Bug#989295: unblock: mialmpick/0.2.15-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mialmpick. mialmpick was just removed from testing because I forgot to set "bookworm sid" tags to #987937 in time. This is a latent bug exposed by #702010, but that change is not and will not be in bullseye where mialmpick builds: https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/mialmpick.html It would be appreciated if mialmpick (which has been in the previous stable releases) would be allowed to re-enter bullseye in the version that had been in bullseye for over a year. unblock mialmpick/0.2.15-1 Thanks in advance
Bug#989597: release.debian.org: upgrade issue: non-coinstallability of libgdal20 and libgdal28
On Wed, Jun 16, 2021 at 06:15:45PM +0200, Christoph Berg wrote: >... > $ psql cb > psql (13.3 (Debian 13.3-1), Server 11.12 (Debian 11.12-0+deb10u1)) > > 17:38 cbe@cb =# select geom from country where geom is not null limit 1; > FEHLER: XX000: konnte Bibliothek »/usr/lib/postgresql/11/lib/postgis-2.5.so« > nicht laden: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.29' not found > (required by /usr/lib/x86_64-linux-gnu/libSFCGAL.so.1) > > So there seems to be some additional incompatibility in libsfcgal1 -> libc6. >... It's already in the package dependencies: Package: libsfcgal1 Version: 1.3.9-2 Depends: ..., libc6 (>= 2.29),... This won't work unless you upgrade libc6 to the bullseye version. > Christoph cu Adrian
Bug#990918: unblock: opencryptoki/3.8.1+dfsg-3.2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package opencryptoki * Build again on architectures where libitm and transactional memory are not available, use locks instead (change by Laurent Bigonville) This is a no change on the architectures where it built before, and "FTBFS on architectures where it did not build before" is a severity important issue if reported. diff -Nru opencryptoki-3.8.1+dfsg/debian/changelog opencryptoki-3.8.1+dfsg/debian/changelog --- opencryptoki-3.8.1+dfsg/debian/changelog2018-08-11 16:27:36.0 +0300 +++ opencryptoki-3.8.1+dfsg/debian/changelog2021-06-07 16:35:32.0 +0300 @@ -1,3 +1,11 @@ +opencryptoki (3.8.1+dfsg-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Build again on architectures where libitm and transactional memory are not +available, use locks instead + + -- Laurent Bigonville Mon, 07 Jun 2021 15:35:32 +0200 + opencryptoki (3.8.1+dfsg-3.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru opencryptoki-3.8.1+dfsg/debian/control opencryptoki-3.8.1+dfsg/debian/control --- opencryptoki-3.8.1+dfsg/debian/control 2017-10-31 16:26:51.0 +0200 +++ opencryptoki-3.8.1+dfsg/debian/control 2021-06-07 16:35:32.0 +0300 @@ -10,7 +10,7 @@ libtspi-dev, bison, flex, - libitm1, + libitm1 [alpha amd64 arm64 i386 x32 ppc64 ppc64el s390x sh4 sparc64], libica-dev [s390x], libldap2-dev Standards-Version: 4.1.1 diff -Nru opencryptoki-3.8.1+dfsg/debian/rules opencryptoki-3.8.1+dfsg/debian/rules --- opencryptoki-3.8.1+dfsg/debian/rules2017-11-09 13:52:15.0 +0200 +++ opencryptoki-3.8.1+dfsg/debian/rules2021-06-07 16:34:50.0 +0300 @@ -4,6 +4,11 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# Use locks instead of transactional memory in architectures where libitm is not available +ifeq (,$(filter $(DEB_HOST_ARCH), alpha amd64 arm64 i386 x32 ppc64 ppc64el s390x sh4 sparc64)) +ENABLE_LOCKS=--enable-locks +endif + %: dh ${@} @@ -12,7 +17,7 @@ rm -f usr/lib/pkcs11/api/pkcs11 override_dh_auto_configure: - dh_auto_configure -- --enable-tpmtok --with-systemd=/lib/systemd/system ac_cv_path_CHGRP=true + dh_auto_configure -- --enable-tpmtok --with-systemd=/lib/systemd/system ac_cv_path_CHGRP=true $(ENABLE_LOCKS) override_dh_auto_install: dh_auto_install
Bug#990919: unblock: exim4/4.94.2-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package exim4 * Cherrypick 78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from upstream GIT master. This allows one to disable creation of a daemon notifier socket by either setting notifier_socket to a empty value or specifying -oY commandline option. * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline option to disable daemon notifier socket. Enforce lockstep ugrade of -base and *daemon* by temporarily adding a versioned Breaks to exim4-base on older *daemon*. Closes: #988844 (change by Andreas Metzler) This fixes a regression from buster. Maintainer and bug submitter are in Cc, ack/nak would be appreciated. unblock exim4/4.94.2-6 diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog --- exim4-4.94.2/debian/changelog 2021-05-17 18:45:00.0 +0300 +++ exim4-4.94.2/debian/changelog 2021-05-26 19:49:44.0 +0300 @@ -1,3 +1,17 @@ +exim4 (4.94.2-6) unstable; urgency=medium + + * Cherrypick +78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from +upstream GIT master. This allows one to disable creation of a +daemon notifier socket by either setting notifier_socket to a empty value +or specifying -oY commandline option. + * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline +option to disable daemon notifier socket. Enforce lockstep ugrade of -base +and *daemon* by temporarily adding a versioned Breaks to exim4-base on +older *daemon*. Closes: #988844 + + -- Andreas Metzler Wed, 26 May 2021 18:49:44 +0200 + exim4 (4.94.2-5) unstable; urgency=high * 73_04-Fix-host_name_lookup-Close-2747.patch from exim-4.94.2+fixes. diff -Nru exim4-4.94.2/debian/control exim4-4.94.2/debian/control --- exim4-4.94.2/debian/control 2021-05-04 19:23:02.0 +0300 +++ exim4-4.94.2/debian/control 2021-05-26 19:49:44.0 +0300 @@ -1,3 +1,6 @@ +# * -base and daemon of the same upstream version enforced by a Breaks +# in -base and a versioned Depends of the daemon-packages on -base +# * -base depends on -config, without automatic versioning. Source: exim4 Section: mail Priority: standard @@ -42,7 +45,10 @@ Breaks: exim4-daemon-custom (<<${Upstream-Version}), exim4-daemon-heavy (<<${Upstream-Version}), - exim4-daemon-light (<<${Upstream-Version}) + exim4-daemon-light (<<${Upstream-Version}), + exim4-daemon-custom (<< 4.94.2-6~), + exim4-daemon-heavy (<< 4.94.2-6~), + exim4-daemon-light (<< 4.94.2-6~) Conflicts: exim, exim-tls Replaces: exim, diff -Nru exim4-4.94.2/debian/exim4-base.exim4.init exim4-4.94.2/debian/exim4-base.exim4.init --- exim4-4.94.2/debian/exim4-base.exim4.init 2020-05-23 19:20:09.0 +0300 +++ exim4-4.94.2/debian/exim4-base.exim4.init 2021-05-23 12:46:53.0 +0300 @@ -95,13 +95,13 @@ separate) start_daemon -p "$PIDFILE" \ "$DAEMON" -bd \ -${COMMONOPTIONS} \ +${COMMONOPTIONS} -oY \ ${SMTPLISTENEROPTIONS} log_progress_msg "exim4_listener" start_daemon -p "$QRPIDFILE" \ "$DAEMON" -oP $QRPIDFILE \ "-q${QFLAGS}${QUEUEINTERVAL}" \ -${COMMONOPTIONS} \ +${COMMONOPTIONS} -oY \ ${QUEUERUNNEROPTIONS} log_progress_msg "exim4_queuerunner" ;; diff -Nru exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch --- exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch 1970-01-01 02:00:00.0 +0200 +++ exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch 2021-05-22 14:50:52.0 +0300 @@ -0,0 +1,198 @@ +From 99ea5f6faeaf714e34bbcd75fdc50cc94dc7a1c8 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Fri, 10 Jul 2020 13:55:25 +0100 +Subject: [PATCH] Command-line option for no notifier socket. Bug 2616 + +--- + doc/doc-docbook/spec.xfpt | 33 +-- + doc/NewStuff | 2 ++ + src/daemon.c | 5 + src/exim.c| 9 +++- + test/scripts/0999-EXP-Queue-Ramp/0999 | 2 +- + 5 files changed, 47 insertions(+), 4 deletions(-) + +--- a/doc/NewStuff b/doc/NewStuff +@@ -2,14 +2,20 @@ New Features in Exim + + + This file contains descriptions of new features that have been added to Exim. + Before a formal release, there may be quite a lot of detail so that people can + test from the snapshots or the Git before the documentation is updated. Once + the documentation is updated, this file is reduced to a short list. + ++Cherrypicked from GIT master: ++ ++ ++10. A command-line option to have a daemon not create
Bug#990920: unblock: mat2/0.12.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package mat2 * debian/patches: - Pull in upstream patch to improve support of Open XML (xlsx) files. (change by Georg Faerber) Oneline change, autopkgtest pass. Maintainer is in Cc, ack/nak would be appreciated. unblock mat2/0.12.1-2
Bug#990921: unblock: bouncycastle/1.68-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package bouncycastle * Update poms for upstream version 1.68 (Closes: #988486) (change by tony mancill) Quoting Tony in #988486: Now that this is fixed in unstable, any thoughts from the Java Team about whether I should request an unblock from the Release Team for this bug for Bullseye? It may prevent some potential confusion but is otherwise, as far as I can tell, purely cosmetic. Thus, although there is no risk, I'm not certain about how to justify the request. I could wait and request an update via s-p-u. Doing s-p-u later would be more hassle than unblocking a package that has been for 2 months in unstable, IMHO for bullseye this is now or never.
Bug#990920: unblock: mat2/0.12.1-2
On Sun, Jul 11, 2021 at 06:45:07AM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package mat2 > > * debian/patches: > - Pull in upstream patch to improve support of Open XML (xlsx) files. > (change by Georg Faerber) > > Oneline change, autopkgtest pass. > > Maintainer is in Cc, ack/nak would be appreciated. > > unblock mat2/0.12.1-2 Attached is the debdiff I forgot. cu Adrian diff -Nru mat2-0.12.1/debian/changelog mat2-0.12.1/debian/changelog --- mat2-0.12.1/debian/changelog2021-03-20 21:11:38.0 +0200 +++ mat2-0.12.1/debian/changelog2021-05-24 18:01:29.0 +0300 @@ -1,3 +1,10 @@ +mat2 (0.12.1-2) unstable; urgency=medium + + * debian/patches: +- Pull in upstream patch to improve support of Open XML (xlsx) files. + + -- Georg Faerber Mon, 24 May 2021 15:01:29 + + mat2 (0.12.1-1) unstable; urgency=medium * New upstream version 0.12.1: diff -Nru mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch --- mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch 1970-01-01 02:00:00.0 +0200 +++ mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch 2021-05-24 18:01:29.0 +0300 @@ -0,0 +1,19 @@ +Description: Improve support of Open XML (xlsx) files +Origin: upstream +Applied-Upstream: bf0c777cb9159e220f636b0c019fe4957e4fea75 +Reviewed-by: Georg Faerber +Last-Update: 2021-05-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: mat2/libmat2/office.py +=== +--- mat2.orig/libmat2/office.py2021-05-19 11:26:06.093187321 + mat2/libmat2/office.py 2021-05-24 14:44:33.698488246 + +@@ -107,6 +107,7 @@ + # TODO: check if p:bgRef can be randomized + r'^ppt/slideMasters/slideMaster[0-9]+\.xml', + r'^ppt/slideMasters/_rels/slideMaster[0-9]+\.xml\.rels', ++r'^xl/worksheets/_rels/sheet[0-9]+\.xml\.rels', + })) + self.files_to_omit = set(map(re.compile, { # type: ignore + r'^\[trash\]/', diff -Nru mat2-0.12.1/debian/patches/series mat2-0.12.1/debian/patches/series --- mat2-0.12.1/debian/patches/series 1970-01-01 02:00:00.0 +0200 +++ mat2-0.12.1/debian/patches/series 2021-05-24 18:01:29.0 +0300 @@ -0,0 +1 @@ +0001-improve-support-for-xlsx-files.patch
Bug#990921: unblock: bouncycastle/1.68-2
On Sun, Jul 11, 2021 at 06:56:14AM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package bouncycastle > > * Update poms for upstream version 1.68 (Closes: #988486) > (change by tony mancill) > > Quoting Tony in #988486: > Now that this is fixed in unstable, any thoughts from the Java Team > about whether I should request an unblock from the Release Team for this > bug for Bullseye? It may prevent some potential confusion but is > otherwise, as far as I can tell, purely cosmetic. Thus, although there > is no risk, I'm not certain about how to justify the request. > > I could wait and request an update via s-p-u. > > > Doing s-p-u later would be more hassle than unblocking a package > that has been for 2 months in unstable, IMHO for bullseye this > is now or never. And now with the debdiff. cu Adrian diff -Nru bouncycastle-1.68/debian/changelog bouncycastle-1.68/debian/changelog --- bouncycastle-1.68/debian/changelog 2021-01-19 10:45:43.0 +0200 +++ bouncycastle-1.68/debian/changelog 2021-05-14 05:14:07.0 +0300 @@ -1,3 +1,10 @@ +bouncycastle (1.68-2) unstable; urgency=medium + + * Team upload. + * Update poms for upstream version 1.68 (Closes: #988486) + + -- tony mancill Thu, 13 May 2021 19:14:07 -0700 + bouncycastle (1.68-1) unstable; urgency=medium * Team upload. diff -Nru bouncycastle-1.68/debian/poms/bcmail.pom bouncycastle-1.68/debian/poms/bcmail.pom --- bouncycastle-1.68/debian/poms/bcmail.pom2021-01-19 01:18:00.0 +0200 +++ bouncycastle-1.68/debian/poms/bcmail.pom2021-05-14 05:14:07.0 +0300 @@ -5,8 +5,8 @@ bcmail-jdk15on jar Bouncy Castle S/MIME API - 1.65 - The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. + 1.68 + The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. http://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.68 jar org.bouncycastle bcpkix-jdk15on - 1.65 + 1.68 jar diff -Nru bouncycastle-1.68/debian/poms/bcpg.pom bouncycastle-1.68/debian/poms/bcpg.pom --- bouncycastle-1.68/debian/poms/bcpg.pom 2021-01-19 01:18:00.0 +0200 +++ bouncycastle-1.68/debian/poms/bcpg.pom 2021-05-14 05:14:07.0 +0300 @@ -5,8 +5,8 @@ bcpg-jdk15on jar Bouncy Castle OpenPGP API - 1.65 - The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.68 + The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -38,7 +38,7 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.68 jar diff -Nru bouncycastle-1.68/debian/poms/bcpkix.pom bouncycastle-1.68/debian/poms/bcpkix.pom --- bouncycastle-1.68/debian/poms/bcpkix.pom2021-01-19 01:18:00.0 +0200 +++ bouncycastle-1.68/debian/poms/bcpkix.pom2021-05-14 05:14:07.0 +0300 @@ -5,8 +5,8 @@ bcpkix-jdk15on jar Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs - 1.65 - The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.68 + The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.68 jar diff -Nru bouncycastle-1.68/debian/poms/bcprov.pom bouncycastle-1.68/debian/poms/bcprov.pom ---
Bug#990928: unblock: seyon/2.20c-34
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package seyon * Disable parallel building to workaround frequent FTBFS. This was a rare problem on release architectures with their low parallelism, but more common in some ports architectures and reproducible: https://buildd.debian.org/status/logs.php?pkg=seyon&arch=ppc64 https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/seyon.html The fix is trivial (and building seyon is still pretty fast).
Bug#990929: unblock: slic3r/1.3.0+dfsg1-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package slic3r * [d1f6f28] Link against boost-nowide. Thanks to Bernhard Übelacker (Closes: #985473) (change by Chow Loong Jin) Small change that is nasty for users and took some debugging. diff -Nru slic3r-1.3.0+dfsg1/debian/changelog slic3r-1.3.0+dfsg1/debian/changelog --- slic3r-1.3.0+dfsg1/debian/changelog 2021-03-22 18:53:36.0 +0200 +++ slic3r-1.3.0+dfsg1/debian/changelog 2021-04-25 20:46:44.0 +0300 @@ -1,3 +1,10 @@ +slic3r (1.3.0+dfsg1-5) unstable; urgency=medium + + * [d1f6f28] Link against boost-nowide. +Thanks to Bernhard Übelacker (Closes: #985473) + + -- Chow Loong Jin Mon, 26 Apr 2021 01:46:44 +0800 + slic3r (1.3.0+dfsg1-4) unstable; urgency=medium * [19f56c2] Reexport patches with gbp-pq diff -Nru slic3r-1.3.0+dfsg1/debian/patches/Link-against-boost-nowide-library.patch slic3r-1.3.0+dfsg1/debian/patches/Link-against-boost-nowide-library.patch --- slic3r-1.3.0+dfsg1/debian/patches/Link-against-boost-nowide-library.patch 1970-01-01 02:00:00.0 +0200 +++ slic3r-1.3.0+dfsg1/debian/patches/Link-against-boost-nowide-library.patch 2021-04-25 20:46:44.0 +0300 @@ -0,0 +1,39 @@ +From: Chow Loong Jin +Date: Mon, 26 Apr 2021 01:40:38 +0800 +Subject: Link against boost-nowide library + +Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985473#20 +Bug-Debian: https://bugs.debian.org/985473 +Forwarded: not-needed +Applied-Upstream: commit:89018b6e02e9d3fda30602cb4cf48f7750ace7b5 +--- + src/CMakeLists.txt | 2 +- + xs/Build.PL| 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index fb34b5a..7566058 100644 +--- a/src/CMakeLists.txt b/src/CMakeLists.txt +@@ -22,7 +22,7 @@ ENDIF(CMAKE_HOST_APPLE) + set(Boost_USE_STATIC_LIBS ON) + set(Boost_USE_STATIC_RUNTIME ON) + set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") +-find_package(Boost COMPONENTS system thread filesystem) ++find_package(Boost COMPONENTS system thread filesystem nowide) + + set(LIBDIR ${CMAKE_CURRENT_SOURCE_DIR}/../xs/src/) + +diff --git a/xs/Build.PL b/xs/Build.PL +index c13ce20..4f5d3d7 100644 +--- a/xs/Build.PL b/xs/Build.PL +@@ -142,7 +142,7 @@ if (defined $ENV{BOOST_LIBRARYPATH}) { + } + # In order to generate the -l switches we need to know how Boost libraries are named + my $have_boost = 0; +-my @boost_libraries = qw(system thread filesystem); # we need these ++my @boost_libraries = qw(system thread filesystem nowide); # we need these + # check without explicit lib path (works on Linux) + if (! $mswin) { + $have_boost = 1 diff -Nru slic3r-1.3.0+dfsg1/debian/patches/series slic3r-1.3.0+dfsg1/debian/patches/series --- slic3r-1.3.0+dfsg1/debian/patches/series2021-03-22 18:53:36.0 +0200 +++ slic3r-1.3.0+dfsg1/debian/patches/series2021-04-25 20:46:44.0 +0300 @@ -6,3 +6,4 @@ 0006-Fix-FTBFS-with-Boost-1.71.patch fix_boost_174.patch Fix-CVE-2020-28591.patch +Link-against-boost-nowide-library.patch
Bug#990928: unblock: seyon/2.20c-34
On Sun, Jul 11, 2021 at 12:27:30PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package seyon > > * Disable parallel building to workaround frequent FTBFS. > > This was a rare problem on release architectures with their > low parallelism, but more common in some ports architectures > and reproducible: > https://buildd.debian.org/status/logs.php?pkg=seyon&arch=ppc64 > https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/seyon.html > > The fix is trivial (and building seyon is still pretty fast). Is it the heatwave that makes me forget the attachment all the time? cu Adrian diff -Nru seyon-2.20c/debian/changelog seyon-2.20c/debian/changelog --- seyon-2.20c/debian/changelog2020-10-28 21:31:53.0 +0200 +++ seyon-2.20c/debian/changelog2021-04-27 10:25:06.0 +0300 @@ -1,3 +1,10 @@ +seyon (2.20c-34) unstable; urgency=medium + + * QA upload. + * Disable parallel building to workaround frequent FTBFS. + + -- Adrian Bunk Tue, 27 Apr 2021 10:25:06 +0300 + seyon (2.20c-33) unstable; urgency=medium * QA upload. diff -Nru seyon-2.20c/debian/rules seyon-2.20c/debian/rules --- seyon-2.20c/debian/rules2020-10-28 21:22:44.0 +0200 +++ seyon-2.20c/debian/rules2021-04-27 10:25:03.0 +0300 @@ -3,7 +3,7 @@ export DEB_CFLAGS_MAINT_APPEND = -fcommon %: - dh $@ + dh $@ --no-parallel override_dh_auto_build: xmkmf
Bug#990931: unblock: ssldump/1.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ssldump * Install README.md not README (a symlink) (Closes: #986082) (change by Sophie Brun) Replacing a dead link README with the actual file should qualify as documentation change. diff -Nru ssldump-1.3/debian/changelog ssldump-1.3/debian/changelog --- ssldump-1.3/debian/changelog2021-02-03 16:00:31.0 +0200 +++ ssldump-1.3/debian/changelog2021-04-07 12:43:40.0 +0300 @@ -1,3 +1,9 @@ +ssldump (1.3-2) unstable; urgency=medium + + * Install README.md not README (a symlink) (Closes: #986082) + + -- Sophie Brun Wed, 07 Apr 2021 11:43:40 +0200 + ssldump (1.3-1) unstable; urgency=medium * New upstream version 1.3 diff -Nru ssldump-1.3/debian/docs ssldump-1.3/debian/docs --- ssldump-1.3/debian/docs 2021-02-03 16:00:31.0 +0200 +++ ssldump-1.3/debian/docs 2021-04-07 12:43:40.0 +0300 @@ -1,2 +1,2 @@ CREDITS -README +README.md
Bug#990933: unblock: katarakt/0.2-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package katarakt * Fix: katarakt has mailcap entries with quoted %-escapes Thanks to Marriott NZ for the patch and report (Closes: #985600) * Update standards version, no changes needed (changes by Christoph Egger) Quoted %-escapes in mailcap entries feel more serious to me than the many unfixed packages [1] imply, but in any case migrating this package already fixed to bullseye would feel sound the right thing to do to me. [1] https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry diff -Nru katarakt-0.2/debian/changelog katarakt-0.2/debian/changelog --- katarakt-0.2/debian/changelog 2020-11-20 19:13:55.0 +0200 +++ katarakt-0.2/debian/changelog 2021-03-20 18:40:23.0 +0200 @@ -1,3 +1,11 @@ +katarakt (0.2-4) unstable; urgency=medium + + * Fix: katarakt has mailcap entries with quoted %-escapes +Thanks to Marriott NZ for the patch and report (Closes: #985600) + * Update standards version, no changes needed + + -- Christoph Egger Sat, 20 Mar 2021 17:40:23 +0100 + katarakt (0.2-3) unstable; urgency=medium * Import bugfix patches from VCS diff -Nru katarakt-0.2/debian/control katarakt-0.2/debian/control --- katarakt-0.2/debian/control 2020-11-20 19:13:55.0 +0200 +++ katarakt-0.2/debian/control 2021-03-20 18:40:23.0 +0200 @@ -14,7 +14,7 @@ pkg-config, qtbase5-dev, xsltproc -Standards-Version: 4.1.0 +Standards-Version: 4.5.1 Homepage: https://gitlab.cs.fau.de/Qui_Sum/katarakt Vcs-Git: https://salsa.debian.org/debian/katarakt.git Vcs-Browser: https://salsa.debian.org/debian/katarakt diff -Nru katarakt-0.2/debian/katarakt.mime katarakt-0.2/debian/katarakt.mime --- katarakt-0.2/debian/katarakt.mime 2020-11-20 19:13:55.0 +0200 +++ katarakt-0.2/debian/katarakt.mime 2021-03-20 18:40:23.0 +0200 @@ -1,3 +1,3 @@ # default priority=5 -application/pdf; /usr/bin/katarakt '%s'; test=test -n "$DISPLAY"; description=Portable Document Format -application/x-pdf; /usr/bin/katarakt '%s'; test=test -n "$DISPLAY"; description=Portable Document Format +application/pdf; /usr/bin/katarakt %s; test=test -n "$DISPLAY"; description=Portable Document Format +application/x-pdf; /usr/bin/katarakt %s; test=test -n "$DISPLAY"; description=Portable Document Format
Bug#990934: unblock: python-reportlab/3.5.59-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-reportlab * Fix building the reference documentation. (change by Matthias Klose) This is a documentation change. $ debdiff python-reportlab-doc_3.5.59-* [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .deb but not in first - -rw-r--r-- root/root /usr/share/doc/python-reportlab-doc/html/py-modindex.html Control files: lines which differ (wdiff format) Installed-Size: [-1067-] {+1622+} Version: [-3.5.59-1-] {+3.5.59-2+} $ diffoscope output is very noisy (package is not reproducible), but when glancing over it there was nothing that looked bad. diff -Nru python-reportlab-3.5.59/debian/changelog python-reportlab-3.5.59/debian/changelog --- python-reportlab-3.5.59/debian/changelog2021-01-08 11:15:25.0 +0200 +++ python-reportlab-3.5.59/debian/changelog2021-03-13 14:39:39.0 +0200 @@ -1,3 +1,9 @@ +python-reportlab (3.5.59-2) unstable; urgency=medium + + * Fix building the reference documentation. + + -- Matthias Klose Sat, 13 Mar 2021 13:39:39 +0100 + python-reportlab (3.5.59-1) unstable; urgency=medium * New upstream version. diff -Nru python-reportlab-3.5.59/debian/patches/reportlab-version.diff python-reportlab-3.5.59/debian/patches/reportlab-version.diff --- python-reportlab-3.5.59/debian/patches/reportlab-version.diff 1970-01-01 02:00:00.0 +0200 +++ python-reportlab-3.5.59/debian/patches/reportlab-version.diff 2021-03-13 14:32:55.0 +0200 @@ -0,0 +1,15 @@ +--- a/docs/source/conf.py b/docs/source/conf.py +@@ -45,9 +45,10 @@ copyright = '2010, Robinson, Becker, Wat + # built documents. + # + # The short X.Y version. +-version = '2.4' ++from reportlab import Version ++version = '.'.join(Version.split('.')[:2]) + # The full version, including alpha/beta/rc tags. +-release = '2.4' ++release = Version + + # The language for content autogenerated by Sphinx. Refer to documentation + # for a list of supported languages. diff -Nru python-reportlab-3.5.59/debian/patches/series python-reportlab-3.5.59/debian/patches/series --- python-reportlab-3.5.59/debian/patches/series 2020-01-28 17:56:28.0 +0200 +++ python-reportlab-3.5.59/debian/patches/series 2021-03-13 14:39:07.0 +0200 @@ -1,3 +1,4 @@ gsfonts.diff reproducible-build.patch toColor.patch +reportlab-version.diff diff -Nru python-reportlab-3.5.59/debian/rules python-reportlab-3.5.59/debian/rules --- python-reportlab-3.5.59/debian/rules2020-01-28 17:56:28.0 +0200 +++ python-reportlab-3.5.59/debian/rules2021-03-13 14:39:28.0 +0200 @@ -28,7 +28,7 @@ set -x; \ cd docs \ && PYTHONPATH=$(wildcard $(CURDIR)/build/lib.*-*-$(VER3)) python3 genAll.py - $(MAKE) -C docs html PAPER=a4 + PYTHONPATH=$(wildcard $(CURDIR)/build/lib.*-*-$(VER3)) $(MAKE) -C docs html PAPER=a4 touch $@ clean:
Bug#990935: unblock: zsh-antigen/2.2.3-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package zsh-antigen * Add patch to replace PWD in Makefile (Closes: #906757). (change by Michael Fladischer) The effect of this bug was that /usr/share/zsh-antigen/antigen.zsh was being misbuilt. Quoting from a comment in #906757: It looks like the make command from antigen builds the antigen script by copying files from it's source directory into bin/antigen.zsh. When it does that, it uses a GLOB variable, that accumulatees the files to copy. This in turn is filled by the COMMANDS, HELPERS and LIB variables (Makefile.in lines 48-50). diffoscope between 2.2.3-3 and 2.2.3-4 confirms this. "source /usr/share/zsh-antigen/antigen.zsh" fails with the package in bullseye but appears to work with the package in unstable. debdiff-zsh-antigen_2.2.3-4 Description: inode/empty
Bug#990935: unblock: zsh-antigen/2.2.3-4
On Sun, Jul 11, 2021 at 03:06:35PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package zsh-antigen > > * Add patch to replace PWD in Makefile (Closes: #906757). > (change by Michael Fladischer) > > > The effect of this bug was that /usr/share/zsh-antigen/antigen.zsh > was being misbuilt. > > > Quoting from a comment in #906757: > It looks like the make command from antigen builds the antigen script by > copying files from it's source directory into bin/antigen.zsh. > > When it does that, it uses a GLOB variable, that accumulatees the files > to copy. This in turn is filled by the COMMANDS, HELPERS and LIB > variables (Makefile.in lines 48-50). > > > diffoscope between 2.2.3-3 and 2.2.3-4 confirms this. > > > "source /usr/share/zsh-antigen/antigen.zsh" fails with the package > in bullseye but appears to work with the package in unstable. And now with a non-empty debdiff... cu Adrian diff -Nru zsh-antigen-2.2.3/debian/changelog zsh-antigen-2.2.3/debian/changelog --- zsh-antigen-2.2.3/debian/changelog 2020-12-04 22:21:35.0 +0200 +++ zsh-antigen-2.2.3/debian/changelog 2021-03-09 17:37:29.0 +0200 @@ -1,3 +1,9 @@ +zsh-antigen (2.2.3-4) unstable; urgency=medium + + * Add patch to replace PWD in Makefile (Closes: #906757). + + -- Michael Fladischer Tue, 09 Mar 2021 16:37:29 +0100 + zsh-antigen (2.2.3-3) unstable; urgency=medium * Update patch to use UTC timestamp and Debian revision to support diff -Nru zsh-antigen-2.2.3/debian/patches/0002-Replace-PWD-environment-with-PROJECT-variable-Closes.patch zsh-antigen-2.2.3/debian/patches/0002-Replace-PWD-environment-with-PROJECT-variable-Closes.patch --- zsh-antigen-2.2.3/debian/patches/0002-Replace-PWD-environment-with-PROJECT-variable-Closes.patch 1970-01-01 02:00:00.0 +0200 +++ zsh-antigen-2.2.3/debian/patches/0002-Replace-PWD-environment-with-PROJECT-variable-Closes.patch 2021-03-09 17:37:29.0 +0200 @@ -0,0 +1,25 @@ +From: Michael Fladischer +Date: Tue, 9 Mar 2021 16:25:31 +0100 +Subject: Replace PWD environment with PROJECT variable (Closes: #906757). + +--- + Makefile.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index ad1ac59..de32824 100644 +--- a/Makefile.in b/Makefile.in +@@ -45,9 +45,9 @@ GLOB += ${SRC}/boot.zsh + EXTENSIONS += ${SRC}/ext/cache.zsh + endif + +-LIB = $(filter-out ${SRC}/lib/log.zsh,$(sort $(wildcard ${PWD}/src/lib/*.zsh))) +-HELPERS = $(sort $(wildcard ${PWD}/src/helpers/*.zsh)) +-COMMANDS= $(sort $(wildcard ${PWD}/src/commands/*.zsh)) ++LIB = $(filter-out ${SRC}/lib/log.zsh,$(sort $(wildcard ${PROJECT}/src/lib/*.zsh))) ++HELPERS = $(sort $(wildcard ${PROJECT}/src/helpers/*.zsh)) ++COMMANDS= $(sort $(wildcard ${PROJECT}/src/commands/*.zsh)) + GLOB += ${SRC}/antigen.zsh ${HELPERS} ${LIB} ${COMMANDS} ${EXTENSIONS} + + ifeq (${WITH_COMPLETION}, yes) diff -Nru zsh-antigen-2.2.3/debian/patches/series zsh-antigen-2.2.3/debian/patches/series --- zsh-antigen-2.2.3/debian/patches/series 2020-12-04 22:21:35.0 +0200 +++ zsh-antigen-2.2.3/debian/patches/series 2021-03-09 17:37:29.0 +0200 @@ -1 +1,2 @@ 0001-Use-package-specific-revision-and-date-for-build.patch +0002-Replace-PWD-environment-with-PROJECT-variable-Closes.patch
