Bug#989483: unblock: debian-edu-install/2.11.13
rts because they saved other people
from drowning in the Mediterranean Sea. That is almost as absurd as if there
were people being prosecuted because they save humans from drowning in the sea.
diff -Nru debian-edu-install-2.11.12/debian/changelog debian-edu-install-2.11.13/debian/changelog
--- debian-edu-install-2.11.12/debian/changelog 2021-04-20 15:46:08.0 +0200
+++ debian-edu-install-2.11.13/debian/changelog 2021-05-24 12:43:46.0 +0200
@@ -1,3 +1,21 @@
+debian-edu-install (2.11.13) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Add partitioning recipes to support UEFI systems. (Closes: #988396)
+Thanks to Cyril Etcheverria for detecting the bug and for providing useful
+additional information.
+- lib/partman/: Add EFI partition related configuration file
+ 'recipes-amd64-efi-specific' and directory 'recipes-amd64-efi'.
+- lib/partman/common/*: Adjust common recipes concerning the /boot partition
+ to match the UEFI related change.
+ (Code for both /boot and EFI partitions taken from src:d-i/partman-auto.)
+- Generate / update recipes via running 'make update-partman-recipes'.
+- Adjust debian/debian-edu-profile-udeb.dirs and Makefile.
+ * debian-edu-profile: Adjust case statement to let the EFI recipes take effect
+during installation.
+
+ -- Holger Levsen Mon, 24 May 2021 12:43:46 +0200
+
debian-edu-install (2.11.12) unstable; urgency=medium
[ Wolfgang Schweer ]
diff -Nru debian-edu-install-2.11.12/debian/debian-edu-profile-udeb.dirs debian-edu-install-2.11.13/debian/debian-edu-profile-udeb.dirs
--- debian-edu-install-2.11.12/debian/debian-edu-profile-udeb.dirs 2017-03-02 20:20:10.0 +0100
+++ debian-edu-install-2.11.13/debian/debian-edu-profile-udeb.dirs 2021-05-24 12:41:43.0 +0200
@@ -7,6 +7,7 @@
usr/lib/debian-edu-install
usr/lib/pre-pkgsel.d
lib/partman/recipes
+lib/partman/recipes-amd64-efi
lib/partman/recipes-powerpc-powermac_newworld
lib/partman/recipes-powerpc-prep
lib/partman/not-enough-space.d
diff -Nru debian-edu-install-2.11.12/debian-edu-profile debian-edu-install-2.11.13/debian-edu-profile
--- debian-edu-install-2.11.12/debian-edu-profile 2020-01-21 18:23:14.0 +0100
+++ debian-edu-install-2.11.13/debian-edu-profile 2021-05-24 12:41:43.0 +0200
@@ -278,10 +278,14 @@
log "Detected subarch : $subarch"
case "$arch-$subarch" in
- "i386-generic") #unset both use the default
+ "amd64-generic"|"i386-generic") #unset both use the default
arch=
subarch=
;;
+ "amd64-efi"|"i386-efi") #set (same recipes; src:d-i uses symlink)
+ arch=-amd64
+ subarch=-efi
+ ;;
"powerpc-powermac_newworld") #set
arch=-powerpc
subarch=-powermac_newworld
diff -Nru debian-edu-install-2.11.12/lib/partman/common/90edumain debian-edu-install-2.11.13/lib/partman/common/90edumain
--- debian-edu-install-2.11.12/lib/partman/common/90edumain 2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/90edumain 2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
>>>ARCH SPECIFIC<<<
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+ $defaultignore{ }
+ method{ format }
+ format{ }
+ use_filesystem{ }
+ filesystem{ ext2 }
+ mountpoint{ /boot } .
256 1 1024 ext4
$lvmok{ }
diff -Nru debian-edu-install-2.11.12/lib/partman/common/91edumain+ltsp debian-edu-install-2.11.13/lib/partman/common/91edumain+ltsp
--- debian-edu-install-2.11.12/lib/partman/common/91edumain+ltsp 2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/91edumain+ltsp 2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
>>>ARCH SPECIFIC<<<
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+ $defaultignore{ }
+ method{ format }
+ format{ }
+ use_filesystem{ }
+ filesystem{ ext2 }
+ mountpoint{ /boot } .
640 1 1536 ext4
$lvmok{ }
diff -Nru debian-edu-install-2.11.12/lib/partman/common/92edumain+ws debian-edu-install-2.11.13/lib/partman/common/92edumain+ws
--- debian-edu-install-2.11.12/lib/partman/common/92edumain+ws 2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/92edumain+ws 2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
>>>ARCH SPECIFIC<<<
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+ $defaultignore{ }
+ method{ format }
+ fo
Bug#989484: unblock: debian-edu-doc/2.11.24
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-doc 2.11.24, it just contains documentation and translation updates. debian-edu-doc (2.11.24) unstable; urgency=medium . * Update Debian Edu Bullseye manual from the wiki. * Update Debian Edu Buster manual from the wiki. . [ Translation updates ] * Bullseye manual: - Portuguese: Silvério Santos - Portuguese (Brazil): José Vieira, Barbara Tostes, Paulo Henrique de Lima Santana, Fred Maranhão, Mario Gerson Miranda Magno Junior and Thiago Pezzo - Spanish: Adolfo Jayme Barrientos * Buster manual: - Portuguese (Portugal): José Vieira - Portuguese (Brazil): José Vieira, Barbara Tostes, Paulo Henrique de Lima Santana, Fred Maranhão, Mario Gerson Miranda Magno Junior and Thiago Pezzo - Spanish: Adolfo Jayme Barrientos . [ Wolfgang Schweer ] * documentation/debian-edu-bullseye/images/pt-pt/: Use (pt-pt) specific image 10-Participate_in_the_package_usage_survey_1.png instead of accidentally added (nl) one. Thanks to Andreas Beckmann. (Closes: #988682). . [ Frans Spiesschaert ] * Replace ssantos with his real name (Silvério Santos) in various places. This last change from Frans is the reason there's a change in documentation/audacity, while the rest is in in documenation/debian-edu-b... :) $ debdiff debian-edu-doc_2.11.23.dsc debian-edu-doc_2.11.24.dsc | diffstat debian/changelog | 45 documentation/audacity/audacity-manual.pt-pt.add |2 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml | 14 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po | 52 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po | 53 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.add |1 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po | 400 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po | 55 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po | 53 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po | 53 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po | 53 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po | 55 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po | 33 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot | 25 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.add | 11 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po | 9396 ++ documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.add |2 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po | 60 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.add |2 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po | 150 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po | 31 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po | 28 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml | 14 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po | 52 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po | 28 documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml |3 documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml |8 documentation/debian-edu-buster/debian-edu-buster-manual.da.po | 38 documentation/debian-edu-buster/debian-edu-buster-manual.de.po | 39 documentation/debian-edu-buster/debian-edu-buster-manual.es.add |1 documentation/debian-edu-buster/debian-edu-buster-manual.es.po | 248 documentation/debian-edu-buster/debian-edu-buster-manual.fr.po | 41 documentation/debian-edu-buster/debian-edu-buster-manual.it.po | 39 documentation/debian-edu-buster/debian-edu-buster-manual.ja.po | 39 documentation/debian-edu-buster/debian-edu-buster-manual.nb-no.po | 53 documentation/debian-edu-buster/debian-edu-buster-manual.nl.po | 41 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po | 17 documentation/debian-edu-buster/debian-edu-buster-manual.pot | 17 document
d-e-install: drop powerpc recipes
package: debian-edu-install x-debbugs-cc: debian-...@lists.debian.org version: 1.916 On Sat, Jun 05, 2021 at 12:59:51AM +0200, Holger Levsen wrote: > debian-edu-install (2.11.13) unstable; urgency=medium [...] > [auto-generated below] [...] > lib/partman/recipes-powerpc-powermac_newworld/90edumain | 15 - > lib/partman/recipes-powerpc-powermac_newworld/91edumain+ltsp | 15 - > lib/partman/recipes-powerpc-powermac_newworld/92edumain+ws| 15 - > lib/partman/recipes-powerpc-powermac_newworld/94edultsp | 15 - > lib/partman/recipes-powerpc-powermac_newworld/96eduwork | 15 - > lib/partman/recipes-powerpc-powermac_newworld/97minimal | 15 - > lib/partman/recipes-powerpc-powermac_newworld/98edustandalone | 15 - > lib/partman/recipes-powerpc-prep/90edumain| 15 - > lib/partman/recipes-powerpc-prep/91edumain+ltsp | 15 - > lib/partman/recipes-powerpc-prep/92edumain+ws | 15 - > lib/partman/recipes-powerpc-prep/94edultsp| 15 - > lib/partman/recipes-powerpc-prep/96eduwork| 15 - > lib/partman/recipes-powerpc-prep/97minimal| 15 - > lib/partman/recipes-powerpc-prep/98edustandalone | 15 - wait, what? why do we still have powerpc recipes in Debian Edu? We dropped powerpc support some time ago :) (not fully sure we want this change for bullseye but then I also don't see how it could hurt to drop those properly.) (and in any case this shouldn't be a blocker for #989483, the current d-e-install unblock request...) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Stop saying that we are all in the same boat. We’re all in the same storm. But we’re not all in the same boat. signature.asc Description: PGP signature
Bug#989865: unblock: debian-installer-netboot-images/20210606+fixed1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-installer-netboot-images, it includes the images to netboot bullseye d-i RC2, it's used by the education-main-server package at least ;) I'm not planning on unblocking my own upload, so reportbug is likely the safest bet. debian-installer-netboot-images (20210606+fixed1) unstable; urgency=medium * Fix regression introduced while fixing error reporting in the previous upload (oh, the irony), fixing the FTBFS. * Strip +fixed.* suffix when setting VERSION in debian/rules, to cope with this follow-up upload for the same D-I version (20210606). -- Cyril Brulebois Thu, 10 Jun 2021 06:50:59 +0200 debian-installer-netboot-images (20210606) unstable; urgency=medium * Update for D-I Bullseye RC 2. * Fix error reporting when no fallback suite is defined: exit immediately instead of building empty packages. * Drop unused shared-lib-without-dependency-information lintian overrides. * Add myself to Uploaders. -- Cyril Brulebois Mon, 07 Jun 2021 17:47:04 +0200 $ debdiff debian-installer-netboot-images_20210415.dsc debian-installer-netboot-images_20210606+fixed1.dsc|diffstat changelog| 20 control |2 +- control.in |2 +- lintian-overrides.in |1 - rules| 19 --- 5 files changed, 34 insertions(+), 10 deletions(-) A full diff is attached. unblock debian-installer-netboot-images/20210606+fixed1 Thanks for your work on releasing bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. signature.asc Description: PGP signature
Bug#989865: unblock: debian-installer-netboot-images/20210606+fixed1
On Tue, Jun 15, 2021 at 12:16:03AM +0200, Holger Levsen wrote: > A full diff is attached. a classic, now! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ We are done with ‘world leaders’. Countries are on fire. Cities are drowning. People are dying. This is what scientists and activists have been warning the world and politicians about. It’s here. We ARE facing the impacts of the climate crisis. Forget about the future, it’s now. fridays for future - https://nitter.net/fff_digital/status/1304520941012242432 diff -Nru debian-installer-netboot-images-20210415/debian/changelog debian-installer-netboot-images-20210606+fixed1/debian/changelog --- debian-installer-netboot-images-20210415/debian/changelog 2021-04-15 13:23:35.0 +0200 +++ debian-installer-netboot-images-20210606+fixed1/debian/changelog 2021-06-10 06:50:59.0 +0200 @@ -1,3 +1,23 @@ +debian-installer-netboot-images (20210606+fixed1) unstable; urgency=medium + + * Fix regression introduced while fixing error reporting in the previous +upload (oh, the irony), fixing the FTBFS. + * Strip +fixed.* suffix when setting VERSION in debian/rules, to cope +with this follow-up upload for the same D-I version (20210606). + + -- Cyril Brulebois Thu, 10 Jun 2021 06:50:59 +0200 + +debian-installer-netboot-images (20210606) unstable; urgency=medium + + * Update for D-I Bullseye RC 2. + * Fix error reporting when no fallback suite is defined: exit +immediately instead of building empty packages. + * Drop unused shared-lib-without-dependency-information lintian +overrides. + * Add myself to Uploaders. + + -- Cyril Brulebois Mon, 07 Jun 2021 17:47:04 +0200 + debian-installer-netboot-images (20210415) unstable; urgency=medium * Team upload. diff -Nru debian-installer-netboot-images-20210415/debian/control debian-installer-netboot-images-20210606+fixed1/debian/control --- debian-installer-netboot-images-20210415/debian/control 2021-04-15 13:22:35.0 +0200 +++ debian-installer-netboot-images-20210606+fixed1/debian/control 2021-06-07 17:46:51.0 +0200 @@ -8,7 +8,7 @@ Section: misc Priority: optional Maintainer: Debian Install System Team -Uploaders: Didier Raboud +Uploaders: Didier Raboud , Cyril Brulebois Build-Depends: debhelper-compat (= 13), wget, debian-archive-keyring, diff -Nru debian-installer-netboot-images-20210415/debian/control.in debian-installer-netboot-images-20210606+fixed1/debian/control.in --- debian-installer-netboot-images-20210415/debian/control.in 2021-04-15 13:22:35.0 +0200 +++ debian-installer-netboot-images-20210606+fixed1/debian/control.in 2021-06-07 17:45:11.0 +0200 @@ -2,7 +2,7 @@ Section: misc Priority: optional Maintainer: Debian Install System Team -Uploaders: Didier Raboud +Uploaders: Didier Raboud , Cyril Brulebois Build-Depends: debhelper-compat (= 13), wget, debian-archive-keyring, diff -Nru debian-installer-netboot-images-20210415/debian/lintian-overrides.in debian-installer-netboot-images-20210606+fixed1/debian/lintian-overrides.in --- debian-installer-netboot-images-20210415/debian/lintian-overrides.in 2021-02-15 18:47:48.0 +0100 +++ debian-installer-netboot-images-20210606+fixed1/debian/lintian-overrides.in 2021-06-07 17:31:06.0 +0200 @@ -3,7 +3,6 @@ debian-installer-##IDENTIFIER##: statically-linked-binary debian-installer-##IDENTIFIER##: unstripped-binary-or-object debian-installer-##IDENTIFIER##: embedded-library -debian-installer-##IDENTIFIER##: shared-lib-without-dependency-information debian-installer-##IDENTIFIER##: library-not-linked-against-libc debian-installer-##IDENTIFIER##: shlib-with-executable-stack debian-installer-##IDENTIFIER##: missing-depends-line diff -Nru debian-installer-netboot-images-20210415/debian/rules debian-installer-netboot-images-20210606+fixed1/debian/rules --- debian-installer-netboot-images-20210415/debian/rules 2021-02-15 18:59:29.0 +0100 +++ debian-installer-netboot-images-20210606+fixed1/debian/rules 2021-06-10 06:50:56.0 +0200 @@ -4,7 +4,7 @@ export DISTRIBUTION_FALLBACK?= export KFREEBSD_KERNEL_MAJOR?=11 -export VERSION?=$(shell dpkg-parsechangelog | sed -n 's/^Version: //p') +export VERSION?=$(shell dpkg-parsechangelog | sed -n 's/^Version: //p' | sed 's/+fixed.*//') # Don't forget to recreate debian/control after editing these lines: $ debian/rules debian/control export MAJOR_VERSION=11 @@ -17,12 +17,17 @@ override_dh_auto_install: $(SUPPORTED_ARCHITECTURES:%=get-images-%) get-images-%: - if ! ./get-images.sh $* && [ -n "$(DISTRIBUTION_FALLBACK)" ]; then\ - echo; echo; echo; \ - echo "Version not found in $(DISTRIBUTION), falling back to $(DISTRIBUTION_FALLBACK)"; \ - echo; echo; echo; \ - sleep 5; \ - DISTRIBUTION=$(DISTRIBUTION_FALLBACK)
Bug#990139: unblock: debian-edu-config/2.11.56
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-edu-config 2.11.56 containing three small and
targeded fixes
for three bugs concerning Debian Edu only, thus with no impact outside Debian
Edu.
The diff is:
$ debdiff debian-edu-config_2.11.55.dsc debian-edu-config_2.11.56.dsc|diffstat
cf3/cf.exim |6 +++
debian/changelog | 24 ++
sbin/debian-edu-ltsp-install |7 ++--
share/debian-edu-config/isc-dhcp-server.service |2 -
share/debian-edu-config/isc-dhcp-server.service.eth1_only |2 -
5 files changed, 36 insertions(+), 5 deletions(-)
$ debdiff debian-edu-config_2.11.55.dsc debian-edu-config_2.11.56.dsc
diff -Nru debian-edu-config-2.11.55/debian/changelog
debian-edu-config-2.11.56/debian/changelog
--- debian-edu-config-2.11.55/debian/changelog 2021-04-29 15:27:17.0
+0200
+++ debian-edu-config-2.11.56/debian/changelog 2021-06-05 00:06:13.0
+0200
@@ -1,3 +1,27 @@
+debian-edu-config (2.11.56) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Adjust workaround for isc-dhcp-server-ldap bug #971275. (Closes: #989340)
+- share/debian-edu-config/isc-dhcp-server.{service,service.eth1_only}:
+ Use ExecStartPre command inspired by the isc-dhcp-server init script
+ instead of a sleep command.
+ * Adjust Exim configuration on client systems. (Closes: #989338)
+- cf3/cf.exim:
+ Use exim-ldap-client-v4.conf file as exim4.conf on client machines
instead
+ of preseeded configuration. This way sending system emails to the main
+ server is working again after the exim4 4.94 changes.
+ * Adjust sbin/debian-edu-ltsp-install. (Closes: #989342)
+- Drop line containing the cp command (/var/cache/apt doesn't contain .bin
+ files in all use cases and the benefit is minimal if they exist; also,
the
+ pkgcache.bin and srcpkgcache.bin files might contain outdated data).
+- Use the BD ISO image to setup X2Go thin client support only if the script
+ is run inside the Debian Installer environment. There are too many ways
+ to install a combined server (with or without Internet connection, with
+ or without adjusting the sources list, with or without running apt
update)
+ to cover all these cases.
+
+ -- Holger Levsen Sat, 05 Jun 2021 00:06:13 +0200
+
debian-edu-config (2.11.55) unstable; urgency=medium
[ Wolfgang Schweer ]
diff -Nru debian-edu-config-2.11.55/cf3/cf.exim
debian-edu-config-2.11.56/cf3/cf.exim
--- debian-edu-config-2.11.55/cf3/cf.exim 2019-02-15 11:58:02.0
+0100
+++ debian-edu-config-2.11.56/cf3/cf.exim 2021-06-02 14:00:53.0
+0200
@@ -10,6 +10,12 @@
move_obstructions => "true";
"/etc/default/exim4"
edit_line => exim_default;
+
+ debian.!server.(workstation|minimal).installation::
+
+"/etc/exim4/exim4.conf"
+ link_from => ln_s("/etc/exim4/exim-ldap-client-v4.conf"),
+ move_obstructions => "true";
}
bundle edit_line exim_default
diff -Nru debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install
debian-edu-config-2.11.56/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install 2021-04-26
23:38:21.0 +0200
+++ debian-edu-config-2.11.56/sbin/debian-edu-ltsp-install 2021-06-02
23:20:03.0 +0200
@@ -341,8 +341,10 @@
show=false
EOF
-# Specific settings needed if BD ISO image is used for installation.
-if grep -q BD /etc/apt/sources.list ; then
+# Specific settings needed if BD ISO image is used for installation inside d-i.
+# First part of next condition: Looking for file created by base-installer and
+# removed at the end of the d-i run.
