p'); \ cd fx2lib; \ - GIT_COMMIT=$$(git rev-list -n1 --until="$$GIT_DATE" cdc-usb-serialno-from-eeprom); \ + GIT_COMMIT=$$(git rev-list -n1 --until="$$GIT_DATE" $(BRANCH)); \ git archive $$GIT_COMMIT --prefix=hdmi2usb-fx2-firmware_$(VER).orig/ \ -o ../hdmi2usb-fx2-firmware_$(VER).orig.tar xz -f hdmi2usb-fx2-firmware_$(VER).orig.tar diff --git a/examples/cdc/Makefile b/examples/cdc/Makefile index 57cb825..e9b579c 100644 --- a/examples/cdc/Makefile +++ b/examples/cdc/Makefile @@ -1,4 +1,4 @@ -DIRS=to-uart +DIRS=loopback to-uart .PHONY: dirs $(DIRS) clean diff --git a/examples/cdc/common/dscr.a51 b/examples/cdc/common/dscr.a51 index 285d9f9..533d5ec 100644 --- a/examples/cdc/common/dscr.a51 +++ b/examples/cdc/common/dscr.a51 @@ -42,7 +42,8 @@ ENDPOINT_TYPE_ISO=1 ENDPOINT_TYPE_BULK=2 ENDPOINT_TYPE_INT=3 -.globl _dev_dscr, _dev_qual_dscr, _highspd_dscr, _fullspd_dscr, _dev_strings, _dev_strings_end, _dev_serial +.globl _dev_dscr, _dev_qual_dscr, _highspd_dscr, _fullspd_dscr, _dev_strings, _dev_strings_end +.globl _dev_serial ; These need to be in code memory. If ; they aren't you'll have to manully copy them somewhere ; in code memory otherwise SUDPTRH:L don't work right @@ -57,9 +58,9 @@ _dev_dscr: .db 0x00 ; 5 bDeviceSubclass 1 Subclass code .db 0x00 ; 6 bDeviceProtocol 1 Protocol Code .db 64; 7 bMaxPacketSize0 1 Maximum packet size for endpoint zero - .dw 0xB404; 8 idVendor 2 Vendor ID - .dw 0x0410; 10 idProduct 2 Product ID - .dw 0x0100; 12 bcdDevice 2 Device release number (BCD) + .dw 0x192A; 8 idVendor 2 Vendor ID + .dw 0x4154; 10 idProduct 2 Product ID + .dw 0x0300; 12 bcdDevice 2 Device release number (BCD) .db 1 ; 14 iManufacturer 1 Index of string descriptor for the manufacturer .db 2 ; 15 iProduct 1 Index of string descriptor for the product .db 3 ; 16 iSerialNumber 1 Index of string descriptor for the serial number @@ -107,7 +108,7 @@ highspd_dscr_end: .db 0x02 ; Interface class .db 0x02 ; Interface sub class .db 0x01 ; Interface protocol code class - .db 0x00 ; Interface descriptor string index + .db 0; Interface descriptor string index ;; CDC Header Functional Descriptor .db 0x05 ; Descriptor Size in Bytes (5) @@ -154,7 +155,7 @@ highspd_dscr_end: .db 0x0A ; Interface class .db 0x00 ; Interface sub class .db 0x00 ; Interface protocol code class - .db 0x00 ; Interface descriptor string index + .db 0; Interface descriptor string index ; endpoint 2 out .db DSCR_ENDPOINT_LEN; Descriptor length @@ -195,15 +196,15 @@ fullspd_dscr_end: ; NOTE the default TRM actually has more alt interfaces ; but you can add them back in if you need them. ; here, we just use the default alt setting 1 from the trm - .db DSCR_INTERFACE_LEN - .db DSCR_INTERFACE_TYPE - .db 0 ; index - .db 0 ; alt setting idx - .db 2 ; n endpoints - .db 0x2 ; class - .db 0x2 - .db 0x1 - .db 3 ; string index + .db DSCR_INTERFACE_LEN + .db DSCR_INTERFACE_TYPE + .db
Bug#834545: transition: re2
Hi Emilio (2016.08.31_00:35:21_+0200) > > Would you mind if I held back for the next release, due on the 1st? So, that is staged in git and ready to go. It will require a 1-line patch to ocaml-re2 (inserting an std::), and ruby-re2 should be binnmuable. chromium-browser, libphonenumber, and hhvm all have unrelated FTBFSs at the moment. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#834545: transition: re2
Hi Emilio (2016.08.31_00:35:21_+0200) > > Would you mind if I held back for the next release, due on the 1st? > > 1st of September? > > That'd be fine. Yep. Upstream does monthly snapshots, rather than releases. And seem to be moving rather fast atm. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#834545: transition: re2
Hi Emilio (2016.08.29_09:58:46_+0200) > Go ahead. Would you mind if I held back for the next release, due on the 1st? SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#834545: transition: re2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition It's already in experimental, where it has built on all release architectures, so: Ben file: https://release.debian.org/transitions/html/auto-re2.html Only two reverse dependencies, which build on amd64. So, should be a trivial binNMU transition. SR -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#814930: jessie-pu: package hplip/3.15.11+repack0-1