Bug#990937: unblock: l2tpns/2.3.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package l2tpns * Backport patch to systemd unit from upstream (and trivial metadata changes that are documented in d/changelog) (changes by Julien Rabier and Sebastien Badia) Reading [1] this two-line change sounds like something that is wanted for bullseye. https://code.ffdn.org/l2tpns/l2tpns/-/merge_requests/11 diff -Nru l2tpns-2.3.3/debian/changelog l2tpns-2.3.3/debian/changelog --- l2tpns-2.3.3/debian/changelog 2021-02-06 02:11:00.0 +0200 +++ l2tpns-2.3.3/debian/changelog 2021-03-09 00:32:16.0 +0200 @@ -1,3 +1,15 @@ +l2tpns (2.3.3-2) unstable; urgency=medium + + [ Sebastien Badia ] + * d/gbp: Added configuration + * d/patches: Update DEP-3 headers + + [ Julien Rabier ] + * Update Uploader's e-mail address + * Backport patch to systemd unit from upstream + + -- Sebastien Badia Mon, 08 Mar 2021 23:32:16 +0100 + l2tpns (2.3.3-1) unstable; urgency=medium [ Julien Rabier ] diff -Nru l2tpns-2.3.3/debian/control l2tpns-2.3.3/debian/control --- l2tpns-2.3.3/debian/control 2021-02-06 02:09:30.0 +0200 +++ l2tpns-2.3.3/debian/control 2021-03-08 00:26:28.0 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian l2tpns Packaging Team Uploaders: Sebastien Badia , - Julien Rabier , + Julien Rabier , Fernando Alves Build-Depends: debhelper-compat (= 13), libcli-dev (>> 1.8.5) Standards-Version: 4.5.1 diff -Nru l2tpns-2.3.3/debian/gbp.conf l2tpns-2.3.3/debian/gbp.conf --- l2tpns-2.3.3/debian/gbp.conf1970-01-01 02:00:00.0 +0200 +++ l2tpns-2.3.3/debian/gbp.conf2021-03-08 00:26:19.0 +0200 @@ -0,0 +1,4 @@ +[DEFAULT] +upstream-branch=upstream +debian-branch=master +pristine-tar = True diff -Nru l2tpns-2.3.3/debian/patches/02-systemd-restart.patch l2tpns-2.3.3/debian/patches/02-systemd-restart.patch --- l2tpns-2.3.3/debian/patches/02-systemd-restart.patch1970-01-01 02:00:00.0 +0200 +++ l2tpns-2.3.3/debian/patches/02-systemd-restart.patch2021-03-09 00:31:31.0 +0200 @@ -0,0 +1,17 @@ +Description: Restart l2tpns service on failure +Author: Baptiste Jonglez +Reviewed-by: Julien Rabier +Bug: https://code.ffdn.org/l2tpns/l2tpns/-/merge_requests/11 +Applied-Upstream: https://code.ffdn.org/l2tpns/l2tpns/-/commit/a5ddc0f64a1099449c2f81b251cee6960f68ea18 + +--- a/scripts/l2tpns.service b/scripts/l2tpns.service +@@ -7,6 +7,8 @@ Documentation=man:l2tpns(8) man:startup- + EnvironmentFile=-/etc/default/l2tpns + ExecStart=/usr/sbin/l2tpns $L2TPNS_OPTS + ExecReload=/bin/kill -HUP $MAINPID ++Restart=on-failure ++RestartSec=5s + + [Install] + WantedBy=multi-user.target diff -Nru l2tpns-2.3.3/debian/patches/series l2tpns-2.3.3/debian/patches/series --- l2tpns-2.3.3/debian/patches/series 2021-02-06 02:09:30.0 +0200 +++ l2tpns-2.3.3/debian/patches/series 2021-03-08 00:26:28.0 +0200 @@ -1 +1,2 @@ 01-harden-compile.patch +02-systemd-restart.patch
Bug#990938: unblock: dh-virtualenv/1.2.2-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dh-virtualenv * Rebuild to update python3.X-venv dependency. Closes: #984766. (Change by Vincent Bernat) This was basically a binNMU for a binary-all package to update a non-default dependency alternative. $ debdiff dh-virtualenv_1.2.2-1_all.deb dh-virtualenv_1.2.2-1.1_all.deb [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in first .deb but not in second - lrwxrwxrwx root/root /usr/share/doc/dh-virtualenv/html/_static/js/html5shiv-printshiv.min.js -> ../../../../../sphinx_rtd_theme/static/js/html5shiv-printshiv.min.js lrwxrwxrwx root/root /usr/share/doc/dh-virtualenv/html/_static/js/html5shiv.min.js -> ../../../../../sphinx_rtd_theme/static/js/html5shiv.min.js Control files: lines which differ (wdiff format) Built-Using: sphinx (= [-3.2.1-2)-] {+3.4.3-1)+} Depends: python3:any, perl:any, libjs-sphinxdoc (>= 2.4.3-5~), sphinx-rtd-theme-common (>= [-0.5.0+dfsg),-] {+0.5.1+dfsg),+} virtualenv | python3-virtualenv (>= 1.7) | [-python3.8-venv-] {+python3.9-venv+} Installed-Size: [-524-] {+521+} Version: [-1.2.2-1-] {+1.2.2-1.1+} $ The change in Sphinx output is "normal" when rebuilding with a different version of Sphinx. diff -Nru dh-virtualenv-1.2.2/debian/changelog dh-virtualenv-1.2.2/debian/changelog --- dh-virtualenv-1.2.2/debian/changelog2020-10-22 13:39:46.0 +0300 +++ dh-virtualenv-1.2.2/debian/changelog2021-03-08 10:02:45.0 +0200 @@ -1,3 +1,10 @@ +dh-virtualenv (1.2.2-1.1) unstable; urgency=medium + + * NMU. + * Rebuild to update python3.X-venv dependency. Closes: #984766. + + -- Vincent Bernat Mon, 08 Mar 2021 09:02:45 +0100 + dh-virtualenv (1.2.2-1) unstable; urgency=medium * New upstream release (Closes: #970810)
Bug#990939: unblock: newlisp/10.7.5-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package newlisp * d/p/0009-Fix-shared-library-loading-for-modules.patch: Adjust patch so that the modules don't try to load a versioned shared library. * d/control: Don't recommend hardcoded ABI versions in library packages. We should recommend the '-dev' packages instead, which will install the proper .so files that will get loaded by the modules. (Closes: #984686) * d/p/0009-Set-NEWLISPDIR-to-usr-share-newlisp.patch: Inform newlisp that the common files are installed under /usr/share/newlisp, not /usr/local/share. (changes by Sergio Durigan Junior) Recommending no longer existing shared libraries is bad, even worse is trying to open them at runtime. Depending on the -dev packages instead is not nice, but it is actually the fix with the smallest change. The NEWLISPDIR change looks correct to me. diff -Nru newlisp-10.7.5/debian/changelog newlisp-10.7.5/debian/changelog --- newlisp-10.7.5/debian/changelog 2019-07-21 02:47:33.0 +0300 +++ newlisp-10.7.5/debian/changelog 2021-03-07 22:17:34.0 +0200 @@ -1,3 +1,17 @@ +newlisp (10.7.5-2) unstable; urgency=medium + + * d/p/0009-Fix-shared-library-loading-for-modules.patch: +Adjust patch so that the modules don't try to load a versioned shared +library. + * d/control: Don't recommend hardcoded ABI versions in library packages. +We should recommend the '-dev' packages instead, which will install +the proper .so files that will get loaded by the modules. (Closes: #984686) + * d/p/0009-Set-NEWLISPDIR-to-usr-share-newlisp.patch: +Inform newlisp that the common files are installed under +/usr/share/newlisp, not /usr/local/share. + + -- Sergio Durigan Junior Sun, 07 Mar 2021 15:17:34 -0500 + newlisp (10.7.5-1) unstable; urgency=medium * New upstream version 10.7.5. diff -Nru newlisp-10.7.5/debian/control newlisp-10.7.5/debian/control --- newlisp-10.7.5/debian/control 2019-07-21 02:46:32.0 +0300 +++ newlisp-10.7.5/debian/control 2021-03-07 22:08:21.0 +0200 @@ -17,11 +17,11 @@ Depends: ${shlibs:Depends}, ${misc:Depends} # For newLISP modules. Recommends: - libcrypto++6, - libmysqlclient18, - libpq5, - libsqlite3-0, - zlib1g, + libssl-dev, + default-libmysqlclient-dev, + libpq-dev, + libsqlite3-dev, + zlib1g-dev, sensible-utils, Description: LISP like, general purpose scripting language newLISP is a scripting language for developing web applications and diff -Nru newlisp-10.7.5/debian/patches/0009-Fix-shared-library-loading-for-modules.patch newlisp-10.7.5/debian/patches/0009-Fix-shared-library-loading-for-modules.patch --- newlisp-10.7.5/debian/patches/0009-Fix-shared-library-loading-for-modules.patch 2019-07-21 02:46:32.0 +0300 +++ newlisp-10.7.5/debian/patches/0009-Fix-shared-library-loading-for-modules.patch 2021-03-07 22:16:26.0 +0200 @@ -22,7 +22,7 @@ 8 files changed, 9 insertions(+), 126 deletions(-) diff --git a/modules/crypto.lsp b/modules/crypto.lsp -index 26d7bda..e52af3a 100644 +index 26d7bda..289a027 100644 --- a/modules/crypto.lsp +++ b/modules/crypto.lsp @@ -41,28 +41,7 @@ @@ -51,7 +51,7 @@ - (throw-error "cannot find crypto library" - -(set 'option (if (= ostype "Windows") "cdecl")) -+(set 'library "libcrypto.so.1") ++(set 'library "libcrypto.so") (import library "MD5" option) (import library "RIPEMD160" option) @@ -85,7 +85,7 @@ ; structs are defined but only needed for debugging, instead use "void*" (struct 'complex "double" "double") ; complex numbers diff --git a/modules/mysql.lsp b/modules/mysql.lsp -index 05faded..bd93a21 100644 +index 05faded..20a6093 100644 --- a/modules/mysql.lsp +++ b/modules/mysql.lsp @@ -118,20 +118,7 @@ @@ -106,7 +106,7 @@ -(set 'library (files (or - (find true (map file? files)) - (throw-error "cannot find libmysqlclient library" -+(set 'library "libmysqlclient.so.18") ++(set 'library "libmysqlclient.so") (import library "mysql_init") (import library "mysql_real_connect") @@ -125,7 +125,7 @@ ; Constants used, make sure these constants are Ok on your Operating System or Platform. ; Note, that (define var value) is the same as as saying (set 'var value), it is here more diff --git a/modules/postgres.lsp b/modules/postgres.lsp -index 0fe5ec5..c620f92 100644 +index 0fe5ec5..5af0c6c 100644 --- a/modules/postgres.lsp +++ b/modules/postgres.lsp @@ -128,34 +128,7 @@ @@ -160,7 +160,7 @@ -(delete 'pg_config) -(delete 'pg_lib_dir) -(delete 'files) -+(set 'library "libpq.so.5") ++(set 'library "libpq.so") ; import functions and throw error if not found (define (pg_import fun_name) @@ -198,7 +198,7 @@ (import library "sqlite3_open" "cdecl") (import library "sqlite3_close" "cdecl") diff --git a/modules/unix.lsp b/modules/unix.lsp -i
Bug#990942: unblock: debian-design/3.0.22
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-design * rebuild using newer boxer-data (change by Jonas Smedegaard) This is a manual binNMU for binary-all. According to debdiff, the only change is in the dependencies of design-desktop-web: Depends: design-desktop, compass-blueprint-plugin, compass-color-schemer-plugin, compass-fancy-buttons-plugin, compass-h5bp-plugin, compass-layoutgala-plugin, compass-normalize-plugin, [-compass-singularitygs-plugin, compass-slickmap-plugin, compass-susy-plugin,-] compass-toolkit-plugin, [-compass-yui-plugin, midori-] {+midori, sass-stylesheets-gutenberg, sass-stylesheets-sass-extras, sass-stylesheets-typey, sassc+} diff -Nru debian-design-3.0.21/debian/changelog debian-design-3.0.22/debian/changelog --- debian-design-3.0.21/debian/changelog 2020-12-29 20:11:34.0 +0200 +++ debian-design-3.0.22/debian/changelog 2021-03-02 17:30:17.0 +0200 @@ -1,9 +1,15 @@ +debian-design (3.0.22) unstable; urgency=medium + + * rebuild using newer boxer-data + + -- Jonas Smedegaard Tue, 02 Mar 2021 16:30:17 +0100 + debian-design (3.0.21) unstable; urgency=medium * declare compliance with Debian Policy 4.5.1 * rebuild using newer boxer-data: + stop include chromium; - closes: bug#972134, thanks to Paul Gevers + closes: bug#976292, thanks to Paul Gevers -- Jonas Smedegaard Tue, 29 Dec 2020 19:11:34 +0100
Bug#990970: unblock: debconf/1.5.77
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debconf * Check that whiptail or dialog is actually usable (closes: #985572). (and translation updates, as documented in d/changelog) (changes by Colin Watson) This is a rare but nasty bug during upgrades, where the chosen debconf frontend is temporarily not usable breaking the upgrade. The rest of the changes are translation updates. I discussed with Colin Watson, who doesn't object to me filing this unblock request. diff -Nru debconf-1.5.75/Debconf/FrontEnd/Dialog.pm debconf-1.5.77/Debconf/FrontEnd/Dialog.pm --- debconf-1.5.75/Debconf/FrontEnd/Dialog.pm 2021-02-28 19:51:28.0 +0200 +++ debconf-1.5.77/Debconf/FrontEnd/Dialog.pm 2021-06-10 20:17:49.0 +0300 @@ -65,7 +65,8 @@ # Autodetect if whiptail or dialog is available and set magic numbers. if (Debconf::Path::find("whiptail") && (! defined $ENV{DEBCONF_FORCE_DIALOG} || ! Debconf::Path::find("dialog")) && - (! defined $ENV{DEBCONF_FORCE_XDIALOG} || ! Debconf::Path::find("Xdialog"))) { + (! defined $ENV{DEBCONF_FORCE_XDIALOG} || ! Debconf::Path::find("Xdialog")) && + system('whiptail --version >/dev/null 2>&1') == 0) { $this->program('whiptail'); $this->dashsep('--'); $this->borderwidth(5); @@ -77,7 +78,8 @@ $this->hasoutputfd(1); } elsif (Debconf::Path::find("dialog") && - (! defined $ENV{DEBCONF_FORCE_XDIALOG} || ! Debconf::Path::find("Xdialog"))) { + (! defined $ENV{DEBCONF_FORCE_XDIALOG} || ! Debconf::Path::find("Xdialog")) && + system('dialog --version >/dev/null 2>&1') == 0) { $this->program('dialog'); $this->dashsep(''); # dialog does not need (or support) # double-dash separation diff -Nru debconf-1.5.75/debian/changelog debconf-1.5.77/debian/changelog --- debconf-1.5.75/debian/changelog 2021-02-28 19:51:28.0 +0200 +++ debconf-1.5.77/debian/changelog 2021-06-10 20:17:49.0 +0300 @@ -1,3 +1,24 @@ +debconf (1.5.77) unstable; urgency=medium + + [ Programs translations ] + * Dutch (Frans Spiesschaert; closes: #986167). + * Polish (Mmobilea; closes: #976044). + + [ Debconf translations ] + * Fix double UTF-8 encoding in Finnish translation (closes: #989692). + + -- Colin Watson Thu, 10 Jun 2021 18:17:49 +0100 + +debconf (1.5.76) unstable; urgency=medium + + [ Colin Watson ] + * Check that whiptail or dialog is actually usable (closes: #985572). + + [ Programs translations ] + * Dutch (Frans Spiesschaert; closes: #906948). + + -- Colin Watson Sat, 20 Mar 2021 13:14:50 + + debconf (1.5.75) unstable; urgency=medium [ Philip Hands ] diff -Nru debconf-1.5.75/debian/po/fi.po debconf-1.5.77/debian/po/fi.po --- debconf-1.5.75/debian/po/fi.po 2021-02-28 19:51:28.0 +0200 +++ debconf-1.5.77/debian/po/fi.po 2021-06-10 20:17:49.0 +0300 @@ -52,8 +52,8 @@ "Packages that use debconf for configuration share a common look and feel. " "You can select the type of user interface they use." msgstr "" -"Debconf yhdenmukaistaa sitÀ kÀyttÀvien pakettien asetuskÀyttöliittymÃ" -"€n. Voit itse valita mieluisesi liittymÀn muutamasta vaihtoehdosta." +"Debconf yhdenmukaistaa sitä käyttävien pakettien asetuskäyttöliittymän. Voit " +"itse valita mieluisesi liittymän muutamasta vaihtoehdosta." #. Type: select #. Description @@ -66,11 +66,10 @@ "you configure things using your favorite text editor. The noninteractive " "frontend never asks you any questions." msgstr "" -"Valintaikkuna on ruudun tÀyttÀvÀ merkkipohjainen liittymÀ, kun taas " -"readline on perinteisempi pelkkÀÀ tekstiÀ kÀyttÀvÀ liittymÀ. SekÀ " -"Gnome ettÀ KDE ovat nykyaikaisia X-pohjaisia liittymiÀ. Teksturi kÀyttÀÃ" -"€ asetusten sÀÀtöön lempiteksturiasi. Ei-vuorovaikutteinen liittymÀ ei " -"koskaan kysy kysymyksiÀ." +"Valintaikkuna on ruudun täyttävä merkkipohjainen liittymä, kun taas readline " +"on perinteisempi pelkkää tekstiä käyttävä liittymä. Sekä Gnome että KDE ovat " +"nykyaikaisia X-pohjaisia liittymiä. Teksturi käyttää asetusten säätöön " +"lempiteksturiasi. Ei-vuorovaikutteinen liittymä ei koskaan kysy kysymyksiä." #. Type: select #. Choices @@ -114,13 +113,13 @@ " - 'medium' is for normal questions\n" " - 'low' is for control freaks who want to see everything" msgstr "" -"Debconf priorisoi esittÀmÀnsÀ kysymykset. Valitse alin prioriteetti, " -"jonka kysymykset haluat nÀhdÀ:\n" -" - \"kriittinen\" kysyy vain jos jÀrjestelmÀ voi hajota.\n" -"Valitse tÀmÀ jos olet uusi tai sinulla on kiire.\n" -" - \"tÀrkeÀ\" on kohtuullisen tÀrkeille kysymyksille\n" +"Debconf priorisoi esittämänsä kysymykset. Valitse alin prioriteetti, jonka " +"kysymykset haluat nähdä:\n" +" - \"krii
Bug#990990: unblock: libcgroup/2.0
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Background: https://www.debian.org/releases/testing/amd64/release-notes/ch-information.en.html#openstack-cgroups https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959022#66 I noticed a version of libcgroup with support for control groups v2 is now in experimental. Given then known problems with the libcgroup currently in bullseye (it only works when booting with special kernel parameters), this bug is a question to the release team and the OpenStack maintainer whether updating libcgroup in bullseye to the version currently in experimental might be the smaller evil compared to the current release notes approach. Complete diffstat compared to the version in testing: 223 files changed, 73421 insertions(+), 34626 deletions(-) Diff of debian/ is attached. The new version adds autopkgtests, but they aren't currently run: SKIP Test requires machine-level isolation but testbed does not provide that No new bugs are reported in the BTS. Tnd the debdiff of debian/ looks sane, except for a 12 -> 13 dh compat bump that is revertable if requested. Both libcgroup1.symbols and abidiff of the shared library look sane. There are new libraries (libcgset and libcgroupfortesting) that are unused. They lack .so symlinks in libcgroup-dev, which is an easily fixable bug. The only package currently linked with libcgroup1 in bullseye is clsync (OpenStack uses cgroup-tools), debdiff and diffoscope find no code changes when rebuilding with libcgroup from experimental. diff -Nru libcgroup-0.41/debian/changelog libcgroup-2.0/debian/changelog --- libcgroup-0.41/debian/changelog 2021-02-08 15:43:56.0 +0200 +++ libcgroup-2.0/debian/changelog 2021-05-11 16:54:21.0 +0300 @@ -1,3 +1,36 @@ +libcgroup (2.0-1) experimental; urgency=medium + + * New upstream version 2.0 +- Fix cgroup-tools does not work in cgroup2 / unified hierarchy + (Closes: #959022) + * Add upstream signing key + * Update debian/watch to include matching signature + * Fix test-cgroupv1, set linux cmdline to support cgroupv1 + * Redirect update-grub stderr to stdout in d/test/tools-cgroupv1. Thanks to +Simon McVittie + * Add debian/tests/tools-cgroupv2 + * Update d/copyright to include googletest + * Update debian/libcgroup1.symbols + * Add Build-Depends-Package field to libcgroup1.symbols + + -- Santiago Ruano Rincón Tue, 11 May 2021 15:54:21 +0200 + +libcgroup (0.42.2-1) experimental; urgency=medium + + * Update d/watch to point to the new upstream at github + * New upstream version 0.42.2 + * Remove no longer needed debian/patches/CVE-2018-14348.patch + * Bump debhelper-compat to 13 + * Bump Standards-Version to 4.5.1. No changes required + * Install *.a files into libcgroup-dev + * d/rules: remove security/*.a to avoid --fail-missing error + * Add debian/salsa-ci.yml + * Add d/tests/tools-cgroupv1 + * Update debian/libcgroup1.symbols + * Adopt libcgroup (Closes: #823161) + + -- Santiago Ruano Rincón Tue, 13 Apr 2021 20:48:31 +0200 + libcgroup (0.41-11) unstable; urgency=medium * QA upload. diff -Nru libcgroup-0.41/debian/control libcgroup-2.0/debian/control --- libcgroup-0.41/debian/control 2021-02-08 15:43:56.0 +0200 +++ libcgroup-2.0/debian/control2021-04-13 22:51:58.0 +0300 @@ -1,14 +1,14 @@ Source: libcgroup Priority: optional Section: libs -Maintainer: Debian QA Group +Maintainer: Santiago Ruano Rincón Build-Depends: -debhelper-compat (= 12), +debhelper-compat (= 13), bison, flex, libpam-dev, Rules-Requires-Root: no -Standards-Version: 4.4.1 +Standards-Version: 4.5.1 Homepage: http://libcg.sourceforge.net/ Vcs-Git: https://salsa.debian.org/debian/libcgroup.git Vcs-Browser: https://salsa.debian.org/debian/libcgroup diff -Nru libcgroup-0.41/debian/copyright libcgroup-2.0/debian/copyright --- libcgroup-0.41/debian/copyright 2021-02-08 15:43:56.0 +0200 +++ libcgroup-2.0/debian/copyright 2021-04-30 16:30:55.0 +0300 @@ -13,6 +13,10 @@ 2008 Vivek Goyal License: BSD-3-clause or GPL-2, and LGPL-2.1 +Files: googletest/* +Copyright: 2008, Google Inc. +License: BSD-3-clause-google + Files: debian/* Copyright: 2009 Jon Bernard 2013-2014 Daniel Baumann @@ -46,6 +50,33 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +License: BSD-3-clause-google + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provi
Bug#991004: unblock: golang-github-sylabs-sif/1.0.9-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please age package golang-github-sylabs-sif * Add fix from YunQiang Su for architecture-dependent behaviour in mmap() prot. (Closes: #983583) This fixes a software bug exposed on some hardware, including causing FTBFS on some of the mips*el buildds. autopkgtest for golang-github-sylabs-sif/1.0.9-2.1: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass Too young, only 7 of 20 days old diff -Nru golang-github-sylabs-sif-1.0.9/debian/changelog golang-github-sylabs-sif-1.0.9/debian/changelog --- golang-github-sylabs-sif-1.0.9/debian/changelog 2020-02-28 09:16:12.0 +0200 +++ golang-github-sylabs-sif-1.0.9/debian/changelog 2021-07-03 13:32:11.0 +0300 @@ -1,3 +1,11 @@ +golang-github-sylabs-sif (1.0.9-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add fix from YunQiang Su for architecture-dependent behaviour +in mmap() prot. (Closes: #983583) + + -- Adrian Bunk Sat, 03 Jul 2021 13:32:11 +0300 + golang-github-sylabs-sif (1.0.9-2) unstable; urgency=medium * Build-Depends correction (Closes: #951538). diff -Nru golang-github-sylabs-sif-1.0.9/debian/patches/load-mmap.patch golang-github-sylabs-sif-1.0.9/debian/patches/load-mmap.patch --- golang-github-sylabs-sif-1.0.9/debian/patches/load-mmap.patch 1970-01-01 02:00:00.0 +0200 +++ golang-github-sylabs-sif-1.0.9/debian/patches/load-mmap.patch 2021-07-03 13:32:11.0 +0300 @@ -0,0 +1,16 @@ +Description: Fix architecture-dependent behaviour in mmap() prot +Author: YunQiang Su +Bug-Debian: https://bugs.debian.org/983583 +Forwarded: not-needed (https://github.com/sylabs/sif/commit/5ef4cc53eb9bf04e79fb96428daedd5f576fb71d) + +--- golang-github-sylabs-sif-1.0.9.orig/pkg/sif/load.go golang-github-sylabs-sif-1.0.9/pkg/sif/load.go +@@ -92,7 +92,7 @@ func (fimg *FileImage) mapFile(rdonly bo + flags := syscall.MAP_PRIVATE + + if !rdonly { +- prot = syscall.PROT_WRITE ++ prot = syscall.PROT_WRITE | syscall.PROT_READ + flags = syscall.MAP_SHARED + } + diff -Nru golang-github-sylabs-sif-1.0.9/debian/patches/series golang-github-sylabs-sif-1.0.9/debian/patches/series --- golang-github-sylabs-sif-1.0.9/debian/patches/series1970-01-01 02:00:00.0 +0200 +++ golang-github-sylabs-sif-1.0.9/debian/patches/series2021-07-03 13:32:11.0 +0300 @@ -0,0 +1 @@ +load-mmap.patch
Bug#991005: unblock: corosync/3.1.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please age package corosync * [f641780] New patch: stats: fix crash when iterating over deleted keys. Cherry-picked from v3.1.4. (change by Ferenc Wágner) autopkgtest for corosync/3.1.2-2: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass Too young, only 7 of 20 days old This would reach 20 days after the deadline July 17th. diff -Nru corosync-3.1.2/debian/changelog corosync-3.1.2/debian/changelog --- corosync-3.1.2/debian/changelog 2021-04-07 15:19:13.0 +0300 +++ corosync-3.1.2/debian/changelog 2021-07-05 10:11:09.0 +0300 @@ -1,3 +1,11 @@ +corosync (3.1.2-2) unstable; urgency=medium + + * [f641780] New patch: stats: fix crash when iterating over deleted keys. +Cherry-picked from v3.1.4. +Thanks to Christine Caulfield + + -- Ferenc Wágner Mon, 05 Jul 2021 09:11:09 +0200 + corosync (3.1.2-1) unstable; urgency=medium * [2c66d6d] New upstream release (3.1.2) diff -Nru corosync-3.1.2/debian/patches/series corosync-3.1.2/debian/patches/series --- corosync-3.1.2/debian/patches/series2021-04-07 15:18:49.0 +0300 +++ corosync-3.1.2/debian/patches/series2021-07-05 10:08:39.0 +0300 @@ -2,3 +2,4 @@ Enable-PrivateTmp-in-the-systemd-service-files.patch Make-the-example-config-valid.patch man-corosync-cfgtool.8-use-proper-single-quotes.patch +stats-fix-crash-when-iterating-over-deleted-keys.patch diff -Nru corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch --- corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch 1970-01-01 02:00:00.0 +0200 +++ corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch 2021-07-05 10:08:39.0 +0300 @@ -0,0 +1,64 @@ +From: Christine Caulfield +Date: Thu, 3 Jun 2021 07:53:28 +0100 +Subject: stats: fix crash when iterating over deleted keys + +The libqb map API leaves 'ownership' of the data with the caller +but does its own lifetime management, so it can easily happen that +map_rm() is called and the data deleted by the caller. +But if an iterator is running over that item then the map entry +will not get removed (leaving dangling pointers) until later. + +libqb has a hack-y callback that tells the owner when it is safe to +delete the allocated memory, so we hook into that. icmap is already +using this. + +Signed-off-by: Christine Caulfield +Reviewed-by: Jan Friesse +--- + exec/stats.c | 19 ++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/exec/stats.c b/exec/stats.c +index d5c1cbc..d9fd115 100644 +--- a/exec/stats.c b/exec/stats.c +@@ -270,6 +270,17 @@ static void stats_rm_entry(const char *key) + + if (item) { + qb_map_rm(stats_map, item->key_name); ++ /* Structures freed in callback below */ ++ } ++} ++ ++static void stats_map_free_cb(uint32_t event, ++char* key, void* old_value, ++void* value, void* user_data) ++{ ++ struct stats_item *item = (struct stats_item *)old_value; ++ ++ if (item) { + free(item->key_name); + free(item); + } +@@ -279,6 +290,7 @@ cs_error_t stats_map_init(const struct corosync_api_v1 *corosync_api) + { + int i; + char param[ICMAP_KEYNAME_MAXLEN]; ++ int32_t err; + + api = corosync_api; + +@@ -302,7 +314,12 @@ cs_error_t stats_map_init(const struct corosync_api_v1 *corosync_api) + } + + /* KNET, IPCS & SCHEDMISS stats are added when appropriate */ +- return CS_OK; ++ ++ ++ /* Call us when we can free things */ ++ err = qb_map_notify_add(stats_map, NULL, stats_map_free_cb, QB_MAP_NOTIFY_FREE, NULL); ++ ++ return (qb_to_cs_error(err)); + } + + cs_error_t stats_map_get(const char *key_name,
Bug#991101: unblock: frr/7.5.1-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package frr * Backport upstream fix for compatibility with the bullseye libyang1. (Closes: #990585) autopkgtest for frr/7.5.1-1.1: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass Too young, only 1 of 20 days old I have confirmed that the example from https://github.com/FRRouting/frr/issues/8521 fails without the fix and passes with the fix.