+if [ -e /etc/apt/apt.conf.d/00IgnoreTimeConflict ] && grep -q BD
/etc/apt/sources.list ; then
BD_ISO="true";
device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
mirror="file:///media/cdrom/"
@@ -365,7 +367,6 @@
if [ "true" == "$BD_ISO" ] ; then
mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
mount $device /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
- cp /var/cache/apt/*.bin
/srv/ltsp/thin/"$thin_type"-"$arch"/var/cache/apt/
echo "deb [trusted=yes] $mirror $dist main" >
/srv/ltsp/thin/"$thin_type"-"$arch"/etc/apt/sources.list
fi
chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt -y -qq install
education-thin-client p910nd
diff -Nru
debian-edu-config-2.11.55/share/debian-edu-config/isc-dhcp-server.service
debian-edu-config-2.11.56/share/debian-e
Bug#990142: unblock: debian-edu/2.11.37
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu bringing a rather trival improvement to Debian Edu, which I'd still consider worthwhile having. The potential (bad) impact is low and definitly limited to Debian Edu... The full diff: $ debdiff debian-edu_2.11.36.dsc debian-edu_2.11.37.dsc diff -Nru debian-edu-2.11.36/debian/changelog debian-edu-2.11.37/debian/changelog --- debian-edu-2.11.36/debian/changelog 2021-03-28 12:35:03.0 +0200 +++ debian-edu-2.11.37/debian/changelog 2021-06-09 23:14:40.0 +0200 @@ -1,3 +1,11 @@ +debian-edu (2.11.37) unstable; urgency=medium + + [ Wolfgang Schweer ] + * tasks/common: Recommend plocate as preferred locate. (Closes: #989518) +Thanks to Paul Wise for informing us. + + -- Holger Levsen Wed, 09 Jun 2021 23:14:40 +0200 + debian-edu (2.11.36) unstable; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-2.11.36/debian/control debian-edu-2.11.37/debian/control --- debian-edu-2.11.36/debian/control 2021-03-28 12:34:58.0 +0200 +++ debian-edu-2.11.37/debian/control 2021-06-09 23:14:40.0 +0200 @@ -116,7 +116,6 @@ lsscsi, mc, memtest86+, -mlocate, mtools, mtr-tiny | mtr, ncftp, @@ -124,6 +123,7 @@ nullidentd | ident-server, openbsd-inetd, pciutils, +plocate | mlocate, procinfo, procmail, psmisc, diff -Nru debian-edu-2.11.36/tasks/common debian-edu-2.11.37/tasks/common --- debian-edu-2.11.36/tasks/common 2021-02-07 11:47:11.0 +0100 +++ debian-edu-2.11.37/tasks/common 2021-06-09 18:04:22.0 +0200 @@ -35,7 +35,7 @@ lsscsi, sysfsutils, etherwake, - mlocate, + plocate | mlocate, Recommends: iputils-arping | arping, unblock debian-edu/2.11.37 Thanks for your work on bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Not everything was bad during capitalism. signature.asc Description: PGP signature
Bug#990171: unblock: apparmor-profiles-extra/1.34
On Tue, Jun 22, 2021 at 09:57:02AM +0800, Paul Wise wrote: > [ Reason ] > The autoremoval will be before the fix for RC bug #989193 migrates. (I dont think so, but that's beside my point here.) > [ Impact ] > The package will not be available in the bullseye release and so > various apps will not have AppArmor security restrictions. I'm wondering whether apparmor-profiles-extra should be a key package, after all apparmor is installed by default these days... -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The system isn't broken. It was built this way. signature.asc Description: PGP signature
Re: youtube-dl: needs version update to 2021.05.16 to continue working with youtube
Hi Andreas, [diclaimer: i'm not a release team member.] On Fri, Jul 02, 2021 at 05:31:48AM +0200, Andreas Tille wrote: > Hi release team, [...] > I do not want to do an upload to unstable without your agreement and I > hope you can come up with some good advise what to do. [...] a.) since about 10 years or so the release team asks for bugs to be filed for such requests, as debian-release is a too busy mailing list so things are likely to fall under the carpet if not. b.) if *you* think the changes are suitable for bullseye, you can upload to unstable. c.) if you are unsure, you can always upload to experimental. d.) if no diff is provided, either here in a bug or via an upload, how should the release team evaluate your request? So, please either upload or attach the diff here^win a bug against release.debian.org which is yet to be filed. > PS: Please be so kind to CC me in your replies. done. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. signature.asc Description: PGP signature
Bug#991285: unblock: strip-nondeterminism/1.12-0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock x-debbugs-cc: reproducible-bui...@lists.alioth.debian.org Hi, I'm wondering whether it makes sense to unblock strip-nondeterminism 1.12.0-1, which has been uploaded on 2021-05-07 and which since then (or rather shortly after) has been used on the buildds when building packages. There haven't been any bugs filed since the upload and the changes are pretty small: strip-nondeterminism (1.12.0-1) unstable; urgency=medium [ Chris Lamb ] * Support normalising Python "pyzip" files -- ie. zip-compressed .py files with a regular Python shebang. (Closes: reproducible-builds/strip-nondeterminism#18) * Drop single-debian-patch, etc. [ Bernhard M. Wiedemann ] * Move exception handling closer to call using perl's "//" operator. The debdiffstat is: debdiff strip-nondeterminism_1.11.0-1.dsc strip-nondeterminism_1.12.0-1.dsc|diffstat debian/changelog | 12 ++ debian/source/options |1 debian/source/patch-header | 17 lib/File/StripNondeterminism.pm| 11 ++ lib/File/StripNondeterminism/handlers/pyzip.pm | 106 + 5 files changed, 128 insertions(+), 19 deletions(-) and the full debdiff is attached. Rather obviously this more or less against the freeze guidelines but given the fact that it's been used in many bullseye builds during the freeze I thought I'd ask. And I decided to ask via a bug report. Feel free to close or unblock :) (And before you ask: I don't really know why I didn't file this unblock request earlier. I guess it's because the change is not soo relevant but then I somehow continued to be bothered by the fact that bullseye is build with packages from out of bullseye and so I finally decided to ask anyway.) unblock strip-nondeterminism/1.12-0.1 and thank you for releasing bullseye and dealing with requests like these! ;) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ "A developed country is not a place where the poor have cars. It's where the rich use public transportation." (quote attributed to several people) diff -Nru strip-nondeterminism-1.11.0/debian/changelog strip-nondeterminism-1.12.0/debian/changelog --- strip-nondeterminism-1.11.0/debian/changelog 2021-02-05 13:04:06.0 +0100 +++ strip-nondeterminism-1.12.0/debian/changelog 2021-05-07 13:36:57.0 +0200 @@ -1,3 +1,15 @@ +strip-nondeterminism (1.12.0-1) unstable; urgency=medium + + [ Chris Lamb ] + * Support normalising Python "pyzip" files -- ie. zip-compressed .py files +with a regular Python shebang. (Closes: reproducible-builds/strip-nondeterminism#18) + * Drop single-debian-patch, etc. + + [ Bernhard M. Wiedemann ] + * Move exception handling closer to call using perl's "//" operator. + + -- Chris Lamb Fri, 07 May 2021 12:36:57 +0100 + strip-nondeterminism (1.11.0-1) unstable; urgency=medium [ Helmut Grohne ] diff -Nru strip-nondeterminism-1.11.0/debian/source/options strip-nondeterminism-1.12.0/debian/source/options --- strip-nondeterminism-1.11.0/debian/source/options 2021-02-05 13:04:06.0 +0100 +++ strip-nondeterminism-1.12.0/debian/source/options 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -single-debian-patch diff -Nru strip-nondeterminism-1.11.0/debian/source/patch-header strip-nondeterminism-1.12.0/debian/source/patch-header --- strip-nondeterminism-1.11.0/debian/source/patch-header 2021-02-05 13:04:06.0 +0100 +++ strip-nondeterminism-1.12.0/debian/source/patch-header 1970-01-01 01:00:00.0 +0100 @@ -1,17 +0,0 @@ -Subject: Collected Debian patches for strip-nondeterminism -Author: Andrew Ayer - -Since I am also upstream for this package, there will normally not be -any patches to apply to the upstream source. However, occasionally -I'll pull up specific upstream commits prior to making an upstream -release. When this happens, this patch will collect all of those -modifications. - -I use Git to maintain both the upstream source and the Debian -packages, and generating individual patches rather than using git -cherry-pick takes extra work for no gain. Since I'm also upstream, -there's no need to separate the patches for later upstream submission. -Hence, I take this approach with a unified patch when it's necessary. - -For full commit history and separated commits, see the upstream Git -repository. diff -Nru strip-nondeterminism-1.11.0/lib/File/StripNondeterminism/handlers/pyzip.pm strip-nondeterminism-1.12.0/lib/File/StripNondeterminism/handlers/pyzip.pm --- strip-nondeterminism-1.11.0/lib/File/StripNondeterminism/handlers/pyzip.pm 1970-01-01 01:00:00.0 +0100 +++ strip-nondeterminism-1.12.0/lib/File/StripNondeterminism/handlers/pyzip.pm 2021-05-07 13:35:16.0 +0200 @@ -0,0 +1,106 @@
Bug#991318: unblock: munin/2.0.67-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package munin 2.0.67-2 as it fixes a serious bug with a oneline fix: $ debdiff munin_2.0.67-1.dsc munin_2.0.67-2.dsc diff -Nru munin-2.0.67/debian/changelog munin-2.0.67/debian/changelog --- munin-2.0.67/debian/changelog 2021-02-26 13:24:19.0 +0100 +++ munin-2.0.67/debian/changelog 2021-07-20 14:40:08.0 +0200 @@ -1,3 +1,11 @@ +munin (2.0.67-2) unstable; urgency=medium + + [ Kentaro Hayashi ] + * debian/munin-node.service: ensure /run/munin directory exists. +Closes: #990371. + + -- Holger Levsen Tue, 20 Jul 2021 14:40:08 +0200 + munin (2.0.67-1) unstable; urgency=medium [ Holger Levsen ] diff -Nru munin-2.0.67/debian/munin-node.service munin-2.0.67/debian/munin-node.service --- munin-2.0.67/debian/munin-node.service 2021-01-17 23:34:32.0 +0100 +++ munin-2.0.67/debian/munin-node.service 2021-07-20 14:39:29.0 +0200 @@ -7,6 +7,7 @@ EnvironmentFile=-/etc/default/munin-node Type=notify Restart=always +RuntimeDirectory=munin ExecStart=/usr/sbin/munin-node --foreground $DAEMON_ARGS PIDFile=/run/munin/munin-node.pid # Plugins like "smart_" require access to devices I've uploaded it and just saw the source package appear in unstable, though it hasn't been built yet. unblock munin/2.0.67-2 Thanks for your work on bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ No future. signature.asc Description: PGP signature
Bug#991535: unblock: developers-reference/11.0.21
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package developers-reference 11.0.21, which is a documentation and translation only update: developers-reference (11.0.21) unstable; urgency=medium * best-pkging-practices: replace 'atter' with 'other', with thanks to Jeremy Bicha. Closes: #991291 * pkgs: update releases used in examples for the time when bullseye is stable. * resources: update 'dak ls evince' example output. * Update all .po files for changed strings in the English original. -- Holger Levsen Tue, 20 Jul 2021 15:20:35 +0200 debdiff developers-reference_11.0.20.dsc developers-reference_11.0.21.dsc |diffstat debian/changelog | 17 - source/best-pkging-practices.rst |2 source/locales/de/LC_MESSAGES/best-pkging-practices.po |5 - source/locales/de/LC_MESSAGES/pkgs.po | 14 ++-- source/locales/fr/LC_MESSAGES/best-pkging-practices.po | 57 - source/locales/fr/LC_MESSAGES/pkgs.po | 14 ++-- source/locales/it/LC_MESSAGES/best-pkging-practices.po | 15 +++- source/locales/it/LC_MESSAGES/pkgs.po | 34 -- source/locales/ja/LC_MESSAGES/best-pkging-practices.po | 15 +++- source/locales/ja/LC_MESSAGES/pkgs.po | 34 -- source/locales/ru/LC_MESSAGES/best-pkging-practices.po | 15 +++- source/locales/ru/LC_MESSAGES/pkgs.po | 34 -- source/pkgs.rst|4 - source/resources.rst | 16 ++-- 14 files changed, 198 insertions(+), 78 deletions(-) The full debdiff is attached. unblock developers-reference/11.0.21 Thanks for your work on bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Bottled water companies don't produce water, they produce plastic bottles. diff -Nru developers-reference-11.0.20/debian/changelog developers-reference-11.0.21/debian/changelog --- developers-reference-11.0.20/debian/changelog 2021-06-18 23:50:52.0 +0200 +++ developers-reference-11.0.21/debian/changelog 2021-07-20 15:20:35.0 +0200 @@ -1,12 +1,23 @@ +developers-reference (11.0.21) unstable; urgency=medium + + * best-pkging-practices: replace 'atter' with 'other', with thanks to +Jeremy Bicha. Closes: #991291 + * pkgs: update releases used in examples for the time when bullseye is +stable. + * resources: update 'dak ls evince' example output. + * Update all .po files for changed strings in the English original. + + -- Holger Levsen Tue, 20 Jul 2021 15:20:35 +0200 + developers-reference (11.0.20) unstable; urgency=medium [ Judit Foglszinger ] - * removing freenode and moving reference to cloaks to Debian wiki. -Closes: 990054. + * ressources: Remove freenode and move reference to cloaks to Debian wiki. +Closes: #990054. [ Holger Levsen ] * Update all .po files for changed strings in the English original. - * fix typo in previous d/changelog entry + * Fix typo in previous d/changelog entry. -- Holger Levsen Fri, 18 Jun 2021 23:50:52 +0200 diff -Nru developers-reference-11.0.20/source/best-pkging-practices.rst developers-reference-11.0.21/source/best-pkging-practices.rst --- developers-reference-11.0.20/source/best-pkging-practices.rst 2021-01-17 22:22:11.0 +0100 +++ developers-reference-11.0.21/source/best-pkging-practices.rst 2021-07-20 14:58:54.0 +0200 @@ -1466,7 +1466,7 @@ point). 4. **may** use *packagename*\ ``-``\ *upstream-version*\ ``+dfsg`` - (or any atter suffix which is added to the tarball name) as + (or any other suffix which is added to the tarball name) as the name of the top-level directory in its tarball. This makes it possible to distinguish pristine tarballs from repackaged ones. diff -Nru developers-reference-11.0.20/source/locales/de/LC_MESSAGES/best-pkging-practices.po developers-reference-11.0.21/source/locales/de/LC_MESSAGES/best-pkging-practices.po --- developers-reference-11.0.20/source/locales/de/LC_MESSAGES/best-pkging-practices.po 2021-01-17 23:28:02.0 +0100 +++ developers-reference-11.0.21/source/locales/de/LC_MESSAGES/best-pkging-practices.po 2021-07-20 15:01:41.0 +0200 @@ -3,7 +3,7 @@ msgstr "" "Project-Id-Version: developers-reference\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-01-17 22:27+\n" +"POT-Creation-Date: 2021-07-20 13:01+\n" "PO-Revision-Date: 2020-03-02 19:51+0100\n" "Last-Translator: Carsten Schoenert \n" "Language: de\n" @@ -2760,9 +2760,10 @@ "Originaldistribution zu suchen)." #
Bug#991535: marked as done (unblock: developers-reference/11.0.21)
Hi Paul, On Tue, Jul 27, 2021 at 02:03:02PM +, Debian Bug Tracking System wrote: > On 27-07-2021 03:17, Holger Levsen wrote: > > Please unblock package developers-reference 11.0.21, which is a > > documentation > > and translation only update: > Unblocked. thank you. > However, next time I'd love to see less strings becoming fuzzy for only > a buster -> bullseye, stretch -> buster update. It's not going to be > time well spent for translators to only find such renames. Also, it will > mean some untranslated (because fuzzy) strings that are not really > needed in my opinion (IIUC). while I agree I'm also guilty of not unfuzzying the strings, mostly due to unhappyness about having lost a working translation workflow and because of the translations being out of date already anyway... fwiw, here's what I said about this on #-policy yesterday: < h01ger> how do you call for translations? do you? < h01ger> (of policy.md :) < h01ger> asking because of dev-ref.. < someone> | h01ger: we did in a bits from the policy team at one point < someone> iirc < h01ger> so, just by writing a mail "please help translating" ? < h01ger> or could you communicate translation stati etc like this < h01ger> "german translation status is 67%, french t status is 77%" etc < someone> that sounds useful :) < someone> we have no translations to report on.. < h01ger> ah! < h01ger> in the past there was one xml file and thus one pot file for translations < h01ger> now we have several md files for the source and thus several pot files to translate < h01ger> thus they need to be concatted and then the overall language status needs to be calculated < h01ger> to write a mail saying 'please translate the remaining 3% of strings to german and the remaining 23% to french" or whatever < someone> that does sound like a useful way to encourage people < someone> including the remaining percentages, I mean < h01ger> https://lists.debian.org/debian-edu/2021/07/msg0.html < h01ger> https://lists.debian.org/debian-edu/2021/07/msg2.html < h01ger> :) < h01ger> (for bullseye) every other week, automatically. < someone> very cool < h01ger> for d-edu-doc also weblate is involved, which does attract some people... < h01ger> and yes, i want something similar for dev-ref.. will share once its there! :) < h01ger> might take 2 years or so, help much welcome, MR even more so :) < h01ger> could also be a gsoc project, happy to mentor > Paul, who sometimes refrains from making minor improvements in > release-notes (at this stage) unless he can fix it in the translations too. I've decided for an up2date english src:dev-ref for bullseye, shipped in bullseye, and for future updated and better translated src:dev-ref there's unstable and bookworm :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Nach wieviel Einzelfällen wird ein Einzelfall zum Normalfall? (Jan Böhmermann) signature.asc Description: PGP signature
Bug#991852: unblock: debian-edu-doc/2.11.26
On Tue, Aug 03, 2021 at 02:50:27PM +0300, Adrian Bunk wrote: > Please unblock package debian-edu-doc [...] > unblock debian-edu-doc/2.11.26 thanks for filing this unblock request, Adrian! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ "A developed country is not a place where the poor have cars. It's where the rich use public transportation." (quote attributed to several people) signature.asc Description: PGP signature
Re: BUG: "bookworm" netboot image still references "bullseye" release
hi, On Tue, Aug 31, 2021 at 10:29:04PM +0200, Paul Gevers wrote: > On 31-08-2021 22:10, Christoph Sarnowski wrote: > > Thanks for your reply! I will give it a little more time, then use > > "reportbug debian-installer" to report it. I wasn't sure if reporting on > > the netboot image should go that way, as it is not part of an > > installable debian package. > > Sorry, you're right. I should probably go to > debian-installer-netboot-images (aka dini or d-i-n-i). no, netboot.tar.gz is not part of any d-i-n-i.deb. I'm not sure what creates https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz but I cc:ed kibi who very probably knows. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Plastic bottles: made to last forever, designed to throw away. signature.asc Description: PGP signature
Bug#986979: unblock: libdnf/0.55.2-6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libdnf, 0.55.2-6 fixes #986802 / CVE-2021-3445.
$ * debdiff libdnf_0.55.2-5.dsc libdnf_0.55.2-6.dsc
diff -Nru libdnf-0.55.2/debian/changelog libdnf-0.55.2/debian/changelog
--- libdnf-0.55.2/debian/changelog 2021-02-04 01:17:07.0 +0100
+++ libdnf-0.55.2/debian/changelog 2021-04-14 21:26:57.0 +0200
@@ -1,3 +1,9 @@
+libdnf (0.55.2-6) unstable; urgency=high
+
+ * Add patch for signature check with rpmcliVerifySignatures. Closes: #986802.
+
+ -- Frédéric Pierret Wed, 14 Apr 2021
21:26:57 +0200
+
libdnf (0.55.2-5) unstable; urgency=medium
* Team upload.
diff -Nru
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
---
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
1970-01-01 01:00:00.0 +0100
+++
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
2021-04-14 21:26:57.0 +0200
@@ -0,0 +1,119 @@
+From 930f2582f91077b3f338b84cf9567559d52713de Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?=
+Date: Mon, 29 Mar 2021 09:22:09 +0200
+Subject: [PATCH] Hardening: add signature check with rpmcliVerifySignatures
+
+This api is not ideal but works for now. We don't have to set
+installroot for the used transaction because we set keyring which is
+used to retrieve the keys.
+
+= changelog =
+msg: Hardening: add signature check with rpmcliVerifySignatures
+type: security
+resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
+
+CVE-2021-3445
+RhBug:1932079
+RhBug:1932089
+RhBug:1932090
+
+Related: CVE-2021-3421, CVE-2021-20271
+---
+ libdnf/dnf-keyring.cpp | 52 --
+ 1 file changed, 50 insertions(+), 2 deletions(-)
+
+diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
+index eec58c69..62a6248c 100644
+--- a/libdnf/dnf-keyring.cpp
b/libdnf/dnf-keyring.cpp
+@@ -34,6 +34,8 @@
+ #include
+ #include
+ #include
++#include
++#include
+
+ #include "catch-error.hpp"
+ #include "dnf-types.h"
+@@ -216,6 +218,26 @@ dnf_keyring_add_public_keys(rpmKeyring keyring, GError
**error) try
+ return TRUE;
+ } CATCH_TO_GERROR(FALSE)
+
++static int
++rpmcliverifysignatures_log_handler_cb(rpmlogRec rec, rpmlogCallbackData data)
++{
++GString **string =(GString **) data;
++
++/* create string if required */
++if (*string == NULL)
++*string = g_string_new("");
++
++/* if text already exists, join them */
++if ((*string)->len > 0)
++g_string_append(*string, ": ");
++g_string_append(*string, rpmlogRecMessage(rec));
++
++/* remove the trailing /n which rpm does */
++if ((*string)->len > 0)
++g_string_truncate(*string,(*string)->len - 1);
++return 0;
++}
++
+ /**
+ * dnf_keyring_check_untrusted_file:
+ */
+@@ -232,6 +254,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ rpmtd td = NULL;
+ rpmts ts = NULL;
+
++char *path = g_strdup(filename);
++char *path_array[2] = {path, NULL};
++g_autoptr(GString) rpm_error = NULL;
++
+ /* open the file for reading */
+ fd = Fopen(filename, "r.fdio");
+ if (fd == NULL) {
+@@ -252,9 +278,27 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ goto out;
+ }
+
+-/* we don't want to abort on missing keys */
+ ts = rpmtsCreate();
+-rpmtsSetVSFlags(ts, _RPMVSF_NOSIGNATURES);
++
++if (rpmtsSetKeyring(ts, keyring) < 0) {
++g_set_error_literal(error, DNF_ERROR, DNF_ERROR_INTERNAL_ERROR,
"failed to set keyring");
++goto out;
++}
++rpmtsSetVfyLevel(ts, RPMSIG_SIGNATURE_TYPE);
++rpmlogSetCallback(rpmcliverifysignatures_log_handler_cb, &rpm_error);
++
++// rpm doesn't provide any better API call than rpmcliVerifySignatures
(which is for CLI):
++// - use path_array as input argument
++// - gather logs via callback because we don't want to print anything if
check is successful
++if (rpmcliVerifySignatures(ts, (char * const*) path_array)) {
++g_set_error(error,
++DNF_ERROR,
++DNF_ERROR_GPG_SIGNATURE_INVALID,
++"%s could not be verified.\n%s",
++filename,
++(rpm_error ? rpm_error->str : "UNKNOWN ERROR"));
++goto out;
++}
+
+ /* read in the file */
+ rc = rpmReadPackageFile(ts, fd, filename, &hdr);
+@@ -318,6 +362,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ g_debug("%s has been verified as trusted", filename);
+ ret = TRUE;
+ out:
++rpmlogSetCallback(NULL, NULL);
++
++if (path != NULL)
++g_free(path);
+ if (dig != NULL)
+ pgpFreeDig(dig);
+ if (td != NULL) {
+--
+2.31.0
+
diff -Nru
Bug#986980: unblock: debian-edu/2.11.36
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu 2.11.36 which just changes a few meta packaging relationships but needs a manual unblock because it's a key package. $ debdiff debian-edu_2.11.35.dsc debian-edu_2.11.36.dsc diff -Nru debian-edu-2.11.35/debian/changelog debian-edu-2.11.36/debian/changelog --- debian-edu-2.11.35/debian/changelog 2021-02-10 12:36:20.0 +0100 +++ debian-edu-2.11.36/debian/changelog 2021-03-28 12:35:03.0 +0200 @@ -1,3 +1,16 @@ +debian-edu (2.11.36) unstable; urgency=medium + + [ Wolfgang Schweer ] + * tasks/music: Recommend musescore3 instead of musescore. (Closes: #985079) +- Also add Suggests on musescore, thanks to Thorsten Glaser. + + [ Holger Levsen ] + * Move currently unavailable debian-installer-11-netboot-(amd64|i386) +packages from suggests to recommends so we don't need another upload once +they become available in bullseye. + + -- Holger Levsen Sun, 28 Mar 2021 12:35:03 +0200 + debian-edu (2.11.35) unstable; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-2.11.35/debian/control debian-edu-2.11.36/debian/control --- debian-edu-2.11.35/debian/control 2021-02-10 12:34:28.0 +0100 +++ debian-edu-2.11.36/debian/control 2021-03-28 12:34:58.0 +0200 @@ -714,6 +714,8 @@ cups, cups-bsd, cups-pdf, +debian-installer-11-netboot-amd64, +debian-installer-11-netboot-i386, dovecot-gssapi, dovecot-imapd, education-networked, @@ -772,8 +774,6 @@ tftpd-hpa Suggests: apache2-doc, calamaris, - debian-installer-11-netboot-amd64, - debian-installer-11-netboot-i386, default-mysql-client, dlint, dnswalk, @@ -867,7 +867,7 @@ lingot, lmms, mcp-plugins, -musescore, +musescore3, nted, pianobooster, qsynth, @@ -878,7 +878,8 @@ timgm6mb-soundfont, tuxguitar Suggests: festival, - lilypond + lilypond, + musescore Description: Debian Edu music and sound applications This metapackage depends on various applications that can be used to teach music. diff -Nru debian-edu-2.11.35/tasks/music debian-edu-2.11.36/tasks/music --- debian-edu-2.11.35/tasks/music 2020-10-03 00:51:23.0 +0200 +++ debian-edu-2.11.36/tasks/music 2021-03-14 10:49:05.0 +0100 @@ -27,6 +27,7 @@ Suggests: lilypond, festival, + musescore, Recommends: rosegarden, @@ -37,6 +38,6 @@ NeedConfig: yes - configure the midi configuration Recommends: - musescore, + musescore3, timgm6mb-soundfont, unblock debian-edu/2.11.36 Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ This is the year of gpg on the desktop! (Gunnar Wolf) signature.asc Description: PGP signature
Bug#986982: unblock: debian-edu-artwork/2.11.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-artwork it fixes an important policy violation flagged by piuparts: $ debdiff debian-edu-artwork_2.11.5-2.dsc debian-edu-artwork_2.11.5-3.dsc diff -Nru debian-edu-artwork-2.11.5/debian/changelog debian-edu-artwork-2.11.5/debian/changelog --- debian-edu-artwork-2.11.5/debian/changelog 2021-02-21 09:50:19.0 +0100 +++ debian-edu-artwork-2.11.5/debian/changelog 2021-04-07 20:56:21.0 +0200 @@ -1,3 +1,10 @@ +debian-edu-artwork (2.11.5-3) unstable; urgency=medium + + [ Andreas Beckmann ] + * Clean up obsolete ldm-theme alternative on upgrades. (Closes: #986535) + + -- Holger Levsen Wed, 07 Apr 2021 20:56:21 +0200 + debian-edu-artwork (2.11.5-2) unstable; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst --- debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst 1970-01-01 01:00:00.0 +0100 +++ debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst 2021-04-07 20:54:54.0 +0200 @@ -0,0 +1,14 @@ +#! /bin/sh + +set -e + +#DEBHELPER# + +EDUTHEME="buster" + +if [ "$1" = "upgrade" ]; then + if dpkg --compare-versions "$2" lt-nl "2.11.5-3~" ; then + # no longer managed by update-debian-edu-artwork-$EDUTHEME + update-alternatives --remove ldm-theme /usr/share/ldm/themes/debian-edu-$EDUTHEME + fi +fi diff -Nru debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst --- debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst 1970-01-01 01:00:00.0 +0100 +++ debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst 2021-04-07 20:54:54.0 +0200 @@ -0,0 +1,14 @@ +#! /bin/sh + +set -e + +#DEBHELPER# + +EDUTHEME="softwaves" + +if [ "$1" = "upgrade" ]; then + if dpkg --compare-versions "$2" lt-nl "2.11.5-3~" ; then + # no longer managed by update-debian-edu-artwork-$EDUTHEME + update-alternatives --remove ldm-theme /usr/share/ldm/themes/debian-edu-$EDUTHEME + fi +fi unblock debian-edu-artwork/2.11.5-3 Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ There are many ways to kill. You can stab someone in the guts, take their bread away, not heal someone from disease, put someone in a bad living space, work someone to death, drive them to suicide, lead someone to war etc. Only few of these are prohibited in our state." (Bertolt Brecht) signature.asc Description: PGP signature
Bug#986983: unblock: debian-edu-config/2.11.54
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
x-debbugs: debian-...@lists.debian.org
Please unblock package debian-edu-config, which (like d-e-artwork in the
previous bugreport) is a key package and as such wont migrate itself.