ui4/pqdiagdialog_base.py|4 ui4/printdialog.py | 155 -- ui4/printdialog_base.py |6 ui4/printernamecombobox.py |9 ui4/printsettingsdialog.py | 10 ui4/printsettingsdialog_base.py |4 ui4/printsettingstoolbox.py | 167 +- ui4/printtestpagedialog.py | 14 ui4/printtestpagedialog_base.py |4 ui4/queuesconf.py |8 ui4/readonlyradiobutton.py |2 ui4/sendfaxdialog.py| 110 - ui4/sendfaxdialog_base.py |4 ui4/settingsdialog.py |9 ui4/settingsdialog_base.py |4 ui4/setupdialog.py | 215 ++- ui4/setupdialog_base.py | 51 ui4/systemtray.py | 68 - ui4/systrayframe.py | 18 ui4/ui_utils.py | 247 ++-- ui4/upgradedialog.py|8 ui4/wifisetupdialog.py | 83 - ui4/wifisetupdialog_base.py |2 uninstall.py|8 unload.py | 179 +-- upgrade.py | 46 wificonfig.py | 14 241 files changed, 8496 insertions(+), 6187 deletions(-) This was mostly putting a feeler out, as Didier thought you may be interested in a stable update, that supported new hardware. It seems to not be the case, so maybe I should just do a backport. I'm not particularly invested in this. I just made a backport that is probably useful to others, and am trying to find the right place to put it. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272
Bug#814930: jessie-pu: package hplip/3.15.11+repack0-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu I asked the printing people how they felt about an backport of hplip, and OdyX suggested [0]: > As far as I remember (but could never take the time to actively > check), the Debian Stable Managers were open to update packages in > Stable for hardware support (and "new HP Printer" would qualify). I > haven't checked the hplip code to see whether a full new upstream > release would make sense over backporting specific parts though. > tl;dr: I'd check with the SRMs first. How would you feel about a wholesale backport of hplip, to stable? No debdiff attached, because it's scary huge. Not even a diffstat, because: > 4362 files changed, 1703256 insertions(+), 17230 deletions(-) [0]: https://lists.debian.org/3588455.xzku8qg...@odyx.org SR
Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1
Hi Raphael (2015.04.16_11:00:58_+0200) FWIW, Debian 6 Squeeze is supported for at least 5 years (i.e. 2016-02-06) and most likely until Wheezy is no longer supported (i.e. 2016-04-24). cf http://wiki.debian.org/LTS We could hack that in, but we should really support LTS separately. This is #782685. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150416164917.ga3...@bach.rivera.co.za
Bug#782668: unblock: distro-info-data/0.25
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Would you accept this into jessie at this late date? It should have probably been submitted 2 weeks ago. Mea culpa. There is probably going to be another update, next month, when Ubuntu 15.10 is added. But that's less important for our users. This would be the diff against jessie: diff --git a/debian.csv b/debian.csv index 2c8a00c..adac206 100644 --- a/debian.csv +++ b/debian.csv @@ -11,6 +11,8 @@ version,codename,series,created,release,eol 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31 7,Wheezy,wheezy,2011-02-06,2013-05-04 -8,Jessie,jessie,2013-05-04 +8,Jessie,jessie,2013-05-04,2015-04-25 +9,Stretch,stretch,2015-04-25 +10,Buster,buster,2018-07-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff --git a/debian/changelog b/debian/changelog index f1a8d14..43fd29c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +distro-info-data (0.25) UNRELEASED; urgency=medium + + * Update Debian 9 target release date. + + -- Stefano Rivera stefa...@debian.org Wed, 15 Apr 2015 16:16:37 -0400 + +distro-info-data (0.24) unstable; urgency=medium + + * Add Debian 9 and 10 codenames (with provisional creation dates) + + -- Benjamin Drung bdr...@debian.org Mon, 10 Nov 2014 12:36:20 +0100 + distro-info-data (0.23) unstable; urgency=medium [ Colin Watson ] unblock distro-info-data/0.25 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_ZA.utf8, LC_CTYPE=en_ZA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150415203005.ga5...@purcell.lan
Bug#782668: unblock: distro-info-data/0.25