Bug#991101: unblock: frr/7.5.1-1.1
On Wed, Jul 14, 2021 at 02:45:34PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package frr > > * Backport upstream fix for compatibility with the bullseye > libyang1. (Closes: #990585) > > autopkgtest for frr/7.5.1-1.1: amd64: Pass, arm64: Pass, armhf: Pass, i386: > Pass, ppc64el: Pass > Too young, only 1 of 20 days old > > I have confirmed that the example from > https://github.com/FRRouting/frr/issues/8521 > fails without the fix and passes with the fix. And now with attachment. cu Adrian diff -Nru frr-7.5.1/debian/changelog frr-7.5.1/debian/changelog --- frr-7.5.1/debian/changelog 2021-03-08 10:40:19.0 +0200 +++ frr-7.5.1/debian/changelog 2021-07-11 19:15:04.0 +0300 @@ -1,3 +1,11 @@ +frr (7.5.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for compatibility with the bullseye +libyang1. (Closes: #990585) + + -- Adrian Bunk Sun, 11 Jul 2021 19:15:04 +0300 + frr (7.5.1-1) unstable; urgency=medium * Update the d/gbp.conf for 7.5.1 release diff -Nru frr-7.5.1/debian/patches/0001-yang-fix-zebra-module.patch frr-7.5.1/debian/patches/0001-yang-fix-zebra-module.patch --- frr-7.5.1/debian/patches/0001-yang-fix-zebra-module.patch 1970-01-01 02:00:00.0 +0200 +++ frr-7.5.1/debian/patches/0001-yang-fix-zebra-module.patch 2021-07-11 18:41:30.0 +0300 @@ -0,0 +1,71 @@ +From 7573cb86a259d3c9ef6eae9dd5d529f8080922cd Mon Sep 17 00:00:00 2001 +From: Igor Ryzhov +Date: Thu, 22 Apr 2021 12:48:19 +0300 +Subject: yang: fix zebra module + +Fixes: #8521 +Signed-off-by: Igor Ryzhov +--- + yang/frr-zebra.yang | 14 +++--- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/yang/frr-zebra.yang b/yang/frr-zebra.yang +index 2efc45c14..6b4be6591 100644 +--- a/yang/frr-zebra.yang b/yang/frr-zebra.yang +@@ -2184,8 +2184,8 @@ module frr-zebra { + + "/frr-route-map:match-condition" + + "/frr-route-map:condition-value" { + case ipv4-prefix-length { +- when "./condition = 'ipv4-prefix-length' or +-./condition = 'ipv4-next-hop-prefix-length'"; ++ when "./frr-route-map:condition = 'ipv4-prefix-length' or ++./frr-route-map:condition = 'ipv4-next-hop-prefix-length'"; + leaf ipv4-prefix-length { + type uint8 { + range "0..32"; +@@ -2193,7 +2193,7 @@ module frr-zebra { + } + } + case ipv6-prefix-length { +- when "./condition = 'ipv6-prefix-length'"; ++ when "./frr-route-map:condition = 'ipv6-prefix-length'"; + leaf ipv6-prefix-length { + type uint8 { + range "0..128"; +@@ -2201,13 +2201,13 @@ module frr-zebra { + } + } + case source-protocol { +- when "./condition = 'source-protocol'"; ++ when "./frr-route-map:condition = 'source-protocol'"; + leaf source-protocol { + type frr-route-types:frr-route-types; + } + } + case source-instance { +- when "./condition = 'source-instance'"; ++ when "./frr-route-map:condition = 'source-instance'"; + leaf source-instance { + type uint8 { + range "0..255"; +@@ -,14 +,14 @@ module frr-zebra { + + "/frr-route-map:set-action" + + "/frr-route-map:action-value" { + case source-v4 { +- when "./action = 'source'"; ++ when "./frr-route-map:action = 'source'"; + leaf source-v4 { + description "IPv4 address"; + type inet:ipv4-address; + } + } + case source-v6 { +- when "./action = 'source'"; ++ when "./frr-route-map:action = 'source'"; + leaf source-v6 { + description "IPv6 address"; + type inet:ipv6-address; +-- +2.20.1 + diff -Nru frr-7.5.1/debian/patches/series frr-7.5.1/debian/patches/series --- frr-7.5.1/debian/patches/series 1970-01-01 02:00:00.0 +0200 +++ frr-7.5.1/debian/patches/series 2021-07-11 19:15:01.0 +0300 @@ -0,0 +1 @@ +0001-yang-fix-zebra-module.patch
Bug#991202: unblock: dask.distributed/2021.01.0+ds.1-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dask.distributed * Backport upstream fix removing tests that fail under some circumstances. (Closes: #987816) * python-distributed-doc: Fix broken symlink to html5shiv.min.js, dh_link needs absolute paths. (Closes: #988675) diff -Nru dask.distributed-2021.01.0+ds.1/debian/changelog dask.distributed-2021.01.0+ds.1/debian/changelog --- dask.distributed-2021.01.0+ds.1/debian/changelog2021-02-01 22:08:19.0 +0200 +++ dask.distributed-2021.01.0+ds.1/debian/changelog2021-07-13 19:19:56.0 +0300 @@ -1,3 +1,13 @@ +dask.distributed (2021.01.0+ds.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix removing tests that fail under some +circumstances. (Closes: #987816) + * python-distributed-doc: Fix broken symlink to html5shiv.min.js, +dh_link needs absolute paths. (Closes: #988675) + + -- Adrian Bunk Tue, 13 Jul 2021 19:19:56 +0300 + dask.distributed (2021.01.0+ds.1-2) unstable; urgency=medium * Add fall-back-to-ipv6-localhost.patch to work around ipv6 networking diff -Nru dask.distributed-2021.01.0+ds.1/debian/patches/0001-Remove-tests-for-process_time-and-thread_time-4895.patch dask.distributed-2021.01.0+ds.1/debian/patches/0001-Remove-tests-for-process_time-and-thread_time-4895.patch --- dask.distributed-2021.01.0+ds.1/debian/patches/0001-Remove-tests-for-process_time-and-thread_time-4895.patch 1970-01-01 02:00:00.0 +0200 +++ dask.distributed-2021.01.0+ds.1/debian/patches/0001-Remove-tests-for-process_time-and-thread_time-4895.patch 2021-07-13 19:19:56.0 +0300 @@ -0,0 +1,73 @@ +From 668f3f1d38c27277448af6f5aa88741cd1d33f3b Mon Sep 17 00:00:00 2001 +From: James Bourbeau +Date: Wed, 9 Jun 2021 08:57:53 -0500 +Subject: Remove tests for `process_time` and `thread_time` (#4895) + +--- + distributed/tests/test_metrics.py | 46 --- + 1 file changed, 46 deletions(-) + +diff --git a/distributed/tests/test_metrics.py b/distributed/tests/test_metrics.py +index 3a27e638..58c33266 100644 +--- a/distributed/tests/test_metrics.py b/distributed/tests/test_metrics.py +@@ -1,9 +1,6 @@ +-import sys +-import threading + import time + + from distributed import metrics +-from distributed.utils_test import run_for + + + def test_wall_clock(): +@@ -18,46 +15,3 @@ def test_wall_clock(): + assert any(lambda d: 0.0 < d < 0.0001 for d in deltas), deltas + # Close to time.time() + assert t - 0.5 < samples[0] < t + 0.5 +- +- +-def test_process_time(): +-start = metrics.process_time() +-run_for(0.05) +-dt = metrics.process_time() - start +-assert 0.03 <= dt <= 0.2 +- +-# All threads counted +-t = threading.Thread(target=run_for, args=(0.1,)) +-start = metrics.process_time() +-t.start() +-t.join() +-dt = metrics.process_time() - start +-assert dt >= 0.05 +- +-# Sleep time not counted +-start = metrics.process_time() +-time.sleep(0.1) +-dt = metrics.process_time() - start +-assert dt <= 0.05 +- +- +-def test_thread_time(): +-start = metrics.thread_time() +-run_for(0.05) +-dt = metrics.thread_time() - start +-assert 0.03 <= dt <= 0.2 +- +-# Sleep time not counted +-start = metrics.thread_time() +-time.sleep(0.1) +-dt = metrics.thread_time() - start +-assert dt <= 0.05 +- +-if sys.platform == "linux": +-# Always per-thread on Linux +-t = threading.Thread(target=run_for, args=(0.1,)) +-start = metrics.thread_time() +-t.start() +-t.join() +-dt = metrics.thread_time() - start +-assert dt <= 0.05 +-- +2.20.1 + diff -Nru dask.distributed-2021.01.0+ds.1/debian/patches/series dask.distributed-2021.01.0+ds.1/debian/patches/series --- dask.distributed-2021.01.0+ds.1/debian/patches/series 2021-02-01 21:51:15.0 +0200 +++ dask.distributed-2021.01.0+ds.1/debian/patches/series 2021-07-13 19:19:56.0 +0300 @@ -7,3 +7,4 @@ use-local-favicon.patch mark-tests-require-installation.patch fall-back-to-ipv6-localhost.patch +0001-Remove-tests-for-process_time-and-thread_time-4895.patch diff -Nru dask.distributed-2021.01.0+ds.1/debian/python-distributed-doc.links dask.distributed-2021.01.0+ds.1/debian/python-distributed-doc.links --- dask.distributed-2021.01.0+ds.1/debian/python-distributed-doc.links 2021-01-17 05:54:55.0 +0200 +++ dask.distributed-2021.01.0+ds.1/debian/python-distributed-doc.links 2021-07-13 19:19:56.0 +0300 @@ -1 +1 @@ -../../../../sphinx_rtd_theme/static/js/html5shiv.min.js usr/share/doc/python-distributed-doc/html/_static/js/html5shiv.min.js +/usr/share/sphinx_rtd_theme/static/js/html5shiv.min.js usr/share/doc/python-distributed-doc/html/_static/js/html5shiv.min.js
Bug#991203: unblock: python-dbussy/1.3-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package python-dbussy * Backport upstream fix to ensure that Type objects always have a code field. (Closes: #978544)
Bug#991206: unblock: x264/2:0.160.3011+gitcde9a93-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package x264 * Backport upstream fix to support GPAC >= 0.8.0. (Closes: #975441) This fixes a regression from buster by restoring MP4 output in the x264 binary, the library is unchanged. diff -Nru x264-0.160.3011+gitcde9a93/debian/changelog x264-0.160.3011+gitcde9a93/debian/changelog --- x264-0.160.3011+gitcde9a93/debian/changelog 2020-07-26 17:52:56.0 +0300 +++ x264-0.160.3011+gitcde9a93/debian/changelog 2021-07-15 15:06:22.0 +0300 @@ -1,3 +1,10 @@ +x264 (2:0.160.3011+gitcde9a93-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix to support GPAC >= 0.8.0. (Closes: #975441) + + -- Adrian Bunk Thu, 15 Jul 2021 15:06:22 +0300 + x264 (2:0.160.3011+gitcde9a93-2) unstable; urgency=medium * Team upload diff -Nru x264-0.160.3011+gitcde9a93/debian/patches/0001-mp4-Update-GPAC-support-to-v0.8.0-or-later.patch x264-0.160.3011+gitcde9a93/debian/patches/0001-mp4-Update-GPAC-support-to-v0.8.0-or-later.patch --- x264-0.160.3011+gitcde9a93/debian/patches/0001-mp4-Update-GPAC-support-to-v0.8.0-or-later.patch 1970-01-01 02:00:00.0 +0200 +++ x264-0.160.3011+gitcde9a93/debian/patches/0001-mp4-Update-GPAC-support-to-v0.8.0-or-later.patch 2021-07-15 15:06:22.0 +0300 @@ -0,0 +1,58 @@ +From 7c2004b58c26da661618262c9c06b73ad3a9ff6c Mon Sep 17 00:00:00 2001 +From: "A. David" +Date: Thu, 2 Jul 2020 19:45:50 +0200 +Subject: mp4: Update GPAC support to v0.8.0 or later + +--- + configure| 5 +++-- + output/mp4.c | 6 +- + 2 files changed, 8 insertions(+), 3 deletions(-) + +Index: x264-0.160.3011+gitcde9a93/configure +=== +--- x264-0.160.3011+gitcde9a93.orig/configure x264-0.160.3011+gitcde9a93/configure +@@ -1240,15 +1240,16 @@ if [ "$gpac" = "auto" -a "$lsmash" != "y + gpac="no" + GPAC_LIBS="-lgpac" + cc_check "" -lz && GPAC_LIBS="$GPAC_LIBS -lz" ++cc_check "" -ldl && GPAC_LIBS="$GPAC_LIBS -ldl" + if [ "$SYS" = "WINDOWS" ] ; then + cc_check "" -lws2_32 && GPAC_LIBS="$GPAC_LIBS -lws2_32" + cc_check "" -lwinmm && GPAC_LIBS="$GPAC_LIBS -lwinmm" + fi + if cc_check gpac/isomedia.h "$GPAC_LIBS" "gf_isom_close(0);" ; then +-if cc_check gpac/isomedia.h "$GPAC_LIBS" "gf_isom_set_pixel_aspect_ratio(0,0,0,0,0);" ; then ++if cc_check gpac/isomedia.h "$GPAC_LIBS" "gf_isom_set_pixel_aspect_ratio(0,0,0,0,0,0);" ; then + gpac="yes" + else +-echo "Warning: gpac is too old, update to 2007-06-21 UTC or later" ++echo "Warning: gpac is too old, update to v0.8.0 or later" + fi + fi + fi +Index: x264-0.160.3011+gitcde9a93/output/mp4.c +=== +--- x264-0.160.3011+gitcde9a93.orig/output/mp4.c x264-0.160.3011+gitcde9a93/output/mp4.c +@@ -147,7 +147,11 @@ static int close_file( hnd_t handle, int + { + uint32_t mvhd_timescale = gf_isom_get_timescale( p_mp4->p_file ); + uint64_t tkhd_duration = (uint64_t)( mdhd_duration * ( (double)mvhd_timescale / p_mp4->i_time_res ) ); ++#if GPAC_VERSION_MAJOR > 8 ++gf_isom_append_edit( p_mp4->p_file, p_mp4->i_track, tkhd_duration, sample->CTS_Offset, GF_ISOM_EDIT_NORMAL ); ++#else + gf_isom_append_edit_segment( p_mp4->p_file, p_mp4->i_track, tkhd_duration, sample->CTS_Offset, GF_ISOM_EDIT_NORMAL ); ++#endif + } + gf_isom_sample_del( &sample ); + +@@ -233,7 +237,7 @@ static int set_param( hnd_t handle, x264 + dw *= sar; + else + dh /= sar; +-gf_isom_set_pixel_aspect_ratio( p_mp4->p_file, p_mp4->i_track, p_mp4->i_descidx, p_param->vui.i_sar_width, p_param->vui.i_sar_height ); ++gf_isom_set_pixel_aspect_ratio( p_mp4->p_file, p_mp4->i_track, p_mp4->i_descidx, p_param->vui.i_sar_width, p_param->vui.i_sar_height, 0 ); + gf_isom_set_track_layout_info( p_mp4->p_file, p_mp4->i_track, dw, dh, 0, 0, 0 ); + } + diff -Nru x264-0.160.3011+gitcde9a93/debian/patches/series x264-0.160.3011+gitcde9a93/debian/patches/series --- x264-0.160.3011+gitcde9a93/debian/patches/series2020-06-21 12:40:55.0 +0300 +++ x264-0.160.3011+gitcde9a93/debian/patches/series2021-07-15 15:06:22.0 +0300 @@ -1,2 +1,3 @@ link_gpac_dynamically.patch properly_detect_x32.patch +0001-mp4-Update-GPAC-support-to-v0.8.0-or-later.patch
Bug#991207: unblock: dlib/19.10-3.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dlib * Backport upstream fix for using cv_image.h with OpenCV 4, thanks to Alexandr Podgorniy. (Closes: #990676) This fixes compiling code using cv_image.h with the bullseye OpenCV.
Bug#991209: unblock: minetest/5.3.0+repack-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package minetest * Add upstream fix for errors caused by missing param2 in falling.lua, thanks to Craig Small. (Closes: #990923) diff -Nru minetest-5.3.0+repack/debian/changelog minetest-5.3.0+repack/debian/changelog --- minetest-5.3.0+repack/debian/changelog 2021-01-31 15:41:26.0 +0200 +++ minetest-5.3.0+repack/debian/changelog 2021-07-15 18:55:57.0 +0300 @@ -1,3 +1,11 @@ +minetest (5.3.0+repack-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix for errors caused by missing param2 +in falling.lua, thanks to Craig Small. (Closes: #990923) + + -- Adrian Bunk Thu, 15 Jul 2021 18:55:57 +0300 + minetest (5.3.0+repack-2) unstable; urgency=medium * Team upload. diff -Nru minetest-5.3.0+repack/debian/patches/0001-Falling-Fix-error-caused-by-missing-param2.patch minetest-5.3.0+repack/debian/patches/0001-Falling-Fix-error-caused-by-missing-param2.patch --- minetest-5.3.0+repack/debian/patches/0001-Falling-Fix-error-caused-by-missing-param2.patch 1970-01-01 02:00:00.0 +0200 +++ minetest-5.3.0+repack/debian/patches/0001-Falling-Fix-error-caused-by-missing-param2.patch 2021-07-15 18:55:34.0 +0300 @@ -0,0 +1,26 @@ +From aba8c3753162320c7cc8a66913ad82f4f1fd0d8b Mon Sep 17 00:00:00 2001 +From: SmallJoker +Date: Thu, 30 Jul 2020 19:03:48 +0200 +Subject: Falling: Fix error caused by missing param2 + +Falling nodes that were spawned prior the recent falling node changes did not require param2. +Default to param2 = 0 when none is found in the node data. +--- + builtin/game/falling.lua | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/builtin/game/falling.lua b/builtin/game/falling.lua +index 714506a5f..4bfcca9e7 100644 +--- a/builtin/game/falling.lua b/builtin/game/falling.lua +@@ -52,6 +52,7 @@ core.register_entity(":__builtin:falling_node", { + floats = false, + + set_node = function(self, node, meta) ++ node.param2 = node.param2 or 0 + self.node = node + meta = meta or {} + if type(meta.to_table) == "function" then +-- +2.20.1 + diff -Nru minetest-5.3.0+repack/debian/patches/series minetest-5.3.0+repack/debian/patches/series --- minetest-5.3.0+repack/debian/patches/series 2021-01-31 11:43:36.0 +0200 +++ minetest-5.3.0+repack/debian/patches/series 2021-07-15 18:55:53.0 +0300 @@ -2,3 +2,4 @@ shared_mods.patch rawlua.patch postgresql.patch +0001-Falling-Fix-error-caused-by-missing-param2.patch
Bug#991207: unblock: dlib/19.10-3.1
On Sat, Jul 17, 2021 at 04:23:45PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package dlib > > * Backport upstream fix for using cv_image.h with OpenCV 4, > thanks to Alexandr Podgorniy. (Closes: #990676) > > This fixes compiling code using cv_image.h with the bullseye OpenCV. And with debdiff attached. cu Adrian diff -Nru dlib-19.10/debian/changelog dlib-19.10/debian/changelog --- dlib-19.10/debian/changelog 2019-01-17 09:17:25.0 +0200 +++ dlib-19.10/debian/changelog 2021-07-15 17:19:19.0 +0300 @@ -1,3 +1,11 @@ +dlib (19.10-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for using cv_image.h with OpenCV 4, +thanks to Alexandr Podgorniy. (Closes: #990676) + + -- Adrian Bunk Thu, 15 Jul 2021 17:19:19 +0300 + dlib (19.10-3) unstable; urgency=medium * Team upload. diff -Nru dlib-19.10/debian/patches/0001-Fix-opencv-version-check-to-work-on-all-opencv-versi.patch dlib-19.10/debian/patches/0001-Fix-opencv-version-check-to-work-on-all-opencv-versi.patch --- dlib-19.10/debian/patches/0001-Fix-opencv-version-check-to-work-on-all-opencv-versi.patch 1970-01-01 02:00:00.0 +0200 +++ dlib-19.10/debian/patches/0001-Fix-opencv-version-check-to-work-on-all-opencv-versi.patch 2021-07-15 17:02:19.0 +0300 @@ -0,0 +1,33 @@ +From eea91537ac73498153266984da28c202965b75de Mon Sep 17 00:00:00 2001 +From: Davis King +Date: Sun, 22 Dec 2019 07:52:08 -0500 +Subject: Fix opencv version check to work on all opencv versions + +--- + dlib/opencv/cv_image.h | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/dlib/opencv/cv_image.h b/dlib/opencv/cv_image.h +index 5f224d00..05af0551 100644 +--- a/dlib/opencv/cv_image.h b/dlib/opencv/cv_image.h +@@ -34,7 +34,16 @@ namespace dlib + << "\n\t img.channels(): " << img.channels() + << "\n\t img.pixel_traits::num: " << pixel_traits::num + ); ++// Note, do NOT use CV_VERSION_MAJOR because in OpenCV 2 CV_VERSION_MAJOR actually held ++// CV_VERSION_MINOR and instead they used CV_VERSION_EPOCH. So for example, in OpenCV ++// 2.4.9.1 CV_VERSION_MAJOR==4 and CV_VERSION_EPOCH==2. However, CV_MAJOR_VERSION has always ++// (seemingly) held the actual major version number, so we use that to test for the OpenCV major ++// version. ++#if CV_MAJOR_VERSION > 3 ++IplImage temp = cvIplImage(img); ++#else + IplImage temp = img; ++#endif + init(&temp); + } + +-- +2.20.1 + diff -Nru dlib-19.10/debian/patches/series dlib-19.10/debian/patches/series --- dlib-19.10/debian/patches/series2019-01-17 08:43:25.0 +0200 +++ dlib-19.10/debian/patches/series2021-07-15 17:19:17.0 +0300 @@ -1 +1,2 @@ fix-soname.patch +0001-Fix-opencv-version-check-to-work-on-all-opencv-versi.patch
Bug#991210: unblock: conmon/2.0.25+ds1-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package conmon * Add upstream fix to not make container runtime processes unkillable. (Closes: #990263) I am not convinced that the lowering to non-RC of the bug was appropriate, but this is moot if the fix goes into bullseye. diff -Nru conmon-2.0.25+ds1/debian/changelog conmon-2.0.25+ds1/debian/changelog --- conmon-2.0.25+ds1/debian/changelog 2021-01-31 05:56:56.0 +0200 +++ conmon-2.0.25+ds1/debian/changelog 2021-07-14 20:46:07.0 +0300 @@ -1,3 +1,11 @@ +conmon (2.0.25+ds1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix to not make container runtime processes +unkillable. (Closes: #990263) + + -- Adrian Bunk Wed, 14 Jul 2021 20:46:07 +0300 + conmon (2.0.25+ds1-1) unstable; urgency=medium * New upstream release diff -Nru conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch --- conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch 1970-01-01 02:00:00.0 +0200 +++ conmon-2.0.25+ds1/debian/patches/0001-Reset-OOM-score-back-to-0-for-container-runtime.patch 2021-07-14 20:46:07.0 +0300 @@ -0,0 +1,76 @@ +From b033cb5dfde6de05e63408fc839f1bb641cddd85 Mon Sep 17 00:00:00 2001 +From: Mrunal Patel +Date: Thu, 27 May 2021 14:09:39 -0700 +Subject: Reset OOM score back to 0 for container runtime + +We don't want container runtime procesess to be unkillable +so we reset oom_score_adj back to 0 before execv +of the runtime process. + +Signed-off-by: Mrunal Patel +--- + src/conmon.c | 4 +++- + src/oom.c| 6 ++ + src/oom.h| 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/conmon.c b/src/conmon.c +index c349d6c..c6bd9f5 100644 +--- a/src/conmon.c b/src/conmon.c +@@ -41,7 +41,7 @@ int main(int argc, char *argv[]) + + process_cli(); + +- attempt_oom_adjust(); ++ attempt_oom_adjust("-1000"); + + /* ignoring SIGPIPE prevents conmon from being spuriously killed */ + signal(SIGPIPE, SIG_IGN); +@@ -275,6 +275,8 @@ int main(int argc, char *argv[]) + } + } + ++ // We don't want runc to be unkillable so we reset the oom_score_adj back to 0 ++ attempt_oom_adjust("0"); + execv(g_ptr_array_index(runtime_argv, 0), (char **)runtime_argv->pdata); + exit(127); + } +diff --git a/src/oom.c b/src/oom.c +index 5791777..0041a6b 100644 +--- a/src/oom.c b/src/oom.c +@@ -5,16 +5,14 @@ + #include + #include + +-#define OOM_SCORE "-1000" +- +-void attempt_oom_adjust() ++void attempt_oom_adjust(const char *const oom_score) + { + int oom_score_fd = open("/proc/self/oom_score_adj", O_WRONLY); + if (oom_score_fd < 0) { + ndebugf("failed to open /proc/self/oom_score_adj: %s\n", strerror(errno)); + return; + } +- if (write(oom_score_fd, OOM_SCORE, strlen(OOM_SCORE)) < 0) { ++ if (write(oom_score_fd, oom_score, strlen(oom_score)) < 0) { + ndebugf("failed to write to /proc/self/oom_score_adj: %s\n", strerror(errno)); + } + close(oom_score_fd); +diff --git a/src/oom.h b/src/oom.h +index 28e4178..9408c3b 100644 +--- a/src/oom.h b/src/oom.h +@@ -1,6 +1,6 @@ + #if !defined(OOM_H) + #define OOM_H + +-void attempt_oom_adjust(); ++void attempt_oom_adjust(const char *const oom_score); + + #endif // OOM_H +-- +2.20.1 + diff -Nru conmon-2.0.25+ds1/debian/patches/series conmon-2.0.25+ds1/debian/patches/series --- conmon-2.0.25+ds1/debian/patches/series 1970-01-01 02:00:00.0 +0200 +++ conmon-2.0.25+ds1/debian/patches/series 2021-07-14 20:46:07.0 +0300 @@ -0,0 +1 @@ +0001-Reset-OOM-score-back-to-0-for-container-runtime.patch
Bug#991211: unblock: debian-crossgrader/0.0.3+nmu3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-crossgrader * Purge with --force-remove-protected in the third stage to avoid failures due to packages that recently became protected. (Closes: #990669) This regression caused by changes in bullseye was hidden when #968458 in python-apt made crossgrader fail even earlier. diff -Nru debian-crossgrader-0.0.3+nmu2/debian/changelog debian-crossgrader-0.0.3+nmu3/debian/changelog --- debian-crossgrader-0.0.3+nmu2/debian/changelog 2020-12-12 23:22:05.0 +0200 +++ debian-crossgrader-0.0.3+nmu3/debian/changelog 2021-07-14 20:23:38.0 +0300 @@ -1,3 +1,12 @@ +debian-crossgrader (0.0.3+nmu3) unstable; urgency=medium + + * Non-maintainer upload. + * Purge with --force-remove-protected in the third stage to +avoid failures due to packages that recently became protected. +(Closes: #990669) + + -- Adrian Bunk Wed, 14 Jul 2021 20:23:38 +0300 + debian-crossgrader (0.0.3+nmu2) unstable; urgency=medium * NMU diff -Nru debian-crossgrader-0.0.3+nmu2/debian_crossgrader/__main__.py debian-crossgrader-0.0.3+nmu3/debian_crossgrader/__main__.py --- debian-crossgrader-0.0.3+nmu2/debian_crossgrader/__main__.py 2020-09-06 19:13:29.0 +0300 +++ debian-crossgrader-0.0.3+nmu3/debian_crossgrader/__main__.py 2021-07-11 19:22:28.0 +0300 @@ -138,7 +138,7 @@ return if cont == 'y': -subprocess.check_call(['dpkg', '--purge'] + targets) +subprocess.check_call(['dpkg', '--purge', '--force-remove-protected'] + targets) remaining = apt_utils.get_arch_packages(foreign_arch) if args.packages: remaining = [pkg_name for pkg_name in remaining if pkg_name not in args.packages]
Bug#990825: [pre-approval] unblock: golang-1.15/1.15.9-6
On Tue, Jul 13, 2021 at 02:08:22PM +0800, Shengjing Zhu wrote: >... > Sadly the std library are statically embedded in all packages built by Go > compiler. > So if there's security issue in std library, bunch of packages need to be > rebuild. >... It might be an improvement to switch to gccgo as default Go compiler in bookworm? cu Adrian
Bug#990990: unblock: libcgroup/2.0
On Mon, Jul 19, 2021 at 03:07:49PM +0200, Santiago Ruano Rincón wrote: > On Thu, 15 Jul 2021 12:27:35 +0200 Paul Gevers wrote: > > Hi, > > > > On 12-07-2021 18:45, Michael Biebl wrote: > > > This was already discussed in > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959022 > > > > > > My takeaway from that discussion was, that rdeps of cgroup-tools, would > > > itself have to be made cgroupv2 aware, especially OpenStack and its > > > components. > > > > That resembles my understanding of that discussion too. > > Mine too. > > zigo, are there any news from openstack about this? > > > > > > Have those rdeps been tested successfully with libcgroup/cgroup-tools > > > from experimental? > > > > I'm not in favor of doing this transition now. > > > > Please, keep in mind this comment, made before the release of 2.0: > "we are planning something for next week. The version number will > probably be 2.0 - with expectation that the v2 cycle will have > continously breaking ABI. When we are happy where it is, we will push > out v3 which will then maintain ABI through its lifetime." > https://github.com/libcgroup/libcgroup/issues/12#issuecomment-825816328 What kind of ABI is this referring to? Based on soname and package name, the libcgroup1 in experimental claims to be ABI compatible with the library in buster. Changes in bookworm would be a normal library transition. OpenStack uses cgroup-tools, which is the only reason why libcgroup stayed in bullseye at all. My suggestion was basically asking whether 2.0 would be better for using with the version of OpenStack in bullseye, this is similar to your question to Thomas above. If cgroup-tools in *bookworm* would be incompatible with OpenStack in bullseye, this could be resolved with Breaks on the bullseye versions of cinder-common/nova-compute - this is irrelevant for discussing which version of libcgroup to ship in bullseye. > Cheers, > > -- Santiago cu Adrian
Bug#991302: unblock: smem/1.5-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package smem * Add patch from Marco Paganini for Python 3 incompatibility in "smem --bar". (Closes: #958129) Regression from buster caused by the switch to Python 3. diff -Nru smem-1.5/debian/changelog smem-1.5/debian/changelog --- smem-1.5/debian/changelog 2020-01-05 05:57:10.0 +0200 +++ smem-1.5/debian/changelog 2021-07-17 22:47:50.0 +0300 @@ -1,3 +1,11 @@ +smem (1.5-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add patch from Marco Paganini for Python 3 incompatibility +in "smem --bar". (Closes: #958129) + + -- Adrian Bunk Sat, 17 Jul 2021 22:47:50 +0300 + smem (1.5-1) unstable; urgency=medium [ Ondřej Nový ] diff -Nru smem-1.5/debian/patches/series smem-1.5/debian/patches/series --- smem-1.5/debian/patches/series 2020-01-05 05:57:10.0 +0200 +++ smem-1.5/debian/patches/series 2021-07-17 22:47:40.0 +0300 @@ -1,3 +1,4 @@ manpage.patch buildsystem.patch smem-py3k.patch +smem-xrange-fix.patch diff -Nru smem-1.5/debian/patches/smem-xrange-fix.patch smem-1.5/debian/patches/smem-xrange-fix.patch --- smem-1.5/debian/patches/smem-xrange-fix.patch 1970-01-01 02:00:00.0 +0200 +++ smem-1.5/debian/patches/smem-xrange-fix.patch 2021-07-17 22:47:10.0 +0300 @@ -0,0 +1,11 @@ +--- original/smem 2020-04-18 12:20:22.524849106 -0700 fixed/smem 2020-04-18 12:19:24.912251338 -0700 +@@ -646,7 +646,7 @@ + + pl = [] + ind = numpy.arange(len(l)) +-for n in xrange(len(rc)): ++for n in range(len(rc)): + pl.append(pylab.bar(ind + offset + width * n, + [x[1][rc[n]] for x in l], width, color=gc(n))) +
Bug#991303: unblock: scottfree/1.14-10.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package scottfree * Add patch from Bernhard Übelacker to fix crash when restoring from save-file. (Closes: #968375) diff -Nru scottfree-1.14/debian/changelog scottfree-1.14/debian/changelog --- scottfree-1.14/debian/changelog 2017-01-20 13:52:21.0 +0200 +++ scottfree-1.14/debian/changelog 2021-07-17 22:54:45.0 +0300 @@ -1,3 +1,11 @@ +scottfree (1.14-10.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add patch from Bernhard Übelacker to fix crash when restoring +from save-file. (Closes: #968375) + + -- Adrian Bunk Sat, 17 Jul 2021 22:54:45 +0300 + scottfree (1.14-10) unstable; urgency=low * Team upload. diff -Nru scottfree-1.14/debian/patches/04_968375.patch scottfree-1.14/debian/patches/04_968375.patch --- scottfree-1.14/debian/patches/04_968375.patch 1970-01-01 02:00:00.0 +0200 +++ scottfree-1.14/debian/patches/04_968375.patch 2021-07-17 22:53:59.0 +0300 @@ -0,0 +1,37 @@ +Description: Include time.h, fix two warnings in fscanf calls. + +Author: Bernhard Übelacker +Bug-Debian: https://bugs.debian.org/968375 +Forwarded: no +Last-Update: 2020-08-14 + +Index: scottfree-1.14/ScottCurses.c +=== +--- scottfree-1.14.orig/ScottCurses.c scottfree-1.14/ScottCurses.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + #include "Scott.h" + +@@ -239,7 +240,7 @@ void LoadDatabase(FILE *f, int loud) + /* Load the header */ + + if(fscanf(f,"%*d %d %d %d %d %d %d %d %d %d %d %d", +- &ni,&na,&nw,&nr,&mc,&pr,&tr,&wl,<,&mn,&trm,&ct)<10) ++ &ni,&na,&nw,&nr,&mc,&pr,&tr,&wl,<,&mn,&trm)<10) + Fatal("Invalid database(bad header)"); + GameHeader.NumItems=ni; + Items=(Item *)MemAlloc(sizeof(Item)*(ni+1)); +@@ -693,7 +694,7 @@ void LoadGame(char *name) + { + fscanf(f,"%d %d\n",&Counters[ct],&RoomSaved[ct]); + } +- fscanf(f,"%ld %d %hd %d %d %hd\n", ++ fscanf(f,"%ld %hd %hd %d %d %hd\n", + &BitFlags,&DarkFlag,&MyLoc,&CurrentCounter,&SavedRoom, + &GameHeader.LightTime); + /* Backward compatibility */ diff -Nru scottfree-1.14/debian/patches/series scottfree-1.14/debian/patches/series --- scottfree-1.14/debian/patches/series2017-01-20 13:48:06.0 +0200 +++ scottfree-1.14/debian/patches/series2021-07-17 22:54:42.0 +0300 @@ -1,3 +1,4 @@ 01_makefile.diff 02_scottcurses_includes.diff 03_clang.diff +04_968375.patch