The changes are all minor, only relevant to Debian Edu and reasonable in
the first place ;)
So this is the translation stripped output (but how to do this properly /
better?) and the full output is attached:
$ debdiff --exclude=*po --exclude=*index.* debian-edu-config_2.11.51.dsc
debian-edu-config_2.11.54.dsc
diff -Nru --exclude '*po' --exclude '*index.*'
debian-edu-config-2.11.51/debian/changelog
debian-edu-config-2.11.54/debian/changelog
--- debian-edu-config-2.11.51/debian/changelog 2021-03-05 19:58:03.0
+0100
+++ debian-edu-config-2.11.54/debian/changelog 2021-04-07 01:03:15.0
+0200
@@ -1,3 +1,31 @@
+debian-edu-config (2.11.54) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Set existing
+mate-panel layout file for the panel to show up. Closes: #986448.
+
+ -- Holger Levsen Wed, 07 Apr 2021 01:03:15 +0200
+
+debian-edu-config (2.11.53) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Improve GOsa² hooks: explicitly create Samba account using gosa-create
+(before changing the password via gosa-sync). Closes: #986122.
+- tools/gosa-create: Add code to create the user's Samba account.
+- tools/gosa-sync: Adjust log message accordingly.
+
+ -- Holger Levsen Wed, 31 Mar 2021 10:44:04 +0200
+
+debian-edu-config (2.11.52) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Adjust internal web page related files. (Closes: #985902)
+- www/index.html.en: Use pt-pt for European Portuguese, adjust PO files,
+ generate language specific index files.
+- www/{es-es,nb-no,pt-br}.po: Fix blends page link and related translation.
+
+ -- Holger Levsen Sun, 28 Mar 2021 11:04:27 +0200
+
debian-edu-config (2.11.51) unstable; urgency=medium
[ Wolfgang Schweer ]
diff -Nru --exclude '*po' --exclude '*index.*'
debian-edu-config-2.11.51/Makefile debian-edu-config-2.11.54/Makefile
--- debian-edu-config-2.11.51/Makefile 2021-02-07 11:27:28.0 +0100
+++ debian-edu-config-2.11.54/Makefile 2021-03-28 11:01:09.0 +0200
@@ -197,7 +197,7 @@
index.html.ja \
index.html.nb-no \
index.html.nl \
- index.html.pt \
+ index.html.pt-pt \
index.html.pt-br \
index.html.ro \
index.html.ru \
diff -Nru --exclude '*po' --exclude '*index.*'
debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-create
debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-create
--- debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-create
2021-01-25 17:46:26.0 +0100
+++ debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-create
2021-03-30 13:17:37.0 +0200
@@ -45,6 +45,8 @@
chown -R $USERID:$GROUPID $HOMEDIR
kadmin.local -q "add_principal -policy users -randkey -x
\"$USERDN\" $USERID"
logger -t gosa-create -p notice Home directory \'$HOMEDIR\' and
principal \'$USERID\' created.
+smbpasswd -a -n -s $USERID
+logger -t gosa-sync -p notice "Samba account '$USERID' created."
## send a welcome-email:
cat << EOF | /usr/lib/sendmail $USERID
Subject: Welcome to the mail-system
diff -Nru --exclude '*po' --exclude '*index.*'
debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-sync
debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-sync
--- debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-sync
2021-01-31 18:38:48.0 +0100
+++ debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-sync
2021-03-30 13:17:37.0 +0200
@@ -48,7 +48,7 @@
if [ "$IAM" = "dn:$USERDN" ] ; then
(echo $EUSERPASSWORD; echo $EUSERPASSWORD) | smbpasswd -a -s $USERID
- logger -t gosa-sync -p notice "Sucessfully added / changed Samba acount
for '$USERID'."
+ logger -t gosa-sync -p notice "Sucessfully changed Samba password for
'$USERID'."
cat > "$TMPFILE" <
debian-edu-config_2.11.54.diff.gz
Description: application/gzip
signature.asc
Description: PGP signature
Bug#986984: Acknowledgement (unblock: debian-edu-doc/2.11.22)
hi,
it seems this bug report didn't make it through to the lists
because of the attachment's size:
Subject: unblock: debian-edu-doc/2.11.22
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-edu-doc 2.11.22, it adds a new translation and
thus
a new binary package and won't migrate on its own:
+Package: debian-edu-doc-pt-pt
+Depends: debian-edu-doc-en, ${misc:Depends}
+Architecture: all
+Multi-Arch: foreign
+Description: Portuguese (Portugal) documentation from the Debian Edu project
+ The Portuguese (Portugal) version of the manual for the Bullseye and Buster
+ based releases of the Debian Edu / Skolelinux project is included in this
+ package.
+ .
+ Debian Edu is a Debian project to make the best distribution for educational
+ purposes. Skolelinux is the name of the Debian Pure Blend which is produced
by the Debian Edu project.
Besides that, there are a very few documentation changes and translation updates
(see the full attached debdiff for those).
$ debdiff --exclude *.po debian-edu-doc_2.11.20.dsc
debian-edu-doc_2.11.22.dsc|diffstat
Makefile
|3
debian/changelog
| 64 +-
debian/control
| 14 ++
debian/copyright
| 15 +-
debian/debian-edu-doc-pt-pt.links
|1
documentation/common/Makefile.common
|2
documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml
|4
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.add
|6
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.add
|2
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot
| 19 +-
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.add
|4
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.add
|7 +
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml
|4
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
|3
documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml
|2
documentation/debian-edu-buster/debian-edu-buster-manual.nl.add
|2
documentation/debian-edu-buster/debian-edu-buster-manual.pot
|6
documentation/debian-edu-buster/debian-edu-buster-manual.pt-pt.add
|1
documentation/debian-edu-buster/debian-edu-buster-manual.xml
|2
documentation/debian-edu-buster/source/AllInOne-debian-edu-buster-manual.xml
|2
20 files changed, 126 insertions(+), 37 deletions(-)
unblock debian-edu-doc/2.11.22
Thanks!
signature.asc
Description: PGP signature
Bug#986985: unblock: fonts-liberation2/2.1.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package fonts-liberation2 2.1.3-1, it's a key package, and it's also a maintenance release and the changes have been 31 days in unstable and the (deb)diff is reasonable: $ debdiff fonts-liberation2_2.1.2-2.dsc fonts-liberation2_2.1.3-1.dsc|diffstat .gitignore |2 - ChangeLog |5 Makefile |8 +-- debian/changelog |6 + scripts/fontfile_version_update.py | 40 + src/LiberationMono-Bold.sfd| 19 +++-- src/LiberationMono-BoldItalic.sfd | 19 +++-- src/LiberationMono-Italic.sfd | 19 +++-- src/LiberationMono-Regular.sfd | 35 ++-- src/LiberationSans-Bold.sfd|4 +-- src/LiberationSans-BoldItalic.sfd |4 +-- src/LiberationSans-Italic.sfd |4 +-- src/LiberationSans-Regular.sfd |4 +-- src/LiberationSerif-Bold.sfd |4 +-- src/LiberationSerif-BoldItalic.sfd |4 +-- src/LiberationSerif-Italic.sfd |4 +-- src/LiberationSerif-Regular.sfd|4 +-- 17 files changed, 114 insertions(+), 71 deletions(-) $ # the full diff is attached and the new script is not used yet at all. unblock fonts-liberation2/2.1.3-1 Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ We live in a world where teenagers get more and more desperate trying to convince adults to behave like grown ups. fonts-liberation2_2.1.3-1.diff.gz Description: application/gzip signature.asc Description: PGP signature
Bug#986984: unblock: debian-edu-doc/2.11.22
Hi Paul, On Sat, Apr 17, 2021 at 09:57:38PM +0200, Paul Gevers wrote: > On Thu, 15 Apr 2021 02:23:22 +0200 Holger Levsen wrote: > > Please unblock package debian-edu-doc 2.11.22, it adds a new translation > > and thus > > a new binary package and won't migrate on its own: > The excuses says it's blocked because it "does not have autopkgtest". speaking of which, what would be a non superficial autopkgtest for debian-edu-doc? would be running "file" on all created html, pdf and epub files be enough? (and checking that those are indeed html, pdf and epub files :) > You *should* be right though, it should *also* be blocked because it has > a new package. > > Anyways, unblocked. thank you! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ signature.asc Description: PGP signature
Bug#986984: unblock: debian-edu-doc/2.11.22
Hi Paul, On Mon, Apr 19, 2021 at 09:56:01PM +0200, Paul Gevers wrote: > I guess that's about the best we can do for such -doc packages. I > realize it's slightly "unfair" because of the different treatment we > have in the current freeze, but I wonder if adding autopkgtest (to test > as-installed packages) is really worth it for such packages. > Documentation changes and translations have always been on the exception > list, even very explicitly this time around [1], so I think we're happy > to just unblock manually. Having said that, I'll not stop you from > adding the test. :) thanks for your comments! TBH I was hoping for some prior art in some other doc package, not primarily to ease testing migration but rather to make sure the contents are as we would like them to be. we've had failures to build pdf|epub|html versions of some languages in the past and it would be nice to catch those automatically. I'll guess I'll invent something myself then... -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ There are no jobs on a dead planet. (Also many other things but people mostly seem to care about jobs.) signature.asc Description: PGP signature
Bug#987783: unblock: debian-edu-install/2.11.12
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-edu-install 2.11.12 which fixes a bug by
increasing partitioning sizes preventing installation in certain situations.
+debian-edu-install (2.11.12) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Adjust partman recipes in lib/partman/common/*: Closes: #987225)
+- Increase minimum by 0.5GiB for / (workstation profile) resp. /var
+ (other profiles). This ensures enough space for (temporarily) caching
debs
+ in case the netinst ISO image is used or installation happens via PXE.
+ Thanks to Philip Hands for spotting this on https://openqa.debian.net.
+ * Update after running 'make update-partman-recipes'.
+
+ -- Holger Levsen Tue, 20 Apr 2021 15:46:08 +0200
The change is entirely trivial and tested on openqa.debian.net, the full
debdiff is attached, this is the diffstat:
debian/changelog | 12 ++
lib/partman/common/90edumain |2 -
lib/partman/common/91edumain+ltsp |2 -
lib/partman/common/92edumain+ws |2 -
lib/partman/common/94edultsp |2 -
lib/partman/common/96eduwork |2 -
lib/partman/common/97minimal |2 -
lib/partman/common/98edustandalone|2 -
lib/partman/recipes-powerpc-powermac_newworld/90edumain |2 -
lib/partman/recipes-powerpc-powermac_newworld/91edumain+ltsp |2 -
lib/partman/recipes-powerpc-powermac_newworld/92edumain+ws|2 -
lib/partman/recipes-powerpc-powermac_newworld/94edultsp |2 -
lib/partman/recipes-powerpc-powermac_newworld/96eduwork |2 -
lib/partman/recipes-powerpc-powermac_newworld/97minimal |2 -
lib/partman/recipes-powerpc-powermac_newworld/98edustandalone |2 -
lib/partman/recipes-powerpc-prep/90edumain|2 -
lib/partman/recipes-powerpc-prep/91edumain+ltsp |2 -
lib/partman/recipes-powerpc-prep/92edumain+ws |2 -
lib/partman/recipes-powerpc-prep/94edultsp|2 -
lib/partman/recipes-powerpc-prep/96eduwork|2 -
lib/partman/recipes-powerpc-prep/97minimal|2 -
lib/partman/recipes-powerpc-prep/98edustandalone |2 -
lib/partman/recipes/90edumain |2 -
lib/partman/recipes/91edumain+ltsp|2 -
lib/partman/recipes/92edumain+ws |2 -
lib/partman/recipes/94edultsp |2 -
lib/partman/recipes/96eduwork |2 -
lib/partman/recipes/97minimal |2 -
lib/partman/recipes/98edustandalone |2 -
update-partman-recipes|4 +--
30 files changed, 42 insertions(+), 30 deletions(-)
unblock debian-edu-install/2.11.12
Thanks for your work on bullseye!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Not everything was bad during capitalism.
diff -Nru debian-edu-install-2.11.11/debian/changelog debian-edu-install-2.11.12/debian/changelog
--- debian-edu-install-2.11.11/debian/changelog 2020-12-15 12:13:05.0 +0100
+++ debian-edu-install-2.11.12/debian/changelog 2021-04-20 15:46:08.0 +0200
@@ -1,3 +1,15 @@
+debian-edu-install (2.11.12) unstable; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Adjust partman recipes in lib/partman/common/*: Closes: #987225)
+- Increase minimum by 0.5GiB for / (workstation profile) resp. /var
+ (other profiles). This ensures enough space for (temporarily) caching debs
+ in case the netinst ISO image is used or installation happens via PXE.
+ Thanks to Philip Hands for spotting this on https://openqa.debian.net.
+ * Update after running 'make update-partman-recipes'.
+
+ -- Holger Levsen Tue, 20 Apr 2021 15:46:08 +0200
+
debian-edu-install (2.11.11) unstable; urgency=medium
[ Wolfgang Schweer ]
diff -Nru debian-edu-install-2.11.11/lib/partman/common/90edumain debian-edu-install-2.11.12/lib/partman/common/90edumain
--- debian-edu-install-2.11.11/lib/partman/common/90edumain 2017-03-02 20:20:10.0 +0100
+++ debian-edu-install-2.11.12/lib/partman/common/90edumain 2021-04-20 14:25:55.0 +0200
@@ -27,7 +27,7 @@
filesystem{ ext4 }
mountpoint{ /usr } .
-2048 3000 15360 ext4
+2560 3000 15360 ext4
$lvmok{ }
method{ format }
format{ }
diff -Nru debian-edu-install-2.11.11/lib/partman/common/91edumain+ltsp debian-edu-install-2.11.12/lib/partman/c
Bug#987783: unblock: debian-edu-install/2.11.12
On Thu, Apr 29, 2021 at 02:21:07PM +0200, Holger Levsen wrote: > Please unblock package debian-edu-install 2.11.12 which fixes a bug by > increasing partitioning sizes preventing installation in certain situations. I forgot to mention the package contains an udeb, which is not used by the default d-i, only when using the special Debian Edu images. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ &fff signature.asc Description: PGP signature
Bug#987992: unblock: debian-edu-doc/2.11.23
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package debian-edu-doc it just contains documentation and
translation updates and a little enhancement to Suggests: in d/control:
diff -Nru debian-edu-doc-2.11.22/debian/changelog
debian-edu-doc-2.11.23/debian/changelog
--- debian-edu-doc-2.11.22/debian/changelog 2021-03-28 11:34:53.0
+0200
+++ debian-edu-doc-2.11.23/debian/changelog 2021-04-25 10:43:28.0
+0200
@@ -1,3 +1,26 @@
+debian-edu-doc (2.11.23) unstable; urgency=medium
+
+ * Update Debian Edu Bullseye manual from the wiki.
+ * Update Debian Edu Buster manual from the wiki.
+
+ [ Translation updates ]
+ * Bullseye manual:
+- Polish: WaldiS
+- Portuguese (Portugal): José Vieira
+- Portuguese: José Vieira
+- Dutch: Frans Spiesschaert
+
+ * Buster manual:
+- Polish: WaldiS
+- Portuguese (Portugal): José Vieira
+
+ [ Wolfgang Schweer ]
+ * debian/control: add Suggests: on the related legacy counterpart to
+debian-edu-doc-{fr,ja,nb-no,nl,pt-pt,zh-cn}. This completes the fix for
+Bug #985703. Thanks again to Andreas Beckmann.
+
+ -- Holger Levsen Sun, 25 Apr 2021 10:43:28 +0200
+
debian-edu-doc (2.11.22) unstable; urgency=medium
[ Translation updates ]
diff -Nru debian-edu-doc-2.11.22/debian/control
debian-edu-doc-2.11.23/debian/control
--- debian-edu-doc-2.11.22/debian/control 2021-03-24 13:29:56.0
+0100
+++ debian-edu-doc-2.11.23/debian/control 2021-04-07 16:33:19.0
+0200
@@ -85,6 +85,7 @@
Package: debian-edu-doc-fr
Depends: debian-edu-doc-en, ${misc:Depends}
+Suggests: debian-edu-doc-legacy-fr
Architecture: all
And then the same change in d/control for 5 other packages...
$ debdiff debian-edu-doc_2.11.22.dsc debian-edu-doc_2.11.23.dsc | diffstat
debian/changelog
| 23
debian/control
|6
documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml
| 28
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po
| 2363 ---
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po
| 164
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po
| 100
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po
| 151
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po
| 1014 -
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po
| 169
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po
| 154
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po
| 7842 ++
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po
| 118
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot
| 71
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po
| 395
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po
| 783
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po
| 112
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po
| 71
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml
| 28
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po
| 162
documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po
| 76
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
|5
documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml
|2
documentation/debian-edu-buster/debian-edu-buster-manual.da.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.de.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.es.po
|4
documentation/debian-edu-buster/debian-edu-buster-manual.fr.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.it.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.ja.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.nb-no.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.nl.po
|6
documentation/debian-edu-buster/debian-edu-buster-manual.pl.po
| 14
documentation/debian-edu-buster/debian-edu-buster-manual.pot
|4
documentation/debian-edu-buster/debian-edu-buster-manual.pt-pt.po
| 420
documentation/debian-edu-buster/debian-edu-buster-manual.ro.po
|4
documentation/debian
Re: Finding a tentative bullseye release date follow up and possible confirmation
hi, On Thu, May 06, 2021 at 02:23:07AM +0200, jorkanof...@tutanota.com wrote: > As stated in a previous email, there was a tentative release date for > Bullseye scheduled on May 22 2021, as stated in this mailing list post: > https://lists.debian.org/debian-release/2021/04/msg00552.html. It is > likely for Debian to be released on May 22 2021, in late May or in > June 2021 aka end of Q2 2021? we don't know yet. > Can you confirm whether the tentative release would be on May 22 or not? no. > If not could you propose another day for a proposed release date? no. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ It's not the lockdown which is unbearable, but the virus. signature.asc Description: PGP signature
Bug#988192: unblock: debian-cd/3.1.34
: Prevent custom splash images from being modified.
+The related code seems to have been useful a long time ago (the need to use
+an RLE file and to reduce the number of colours to 16 has been dropped as of
+syslinux version 3.62). So replace obsolete code with a simple cp command.
+ * debian/control: Drop Recommends: on netpbm and syslinux-utils. These are no
+longer needed now that custom splash images are used unmodified.
+
+ [ Petter Reinholdtse ]
+ * Include eatmydata deb for d-i to use offline. Closes: #986772
+
+ [ Steve McIntyre ]
+ * Shorten "ppc64el" to "p64el" in the volume ID. The bullseye d-i
+RC1 build failed as the volume ID was too long.
+
+ -- Holger Levsen Tue, 20 Apr 2021 01:03:35 +0200
+
debian-cd (3.1.33) unstable; urgency=medium
[ Wolfgang Schweer ]
diff -Nru debian-cd-3.1.33/debian/control debian-cd-3.1.34/debian/control
--- debian-cd-3.1.33/debian/control 2021-01-19 14:56:03.0 +0100
+++ debian-cd-3.1.34/debian/control 2021-03-22 15:20:37.0 +0100
@@ -16,7 +16,7 @@
Package: debian-cd
Architecture: all
Depends: ${misc:Depends}, curl, perl, dpkg-dev, cpp, libdigest-md5-perl, libdigest-sha-perl, tofrodos, apt, make, xorriso | genisoimage, lynx, grep-dctrl, bc, libcompress-zlib-perl, bzip2, libdpkg-perl, wget
-Recommends: hfsutils, netpbm, isolinux, syslinux-common, syslinux-utils, mtools, dosfstools
+Recommends: hfsutils, isolinux, syslinux-common, mtools, dosfstools
Description: Tools for building (Official) Debian CD set
Debian-cd is the official tool for building Debian CD set since the potato
release. It was formerly called YACS (for Yet Another CD Script).