Hi Niels (2015.04.15_22:39:29_+0200) Ack, please go ahead. However, please ensure this is in unstable before the 9:52 UTC dinstall tomorrow (the 15th of April). Thanks. Uploaded and accepted. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150415213935.gc3...@bach.rivera.co.za
Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1
Hi Adam (2015.03.28_21:09:54_+0200) Argh, this somehow fell through the cracks again. :-( And then I put this off for two weeks, and it's now out of date. New revision, including the 8.0 change, but not 7.0, as discussed. Based on #782668: diff -Nru distro-info-data-0.17~deb7u1/debian/changelog distro-info-data-0.26~deb7u1/debian/changelog --- distro-info-data-0.17~deb7u1/debian/changelog 2013-10-21 11:13:46.0 -0400 +++ distro-info-data-0.26~deb7u1/debian/changelog 2015-04-15 18:35:51.0 -0400 @@ -1,3 +1,16 @@ +distro-info-data (0.26~deb7u1) stable; urgency=medium + + * Backport updates up to 0.26: +- Correct EOL date of Debian 6.0 Squeeze to 2014-05-31. +- Correct Debian 8 version (was 8.0). +- Update EOL date of Ubuntu 12.10 Quantal Quetzal to 2014-05-16. +- Update EOL date of Ubuntu 13.04 Raring Ringtai to 2014-01-27. +- Add Ubuntu 14.10, Utopic Unicorn. +- Add Ubuntu 15.04, Vivid Vervet. +- Add Debian 9 and 10 codenames (with provisional creation dates). + + -- Stefano Rivera stefa...@debian.org Sun, 26 Oct 2014 14:14:45 -0700 + distro-info-data (0.17~deb7u1) stable; urgency=low * Add Ubuntu 14.04, Trusty Tahr. (Closes: #726696, 727020) diff -Nru distro-info-data-0.17~deb7u1/debian.csv distro-info-data-0.26~deb7u1/debian.csv --- distro-info-data-0.17~deb7u1/debian.csv 2013-10-21 10:58:51.0 -0400 +++ distro-info-data-0.26~deb7u1/debian.csv 2015-04-15 18:29:12.0 -0400 @@ -9,8 +9,10 @@ 3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-30 4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15 5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06 -6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-04 +6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31 7.0,Wheezy,wheezy,2011-02-06,2013-05-04 -8.0,Jessie,jessie,2013-05-04 +8,Jessie,jessie,2013-05-04,2015-04-25 +9,Stretch,stretch,2015-04-25 +10,Buster,buster,2018-07-01 ,Sid,sid,1993-08-16 ,Experimental,experimental,1993-08-16 diff -Nru distro-info-data-0.17~deb7u1/ubuntu.csv distro-info-data-0.26~deb7u1/ubuntu.csv --- distro-info-data-0.17~deb7u1/ubuntu.csv 2013-10-21 10:58:51.0 -0400 +++ distro-info-data-0.26~deb7u1/ubuntu.csv 2015-04-15 18:29:34.0 -0400 @@ -15,7 +15,9 @@ 11.04,Natty Narwhal,natty,2010-10-10,2011-04-28,2012-10-28 11.10,Oneiric Ocelot,oneiric,2011-04-28,2011-10-13,2013-05-09 12.04 LTS,Precise Pangolin,precise,2011-10-13,2012-04-26,2017-04-26 -12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-04-18 -13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-25 +12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-05-16 +13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-27 13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17 14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-17 +14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23 +15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-01-23 Apologies for the age of this bug. I get lazy sometimes. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150415224907.ga3...@bach.rivera.co.za
Bug#782668: unblock: distro-info-data/0.25
Control: tags -1 - moreinfo confirmed Control: retitle -1 unblock: distro-info-data/0.26 Ack, please go ahead. However, please ensure this is in unstable before the 9:52 UTC dinstall tomorrow (the 15th of April). Oof. I've just noticed that the Ubuntu Vivid Vervet release date moved a week forward. So I uploaded 0.26 with: --- distro-info-data-0.25/debian/changelog 2015-04-15 16:41:29.0 -0400 +++ distro-info-data-0.26/debian/changelog 2015-04-15 18:07:34.0 -0400 @@ -1,3 +1,9 @@ +distro-info-data (0.26) unstable; urgency=medium + + * Update Ubuntu 15.04, Vivid Vervet release date. + + -- Stefano Rivera stefa...