Bug#991304: unblock: eboard/1.1.3-0.4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package eboard * Add upstream fix for segfault on engine selection, thanks to Eric Cooper and Bernhard Übelacker. (Closes: #962627) diff -Nru eboard-1.1.3/debian/changelog eboard-1.1.3/debian/changelog --- eboard-1.1.3/debian/changelog 2019-05-17 16:17:10.0 +0300 +++ eboard-1.1.3/debian/changelog 2021-07-17 21:48:28.0 +0300 @@ -1,3 +1,11 @@ +eboard (1.1.3-0.4) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix for segfault on engine selection, +thanks to Eric Cooper and Bernhard Übelacker. (Closes: #962627) + + -- Adrian Bunk Sat, 17 Jul 2021 21:48:28 +0300 + eboard (1.1.3-0.3) unstable; urgency=medium [ Gianfranco Costamagna ] diff -Nru eboard-1.1.3/debian/patches/0001-https-bugs.launchpad.net-ubuntu-source-eboard-bug-13.patch eboard-1.1.3/debian/patches/0001-https-bugs.launchpad.net-ubuntu-source-eboard-bug-13.patch --- eboard-1.1.3/debian/patches/0001-https-bugs.launchpad.net-ubuntu-source-eboard-bug-13.patch 1970-01-01 02:00:00.0 +0200 +++ eboard-1.1.3/debian/patches/0001-https-bugs.launchpad.net-ubuntu-source-eboard-bug-13.patch 2021-07-17 21:48:09.0 +0300 @@ -0,0 +1,21 @@ +From ed33049aff2cefd7508bcda8ab738b8ec871c948 Mon Sep 17 00:00:00 2001 +From: Christian Palazzo +Date: Thu, 30 Apr 2020 00:43:21 +0200 +Subject: https://bugs.launchpad.net/ubuntu/+source/eboard/+bug/1306419 + +diff --git a/proto_xboard.cc b/proto_xboard.cc +index ba48aa1..edabe1b 100644 +--- a/proto_xboard.cc b/proto_xboard.cc +@@ -1083,7 +1083,7 @@ void CraftyProtocol::readDialog() { + snprintf(EngineCommandLine,512,"crafty bookpath=%s logpath=%s tbpath=%s", + BookPath,LogPath,LogPath); + if (!global.env.Home.empty()) +-snprintf(EngineRunDir,512,"%s/.eboard/craftylog",global.env.Home.c_str()); ++snprintf(EngineRunDir,256,"%s/.eboard/craftylog",global.env.Home.c_str()); + else + strcpy(EngineRunDir,"/tmp"); + +-- +2.20.1 + diff -Nru eboard-1.1.3/debian/patches/series eboard-1.1.3/debian/patches/series --- eboard-1.1.3/debian/patches/series 2019-05-17 16:16:10.0 +0300 +++ eboard-1.1.3/debian/patches/series 2021-07-17 21:48:28.0 +0300 @@ -2,3 +2,4 @@ hungarian-translation.patch 90_respect_deb_build_options.patch ld-as-needed.patch +0001-https-bugs.launchpad.net-ubuntu-source-eboard-bug-13.patch
Bug#991305: unblock: lshw/02.18.85-0.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package lshw * Backport upstream fix for floating point exception on invalid FAT, thanks to Dave Gomboc and Bernhard Übelacker. (Closes: #946940) diff -Nru lshw-02.18.85/debian/changelog lshw-02.18.85/debian/changelog --- lshw-02.18.85/debian/changelog 2021-01-04 00:41:23.0 +0200 +++ lshw-02.18.85/debian/changelog 2021-07-17 20:19:28.0 +0300 @@ -1,3 +1,11 @@ +lshw (02.18.85-0.7) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for floating point exception on invalid FAT, +thanks to Dave Gomboc and Bernhard Übelacker. (Closes: #946940) + + -- Adrian Bunk Sat, 17 Jul 2021 20:19:28 +0300 + lshw (02.18.85-0.6) unstable; urgency=medium * Non-maintainer upload. diff -Nru lshw-02.18.85/debian/patches/0001-fix-755-handle-invalid-FAT.patch lshw-02.18.85/debian/patches/0001-fix-755-handle-invalid-FAT.patch --- lshw-02.18.85/debian/patches/0001-fix-755-handle-invalid-FAT.patch 1970-01-01 02:00:00.0 +0200 +++ lshw-02.18.85/debian/patches/0001-fix-755-handle-invalid-FAT.patch 2021-07-17 20:19:05.0 +0300 @@ -0,0 +1,41 @@ +From 89b3b6b9ed03f22ca98954712db5a90acf2c6755 Mon Sep 17 00:00:00 2001 +From: Lyonel Vincent +Date: Sat, 28 Dec 2019 00:02:44 +0100 +Subject: fix #755: handle invalid FAT + +check that sectors_per_cluster!=0 +--- + src/core/fat.cc | 10 +- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/core/fat.cc b/src/core/fat.cc +index e68aea6..41b0001 100644 +--- a/src/core/fat.cc b/src/core/fat.cc +@@ -186,11 +186,6 @@ bool scan_fat(hwNode & n, source & id) + if (vs.heads == 0) + return false; + +- /* cluster size check */ +- if (vs.sectors_per_cluster == 0 || +- (vs.sectors_per_cluster & (vs.sectors_per_cluster-1))) +- return false; +- + /* media check */ + if (vs.media < 0xf8 && vs.media != 0xf0) + return false; +@@ -200,6 +195,11 @@ bool scan_fat(hwNode & n, source & id) + return false; + + valid: ++ /* cluster size check */ ++ if (vs.sectors_per_cluster == 0 || ++ (vs.sectors_per_cluster & (vs.sectors_per_cluster-1))) ++ return false; ++ + /* sector size check */ + sector_size_bytes = le_short(&vs.sector_size_bytes); + if (sector_size_bytes != 0x200 && sector_size_bytes != 0x400 && +-- +2.20.1 + diff -Nru lshw-02.18.85/debian/patches/series lshw-02.18.85/debian/patches/series --- lshw-02.18.85/debian/patches/series 2020-04-26 14:43:52.0 +0300 +++ lshw-02.18.85/debian/patches/series 2021-07-17 20:19:28.0 +0300 @@ -10,3 +10,4 @@ add-missing-ethlink-standards.patch cross.patch #revert-Fix_JSON_output_format.patch +0001-fix-755-handle-invalid-FAT.patch
Bug#991310: unblock: libnet-freedb-perl/0.10-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libnet-freedb-perl * Add a patch to change the default host from the defunct freedb.freedb.org to gnudb.gnudb.org. (change by gregor herrmann) autopkgtest for libnet-freedb-perl/0.10-2: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass diff -Nru libnet-freedb-perl-0.10/debian/changelog libnet-freedb-perl-0.10/debian/changelog --- libnet-freedb-perl-0.10/debian/changelog2015-12-01 23:24:47.0 +0200 +++ libnet-freedb-perl-0.10/debian/changelog2021-07-16 21:53:11.0 +0300 @@ -1,3 +1,11 @@ +libnet-freedb-perl (0.10-2) unstable; urgency=medium + + * Add a patch to change the default host from the defunct +freedb.freedb.org to gnudb.gnudb.org. +Thanks to Adrian Bunk for the bug report. (Closes: #991089) + + -- gregor herrmann Fri, 16 Jul 2021 20:53:11 +0200 + libnet-freedb-perl (0.10-1) unstable; urgency=medium * Team upload diff -Nru libnet-freedb-perl-0.10/debian/patches/replace_freedb_with_gnudb.patch libnet-freedb-perl-0.10/debian/patches/replace_freedb_with_gnudb.patch --- libnet-freedb-perl-0.10/debian/patches/replace_freedb_with_gnudb.patch 1970-01-01 02:00:00.0 +0200 +++ libnet-freedb-perl-0.10/debian/patches/replace_freedb_with_gnudb.patch 2021-07-16 21:53:11.0 +0300 @@ -0,0 +1,52 @@ +Description: replace default host freedb.freedb.org with gnudb.gnudb.org. + Also remove reference to inaccessible documentation, and fix the non-online + test which checks for the default host. +Origin: vendor +Bug-Debian: https://bugs.debian.org/991089 +Author: gregor herrmann +Last-Update: 2021-07-16 +Forwarded: https://rt.cpan.org/Ticket/Display.html?id=137752 +Bug: https://rt.cpan.org/Ticket/Display.html?id=137752 + +--- a/FreeDB.pm b/FreeDB.pm +@@ -7,7 +7,7 @@ + use File::Temp; + + has hostname => (is => 'ro', default => $ENV{HOSTNAME} // 'unknown'); +-has remote_host=> (is => 'rw', default => 'freedb.freedb.org'); ++has remote_host=> (is => 'rw', default => 'gnudb.gnudb.org'); + has remote_port=> (is => 'rw', default => 8880); + has user => (is => 'rw', default => $ENV{USER} // 'unknown'); + has timeout=> (is => 'rw', default => 120); +@@ -449,7 +449,7 @@ + + + new() creates and returns a new Net::FreeDB object that is connected +-to either the given host or freedb.freedb.org as default. ++to either the given host or gnudb.gnudb.org as default. + + =item lscat + +@@ -723,10 +723,6 @@ + giving the correct drive number will return in an + accurate return. + +-=head1 Resources +-The current version of the CDDB Server Protocol can be +-found at: http://ftp.freedb.org/pub/freedb/latest/CDDBPROTO +- + =head1 AUTHOR + David Shultz Edshu...@cpan.orge + Peter Pentchev Er...@ringlet.nete +--- a/t/00-basic.t b/t/00-basic.t +@@ -10,7 +10,7 @@ + ok($freedb->hostname eq 'unknown', 'Error setting hostname'); + } + +-ok($freedb->remote_host eq 'freedb.freedb.org', 'Error setting default host'); ++ok($freedb->remote_host eq 'gnudb.gnudb.org', 'Error setting default host'); + + ok($freedb->remote_port == 8880, 'Error setting default port'); + diff -Nru libnet-freedb-perl-0.10/debian/patches/series libnet-freedb-perl-0.10/debian/patches/series --- libnet-freedb-perl-0.10/debian/patches/series 1970-01-01 02:00:00.0 +0200 +++ libnet-freedb-perl-0.10/debian/patches/series 2021-07-16 21:53:11.0 +0300 @@ -0,0 +1 @@ +replace_freedb_with_gnudb.patch
Bug#991313: unblock: qutebrowser/2.0.2-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package qutebrowser * Apply patch to update documentation with regards to the #qutebrowser IRC channel having moved from Freenode to Libera.Chat. (change by Axel Beckert) Documentation-only change.
Bug#991314: unblock: progress-linux/20210101-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package progress-linux * Adding initial Brazilian Portuguese debconf translations from Jorge Neto and Adriano Rafael Gomes (Closes: #986501). * Adding initial Spanish debconf translations from Camaleón (Closes: #987667). (changes by Daniel Baumann) Translation-only change. diff -Nru progress-linux-20210101/debian/changelog progress-linux-20210101/debian/changelog --- progress-linux-20210101/debian/changelog2021-02-09 16:53:47.0 +0200 +++ progress-linux-20210101/debian/changelog2021-07-18 10:14:43.0 +0300 @@ -1,3 +1,14 @@ +progress-linux (20210101-2) sid; urgency=medium + + * Uploading to sid. + * Adding initial Brazilian Portuguese debconf translations from Jorge +Neto and Adriano Rafael Gomes + (Closes: #986501). + * Adding initial Spanish debconf translations from Camaleón + (Closes: #987667). + + -- Daniel Baumann Sun, 18 Jul 2021 09:14:43 +0200 + progress-linux (20210101-1) sid; urgency=medium * Uploading to sid. diff -Nru progress-linux-20210101/debian/po/es.po progress-linux-20210101/debian/po/es.po --- progress-linux-20210101/debian/po/es.po 1970-01-01 02:00:00.0 +0200 +++ progress-linux-20210101/debian/po/es.po 2021-07-18 10:14:02.0 +0300 @@ -0,0 +1,67 @@ +# Spanish debconf translation of progress-linux +# Copyright (C) 2021 Camaleón +# This file is distributed under the same license as the progress-linux package. +msgid "" +msgstr "" +"Project-Id-Version: progress-linux\n" +"Report-Msgid-Bugs-To: progress-li...@packages.debian.org\n" +"POT-Creation-Date: 2019-11-18 17:31+0100\n" +"PO-Revision-Date: 2021-04-16 17:45+0200\n" +"Last-Translator: Camaleón \n" +"Language-Team: Debian Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: title +#. Description +#: ../progress-linux.templates:1001 +msgid "Progress Linux: Setup" +msgstr "Progress Linux: Configuración" + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:2001 +msgid "setup apt archives:" +msgstr "configurar archivos apt:" + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:2001 +msgid "Please select the apt archives to setup." +msgstr "Por favor, indique los archivos apt que desea configurar." + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:3001 +msgid "setup apt archive areas:" +msgstr "configurar áreas del archivo apt:" + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:3001 +msgid "Please select the apt archive areas to setup." +msgstr "Por favor, indique las áreas del archivo apt que desea configurar." + +#. Type: string +#. Description +#: ../progress-linux.templates:4001 +msgid "enter apt mirror:" +msgstr "introduzca la réplica de apt:" + +#. Type: string +#. Description +#: ../progress-linux.templates:4001 +msgid "Please specify the mirror to download packages from." +msgstr "Por favor, indique la réplica desde donde descargar los paquetes." + +#. Type: string +#. Description +#: ../progress-linux.templates:4001 +msgid "" +"If unsure, leave empty which will use the default mirror (https://deb."; +"progress-linux.org/packages)." +msgstr "" +"Si no está seguro, puede dejarlo en blanco y se utilizará la réplica " +"predeterminada («https://deb.progress-linux.org/packages»)." diff -Nru progress-linux-20210101/debian/po/pt_BR.po progress-linux-20210101/debian/po/pt_BR.po --- progress-linux-20210101/debian/po/pt_BR.po 1970-01-01 02:00:00.0 +0200 +++ progress-linux-20210101/debian/po/pt_BR.po 2021-07-18 10:13:09.0 +0300 @@ -0,0 +1,74 @@ +# Brazilian Portuguese debconf translation of progress-linux +# Copyright (C) 2019 Jorge Neto +# Copyright (C) 2019 Adriano Rafael Gomes +# This file is distributed under the same license as the progress-linux package. +msgid "" +msgstr "" +"Project-Id-Version: progress-linux\n" +"Report-Msgid-Bugs-To: progress-li...@packages.debian.org\n" +"POT-Creation-Date: 2019-11-18 17:31+0100\n" +"PO-Revision-Date: 2019-12-20 14:36-0300\n" +"Last-Translator: Jorge Neto \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: title +#. Description +#: ../progress-linux.templates:1001 +msgid "Progress Linux: Setup" +msgstr "Progress Linux: Configuração" + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:2001 +msgid "setup apt archives:" +msgstr "configurar repositórios do apt:" + +#. Type: multiselect +#. Description +#: ../progress-linux.templates:2001 +msgid "Please select the apt archives to setup." +msgstr "Por favor, selecione os repositórios do apt para configurar." + +#. Type: multiselect +#. Descriptio
Bug#991313: unblock: qutebrowser/2.0.2-2
On Tue, Jul 20, 2021 at 04:23:24PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package qutebrowser > > * Apply patch to update documentation with regards to the #qutebrowser > IRC channel having moved from Freenode to Libera.Chat. > (change by Axel Beckert) > > Documentation-only change. And with attachment. cu Adrian diff -Nru qutebrowser-2.0.2/debian/changelog qutebrowser-2.0.2/debian/changelog --- qutebrowser-2.0.2/debian/changelog 2021-02-05 05:27:06.0 +0200 +++ qutebrowser-2.0.2/debian/changelog 2021-07-14 03:38:48.0 +0300 @@ -1,3 +1,10 @@ +qutebrowser (2.0.2-2) unstable; urgency=medium + + * Apply patch to update documentation with regards to the #qutebrowser +IRC channel having moved from Freenode to Libera.Chat. + + -- Axel Beckert Wed, 14 Jul 2021 02:38:48 +0200 + qutebrowser (2.0.2-1) unstable; urgency=medium * New upstream bugfix release. diff -Nru qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch --- qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch 1970-01-01 02:00:00.0 +0200 +++ qutebrowser-2.0.2/debian/patches/0001-Update-IRC-links-to-Libera-Chat.patch 2021-07-14 03:38:48.0 +0300 @@ -0,0 +1,74 @@ +Author: Axel Beckert +Description: Update IRC links to Libera Chat + Based on a patch by Florian Bruhin +Forwarded: not-needed + +--- a/doc/qutebrowser.1.asciidoc b/doc/qutebrowser.1.asciidoc +@@ -152,8 +152,8 @@ + https://lists.schokokeks.org/mailman/listinfo.cgi/qutebrowser + * Announce-only mailinglist: mailto:qutebrowser-annou...@lists.qutebrowser.org[] / + https://lists.schokokeks.org/mailman/listinfo.cgi/qutebrowser-announce +-* IRC: irc://irc.freenode.org/#qutebrowser[`#qutebrowser`] on +-https://freenode.net/[Freenode] ++* IRC: irc://irc.libera.chat/#qutebrowser[`#qutebrowser`] on ++https://libera.chat/[Libera Chat] + * Github: https://github.com/qutebrowser/qutebrowser + + == AUTHOR +--- a/misc/cheatsheet.svg b/misc/cheatsheet.svg +@@ -2570,7 +2570,7 @@ + id="flowPara5604" + style="font-size:13.8667px;line-height:1.25;font-family:sans-serif;stroke-width:1.06667">Website: https://www.qutebrowser.org/ IRC: #qutebrowser on FreenodeIRC: #qutebrowser on Libera ChatMailinglist: qutebrow...@lists.qutebrowser.org + + + +-Join the IRC channel #qutebrowser on +-https://freenode.net/";>Freenode +-(https://webchat.freenode.net/?channels=#qutebrowser";>webchat). ++Join the IRC channel #qutebrowser on ++https://libera.chat/";>Libera Chat ++(https://web.libera.chat/#qutebrowser";>webchat). + + + +--- a/qutebrowser/html/doc/index.html b/qutebrowser/html/doc/index.html +@@ -866,9 +866,9 @@ + Getting help + + You can get help in the IRC channel +-#qutebrowser on +-http://freenode.net/";>Freenode +-(https://webchat.freenode.net/?channels=#qutebrowser";>webchat), or by writing a ++#qutebrowser on ++https://libera.chat/";>Libera Chat ++(https://web.libera.chat/#qutebrowser";>webchat), or by writing a + message to the + https://lists.schokokeks.org/mailman/listinfo.cgi/qutebrowser";>mailinglist at + mailto:qutebrow...@lists.qutebrowser.org";>qutebrow...@lists.qutebrowser.org. +--- a/qutebrowser/html/doc/quickstart.html b/qutebrowser/html/doc/quickstart.html +@@ -939,9 +939,9 @@ + + + +-Chat via the IRC channel: #qutebrowser on +-https://freenode.net/";>Freenode +-(https://webchat.freenode.net/?channels=#qutebrowser";>webchat) ++Chat via the IRC channel: #qutebrowser on ++https://libera.chat/";>Libera Chat ++(https://web.libera.chat/#qutebrowser";>webchat) + + + diff -Nru qutebrowser-2.0.2/debian/patches/series qutebrowser-2.0.2/debian/patches/series --- qutebrowser-2.0.2/debian/patches/series 2021-02-05 01:50:57.0 +0200 +++ qutebrowser-2.0.2/debian/patches/series 2021-07-14 03:36:35.0 +0300 @@ -1 +1,2 @@ replace-external-merch-images-with-links.patch +0001-Update-IRC-links-to-Libera-Chat.patch
Bug#991317: unblock: klaus/1.5.2-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package klaus * Fix 500 when authentication is required. Closes: #987951 (and trivial packaging changes documented in d/changelog) (changes by Jelmer Vernooij) One-line fix for basic/digest authentication. (1.5.2-3 is missing in d/changelog, the changes it originally documented were already in 1.5.2-1) diff -Nru klaus-1.5.2/debian/changelog klaus-1.5.2/debian/changelog --- klaus-1.5.2/debian/changelog2020-07-20 01:15:41.0 +0300 +++ klaus-1.5.2/debian/changelog2021-07-11 22:32:42.0 +0300 @@ -1,3 +1,19 @@ +klaus (1.5.2-4) unstable; urgency=medium + + * Source-only upload. + + -- Jelmer Vernooij Sun, 11 Jul 2021 20:32:42 +0100 + +klaus (1.5.2-2) unstable; urgency=low + + * Set Rules-Requires-Root: no. + * Fix field name typo in debian/upstream/metadata (Repository-Browser => +Repository-Browse). + * Update watch file format version to 4. + * Fix 500 when authentication is required. Closes: #987951 + + -- Jelmer Vernooij Wed, 05 May 2021 16:38:43 +0100 + klaus (1.5.2-1) unstable; urgency=medium * New upstream release. diff -Nru klaus-1.5.2/debian/control klaus-1.5.2/debian/control --- klaus-1.5.2/debian/control 2020-07-20 01:15:41.0 +0300 +++ klaus-1.5.2/debian/control 2021-07-11 22:32:42.0 +0300 @@ -8,6 +8,7 @@ Vcs-Git: https://salsa.debian.org/jelmer/klaus.git Vcs-Browser: https://salsa.debian.org/jelmer/klaus Build-Depends: debhelper-compat (= 12) +Rules-Requires-Root: no Package: klaus Architecture: all diff -Nru klaus-1.5.2/debian/patches/01_httpauth klaus-1.5.2/debian/patches/01_httpauth --- klaus-1.5.2/debian/patches/01_httpauth 2020-07-20 01:15:41.0 +0300 +++ klaus-1.5.2/debian/patches/01_httpauth 2021-07-11 22:32:42.0 +0300 @@ -3,7 +3,7 @@ index 000..82860d0 --- /dev/null +++ b/klaus/httpauth.py -@@ -0,0 +1,197 @@ +@@ -0,0 +1,198 @@ +""" +Copyright (c) 2012 Jonas Haag . License: ISC + @@ -138,7 +138,8 @@ +'401 Authentication Required', +[('WWW-Authenticate', make_www_authenticate_header(self.realm))], +) -+return ['401 - Authentication Required'] ++html = '401 - Authentication Required' ++return [html if PY2 else html.encode()] + + +class DigestFileHttpAuthMiddleware(BaseHttpAuthMiddleware): diff -Nru klaus-1.5.2/debian/upstream/metadata klaus-1.5.2/debian/upstream/metadata --- klaus-1.5.2/debian/upstream/metadata2020-07-20 01:15:41.0 +0300 +++ klaus-1.5.2/debian/upstream/metadata2021-07-11 22:32:42.0 +0300 @@ -2,4 +2,3 @@ Bug-Submit: https://github.com/jonashaag/klaus/issues/new Repository: https://github.com/jonashaag/klaus.git Repository-Browse: https://github.com/jonashaag/klaus -Repository-Browser: https://github.com/jonashaag/klaus diff -Nru klaus-1.5.2/debian/watch klaus-1.5.2/debian/watch --- klaus-1.5.2/debian/watch2020-07-20 01:15:41.0 +0300 +++ klaus-1.5.2/debian/watch2021-07-11 22:32:42.0 +0300 @@ -1,2 +1,2 @@ -version=3 -https://pypi.debian.net/klaus/klaus-(.*).tar.gz +version=4 +https://pypi.debian.net/klaus klaus-(.*).tar.gz
Bug#991366: nmu: varnish-modules_0.16.0-2.1
On Wed, Jul 21, 2021 at 05:48:52PM +0200, Stig Sandbeck Mathisen wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > > Hello, > > Please do a BinNMU of "varnish-modules" to ensure that the "varnish" security > fix can migrate to testing. > > Background: After upgrading "varnish" from 6.5.1 to 6.5.2, the module > "bodyaccess" in this package fails to load, which was discovered with > autopkgtest. The "bodyaccess" module has a stricter dependency on the Varnish > version than the dependency declared in the "varnish-modules" package. > > Getting the correct dependency into "varnish-modules" is tracked in > https://bugs.debian.org/991348, I am not a member of the release team, but shouldn't #991348 be a release critical bug in any case? An security update of varnish after bullseye became stable could cause to same problem, breaking production systems of our users. > but a rebuild of "varnish-modules" against the > new varnish package may be a faster fix due to the freeze. >... Doing first an NMU and then the proper fix of varnish-modules for bullseye is not faster than doing the proper fix for varnish-modules right away. cu Adrian
Bug#991477: unblock: prosody/0.11.9-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package prosody * fix for https://prosody.im/security/advisory_20210722/ (change by Victor Seva) Maintainer and security team are in Cc. diff -Nru prosody-0.11.9/debian/changelog prosody-0.11.9/debian/changelog --- prosody-0.11.9/debian/changelog 2021-05-14 10:17:12.0 +0300 +++ prosody-0.11.9/debian/changelog 2021-07-23 15:15:58.0 +0300 @@ -1,3 +1,9 @@ +prosody (0.11.9-2) unstable; urgency=high + + * fix for https://prosody.im/security/advisory_20210722/ + + -- Victor Seva Fri, 23 Jul 2021 14:15:58 +0200 + prosody (0.11.9-1) unstable; urgency=high * New upstream version 0.11.9 addressing several security issues diff -Nru prosody-0.11.9/debian/patches/0006-muc-fix-for-CWE-284.patch prosody-0.11.9/debian/patches/0006-muc-fix-for-CWE-284.patch --- prosody-0.11.9/debian/patches/0006-muc-fix-for-CWE-284.patch 1970-01-01 02:00:00.0 +0200 +++ prosody-0.11.9/debian/patches/0006-muc-fix-for-CWE-284.patch 2021-07-23 15:15:58.0 +0300 @@ -0,0 +1,22 @@ +From: Victor Seva +Date: Fri, 23 Jul 2021 14:14:08 +0200 +Subject: muc: fix for CWE-284 + +https://prosody.im/security/advisory_20210722/ +--- + plugins/muc/muc.lib.lua | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua +index 037baa3..f037c4f 100644 +--- a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua +@@ -976,7 +976,7 @@ function room_mt:handle_admin_query_get_command(origin, stanza) + -- e.g. an admin can't ask for a list of owners + local affiliation_rank = valid_affiliations[affiliation or "none"]; + if (affiliation_rank >= valid_affiliations.admin and affiliation_rank >= _aff_rank) +- or (self:get_whois() == "anyone") then ++ or (self:get_members_only() and self:get_whois() == "anyone" and affiliation_rank >= valid_affiliations.member) then + local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin";); + for jid in self:each_affiliation(_aff or "none") do + local nick = self:get_registered_nick(jid); diff -Nru prosody-0.11.9/debian/patches/series prosody-0.11.9/debian/patches/series --- prosody-0.11.9/debian/patches/series2021-05-14 10:17:12.0 +0300 +++ prosody-0.11.9/debian/patches/series2021-07-23 15:15:58.0 +0300 @@ -3,3 +3,4 @@ 0003-buildflags.patch 0004-fix-package.path-of-ejabberd2prosody.patch 0005-use-lua52.patch +0006-muc-fix-for-CWE-284.patch
Bug#991595: unblock: clsync/0.4.5-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package clsync * Remove dependency on libcgroup-dev which is no longer functional * Bump policy (undocumented Multi-Arch: same changes that look correct) (changes by Dmitrii Okunev and Barak A. Pearlmutter) Package is in unstable since March without known regressions, after the (understandable) closing of #990990 this change should go into bullseye. unblock clsync/0.4.5-2 diff -Nru clsync-0.4.5/debian/changelog clsync-0.4.5/debian/changelog --- clsync-0.4.5/debian/changelog 2020-11-09 18:35:16.0 +0200 +++ clsync-0.4.5/debian/changelog 2021-03-18 12:26:01.0 +0200 @@ -1,3 +1,15 @@ +clsync (0.4.5-2) unstable; urgency=medium + + [ Dmitrii Okunev ] + * Remove dependency on libcgroup-dev which is no longer functional +- a stub using libcgroup2 might be usable, once it spins up +- See bugs.debian.org/959022 for details + + [ Barak A. Pearlmutter ] + * Bump policy + + -- Barak A. Pearlmutter Thu, 18 Mar 2021 10:26:01 + + clsync (0.4.5-1) unstable; urgency=medium [ Andrew Savchenko] diff -Nru clsync-0.4.5/debian/control clsync-0.4.5/debian/control --- clsync-0.4.5/debian/control 2020-11-09 18:13:29.0 +0200 +++ clsync-0.4.5/debian/control 2021-03-18 12:24:57.0 +0200 @@ -5,8 +5,8 @@ Uploaders: Barak A. Pearlmutter , Dmitry Yu Okunev Build-Depends: debhelper-compat (= 13), libglib2.0-dev (>= 2.0.0), - libcgroup-dev, libcap-dev -Standards-Version: 4.5.0 + libcap-dev +Standards-Version: 4.5.1 Rules-Requires-Root: no Homepage: http://ut.mephi.ru/oss Vcs-Git: https://salsa.debian.org/debian/clsync.git @@ -27,6 +27,7 @@ Package: libclsync0 Section: libs Architecture: any +Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: clsync control socket library @@ -41,6 +42,7 @@ Package: libclsync-dev Section: libdevel Architecture: any +Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, libclsync0 (= ${binary:Version}) Description: development files for libclsync
Bug#991598: unblock: antlr4-cpp-runtime/4.9+dfsg-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package antlr4-cpp-runtime * Make ANTLRInputStream.h usable with C++17. (Closes: #991482) This fixed building mysql-workbench (not in bullseye), and would equally affect users building their own C++17 code. unblock antlr4-cpp-runtime/4.9+dfsg-1.1
Bug#991598: unblock: antlr4-cpp-runtime/4.9+dfsg-1.1
On Wed, Jul 28, 2021 at 12:22:23PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package antlr4-cpp-runtime > > * Make ANTLRInputStream.h usable with C++17. (Closes: #991482) > > This fixed building mysql-workbench (not in bullseye), > and would equally affect users building their own C++17 code. > > unblock antlr4-cpp-runtime/4.9+dfsg-1.1 debdiff is now attached. cu Adrian diff -Nru antlr4-cpp-runtime-4.9+dfsg/debian/changelog antlr4-cpp-runtime-4.9+dfsg/debian/changelog --- antlr4-cpp-runtime-4.9+dfsg/debian/changelog2020-12-01 10:41:23.0 +0200 +++ antlr4-cpp-runtime-4.9+dfsg/debian/changelog2021-07-25 19:02:59.0 +0300 @@ -1,3 +1,10 @@ +antlr4-cpp-runtime (4.9+dfsg-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Make ANTLRInputStream.h usable with C++17. (Closes: #991482) + + -- Adrian Bunk Sun, 25 Jul 2021 19:02:59 +0300 + antlr4-cpp-runtime (4.9+dfsg-1) unstable; urgency=medium [ Debian Janitor ] diff -Nru antlr4-cpp-runtime-4.9+dfsg/debian/patches/cxx17.patch antlr4-cpp-runtime-4.9+dfsg/debian/patches/cxx17.patch --- antlr4-cpp-runtime-4.9+dfsg/debian/patches/cxx17.patch 1970-01-01 02:00:00.0 +0200 +++ antlr4-cpp-runtime-4.9+dfsg/debian/patches/cxx17.patch 2021-07-25 19:02:59.0 +0300 @@ -0,0 +1,34 @@ +Description: Revert change that broke using libantlr4-runtime4.9 with C++17 + Upstream commit 254b144b creeated a different ABI for C++17, + but it is not even possible to build antlr4-cpp-runtime for this ABI. + . + The proper fix would be upgrading to 4.9.2 where two commits + in March 2021 fixed this issue: + https://github.com/antlr/antlr4/commits/master/runtime/Cpp/runtime/src/ANTLRInputStream.h + . + The upstream fix changes ABI, do the simple fix instead that does + not offer a different ABI the library cannot even be built for. +Author: Adrian Bunk + +--- antlr4-cpp-runtime-4.9+dfsg.orig/runtime/src/ANTLRInputStream.h antlr4-cpp-runtime-4.9+dfsg/runtime/src/ANTLRInputStream.h +@@ -25,19 +25,11 @@ namespace antlr4 { + /// What is name or source of this char stream? + std::string name; + +-#if __cplusplus >= 201703L +-ANTLRInputStream(std::string_view input = ""); +-#else + ANTLRInputStream(const std::string &input = ""); +-#endif + ANTLRInputStream(const char data_[], size_t numberOfActualCharsInArray); + ANTLRInputStream(std::istream &stream); + +-#if __cplusplus >= 201703L +-virtual void load(std::string_view input); +-#else + virtual void load(const std::string &input); +-#endif + virtual void load(std::istream &stream); + + /// Reset the stream so that it's in the same state it was diff -Nru antlr4-cpp-runtime-4.9+dfsg/debian/patches/series antlr4-cpp-runtime-4.9+dfsg/debian/patches/series --- antlr4-cpp-runtime-4.9+dfsg/debian/patches/series 2020-11-30 15:45:31.0 +0200 +++ antlr4-cpp-runtime-4.9+dfsg/debian/patches/series 2021-07-25 19:02:54.0 +0300 @@ -1 +1,2 @@ system-utfcpp.patch +cxx17.patch