diff -Nru debian-cd-3.1.33/easy-build.sh debian-cd-3.1.34/easy-build.sh
--- debian-cd-3.1.33/easy-build.sh 2018-07-29 05:22:33.0 +0200
+++ debian-cd-3.1.34/easy-build.sh 2021-03-22 15:20:37.0 +0100
@@ -18,7 +18,6 @@
export CF=./CONF.sh
. $CF
export DEBIAN_CD_CONF_SOURCED=true
-unset UPDATE_LOCAL
## Parse the parameters passed to the script
diff -Nru debian-cd-3.1.33/tasks/bullseye/forcd1 debian-cd-3.1.34/tasks/bullseye/forcd1
--- debian-cd-3.1.33/tasks/bullseye/forcd1 2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/bullseye/forcd1 2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
/* #861288 - make it easier for users to report installation problems */
reportbug
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-dev/forcd1 debian-cd-3.1.34/tasks/kali-dev/forcd1
--- debian-cd-3.1.33/tasks/kali-dev/forcd1 2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-dev/forcd1 2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
/* #861288 - make it easier for users to report installation problems */
reportbug
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-last-snapshot/forcd1 debian-cd-3.1.34/tasks/kali-last-snapshot/forcd1
--- debian-cd-3.1.33/tasks/kali-last-snapshot/forcd1 2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-last-snapshot/forcd1 2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
/* #861288 - make it easier for users to report installation problems */
reportbug
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-rolling/forcd1 debian-cd-3.1.34/tasks/kali-rolling/forcd1
--- debian-cd-3.1.33/tasks/kali-rolling/forcd1 2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-rolling/forcd1 2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
/* #861288 - make it easier for users to report installation problems */
reportbug
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/sid/forcd1 debian-cd-3.1.34/tasks/sid/forcd1
--- debian-cd-3.1.33/tasks/sid/forcd1 2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/sid/forcd1 2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
/* #861288 - make it easier for users to report installation problems */
reportbug
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tools/boot/bullseye/boot-x86 debian-cd-3.1.34/tools/boot/bullseye/boot-x86
--- debian-cd-3.1.33/tools/boot/bullseye/boot-x86 2020-05-26 15:32:38.0 +0200
+++ debian-cd-3.1.34/tools/boot/bullseye/boot-x86 2021-03-22 15:20:37.0 +0100
@@ -380,11 +380,7 @@
fi
if [ "$SPLASHPNG" ] ; then
-# Insert our own splash screen. Color index 0 is background, and
-# index 7 is foreground. Set to black and white respecively
-pngtopnm < $SPLASHPNG | ppmquant 16 | \
-ppmtolss16 "#ff=7" "#00=0" > boot$N/isolinux/splash.rle
-pngtopnm < $SPLASHPNG | ppmquant 16 | pnmtopng > boot$N/isolinux/splash.png
+cp
Bug#988372: unblock: debian-edu-config/2.11.55
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-config 2.11.54. It fixes 3 important bugs for Debian Edu and has no impact outside of Debian Edu, yet it's a key package and thus needs an unblock. It's been in unstable for 12 days and has been tested successfully. The diff is small and rather straughtforward too: $ debdiff debian-edu-config_2.11.54.dsc debian-edu-config_2.11.55.dsc | diffstat debian/changelog| 17 sbin/debian-edu-ltsp-install| 33 share/debian-edu-config/tools/kerberos-kdc-init |8 - share/debian-edu-config/tools/run-at-firstboot | 16 +++ 4 files changed, 67 insertions(+), 7 deletions(-) The full debdiff is attached and d/changelog has these entries: debian-edu-config (2.11.55) unstable; urgency=medium [ Wolfgang Schweer ] * Create first user's Samba account at first boot of a main server when all required information is available via LDAP and debconf. Closes: #987632. - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the required password from debconf and let tools/run-at-firstboot create the Samba account. * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634. - Fix LTSP Initrd specific path component construction in case a 32-bit combined server is installed. - Provide a full name for diskless workstation to show up in the iPXE menu. - Use BD ISO image as mirror to enable complete offline installations of a combined server. -- Holger Levsen Thu, 29 Apr 2021 15:27:17 +0200 unblock debian-edu-config/2.11.55 Thanks for your work on releasing bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ If nothing saves us from death, may love at least save us from life. diff -Nru debian-edu-config-2.11.54/debian/changelog debian-edu-config-2.11.55/debian/changelog --- debian-edu-config-2.11.54/debian/changelog 2021-04-07 01:03:15.0 +0200 +++ debian-edu-config-2.11.55/debian/changelog 2021-04-29 15:27:17.0 +0200 @@ -1,3 +1,20 @@ +debian-edu-config (2.11.55) unstable; urgency=medium + + [ Wolfgang Schweer ] + * Create first user's Samba account at first boot of a main server when all +required information is available via LDAP and debconf. Closes: #987632. +- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the + required password from debconf and let tools/run-at-firstboot create the + Samba account. + * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634. +- Fix LTSP Initrd specific path component construction in case a 32-bit + combined server is installed. +- Provide a full name for diskless workstation to show up in the iPXE menu. +- Use BD ISO image as mirror to enable complete offline installations of a + combined server. + + -- Holger Levsen Thu, 29 Apr 2021 15:27:17 +0200 + debian-edu-config (2.11.54) unstable; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install --- debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install 2021-02-07 11:27:28.0 +0100 +++ debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install 2021-04-26 23:38:21.0 +0200 @@ -17,7 +17,7 @@ # Author/Copyright: Wolfgang Schweer # Licence: GPL2+ # first edited: 2019-11-21 -# last edited: 2021-02-04 +# last edited: 2021-04-26 set -e @@ -137,6 +137,8 @@ # Provide a full menu name for x86_64.img IPXE_X86_64_IMG="Diskless Workstation (64-Bit)" +# Provide a full menu name for x86_32.img +IPXE_X86_32_IMG="Diskless Workstation (32-Bit)" # Set default boot value ## # Default value is x86_64 or x86_32 (arch specific, Diskless Workstation) @@ -339,18 +341,33 @@ show=false EOF +# Specific settings needed if BD ISO image is used for installation. +if grep -q BD /etc/apt/sources.list ; then + BD_ISO="true"; + device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)" + mirror="file:///media/cdrom/" +else + mirror="http://deb.debian.org/debian"; +fi + # Create thin client chroot and generate image. export DEBIAN_FRONTEND=noninteractive if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch" # Install common thin client packages. -debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \ - "$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/
Bug#988372: closed by Paul Gevers (Re: Bug#988372: unblock: debian-edu-config/2.11.55)
On Fri, May 14, 2021 at 08:06:06PM +, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the release.debian.org package: > #988372: unblock: debian-edu-config/2.11.55 [...] > On 11-05-2021 15:22, Holger Levsen wrote: > > Please unblock package debian-edu-config 2.11.54. > I assume this was a typo here. Nevertheless, unblocked. yes, the subject was correct. Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ signature.asc Description: PGP signature
Bug#994627: bullseye-pu: package debian-edu-config/2.11.56+deb11u1
On Sun, Sep 19, 2021 at 12:16:28AM +0200, Wolfgang Schweer wrote: > [ Other info ] > Holger Levsen will upload the package in case of approval. Given a certain three year old^wnew policy I've went ahead and uploaded this now. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The upcoming clima apocalypse is the big elephant in every room now. signature.asc Description: PGP signature
Bug#995341: Highly inappropriate behavior which the RT should be aware of
On Fri, Oct 01, 2021 at 11:48:48AM +0200, Diederik de Haas wrote: > I want to make sure that you're aware of what I consider HIGHLY inappropriate > behavior by Chuck where he is trying to sidestep/override the Xen maintainers > by filing this bug directly to the release.debian.org pseudo package. why don't you give Chuck more slack and assume he filed this bug the way he did with the best intentions? really. and even if that would be wrong, treating it this way would not be wrong. :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Fischers Fritz fischt Plastik. signature.asc Description: PGP signature
Bug#1000511: bullseye-pu: package debian-edu-config/2.11.56+deb11u2
On Wed, Nov 24, 2021 at 01:29:50PM +0100, Wolfgang Schweer wrote: > The package will be uploaded soonish by Holger Levsen. I've done this now. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The greatest danger in times of turbulence is not the turbulence; it is to act with yesterdays logic. (Peter Drucker) signature.asc Description: PGP signature
Bug#1000511: bullseye-pu: package debian-edu-config/2.11.56+deb11u2
tags 1000511 - moreinfo fixed 995610 2.12.5 thanks On Tue, Nov 30, 2021 at 11:21:56PM +0100, Wolfgang Schweer wrote: > > The metadata for the first bug implies that it affects unstable and is > > not yet fixed there. Could you please confirm the status? > Yes, the bug is also fixed in unstable, please see the first changelog entry: > https://tracker.debian.org/news/1266906/accepted-debian-edu-config-2125-source-into-unstable/ that changelog entry misses the Closes: statement, thus Adams observation was correct, though I've now fixed the metadata, after confirming that df44fe85e (in the bullseye branch) 411b5a4bf (in the master branch) are identical except for that missing Closes: statement. I'll not do further git archeology to investigate how that happened :) long story short: #995610 has been fixed in sid since Oct 13th 2021. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ &fff signature.asc Description: PGP signature
Bug#1000811: bullseye-pu: package debian-edu-doc/2.11.26+deb11u1
On Mon, Nov 29, 2021 at 01:38:19PM +0100, Wolfgang Schweer wrote: > Holger Levsen will do the upload. this has been done now. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ :wq signature.asc Description: PGP signature
Re: Propose update of Telegram Desktop in Bullseye
Hi Nicholas, On Sat, Dec 04, 2021 at 01:16:32PM +0300, Nicholas Guriev wrote: > In this email, I would like to discuss the situation with updates of the > telegram-desktop package in stable releases. please don't do this. As in: please use a bug to have this discussion. running 'reportbug release.debian.org' and then choosing 'bullseye proposed updates requests' will make sure the right meta data is set for the bug, so the stable release team will this request when they deal with these kinds of request. debian-release@lists.debian.org has too much traffic to deal with such kind of requests without properly filed bugs. HTH and thank you for maintaining telegram-desktop! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ "I know what you're thinking" used to be an idiom but now it's a business model. signature.asc Description: PGP signature
Re: #975016 - OpenJDK 17 support state for Bullseye
hi, almost exactly a year ago... On Sun, Feb 07, 2021 at 11:59:23AM +0100, Matthias Klose wrote: > So I'm going with option 1, preparing for an openjdk-17 in bullseye, and > preparing release notes and notes for security support. This is more > conservative than option 2, but allows to do better than the commitment made. > > The option also has the advantage that approval is only needed by the security > team. openjdk-17 already is in testing. granting unblock requests for new > snapshot builds by the release team would be appreciated, but isn't strictly > necessary as long as we can build newer snapshots. And that can be checked in > unstable. so, as I see it, openjdk-17 is in bullseye and now I'm wondering what I should do with #975016 titled "OpenJDK 17 support state for Bullseye" and filed against src:debian-security-support, as openjdk-17 seems to be supported and src:debian-security-support's purpose is to documented what's unsupported. so, should I just close this bug? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ A ship is always safe at shore, but that is not what it's built for. (Albert Einstein) signature.asc Description: PGP signature
Bug#1032885: unblock: debian-security-support/1:12+2023.03.05
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, for some updated information about security-support-limited in bookworm and a new Romanian translation (plus 2 trivial packaging fixes). The complete diff is trivial and rather risk-free. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing debian-security-support (1:12+2023.03.05) unstable; urgency=medium * security-support-limited: - for golang and openjdk-17, point to the bookworm manual instead the one for bullseye. - add mozjs102 based on package description (and #959804). - drop mozjs52 and mozjs60 as they were only present in buster. -- Holger Levsen Sun, 05 Mar 2023 20:39:38 +0100 debian-security-support (1:12+2022.08.23) unstable; urgency=medium * Add Romanian translation for debian-security-support debconf templates, thanks to Remus-Gabriel Chelu. Closes: #1031615. * Add Romanian translation for check-support-status, thanks to Remus-Gabriel Chelu. Closes: #1031617. * Fix mismatched lintian override, thanks lintian-brush. * Bump standards version to 4.6.2, no changes needed. -- Holger Levsen Sun, 05 Mar 2023 20:06:04 +0100 $ debdiff debian-security-support_12+2022.08.22.dsc debian-security-support_12+2023.03.05.dsc|diffstat debian/changelog | 21 ++ debian/control |2 - debian/debian-security-support.lintian-overrides |2 - debian/po/ro.po | 100 ++ po/ro.po | 142 security-support-limited |7 ++ 6 files changed, 268 insertions(+), 6 deletions(-) see attached full debdiff. unblock debian-security-support/1:12+2023.03.05 -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Right-handed people commit 90% of all crime world-wide. diff -Nru debian-security-support-12+2022.08.22/debian/changelog debian-security-support-12+2023.03.05/debian/changelog --- debian-security-support-12+2022.08.22/debian/changelog 2022-08-22 14:59:42.0 +0200 +++ debian-security-support-12+2023.03.05/debian/changelog 2023-03-05 20:39:38.0 +0100 @@ -1,3 +1,24 @@ +debian-security-support (1:12+2023.03.05) unstable; urgency=medium + + * security-support-limited: +- for golang and openjdk-17, point to the bookworm manual instead the one + for bullseye. +- add mozjs102 based on package description (and #959804). +- drop mozjs52 and mozjs60 as they were only present in buster. + + -- Holger Levsen Sun, 05 Mar 2023 20:39:38 +0100 + +debian-security-support (1:12+2022.08.23) unstable; urgency=medium + + * Add Romanian translation for debian-security-support debconf templates, +thanks to Remus-Gabriel Chelu. Closes: #1031615. + * Add Romanian translation for check-support-status, thanks to +Remus-Gabriel Chelu. Closes: #1031617. + * Fix mismatched lintian override, thanks lintian-brush. + * Bump standards version to 4.6.2, no changes needed. + + -- Holger Levsen Sun, 05 Mar 2023 20:06:04 +0100 + debian-security-support (1:12+2022.08.22) unstable; urgency=medium * Revert "include /var/lib/debian-security-support in package.", thus diff -Nru debian-security-support-12+2022.08.22/debian/control debian-security-support-12+2023.03.05/debian/control --- debian-security-support-12+2022.08.22/debian/control 2022-08-22 13:17:16.0 +0200 +++ debian-security-support-12+2023.03.05/debian/control 2023-03-05 20:33:23.0 +0100 @@ -16,7 +16,7 @@ original-awk, po-debconf, xmlto, -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Rules-Requires-Root: no Vcs-Git: https://salsa.debian.org/debian/debian-security-support.git Vcs-Browser: https://salsa.debian.org/debian/debian-security-support diff -Nru debian-security-support-12+2022.08.22/debian/debian-security-support.lintian-overrides debian-security-support-12+2023.03.05/debian/debian-security-support.lintian-overrides --- debian-security-support-12+2022.08.22/debian/debian-security-support.lintian-overrides 2022-08-22 12:33:16.0 +0200 +++ debian-security-support-12+2023.03.05/debian/debian-security-support.lintian-overrides 2023-03-05 20:33:23.0 +0100 @@ -1,3 +1,3 @@ debian-security-support: no-debconf-config debian-security-support: postinst-uses-db-input -debian-security-support: debconf-is-not-a-registry usr/share/debian-security-support/che
Bug#1032885: unblock: debian-security-support/1:12+2023.03.05
On Mon, Mar 13, 2023 at 03:58:45PM +0100, Moritz Mühlenhoff wrote: > Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen: > > * security-support-limited: > > - for golang and openjdk-17, point to the bookworm manual instead the > > one > > for bullseye. > That's wrong, though. (And the release notes need updating to, I'll file > a bug soonish): In Bookworm openjdk-17 is the default Java and fully > supported, but we need the equivalent note for openjdk-21 now. thanks, Moritz. I'll happily update d-s-s once the release manual is updated. or i could update d-s-s now too, if it's really just about replacing 17 with 21 in this line from security-support-limited : openjdk-17 See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#openjdk-17 Are there any further updates expected from the security team's POV? -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ We need to learn to live with cholera. What is the alternative? Breaking up all streets, building drainage with toilets in every building? (@tadeas_) signature.asc Description: PGP signature
Bug#1032885: unblock: debian-security-support/1:12+2023.03.05
control: retitle -1 unblock: debian-security-support/1:12+2023.03.17
control: tags -1 -moreinfo
thanks
On Fri, Mar 17, 2023 at 09:49:46AM +0100, Moritz Mühlenhoff wrote:
> > openjdk-17 See
> > https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#openjdk-17
> Ack. I also filed #1033069 to update the release notes.
cool, thanks.
> > Are there any further updates expected from the security team's POV?
> I pushed a change to add a note on the legacy Spring classes we only use to
> build some packages, but with by itself are not supported to run anything.
cool, thanks.
> With that I think everything is covered for Bookworm I think.
great, I've just uploaded debian-security-support/1:12+2023.03.17, the
updated full debdiff to the version in bookworm is attached.
$ debdiff debian-security-support_12+2022.08.22.dsc
debian-security-support_12+2023.03.17.dsc|diffstat
debian/changelog | 36 +
debian/control |2
debian/debian-security-support.lintian-overrides |6 ++
debian/po/ro.po | 100
+
po/ro.po | 142
++
security-support-limited |8 +--
6 files changed, 288 insertions(+), 6 deletions(-)
debian-security-support (1:12+2023.03.17) unstable; urgency=medium
[ Moritz Muehlenhoff ]
* security-support-limited: add note about libspring-java.
[ Holger Levsen ]
* security-support-limited: Add openjdk-21 and drop openjdk-17 as the latter
is the default (and supported) JDK in bookworm.
* Add lintian override for possibly-insecure-handling-of-tmp-files-in-
maintainer-script after reviewing the postinst script.
* Add lintian override for unused debconf templates because the templates are
used, just not by debconf.
-- Holger Levsen Fri, 17 Mar 2023 12:27:15 +0100
debian-security-support (1:12+2023.03.05) unstable; urgency=medium
* security-support-limited:
- for golang and openjdk-17, point to the bookworm manual instead the one
for bullseye.
- add mozjs102 based on package description (and #959804).
- drop mozjs52 and mozjs60 as they were only present in buster.
-- Holger Levsen Sun, 05 Mar 2023 20:39:38 +0100
debian-security-support (1:12+2022.08.23) unstable; urgency=medium
* Add Romanian translation for debian-security-support debconf templates,
thanks to Remus-Gabriel Chelu. Closes: #1031615.
* Add Romanian translation for check-support-status, thanks to
Remus-Gabriel Chelu. Closes: #1031617.
* Fix mismatched lintian override, thanks lintian-brush.
* Bump standards version to 4.6.2, no changes needed.
-- Holger Levsen Sun, 05 Mar 2023 20:06:04 +0100
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
The system isn't broken. It was built this way.
diff -Nru debian-security-support-12+2022.08.22/debian/changelog debian-security-support-12+2023.03.17/debian/changelog
--- debian-security-support-12+2022.08.22/debian/changelog 2022-08-22 14:59:42.0 +0200
+++ debian-security-support-12+2023.03.17/debian/changelog 2023-03-17 12:27:15.0 +0100
@@ -1,3 +1,39 @@
+debian-security-support (1:12+2023.03.17) unstable; urgency=medium
+
+ [ Moritz Muehlenhoff ]
+ * security-support-limited: add note about libspring-java.
+
+ [ Holger Levsen ]
+ * security-support-limited: Add openjdk-21 and drop openjdk-17 as the latter
+is the default (and supported) JDK in bookworm.
+ * Add lintian override for possibly-insecure-handling-of-tmp-files-in-
+maintainer-script after reviewing the postinst script.
+ * Add lintian override for unused debconf templates because the templates are
+used, just not by debconf.
+
+ -- Holger Levsen Fri, 17 Mar 2023 12:27:15 +0100
+
+debian-security-support (1:12+2023.03.05) unstable; urgency=medium
+
+ * security-support-limited:
+- for golang and openjdk-17, point to the bookworm manual instead the one
+ for bullseye.
+- add mozjs102 based on package description (and #959804).
+- drop mozjs52 and mozjs60 as they were only present in buster.
+
+ -- Holger Levsen Sun, 05 Mar 2023 20:39:38 +0100
+
+debian-security-support (1:12+2022.08.23) unstable; urgency=medium
+
+ * Add Romanian translation for debian-security-support debconf templates,
+thanks to Remus-Gabriel Chelu. Closes: #1031615.
+ * Add Romanian translation for check-support-status, thanks to
+Remus-Gabriel Chelu. Closes: #1031617.
+ * Fix mismatched lintian override, thanks lintian-brush.
+ * Bump standards version to 4.6.2, no changes needed.
+
+ -- Holger Levsen Sun, 05 Mar 2023 20:06:04 +010
Bug#1033378: unblock: debian-security-support/1:12+2023.03.23
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, for a trivial, yet adequate update. Sadly it has no autopkgtest, thus this unblock request. [ Reason ] debian-security-support in bookworm lacks a file security-support-ended.deb12, and thus adequate complains, though not debian-security-support. still it feels wrong and it would need to be added in later updates anyway. thus adding it now and adding a checklist what to do at the beginning of each release cycle. [ Impact ] hardly any, but it's cleaner. [ Tests ] https://piuparts.debian.org/sid/broken_symlinks_issue.html listed debian-security-support/1:12+2023.03.17 yesterdaybut it does not list debian-security-support/1:12+2023.03.22 anymore today. \o/ [ Risks ] I cannot imagine any but I've seen horses puking, so. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] (Anything else the release team should know.) You are doing an awesome job. Release processes are better documented and automated than ever, and you still keep improving them while still keeping "a human touch", "despite also enforcing them". Seriously kudos & thank you. unblock debian-security-support/1:12+2023.03.23 $ debdiff debian-security-support_12+2023.03.17.dsc debian-security-support_12+2023.03.23.dsc|diffstat debian/README.source | 16 +++- debian/changelog | 13 + security-support-ended.deb12 | 13 + 3 files changed, 41 insertions(+), 1 deletion(-) $ debdiff debian-security-support_12+2023.03.17.dsc debian-security-support_12+2023.03.23.dsc diff -Nru debian-security-support-12+2023.03.17/debian/changelog debian-security-support-12+2023.03.23/debian/changelog --- debian-security-support-12+2023.03.17/debian/changelog 2023-03-17 12:27:15.0 +0100 +++ debian-security-support-12+2023.03.23/debian/changelog 2023-03-23 22:38:23.0 +0100 @@ -1,3 +1,16 @@ +debian-security-support (1:12+2023.03.23) unstable; urgency=medium + + * d/README.source: list steps to be done at the beginning of each release +cycle to avoid bugs like #1033312. + + -- Holger Levsen Thu, 23 Mar 2023 22:38:23 +0100 + +debian-security-support (1:12+2023.03.22) unstable; urgency=medium + + * Add currently empty security-support-ended.deb12 file. Closes: #1033312. + + -- Holger Levsen Wed, 22 Mar 2023 11:24:28 +0100 + debian-security-support (1:12+2023.03.17) unstable; urgency=medium [ Moritz Muehlenhoff ] diff -Nru debian-security-support-12+2023.03.17/debian/README.source debian-security-support-12+2023.03.23/debian/README.source --- debian-security-support-12+2023.03.17/debian/README.source 2023-03-05 20:33:23.0 +0100 +++ debian-security-support-12+2023.03.23/debian/README.source 2023-03-22 17:00:24.0 +0100 @@ -7,9 +7,23 @@ All changes should be introduced in unstable first, and then migrate to testing. To support stable and older releases there are GIT branches. -Usually only support status updates are applied to stable and older branches. +Only support status updates are applied to stable and older branches. If in doubt whether something should be committed for unstable, please open a MR on salsa.debian.org so the change can be discussed there. Further improvements to this README are very welcome too. + +# ToDo list for a new Debian release + +At the beginning of each new Debian release cycle, these steps need to be done: + +- create a new git branch for the old release +- increase the epoch in debian/changelog +- create security-support-ended.debX based on the previous release +- debian/rules: increase NEXT_VERSION_ID +- check-support-status.in: + - increase DEB_NEXT_VER_ID + - increase DEB_LOWEST_VER_ID and drop security-support-ended.debY +- update links with release codenames in security-support-limited + diff -Nru debian-security-support-12+2023.03.17/security-support-ended.deb12 debian-security-support-12+2023.03.23/security-support-ended.deb12 --- debian-security-support-12+2023.03.17/security-support-ended.deb12 1970-01-01 01:00:00.0 +0100 +++ debian-security-support-12+2023.03.23/security-support-ended.deb12 2023-03-22 10:34:41.0 +0100 @@ -0,0 +1,13 @@ + +# List of packages whose security support ends before the distribution EOL + +# File format: Columns, separated by one or more space characters +# 1. source package name +# 2. last version with support +#Important: If there have been binNMUs, enter the highest version +#number used +# 3. Date when support ended or will end, in the form -mm-dd +# 4. Descriptive text or URL with more details (optional) +#In the program's output, this is prefixed with "Details:" + +# none yet (please remove this
Bug#1034400: unblock: debian-edu-config/2.12.32
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-config, which is a key package and thus needs unblocking. All autopkgtests are successful and the package has been in unstable since 17 days. The update fixes one bug affecting the use with blueray disks. This is the full debdiff: $ debdiff debian-edu-config_2.12.31.dsc debian-edu-config_2.12.32.dsc diff -Nru debian-edu-config-2.12.31/debian/changelog debian-edu-config-2.12.32/debian/changelog --- debian-edu-config-2.12.31/debian/changelog 2023-02-26 10:10:43.0 +0100 +++ debian-edu-config-2.12.32/debian/changelog 2023-03-27 20:40:47.0 +0200 @@ -1,3 +1,10 @@ +debian-edu-config (2.12.32) unstable; urgency=medium + + * debian-edu-ltsp-install: fix failure with absent BD iso images. Patch +thanks to Wolfgang Schweer. Closes: #1033451. + + -- Holger Levsen Mon, 27 Mar 2023 20:40:47 +0200 + debian-edu-config (2.12.31) unstable; urgency=medium * sbin/debian-edu-pxeinstall: adjust for memtest86+ 6.10-4, thanks to diff -Nru debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install --- debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install 2022-11-13 14:55:57.0 +0100 +++ debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install 2023-03-27 20:36:55.0 +0200 @@ -18,7 +18,7 @@ # Licence: GPL2+ # first edited:2019-11-21 -version=2021-11-18 +version=2023-03-25 set -e @@ -598,7 +598,7 @@ mkdir -p /srv/ltsp/dlw chmod 755 /srv/ltsp/dlw # Use BD-ISO if available. - if ! mountpoint -q /media/cdrom ; then + if [ "true" == "$BD_ISO" ] && ! mountpoint -q /media/cdrom ; then mount /media/cdrom fi if grep -q BD /etc/apt/sources.list && [ -f /media/cdrom/.disk/info ] ; then unblock debian-edu-config/2.12.32 Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Just 100 companies are responsible for 71% of global emissions. https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change signature.asc Description: PGP signature
Bug#928290: unblock: debian-edu-doc/2.10.16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock debian-edu-doc, it's a documentation only change: debian-edu-doc (2.10.16) unstable; urgency=medium * Update Debian Edu Buster and Stretch manuals from the wiki. * Update debian/copyright from the wikis. [ Translation updates ] * Buster manual: - Dutch: Frans Spiesschaert - German: Wolfgang Schweer - Italian: Claudio Carboncini - Chinese (Simplified): Ma Yong - Polish: Wiktor Wandachowicz - Norwegian Bokmål: Allan Nordhøy * ITIL manual: - Dutch: Frans Spiesschaert - Chinese (Simplified): Ma Yong - Norwegian Bokmål: Allan Nordhøy * Audacity manual: - Dutch: Frans Spiesschaert - Chinese (Simplified): zlffcn - Norwegian Bokmål: Allan Nordhøy * Rosegarden manual: - Dutch: Frans Spiesschaert - Norwegian Bokmål: Allan Nordhøy * Stretch manual: - German: Wolfgang Schweer - Dutch: Frans Spiesschaert - French: Jean-Pierre Giraud. Closes: #927430 - Chinese (Simplified): Ma Yong - Polish: Wiktor Wandachowicz - Norwegian Bokmål: Allan Nordhøy $ debdiff debian-edu-doc_2.10.15.dsc debian-edu-doc_2.10.16.dsc|diffstat debian/changelog| 34 debian/copyright| 12 documentation/audacity/audacity-manual.cs.po|9 documentation/audacity/audacity-manual.fr.po|9 documentation/audacity/audacity-manual.nb.po| 38 documentation/audacity/audacity-manual.nl.po| 24 documentation/audacity/audacity-manual.pl.po|9 documentation/audacity/audacity-manual.pot |9 documentation/audacity/audacity-manual.pt_BR.po |9 documentation/audacity/audacity-manual.sv.po|9 documentation/audacity/audacity-manual.uk.po|9 documentation/audacity/audacity-manual.xml |4 documentation/audacity/audacity-manual.zh.po| 33 documentation/audacity/audacity-manual.zh_Hant.po |9 documentation/debian-edu-buster/debian-edu-buster-manual.da.po | 71 documentation/debian-edu-buster/debian-edu-buster-manual.de.po | 97 documentation/debian-edu-buster/debian-edu-buster-manual.es.po | 44 documentation/debian-edu-buster/debian-edu-buster-manual.fr.po | 51 documentation/debian-edu-buster/debian-edu-buster-manual.it.po | 366 - documentation/debian-edu-buster/debian-edu-buster-manual.ja.po | 70 documentation/debian-edu-buster/debian-edu-buster-manual.nb.po | 649 -- documentation/debian-edu-buster/debian-edu-buster-manual.nl.po | 137 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po | 415 - documentation/debian-edu-buster/debian-edu-buster-manual.pot| 44 documentation/debian-edu-buster/debian-edu-buster-manual.xml| 25 documentation/debian-edu-buster/debian-edu-buster-manual.zh.po | 1155 --- documentation/debian-edu-buster/debian-edu-buster-manual.zh_Hant.po | 44 documentation/debian-edu-itil/debian-edu-itil-manual.nb.po | 14 documentation/debian-edu-itil/debian-edu-itil-manual.nl.po | 10 documentation/debian-edu-itil/debian-edu-itil-manual.pot|4 documentation/debian-edu-itil/debian-edu-itil-manual.xml|2 documentation/debian-edu-itil/debian-edu-itil-manual.zh.po | 11 documentation/debian-edu-itil/debian-edu-itil-manual.zh_Hant.po |4 documentation/debian-edu-stretch/debian-edu-stretch-manual.da.po| 24 documentation/debian-edu-stretch/debian-edu-stretch-manual.de.po| 38 documentation/debian-edu-stretch/debian-edu-stretch-manual.es.po| 17 documentation/debian-edu-stretch/debian-edu-stretch-manual.fr.po| 3167 +++--- documentation/debian-edu-stretch/debian-edu-stretch-manual.it.po| 43 documentation/debian-edu-stretch/debian-edu-stretch-manual.ja.po| 17 documentation/debian-edu-stretch/debian-edu-stretch-manual.nb.po| 66 documentation/debian-edu-stretch/debian-edu-stretch-manual.nl.po| 38 documentation/debian-edu-stretch/debian-edu-stretch-manual.pl.po| 54 documentation/debian-edu-stretch/debian-edu-stretch-manual.pot | 17 documentation/debian-edu-stretch/debian-edu-stretch-manual.xml |8 documentation/debian-edu-stretch/debian-edu-stretch-manual.zh.po| 301 documentation/rosegarden/rosegarden-manual.es.po|4 documentation/rosegarden/rosegarden-manual.fr.po|4 documentation/rosegarden/rosegarden-manual.nb.po| 19 documentation/rosegarden/rosegarden-manual
Bug#928290: Acknowledgement (unblock: debian-edu-doc/2.10.16)
Hi, attached is the debdiff for this unblock request. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Dance like no one's watching. Encrypt like everyone is. debian-edu-doc_2.10.16.diff.xz Description: application/xz signature.asc Description: PGP signature
Bug#928223: unblock / pre approval: otrs2/6.0.16-2
control: tags -1 - moreinfo thanks signature.asc Description: PGP signature
Bug#928663: unblock: piuparts/1.0.0
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock the package piuparts, the changes relevant to normal users of
the packages are these:
* piuparts.py:
- Add '--merged-usr' support when using debootstrap to create the chroot.