@debian.org Wed, 15 Apr 2015 18:03:41 -0400 + distro-info-data (0.25) unstable; urgency=medium * Update Debian 9 target release date. diff -Nru distro-info-data-0.25/ubuntu.csv distro-info-data-0.26/ubuntu.csv --- distro-info-data-0.25/ubuntu.csv2015-04-15 16:41:29.0 -0400 +++ distro-info-data-0.26/ubuntu.csv2015-04-15 18:07:34.0 -0400 @@ -20,4 +20,4 @@ 13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17 14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-17 14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23 -15.04,Vivid Vervet,vivid,2014-10-23,2015-04-30,2016-01-30 +15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-01-23 I assume given 0.25 was approved this is likely approved too, and an immediate upload is the best approach here. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150415221832.gd3...@bach.rivera.co.za
Bug#780169: jessie-pu: package youtube-dl/2014.08.05-1jessie0.1
Control: tags -1 - moreinfo Please use 2014.08.05-1+deb8u1 as version number. Lintian doesn't think that's correct for an NMU, but using it anyway. Also, submitted a patch to developers-reference #768426. and jessie as a distribution (instead of testing). Submitted #780243 (with a patch) to developers-reference. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150311044856.ge3...@bach.rivera.co.za
Bug#780169: jessie-pu: package youtube-dl/2014.08.05-1jessie0.1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu youtube-dl 2014.08.05-1 requires SSLv3 in https requests, and doesn't use protocol negotiation. See #780059. This, besides being bad, and not very future-proof has caused complete incompatibility with Python 2.7.9, which dropped the PROTOCOL_SSLv3 attribute from the ssl module. This bug has been fixed, by the upstream, in unstable. But at this point in the freeze, I doubt you'd consider letting the latest upstream version migrate to testing. So, please consider this t-p-u upload: diff -Nru youtube-dl-2014.08.05/debian/changelog youtube-dl-2014.08.05/debian/changelog --- youtube-dl-2014.08.05/debian/changelog 2014-08-06 11:43:31.0 -0700 +++ youtube-dl-2014.08.05/debian/changelog 2015-03-09 17:15:30.0 -0700 @@ -1,3 +1,11 @@ +youtube-dl (2014.08.05-1jessie0.1) testing; urgency=medium + + * Non-maintainer upload. + * Use SSL protocol negotiation, rather than requiring SSLv3 (which is no +longer supported in python 2.7.9). Closes: #780059. + + -- Stefano Rivera stefa...@debian.org Mon, 09 Mar 2015 17:14:45 -0700 + youtube-dl (2014.08.05-1) unstable; urgency=medium * Imported Upstream version 2014.08.05. diff -Nru youtube-dl-2014.08.05/debian/patches/no-sslv3 youtube-dl-2014.08.05/debian/patches/no-sslv3 --- youtube-dl-2014.08.05/debian/patches/no-sslv3 1969-12-31 16:00:00.0 -0800 +++ youtube-dl-2014.08.05/debian/patches/no-sslv3 2015-03-09 17:09:54.0 -0700 @@ -0,0 +1,34 @@ +Description: Support Python 2.7.9, which removed PROTOCOL_SSLv3 + In fact, don't try to force an SSL version at all. Debian OpenSSL doesn't + support insecure versions. + Upstream use Python's default SSL handshake since + https://github.com/rg3/youtube-dl/commit/0db261ba567cb5370455d67c4398e11e5e2119f8 + And switches to TLSv1 in legacy paths in + https://github.com/rg3/youtube-dl/commit/d79323136fabc2cd72afc7c124e17797e32df514 +Author: Stefano Rivera stefa...@debian.org +Bug-Debian: https://bugs.debian.org/780059 +Forwarded: not-needed +Last-Update: 2015-03-08 + +--- a/youtube_dl/utils.py b/youtube_dl/utils.py +@@ -588,17 +588,14 @@ + if getattr(self, '_tunnel_host', False): + self.sock = sock + self._tunnel() +-try: +-self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_SSLv3) +-except ssl.SSLError: +-self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_SSLv23) ++self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_SSLv23) + + class HTTPSHandlerV3(compat_urllib_request.HTTPSHandler): + def https_open(self, req): + return self.do_open(HTTPSConnectionV3, req) + return HTTPSHandlerV3(**kwargs) + else: +-context = ssl.SSLContext(ssl.PROTOCOL_SSLv3) ++context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + context.verify_mode = (ssl.CERT_NONE +if opts_no_check_certificate +else ssl.CERT_REQUIRED) diff -Nru youtube-dl-2014.08.05/debian/patches/series youtube-dl-2014.08.05/debian/patches/series --- youtube-dl-2014.08.05/debian/patches/series 1969-12-31 16:00:00.0 -0800 +++ youtube-dl-2014.08.05/debian/patches/series 2015-03-08 13:43:36.0 -0700 @@ -0,0 +1 @@ +no-sslv3 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150310002458.ga27...@purcell.lan
Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1
Hi Adam (2015.01.06_22:11:55_+0200) To summarise discussions from IRC, Julien pointed out that there are a number of other places where we still refer to Wheezy as 7.0, including the Release Notes and debian-installer-netboot-images. Combined with the fact that this would be a change in stable, I think we should leave the Wheezy package as-is in terms of referring to Wheezy as 7.0. Does that apply to only Wheezy, or Jessie too? SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150108041908.gw3...@bach.rivera.co.za
Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1
Hi Adam (2015.01.02_18:49:41_+0200) Apologies for the delay in getting back to you regarding this. I think when I previously looked at the request I assumed that we meant the maintainers, rather than also the Release Team. It meant everyone. But the RT have the final say, so mostly you :) I also canvassed Benjamin's vote, and he thinks we should do 7.0 - 7. He also thinks we should roll in 0.24 changes (Debian 9 + 10) but I think that should get into testing first, and he hasn't done anything to make that happen... I agree that 7.0 is wrong, although it does always worry me changing stuff like this. If it's unlikely to have been used, maybe just an explicit mention somewhere obvious would suffice, so that people notice and can amend things if they are relying on it? How obvious? A NEWS.Debian entry? SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 signature.asc Description: Digital signature
Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1
Hi 746946 (2014.11.01_03:02:58_+0200) We still need to make a decision on this bit. I've left that patch in, for now. Ping? SR -- Stefano Rivera http://tumbleweed.org.za/ H: +27 21 461 1230 C: +27 72 419 8559 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141228115425.ga27...@purcell.lan
Bug#771148: (pre-upload) unblock: pypy/2.4.0+dfsg-2
Control: tags -1 - moreinfo As you noted on irc, it still fails after 3 attempts, so a new upload is probably necessary. Please remove the moreinfo tag once the mipsel issue is resolved. Another (pair of) give-backs resolved it. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141213195913.gc3...@bach.rivera.co.za
Bug#771148: (pre-upload) unblock: pypy/2.4.0+dfsg-2
Hi Dejan (2014.12.05_16:39:01_+0200) I have tried to build pypy on a few different boards. On boradcom (mipsel) and cavium (mipsel), pypy was built successfully. On cavium (mips), build is still in progress. But it seems that it will pass as well. On lemote-3a-itx-a1101 (mipsel), build was successfully finished. Thanks for the testing. It sounds like we should continue retrying this. I had noticed that on mipsel-manda-02.debian.org it was used parallel=5 DEB_BUILD_OPTIONS=parallel=5. I am not sure if this is related with build failure but I will try it on lemote 3A again, with this option. The failure was during translation, which is not parallel. The only part of the pypy build that parallelises is the compilation, which I've never known to cause trouble. SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141208223138.ga3...@bach.rivera.co.za
Bug#771148: (pre-upload) unblock: pypy/2.4.0+dfsg-2
Hi Ivo (2014.11.30_01:13:20_+0200) Accepted, and built everywhere. But we had an FTBFS on mipsel (SIGILL). I can't reproduce it on edar (the porterbox). My build there hasn't finished, but it's got a lot further. As you noted on irc, it still fails after 3 attempts, so a new upload is probably necessary. Please remove the moreinfo tag once the mipsel issue is resolved. The porterbox build finished, without any trouble at all. So, I can't reproduce the problem, without help from porters who have access to hardware that behaves like mipsel-manda-02. Either I need help from porters, or we should keep giving it back until it hits another buildd, or I should upload the binaries I built on eder (ick). SR -- Stefano Rivera http://tumbleweed.org.za/ +1 415 683 3272 signature.asc Description: Digital signature