Bug#991599: unblock: sane-backends/1.0.31-4.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package sane-backends * Backport fixes from 1.0.32: - plustek-usbhw: Work around discovery problem for CanoScan N650U with 1ms sleep, thanks to Kai von Krbek. (Closes: #982243) - hp4200: Fix crashes caused by incorrectly sized memset, thanks to Hauke Mehrtens. (Closes: #988343) unblock sane-backends/1.0.31-4.1 diff -Nru sane-backends-1.0.31/debian/changelog sane-backends-1.0.31/debian/changelog --- sane-backends-1.0.31/debian/changelog 2020-12-04 18:08:57.0 +0200 +++ sane-backends-1.0.31/debian/changelog 2021-07-25 20:15:13.0 +0300 @@ -1,3 +1,14 @@ +sane-backends (1.0.31-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport fixes from 1.0.32: +- plustek-usbhw: Work around discovery problem for CanoScan N650U + with 1ms sleep, thanks to Kai von Krbek. (Closes: #982243) +- hp4200: Fix crashes caused by incorrectly sized memset, + thanks to Hauke Mehrtens. (Closes: #988343) + + -- Adrian Bunk Sun, 25 Jul 2021 20:15:13 +0300 + sane-backends (1.0.31-4) unstable; urgency=medium * debian/rules: diff -Nru sane-backends-1.0.31/debian/patches/0001-hp4200-memset-incorrectly-sized.-registro-0-is-point.patch sane-backends-1.0.31/debian/patches/0001-hp4200-memset-incorrectly-sized.-registro-0-is-point.patch --- sane-backends-1.0.31/debian/patches/0001-hp4200-memset-incorrectly-sized.-registro-0-is-point.patch 1970-01-01 02:00:00.0 +0200 +++ sane-backends-1.0.31/debian/patches/0001-hp4200-memset-incorrectly-sized.-registro-0-is-point.patch 2021-07-25 20:14:16.0 +0300 @@ -0,0 +1,25 @@ +From acc5ca499f67ed1c8c42242fcf87358e7968e71d Mon Sep 17 00:00:00 2001 +From: Ralph Little +Date: Sat, 13 Mar 2021 17:05:13 -0800 +Subject: hp4200: memset incorrectly sized. registro[0] is pointer not int. + +--- + backend/hp4200.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/backend/hp4200.c b/backend/hp4200.c +index c080fcbcc..3d8e6a88b 100644 +--- a/backend/hp4200.c b/backend/hp4200.c +@@ -1497,7 +1497,7 @@ do_fine_calibration (HP4200_Scanner * s, struct coarse_t *coarse) + int i; + for (i = 0; i < 12; i++) + { +-memset (registro[i], 0, 5460 * 3 * sizeof(registro[0])); ++memset (registro[i], 0, 5460 * 3 * sizeof(int)); + } + } + +-- +2.20.1 + diff -Nru sane-backends-1.0.31/debian/patches/0001-plustek-usbhw.c-Add-1ms-sleep-before-writing-to-regi.patch sane-backends-1.0.31/debian/patches/0001-plustek-usbhw.c-Add-1ms-sleep-before-writing-to-regi.patch --- sane-backends-1.0.31/debian/patches/0001-plustek-usbhw.c-Add-1ms-sleep-before-writing-to-regi.patch 1970-01-01 02:00:00.0 +0200 +++ sane-backends-1.0.31/debian/patches/0001-plustek-usbhw.c-Add-1ms-sleep-before-writing-to-regi.patch 2021-07-25 20:15:03.0 +0300 @@ -0,0 +1,32 @@ +From 6af85ec669f7a201360f3dcc48f6b47a06812914 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Fri, 9 Oct 2020 08:55:41 +0200 +Subject: plustek-usbhw.c: Add 1ms sleep before writing to register 0x59 + +Works around discovery problem for CanoScan N650U, fixes #137. +--- + backend/plustek-usbhw.c | 8 + 1 file changed, 8 insertions(+) + +diff --git a/backend/plustek-usbhw.c b/backend/plustek-usbhw.c +index 05d3cc75c..28cbd52a4 100644 +--- a/backend/plustek-usbhw.c b/backend/plustek-usbhw.c +@@ -1451,6 +1451,14 @@ usb_ResetRegisters( Plustek_Device *dev ) +* CanoScan devices to work properly after power-up +*/ + sanei_lm983x_write_byte( dev->fd, 0x5b, regs[0x5b] ); ++ ++ /* At least CanoScan N650U can have a problem with writing ++ * to register 0x59 due XHCI USB controller is too ++ * fast for him. Simulate EHCI USB controller's ++ * behavior here - wait 1ms. ++ */ ++ usleep(1000); ++ + sanei_lm983x_write_byte( dev->fd, 0x59, regs[0x59] ); + sanei_lm983x_write_byte( dev->fd, 0x5a, regs[0x5a] ); + } else { +-- +2.20.1 + diff -Nru sane-backends-1.0.31/debian/patches/series sane-backends-1.0.31/debian/patches/series --- sane-backends-1.0.31/debian/patches/series 2020-10-08 11:13:18.0 +0300 +++ sane-backends-1.0.31/debian/patches/series 2021-07-25 20:15:13.0 +0300 @@ -15,3 +15,5 @@ 0060-cross.patch 0165-respect_local_only_parameter.patch 0170-return_empty_list_when_local_devices_requested.patch +0001-plustek-usbhw.c-Add-1ms-sleep-before-writing-to-regi.patch +0001-hp4200-memset-incorrectly-sized.-registro-0-is-point.patch
Bug#991600: unblock: bind9-libs/1:9.11.19+dfsg-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package bind9-libs * Add patch from Jorge Niedbalski to stop redundant DHCP servers from crashing. (Closes: #968298) isc-dhcp is only user of the bind9-libs libraries. This patch is in Ubuntu LTS since August 2020. unblock bind9-libs/1:9.11.19+dfsg-2.1 diff -Nru bind9-libs-9.11.19+dfsg/debian/changelog bind9-libs-9.11.19+dfsg/debian/changelog --- bind9-libs-9.11.19+dfsg/debian/changelog2021-02-16 10:35:53.0 +0200 +++ bind9-libs-9.11.19+dfsg/debian/changelog2021-07-25 23:22:48.0 +0300 @@ -1,3 +1,11 @@ +bind9-libs (1:9.11.19+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add patch from Jorge Niedbalski to stop redundant DHCP servers +from crashing. (Closes: #968298) + + -- Adrian Bunk Sun, 25 Jul 2021 23:22:48 +0300 + bind9-libs (1:9.11.19+dfsg-2) unstable; urgency=high * Although none of these CVEs affect the ISC DHCP, it's better to have diff -Nru bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch --- bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch 1970-01-01 02:00:00.0 +0200 +++ bind9-libs-9.11.19+dfsg/debian/patches/0013-fix-1872118.patch 2021-07-25 23:22:48.0 +0300 @@ -0,0 +1,22 @@ +Description: Check if sock->pending_send is set +before calling dispatch_send(). This would prevent +the assertion failure in cases where a socket is not dead (closed) +and its still pending to send data and the process_fd +event gets triggered due a wakeup. + +Author: Jorge Niedbalski +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1872118 +Forwarded: no +Last-Update: 2020-08-03 + +--- bind9-libs-9.11.16+dfsg.orig/lib/isc/unix/socket.c bind9-libs-9.11.16+dfsg/lib/isc/unix/socket.c +@@ -4050,7 +4050,7 @@ check_write: + if (!SOCK_DEAD(sock)) { + if (sock->connecting) + dispatch_connect(sock); +- else ++ else if (!sock->pending_send) + dispatch_send(sock); + } + unwatch_write = true; diff -Nru bind9-libs-9.11.19+dfsg/debian/patches/series bind9-libs-9.11.19+dfsg/debian/patches/series --- bind9-libs-9.11.19+dfsg/debian/patches/series 2021-02-16 10:35:53.0 +0200 +++ bind9-libs-9.11.19+dfsg/debian/patches/series 2021-07-25 23:22:48.0 +0300 @@ -10,3 +10,4 @@ 0010-Always-keep-a-copy-of-the-message.patch 0011-Update-policy-subdomain-was-incorrectly-treated-as-z.patch 0012-ISC-BIND-TKEY-Query-Heap-based-Buffer-Overflow-RCE-V.patch +0013-fix-1872118.patch
Bug#991601: unblock: prometheus-node-exporter/1.1.2+ds-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package prometheus-node-exporter * Add upstream fix for rapl collector log noise with the bullseye kernel. (Closes: #991160) autopkgtest for prometheus-node-exporter/1.1.2+ds-2.1: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, ppc64el: Pass unblock prometheus-node-exporter/1.1.2+ds-2.1 diff -Nru prometheus-node-exporter-1.1.2+ds/debian/changelog prometheus-node-exporter-1.1.2+ds/debian/changelog --- prometheus-node-exporter-1.1.2+ds/debian/changelog 2021-05-28 01:59:42.0 +0300 +++ prometheus-node-exporter-1.1.2+ds/debian/changelog 2021-07-26 00:22:06.0 +0300 @@ -1,3 +1,11 @@ +prometheus-node-exporter (1.1.2+ds-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix for rapl collector log noise with the bullseye kernel. +(Closes: #991160) + + -- Adrian Bunk Mon, 26 Jul 2021 00:22:06 +0300 + prometheus-node-exporter (1.1.2+ds-2) unstable; urgency=medium * Move README.textfile from /var/lib to /usr/share/doc diff -Nru prometheus-node-exporter-1.1.2+ds/debian/patches/0001-Fix-rapl-collector-log-noise.patch prometheus-node-exporter-1.1.2+ds/debian/patches/0001-Fix-rapl-collector-log-noise.patch --- prometheus-node-exporter-1.1.2+ds/debian/patches/0001-Fix-rapl-collector-log-noise.patch 1970-01-01 02:00:00.0 +0200 +++ prometheus-node-exporter-1.1.2+ds/debian/patches/0001-Fix-rapl-collector-log-noise.patch 2021-07-26 00:21:43.0 +0300 @@ -0,0 +1,32 @@ +From 2c351d13bd834e387b875d972cf9aedc1fd89274 Mon Sep 17 00:00:00 2001 +From: Ben Kochie +Date: Wed, 21 Jul 2021 19:28:54 +0200 +Subject: Fix rapl collector log noise + +Capture permission denied error for "energy_uj" file. + +Fixes: https://github.com/prometheus/node_exporter/issues/1892 + +Signed-off-by: Ben Kochie +--- + collector/rapl_linux.go | 4 + 1 file changed, 4 insertions(+) + +diff --git a/collector/rapl_linux.go b/collector/rapl_linux.go +index a0f9011..b73c0dd 100644 +--- a/collector/rapl_linux.go b/collector/rapl_linux.go +@@ -70,6 +70,10 @@ func (c *raplCollector) Update(ch chan<- prometheus.Metric) error { + for _, rz := range zones { + newMicrojoules, err := rz.GetEnergyMicrojoules() + if err != nil { ++ if errors.Is(err, os.ErrPermission) { ++ level.Debug(c.logger).Log("msg", "Can't access energy_uj file", "zone", rz, "err", err) ++ return ErrNoData ++ } + return err + } + index := strconv.Itoa(rz.Index) +-- +2.20.1 + diff -Nru prometheus-node-exporter-1.1.2+ds/debian/patches/series prometheus-node-exporter-1.1.2+ds/debian/patches/series --- prometheus-node-exporter-1.1.2+ds/debian/patches/series 2021-02-26 00:49:19.0 +0200 +++ prometheus-node-exporter-1.1.2+ds/debian/patches/series 2021-07-26 00:22:06.0 +0300 @@ -1,2 +1,3 @@ 02-Properly_disable_zfs.patch 03-Default_settings.patch +0001-Fix-rapl-collector-log-noise.patch
Bug#991618: unblock: ldh-gui-suite/0.1~20200908-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ldh-gui-suite * update portuguese (pt) translation; closes: Bug#982318; thanks to Américo Monteiro * add spanish (es) translation; closes: Bug#988374; thanks to Camaleón * copyright info: update coverage (changes by Jonas Smedegaard) debian/changelog | 18 debian/copyright | 30 ++- debian/copyright_hints | 33 ++-- debian/po/es.po| 166 + debian/po/pt.po|9 -- 5 files changed, 241 insertions(+), 15 deletions(-) That's only translation and documentation updates. unblock ldh-gui-suite/0.1~20200908-4 diff -Nru ldh-gui-suite-0.1~20200908/debian/changelog ldh-gui-suite-0.1~20200908/debian/changelog --- ldh-gui-suite-0.1~20200908/debian/changelog 2021-01-17 12:11:40.0 +0200 +++ ldh-gui-suite-0.1~20200908/debian/changelog 2021-05-11 17:40:26.0 +0300 @@ -1,3 +1,21 @@ +ldh-gui-suite (0.1~20200908-4) unstable; urgency=medium + + * update spanish (es) translation; +see Bug#988374; thanks to Camaleón + * copyright info: update coverage + + -- Jonas Smedegaard Tue, 11 May 2021 16:40:26 +0200 + +ldh-gui-suite (0.1~20200908-3) unstable; urgency=medium + + * update portuguese (pt) translation; +closes: Bug#982318; thanks to Américo Monteiro + * add spanish (es) translation; +closes: Bug#988374; thanks to Camaleón + * copyright info: update coverage + + -- Jonas Smedegaard Tue, 11 May 2021 16:01:44 +0200 + ldh-gui-suite (0.1~20200908-2) unstable; urgency=medium * update german (de) translation; diff -Nru ldh-gui-suite-0.1~20200908/debian/copyright ldh-gui-suite-0.1~20200908/debian/copyright --- ldh-gui-suite-0.1~20200908/debian/copyright 2020-09-08 22:49:38.0 +0300 +++ ldh-gui-suite-0.1~20200908/debian/copyright 2021-05-11 17:40:10.0 +0300 @@ -26,8 +26,8 @@ Files: debian/* Copyright: - 2016-2019, Jonas Smedegaard - 2019, Purism, SPC + 2016-2019,2021, Jonas Smedegaard + 2019,2021, Purism, SPC License-Grant: This program is free software; you can redistribute it and/or modify it @@ -36,6 +36,32 @@ either version 3 of the License, or (at your option) any later version. License: GPL-3+ +Files: debian/po/es.po +Copyright: + 2021, Camaleón +License-Grant: + This file is distributed + under the same license as the ldh-gui-suite package. +License: GPL-3+ + +Files: debian/po/fr.po +Copyright: + 2019, Jean-Philippe MENGUAL +License-Grant: + This file is distributed + under the same license as the ldh-gui-suite package. +License: GPL-3+ +Comment: + Copyright holder is assumed from later comment + +Files: debian/po/nl.po +Copyright: + 2019, Frans Spiesschaert +License-Grant: + This file is distributed + under the same license as the ldh-gui-suite package. +License: GPL-3+ + License: AGPL-3+ GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 diff -Nru ldh-gui-suite-0.1~20200908/debian/copyright_hints ldh-gui-suite-0.1~20200908/debian/copyright_hints --- ldh-gui-suite-0.1~20200908/debian/copyright_hints 2020-09-09 11:50:44.0 +0300 +++ ldh-gui-suite-0.1~20200908/debian/copyright_hints 2021-05-11 17:40:26.0 +0300 @@ -39,13 +39,6 @@ License: UNKNOWN FIXME -Files: debian/po/de.po - debian/po/nl.po - debian/po/templates.pot -Copyright: YEAR THE PACKAGE'S COPYRIGHT HOLDER -License: UNKNOWN - FIXME - Files: configure.ac Copyright: 2019-2020, Jonas Smedegaard 2019-2020, Purism, SPC @@ -97,6 +90,20 @@ License: UNKNOWN FIXME +Files: debian/po/es.po +Copyright: 2021, Camaleón + jelo en blanco para utilizar el valor predeterminado (actualmente " + n se utilizará esta URI por otros programas. Debe ser el " + n se utilizará este nombre descriptivo por otros programas. Debe ser " + n se utilizará este nombre por otros programas. Debe ser un nombre de " +License: UNKNOWN + FIXME + +Files: debian/po/nl.po +Copyright: 2019, Frans Spiesschaert +License: UNKNOWN + FIXME + Files: debian/source/lintian-overrides Copyright: GPL-3+ gpl-3+ @@ -115,7 +122,7 @@ m usado por outros programas. Deverá ser o nome de " m usado por outros programas. Deverá ser uma " rico Monteiro " - rico Monteiro , 2019 - 2020. + rico Monteiro , 2019 - 2021. um domÃnio singular que implementa o " um serviço de microblogging parte de Liberty Deckplan Host." um serviço para gerir a sua conta Liberty Deckplan Host, acessÃvel " @@ -130,3 +137,13 @@ License: UNKNOWN FIXME +Files: debian/po/templates.pot +Copyright: YEAR FIRST AUTHOR +License: UNKNOWN + FIXME + +Files: debian/po/de.po +Copyright: YEAR THE PACKAGE'S COPYRIGHT HOLDER +License: UNKNOWN + FIXME + diff -Nru ldh-gui-suite-0.1~20200908/debian/po/es.po ldh-gui-suite-0.1~20200908/debian/po/es.po --- ldh-gui-suite-0.1~20200908/debian/po/es.po 1970-01-01 02:00:00.0 +0200 +++ ldh-gui-suite-0.1~20
Bug#991848: unblock: statsvn/0.7.0.dfsg-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package statsvn * Add patch from FreeBSD to disable the version check that broke with Subversion >= 10. (Closes: #990488) unblock statsvn/0.7.0.dfsg-10 diff -Nru statsvn-0.7.0.dfsg/debian/changelog statsvn-0.7.0.dfsg/debian/changelog --- statsvn-0.7.0.dfsg/debian/changelog 2018-11-18 13:02:28.0 +0200 +++ statsvn-0.7.0.dfsg/debian/changelog 2021-08-03 08:05:50.0 +0300 @@ -1,3 +1,11 @@ +statsvn (0.7.0.dfsg-10) unstable; urgency=medium + + * QA upload. + * Add patch from FreeBSD to disable the version check that broke +with Subversion >= 10. (Closes: #990488) + + -- Adrian Bunk Tue, 03 Aug 2021 08:05:50 +0300 + statsvn (0.7.0.dfsg-9) unstable; urgency=medium * QA upload. diff -Nru statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java --- statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java 1970-01-01 02:00:00.0 +0200 +++ statsvn-0.7.0.dfsg/debian/patches/patch-src_net_sf_statsvn_Main.java 2021-08-03 08:05:38.0 +0300 @@ -0,0 +1,17 @@ +Skip SVN version check which doesn't work anymore with SVN 1.10.0 + +--- a/src/net/sf/statsvn/Main.java.orig2018-06-25 06:52:30 UTC b/src/net/sf/statsvn/Main.java +@@ -105,12 +105,6 @@ public final class Main { + public static void generate() { + try { + RepositoryFileManager manager = createRepoManager(); +-String version = manager.getProcessor().getVersionProcessor().checkSvnVersionSufficient(); +-final boolean isNewerDiffPossible = manager.getProcessor().getVersionProcessor().checkDiffPerRevPossible(version); +-// fall-back to older option. +-if (!isNewerDiffPossible) { +-SvnConfigurationOptions.setLegacyDiff(true); +-} + + manager.getProcessor().getInfoProcessor().checkRepoRootAvailable(); + generateDefaultHTMLSuite(manager); diff -Nru statsvn-0.7.0.dfsg/debian/patches/series statsvn-0.7.0.dfsg/debian/patches/series --- statsvn-0.7.0.dfsg/debian/patches/series2018-04-20 00:41:58.0 +0300 +++ statsvn-0.7.0.dfsg/debian/patches/series2021-08-03 08:05:48.0 +0300 @@ -1,3 +1,4 @@ 10-build-xml-classpath.diff 15-build-xml-build-jar-only.diff 20-remove-backport-util-concurrent.diff +patch-src_net_sf_statsvn_Main.java
Bug#991849: unblock: sctk/2.4.10-20151007-1312Z+dfsg2-3.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package sctk * Apply patch by Michael Hudson-Doyle to use pdftoppm instead of convert to convert pdf to jpg as the latter fails with the changed security policy of ImageMagick. (Closes: #962439) diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog --- sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog 2016-04-27 19:42:33.0 +0300 +++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/changelog 2021-08-03 09:44:24.0 +0300 @@ -1,3 +1,12 @@ +sctk (2.4.10-20151007-1312Z+dfsg2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch by Michael Hudson-Doyle to use pdftoppm instead +of convert to convert pdf to jpg as the latter fails with the +changed security policy of ImageMagick. (Closes: #962439) + + -- Adrian Bunk Tue, 03 Aug 2021 09:44:24 +0300 + sctk (2.4.10-20151007-1312Z+dfsg2-3) unstable; urgency=medium * Fix an error in replacement files Makefile. diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/control sctk-2.4.10-20151007-1312Z+dfsg2/debian/control --- sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2016-04-27 19:42:33.0 +0300 +++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/control 2021-08-03 09:44:12.0 +0300 @@ -8,6 +8,7 @@ dh-buildinfo, dpkg-dev (>= 1.16.1~), librsvg2-bin, + poppler-utils, texlive-latex-base, texlive-latex-extra, imagemagick, diff -Nru sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile --- sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile 2016-04-27 19:42:33.0 +0300 +++ sctk-2.4.10-20151007-1312Z+dfsg2/debian/replacement_files/Makefile 2021-08-03 09:43:34.0 +0300 @@ -34,7 +34,7 @@ all: $(OUTPUT) %.jpg: %.pdf - convert -density 300 $< $@ + pdftoppm -jpeg -singlefile -r 300 $< > $@ %.png: %.svg convert "$<" "$@"
Bug#991850: unblock: tmpreaper/1.6.14+nmu2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tmpreaper * Apply patch from Mick Switser to fix protect on directory. (Closes: #636459) unblock tmpreaper/1.6.14+nmu2 diff -Nru tmpreaper-1.6.14+nmu1/ChangeLog tmpreaper-1.6.14+nmu2/ChangeLog --- tmpreaper-1.6.14+nmu1/ChangeLog 2019-09-06 16:20:49.0 +0300 +++ tmpreaper-1.6.14+nmu2/ChangeLog 2021-08-03 08:35:41.0 +0300 @@ -1,3 +1,11 @@ +tmpreaper (1.6.14+nmu2) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch from Mick Switser to fix protect on directory. +(Closes: #636459) + + -- Adrian Bunk Tue, 03 Aug 2021 08:35:41 +0300 + tmpreaper (1.6.14+nmu1) unstable; urgency=medium * Non-maintainer upload. diff -Nru tmpreaper-1.6.14+nmu1/debian/changelog tmpreaper-1.6.14+nmu2/debian/changelog --- tmpreaper-1.6.14+nmu1/debian/changelog 2019-09-06 16:20:49.0 +0300 +++ tmpreaper-1.6.14+nmu2/debian/changelog 2021-08-03 08:35:41.0 +0300 @@ -1,3 +1,11 @@ +tmpreaper (1.6.14+nmu2) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch from Mick Switser to fix protect on directory. +(Closes: #636459) + + -- Adrian Bunk Tue, 03 Aug 2021 08:35:41 +0300 + tmpreaper (1.6.14+nmu1) unstable; urgency=medium * Non-maintainer upload. diff -Nru tmpreaper-1.6.14+nmu1/tmpreaper.c tmpreaper-1.6.14+nmu2/tmpreaper.c --- tmpreaper-1.6.14+nmu1/tmpreaper.c 2019-01-05 17:23:01.0 +0200 +++ tmpreaper-1.6.14+nmu2/tmpreaper.c 2021-08-03 08:35:41.0 +0300 @@ -519,6 +519,21 @@ continue; } +if (FLAGS_PROTECT_P (flags)) { + skip = i = 0; + do { + if (sb.st_ino == protect_table[i].inode) { + message (LOG_VERBOSE, +"Entry matching `--protect' pattern skipped. `%s'\n", +protect_table[i].name); + skip = 1; + break; + } + } while (protect_table[i++].name); + if (skip) + continue; + } + if (S_ISDIR (sb.st_mode)) { #ifdef HAVE_LIBMOUNT_LIBMOUNT_H struct mountpoint_control ctl = { NULL }; @@ -565,21 +580,6 @@ (u_int) getpid(), ent->d_name); } - if (FLAGS_PROTECT_P (flags)) { - skip = i = 0; - do { - if (sb.st_ino == protect_table[i].inode) { - message (LOG_VERBOSE, -"Entry matching `--protect' pattern skipped. `%s'\n", -protect_table[i].name); - skip = 1; - break; - } - } while (protect_table[i++].name); - if (skip) - continue; - } - /* Decide whether to remove the file or not */ /* check for mtime on directory instead of atime if requested */ if ( FLAGS_MTIME_P(flags) ||
Bug#991852: unblock: debian-edu-doc/2.11.26
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-doc * Update Debian Edu Bullseye manual from the wiki. [ Translation updates ] * Bullseye manual: - German: Wolfgang Schweer - Dutch: Frans Spiesschaert - Portuguese (Brazil): Barbara Tostes and Fred Maranhão - Polish: Stanisław Stefan Krukowski - Chinese (Simplified): Ma Yong * Buster manual: - Portuguese (Brazil): Barbara Tostes and Fred Maranhão - Polish: Stanisław Stefan Krukowski - Chinese (Simplified): Ma Yong (changes by Holger Levsen) Documentation-only change, no debdiff due to size: debian/changelog | 18 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml | 27 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po | 61 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po | 83 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po | 48 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po | 1798 -- documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po | 1802 -- documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po | 76 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po | 58 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po | 7847 ++ documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po | 343 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot | 45 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po | 95 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po | 80 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po | 80 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po | 49 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po | 49 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml | 27 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po | 117 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po | 47 documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml |8 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po | 135 documentation/debian-edu-buster/debian-edu-buster-manual.pt-br.po | 20 documentation/debian-edu-buster/debian-edu-buster-manual.zh-cn.po | 17 24 files changed, 5972 insertions(+), 6958 deletions(-) unblock debian-edu-doc/2.11.26
Bug#992570: nmu: rebuild on buildd for testing migration
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu eln_1.4.0-1 . amd64 . unstable . -m "rebuild on buildd" nmu jpegqs_1.20210408-1 . amd64 . unstable . -m "rebuild on buildd" nmu python-pyo_1.0.4-1 . amd64 . unstable . -m "rebuild on buildd" nmu sptag_0.0~git20210514.20d55e1+ds-1 . amd64 . unstable . -m "rebuild on buildd" nmu virt-v2v_1.44.0-1 . amd64 . unstable . -m "rebuild on buildd" nmu qemu-web-desktop_21.08.10-1 . amd64 . unstable . -m "rebuild on buildd" nmu kexec-tools_1:2.0.22-2 . amd64 . unstable . -m "rebuild on buildd" nmu fuse-posixovl_1.3-1 . amd64 . unstable . -m "rebuild on buildd" nmu recordmydesktop_0.4.0-1 . amd64 . unstable . -m "rebuild on buildd" nmu foremost_1.5.7-10 . amd64 . unstable . -m "rebuild on buildd"
Re: careless upload of Erlang v24 without a transition tracking with the release team (was: rabbitmq-server fails to start after erlang v24 update)
On Sun, Aug 22, 2021 at 07:14:16PM +0200, Thomas Goirand wrote: >... > On 8/22/21 6:14 PM, Sergei Golovan wrote: >... > > I've uploaded Erlang 24 to experimental months ago. If you know that > > your software breaks on Erlang upgrade, you could do something > > already. > > Just uploading to Experimental isn't, IMO, a thing that makes it ok to > break others unstable. For this, we have transitions... Also, an upload > to Experimental during the freeze isn't giving me any sign. >... > Instead, here, we received a bug report for a rabbitmq-server *user* > that discovered, after the fact, that things broke. I'm sure we can do > better than this! >... One way for doing better that this would be to give rabbitmq-server autopkgtest that run on erlang migrations. A user seeing breakage in unstable is unfortunate, but it's called "unstable" for a reason. A rabbitmq-server autopkgtest would block migration of erlang to testing, just like the elixir-lang autopkgtest is currently blocking migration of erlang to testing - protecting users of testing from this breakage. Related to that, there are experimental->unstable pseudo-excuses [1] that run autopkgtest similar to what is run for migrations to testing. Due to the autopkgtest, the elixir-lang breakage was likely visible there during the 5 months when erlang was in unstable. > Cheers, > > Thomas Goirand (zigo) >... cu Adrian [1] https://release.debian.org/britney/pseudo-excuses-experimental.html
Bug#992028: transition: libidn
On Mon, Aug 30, 2021 at 04:03:36PM +0200, Simon Josefsson wrote: >... > Also, there is an arch:all missing build of libidn, is that a real > problem? Should I do a binary upload to correct it? I thought > source-only uploads was sufficient now. There are no packages you could upload, see #993294. > /Simon cu Adrian
Bug#992028: transition: libidn
On Mon, Aug 30, 2021 at 09:19:07PM +0200, Simon Josefsson wrote: > Adrian Bunk writes: > > > On Mon, Aug 30, 2021 at 04:03:36PM +0200, Simon Josefsson wrote: > >>... > >> Also, there is an arch:all missing build of libidn, is that a real > >> problem? Should I do a binary upload to correct it? I thought > >> source-only uploads was sufficient now. > > > > There are no packages you could upload, see #993294. > > Thanks -- for my learning, is there anywhere I could read about that? > Is it always required when removing arch:all packages? That knowledge from observing how the archive and testing migration software is working right now, in theory what we are seeing is a bug. dak (archive software) does have automatic cruft removal. For some time it was too eager to remove cruft, so when the package did FTBFS on binary-all this often resulted in a round through NEW. Now it's a bit more cautious, and tends to err on the side of not removing enough. britney (testing migration software) used to be a bit too liberal on letting things migrate, andthere were packages migrating to testing despite a binary-all FTBFS (sometimes noone notices for months when a -doc package is missing). Most likely the release team can force libidn into testing right away, but that's something they have to tell. > /Simon cu Adrian
Bug#987504: imagemagick: attempt to perform an operation not allowed by the security policy `EPS'
Package: imagemagick Version: 8:6.9.11.60+dfsg-1.2 Severity: serious Tags: ftbfs Control: found -1 8:6.9.10.23+dfsg-2.1+deb10u1 Control: affects -1 src:ftgl src:foxtrotgps src:gri src:kannel src:mlpost src:muttprint src:ns3 src:sctk src:texworks-manual src:therion src:vlfeat src:x4d-icons src:xnee https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/ftgl.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/foxtrotgps.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/gri.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/kannel.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/mlpost.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/muttprint.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/ns3.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/sctk.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/texworks-manual.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/therion.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/vlfeat.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/x4d-icons.html https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/xnee.html ... convert-im6.q16: attempt to perform an operation not allowed by the security policy `EPS' @ error/constitute.c/IsCoderAuthorized/408. convert-im6.q16: attempt to perform an operation not allowed by the security policy `EPS' @ error/constitute.c/IsCoderAuthorized/408. make[3]: *** [Makefile:931: screenshots/map-download.eps] Error 1 A security change that went just went into imagemagick in unstable, but already went into imagemagick in buster last autumn, makes around a dozen packages FTBFS in unstable resp. buster. Background: https://bugs.launchpad.net/ubuntu/+source/kannel/+bug/1838425 Options are either reverting the imagemagick change or fixing the packages that got broken in bullseye and buster. Security and release teams are Cc'ed.