- Add '--distupgrade-to-testdebs-from DIR' as a shorthand for
'--bindmount DIR --testdebs-repo DIR --distupgrade-to-testdebs'.
In theory also relevant (because these changes touch code everyone is using)
are also
these changes:
* piupartslib/packagesdb.py:
- Keep recycled pass logs while waiting for new test results, continuing
to show them as "successfully-tested" instead of "waiting-to-be-tested".
- Add (hardcoded) list of missing dependencies that resolve to
"ignore-does-not-exist".
Used for packages to be skipped via "is_installable_*" scripts to
exclude them from "dependency-does-not-exist" state.
In theory, because these codepathes are not used in normal piuparts usage (but
only
in master-server setups which TTBOMK is only used by Andreas and me.)
$ debdiff piuparts_0.98.dsc piuparts_1.0.0.dsc | diffstat
piuparts.py
| 21
piupartslib/packagesdb.py
| 58 +
2 files changed, 79 insertions
The custom-scripts might be used by some piuparts users (not by default though),
yet I have a high confidence they are good, as we are using them since weeks on
piuparts.d.o without any issues.
All the other changes only affect the piuparts master-server setup or
documentation.
The full changelog is:
piuparts (1.0.0) unstable; urgency=medium
.
[ David Steele ]
* piuparts-reports.py:
Revert "Don't add results from outdated binaries to summary.json" from
0.94. The reverted commit is 62a6b3c438f42480ce3a08996ed4994de1561591.
The patch was added to avoid incorporating summary.json reporting results
for binary packages which are no longer part of the source package. It
stopped Piuparts from blocking the source package from testing migration.
It has a bug related to "upgrade test" sections, which cause a large
number of packages to incorrectly be reported in the "waiting" state.
.
[ Andreas Beckmann ]
* piuparts.py:
- Add '--merged-usr' support when using debootstrap to create the chroot.
- Add '--distupgrade-to-testdebs-from DIR' as a shorthand for
'--bindmount DIR --testdebs-repo DIR --distupgrade-to-testdebs'.
* distros.conf:
- wheezy* has been archived/removed.
- jessie* has been partially archived/removed.
- Add buster-backports.
- Add bullseye-proposed-updates.
* piuparts.conf:
- Add section [sid-merged-usr], using --merged-usr. (Closes: #848968)
- Use --warn-on-debsums-errors for tests ending in buster.
- Rename [stretch2proposed] to [stretch2next]
and [buster2proposed] to [buster2next].
* piupartslib/packagesdb.py:
- Keep recycled pass logs while waiting for new test results, continuing
to show them as "successfully-tested" instead of "waiting-to-be-tested".
- Add (hardcoded) list of missing dependencies that resolve to
"ignore-does-not-exist".
Used for packages to be skipped via "is_installable_*" scripts to
exclude them from "dependency-does-not-exist" state.
* piuparts-slave.py:
- New option "slave-flush-interval" to flush logs more frequently to the
master. Set to 30 minutes.
- New option "chroot-meta-directory" to share reference target chroot
metadata between slave instances.
* piuparts-report.py:
- Omit states with 0 packages from section summaries.
* scripts/{post_chroot_unpack,pre_distupgrade}_allow_unauthenticated:
- Disable Check-Valid-Until for wheezy/updates and jessie-backports.
* scripts/post_distupgrade_exceptions:
- Handle /var/lib/pam/seen stretch -> buster upgrade by running
pam-auth-update if needed. Workaround for #920760.
* scripts/pre_remove_40_find_unowned_lib_links:
- Handle --merged-usr environments.
* master-bin/reschedule_piuparts_tests: Do not act on 'bugged/*.log' and
'affected/*.log' by default. Add --bugged, --affected flags.
.
[ Holger Levsen ]
* Declare this release to be version 1.0.0, finally. May the force be with
you.
* htdocs/news.tpl:
- add news about sid-merged-usr being tested.
- add news about the 1.0.0 release.
* piuparts_slave_join.8.txt: update revdate to date of last change.
$ debdiff piuparts_0.98.dsc piuparts_1.0.0.dsc |
Bug#928223: unblock / pre approval: otrs2/6.0.16-2
control: tags -1 moreinfo On Thu, May 09, 2019 at 10:06:50AM +0200, Patrick Matthäi wrote: > Am 08.05.2019 um 15:50 schrieb Holger Levsen: > > control: tags -1 - moreinfo > Means this I should upload it now to buster/testing? well, sorry, I have misread your last emails to this bug and thought you had already uploaded. But yes, you can now upload to buster and then you remove the moreinfo tag again so that the RT team knows to look at this bug again. sorry for the noise. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
fixing debian-security-support upgrades from stretch (for good)
[re-sent with debian-release list address corrected...] hi, so there is "#928172 debian-security-support: fails to upgrade from 'testing': dpkg: error: error executing hook" which happens when base-files is upgraded before debian-security-support (but doesnt happen if d-s-s is upgraded first...) So I think this can only be fixed properly (=without asking people to upgrade to the latest stretch pointrelease but instead allowing upgrades to buster from *any* stretch pointrelease) by adding a "pre-depends: debian-security-support (>= 2019.04.25)" to base-files in buster. As per policy 7.2 I'm asking debian-devel to discuss this and form a consensus that this is the right thing to do. Please note that there are two more relevant bugs for this disucssion: "#927450 [debian-security-support] debian-security-support needs to be adapted to each new Debian release" - this bug should be fixed in another debian-security-support upload targeted at buster, probably by just exiting with 0 in case of an unsupported release. Please note that #927450 was fixed in d-s-s 2019.04.25 and then reopened with another scope :/ (=fixing this permanently and forever, while #927450 was originally only about not recognizing buster as a valid release.) "#928204 [debian-security-support] check-support-status: cannot create /var/lib/debian-security-support/security-support.semaphore: Directory nonexistent" - I looked at the code and couldnt see how this bug could happen. Help welcome, also just by confirming whether it's possible for you to (not) reproduce this bug. -- tschau, Holger, who didn't create this mess... --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: fixing debian-security-support upgrades from stretch (for good)
reassign -1 base-files retitle -1 base-files: please add a break on d-s-s < 2019.04.25 thanks On Mon, May 13, 2019 at 01:00:14PM +0100, Ben Hutchings wrote: > On Mon, 2019-05-13 at 11:52 +, Holger Levsen wrote: > > So I think this can only be fixed properly (=without asking people to > > upgrade to the latest stretch pointrelease but instead allowing upgrades > > to buster from *any* stretch pointrelease) by adding a "pre-depends: > > debian-security-support (>= 2019.04.25)" to base-files in buster. > This makes debian-security-support transitively essential, whereas it > used to be optional. thanks, Ben. > Is "Conflicts" not strong enough? after re-reading https://www.debian.org/doc/debian-policy/ch-relationships.html#packages-which-break-other-packages-breaks and https://www.debian.org/doc/debian-policy/ch-relationships.html#conflicting-binary-packages-conflicts (policy 7.3 and 7.4) I now also think that a "Breaks: debian-security-support (>= 2019.04.25)" in src:base-files is in order. Thanks. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C we'll all die. make a difference while you can. disobey. smile. signature.asc Description: PGP signature
Re: fixing debian-security-support upgrades from stretch (for good)
On Mon, May 13, 2019 at 08:17:26PM +0100, Ben Hutchings wrote: > On Mon, 2019-05-13 at 19:08 +0000, Holger Levsen wrote: > > reassign -1 base-files > > retitle -1 base-files: please add a break on d-s-s < 2019.04.25 and FWIW and for future releases, I've just now done https://salsa.debian.org/debian/debian-security-support/commit/970c319393cc1a43d6213b21e92b3ec1c6b77e73 "check-support-status.in: don't fail if security-support-ended.debX does not exist for the release d-s-s is running on. Closes: #927450." though I won't upload this immediatly as I'm not sure it's the most ideal fix for this. Maybe it is though. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#928972: unblock: debian-security-support/2019.05.14
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock x-debbugs-cc: sanv...@unex.es Please unblock package debian-security-support, it fixes two RC bugs. Attached is the debdiff against 2019.04.25 which is not in testing but has been unblocked by Niels via #926397. unblock debian-security-support/2019.05.14 The changelog explained: + * check-support-status.in: don't fail if security-support-ended.debX does +not exist for the release d-s-s is running on. Closes: #927450. For this I just replaced 'exit 1' with 'exit 0'... + * postinst and check-support-status.hook: add code to create the d-s-s +user's home directory if it doesn't exist, as schroot copies /etc/passwd +from the host without creating the user home directories. Closes: #928204. +Thanks to Santiago Vila. Here I decided to also add this code to check-support-status.hook to be on the safe side. I believe this is not needed but let's be safe now. (Cleaning this up for bullseye is tracked via #928968.) + * d/control: set myself as maintainer to formally adopt the package and drop +Christoph Biedl on his request. Many thanks for creating this package and +maintaining it, Christoph! -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Some people say that the climate crisis is something that we all have created, but that is not true, because if everyone is guilty then no one is to blame. And someone is to blame. Some people, some companies, some decision-makers in particular, have known exactly what priceless values they have been sacrificing to continue making unimaginable amounts of money. diff -Nru debian-security-support-2019.04.25/check-support-status.hook debian-security-support-2019.05.14/check-support-status.hook --- debian-security-support-2019.04.25/check-support-status.hook 2019-04-25 11:24:00.0 +0200 +++ debian-security-support-2019.05.14/check-support-status.hook 2019-05-14 11:36:45.0 +0200 @@ -4,6 +4,8 @@ #%# License: GPL-2.0-only # This codes duplicates "postinst configure" +# 20190514: but why? and why all of it, eg the user creation? +# FIXME: we should drop this after the Buster release, this is tracked as #928968. set -e @@ -23,6 +25,12 @@ "$USERNAME" fi +# needed for schroots which copy /etc/passwd from the host +if [ ! -d "$LIB_DIR" ]; then +mkdir "$LIB_DIR" +chown $USERNAME:$USERNAME "$LIB_DIR" +fi + if [ "$TMPDIR" ] && [ "$(stat --format=%a "$TMPDIR")" != '1777' ] ; then export TMPDIR='/tmp' fi diff -Nru debian-security-support-2019.04.25/check-support-status.in debian-security-support-2019.05.14/check-support-status.in --- debian-security-support-2019.04.25/check-support-status.in 2019-04-25 11:20:34.0 +0200 +++ debian-security-support-2019.05.14/check-support-status.in 2019-05-13 21:14:22.0 +0200 @@ -22,7 +22,7 @@ if [ "$DEBIAN_VERSION" -lt "$DEB_LOWEST_VER_ID" ] || [ "$DEBIAN_VERSION" -gt "$DEB_NEXT_VER_ID" ] ; then eval_gettext "Unknown DEBIAN_VERSION \$DEBIAN_VERSION. Valid values from \$DEB_LOWEST_VER_ID and \$DEB_NEXT_VER_ID"; echo -exit 1 +exit 0 fi LIST= diff -Nru debian-security-support-2019.04.25/debian/changelog debian-security-support-2019.05.14/debian/changelog --- debian-security-support-2019.04.25/debian/changelog 2019-04-25 11:36:54.0 +0200 +++ debian-security-support-2019.05.14/debian/changelog 2019-05-14 11:48:37.0 +0200 @@ -1,3 +1,17 @@ +debian-security-support (2019.05.14) unstable; urgency=medium + + * check-support-status.in: don't fail if security-support-ended.debX does +not exist for the release d-s-s is running on. Closes: #927450. + * postinst and check-support-status.hook: add code to create the d-s-s +user's home directory if it doesn't exist, as schroot copies /etc/passwd +from the host without creating the user home directories. Closes: #928204. +Thanks to Santiago Vila. + * d/control: set myself as maintainer to formally adopt the package and drop +Christoph Biedl on his request. Many thanks for creating this package and +maintaining it, Christoph! + + -- Holger Levsen Tue, 14 May 2019 11:48:37 +0200 + debian-security-support (2019.04.25) unstable; urgency=medium * Team upload. diff -Nru debian-security-support-2019.04.25/debian/control debian-security-support-2019.05.14/debian/control --- debian-security-support-2019.04.25/debian/control 2019-04-20 16:17:12.0 +0200 +++ debian-security-support-2019.05.14/debian/c
Bug#928972: unblock: debian-security-support/2019.05.14
On Tue, May 14, 2019 at 12:11:41PM +0200, Holger Levsen wrote: > + * postinst and check-support-status.hook: add code to create the d-s-s > +user's home directory if it doesn't exist, as schroot copies /etc/passwd > +from the host without creating the user home directories. Closes: > #928204. > +Thanks to Santiago Vila. > > Here I decided to also add this code to check-support-status.hook to be on > the safe side. I believe this is not needed but let's be safe now. > (Cleaning this up for bullseye is tracked via #928968.) as you can read in #928968 it was good to stay on the safe side and to add the relevant code to check-support-status.hook, so that I have improved the code comments in git further (see https://salsa.debian.org/debian/debian-security-support/commit/db4096368c49002cfb413d8a9dabb2afffb39f39 if you care about the details) and closed #928968. tl;dr: debian-security-support 2019.05.14 is still good for buster as it is. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#929082: unblock: razor/1:2.85-4.2
On Thu, May 16, 2019 at 09:52:45PM +0200, Paul Gevers wrote: > Well, if they are maintained by the QA group, there are at least around > 90 people notified of stuff. no. noone is notified about bugs in packages maintained by the QA group. (or maybe some poor soul is, but noone is reading those notices *if* someone receives them.) -- tschau, Holger, member of the qa group --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#929374: unblock: debian-security-support/2019.05.22
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, the trivial debdiff is inline below. This change is only useful to have in Buster, so that we can have this version (modulo ~deb9u1) in Stretch without breaking the archive constraints. ( If you think this is non-sense/sub-optimal, please tell me a better plan. I'm not fully convinced this is sensible though I do think we should inform Stretch users about ended security support. OTOH cherry picking commits seems more work than this, and having the version in sync in the different suites also seems useful to me. ) unblock debian-security-support/2019.05.22 $ debdiff debian-security-support_2019.05.14.dsc debian-security-support_2019.05.22.dsc diff -Nru debian-security-support-2019.05.14/check-support-status.hook debian-security-support-2019.05.22/check-support-status.hook --- debian-security-support-2019.05.14/check-support-status.hook 2019-05-14 11:36:45.0 +0200 +++ debian-security-support-2019.05.22/check-support-status.hook 2019-05-14 14:09:54.0 +0200 @@ -3,9 +3,7 @@ #%# Copyright (C) 2014-2017 Christoph Biedl #%# License: GPL-2.0-only -# This codes duplicates "postinst configure" -# 20190514: but why? and why all of it, eg the user creation? -# FIXME: we should drop this after the Buster release, this is tracked as #928968. +# This codes duplicates "postinst configure", see #928968 why this has to be done... set -e diff -Nru debian-security-support-2019.05.14/debian/changelog debian-security-support-2019.05.22/debian/changelog --- debian-security-support-2019.05.14/debian/changelog 2019-05-14 11:48:37.0 +0200 +++ debian-security-support-2019.05.22/debian/changelog 2019-05-22 14:49:10.0 +0200 @@ -1,3 +1,13 @@ +debian-security-support (2019.05.22) unstable; urgency=medium + + * Mark jasperreports as end-of-life in Stretch as well. Closes: #884907. + * Explain in comments to check-support-status.hook and postinst that code +needs to be present in both files as the hook could be run before +postinst. #928968 has a longer explanation why and is used for tracking +that this will be properly fixed eventually. + + -- Holger Levsen Wed, 22 May 2019 14:49:10 +0200 + debian-security-support (2019.05.14) unstable; urgency=medium * check-support-status.in: don't fail if security-support-ended.debX does diff -Nru debian-security-support-2019.05.14/debian/debian-security-support.postinst debian-security-support-2019.05.22/debian/debian-security-support.postinst --- debian-security-support-2019.05.14/debian/debian-security-support.postinst 2019-05-14 11:16:42.0 +0200 +++ debian-security-support-2019.05.22/debian/debian-security-support.postinst 2019-05-14 14:11:57.0 +0200 @@ -7,6 +7,13 @@ USERNAME=debian-security-support LIB_DIR="/var/lib/$USERNAME" +## +## +# WARNING: if you modify code here, you probably also need to modify # +# ../check-support-status.hook # +## +## + case "$1" in configure) # assert user diff -Nru debian-security-support-2019.05.14/security-support-ended.deb9 debian-security-support-2019.05.22/security-support-ended.deb9 --- debian-security-support-2019.05.14/security-support-ended.deb9 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.05.22/security-support-ended.deb9 2019-05-22 14:06:16.0 +0200 @@ -11,3 +11,4 @@ #In the program's output, this is prefixed with "Details:" tomcat6 6.0.45+dfsg-1 2016-12-31 https://lists.debian.org/debian-java/2016/01/msg00069.html +jasperreports4.1.3+dfsg-32017-12-09 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10 Thanks. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Some people say that the climate crisis is something that we all have created, but that is not true, because if everyone is guilty then no one is to blame. And someone is to blame. Some people, some companies, some decision-makers in particular, have known exactly what priceless values they have been sacrificing to continue making unimaginable amounts of money. signature.asc Description: PGP signature
Bug#929635: unblock: munin/2.0.49-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package munin, it fixes three important bugs (and a bunch
of normal bugs). munin is a leaf package and 2.0.49 is just another bugfix
release and has been in sid since 11 days without any new issues reported.
munin (2.0.49-1) unstable; urgency=medium
[ Lars Kruse ]
* New upstream version 2.0.49, fixing the upstream issue #1187
(https://github.com/munin-monitoring/munin/issues/1187) which breaks the
visualization of comparison pages and the "problems" overview for munin's
default settings ("html_strategy" and "graph_strategy" being "cron").
* New upstream version 2.0.48, fixing various issues, including bugs in:
- Accept DNS names in "allow" (Closes: #483617)
- Natural sort output on cpuspeed plugin (Closes: #924366)
- postgres_connections_ "Query failed!" (Closes: #924424)
- diskstat_ plugin fails with 4.19 kernels (Closes: #926146)
- open_files max is 18 quintillion, obscuring graph (Closes: #928211)
- upstream issues:
* https://github.com/munin-monitoring/munin/issues/579:
A connection issue with a node leads to the premature removal of all
its graphs from the master visualization, if any plugin (from any
node) returned an invalid output.
* https://github.com/munin-monitoring/munin/issues/951:
munin-async failed to handle plugins with names containing special
characters. Such valid plugins worked only locally, but not via
munin-async.
* https://github.com/munin-monitoring/munin/issues/460:
In an fcgid-based setup (recommended when using nginx) every but the
first request for a "comparison" page returned invalid graphs due to
a mistaken permanent internal state change. This long-standing issue
plagued munin since wheezy.
* Re-export upstream signing key without extra signatures.
* Ensure that /var/cache/munin/www exists.
Thanks to Marvin Gülker (Closes: #927692)
* Keep permission of /run/munin in sync for systemd and sysvinit
-- Holger Levsen Thu, 16 May 2019 01:21:08 +0200
$ debdiff munin_2.0.47-1.dsc munin_2.0.49-1.dsc | diffstat
ChangeLog | 56
RELEASE |2
debian/changelog| 57 ++--
debian/examples/systemd-fastcgi/munin-graph.service | 11 ++
debian/examples/systemd-fastcgi/munin-graph.socket |8 +
debian/examples/systemd-fastcgi/munin-html.service | 11 ++
debian/examples/systemd-fastcgi/munin-html.socket |8 +
debian/munin-common.tmpfile |2
debian/munin-node.tmpfile |2
debian/munin.examples |1
debian/munin.init | 10 +-
debian/tests/munin-node/02.plugins.t|4
debian/upstream/signing-key.asc | 39
master/lib/Munin/Master/Config.pm | 21 +++-
master/lib/Munin/Master/HTMLOld.pm | 92 ++--
master/lib/Munin/Master/Node.pm | 32 --
master/lib/Munin/Master/Update.pm |3
master/lib/Munin/Master/UpdateWorker.pm | 26 -
node/_bin/munin-asyncd.in |5 -
node/lib/Munin/Node/Config.pm |1
node/lib/Munin/Node/SpoolWriter.pm |9 +
node/t/munin_node_spoolreader.t | 40
node/t/munin_node_spoolwriter.t |4
plugins/node.d.linux/acpi.in|2
plugins/node.d.linux/cpuspeed.in|2
plugins/node.d.linux/diskstat_.in |4
plugins/node.d.linux/open_files.in |6 -
plugins/node.d/nutups_.in | 16 ++-
plugins/node.d/postgres_connections_.in |2
plugins/node.d/snmp__if_.in |4
30 files changed, 348 insertions(+), 132 deletions(-)
The full debdiff is attached.
unblock munin/2.0.49-1
--
tschau,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Dance like no one's watching. Encrypt like everyone is.
diff -Nru munin-2.0.47/ChangeLog munin-2.0.49/ChangeLog
--- munin-2.0.47/ChangeLog 2019-02-28 15:43:36.0 +0100
+++ munin-2.0.49/ChangeLog 2019-05-09 05:45:43.0 +0200
@@ -1,5 +1,60 @@
-*- text -*-
+munin-2.0.49, 2019-05-09
+
+---
+Summary
+---
+
+Bugfix release.
+
+--
+Detailed Changelog
+--
Bug#929843: unblock: debian-security-support/2019.06.01
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, it's a translation only update: debian-security-support (2019.06.01) unstable; urgency=medium * New translations: - Swedish, thanks to Andreas Ronnquist. Closes: #929401. - Dutch, thanks to Frans Spiesschaert. Closes: #929809. * Translation updates: - Russian, thanks to Yuri Kozlov. Closes: #929384. - Japanese, thanks to Shinichi Sakata and victory. - Portuguese, thanks to Américo Monteiro. Closes: #929404. - Polish, thanks to Łukasz Dulny. - Brasilian Portuguese, thanks to Adriano Rafael Gomes. Closes: #929765. - Italian, thanks to Beatrice Torracca. Closes: #929812. -- Holger Levsen Sat, 01 Jun 2019 17:44:00 +0200 unblock debian-security-support/2019.06.01 The full debdiff is attached. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C we'll all die. make a difference while you can. disobey. smile. diff -Nru debian-security-support-2019.05.22/debian/changelog debian-security-support-2019.06.01/debian/changelog --- debian-security-support-2019.05.22/debian/changelog 2019-05-22 14:49:10.0 +0200 +++ debian-security-support-2019.06.01/debian/changelog 2019-06-01 17:44:00.0 +0200 @@ -1,3 +1,18 @@ +debian-security-support (2019.06.01) unstable; urgency=medium + + * New translations: +- Swedish, thanks to Andreas Ronnquist. Closes: #929401. +- Dutch, thanks to Frans Spiesschaert. Closes: #929809. + * Translation updates: +- Russian, thanks to Yuri Kozlov. Closes: #929384. +- Japanese, thanks to Shinichi Sakata and victory. +- Portuguese, thanks to Américo Monteiro. Closes: #929404. +- Polish, thanks to Łukasz Dulny. +- Brasilian Portuguese, thanks to Adriano Rafael Gomes. Closes: #929765. +- Italian, thanks to Beatrice Torracca. Closes: #929812. + + -- Holger Levsen Sat, 01 Jun 2019 17:44:00 +0200 + debian-security-support (2019.05.22) unstable; urgency=medium * Mark jasperreports as end-of-life in Stretch as well. Closes: #884907. diff -Nru debian-security-support-2019.05.22/po/it.po debian-security-support-2019.06.01/po/it.po --- debian-security-support-2019.05.22/po/it.po 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.06.01/po/it.po 2019-05-31 17:53:30.0 +0200 @@ -1,13 +1,13 @@ # Italian translation of debian-security-support debconf messages. # Copyright (C) 2014, debian-security-support package's copyright holder # This file is distributed under the same license as the debian-security-support package. -# Beatrice Torracca , 2014, 2016. +# Beatrice Torracca , 2014, 2016, 2019. msgid "" msgstr "" "Project-Id-Version: debian-security-support\n" "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n" "POT-Creation-Date: 2016-06-07 12:13+0200\n" -"PO-Revision-Date: 2016-05-22 12:53+0200\n" +"PO-Revision-Date: 2019-05-31 17:34+0200\n" "Last-Translator: Beatrice Torracca \n" "Language-Team: Italian \n" "Language: it\n" @@ -23,6 +23,8 @@ "Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from " "$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID" msgstr "" +"DEBIAN_VERSION $DEBIAN_VERSION sconosciuta. Valori validi da $" +"DEB_LOWEST_VER_ID e $DEB_NEXT_VER_ID" #: ../check-support-status.in:63 msgid "Failed to parse the command line parameters" @@ -39,12 +41,12 @@ #: ../check-support-status.in:117 msgid "E: Need a --type if --list is given" -msgstr "" +msgstr "E: Necessario --type se è specificato --list" #: ../check-support-status.in:130 #, sh-format msgid "E: Unknown --type '$TYPE'" -msgstr "" +msgstr "E: --type '$TYPE' sconosciuto" #: ../check-support-status.in:152 msgid "E: Cannot detect dpkg version, assuming wheezy or newer" @@ -100,11 +102,9 @@ "per alcuni pacchetti." #: ../check-support-status.in:320 -#, fuzzy, sh-format +#, sh-format msgid "* Source:$SRC_NAME, will end on $ALERT_WHEN" -msgstr "" -"* Sorgente:$SRC_NAME, terminato il $ALERT_WHEN alla versione " -"$ALERT_VERSION" +msgstr "* Sorgente:$SRC_NAME, terminerà il $ALERT_WHEN" #: ../check-support-status.in:323 #, sh-format diff -Nru debian-security-support-2019.05.22/po/ja.po debian-security-support-2019.06.01/po/ja.po --- debian-security-support-2019.05.22/po/ja.po 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.06.01/po/ja.po 2019-06-01 17:39:41.0 +0200 @@ -1,14 +1,14 @@ -# S
Bug#930575: unblock: developers-reference/3.4.25
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package developers-reference, the changes are trivial and documentation only...: $ debdiff developers-reference_3.4.24.dsc developers-reference_3.4.25.dsc diff -Nru developers-reference-3.4.24/common.ent developers-reference-3.4.25/common.ent --- developers-reference-3.4.24/common.ent 2019-02-13 21:28:03.0 +0100 +++ developers-reference-3.4.25/common.ent 2019-06-15 18:27:56.0 +0200 @@ -10,22 +10,22 @@ - + - - - - - - - - - - + + + + + + + + + + Sat, 15 Jun 2019 21:02:04 +0200 + developers-reference (3.4.24) unstable; urgency=medium unblock developers-reference/3.4.25 Thanks & kudos for announcing the release date 3 weeks in advance, very cool! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#930617: unblock: debian-security-support/2019.06.13
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-security-support, the changes are rather trivial, yet with the nice result of all included translations to being complete now: $ debdiff debian-security-support_2019.06.01.dsc debian-security-support_2019.06.13.dsc|diffstat debian/changelog| 12 po/cs.po| 24 +++- po/da.po| 26 +- security-support-ended.deb8 |1 + 4 files changed, 37 insertions(+), 26 deletions(-) full debdiff attached. unblock debian-security-support/2019.06.13 -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea. diff -Nru debian-security-support-2019.06.01/debian/changelog debian-security-support-2019.06.13/debian/changelog --- debian-security-support-2019.06.01/debian/changelog 2019-06-01 17:44:00.0 +0200 +++ debian-security-support-2019.06.13/debian/changelog 2019-06-13 18:27:05.0 +0200 @@ -1,3 +1,15 @@ +debian-security-support (2019.06.13) unstable; urgency=medium + + [ Emilio Pozuelo Monfort ] + * Add mysql-5.5 to security-support-ended.deb8. + + * Translation updates: +- Danish, thanks to Joe Dalton. Closes: #929941. +- Czech, thanks to Michal Simunek. Closes: #930384. +- this means all included translations are uptodate, yay! + + -- Holger Levsen Thu, 13 Jun 2019 18:27:05 +0200 + debian-security-support (2019.06.01) unstable; urgency=medium * New translations: diff -Nru debian-security-support-2019.06.01/po/cs.po debian-security-support-2019.06.13/po/cs.po --- debian-security-support-2019.06.01/po/cs.po 2018-03-16 15:39:59.0 +0100 +++ debian-security-support-2019.06.13/po/cs.po 2019-06-12 18:27:03.0 +0200 @@ -1,14 +1,14 @@ # Czech PO debconf template translation of debian-security-support. # Copyright (C) 2014 Michal Simunek # This file is distributed under the same license as the debian-security-support package. -# Michal Simunek , 2014. +# Michal Simunek , 2014 - 2019. # msgid "" msgstr "" -"Project-Id-Version: debian-security-support 2014.05.16\n" +"Project-Id-Version: debian-security-support 2019.05.23\n" "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n" "POT-Creation-Date: 2016-06-07 12:13+0200\n" -"PO-Revision-Date: 2014-06-20 09:15+0200\n" +"PO-Revision-Date: 2019-06-11 20:15+0200\n" "Last-Translator: Michal Simunek \n" "Language-Team: Czech \n" "Language: cs\n" @@ -22,6 +22,8 @@ "Unknown DEBIAN_VERSION $DEBIAN_VERSION. Valid values from " "$DEB_LOWEST_VER_ID and $DEB_NEXT_VER_ID" msgstr "" +"Neznámá verze Debianu $DEBIAN_VERSION. Platné hodnoty od " +"$DEB_LOWEST_VER_ID a $DEB_NEXT_VER_ID" #: ../check-support-status.in:63 msgid "Failed to parse the command line parameters" @@ -38,12 +40,12 @@ #: ../check-support-status.in:117 msgid "E: Need a --type if --list is given" -msgstr "" +msgstr "E: Je-li zadán --list, je třeba zadat --type" #: ../check-support-status.in:130 #, sh-format msgid "E: Unknown --type '$TYPE'" -msgstr "" +msgstr "E: Neznámý --type '$TYPE'" #: ../check-support-status.in:152 msgid "E: Cannot detect dpkg version, assuming wheezy or newer" @@ -52,18 +54,16 @@ "wheezy nebo novější" #: ../check-support-status.in:282 -#, fuzzy msgid "Future end of support for one or more packages" -msgstr "Omezená bezpečnostní podpora jednoho nebo více balíčků" +msgstr "Budoucí omezená bezpečnostní podpora jednoho nebo více balíčků" #: ../check-support-status.in:285 -#, fuzzy msgid "" "Unfortunately, it will be necessary to end security support for some " "packages before the end of the regular security maintenance life " "cycle." msgstr "" -"U některých balíčků bylo bohužel nutné ukončit bezpečnostní podporu " +"U některých balíčků bude bohužel nutné ukončit bezpečnostní podporu " "před koncem životního cyklu běžně poskytované bezpečnostní podpory." #: ../check-support-status.in:288 ../check-support-status.in:298 @@ -98,11 +98,9 @@ "U některých balíčků bylo bohužel nutné omezit bezpečnostní podporu." #: ../check-support-status.in
Bug#930658: unblock: debian-edu-doc/2.10.18
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package debian-edu-doc, it's a documentation and translation update only: debian-edu-doc (2.10.18) unstable; urgency=medium * Update Debian Edu Buster manual from the wiki. * Update Audacity manual from the wiki. * Update Rosegarden manual from the wiki. * Update debian/copyright from the wikis. [ Translation updates ] * Buster manual: - Chinese (Simplified): Ma Yong - Japanese: hoxp18 - Dutch: Frans Spiesschaert * Stretch manual: - Chinese (Simplified): Ma Yong - Japanese: hoxp18 * Audacity manual: - new Japanese translation by hoxp18. - Dutch: Frans Spiesschaert * Rosegarden manual: - French: Quentin Lejard [ hoxp18 ] * documentation/common/edu-css.xml: increase font size for headings in the HTML variants. -- Holger Levsen Mon, 17 Jun 2019 22:17:41 +0200 $ debdiff debian-edu-doc_2.10.17.dsc debian-edu-doc_2.10.18.dsc debian/changelog| 27 debian/copyright| 10 documentation/audacity/audacity-manual.cs.po| 10 documentation/audacity/audacity-manual.fr.po| 18 documentation/audacity/audacity-manual.ja.po| 1107 + documentation/audacity/audacity-manual.nb.po| 18 documentation/audacity/audacity-manual.nl.po| 24 documentation/audacity/audacity-manual.pl.po| 10 documentation/audacity/audacity-manual.pot | 10 documentation/audacity/audacity-manual.pt_BR.po | 10 documentation/audacity/audacity-manual.sv.po| 10 documentation/audacity/audacity-manual.uk.po| 13 documentation/audacity/audacity-manual.xml |4 documentation/audacity/audacity-manual.zh.po| 10 documentation/audacity/audacity-manual.zh_Hant.po | 10 documentation/common/edu.css.xml|7 documentation/debian-edu-buster/debian-edu-buster-manual.da.po | 276 - documentation/debian-edu-buster/debian-edu-buster-manual.de.po | 23 documentation/debian-edu-buster/debian-edu-buster-manual.es.po | 16 documentation/debian-edu-buster/debian-edu-buster-manual.fr.po | 32 documentation/debian-edu-buster/debian-edu-buster-manual.it.po | 191 documentation/debian-edu-buster/debian-edu-buster-manual.ja.po | 1944 +- documentation/debian-edu-buster/debian-edu-buster-manual.nb.po | 18 documentation/debian-edu-buster/debian-edu-buster-manual.nl.po | 40 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po | 16 documentation/debian-edu-buster/debian-edu-buster-manual.pot| 11 documentation/debian-edu-buster/debian-edu-buster-manual.xml|6 documentation/debian-edu-buster/debian-edu-buster-manual.zh.po | 88 documentation/debian-edu-buster/debian-edu-buster-manual.zh_Hant.po | 16 documentation/debian-edu-stretch/debian-edu-stretch-manual.ja.po| 108 documentation/debian-edu-stretch/debian-edu-stretch-manual.zh.po|4 documentation/rosegarden/rosegarden-manual.es.po|8 documentation/rosegarden/rosegarden-manual.fr.po| 308 - documentation/rosegarden/rosegarden-manual.nb.po| 14 documentation/rosegarden/rosegarden-manual.nl.po| 17 documentation/rosegarden/rosegarden-manual.pl.po|8 documentation/rosegarden/rosegarden-manual.pot |8 documentation/rosegarden/rosegarden-manual.xml |4 documentation/rosegarden/rosegarden-manual.zh.po|8 documentation/rosegarden/rosegarden-manual.zh_Hant.po |8 40 files changed, 2761 insertions(+), 1709 deletions(-) The full debdiff is attached. unblock debian-edu-doc/2.10.18 Hooray for Buster! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C debian-edu-doc_2.10.18.diff.xz Description: application/xz signature.asc Description: PGP signature
Re: youtube-dl in a stable release
On Sun, Jun 23, 2019 at 07:23:20PM +0100, Jonathan Wiltshire wrote: > That fix is also unsuitable for unblocking as it currently stands; if we do > not fix it now, it would have to be done in stable anyway and it's not > really suitable there either. > > I am therefore not confident at all that youtube-dl is suitable for stable > and I am inclined to think we should remove it from buster. I am open to > being persuaded about that. I'd be sad to see it go. I also don't understand why it's ok to update firefox (bundling rust) with new upstream releases, while not youtube-dl. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#930994: unblock: piuparts/1.0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package piuparts, as usual (at these times) the changes are mostly only relevant for piuparts.debian.org, while the changes relevant for normal users are : * piuparts.conf, distros.conf: Update for buster release. * piuparts.py: - Add '--max-command-output-size' option to allow overriding the default of 8 MB for debugging runs. - Fix spurious failure to remove packages with names ending with '+'. In theory also relevant (because these changes touch code everyone is using) are also these changes: * piupartslib/packagesdb.py: - Remove stale .kpr files after receiving new logs. In theory, because these codepathes are not used in normal piuparts usage (but only in master-server setups which TTBOMK is only used by Andreas and me/piuparts.debian.org.) The custom-scripts might be used by some piuparts users (not by default though), yet I have a high confidence they are good, as we are using them since June 6th on piuparts.d.o without any issues. The full changelog is: piuparts (1.0.1) unstable; urgency=medium [ Andreas Beckmann ] * piuparts.conf, distros.conf: Update for buster release. * piuparts.py: - Add '--max-command-output-size' option to allow overriding the default of 8 MB for debugging runs. - Run pre_remove scripts before computing packages to be removed. - Fix spurious failure to remove packages with names ending with '+'. * piupartslib/packagesdb.py: - Remove stale .kpr files after receiving new logs. * piuparts-slave.py: - Generate separate tarball names for --merged-usr chroots. - Re-exec on SIGUSR1, picking up updated code and new config sections. * master-bin/detect_piuparts_issues: - Clean up stale temporary and empty files. * master-bin/rotate_master_logs: Delete master logs older than 90 days. * slave-bin/slave_reexec: New, send SIGUSR1 to all running slaves. * custom-scripts: Add and update several exceptions. * piuparts.conf.anbe: Add some more example sections. [ Holger Levsen ] * generate_daily_report: improve statistics. -- Holger Levsen Tue, 18 Jun 2019 14:48:59 +0200 The full debdiff is attached, this is the diffstat: $ debdiff piuparts_1.0.0.dsc piuparts_1.0.1.dsc | diffstat Makefile |8 conf/distros.conf |8 custom-scripts/scripts-broken-symlinks/post_install_extras_unbreak_symlinks | 93 +- custom-scripts/scripts-debug-triggers/pre_distupgrade_debug_triggers |2 custom-scripts/scripts-debug-triggers/pre_install_debug_triggers |2 custom-scripts/scripts-multi-distro-upgrade/pre_remove_exceptions_multi-distro-upgrade | 13 custom-scripts/scripts/is_testable_uninstallable | 219 - custom-scripts/scripts/post_distupgrade_exceptions | 15 custom-scripts/scripts/post_remove_exceptions | 16 custom-scripts/scripts/post_setup_minimize |2 custom-scripts/scripts/pre_distupgrade_allow_unauthenticated |2 custom-scripts/scripts/pre_distupgrade_exceptions | 24 custom-scripts/scripts/pre_distupgrade_zz_database-server | 15 custom-scripts/scripts/pre_install_database-server | 19 custom-scripts/scripts/pre_install_exceptions | 22 custom-scripts/scripts/pre_remove_50_find_bad_permissions |9 custom-scripts/scripts/pre_remove_exceptions | 33 debian/changelog | 28 instances/piuparts.conf-template.pejacevic | 13 instances/piuparts.conf.anbe | 416 ++ master-bin/detect_network_issues.in |2 master-bin/detect_piuparts_issues.in |6 master-bin/detect_well_known_errors.py |2 master-bin/generate_daily_report.in |7 master-bin/reschedule_piuparts_tests.in | 48 - master-bin/rotate_master_logs.in |8 piuparts-slave.py
Re: Bug#930994: marked as done (unblock: piuparts/1.0.1)
On Thu, Jun 27, 2019 at 09:51:07AM +, Debian Bug Tracking System wrote: > If you would have only included the change of the names of the suite, we > would have unblocked it. As it stands there are too many changes to > accept it at this very late stage of releasing buster. Sorry. oh well, sigh. the changes are no different than the ones let in before and as said, in codepathes noone besides piuparts.d.o uses. sad. anyhow, i guess for an t-p-u upload it is too late now (???), so that sensible default release names will only be in buster with 10.1, right? -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C "... the premise [is] that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect." (Bruce Schneier) signature.asc Description: PGP signature
Re: Bits from the Release Team: ride like the wind, Bullseye!