Re: Bug#987570: openjdk-11-jre-headless: libawt_xawt.so still listed as part of this package instead of openjdk-11-jre
Control: severity -1 serious On Sun, Apr 25, 2021 at 10:23:09PM +0200, GuyXY wrote: > Package: openjdk-11-jre-headless > Severity: important > > After installing the latest security updates, davmail stopped working. > I looked into it and found out, that it required the file > '/usr/lib/jvm/java-11-openjdk-amd64/lib/libawt_xawt.so' which was now missing > even tho it's supposed to be installed as part of the openjdk-11-jre-headless > package, which is installed as one of davmail's dependencies. > > I asked for help in the #debian IRC channel, and we came to the conclusion > that the file has been moved to the openjdk-11-jre package. > The package content list do not reflect those changes yet. Please adjust the > list of the package contents for openjdk-11-jre-headless and openjdk-11-jre > in Buster to avoid further confusion. > > PS: It may also be a good idea to change the dependency from davmail from > openjdk-11-jre-headless to openjdk-11-jre as well or add it as a recommended > or at least suggested package. > > -- System Information: > Debian Release: 10.9 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) * Move libawt_xawt.so, libjawt.so into the jre package. Closes: #908058. Such changes should not happen in an update to stable. cu Adrian
Re: Bug#987504: imagemagick: attempt to perform an operation not allowed by the security policy `EPS'
On Wed, Apr 28, 2021 at 06:43:02AM +0200, Salvatore Bonaccorso wrote: > Hi Adrian, Hi Salvatore, > On Sat, Apr 24, 2021 at 11:20:43PM +0300, Adrian Bunk wrote: >... > > Options are either reverting the imagemagick change or fixing > > the packages that got broken in bullseye and buster. > > > > Security and release teams are Cc'ed. > > No time for a more lenghty reply to this right now, but our point was > exactly to bring the same patch (already applied in the last DSA) as > well in bullseye's version as this was missing and discussed back then > and recently with the maintainer as well. > > If this is not the case yet, are bugs filled against those packages > you found to be failing to build now due to this change in stable and > unstable? my question was exactly how to move forward here. If everyone (including the release team) agrees that the imagemagick change should stay and RC bugs be filed, I can do the bug filing. > Regards, > Salvatore cu Adrian
Re: Fixing rust package FTBFS in buster (was: Bug#931003: Removed package(s) from unstable )
On Wed, May 05, 2021 at 08:01:13AM +0100, peter green wrote: > On 04/05/2021 12:28, Santiago Vila wrote: > > On Tue, May 04, 2021 at 11:48:09AM +0100, peter green wrote: > > > > This was automatically closed by ftpmaster because the package was > > > > removed from unstable, but this still does not fix the FTBFS problem > > > > in stable. > > > > > > Unfortunately I don't think a proper fix will be forthcoming, upstream > > > has abandoned the crate in question. > > > > It does not need to be a perfect fix. It is enough that dpkg-buildpackage > > exits with status 0. If the tests are no longer valid, disabling them > > should be much better than nothing, because packages in stable must > > build in stable. > > I'm prepared prepare such uploads if the stable release managers > are prepared to accept them. Usually they are receptive for reasonable FTBFS fixes, and my rust-rustyline bug was part of me doing a find+fix round. >... > rust-simd: abandoned upstream, not in testing/unstable probably not properly > fixible, could disable test build during package build to fix FTBFS. > rust-coresimd: abandoned upstream, not in testing/unstable probably not > properly fixible, could disable test build during package build to fix FTBFS. > rust-nodrop-union: abandoned upstream, not in testing, broken in unstable > probably not properly fixible, could disable test build during package build > to fix FTBFS. Is it only the test that is broken? Or is the test due to some minor functionality breakage? In that case, ignoring test problems would be the correct action. But if the packages are just completely broken with current rustc, then RM bugs against release.debian.org asking for removal in the next buster point release would be the correct action for such leaf packages. > rust-rustyline: fixed upstream and in testing/unstable, I was able to bisect > and backport the fix (see bug 988025 ) This should be fixed in buster. cu Adrian
Bug#988251: nmu: gtkglextmm_1.2.0-8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu # spurious dependency on an obsolete library # the as-needed change in bullseye fixes it nmu gtkglextmm_1.2.0-8 . ANY . unstable . -m "rebuild without spurious libpangox-1.0-0 dependency"
Bug#987013: Release goal proposal: Remove Berkeley DB
On Fri, Apr 16, 2021 at 10:36:57PM +0200, Marco d'Itri wrote: > On Apr 16, Bastian Blank wrote: > > > postfix is easy. Would inn2 be license compliant with a AGPL licensed > > BDB, aka able to provide the source to it's users, or what is the plan > > anyway? > The plan is to continue using 5.3, not upgrading. > > > slapd defaults to LMDB since several years and you need to > > explicitely specify the bdb or hdb backend. > Sure, but the point was how to convert existing systems. As far as I can see, the realistic best case would be to drop Berkeley DB *after* bookworm. For usages that are not just build-time tests or temporary caches, we need at least one release for migrating the data of our users. apt-listchanges is using Berkeley DB through Python (#988090). This is one global database, and the user-friendly way of migration would be either in the maintainer scripts during the upgrade to bookworm or at runtime when the version in bookworm discovers a legacy Berkeley DB database. If Python in bookworm would not be able to read legacy Berkeley DB databases, we would be screwing our users by not being able to offer them automatic migrations in packages like apt-listchanges. I maintain bogofilter (a spam filter). It would be feasible to implement a transparent migration from Berkeley DB to a different format in bookworm, but this requires a bogofilter tool compiled against libdb5.3 in bookworm. Which would not be possible without libdb5.3 in bookworm. > ciao, > Marco cu Adrian
Bug#994091: nmu: aide_0.17.3-4
On Sat, Sep 11, 2021 at 03:59:12PM +0200, Marc Haber wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > > [this is my first binNMU request, I hope that I did everything right] [ I am not a member of the release team ] > aide is statically linked. With the new glibc, NSS calls get somehow > still some dynamic linking, which causes a reproducible and > unconditional segfault one aide uses an NSS-releated call. A rebuild > fixes this issue. I am currently discussing this issue with upstream to > find out whether we can do things a bit better in the future. AFAIR static glibc linking and NSS is known problematic. > Greetings > Marc > > > nmu aide_0.17.3-4 . ANY . unstable . -m "Rebuild against the new glibc" The dependencies should ensure that apt/dpkg only install a working set of packages. Dependencies like "libc6 (>> 2.32), libc6 (<< 2.33)" might help, but I've added debian-glibc to Cc since I don't know for sure whether this would be sufficient. cu Adrian
Bug#992870: transition: GNOME 40 (libmutter-8-0 and friends)
On Tue, Sep 14, 2021 at 09:12:34AM +0100, Simon McVittie wrote: >... > Looking at the migration excuses for gnome-shell, I think we will need > something more like this: > > remove gnome-shell-extension-dashtodock/69-1 > remove gnome-shell-extension-desktop-icons/20.04.0+git20200908-8 > remove gnome-shell-extension-easyscreencast/1.1.0+git20210116.3252312-1 > > I'm not sure why the first two would block migration since they don't have > an upper limit on their version numbers, but those extensions haven't been > ported to gnome-shell 40, so they aren't going to work in practice anyway. >... Package: gnome-shell Version: 40.4-2 Breaks: ..., gnome-shell-extension-dashtodock (<< 70), gnome-shell-extension-desktop-icons (<< 21.04), ... > smcv cu Adrian
Bug#995277: unblock: golang-github-klauspost-compress/1.11.7-2
On Sun, Oct 03, 2021 at 10:21:16AM -0400, Reinhard Tartler wrote: >... > The consistent OOM is surprising given that you state that the worker has > 250GB of RAM. Looking at the logs, > I note that the tests are being passed the option -p 160 by the dh-golang > helper, so it will build > and run test executables concurrently. That confirms to me that we are > indeed running on these 250GB/160 core workers. >... No matter the amount of RAM, you will always have the limitation of <= 4 GB address space for a process on 32bit.[1] Starting one process per core is not a problem even if each process uses takes 1 GB of RAM.[2] Starting one thread per core in the same process would not be suprising to fail, 20 MB per thread would suffice for running out of address space. > regards, > Reinhard cu Adrian [1] 32bit arm has 3 GB address space [2] 160 g++ processes might be a problem with only 1.5 GB RAM per core
Bug#997929: transition: yaml-cpp
On Thu, Oct 28, 2021 at 09:50:10PM +0200, Sebastian Ramacher wrote: > Control: forwarded -1 > https://release.debian.org/transitions/html/auto-yaml-cpp.html > > On 2021-10-27 05:05:57 -0500, Simon Quigley wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Dear Release Team, > > > > I would like to upload yaml-cpp 0.7.0 to unstable which includes an ABI bump > > and a package name change (libyaml-cpp0.6 -> libyaml-cpp0.7). It has already > > been uploaded to Experimental and cleared NEW. Since the package now depends > > on googletest instead of including its own embedded copy, the package now > > builds on less architectures. > > Are builds on releases acrchitectures affected by this change? sh4 (in ports) is the only affected Linux architecture: https://buildd.debian.org/status/package.php?p=yaml-cpp&suite=experimental > Cheers cu Adrian
Bug#998338: transition: urdfdom
On Wed, Nov 10, 2021 at 12:54:49AM +0100, Jose Luis Rivero wrote: > On Tue, Nov 9, 2021 at 9:46 PM Sebastian Ramacher > wrote: >... > > CMake Error at /usr/lib/x86_64-linux-gnu/cmake/urdf/urdfConfig.cmake:171 > > (message): > > Project 'rviz' tried to find library > > '$<$>:-lurdfdom_sensor'. The library is neither ja > > target nor built/installed properly. Did you compile project 'urdf'? Did > > you find_package() it before the subdirectory containing its code is > > included? > > > > This looks like a bug in urdfcom to me … three <, but only two >. > > > > It is, indeed. Jochen sent the patch upstream > https://github.com/ros/urdfdom/pull/164 and I have uploaded 3.0.0+ds-5 > shipping it. Let's see if that fixes all the problems. Still fails: https://buildd.debian.org/status/fetch.php?pkg=ros-collada-urdf&arch=i386&ver=1.12.13-6%2Bb1&stamp=1636504074&raw=0 https://buildd.debian.org/status/fetch.php?pkg=ros-kdl-parser&arch=i386&ver=1.14.1-6%2Bb1&stamp=1636504092&raw=0 https://buildd.debian.org/status/fetch.php?pkg=ros-rviz&arch=i386&ver=1.14.10%2Bdfsg-2%2Bb2&stamp=1636504088&raw=0 The problem is that /usr/lib/x86_64-linux-gnu/cmake/urdf/urdfConfig.cmake in ros-urdf got miscompiled. A fresh binNMU of the packags in level 2 of the transition should fix that. gazebo will then also need another binNMU as part of level 3, since it might have silently dropped URDF support after the first binNMU. cu Adrian
Bug#987013: Bug#996584: (some kind of) transition: add python3.10 as a supported python3 version
On Tue, Nov 16, 2021 at 02:23:36PM +0100, Matthias Klose wrote: > I'm planning to upload python3-defaults later tonight, adding 3.10 as a > supported Python version. Packages are able to migrate on their own, there > are > no blockages introduced on other transitions. > > We have most packages ready to build for 3.10, and around 70 leaf packages > still > needing some work. Otoh, we can much better work on these if reverse > dependencies are already built for 3.10 in the archive. The tracker used is >... I think the backwards incompatible change to the dbm extension[1] has to be reverted until after a release where someone has migrated the data of all packages using Berkeley DB. Most broken packages are likely not even among the ones that need rebuilding, they would just be just broken and Python should not make it harder to fix them. If Berkeley DB removal should be done in trixie, someone will have to analyze and implement solutions for data migrations as part of #987013 in bookworm. Ecosystem maintainers unilaterally dropping support would only make it a lot harder to implement solutions. How should a package like apt-listchanges migrate its database if the existing reader code is no longer functional due to this change in Python? That's not impossible, but might make things a lot harder. AFAIK even Python 2.7 will still be shipped in bookworm, so let's not make life harder for other people by hurrying too much with Berkeley DB. > Matthias cu Adrian [1] https://tracker.debian.org/news/1240462/accepted-python310-3100b1-2-source-into-experimental/
Bug#1000472: bullseye-pu: package rustc-mozilla/1.51.0+dfsg1-1~deb11u1
On Mon, Nov 29, 2021 at 05:32:30PM +0100, Julien Cristau wrote: > cc: rustc and firefox maintainers > > On Tue, Nov 23, 2021 at 03:20:45PM -0500, Roberto C. Sanchez wrote: > > In preparing the rustc 1.51 upload/backport (to support backports of the > > latest firefox-esr and thunderbird packages) it has been suggested that > > to avoid some issues associated with providing a significant new version > > of rustc in the rustc binary package (along with the associated library > > packages), that I prepare the 1.51 rustc package with a different name. > > Following the model of what was done for gcc, nasm, and nodejs, I was > > considering source package rustc-mozilla with a single binary package > > (also rustc-mozilla) to ensure that rdeps don't end up getting surprised > > by a new rustc. Would this be considered acceptable for the bullseye > > and buster uploads of rustc 1.51? > > 2 things: > - I think we should pick 1.53 if possible, since that's what mozilla use > for their esr91 binaries I was suggesting 1.51 since the smaller the difference to the currently used version, the lower the risk of new bad surprises when updating rustc. Roberto is doing this primarily for LTS, and for stretch LTS next years Firefox that will require yet another rustc update will no longer be an issue. The Debian packages of rustc 1.53 in experimental and unstable were built with LLVM 12, we won't see before it enters stable-pu whether building rustc 1.53 with LLVM 11 breaks on some architecture (unlikely but not impossible, especially with the error thresholds). > - I don't think we need to rename the packages unless there's evidence > of breakage that can't be easily fixed by either simple patches or > removing the affected packages. Renamed packages are acceptable but > that seems like extra work and overhead that may not be necessary. We have already learned the hard way that such evidence might appears after it is too late. In bullseye there are > 800 non-Firefox packages build depending on rustc. In buster there are "only" around 450 packages build depending on rustc. One of them is librsvg, which failed to build with last years new rustc for Firefox. The librsvg updated for rustc 1.41 updated for last years Firefox ESR did build on amd64 but not on ppc64el. And BTW, this rustc/firefox misery also blocks the CVE-2019-20446 fix in librsvg from entering buster. Assuming ppc64el will continue to not be part of LTS also for buster, the easiest solution will be to re-upload the fixed librsvg to buster-security immediately after LTS starts for buster. For rustc 1.41 in buster this is exactly the evidence you are asking for. And it could not have reasonably be discovered before uploading rustc. The lesson learned is that the normal rustc package can no longer be updated in stable series now that Firefox is no longer the sole user. > Cheers, > Julien cu Adrian
Bug#1003795: buster-pu: package evolution-data-server/3.30.5-1+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * CVE-2020-16117: Crash on malformed server response with minimal capabilities. diff -Nru evolution-data-server-3.30.5/debian/changelog evolution-data-server-3.30.5/debian/changelog --- evolution-data-server-3.30.5/debian/changelog 2020-07-14 22:09:35.0 +0300 +++ evolution-data-server-3.30.5/debian/changelog 2022-01-16 00:17:04.0 +0200 @@ -1,3 +1,11 @@ +evolution-data-server (3.30.5-1+deb10u2) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-16117: Crash on malformed server response with +minimal capabilities. + + -- Adrian Bunk Sun, 16 Jan 2022 00:17:04 +0200 + evolution-data-server (3.30.5-1+deb10u1) buster-security; urgency=medium * CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3. diff -Nru evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch --- evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch 1970-01-01 02:00:00.0 +0200 +++ evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch 2022-01-16 00:16:26.0 +0200 @@ -0,0 +1,27 @@ +From 9e540466b1c84f492207d3e43749384cde73e46c Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Mon, 10 Feb 2020 10:00:32 +0100 +Subject: I#189 - Crash on malformed server response with minimal capabilities + +Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189 +--- + src/camel/providers/imapx/camel-imapx-server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c +index 20bc160e4..65690f0d0 100644 +--- a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c +@@ -3049,7 +3049,8 @@ connected: + + /* See if we got new capabilities +* in the STARTTLS response. */ +- imapx_free_capability (is->priv->cinfo); ++ if (is->priv->cinfo) ++ imapx_free_capability (is->priv->cinfo); + is->priv->cinfo = NULL; + if (ic->status->condition == IMAPX_CAPABILITY) { + is->priv->cinfo = ic->status->u.cinfo; +-- +2.20.1 + diff -Nru evolution-data-server-3.30.5/debian/patches/series evolution-data-server-3.30.5/debian/patches/series --- evolution-data-server-3.30.5/debian/patches/series 2020-07-09 15:27:45.0 +0300 +++ evolution-data-server-3.30.5/debian/patches/series 2022-01-16 00:16:54.0 +0200 @@ -2,3 +2,4 @@ ubuntu_gettext_domain.patch CVE-2020-14928-1.patch CVE-2020-14928-2.patch +0001-I-189-Crash-on-malformed-server-response-with-minima.patch
Bug#1003825: buster-pu: package libetpan/1.9.3-2+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * CVE-2020-15953: STARTTLS response injection that affects IMAP, SMTP, and POP3. (Closes: #966647) diff -Nru libetpan-1.9.3/debian/changelog libetpan-1.9.3/debian/changelog --- libetpan-1.9.3/debian/changelog 2019-05-07 00:27:54.0 +0300 +++ libetpan-1.9.3/debian/changelog 2022-01-16 13:49:07.0 +0200 @@ -1,3 +1,11 @@ +libetpan (1.9.3-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-15953: STARTTLS response injection that +affects IMAP, SMTP, and POP3. (Closes: #966647) + + -- Adrian Bunk Sun, 16 Jan 2022 13:49:07 +0200 + libetpan (1.9.3-2) unstable; urgency=high * debian/patches/90_fix_tls_timeout.diff diff -Nru libetpan-1.9.3/debian/patches/0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch libetpan-1.9.3/debian/patches/0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch --- libetpan-1.9.3/debian/patches/0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch 1970-01-01 02:00:00.0 +0200 +++ libetpan-1.9.3/debian/patches/0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch 2022-01-16 13:48:27.0 +0200 @@ -0,0 +1,30 @@ +From a6ab2983e53795b62b3158ddfe114dfaea1a1d17 Mon Sep 17 00:00:00 2001 +From: Damian Poddebniak +Date: Fri, 24 Jul 2020 19:39:53 +0200 +Subject: Detect extra data after STARTTLS response and exit (#387) + +--- + src/low-level/imap/mailimap.c | 7 +++ + 1 file changed, 7 insertions(+) + +diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c +index 989e20a..df17e27 100644 +--- a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c +@@ -2422,6 +2422,13 @@ int mailimap_starttls(mailimap * session) + + mailimap_response_free(response); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->imap_stream->read_buffer_len != 0) { ++ // Since it is also an IMAP protocol violation, exit. ++ return MAILIMAP_ERROR_STARTTLS; ++ } ++ + switch (error_code) { + case MAILIMAP_RESP_COND_STATE_OK: + return MAILIMAP_NO_ERROR; +-- +2.20.1 + diff -Nru libetpan-1.9.3/debian/patches/0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch libetpan-1.9.3/debian/patches/0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch --- libetpan-1.9.3/debian/patches/0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch 1970-01-01 02:00:00.0 +0200 +++ libetpan-1.9.3/debian/patches/0002-Detect-extra-data-after-STARTTLS-responses-in-SMTP-a.patch 2022-01-16 13:48:27.0 +0200 @@ -0,0 +1,55 @@ +From 586db9d030f397a48c7b0008dffe25da582251f3 Mon Sep 17 00:00:00 2001 +From: Fabian Ising +Date: Fri, 24 Jul 2020 19:40:48 +0200 +Subject: Detect extra data after STARTTLS responses in SMTP and POP3 and exit + (#388) + +* Detect extra data after STLS response and return error + +* Detect extra data after SMTP STARTTLS response and return error +--- + src/low-level/pop3/mailpop3.c | 8 + src/low-level/smtp/mailsmtp.c | 8 + 2 files changed, 16 insertions(+) + +diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c +index ab9535b..e2124bf 100644 +--- a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c +@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f) + + if (r != RESPONSE_OK) + return MAILPOP3_ERROR_STLS_NOT_SUPPORTED; ++ ++ // Detect if the server send extra data after the STLS response. ++ // This *may* be a "response injection attack". ++ if (f->pop3_stream->read_buffer_len != 0) { ++// Since it is also protocol violation, exit. ++// There is no error type for STARTTLS errors in POP3 ++return MAILPOP3_ERROR_SSL; ++ } + + return MAILPOP3_NO_ERROR; + } +diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c +index 2f3b40e..c967511 100644 +--- a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c +@@ -1108,6 +1108,14 @@ int mailesmtp_starttls(mailsmtp * session) + return MAILSMTP_ERROR_STREAM; + r = read_response(session); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->stream->read_buffer_len != 0) { ++// Since it is also protocol violation, exit. ++// There is no general error type for STARTTLS errors in SMTP ++return MAILSMTP_ERROR_SSL; ++ } ++ + switch (r) { + case 220: + return MAILSMTP_NO_ERROR; +-- +2.20.1 + diff -Nru libetpan-1.9.3/debian/patches/series libetpan-1.9.3/debian/patches/series --- libetpan-1.9.3/debian/patches/series2019-05-07 00:27:54.0 +0300 +++ libetpan-1.9.3/debian/patches/series2022-01-16 13:49:05.0 +0200 @@ -2,3 +2,5 @@
Bug#1003826: buster-pu: package libjackson-json-java/1.9.13-2~deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * Add upstream fixes. - Serializing types for deeply nested Maps. - Set Secure Processing flag on DocumentBuilderFactory. - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172) - WriteRawValue surrogate pair fix. - Fix deserialization. - All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-7525) * Update Standards-Version to 4.5.0 Except for Standards-Version and the dh compat bump reverted in this backport, the bullseye package was the buster package with several bugfixes applied (including fixes for 3 CVEs). diff -Nru libjackson-json-java-1.9.13/debian/changelog libjackson-json-java-1.9.13/debian/changelog --- libjackson-json-java-1.9.13/debian/changelog2018-12-31 00:28:06.0 +0200 +++ libjackson-json-java-1.9.13/debian/changelog2022-01-16 14:04:02.0 +0200 @@ -1,3 +1,27 @@ +libjackson-json-java (1.9.13-2~deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * Rebuild for buster. +- Revert the debhelper compat bump. + + -- Adrian Bunk Sun, 16 Jan 2022 14:04:02 +0200 + +libjackson-json-java (1.9.13-2) unstable; urgency=medium + + * Team upload. + * Add upstream fixes. +- Serializing types for deeply nested Maps. +- Set Secure Processing flag on DocumentBuilderFactory. +- Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172) +- WriteRawValue surrogate pair fix. +- Fix deserialization. +- All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-7525) + * Update Standards-Version to 4.5.0 + * Use debhelper-compat. +- Update compat level to 13. + + -- Sudip Mukherjee Sat, 19 Sep 2020 20:20:21 +0100 + libjackson-json-java (1.9.13-1) unstable; urgency=medium * Team upload. diff -Nru libjackson-json-java-1.9.13/debian/control libjackson-json-java-1.9.13/debian/control --- libjackson-json-java-1.9.13/debian/control 2018-12-31 00:15:15.0 +0200 +++ libjackson-json-java-1.9.13/debian/control 2022-01-16 14:04:02.0 +0200 @@ -18,7 +18,7 @@ libjoda-time-java, maven-repo-helper (>= 1.5~), libnet-luminis-build-plugin-java (>= 0.2.0-3) -Standards-Version: 4.3.0 +Standards-Version: 4.5.0 Vcs-Git: https://salsa.debian.org/java-team/libjackson-json-java.git Vcs-Browser: https://salsa.debian.org/java-team/libjackson-json-java Homepage: https://github.com/FasterXML/jackson diff -Nru libjackson-json-java-1.9.13/debian/patches/0001-fixed-234.patch libjackson-json-java-1.9.13/debian/patches/0001-fixed-234.patch --- libjackson-json-java-1.9.13/debian/patches/0001-fixed-234.patch 1970-01-01 02:00:00.0 +0200 +++ libjackson-json-java-1.9.13/debian/patches/0001-fixed-234.patch 2020-09-18 19:10:06.0 +0300 @@ -0,0 +1,113 @@ +From 8404cf0b1fb700e5a179abd71137f3057846b80f Mon Sep 17 00:00:00 2001 +From: cowtowncoder +Date: Tue, 13 Aug 2013 04:26:38 + +Subject: [PATCH] fixed #234 + +--- + +upstream link: https://github.com/FasterXML/jackson-1/commit/8404cf0b1fb700e5a179abd71137f3057846b80f + +diff --git a/src/mapper/java/org/codehaus/jackson/map/ser/std/MapSerializer.java b/src/mapper/java/org/codehaus/jackson/map/ser/std/MapSerializer.java +index c2c447cb..041da2f4 100644 +--- a/src/mapper/java/org/codehaus/jackson/map/ser/std/MapSerializer.java b/src/mapper/java/org/codehaus/jackson/map/ser/std/MapSerializer.java +@@ -344,7 +344,11 @@ public class MapSerializer + if (cc == prevValueClass) { + currSerializer = prevValueSerializer; + } else { +-currSerializer = provider.findValueSerializer(cc, _property); ++if (_valueType.hasGenericTypes()) { ++currSerializer = provider.findValueSerializer(provider.constructSpecializedType(_valueType, cc), _property); ++} else { ++currSerializer = provider.findValueSerializer(cc, _property); ++} + prevValueSerializer = currSerializer; + prevValueClass = cc; + } +@@ -417,6 +421,5 @@ public class MapSerializer + } + return result.serializer; + } +- + } + +diff --git a/src/test/org/codehaus/jackson/map/jsontype/TestDefaultForMaps.java b/src/test/org/codehaus/jackson/map/jsontype/TestDefaultForMaps.java +index 15be85e4..97741a35 100644 +--- a/src/test/org/codehaus/jackson/map/jsontype/TestDefaultForMaps.java b/src/test/org/codehaus/jackson/map/jsontype/TestDefaultForMaps.java +@@ -39,6 +39,33 @@ public class TestDefaultForMaps + public Map> map; + } + ++// // For #234 ++ ++static class ItemList { ++public String value; ++public List childItems = new LinkedList(); ++ ++public void addChildItem(ItemList l) { childItems.add(l); } ++} ++ ++static clas
Bug#1003827: buster-pu: package wireshark/2.6.20-0+deb10u3