Hi, On Sun, Jul 07, 2019 at 02:47:00AM +0100, Jonathan Wiltshire wrote: > Shortly before the end of the 6th July, we released Debian 10, "buster". *yay* *yay* & *yay*! > No binary maintainer uploads for bullseye > = > > The release of buster also means the bullseye release cycle is about to begin. > From now on, we will no longer allow binaries uploaded by maintainers to > migrate to testing. This means that you will need to do source-only uploads if > you want them to reach bullseye. > > > Q: I already did a binary upload, do I need to do a new (source-only) > upload? > A: Yes (preferably with other changes, not just a version bump). > > Q: I needed to do a binary upload because my upload went to the NEW queue, > do I need to do a new (source-only) upload for it to reach bullseye? > A: Yes. We also suggest going through NEW in experimental instead of > unstable > where possible, to avoid disruption in unstable. whh, that's *totally* awesome news! loving it. > All autopkgtest failures considered RC for bullseye also very yay! exciting times ahead! -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: testing migration aging and reproducible builds
On Sun, Jul 21, 2019 at 05:35:53PM -0300, Jonathan Wiltshire wrote: > On Sun, Jul 21, 2019 at 11:55:59AM -0300, Vagrant Cascadian wrote: > > This makes me think to decrease the delay for reproducible packages > > rather than increase the delay for unreproducible ones? Though then > > you'd want it to be a small increment... > How about if the current bonus of three days is dependent on both > autopkgtests *and* reproducibility? That keeps the incentive without ending > up with same-day migrations. /me likes! -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Dance like no one's watching. Encrypt like everyone is. signature.asc Description: PGP signature
Re: testing migration aging and reproducible builds
On Mon, Jul 22, 2019 at 10:46:37AM -0300, Chris Lamb wrote: > One question: Does your proposal also imply a source package being > strictly reproducible in unstable or, alternatively, did you mean to > imply it "not regressing" from being previously reproducible in > unstable? > > This latter idea could be said to be fairer but requires the storage > of state on either your "end" or ours and thus complicates the > technical machinery, but more importantly IMHO it makes it somewhat > opaque from the perspective of package maintainers... I think britney already can track regressions, it does that for piuparts tests at least. intrigeri brought up another interesting angle on this: currently (un)reproducibility bugs are are of severity normal, so it seems a bit premature to block or even delay testing migrations because of that. if however we treated regressions as important bug, than maybe we should treat *all* new important bugs as delaying migrations at least. say each new important bug would/could delay migrations by 2 days. what do you think? -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#1014659: logrotate: error: state file /var/lib/logrotate/status is world-readable
Package: logrotate Version: 3.18.0-2+deb11u1 Severity: normal X-Debbugs-Cc: debian-release@lists.debian.org affects: release.debian.org Dear Maintainer, after the bullseye 11.4 point release I started to see the following mails from logcheck: Jul 10 00:00:24 mainframe logrotate[37314]: error: state file /var/lib/logrotate/status is world-readable and thus can be locked from other unprivileged users. Skipping lock acquisition... I suspect the severity of this bug should be higher, but I will leave this to you. Thanks for maintaining logrotate! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ So what CAN we actually do? Well, individual decisions (eating less meat, taking public transport, buying less fast fashion) are all important, but we also need to change the system. As you may know, just 100 companies are responsible for 71% of global emissions. (@JessicaTheLaw) https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change signature.asc Description: PGP signature
Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu hi, I'd like to introduce an epoch to debian-security-support in buster, as used everywhere else since stretch-security (as demanded in #988321) debian-security-support | 2020.06.21~deb9u1 | stretch | source, all debian-security-support | 1:9+2022.06.02 | stretch-security | source, all debian-security-support | 2020.06.21~deb10u1 | buster | source, all debian-security-support | 1:11+2021.03.19| bullseye | source, all debian-security-support | 1:12+2022.08.06| bookworm | source, all debian-security-support | 1:12+2022.08.12| sid | source, all As such, I'd like to use 1:10+2022.08.23 as the version and *not* 1:10+2022.08.23~deb10u2. (modulo the fact that the date in the version string might change. the above reflects my current planned date for the upload.) Do you agree that 1:10+2022.08.23 should/can be used here? The planned debdiff is trivial: $ git diff 2020.06.21_deb10u1..buster|diffstat debian/changelog |7 +++ security-support-ended.deb10 |8 +++- 2 files changed, 14 insertions(+), 1 deletion(-) I'll update this bug with the actual debdiff when appropriate. :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ You cannot ban abortion. You can only ban safe abortions. signature.asc Description: PGP signature
Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23
On Thu, Aug 18, 2022 at 09:29:15PM +0100, Adam D. Barratt wrote: > On Mon, 2022-08-15 at 13:50 +0200, Holger Levsen wrote: > > I'd like to introduce an epoch to debian-security-support in buster, > > as used everywhere else since stretch-security (as demanded in > > #988321) [...] > > As such, I'd like to use 1:10+2022.08.23 as the version and *not* > > 1:10+2022.08.23~deb10u2. > So long as the resulting version strings sort correctly, that seems OK. it does. thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Make earth cool again. signature.asc Description: PGP signature
Bug#1017987: bullseye-pu: package debian-security-support/1:11+2022.08.23
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu I've uploaded this now for the next bullseye point release: $ debdiff debian-security-support_11+2021.03.19.dsc debian-security-support_11+2022.08.23.dsc|diffstat debian/changelog | 13 + security-support-limited | 11 +++ 2 files changed, 16 insertions(+), 8 deletions(-) $ debdiff debian-security-support_11+2021.03.19.dsc debian-security-support_11+2022.08.23.dsc diff -Nru debian-security-support-11+2021.03.19/debian/changelog debian-security-support-11+2022.08.23/debian/changelog --- debian-security-support-11+2021.03.19/debian/changelog 2021-03-19 21:58:42.0 +0100 +++ debian-security-support-11+2022.08.23/debian/changelog 2022-08-23 18:26:34.0 +0200 @@ -1,3 +1,16 @@ +debian-security-support (1:11+2022.08.23) bullseye; urgency=medium + + * Update security-support-limited from 1:12+2022.08.19 from unstable, +- add khtml. Closes: #1004293. +- add openjdk-17 and point to the bullseye release notes (as discussed in + #975016). +- for golang, point to the bullseye manual instead the buster one. +- drop mozjs52 and mozjs60 as they were only present in buster. +- drop libv8-3.14, mozjs, mozjs24, swftools and webkitgtk as they were + only present in stretch and earlier. + + -- Holger Levsen Tue, 23 Aug 2022 18:26:34 +0200 + debian-security-support (1:11+2021.03.19) unstable; urgency=medium [ Utkarsh Gupta ] diff -Nru debian-security-support-11+2021.03.19/security-support-limited debian-security-support-11+2022.08.23/security-support-limited --- debian-security-support-11+2021.03.19/security-support-limited 2021-01-25 13:28:55.0 +0100 +++ debian-security-support-11+2022.08.23/security-support-limited 2022-08-23 18:24:26.0 +0200 @@ -11,22 +11,17 @@ cython Only included for building packages, not running them, #975058 ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775 ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 -golang*See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking +golang*See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking kde4libskhtml has no security support upstream, only for use on trusted content -libv8-3.14 Not covered by security support, only suitable for trusted content -mozjs Not covered by security support, only suitable for trusted content -mozjs24 Not covered by security support, only suitable for trusted content -mozjs52 Not covered by security support, only suitable for trusted content -mozjs60 Not covered by security support, only suitable for trusted content +khtml khtml has no security support upstream, only for use on trusted content, see #1004293 mozjs68 Not covered by security support, only suitable for trusted content, see #959804 mozjs78 Not covered by security support, only suitable for trusted content, see #959804 ocsinventory-server Only supported behind an authenticated HTTP zone +openjdk-17 See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#openjdk-17 python2.7 Only included for building packages, not running them, #975058 python-stdlib-extensions Only included for building packages, not running them, #975058 qtwebengine-opensource-src No security support upstream and backports not feasible, only for use on trusted content qtwebkitNo security support upstream and backports not feasible, only for use on trusted content qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content sql-ledger Only supported behind an authenticated HTTP zone -swftoolsNot covered by security support, only suitable for trusted content -webkitgtk No security support upstream and backports not feasible, only for use on trusted content zoneminder See README.Debian.security, only supported behind an authenticated HTTP zone, #922724 Thanks for all your SRM work! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The system isn't broken. It was built this way. signature.asc Description: PGP signature
Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23
hi,
I've just uploaded this to buster for the coming point release:
$ debdiff debian-security-support_2020.06.21~deb10u1.dsc
debian-security-support_10+2022.08.23.dsc|diffstat
Makefile.PL |1 +
debian/changelog | 26 ++
security-support-ended.deb10 |8 +++-
security-support-limited | 12 ++--
4 files changed, 36 insertions(+), 11 deletions(-)
$ debdiff debian-security-support_2020.06.21~deb10u1.dsc
debian-security-support_10+2022.08.23.dsc
diff -Nru debian-security-support-2020.06.21~deb10u1/debian/changelog
debian-security-support-10+2022.08.23/debian/changelog
--- debian-security-support-2020.06.21~deb10u1/debian/changelog 2020-07-10
19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/debian/changelog 2022-08-23
18:57:12.0 +0200
@@ -1,3 +1,29 @@
+debian-security-support (1:10+2022.08.23) buster; urgency=medium
+
+ * Introduce release based versioning and add an epoch to achieve that.
+See https://lists.debian.org/20200817100153.ga...@layer-acht.org and
+follow-ups. Closes: #988321
+ * Makefile.PL: strip epoch from internal version just like ~deb10u1 etc are
+also dropped.
+ * Update security-support-ended.deb10 from 1:12+2022.08.12 from unstable,
+thus adding these packages to it:
+- chromium
+- ckeditor3
+- gpac
+- libspring-java
+- slurm-llnl
+- xen
+ * Update security-support-limited from 1:12+2022.08.12 from unstable,
+thus adding:
+- golang
+- khtml
+ * Drop libv8-3.14, mosjz, mosjz24, swftools and webkitgtk from
+security-support-limited as they were only present in stretch and earlier.
+ * Also drop glpi, ltp and wine-gecko-2.(21|24) from security-support-limited
+as they were only present in jessie or earlier.
+
+ -- Holger Levsen Tue, 23 Aug 2022 18:57:12 +0200
+
debian-security-support (2020.06.21~deb10u1) buster; urgency=medium
* Rebuild for buster.
diff -Nru debian-security-support-2020.06.21~deb10u1/Makefile.PL
debian-security-support-10+2022.08.23/Makefile.PL
--- debian-security-support-2020.06.21~deb10u1/Makefile.PL 2018-03-16
15:39:59.0 +0100
+++ debian-security-support-10+2022.08.23/Makefile.PL 2022-08-19
16:25:59.0 +0200
@@ -12,6 +12,7 @@
my $VERSION=$changelog->{Version};
$VERSION =~ s/~deb(.*)//;
+$VERSION =~ s/^[0-9]+://;
WriteMakefile (
'NAME' => 'debian-security-support',
diff -Nru
debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10
debian-security-support-10+2022.08.23/security-support-ended.deb10
--- debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-ended.deb10
2022-08-23 18:57:08.0 +0200
@@ -11,4 +11,10 @@
#In the program's output, this is prefixed with "Details:"
# none yet (please remove this line once this is not true anymore)
-libperlspeak-perl2.01-2 2020-04-16
https://bugs.debian.org/954238 (CVE-2020-10674) and
https://bugs.debian.org/954297 and 954298
+libperlspeak-perl2.01-2 2020-04-16
https://bugs.debian.org/954238 (CVE-2020-10674) and
https://bugs.debian.org/954297 and 954298
+xen 4.11.4+107-gef32c7afa2-12021-08-28
https://xenbits.xen.org/docs/4.11-testing/SUPPORT.html#release-support
+chromium 90.0.4430.212-1~deb10u1 2022-01-14
https://lists.debian.org/debian-security-announce/2022/msg00012.html
+slurm-llnl 18.08.5.2-1+deb10u2 2022-08-01
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39
+gpac 0.5.2-426-gc5ad4e4+dfsg5-5 2022-08-03
https://lists.debian.org/debian-lts/2022/05/msg00043.html
+libspring-java 4.3.5-1+deb9u1 2022-08-09
https://lists.debian.org/debian-lts/2022/08/msg1.html
+ckeditor33.6.6.1+dfsg-1 2022-08-09
https://lists.debian.org/debian-lts/2022/08/msg1.html
diff -Nru debian-security-support-2020.06.21~deb10u1/security-support-limited
debian-security-support-10+2022.08.23/security-support-limited
--- debian-security-support-2020.06.21~deb10u1/security-support-limited
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-limited
2022-08-23 18:57:08.0 +0200
@@ -10,13 +10,9 @@
binutilsOnly suitable for trusted content; see
https://lists.debian.org/msgid-search/87lfqsomtg@mid.deneb.enyo.de
ganglia See README.Debian.security, only supported behind an
authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an
authenticated HTTP zone, #702776
-glpiOnly supported behind an authenticated HTTP zone for trusted
users
-golang*See
https://www.deb
Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm
On Sat, Dec 17, 2022 at 08:42:18AM +0100, Paul Gevers wrote:
> I just refreshed the list, it's still there. I used a script on udd,
> essentially this:
[...]
> query = "SELECT DISTINCT package FROM packages WHERE release = 'bookworm'
> and essential = 'yes'"
[...]
this made me check what we're using to calculate the set for
https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_key_packages.html
and it turned out to be this:
# key packages (same for all suites)
SQL_QUERY="SELECT source FROM key_packages;"
psql "postgresql://udd-mirror:udd-mir...@udd-mirror.debian.net/udd" -t -c
"${SQL_QUERY}" > $TMPFILE
which based on this thread seems to be wrong, as the key packages differ
per suite.
So now I wonder: how to get this from UDD?
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Be careful when you follow the masses. Sometimes the "m" is silent.
signature.asc
Description: PGP signature
Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm
Hi Paul, On Sat, Dec 17, 2022 at 04:42:43PM +0100, Paul Gevers wrote: > Well, the key package set is something else than the set we consider for the > first freeze. doh (obviously), sorry for the noise. > The key package set is a set based on source, so indeed it > doesn't differ per suite. right. > > So now I wonder: how to get this from UDD? > I think you had the right query. thanks for confirming! :) and the whole reply despite my error. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ June 2021 was the hottest on record for the Northern Hemisphere. In fact, 2019, 2020 and 2021 are the three hottest Junes on record for the Northern Hemisphere. (@ScottDuncanWX) signature.asc Description: PGP signature
+1 (Re: SONAME bumps (transitions) always via experimental)
On Thu, Jan 05, 2023 at 12:26:09PM +0100, Paul Gevers wrote in a mail with the subject "SONAME bumps (transitions) always via experimental)": > Are there objections against this workflow? (Or voices from people who like > this?) I like this. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Everyone is entitled to their own opinion, but not their own facts. signature.asc Description: PGP signature
Bug#1026945: bullseye-pu: package guix/1.2.0-4
Hi Vagrant, On Fri, Jan 20, 2023 at 02:27:19PM -0800, Vagrant Cascadian wrote: > On 2022-12-24, Vagrant Cascadian wrote: > > Package: release.debian.org > > Severity: normal > > Tags: bullseye > > User: release.debian@packages.debian.org > > Usertags: pu > > X-Debbugs-Cc: g...@packages.debian.org vagr...@debian.org > > Control: affects -1 + src:guix > > Should I have intead filed this with the intended version > (e.g. guix/1.2.0-4+deb11u1) ? Should I just go ahead and upload, as this > fixes a FTBFS issue in bullseye? yes & yes, you are encouraged to upload if you are certain the upload will be accepted. https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions -> third paragraph there: If you are confident that the upload will be accepted without changes, please feel free to upload at the same time as filing the release.debian.org bug. However if you are new to the process, we would recommend getting approval before uploading so you get a chance to see if your expectations align with ours. disclaimer: I'm not a stable release manager, but you know that. :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Every time you see the word "smart" used to describe a device, replace it with "surveillance." Surveillance watch. Surveillance streetlights. Surveillance oven. Surveillance toilet. Surveillance car. Surveillance city. (@mollyali) signature.asc Description: PGP signature
Bug#932618: transition: librsync
On Tue, Jul 30, 2019 at 09:06:32AM +0300, Otto Kekäläinen wrote: > Turns out I had some extra time for this flying back from DebConf and it > needed changes to only one file for this, so new rdiff-backup with > librsync2 was uploaded yesterday... src:librsync is currently still to be removed from bullseye on August 9th, because #776246 was only fixed in experimental... -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#932618: transition: librsync
On Wed, Jul 31, 2019 at 10:34:17AM +0500, Andrey Rahmatullin wrote: > On Wed, Jul 31, 2019 at 02:06:50AM +0000, Holger Levsen wrote: > > > Turns out I had some extra time for this flying back from DebConf and it > > > needed changes to only one file for this, so new rdiff-backup with > > > librsync2 was uploaded yesterday... > > src:librsync is currently still to be removed from bullseye on August > > 9th, because #776246 was only fixed in experimental... > In experimental and unstable. not according to the bts which only knows 1.0.0-1~exp1 as fixed which is not (and never was) in unstable. & btw, I forgot: thanks Otto, for this update! -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#932618: transition: librsync
On Wed, Jul 31, 2019 at 04:41:29PM +0500, Andrey Rahmatullin wrote: > On Wed, Jul 31, 2019 at 11:28:46AM +0000, Holger Levsen wrote: > > > > src:librsync is currently still to be removed from bullseye on August > > > > 9th, because #776246 was only fixed in experimental... > > > In experimental and unstable. > > > > not according to the bts which only knows 1.0.0-1~exp1 as fixed which is > > not (and never was) in unstable. > That's not what I see: the default picture doesn't show even 1.0.0-1~exp1 > while the "Don't ignore boring" one shows the version in sid as fixed (I > don't know why it is not marked "unstable" though). ignore the fancy picture and look at the words on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776246 Found in versions librsync/0.9.7-10, librsync/0.9.7-1 Fixed in version 1.0.0-1~exp1 -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C "... the premise [is] that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect." (Bruce Schneier) signature.asc Description: PGP signature
Re: What is the definition of "truly critical functionality"?
On Fri, Aug 02, 2019 at 09:03:19AM +0100, Adam D. Barratt wrote: > On 2019-08-02 07:48, Theodore Y. Ts'o wrote: > > I'm trying to mean what is meant by "truly critical functionality > > problem" in Section 5.5.1 in the Debian Developer's Reference: > > Extra care should be taken when uploading to stable. Basically, a > > package should only be uploaded to stable if one of the following > > happens: [...] > I suspect that may have been what it was originally intended to mean. (I > think the DevRef text dates from before my involvement in Debian.) It's not > the yardstick that is currently applied, however. I need to find some tuits > to write up some more useful "end-user" documentation for stable updates on > release.d.o, but the closest currently is > https://lists.debian.org/debian-devel-announce/2018/04/msg7.html obviously writing up documentation for release.d.o is much appreciated, however since 3 days DevRef in unstable is not using SGML anymore, but ReST, so writing patches for DevRef has become much easier, should you (or someone else) also wants to update it. My rough plan is to update DevRef by one bug per week in the next year... patches & further help very much welcome! DevRef is maintained in the Debian group on Salsa so if you are confident you can also commit&push yourself, or do MRs if you prefer reviews and more pairs of eyes. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Dance like no one's watching. Encrypt like everyone is. signature.asc Description: PGP signature
Bug#934934: buster-pu: package piuparts/1.0.0+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, We'd like to update piuparts with the following changes in buster, fixing a bunch of rather important bugs (as well as one trivial wishlist bug and a trivial normal bug), including one for buster=stable (which missed the buster relase because 1.0.1 was not accepted). piuparts (1.0.0+deb10u1) buster; urgency=medium . * Happy 26th birthday, Debian! And many thanks to all the contributors! . [ Andreas Beckmann ] * piuparts.py: - Run pre_remove scripts before computing packages to be removed. - Fix spurious failure to remove packages with names ending with '+'. - Add '--max-command-output-size' option to allow overriding the default of 8 MB for debugging runs. * piuparts-slave.py: - Generate separate tarball names for --merged-usr chroots. * detect_well_known_errors.py: - process untestable logs. * Makefile: use gzip -n for reproducibility. * piuparts.conf, distros.conf: Update for buster release. * custom-scripts: some updates for buster. If custom-scripts are used, it's probably better to use piuparts from bpo. . [ Holger Levsen ] * Cherry-picking the above. The diffstat to 1.0.0 in buster is: $ debdiff piuparts_1.0.0.dsc piuparts_1.0.0+deb10u1.dsc | diffstat .gitignore|3 + Makefile |8 ++-- conf/distros.conf |8 ++-- custom-scripts/scripts/post_distupgrade_exceptions|1 custom-scripts/scripts/post_setup_minimize|2 - custom-scripts/scripts/pre_distupgrade_zz_database-server |7 ++-- debian/.gitignore |5 ++ debian/changelog | 24 ++ instances/piuparts.conf-template.pejacevic|4 -- instances/piuparts.conf.anbe |7 master-bin/detect_well_known_errors.py|2 - piuparts-slave.py |3 + piuparts.1.txt|4 ++ piuparts.py | 22 piupartslib/conf.py |6 ++- 15 files changed, 73 insertions(+), 33 deletions(-) The full diff is attached. Thanks for your work on buster! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C diff -Nru piuparts-1.0.0/conf/distros.conf piuparts-1.0.0+deb10u1/conf/distros.conf --- piuparts-1.0.0/conf/distros.conf 2019-05-04 21:37:32.0 +0200 +++ piuparts-1.0.0+deb10u1/conf/distros.conf 2019-08-16 15:05:52.0 +0200 @@ -176,19 +176,19 @@ # alias [oldoldstable] -distribution = wheezy +distribution = jessie # alias [oldstable] -distribution = jessie +distribution = stretch # alias [stable] -distribution = stretch +distribution = buster # alias [testing] -distribution = buster +distribution = bullseye # It's also possible to have "virtual" entries by setting uri to diff -Nru piuparts-1.0.0/custom-scripts/scripts/post_distupgrade_exceptions piuparts-1.0.0+deb10u1/custom-scripts/scripts/post_distupgrade_exceptions --- piuparts-1.0.0/custom-scripts/scripts/post_distupgrade_exceptions 2019-05-04 21:37:32.0 +0200 +++ piuparts-1.0.0+deb10u1/custom-scripts/scripts/post_distupgrade_exceptions 2019-08-16 15:21:58.0 +0200 @@ -100,7 +100,6 @@ fi if [ "$PIUPARTS_DISTRIBUTION" = "buster" ] || \ - [ "$PIUPARTS_DISTRIBUTION" = "sid" -a "$PIUPARTS_DISTRIBUTION_PREV" = "stretch" ]; then # libc-bin only upgrades pristine /etc/nsswitch.conf if grep -q '^passwd:.*compat' /etc/nsswitch.conf ; then diff -Nru piuparts-1.0.0/custom-scripts/scripts/post_setup_minimize piuparts-1.0.0+deb10u1/custom-scripts/scripts/post_setup_minimize --- piuparts-1.0.0/custom-scripts/scripts/post_setup_minimize 2018-04-22 04:30:08.0 +0200 +++ piuparts-1.0.0+deb10u1/custom-scripts/scripts/post_setup_minimize 2019-08-16 15:05:52.0 +0200 @@ -8,7 +8,7 @@ jessie) dpkg --purge gcc-4.8-base ;; - sid|stretch) + stretch) dpkg --purge lsb-base tzdata ;; esac diff -Nru piuparts-1.0.0/custom-scripts/scripts/pre_distupgrade_zz_database-server piuparts-1.0.0+deb10u1/custom-scripts/scripts/pre_distupgrade_zz_database-server --- piuparts-1.0.0/custom-scripts/scripts/pre_distupgrade_zz_database-server 2019-05-04 21:37:32.0 +0200 +++ piuparts-1.0.0+deb10u1/custom-scripts/scripts/pre_distupgrade_zz_d
how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)
hi, (this started as a discussion whether to update radare2 in (old)stable and has since then evolved into a discussion about the problem summarized well by Raphael.) On Thu, Aug 29, 2019 at 01:48:14PM +0200, Raphael Hertzog wrote: > On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote: > > The upstream link makes it sound as if they are one of those upstreams > > which reject the idea of distributions shipping an older release to > > a stable distro. For a tool like radare2 that seems fair enough, so > > how about simply excluding it from stable releases (and retroactively > > drop it from Buster/Stretch in the forthcoming point releases)? > > > While I have no problem in getting it out of stable release, it is > important that we are able to provide backports so the package must > stay in Debian testing. > > > > Also radare2 is a package that we care about in Kali and we are based > on Debian testing so we would prefer if it could continue to be there. > > > In general, we (Debian) don't have a good answer to this problem and > virtualbox is clearly a bad precedent. We really need to find a solution > to this in concertation with the release managers. so I've added them to this thread. youtube-dl is in the same boat... -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#934934: buster-pu: package piuparts/1.0.0+deb10u1
On Tue, Aug 20, 2019 at 09:55:35PM +0100, Adam D. Barratt wrote: > > We'd like to update piuparts with the following changes in buster, > Please go ahead. thanks, uploaded. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#938975: buster-pu: package debian-edu-doc/2.10.19~deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu x-debbugs-cc: debian-...@lists.debian.org Hi, please accept debian-edu-doc/2.10.19~deb10u1 into buster, it's a documentation and translation only update. (Plus a harmless bump of standards version.) 2.10.19 is already in unstable, and based on our discussion on irc the other day I have already uploaded 2.10.19~deb10u1 with these changes: debian-edu-doc (2.10.19~deb10u1) buster; urgency=medium * Upload to buster. -- Holger Levsen Fri, 30 Aug 2019 19:18:18 +0200 debian-edu-doc (2.10.19) unstable; urgency=medium * Update Debian Edu Buster manual from the wiki. * Update Debian Edu ITIL manual from the wiki. * Bump standards version to 4.4.0, no changes needed. [ Translation updates ] * Buster manual: - Japanese: hoxp18 - German: Wolfgang Schweer - Italian: Claudio Carboncini - Chinese (Simplified): Ma Yong - French: Jean-Pierre Giraud -- Holger Levsen Wed, 28 Aug 2019 12:07:54 +0200 $ debdiff debian-edu-doc_2.10.18.dsc debian-edu-doc_2.10.19~deb10u1.dsc|diffstat debian/changelog| 22 debian/control |2 documentation/debian-edu-buster/debian-edu-buster-manual.da.po | 78 +-- documentation/debian-edu-buster/debian-edu-buster-manual.de.po | 83 ++- documentation/debian-edu-buster/debian-edu-buster-manual.es.po | 56 +- documentation/debian-edu-buster/debian-edu-buster-manual.fr.po | 85 ++- documentation/debian-edu-buster/debian-edu-buster-manual.it.po | 245 ++ documentation/debian-edu-buster/debian-edu-buster-manual.ja.po | 80 +-- documentation/debian-edu-buster/debian-edu-buster-manual.nb.po | 73 +- documentation/debian-edu-buster/debian-edu-buster-manual.nl.po | 78 +-- documentation/debian-edu-buster/debian-edu-buster-manual.pl.po | 44 + documentation/debian-edu-buster/debian-edu-buster-manual.pot| 32 - documentation/debian-edu-buster/debian-edu-buster-manual.xml| 12 documentation/debian-edu-buster/debian-edu-buster-manual.zh.po | 157 -- documentation/debian-edu-buster/debian-edu-buster-manual.zh_Hant.po | 32 - documentation/debian-edu-itil/debian-edu-itil-manual.nb.po | 16 documentation/debian-edu-itil/debian-edu-itil-manual.nl.po | 16 documentation/debian-edu-itil/debian-edu-itil-manual.pot| 14 documentation/debian-edu-itil/debian-edu-itil-manual.xml|6 documentation/debian-edu-itil/debian-edu-itil-manual.zh.po | 14 documentation/debian-edu-itil/debian-edu-itil-manual.zh_Hant.po | 14 21 files changed, 746 insertions(+), 413 deletions(-) The full diff is attached. Thanks for your work on buster! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C debian-edu-doc_2.10.19~deb10u1.diff.gz Description: application/gzip signature.asc Description: PGP signature
Bug#939063: stretch-pu: package koji/1.10.0-1+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
in coordination with the security team I'd like to update koji in stretch to
fix two CVEs:
koji (1.10.0-1+deb9u1) stretch; urgency=medium
* Team upload.