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * CVE-2021-22207: Excessive memory consumption in the MS-WSP dissector. (Closes: #987853) * CVE-2021-22235: Crash in the DNP dissector. * CVE-2021-39921: NULL pointer exception in the Modbus dissector. * CVE-2021-39922: Buffer overflow in the C12.22 dissector. * CVE-2021-39923: Large loop in the PNRP dissector. * CVE-2021-39924: Large loop in the Bluetooth DHT dissector. * CVE-2021-39928: NULL pointer exception in the IEEE 802.11 dissector. * CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector. diff -Nru wireshark-2.6.20/debian/changelog wireshark-2.6.20/debian/changelog --- wireshark-2.6.20/debian/changelog 2021-12-09 15:35:23.0 +0200 +++ wireshark-2.6.20/debian/changelog 2022-01-16 14:46:43.0 +0200 @@ -1,3 +1,18 @@ +wireshark (2.6.20-0+deb10u3) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2021-22207: Excessive memory consumption in the MS-WSP dissector. +(Closes: #987853) + * CVE-2021-22235: Crash in the DNP dissector. + * CVE-2021-39921: NULL pointer exception in the Modbus dissector. + * CVE-2021-39922: Buffer overflow in the C12.22 dissector. + * CVE-2021-39923: Large loop in the PNRP dissector. + * CVE-2021-39924: Large loop in the Bluetooth DHT dissector. + * CVE-2021-39928: NULL pointer exception in the IEEE 802.11 dissector. + * CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector. + + -- Adrian Bunk Sun, 16 Jan 2022 14:46:43 +0200 + wireshark (2.6.20-0+deb10u2) buster-security; urgency=medium * debian/watch: Get upstream releases from gitlab diff -Nru wireshark-2.6.20/debian/patches/0001-MS-WSP-Don-t-allocate-huge-amounts-of-memory.patch wireshark-2.6.20/debian/patches/0001-MS-WSP-Don-t-allocate-huge-amounts-of-memory.patch --- wireshark-2.6.20/debian/patches/0001-MS-WSP-Don-t-allocate-huge-amounts-of-memory.patch 1970-01-01 02:00:00.0 +0200 +++ wireshark-2.6.20/debian/patches/0001-MS-WSP-Don-t-allocate-huge-amounts-of-memory.patch 2022-01-16 14:46:43.0 +0200 @@ -0,0 +1,70 @@ +From 8747a91cccb52f916a20e1d772dd58751a87ad0e Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Mon, 19 Apr 2021 10:39:01 -0700 +Subject: MS-WSP: Don't allocate huge amounts of memory. + +Add a couple of memory allocation sanity checks, one of which +fixes #17331. +--- + epan/dissectors/packet-mswsp.c | 18 +- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c +index 295192a0ab..e6600e06b4 100644 +--- a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c +@@ -313,8 +313,10 @@ struct CTableColumn { + guint16 lengthoffset; + char name[PROP_LENGTH]; + }; +-/* minimum size in bytes on the wire CTableColumn can be */ ++/* Minimum size in bytes on the wire CTableColumn can be */ + #define MIN_CTABLECOL_SIZE 32 ++/* Maximum sane size in bytes on the wire CTableColumn can be. Arbitrary. */ ++#define MAX_CTABLECOL_SIZE 5000 + + /* 2.2.3.10 */ + +@@ -3970,6 +3972,8 @@ static int vvalue_tvb_lpwstr(tvbuff_t *tvb, int offset, void *val) + return 4 + vvalue_tvb_lpwstr_len(tvb, offset + 4, 0, val); + } + ++/* Maximum sane vector size. Arbitrary. */ ++#define MAX_VT_VECTOR_SIZE 5000 + static int vvalue_tvb_vector_internal(tvbuff_t *tvb, int offset, struct vt_vector *val, struct vtype_data *type, guint num) + { + const int offset_in = offset; +@@ -3984,18 +3988,14 @@ static int vvalue_tvb_vector_internal(tvbuff_t *tvb, int offset, struct vt_vecto +* here, before making a possibly-doomed attempt to allocate +* memory for it. +* +- * First, check for an overflow. ++ * First, check for sane values. +*/ +- if ((guint64)elsize * (guint64)num > G_MAXUINT) { +- /* +- * We never have more than G_MAXUINT bytes in a tvbuff, +- * so this will *definitely* fail. +- */ ++ if (num > MAX_VT_VECTOR_SIZE) { + THROW(ReportedBoundsError); + } + + /* +- * No overflow; now make sure we at least have that data. ++ * No huge numbers from the wire; now make sure we at least have that data. +*/ + tvb_ensure_bytes_exist(tvb, offset, elsize * num); + +@@ -5851,7 +5851,7 @@ static int dissect_CPMSetBindings(tvbuff_t *tvb, packet_info *pinfo, proto_tree + + /* Sanity check size value */ + column_size = num*MIN_CTABLECOL_SIZE; +- if (column_size > tvb_reported_length_remaining(tvb, offset)) ++ if (num > MAX_CTABLECOL_SIZE || column_size > tvb_reported_length_remaining(tvb, offset)) + { + expert_add_info(pinfo, ti, &ei_mswsp_msg_cpmsetbinding_ccolumns); + return tvb_reported_l
Bug#1003841: buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * CVE-2020-25693: Fix multiple heap buffer overflows. (Closes: #973770) This is a headers-only library, the only user in buster needs to be rebuilt: nmu beads_1.1.18+dfsg-3 . ANY . buster . 'Rebuild with cimg-dev 2.4.5+dfsg-1+deb10u1' dw beads_1.1.18+dfsg-3 . ANY . buster . -m 'cimg-dev (>= 2.4.5+dfsg-1+deb10u1)' diff -Nru cimg-2.4.5+dfsg/debian/changelog cimg-2.4.5+dfsg/debian/changelog --- cimg-2.4.5+dfsg/debian/changelog2019-01-30 12:43:23.0 +0200 +++ cimg-2.4.5+dfsg/debian/changelog2022-01-16 16:24:14.0 +0200 @@ -1,3 +1,11 @@ +cimg (2.4.5+dfsg-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-25693: Fix multiple heap buffer overflows. +(Closes: #973770) + + -- Adrian Bunk Sun, 16 Jan 2022 16:24:14 +0200 + cimg (2.4.5+dfsg-1) unstable; urgency=medium [ Jelmer Vernooij ] diff -Nru cimg-2.4.5+dfsg/debian/patches/0001-Fix-multiple-heap-buffer-overflows.patch cimg-2.4.5+dfsg/debian/patches/0001-Fix-multiple-heap-buffer-overflows.patch --- cimg-2.4.5+dfsg/debian/patches/0001-Fix-multiple-heap-buffer-overflows.patch 1970-01-01 02:00:00.0 +0200 +++ cimg-2.4.5+dfsg/debian/patches/0001-Fix-multiple-heap-buffer-overflows.patch 2022-01-16 16:24:14.0 +0200 @@ -0,0 +1,184 @@ +From d21c5afc86536154bacab02decc38ead2c77189f Mon Sep 17 00:00:00 2001 +From: Kai Dietrich +Date: Thu, 22 Oct 2020 08:16:07 +0200 +Subject: Fix multiple heap buffer overflows + +The size calculation pattern (size_t)size_x*size_y*size_z*size_c can +overflow the resulting size_t. Especially on 32bit size_t platforms this +is trivial and can be achieved using a simple PNM image, e.g. the +following ASCII PNM would allocate only 6 byte and result in a trivial +arbitrary heap write: +P3 +2147483649 2 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +255 +... +--- + CImg.h | 47 ++- + 1 file changed, 34 insertions(+), 13 deletions(-) + +diff --git a/CImg.h b/CImg.h +index 20f1fc6..62be2ce 100644 +--- a/CImg.h b/CImg.h +@@ -11459,6 +11459,27 @@ namespace cimg_library_suffixed { + **/ + CImg():_width(0),_height(0),_depth(0),_spectrum(0),_is_shared(false),_data(0) {} + ++size_t _safe_size(const unsigned int size_x, const unsigned int size_y, ++ const unsigned int size_z, const unsigned int size_c) const ++{ ++const unsigned int dim[4] = {size_x, size_y, size_z, size_c}; ++size_t size = 1; ++int overflows = 0; ++for (int d = 0; d < sizeof(dim)/sizeof(dim[0]); d++) { ++if (dim[d]>1 && size*dim[d] <= size) { overflows++; } ++size *= dim[d]; ++} ++if (sizeof(T)>1 && size*sizeof(T) <= size) { overflows++; } ++if (overflows != 0) { ++throw CImgArgumentException(_cimg_instance ++"_safe_size(): Invalid size - size_t overflow" ++"(%u,%u,%u,%u).", ++cimg_instance, ++size_x, size_y, size_z, size_c); ++} ++return size; ++} ++ + //! Construct image with specified size. + /** +\param size_x Image width(). +@@ -11485,7 +11506,7 @@ namespace cimg_library_suffixed { + explicit CImg(const unsigned int size_x, const unsigned int size_y=1, + const unsigned int size_z=1, const unsigned int size_c=1): + _is_shared(false) { +- size_t siz = (size_t)size_x*size_y*size_z*size_c; ++ size_t siz = _safe_size(size_x,size_y,size_z,size_c); + if (siz) { + _width = size_x; _height = size_y; _depth = size_z; _spectrum = size_c; + try { _data = new T[siz]; } catch (...) { +@@ -11517,7 +11538,7 @@ namespace cimg_library_suffixed { + CImg(const unsigned int size_x, const unsigned int size_y, + const unsigned int size_z, const unsigned int size_c, const T& value): + _is_shared(false) { +- const size_t siz = (size_t)size_x*size_y*size_z*size_c; ++ const size_t siz = _safe_size(size_x,size_y,size_z,size_c); + if (siz) { + _width = size_x; _height = size_y; _depth = size_z; _spectrum = size_c; + try { _data = new T[siz]; } catch (...) { +@@ -11578,7 +11599,7 @@ namespace cimg_library_suffixed { + } \ + } + assign(size_x,size_y,size_z,size_c); +- _CImg_stdarg(*this,value0,value1,(size_t)size_x*size_y*size_z*size_c,int); ++ _CImg_stdarg(*this,value0,value1,_safe_size(size_x,size_y,size_z,size_c),int); + } + + #if cimg_use_cpp11==1 +@@ -11707,7 +11728,7 @@ namespace cimg_library_suffixed { + const double value0, const double value1, ...): + _width(0),_height(0),_depth(0),_spectrum(0),_is_shared(false),_data(0) { + assign(size_x,s
Bug#1003842: buster-pu: package flac/1.3.2-3+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu * CVE-2020-0499: Out of bounds read due to a heap buffer overflow. (Closes: #977764) diff -Nru flac-1.3.2/debian/changelog flac-1.3.2/debian/changelog --- flac-1.3.2/debian/changelog 2018-05-16 22:35:01.0 +0300 +++ flac-1.3.2/debian/changelog 2022-01-16 20:54:01.0 +0200 @@ -1,3 +1,11 @@ +flac (1.3.2-3+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-0499: Out of bounds read due to a heap buffer overflow. +(Closes: #977764) + + -- Adrian Bunk Sun, 16 Jan 2022 20:54:01 +0200 + flac (1.3.2-3) unstable; urgency=medium * Use my debian account in Uploaders field and diff -Nru flac-1.3.2/debian/patches/0001-libFLAC-bitreader.c-Fix-out-of-bounds-read.patch flac-1.3.2/debian/patches/0001-libFLAC-bitreader.c-Fix-out-of-bounds-read.patch --- flac-1.3.2/debian/patches/0001-libFLAC-bitreader.c-Fix-out-of-bounds-read.patch 1970-01-01 02:00:00.0 +0200 +++ flac-1.3.2/debian/patches/0001-libFLAC-bitreader.c-Fix-out-of-bounds-read.patch 2022-01-16 20:53:21.0 +0200 @@ -0,0 +1,28 @@ +From 2b3dcc9e6c3fcba41fd1fb795e43419c22e03eb5 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Mon, 7 Oct 2019 12:55:58 +1100 +Subject: libFLAC/bitreader.c: Fix out-of-bounds read + +Credit: Oss-Fuzz +Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069 +Testcase: fuzzer_decoder-5670265022840832 +--- + src/libFLAC/bitreader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c +index ab62d414..8969714e 100644 +--- a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c +@@ -859,7 +859,7 @@ incomplete_lsbs: + cwords = br->consumed_words; + words = br->words; + ucbits = FLAC__BITS_PER_WORD - br->consumed_bits; +- b = br->buffer[cwords] << br->consumed_bits; ++ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0; + } while(cwords >= words && val < end); + } + +-- +2.20.1 + diff -Nru flac-1.3.2/debian/patches/series flac-1.3.2/debian/patches/series --- flac-1.3.2/debian/patches/series2018-05-16 21:55:07.0 +0300 +++ flac-1.3.2/debian/patches/series2022-01-16 20:53:49.0 +0200 @@ -4,3 +4,4 @@ 0050-stream_decoder.c-Fix-a-memory-leak.patch 0051-metaflac-Fix-a-memory-leak.patch 0001-remove-build-path-from-generated-FLAC.tag-file.patch +0001-libFLAC-bitreader.c-Fix-out-of-bounds-read.patch
Bug#1004247: bullseye-pu: package weechat/3.0-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) diff -Nru weechat-3.0/debian/changelog weechat-3.0/debian/changelog --- weechat-3.0/debian/changelog2020-11-21 09:34:12.0 +0200 +++ weechat-3.0/debian/changelog2022-01-23 16:29:14.0 +0200 @@ -1,3 +1,11 @@ +weechat (3.0-1+deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * CVE-2021-40516: A crafted WebSocket frame could result in a crash +in the Relay plugin. (Closes: #993803) + + -- Adrian Bunk Sun, 23 Jan 2022 16:29:14 +0200 + weechat (3.0-1) unstable; urgency=medium * New upstream release diff -Nru weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch --- weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch 2022-01-23 16:29:14.0 +0200 @@ -0,0 +1,64 @@ +From ede4582879f31cc29be54fdcdf8bc168dc7ea6e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Sat, 4 Sep 2021 23:09:19 +0200 +Subject: relay: fix crash when decoding a malformed websocket frame + +--- + src/plugins/relay/relay-websocket.c | 16 +++- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/relay/relay-websocket.c b/src/plugins/relay/relay-websocket.c +index e3b768d0a..789f67e20 100644 +--- a/src/plugins/relay/relay-websocket.c b/src/plugins/relay/relay-websocket.c +@@ -278,7 +278,7 @@ relay_websocket_decode_frame (const unsigned char *buffer, + index_buffer = 0; + + /* loop to decode all frames in message */ +-while (index_buffer + 2 <= buffer_length) ++while (index_buffer + 1 < buffer_length) + { + opcode = buffer[index_buffer] & 15; + +@@ -293,10 +293,12 @@ relay_websocket_decode_frame (const unsigned char *buffer, + length_frame_size = 1; + length_frame = buffer[index_buffer + 1] & 127; + index_buffer += 2; ++if (index_buffer >= buffer_length) ++return 0; + if ((length_frame == 126) || (length_frame == 127)) + { + length_frame_size = (length_frame == 126) ? 2 : 8; +-if (buffer_length < 1 + length_frame_size) ++if (index_buffer + length_frame_size > buffer_length) + return 0; + length_frame = 0; + for (i = 0; i < length_frame_size; i++) +@@ -306,10 +308,9 @@ relay_websocket_decode_frame (const unsigned char *buffer, + index_buffer += length_frame_size; + } + +-if (buffer_length < 1 + length_frame_size + 4 + length_frame) +-return 0; +- + /* read masks (4 bytes) */ ++if (index_buffer + 4 > buffer_length) ++return 0; + int masks[4]; + for (i = 0; i < 4; i++) + { +@@ -333,6 +334,11 @@ relay_websocket_decode_frame (const unsigned char *buffer, + *decoded_length += 1; + + /* decode data using masks */ ++if ((length_frame > buffer_length) ++|| (index_buffer + length_frame > buffer_length)) ++{ ++return 0; ++} + for (i = 0; i < length_frame; i++) + { + decoded[*decoded_length + i] = (int)((unsigned char)buffer[index_buffer + i]) ^ masks[i % 4]; +-- +2.20.1 + diff -Nru weechat-3.0/debian/patches/series weechat-3.0/debian/patches/series --- weechat-3.0/debian/patches/series 2020-04-04 12:31:17.0 +0300 +++ weechat-3.0/debian/patches/series 2022-01-23 16:29:14.0 +0200 @@ -1 +1,2 @@ 01_fix_asciidoctor_options.patch +0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
Bug#1004249: buster-pu: package weechat/2.3-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org * CVE-2020-8955: A crafted irc message 324 (channel mode) could result in a crash. (Closes: #951289) * CVE-2020-9759: A crafted irc message 352 (who) could result in a crash. * CVE-2020-9760: A crafted irc message 005 (setting a new mode for a nick) could result in a crash. * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) diff -Nru weechat-2.3/debian/changelog weechat-2.3/debian/changelog --- weechat-2.3/debian/changelog2019-01-04 18:06:44.0 +0200 +++ weechat-2.3/debian/changelog2022-01-23 16:02:29.0 +0200 @@ -1,3 +1,17 @@ +weechat (2.3-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-8955: A crafted irc message 324 (channel mode) could +result in a crash. (Closes: #951289) + * CVE-2020-9759: A crafted irc message 352 (who) could result +in a crash. + * CVE-2020-9760: A crafted irc message 005 (setting a new mode +for a nick) could result in a crash. + * CVE-2021-40516: A crafted WebSocket frame could result in a crash +in the Relay plugin. (Closes: #993803) + + -- Adrian Bunk Sun, 23 Jan 2022 16:02:29 +0200 + weechat (2.3-1) unstable; urgency=medium * New upstream release diff -Nru weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch --- weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch 2022-01-23 16:00:54.0 +0200 @@ -0,0 +1,47 @@ +From db4ffe7ccf4b0654cca6993ecaecd5b86070c658 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Sat, 8 Feb 2020 20:24:50 +0100 +Subject: irc: fix crash when receiving a malformed message 324 (channel mode) + +Thanks to Stuart Nevans Locke for reporting the issue. +--- + src/plugins/irc/irc-mode.c | 21 - + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +index b5d525c6c..5381bfda6 100644 +--- a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +@@ -177,17 +177,20 @@ irc_mode_channel_update (struct t_irc_server *server, + current_arg++; + if (pos[0] == chanmode) + { +-chanmode_found = 1; +-if (set_flag == '+') ++if (!chanmode_found) + { +-str_mode[0] = pos[0]; +-str_mode[1] = '\0'; +-strcat (new_modes, str_mode); +-if (argument) ++chanmode_found = 1; ++if (set_flag == '+') + { +-if (new_args[0]) +-strcat (new_args, " "); +-strcat (new_args, argument); ++str_mode[0] = pos[0]; ++str_mode[1] = '\0'; ++strcat (new_modes, str_mode); ++if (argument) ++{ ++if (new_args[0]) ++strcat (new_args, " "); ++strcat (new_args, argument); ++} + } + } + } +-- +2.20.1 + diff -Nru weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch --- weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch 2022-01-23 16:00:54.0 +0200 @@ -0,0 +1,26 @@ +From 43a8cb9a3b9d8202465fc2b91ff36e7fe51f0a74 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Fri, 14 Feb 2020 08:14:31 +0100 +Subject: irc: fix crash when receiving a malformed message 352 (who) + +Thanks to Stuart Nevans Locke for reporting the issue. +--- + src/plugins/irc/irc-protocol.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c +index fb7ba870a..6bfbd5240 100644 +--- a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c +@@ -4521,7 +4521,7 @@ IRC_PROTOCOL_CALLBACK(352) + +
Bug#1004056: buster-pu: package libsdl1.2/1.2.15+dfsg2-4+deb10u1
On Wed, Jan 19, 2022 at 10:53:23PM +, Thorsten Alteholz wrote: >... > +libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium > + > + * Non-maintainer upload by the LTS Team. > + * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble > +in audio/SDL_wave.c. > + * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode > +in audio/SDL_wave.c. > + * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode > +in audio/SDL_wave.c. > + * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW > +in audio/SDL_wave.c. > + * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7635: Heap-based buffer over-read in Blit1to4 > +in video/SDL_blit_1.c. > + * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB > +in video/SDL_pixels.c. > + * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect > +in video/SDL_surface.c. > + * CVE-2019-7638: Heap-based buffer over-read in Map1toN > +in video/SDL_pixels.c. > + * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN > +in video/SDL_blit_N.c. > +(patches prepared for LTS by Adrian Bunk) > + > + -- Thorsten Alteholz Wed, 19 Jan 2022 23:03:02 +0100 >... I'd suggest backporting the bullseye/bookworm/sid version instead. Additional changes are: * One patch has a different name. [ Debian Janitor ] * Trim trailing whitespace. * Re-export upstream signing key without extra signatures. [ Maximilian Engelhardt ] * SDL_x11events.c: properly handle input focus events (Closes: #980253) #980253 is a regression due to a change in the X server in buster, so desirable to include. Everything else is just harmless noise. The only open bug in the BTS against a post-buster version is #981204 ("drop unused Build-Depends"). diffstat compared to buster: changelog | 26 ++ control|2 patches/CVE-2019-13616.patch | 22 ++ patches/CVE-2019-7572_CVE-2019-7574.patch | 105 ++ patches/CVE-2019-7573.patch| 66 ++ patches/CVE-2019-7575_7577.patch | 78 +++ patches/CVE-2019-7577-1_2.patch| 32 +++ patches/CVE-2019-7578.patch| 53 + patches/CVE-2019-7635_636_638.patch| 81 patches/CVE-2019-7637-2.patch | 46 patches/CVE-2019-7637.patch| 207 + patches/properly_handle_focus_events.patch | 44 patches/series | 10 + upstream/signing-key.asc | 57 + 14 files changed, 781 insertions(+), 48 deletions(-) diffstat compared to your proposed update: changelog | 51 -- control|2 patches/CVE-2019-7637-2.patch | 46 patches/CVE-2019-7637-followup.patch | 37 - patches/properly_handle_focus_events.patch | 44 patches/series |5 - upstream/signing-key.asc | 57 +++-- 7 files changed, 126 insertions(+), 116 deletions(-) Both debdiffs are attached. cu Adrian diff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog libsdl1.2-1.2.15+dfsg2/debian/changelog --- libsdl1.2-1.2.15+dfsg2/debian/changelog 2022-01-20 00:03:02.0 +0200 +++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2021-02-18 09:52:57.0 +0200 @@ -1,33 +1,28 @@ -libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium +libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium - * Non-maintainer upload by the LTS Team. - * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble -in audio/SDL_wave.c. - * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode -in audio/SDL_wave.c. - * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode -in audio/SDL_wave.c. - * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW -in audio/SDL_wave.c. - * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7635: Heap-based buffer over-read in Blit1to4 -in video/SDL_blit_1.c. - * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB -in video/SDL_pixels.c. - * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect -in video/SDL_surface.c. - * CVE-2019-7638: Heap-based buffer over-read in Map1toN -in video/SDL_p
Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Debian OpenSC Maintainers , t...@security.debian.org * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. (Closes: #939668) * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. (Closes: #939669) * CVE-2019-19479: Incorrect read operation in the Setec driver. (Closes: #947383) * CVE-2019-20792: Double free in the Coolkey driver. * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. (Closes: #972037) * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. (Closes: #972036) * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. (Closes: #972035) diff -Nru opensc-0.19.0/debian/changelog opensc-0.19.0/debian/changelog --- opensc-0.19.0/debian/changelog 2018-09-30 23:26:03.0 +0300 +++ opensc-0.19.0/debian/changelog 2022-01-23 19:32:38.0 +0200 @@ -1,3 +1,22 @@ +opensc (0.19.0-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. +(Closes: #939668) + * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. +(Closes: #939669) + * CVE-2019-19479: Incorrect read operation in the Setec driver. +(Closes: #947383) + * CVE-2019-20792: Double free in the Coolkey driver. + * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. +(Closes: #972037) + * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. +(Closes: #972036) + * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. +(Closes: #972035) + + -- Adrian Bunk Sun, 23 Jan 2022 19:32:38 +0200 + opensc (0.19.0-1) unstable; urgency=medium * New upstream release (Closes: 908363, 909444) diff -Nru opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch --- opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch 1970-01-01 02:00:00.0 +0200 +++ opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch 2022-01-23 19:32:38.0 +0200 @@ -0,0 +1,42 @@ +From 0509b2f61ca948312a15d18712a130f7bffd512e Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 27 Aug 2019 15:17:17 +0200 +Subject: fixed out of bounds access of ASN.1 Bitstring + +Credit to OSS-Fuzz +--- + src/libopensc/asn1.c | 12 + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c +index 3262ed80..fd972238 100644 +--- a/src/libopensc/asn1.c b/src/libopensc/asn1.c +@@ -570,16 +570,20 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, + { + const u8 *in = inbuf; + u8 *out = (u8 *) outbuf; +- int zero_bits = *in & 0x07; +- size_t octets_left = inlen - 1; + int i, count = 0; ++ int zero_bits; ++ size_t octets_left; + +- memset(outbuf, 0, outlen); +- in++; + if (outlen < octets_left) + return SC_ERROR_BUFFER_TOO_SMALL; + if (inlen < 1) + return SC_ERROR_INVALID_ASN1_OBJECT; ++ ++ zero_bits = *in & 0x07; ++ octets_left = inlen - 1; ++ in++; ++ memset(outbuf, 0, outlen); ++ + while (octets_left) { + /* 1st octet of input: ABCDEFGH, where A is the MSB */ + /* 1st octet of output: HGFEDCBA, where A is the LSB */ +-- +2.20.1 + diff -Nru opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch --- opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch 1970-01-01 02:00:00.0 +0200 +++ opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch 2022-01-23 19:32:38.0 +0200 @@ -0,0 +1,36 @@ +From 28869a7bd4fd928b498638fff27b76b56e58f4d6 Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 27 Aug 2019 15:27:15 +0200 +Subject: fixed compiler warning + +--- + src/libopensc/asn1.c | 9 - + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c +index fd972238..10572292 100644 +--- a/src/libopensc/asn1.c b/src/libopensc/asn1.c +@@ -574,15 +574,14 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, + int zero_bits; + size_t octets_left; + +- if (outlen < octets_left) +- return SC_ERROR_BUFFER_TOO_SMALL; + if (inlen < 1) + return SC_ERROR_INVALID_ASN1_OBJECT; +- ++ memset(outbuf, 0, outlen); + zero_bits = *in & 0x07; +- octets_left = inlen - 1; + in++; +- memset(outbuf, 0, outlen); ++ octets_left = inlen - 1; ++ if (outlen < octets_left) ++ return SC_ERROR_BUFFER_
Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Michael Biebl , t...@security.debian.org * CVE-2019-17041: Heap overflow in the AIX message parser. (Closes: #942067) * CVE-2019-17042: Heap overflow in the Cisco log message parser. (Closes: #942065) diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog --- rsyslog-8.1901.0/debian/changelog 2019-02-26 19:43:39.0 +0200 +++ rsyslog-8.1901.0/debian/changelog 2022-01-23 20:27:01.0 +0200 @@ -1,3 +1,13 @@ +rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-17041: Heap overflow in the AIX message parser. +(Closes: #942067) + * CVE-2019-17042: Heap overflow in the Cisco log message parser. +(Closes: #942065) + + -- Adrian Bunk Sun, 23 Jan 2022 20:27:01 +0200 + rsyslog (8.1901.0-1) unstable; urgency=medium * New upstream version 8.1901.0 diff -Nru rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch --- rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.0 +0200 +++ rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.0 +0200 @@ -0,0 +1,39 @@ +From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Fri, 27 Sep 2019 13:36:02 +0200 +Subject: pmaixforwardedfrom bugfix: potential misadressing + +--- + contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +index 37157c7d4..ebf12ebbe 100644 +--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +@@ -109,6 +109,10 @@ CODESTARTparse + /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from + " or "From " with the hostname */ + lenMsg -=skipLen; ++ if(lenMsg < 2) { ++ dbgprintf("not a AIX message forwarded from message has nothing after header\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + memmove(p2parse, p2parse + skipLen, lenMsg); + *(p2parse + lenMsg) = '\n'; + *(p2parse + lenMsg + 1) = '\0'; +@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */ + --lenMsg; + ++p2parse; + } ++ if (lenMsg < 1) { ++ dbgprintf("not a AIX message forwarded from message has nothing after colon " ++ "or no colon at all\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + if (lenMsg && *p2parse != ':') { + DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has " + "been removed\n"); +-- +2.20.1 + diff -Nru rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch --- rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.0 +0200 +++ rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.0 +0200 @@ -0,0 +1,37 @@ +From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Fri, 27 Sep 2019 15:02:52 +0200 +Subject: pmcisconames bugfix: potential misadressing + +--- + contrib/pmcisconames/pmcisconames.c | 7 ++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c +index 7f376ad17..39506ce59 100644 +--- a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c +@@ -119,6 +119,11 @@ CODESTARTparse + --lenMsg; + ++p2parse; + } ++ /* Note: we deliberately count the 0-byte below because we need to go chars+1! */ ++ if(lenMsg < (int) sizeof(OpeningText)) { ++ dbgprintf("pmcisconames: too short for being cisco messages\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + /* skip the space after the hostname */ + lenMsg -=1; + p2parse +=1; +@@ -126,7 +131,7 @@ CODESTARTparse + log and fix it */ + if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) { + /* wrong opening text */ +- DBGPRINTF("not a cisco name mangled log!\n"); ++ DBGPRINTF("
Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Romain Francoise , t...@security.debian.org * CVE-2019-15165: Improper PHB header length validation. (Closes: #941697) diff -Nru libpcap-1.8.1/debian/changelog libpcap-1.8.1/debian/changelog --- libpcap-1.8.1/debian/changelog 2017-12-31 17:56:33.0 +0200 +++ libpcap-1.8.1/debian/changelog 2022-01-23 23:00:19.0 +0200 @@ -1,3 +1,11 @@ +libpcap (1.8.1-6+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15165: Improper PHB header length validation. +(Closes: #941697) + + -- Adrian Bunk Sun, 23 Jan 2022 23:00:19 +0200 + libpcap (1.8.1-6) unstable; urgency=medium * debian/watch: add pgpsigurlmangle option. diff -Nru libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch --- libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch 1970-01-01 02:00:00.0 +0200 +++ libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch 2022-01-23 23:00:07.0 +0200 @@ -0,0 +1,53 @@ +From 7ef51510ab5b337cb8b34e1dbe9c9a64fc2c20b9 Mon Sep 17 00:00:00 2001 +From: Michael Richardson +Date: Fri, 20 Sep 2019 11:02:00 -0400 +Subject: do sanity checks on PHB header length before allocating memory. There + was no fault; but doing the check results in a more consistent error + +--- + sf-pcap-ng.c | 13 - + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c +index 0c02829e..860487b7 100644 +--- a/sf-pcap-ng.c b/sf-pcap-ng.c +@@ -102,7 +102,7 @@ struct option_header { + * Section Header Block. + */ + #define BT_SHB0x0A0D0D0A +- ++#define BT_SHB_INSANE_MAX 1024U*1024U*1U /* 1MB should be enough */ + struct section_header_block { + bpf_u_int32 byte_order_magic; + u_short major_version; +@@ -247,7 +247,7 @@ read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int fail_on_eof, + if (amt_read == 0 && !fail_on_eof) + return (0); /* EOF */ + pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, +- "truncated dump file; tried to read %lu bytes, only got %lu", ++ "truncated pcap-ng dump file; tried to read %lu bytes, only got %lu", + (unsigned long)bytes_to_read, + (unsigned long)amt_read); + } +@@ -798,11 +798,14 @@ pcap_ng_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf, + /* +* Check the sanity of the total length. +*/ +- if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)) { ++ if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer) || ++(total_length > BT_SHB_INSANE_MAX)) { + pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, +- "Section Header Block in pcap-ng dump file has a length of %u < %lu", ++ "Section Header Block in pcap-ng dump file has invalid length %lu < _%u_ < %u (BT_SHB_INSANE_MAX)", ++ (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)), + total_length, +- (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer))); ++ BT_SHB_INSANE_MAX); ++ + *err = 1; + return (NULL); + } +-- +2.20.1 + diff -Nru libpcap-1.8.1/debian/patches/series libpcap-1.8.1/debian/patches/series --- libpcap-1.8.1/debian/patches/series 2017-12-31 17:31:01.0 +0200 +++ libpcap-1.8.1/debian/patches/series 2022-01-23 23:00:17.0 +0200 @@ -8,3 +8,4 @@ disable-remote.diff man-errors.diff pcap-config.diff +0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
Bug#1004268: buster-pu: package libextractor/1:1.8-2+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Daniel Baumann , t...@security.debian.org * CVE-2019-15531: Invalid read for malformed DVI files. (Closes: #935553) diff -Nru libextractor-1.8/debian/changelog libextractor-1.8/debian/changelog --- libextractor-1.8/debian/changelog 2018-12-27 20:45:49.0 +0200 +++ libextractor-1.8/debian/changelog 2022-01-23 23:10:06.0 +0200 @@ -1,3 +1,11 @@ +libextractor (1:1.8-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15531: Invalid read for malformed DVI files. +(Closes: #935553) + + -- Adrian Bunk Sun, 23 Jan 2022 23:10:06 +0200 + libextractor (1:1.8-2) unstable; urgency=high * Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214, diff -Nru libextractor-1.8/debian/patches/0001-fix-5846.patch libextractor-1.8/debian/patches/0001-fix-5846.patch --- libextractor-1.8/debian/patches/0001-fix-5846.patch 1970-01-01 02:00:00.0 +0200 +++ libextractor-1.8/debian/patches/0001-fix-5846.patch 2022-01-23 23:09:09.0 +0200 @@ -0,0 +1,181 @@ +From aad7a7857b815175e70e2270115a3c8cb0445765 Mon Sep 17 00:00:00 2001 +From: Christian Grothoff +Date: Fri, 23 Aug 2019 09:35:53 +0200 +Subject: fix #5846 + +--- + src/plugins/dvi_extractor.c | 88 +++-- + 1 file changed, 45 insertions(+), 43 deletions(-) + +diff --git a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c +index 268b48c..e3aa450 100644 +--- a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c +@@ -1,6 +1,6 @@ + /* + This file is part of libextractor. +- Copyright (C) 2002, 2003, 2004, 2012, 2017 Vidyut Samanta and Christian Grothoff ++ Copyright (C) 2002, 2003, 2004, 2012, 2017, 2019 Vidyut Samanta and Christian Grothoff + + libextractor is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published +@@ -182,6 +182,8 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + size = ec->get_size (ec->cls); + if (size > 16 * 1024 * 1024) + return; /* too large */ ++ if (klen + 15 > size) ++return; /* malformed klen */ + if (NULL == (data = malloc ((size_t) size))) + return; /* out of memory */ + memcpy (data, buf, iret); +@@ -189,16 +191,16 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + while (off < size) + { + if (0 >= (iret = ec->read (ec->cls, &buf, 16 * 1024))) +- { +-free (data); +-return; +- } ++{ ++ free (data); ++ return; ++} + memcpy (&data[off], buf, iret); + off += iret; + } + pos = size - 1; + while ( (223 == data[pos]) && +-(pos > 0) ) ++ (pos > 0) ) + pos--; + if ( (2 != data[pos]) || +(pos < 40) ) +@@ -225,9 +227,9 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + break; + if ( (pos + 45 > size) || + (pos + 45 < pos) ) +- goto CLEANUP; ++goto CLEANUP; + if (data[pos] != 139) /* expect 'bop' */ +- goto CLEANUP; ++goto CLEANUP; + pageCount++; + opos = pos; + pos = getIntAt (&data[opos + 41]); +@@ -238,24 +240,24 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + } + /* ok, now we believe it's a dvi... */ + snprintf (pages, +- sizeof (pages), +- "%u", +- pageCount); ++sizeof (pages), ++"%u", ++pageCount); + if (0 != ec->proc (ec->cls, +- "dvi", +- EXTRACTOR_METATYPE_PAGE_COUNT, +- EXTRACTOR_METAFORMAT_UTF8, +- "text/plain", +- pages, +- strlen (pages) + 1)) ++ "dvi", ++ EXTRACTOR_METATYPE_PAGE_COUNT, ++ EXTRACTOR_METAFORMAT_UTF8, ++ "text/plain", ++ pages, ++ strlen (pages) + 1)) + goto CLEANUP; + if (0 != ec->proc (ec->cls, +- "dvi", +- EXTRACTOR_METATYPE_MIMETYPE, +- EXTRACTOR_METAFORMAT_UTF8, +- "text/plain", +- "application/x-dvi", +- strlen ("application/x-dvi") + 1)) ++ "dvi", ++ EXTRACTOR_METATYPE_MIMETYPE, ++ EXTRACTOR_METAFORMAT_UTF8, ++ "text/plain", ++ "application/x-dvi", ++ strlen ("application/x-dvi") + 1)) + goto CLEANUP; +
Bug#1004056: buster-pu: package libsdl1.2/1.2.15+dfsg2-6~deb10u1
Control: retitle -1 buster-pu: package libsdl1.2/1.2.15+dfsg2-6~deb10u1 Thorsten said on IRC that he is fine with my suggestion. cu Adrian
Bug#1007905: transition: icu
On Sat, Mar 19, 2022 at 12:47:50AM +, Simon McVittie wrote: > On Fri, 18 Mar 2022 at 17:38:43 +0100, László Böszörményi (GCS) wrote: > > At this point I remember only two packages that FTBFS > > with ICU 70.1 and I couldn't fix those. One is mozjs78 and the other > > is 0ad. > > mozjs78 has unit tests that assume the vendored ICU will be used. I'm > trying to adapt them so they'll accept the results given by either 67.1 > or 70.1. >... Is this worth the effort? Given that cjs will hopefully move away from mozjs78 in bookworm so that mozjs78 won't be in bookworm, it might be easiest to just make mozjs78 use the internal ICU. > smcv cu Adrian
Bug#1007905: transition: icu
On Fri, Mar 18, 2022 at 06:05:38PM +, Simon McVittie wrote: > On Fri, 18 Mar 2022 at 17:38:43 +0100, László Böszörményi (GCS) wrote: >... > Obviously all these copies of essentially the same codebase are quite > unfortunate, but mozjs and ICU seem to be sufficiently tightly-coupled > that perhaps using its vendored version of ICU, at least temporarily, > would be wiser than using the system copy? IMHO unblocking GNOME by temporarily making mozjs91 use its vendored version until the ICU transition would be a reasonable approach. > On Fri, 18 Mar 2022 at 18:26:41 +0100, László Böszörményi (GCS) wrote: > > Speak of the devil. ICU 71.1 RC [1] just released. Final is expected > > in April (two-three weeks). Would you two mind if I package it and ask > > for testing of your packages (mozjs91 and nodejs) against it? > > Speaking only for myself, I'm flexible about timings for this; but Ubuntu > has already done the ICU 70.1 transition and is currently using it for > their next LTS release, and 2-3 weeks is probably too late for them to > do another transition before their freeze deadline. Does Ubuntu even care either way? AFAIK both now and in 2-3 weeks is inside their freeze. > smcv cu Adrian
Bug#1008056: buster-pu: package libnet-ssleay-perl/1.85-2.1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Debian Perl Group , Debian OpenSSL Team * Backport upstream fix for test failures with OpenSSL 1.1.1n. (Closes: #1008055) The fix touches only tests and documentation: b/lib/Net/SSLeay.pod|4 - b/t/data/test_CA1_2048.crt.pem | 20 ++ b/t/data/test_CA1_2048.key.pem | 28 b/t/data/testcert_key_2048.pem.e| 30 + b/t/data/testcert_wildcard_CA1_2048.crt.pem | 89 b/t/local/05_passwd_cb.t|2 b/t/local/07_sslecho.t | 52 +--- b/t/local/08_pipe.t |6 - b/t/local/36_verify.t |8 +- b/t/local/40_npn_support.t |4 - b/t/local/41_alpn_support.t |4 - b/t/local/42_info_callback.t|4 - b/t/local/50_digest.t | 24 +-- b/t/local/61_threads-cb-crash.t |2 b/t/local/64_ticket_sharing.t |9 +- t/data/cert.pem | 23 --- t/data/key.pem | 15 t/data/key.pem.e| 17 - 18 files changed, 221 insertions(+), 120 deletions(-)
Bug#1008056: buster-pu: package libnet-ssleay-perl/1.85-2.1
On Mon, Mar 21, 2022 at 05:46:21PM +0200, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: Debian Perl Group > , Debian OpenSSL Team > > > * Backport upstream fix for test failures with OpenSSL 1.1.1n. > (Closes: #1008055) > > The fix touches only tests and documentation: > b/lib/Net/SSLeay.pod|4 - > b/t/data/test_CA1_2048.crt.pem | 20 ++ > b/t/data/test_CA1_2048.key.pem | 28 > b/t/data/testcert_key_2048.pem.e| 30 + > b/t/data/testcert_wildcard_CA1_2048.crt.pem | 89 > > b/t/local/05_passwd_cb.t|2 > b/t/local/07_sslecho.t | 52 +--- > b/t/local/08_pipe.t |6 - > b/t/local/36_verify.t |8 +- > b/t/local/40_npn_support.t |4 - > b/t/local/41_alpn_support.t |4 - > b/t/local/42_info_callback.t|4 - > b/t/local/50_digest.t | 24 +-- > b/t/local/61_threads-cb-crash.t |2 > b/t/local/64_ticket_sharing.t |9 +- > t/data/cert.pem | 23 --- > t/data/key.pem | 15 > t/data/key.pem.e| 17 - > 18 files changed, 221 insertions(+), 120 deletions(-) And here comes the missing attachment with the diff. cu Adrian diff -Nru libnet-ssleay-perl-1.85/debian/changelog libnet-ssleay-perl-1.85/debian/changelog --- libnet-ssleay-perl-1.85/debian/changelog2018-09-02 23:19:51.0 +0300 +++ libnet-ssleay-perl-1.85/debian/changelog2022-03-21 17:36:31.0 +0200 @@ -1,3 +1,11 @@ +libnet-ssleay-perl (1.85-2.1) buster; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for test failures with OpenSSL 1.1.1n. +(Closes: #1008055) + + -- Adrian Bunk Mon, 21 Mar 2022 17:36:31 +0200 + libnet-ssleay-perl (1.85-2) unstable; urgency=medium [ Damyan Ivanov ] diff -Nru libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch --- libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch 1970-01-01 02:00:00.0 +0200 +++ libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch 2022-03-21 17:36:17.0 +0200 @@ -0,0 +1,714 @@ +From d7b8428e7810f5e1729a197a076df0226b509fab Mon Sep 17 00:00:00 2001 +From: Chris Novakovic +Date: Wed, 1 May 2019 10:24:02 +0100 +Subject: Use 2048-bit RSA keys/certificates in tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The test suite makes heavy use of t/data/key.pem and t/data/cert.pem, +which involves the use of 1024-bit RSA keys. Several Linux distributions +now ship with an OpenSSL configuration file that sets the security level +to 2 by default, which forbids the use of keys this short, causing tests +that use them to fail. + +The test suite includes 2048-bit RSA keys and certificates +(t/data/testcert_key_2048.pem and t/data/testcert_wildcard.crt.pem +respectively), which are already in use in some (usually newer) tests. +Retire the 1024-bit keys in favour of the 2048-bit keys: + +* Replace all remaining uses of t/data/key.pem in the test suite with + t/data/testcert_key_2048.pem. +* Create t/data/testcert_key_2048.pem.e (testcert_key_2048.pem encrypted + with AES-256-CBC using the passphrase "secret") and replace all + remaining uses of t/data/key.pem.e in the test suite with + testcert_key_2048.pem.e. +* Replace all remaining uses of t/data/cert.pem in the test suite with + t/data/testcert_wildcard.crt.pem. +* Create 2048-bit CA key at t/data/test_CA1_2048.key.pem and + certificates at t/data/test_CA1_2048.crt.pem and + t/data/testcert_wildcard_CA1_2048.crt.pem, and use them in + t/local/07_sslecho.t and t/local/36_verify.t in place of the 1024-bit + CA keys/certificates. Thanks to Heikki Vatiainen for debugging and + fixing this. +* Remove the digest check for t/data/cert.pem in t/local/50_digest.t + altogether: the same digests for t/data/binary-test.file are already + tested, and it's not clear what benefit another one provides. +* In t/local/07_sslecho.t, don't make assumptions about the chain of + trust for the certificates being used; this breaks the tests when + keys/certificates other than the old 1024-bit ones are used. Thanks to + Heikki Vatiainen for debugging and fixing this. +* Remove references to t/data/key.pem and t/data/cert.pem from t
Bug#1008056: buster-pu: package libnet-ssleay-perl/1.85-2.1
Control: retitle -1 buster-pu: package libnet-ssleay-perl/1.85-2+deb10u1 On Mon, Mar 21, 2022 at 10:02:15PM +0100, Salvatore Bonaccorso wrote: > Hi Adrian, Hi Salvatore, > On Mon, Mar 21, 2022 at 05:55:00PM +0200, Adrian Bunk wrote: > > --- libnet-ssleay-perl-1.85/debian/changelog2018-09-02 > > 23:19:51.0 +0300 > > +++ libnet-ssleay-perl-1.85/debian/changelog2022-03-21 > > 17:36:31.0 +0200 > > @@ -1,3 +1,11 @@ > > +libnet-ssleay-perl (1.85-2.1) buster; urgency=medium > > Minor "nitpick" on the version, but to be consistent I would use > 1.85-2+deb10u1 (as well for avoid a hypotetical existing 1.85-2.1 in a > previous unstable upload). thanks for noticing, updated. > Regards, > Salvatore cu Adrian diff -Nru libnet-ssleay-perl-1.85/debian/changelog libnet-ssleay-perl-1.85/debian/changelog --- libnet-ssleay-perl-1.85/debian/changelog2018-09-02 23:19:51.0 +0300 +++ libnet-ssleay-perl-1.85/debian/changelog2022-03-21 17:36:31.0 +0200 @@ -1,3 +1,11 @@ +libnet-ssleay-perl (1.85-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * Backport upstream fix for test failures with OpenSSL 1.1.1n. +(Closes: #1008055) + + -- Adrian Bunk Mon, 21 Mar 2022 17:36:31 +0200 + libnet-ssleay-perl (1.85-2) unstable; urgency=medium [ Damyan Ivanov ] diff -Nru libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch --- libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch 1970-01-01 02:00:00.0 +0200 +++ libnet-ssleay-perl-1.85/debian/patches/0001-Use-2048-bit-RSA-keys-certificates-in-tests.patch 2022-03-21 17:36:17.0 +0200 @@ -0,0 +1,714 @@ +From d7b8428e7810f5e1729a197a076df0226b509fab Mon Sep 17 00:00:00 2001 +From: Chris Novakovic +Date: Wed, 1 May 2019 10:24:02 +0100 +Subject: Use 2048-bit RSA keys/certificates in tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The test suite makes heavy use of t/data/key.pem and t/data/cert.pem, +which involves the use of 1024-bit RSA keys. Several Linux distributions +now ship with an OpenSSL configuration file that sets the security level +to 2 by default, which forbids the use of keys this short, causing tests +that use them to fail. + +The test suite includes 2048-bit RSA keys and certificates +(t/data/testcert_key_2048.pem and t/data/testcert_wildcard.crt.pem +respectively), which are already in use in some (usually newer) tests. +Retire the 1024-bit keys in favour of the 2048-bit keys: + +* Replace all remaining uses of t/data/key.pem in the test suite with + t/data/testcert_key_2048.pem. +* Create t/data/testcert_key_2048.pem.e (testcert_key_2048.pem encrypted + with AES-256-CBC using the passphrase "secret") and replace all + remaining uses of t/data/key.pem.e in the test suite with + testcert_key_2048.pem.e. +* Replace all remaining uses of t/data/cert.pem in the test suite with + t/data/testcert_wildcard.crt.pem. +* Create 2048-bit CA key at t/data/test_CA1_2048.key.pem and + certificates at t/data/test_CA1_2048.crt.pem and + t/data/testcert_wildcard_CA1_2048.crt.pem, and use them in + t/local/07_sslecho.t and t/local/36_verify.t in place of the 1024-bit + CA keys/certificates. Thanks to Heikki Vatiainen for debugging and + fixing this. +* Remove the digest check for t/data/cert.pem in t/local/50_digest.t + altogether: the same digests for t/data/binary-test.file are already + tested, and it's not clear what benefit another one provides. +* In t/local/07_sslecho.t, don't make assumptions about the chain of + trust for the certificates being used; this breaks the tests when + keys/certificates other than the old 1024-bit ones are used. Thanks to + Heikki Vatiainen for debugging and fixing this. +* Remove references to t/data/key.pem and t/data/cert.pem from the + Net::SSLeay documentation (they probably shouldn't have been there + anyway). +* Remove the calls to Net::SSLeay::CTX_set_security_level(..., 1) from + all tests that used t/data/key.pem and t/data/cert.pem, since the new + key/certificate will work at security level 2, and no OS is currently + known to mandate a higher security level than this - setting the + security level in this way was a temporary fix for this problem, added + in commit d0ee5d91. + +This fixes RT#126270 and the remainder of RT#128025. Thanks to Petr +Písař and Slaven Rezić for the reports. +--- + lib/Net/SSLeay.pod| 4 +- + t/data/cert.pem | 23 -- + t/data/key.pem| 15 + t/data/key.pem.e | 17 - + t/data/test_CA1_2048.crt.pem | 20 + + t/data/test_CA1_2048.
Bug#1008184: nmu: unknown packages affected by dpkg-dev bug #1000421
On Wed, Mar 23, 2022 at 11:29:48PM +0100, Guillem Jover wrote: >... > What unearthed this was a recentish glibc upload that AFAIR has started > merging its libpthread library into libc proper, and added a new symbol > for a variable (__libc_single_threaded@GLIBC_2.32). The merging only happens in 2.34 (currently in experimental), but this new way of detecting multithreading was added in 2.32. > I guess the archive should be checked for other instances of at least > that glibc issue, because that can affect partial upgrades in a pretty > nasty way (with programs being unable to be run-time linked). So that > would imply any program that has been: > > * built against glibc >= 2.32-0experimental0 > * built using binutils >= 2.26 > * built using dpkg-dev < 1.21.0 FTR, this seems to be a 2 month window (give or take a few days due to buildd chroots being updated only twice per week): https://tracker.debian.org/news/1255840/accepted-glibc-232-1-source-into-unstable/ https://tracker.debian.org/news/1284072/accepted-dpkg-1210-source-into-unstable/ > * containing a copy reloc for __libc_single_threaded: > objdump -R $prog | grep 'R_[^ ]*_COPY .* __libc_single_threaded' > > Most of this information should be available at least from the .buildinfo > files. Relevant is also that the binary packages do not already have dependencies on libc6 >= 2.32 for other reasons. >... > This could have affected other programs using other versioned variables > from other shared libraries, for quite some time, but not that many shared > libraries use versioned symbols, but checking that would imply more effort > to detect. :/ Versioned symbols are common, but: >... > So this involves shared libraries using versioned symbols, for symbols > that are objects (variables instead of functions or methods), >... Global variables as part of a library API are usually considered bad practice, and then you'd need a case where such a new variable is used but no new function. __libc_single_threaded is special, and looking at cppcheck the problem occurs in practice mainly due to libstdc++ using it for atomics in its headers when available. > Thanks, > Guillem cu Adrian
Bug#1008184: nmu: unknown packages affected by dpkg-dev bug #1000421
On Thu, Mar 24, 2022 at 01:01:10AM +0200, Adrian Bunk wrote: >... > FTR, this seems to be a 2 month window (give or take a few days due to > buildd chroots being updated only twice per week): >... 3 month window cu Adrian
Re: Bug#1029044: gcc-12-cross-mipsen: source and binary version go out of sync
Control: tags -1 ftbfs Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 Control: reassign -2 src:gcc-10-cross Control: retitle -2 gcc-10-cross: source and binary version go out of sync Control: reassign -3 src:gcc-10-cross-ports Control: retitle -3 gcc-10-cross-ports: source and binary version go out of sync Control: reassign -4 src:gcc-11-cross Control: retitle -4 gcc-11-cross: source and binary version go out of sync Control: reassign -5 src:gcc-11-cross-ports Control: retitle -5 gcc-11-cross-ports: source and binary version go out of sync Control: reassign -6 src:gcc-11-cross-mipsen Control: retitle -6 gcc-11-cross-mipsen: source and binary version go out of sync Control: block -6 by -4 Control: reassign -7 src:gcc-12-cross Control: retitle -7 gcc-12-cross: source and binary version go out of sync Control: block -1 by -7 Control: reassign -8 src:gcc-12-cross-ports Control: retitle -8 gcc-12-cross-ports: source and binary version go out of sync Control: reassign -9 src:gcc-13-cross Control: retitle -9 gcc-13-cross: source and binary version go out of sync Control: reassign -10 src:gcc-13-cross-ports Control: retitle -10 gcc-13-cross-ports: source and binary version go out of sync On Mon, Jan 16, 2023 at 09:21:52PM +0100, Paul Gevers wrote: > Source: gcc-12-cross-mipsen > Version: 1+c2 > Severity: serious > > Dear maintainer, > > The current version in unstable is stuck, because the mips64el build > is kept in Uploaded state. Asking around on #d-buildd, I got the > following discussion: > > [20:09:34] mips64el 3days in uploaded state feels like an issue, > right? https://buildd.debian.org/status/package.php?p=gcc-12-cross-mipsen > [20:18:32] probably means dak rejected it > [20:18:45] Your upload included the binary package > cpp-12-mips-linux-gnu, version 12.2.0-13cross1, for mips64el, > [20:18:48] however unstable already has version 12.2.0-14cross2. > [20:19:09] > coccia:/srv/ftp-master.debian.org/queue/reject/gcc-12-cross-mipsen_3+c1_mips64el-buildd.changes.reason > [20:29:57] the higher version is > [20:29:57] Source: gcc-12-cross-mipsen (2+c1) > [20:30:23] so the generated version numbers are broken > [20:32:07] not for the first time afair > [[21:04:30] adsb: thanks for looking; but the source is 3+c1, no? or > did the older one generate a newer binary? > > You may want to check your logic. The packaging is copied from gcc-12-cross, problems have to be fixed there first, and also in the other gcc-*-cross* packages. There are at least 3 problems: 1. The way debian/new_cross_version.sh uses "apt-cache policy" to create a version number makes the package not reproducible even if the same versions of the build dependencies are installed, and it also causes problems like this one here. Other packages using {binutils,gcc-*,gdb}-source seem to get it right, e.g.: Package: gcc-xtensa-lx106 Source: gcc-xtensa-lx106 (8) Version: 10.2.1-6+8+b1 Built-Using: gcc-10 (= 10.2.1-6) There is no reason why the gcc-*-cross* packages could not use similar versioning. 2. binary-any packages built from the same gcc-*-cross* packages currently have >= dependencies on binary-all packages built from the same sources. Since the version number of the gcc-*-cross* packages packages contains the version of the gcc-*-source package, this does not only prevent binNMUs (which itself is already an RC bug) but also similarly causes problems like #1028441 when packages are built later on an architecture (in this case due to #1026129, which was caused by #1026245 in src:gcc-12). The correct solution is to make such binary-all packages binary-any, which allows = dependencies and removes all such race conditions and non-binNMUableness. 3. Built-Using in the binary-all packages is something that should IMHO become a non-overridable automatic REJECT in dak. The gcc-*-cross* packages seem to avoid the built-using-field-on-arch-all-package lintian tag by not declaring the Built-Using in debian/control, but adding it during the build.[1] Example package: lib32gcc-s1-s390x-cross I've just filed #1029633 asking for a lintian tag for that. > Paul cu Adrian [1] https://sources.debian.org/src/gcc-12/12.2.0-14/debian/rules.conf/#L1286
Bug#1029918: spring needs hinting into testing
Package: release.debian.org Severity: normal Issues preventing migration: ∙ ∙ spring-javaai/arm64 has unsatisfiable dependency Package: spring-javaai Architecture: all Depends: ... spring (>= ${source:Version}), Package: spring Architecture: amd64 i386 The package was removed from testing in October due to an RC bug that is now fixed. #563686 explains why this package is x86-only.
Re: mips64el/mipsel and testing migration
On Sat, Feb 04, 2023 at 09:59:23AM -0500, Roberto C. Sánchez wrote: >... > If that is the case, then I am puzzled how intelrdfpmath would have > migrated to testing without being able to build on mips64el/mipsel intelrdfpmath having never been built on mips* is not an RC bug or testing migration blocker for intelrdfpmath since there are no old binaries of intelrdfpmath in unstable.[1] > and > it makes me think that I might need to be concerned that libmongocrypt > might not migrate in time. libmongocrypt is currently in testing, so the 12th is not a hard deadline here. > If that is not the case, and the excuses are spurious because the lack > of availability on mips64el/mipsel won't prevent testing migration, that > would be good to know as well. >... libmongocrypt does have old binaries on mips* in unstable, which blocks testing migration of libmongocrypt. There are 3 options for handling this: 1. Is there a way to build libmongocrypt without intelrdfpmath? 2. Fixing intelrdfpmath on mips* 3. "reportbug ftp.debian.org" could be used to request removal of the old mipsel/mips64el binaries of libmongocrypt, but that requires first making the build dependency in mongo-c-driver exclude architectures where libmongocrypt is no longer available. If !pkg.mongo-c-driver.no-libmongocrypt is still a usable configuration, then [!mipsel !mips64el] could be used there. I will look whether 2. is feasible. intelrdfpmath does build on not explicitely supported architectures like s390x, and MIPS might be a victim of explicit support code that is now half-broken. > Regards, > > -Roberto cu Adrian [1] https://release.debian.org/testing/rc_policy.txt Packages must autobuild without failure on all architectures on which they are supported. Packages must be supported on as many architectures as is reasonably possible. Packages are assumed to be supported on all architectures for which they have previously built successfully. Prior builds for unsupported architectures must be removed from the archive (contact -release or ftpmaster if this is the case).
Bug#1030531: More binNMUs for missing python3-h5py dependencies
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: Jochen Sprickerhof , Drew Parsons nmu pyfai_0.21.3+dfsg1-2 . ANY . unstable . -m "Rebuild to pick up python3-h5py dependency (see #1030220)" nmu unifrac_1.2-3 . ANY . unstable . -m "Rebuild to pick up python3-h5py dependency (see #1030220)" nmu xraylarch_0.9.58+ds1-5 . ANY . unstable . -m "Rebuild to pick up python3-h5py dependency (see #1030220)" These are the ones I found with the same problem as #1030507 that are binNMUable. Packages that require source uploads due to affected binary-all packages: - binoculars (covered by reopening #1016598) - hickle (#1030516) - python-anndata (#1030512) - python-bayespy (QA upload done) - r-bioc-mofa (#1030514)