* Add patch based on upstream commit bdec8c7399 to fix CVE-2018-1002161, an
SQL injection issue in multiple remote calls. Closes: #922922.
* Add patch based on upstream commit ba7b5a3cbe to fix CVE-2017-1002153, to
properly validate SCM pathes. Closes: #877921.
-- Holger Levsen Sat, 31 Aug 2019 20:31:37 +0200
The debdiff is attached and looks like this:
$ debdiff koji_1.10.0-1.dsc koji_1.10.0-1+deb9u1.dsc|diffstat
changelog | 10 +
patches/0004-CVE-2017-1002153.patch | 61 ++
patches/0005-CVE-2018-1002161.patch | 64
patches/series |2 +
4 files changed, 137 insertions(+)
--
cheers,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
diff -Nru koji-1.10.0/debian/changelog koji-1.10.0/debian/changelog
--- koji-1.10.0/debian/changelog 2015-12-04 11:20:58.0 +0100
+++ koji-1.10.0/debian/changelog 2019-08-31 20:31:37.0 +0200
@@ -1,3 +1,13 @@
+koji (1.10.0-1+deb9u1) stretch; urgency=medium
+
+ * Team upload.
+ * Add patch based on upstream commit bdec8c7399 to fix CVE-2018-1002161, an
+SQL injection issue in multiple remote calls. Closes: #922922.
+ * Add patch based on upstream commit ba7b5a3cbe to fix CVE-2017-1002153, to
+properly validate SCM pathes. Closes: #877921.
+
+ -- Holger Levsen Sat, 31 Aug 2019 20:31:37 +0200
+
koji (1.10.0-1) unstable; urgency=medium
[ Marek Marczykowski-Górecki ]
diff -Nru koji-1.10.0/debian/patches/0004-CVE-2017-1002153.patch koji-1.10.0/debian/patches/0004-CVE-2017-1002153.patch
--- koji-1.10.0/debian/patches/0004-CVE-2017-1002153.patch 1970-01-01 01:00:00.0 +0100
+++ koji-1.10.0/debian/patches/0004-CVE-2017-1002153.patch 2019-08-31 19:59:44.0 +0200
@@ -0,0 +1,61 @@
+From ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 Mon Sep 17 00:00:00 2001
+From: Mike McLean
+Date: Sep 19 2017 21:23:50 +
+Subject: PR#591: Normalize paths for scms
+
+
+Merges #591
+https://pagure.io/koji/pull-request/591
+
+Fixes #563
+https://pagure.io/koji/issue/563
+
+Fixes CVE-2017-1002153
+
+---
+
+Index: koji/koji/daemon.py
+===
+--- koji.orig/koji/daemon.py
koji/koji/daemon.py
+@@ -257,22 +257,31 @@ class SCM(object):
+ netloc = userhost[1]
+ elif len(userhost) > 2:
+ raise koji.GenericError, 'Invalid username@hostname specified: %s' % netloc
++if not netloc:
++raise koji.GenericError, 'Unable to parse SCM URL: %s . Could not find the netloc element.' % self.url
+
+-# ensure that path and query do not end in /
+-if path.endswith('/'):
+-path = path[:-1]
+-if query.endswith('/'):
+-query = query[:-1]
++# check for empty path before we apply normpath
++if not path:
++raise koji.GenericError, 'Unable to parse SCM URL: %s . Could not find the path element.' % self.url
++
++path = os.path.normpath(path)
++
++# path and query should not end with /
++path = path.rstrip('/')
++query = query.rstrip('/')
++# normpath might not strip // at start of path
++if path.startswith('//'):
++path = '/' + path.strip('/')
++# path should start with /
++if not path.startswith('/'): # pragma: no cover
++# any such url should have already been caught by is_scm_url
++raise koji.GenericError, 'Invalid SCM URL. Path should begin with /: %s) '
+
+ # check for validity: params should be empty, query may be empty, everything else should be populated
+ if params :
+ raise koji.GenericError, 'Unable to parse SCM URL: %s . Params element %s should be empty.' % (self.url, params)
+ if not scheme :
+ raise koji.GenericError, 'Unable to parse SCM URL: %s . Could not find the scheme element.' % self.url
+-if not netloc :
+-raise koji.GenericError, 'Unable to parse SCM URL: %s . Could not find the netloc element.' % self.url
+-if not path :
+-raise koji.GenericError, 'Unable to parse SCM URL: %s . Could not find the path element.' % self.url
+ if not fragment :
+ raise koji.GenericError, 'Unable to parse SCM URL: %s
Re: Bug#939989: transition: gdal
On Tue, Oct 01, 2019 at 05:42:56PM +0200, Sebastiaan Couwenberg wrote: > We shouldn't block removal of Python 2 support on badly and unmaintained > packages. we should. as some people didnt respect this, piuparts is now broken in testing. i do however agree, that it doesnt make much sense to have rules if people can just break them. IOW, this will be the most friendly mail i can imagine to write on this subject this month :( -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
documenting transitions (Re: Accepted net-snmp 5.8+dfsg-1 (source all amd64) into unstable, unstable)
Hi, On Mon, Oct 14, 2019 at 10:24:41PM +0200, Paul Gevers wrote: > > I think I see the problem, the wiki has two places for transition. > > https://wiki.debian.org/TransitionBestPractices which speaks to the > Whow, not updated since 2014. > > developer and doesn't mention at all things like going into experimental and > > https://wiki.debian.org/Teams/ReleaseTeam/Transitions which initially > Which is linked from https://release.debian.org/transitions/ there is also #829611 "Add transitions instructions to developers-reference" for which I'd happily take a patch or even a text... -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#944238: buster-pu: package debian-edu-config/2.10.65+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu We'd like to update debian-edu-config in buster to fix one important (#944013 debian-edu-config: adjusted ini files needed to match changed behaviour of firefox-esr 68.2.0esr) and one normal bug: debian-edu-config (2.10.65+deb10u2) UNRELEASED; urgency=medium * Adjust share/debian-edu-config/d-i/finish-install: (Closes: #941574) - Use 'dpkg-reconfigure -u --no-reload debian-edu-config' to add post-up stanza to /etc/network/interfaces eth0 entry conditionally. * Cope with Firefox-ESR ini files that need to be different (as of version 68.2.0esr) to further allow centralized configuration: (Closes: #944013) - Add share/debian-edu-config/profiles.ini.ff (Firefox-ESR profiles.ini). - Add share/debian-edu-config/installs.ini (now needed in addition for users that don't have a Firefox-ESR profile, i.e. new users). - Adjust share/debian-edu-config/tools/gosa-create which is used to copy the related Firefox-ESR ini files. - Ajust Makefile. - Adjust ldap-tools/ldap-debian-edu-install (fix for the first user). $ git diff 2.10.65+deb10u1..buster|diffstat Makefile |2 ++ debian/changelog | 17 + ldap-tools/ldap-debian-edu-install |3 ++- share/debian-edu-config/d-i/finish-install |5 + share/debian-edu-config/installs.ini |4 share/debian-edu-config/profiles.ini.ff| 13 + share/debian-edu-config/tools/gosa-create |3 ++- 7 files changed, 45 insertions(+), 2 deletions(-) The full debdiff is attached. I havent uploaded yet. Thanks for your work on buster! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C diff --git a/Makefile b/Makefile index 0a6d8c5b..3e73c2d4 100644 --- a/Makefile +++ b/Makefile @@ -378,7 +378,9 @@ install: install-testsuite share/debian-edu-config/sslCA.cnf \ share/debian-edu-config/v3.cnf \ share/debian-edu-config/v3CA.cnf \ + share/debian-edu-config/installs.ini \ share/debian-edu-config/profiles.ini \ + share/debian-edu-config/profiles.ini.ff \ share/debian-edu-config/debian-edu.addmachine.template \ share/debian-edu-config/debian-edu.ldapscripts.passwd \ share/debian-edu-config/passwords_stub.dat \ diff --git a/debian/changelog b/debian/changelog index 73f9b7c9..fea3f164 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +debian-edu-config (2.10.65+deb10u2) UNRELEASED; urgency=medium + + * Adjust share/debian-edu-config/d-i/finish-install: (Closes: #941574) +- Use 'dpkg-reconfigure -u --no-reload debian-edu-config' to add post-up + stanza to /etc/network/interfaces eth0 entry conditionally. + * Cope with Firefox-ESR ini files that need to be different (as of version +68.2.0esr) to further allow centralized configuration: (Closes: #944013) +- Add share/debian-edu-config/profiles.ini.ff (Firefox-ESR profiles.ini). +- Add share/debian-edu-config/installs.ini (now needed in addition for users + that don't have a Firefox-ESR profile, i.e. new users). +- Adjust share/debian-edu-config/tools/gosa-create which is used to copy + the related Firefox-ESR ini files. +- Ajust Makefile. +- Adjust ldap-tools/ldap-debian-edu-install (fix for the first user). + + -- Wolfgang Schweer Wed, 02 Oct 2019 10:53:42 +0200 + debian-edu-config (2.10.65+deb10u1) buster; urgency=medium [ Wolfgang Schweer ] diff --git a/ldap-tools/ldap-debian-edu-install b/ldap-tools/ldap-debian-edu-install index 1b393a8f..affd02e7 100755 --- a/ldap-tools/ldap-debian-edu-install +++ b/ldap-tools/ldap-debian-edu-install @@ -599,7 +599,8 @@ fi if [ -x /usr/bin/certutil ] ; then mkdir -p /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/debian-edu.default chmod -R 700 /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/debian-edu.default - cp /usr/share/debian-edu-config/profiles.ini /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox + cp /usr/share/debian-edu-config/profiles.ini.ff /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/profiles.ini + cp /usr/share/debian-edu-config/installs.ini /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/installs.ini mkdir -p /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird/debian-edu.default chmod -R 700 /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird/debian-edu.default cp /usr/share/debian-edu-config/profiles.ini /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird diff --git a/share/debian-edu-config/d-i/finish-install b/share/debian-edu-config/d-i/finish-install index 3422ecdd..23d60063 100644 --- a/share/debian-edu-config/d-i/finish-install +++ b/share/debian-edu-config/d-i
Bug#944238: buster-pu: package debian-edu-config/2.10.65+deb10u2
On Wed, Nov 06, 2019 at 10:22:21PM +0800, Holger Levsen wrote: > We'd like to update debian-edu-config in buster to fix one important > (#944013 debian-edu-config: adjusted ini files needed to match changed > behaviour of firefox-esr 68.2.0esr) and one normal bug: I forgot to mention that these bugs are of course fixed in unstable already. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#944238: buster-pu: package debian-edu-config/2.10.65+deb10u2
On Fri, Nov 08, 2019 at 10:10:54PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed [...] > Please go ahead. thanks, uploaded. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#944351: Providing minor version somewhere in /etc/os-release in buster
On Sun, Nov 10, 2019 at 01:24:42PM +0100, Santiago Vila wrote: > Ok, I have just uploaded base-files as usual, but if possible I'd like > this to be sorted-out for 10.3 (in particular, I still would like to > hear from the ansible maintainers). I wondering if change should have wider exposure. I suspect not only ansible users will be affected. I'd say this warrants a mail to d-d-a or at least -devel. Thanks for maintaining base-files, Santiago! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#944351: Providing minor version somewhere in /etc/os-release in buster
Hi Santiago,
On Tue, Nov 12, 2019 at 01:29:38AM +0100, Santiago Vila wrote:
> So, to summarize: I believe putting minor version in VERSION_ID would
> be useful, and I also think that we could do this in buster as far as
> we do it "soon" in the stable cycle, i.e 10.x where x is still small
> (for example, 10.3).
this ('soon in the stable cycle') convinced me, plus this:
> I am of course aware that some setups might break because of this but
> on the other side we can reasonably hope that whatever breakage
> (in hand-made scripts, for example) should be easy to fix.
so I'd now also say: go ahead.
> > I wondering if change should have wider exposure. I suspect not only
> > ansible users will be affected. I'd say this warrants a mail to d-d-a or
> > at least -devel.
> Hmm, what kind of exposure do you have in mind and for what purpose?
mailing d-devel or d-d-a, to get more feedback. but (see above) you
already convinced me that this is not needed. Thanks!
--
cheers,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
on updating debian-security-support in stable and oldstable (due to DSA-4562-1)
hi, DSA-4562-1 at the very end of its very long text had the following note, which I'd like to make a little bit more known...: "For the oldstable distribution (stretch), support for chromium has been discontinued. Please upgrade to the stable release (buster) to continue receiving chromium updates or switch to firefox, which continues to be supported in the oldstable release." This info was then included in the 2019.11.16 upload of debian-security-support to unstable with this change: * Add chromium to security-support-ended.deb9. Currently we have: debian-security-support | 2019.02.02~deb8u1 | jessie-security | source, all debian-security-support | 2019.02.02~deb9u1 | stretch | source, all debian-security-support | 2019.06.13 | buster | source, all debian-security-support | 2019.11.16 | bullseye | source, all debian-security-support | 2019.11.16 | sid | source, all Out of this case I'd like to establish some default procedure on how to update debian-security-support in all suites at any time, so that we can just follow these each and every time. (The changes itself are trivial from a risk point of view: they are just changes to some text files.) So some questions: - can debian-security-support updates be made via (buster|stretch)-updates? - just now, or always? - or could these updates go in via (buster|stretch)-security instead? - just now, or always? - and then, shall there be DSAs released for these uploads? - or should debian-security-support follow the normal point release schedule, which AIUI currently has the unfortunate drawback that no stretch point release is planned anymore (??), which makes the informing about DSA-4562-1 / no chromium support in stretch rather hard. I'd be glad to turn this into a bug against release.debian.org if this is deemed useful. I just started this thinking about releasing via DSA and now I think I would prefer always going via (buster|stretch)-updates, just like tzdata. Last: I'll be glad to do the uploads (and write DSAs) as required. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: on updating debian-security-support in stable and oldstable (due to DSA-4562-1)
On Sun, Nov 24, 2019 at 08:27:40PM +, Adam D. Barratt wrote: > On Sun, 2019-11-24 at 18:42 +0000, Holger Levsen wrote: > > - or should debian-security-support follow the normal point release > > schedule, which AIUI currently has the unfortunate drawback that no > > stretch point release is planned anymore (??) > > Addressing just this point right now, I am not aware of any suggestion > that there will be no further point releases for stretch. > > There is not a planned date for 9.13 currently, but I'd expect that it > will be some time in January, alongside 10.3. 9.14 will likely be the > final point release before support moves over to LTS support, in mid- > 2020. ah, cool, thanks for this info. so then the question is: shall the debian-security-support package update, which informs the user that chromium doesnt have security support in stretch, wait til then, or does this warrant an update via stretch-updates or stretch-security? -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: on updating debian-security-support in stable and oldstable (due to DSA-4562-1)
On Wed, Nov 27, 2019 at 11:18:47AM +0100, Moritz Muehlenhoff wrote: > We already had a DSA announcing Chromium EOL for stretch ( > https://lists.debian.org/debian-security-announce/2019/msg00214.html), > as such let's simply install an updated debian-security-support to > stretch-security), no separate announcement needed. ok, so... - for buster, I will file an SRM bug as usual. (nothing urgent there, update mostly useful to keep the versions sorted in sync. The SRM then can decide whether this should come in via a point release or buster-updates). - for stretch, I will upload to stretch-security and that's it. - for jessie, I will upload to jessie-stretch and release a DLA to announce the end of life of the libqb package in jessie. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#945815: release.debian.org: unblock: ltsp/19.11-1
On Fri, Nov 29, 2019 at 09:03:23AM +0100, Vagrant Cascadian wrote: > I believe debian-edu, the only user I'm aware of using the > ltsp-client-builder .udeb is working on updating to the newer version of > ltsp. src:debian-edu-install used to depend on the ltsp udeb but the current version in unstable doesnt do this anymore, though it's migration to bullseye is blocked by the udeb freeze atm. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#946960: buster-pu: package debian-security-support/2019.12.12~deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu hi, we'd like to update debian-security-support to 2019.12.12~deb10u1 to bring these changes to buster: * security-support-limited: point to https://www.debian.org/releases/ \ buster/amd64/release-notes/ch-information.en.html#golang-static-linking for golang* packages. * Remove nodejs from security-support-limited as it is supported since the Buster release. Closes: #931376. * check-support-status.in: set DEB_NEXT_VER_ID=11. * d/rules: update to NEXT_VERSION_ID=11. Additionally 2019.12.12 has other changes related to stretch and jessie and we'd like to (upload this release there too and) keep the version ordering sane. The full debdiff is attached, the diffstat is: $ diffstat debian-security-support_2019.12.12_deb10u1.diff check-support-status.in |2 - debian/changelog | 47 +++ debian/control |2 - debian/rules |2 - security-support-ended.deb11 | 13 +++ security-support-ended.deb8 |3 ++ security-support-ended.deb9 |3 ++ security-support-limited |1 8 files changed, 70 insertions(+), 3 deletions(-) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C diff --git a/check-support-status.in b/check-support-status.in index 8dc3689..a5437c4 100755 --- a/check-support-status.in +++ b/check-support-status.in @@ -13,7 +13,7 @@ VERSION='[% VERSION %]' # Oldest Debian version included in debian-security-support DEB_LOWEST_VER_ID=7 # Version ID for next Debian stable -DEB_NEXT_VER_ID=10 +DEB_NEXT_VER_ID=11 if [ -z "$DEBIAN_VERSION" ] ; then DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)" diff --git a/debian/changelog b/debian/changelog index 9e8e8a2..fd92d28 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,50 @@ +debian-security-support (2019.12.12~deb10u1) buster; urgency=medium + + * Re-uploaded for buster. + + -- Holger Levsen Thu, 12 Dec 2019 23:57:34 +0100 + +debian-security-support (2019.12.12) unstable; urgency=medium + + * security-support-limited: point to https://www.debian.org/releases/ \ +buster/amd64/release-notes/ch-information.en.html#golang-static-linking +for golang* packages. + + -- Holger Levsen Thu, 12 Dec 2019 16:52:42 +0100 + +debian-security-support (2019.11.16) unstable; urgency=medium + + * Add chromium to security-support-ended.deb9. + * d/rules: update to NEXT_VERSION_ID=11. + + -- Holger Levsen Sat, 16 Nov 2019 11:00:08 +0100 + +debian-security-support (2019.11.15) unstable; urgency=medium + + * Team upload. + * Add libqb to security-support-ended.deb8. + + -- Roberto C. Sanchez Fri, 15 Nov 2019 09:17:07 -0500 + +debian-security-support (2019.11.01) unstable; urgency=medium + + * Remove nodejs from security-support-limited as it is supported since the +Buster release. Closes: #931376. + * Add empty security-support-ended.deb11 file. + * check-support-status.in: set DEB_NEXT_VER_ID=11. + + -- Holger Levsen Fri, 01 Nov 2019 19:49:47 +0100 + +debian-security-support (2019.10.31) unstable; urgency=medium + + * Mark nodejs only suitable for trusted content. Closes: #931376. + * Add nasm-mozilla and nodejs-mozilla to security-support-ended.deb8 +and security-support-ended.deb9 as they are only provided as build +dependency for Firefox/Thunderbird >= 68. Closes: #943365. + * Bump standards version to 4.4.1, no changes needed. + + -- Holger Levsen Thu, 31 Oct 2019 21:30:17 +0100 + debian-security-support (2019.06.13) unstable; urgency=medium [ Emilio Pozuelo Monfort ] diff --git a/debian/control b/debian/control index d73c143..bb284a3 100644 --- a/debian/control +++ b/debian/control @@ -15,7 +15,7 @@ Build-Depends: debhelper-compat (= 11), original-awk, po-debconf, xmlto, -Standards-Version: 4.3.0 +Standards-Version: 4.4.1 Rules-Requires-Root: no Vcs-Git: https://salsa.debian.org/debian/debian-security-support.git Vcs-Browser: https://salsa.debian.org/debian/debian-security-support diff --git a/debian/rules b/debian/rules index c5873b2..9454eeb 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -NEXT_VERSION_ID=9 +NEXT_VERSION_ID=11 DEBIAN_VERSION ?= $(shell cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1) ifeq (,$(DEBIAN_VERSION)) diff --git a/security-support-ended.deb11 b/security-support-ended.deb11 new file mode 100644 index 000..cf24acb --- /dev/null +++ b/security-support-ended.deb11 @@ -0,0 +1,13 @@ + +# List of packages whose security support ends before the distribution EOL + +# File format:
Bug#966310: buster-pu: package debian-edu-config/2.10.65+deb10u6
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, I'd like to upload debian-edu-config/2.10.65+deb10u6 to buster to fix #966129 where Roland F. Teichert reported that normal Edu workstations loose their IP address after about 30 minutes since system boot. The fix is already in unstable and has successfully been tested by the bug submitter too. debian-edu-config (2.10.65+deb10u6) buster; urgency=medium [ Wolfgang Schweer ] * Fix loss of dynamically allocated v4 IP address. (Closes: #966129) - Drop etc/network/if-up.d/wpad-proxy-update. This script fails to work due to changed behaviour of the ifupdown/dhclient/systemd combination and now also causes the loss of a dynamically allocated ipv4 IP address about 30 minutes after booting. - Add code to d/debian-edu-config.postinstall to implement the intended proxy setting update after a WPAD change just after rebooting the system. (It would otherwise happen at first DHCP lease renewal ~15 minutes later.) - Adjust Makefile and debian/dirs. $ debdiff debian-edu-config_2.10.65+deb10u5.dsc debian-edu-config_2.10.65+deb10u6.dsc |diffstat Makefile |1 - debian/changelog | 15 +++ debian/debian-edu-config.postinst | 20 +++- debian/dirs |1 - 4 files changed, 26 insertions(+), 11 deletions(-) The full diff is attached. Thanks for your work on buster! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C diff -Nru debian-edu-config-2.10.65+deb10u5/debian/changelog debian-edu-config-2.10.65+deb10u6/debian/changelog --- debian-edu-config-2.10.65+deb10u5/debian/changelog 2020-04-16 02:34:38.0 +0200 +++ debian-edu-config-2.10.65+deb10u6/debian/changelog 2020-07-26 15:13:43.0 +0200 @@ -1,3 +1,18 @@ +debian-edu-config (2.10.65+deb10u6) buster; urgency=medium + + [ Wolfgang Schweer ] + * Fix loss of dynamically allocated v4 IP address. (Closes: #966129) +- Drop etc/network/if-up.d/wpad-proxy-update. This script fails to work due + to changed behaviour of the ifupdown/dhclient/systemd combination and now + also causes the loss of a dynamically allocated ipv4 IP address about 30 + minutes after booting. +- Add code to d/debian-edu-config.postinstall to implement the intended + proxy setting update after a WPAD change just after rebooting the system. + (It would otherwise happen at first DHCP lease renewal ~15 minutes later.) +- Adjust Makefile and debian/dirs. + + -- Holger Levsen Sun, 26 Jul 2020 15:13:43 +0200 + debian-edu-config (2.10.65+deb10u5) buster; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-config-2.10.65+deb10u5/debian/debian-edu-config.postinst debian-edu-config-2.10.65+deb10u6/debian/debian-edu-config.postinst --- debian-edu-config-2.10.65+deb10u5/debian/debian-edu-config.postinst 2020-04-16 02:30:54.0 +0200 +++ debian-edu-config-2.10.65+deb10u6/debian/debian-edu-config.postinst 2020-07-26 15:04:00.0 +0200 @@ -224,20 +224,22 @@ chmod 600 /etc/sssd/sssd-debian-edu.conf chown root:root /etc/sssd/sssd-debian-edu.conf -# The scripts in /etc/network/if-up.d need to be executable. -# Drop wpad-proxy-update for the main server, it makes no sense to run the -# script at this time. Also drop it for the gateway, it doesn't make sense. -if egrep -q "(Main-Server)" /etc/debian-edu/config || grep -q gateway /etc/hostname; then -rm -f /etc/network/if-up.d/wpad-proxy-update -else - chmod +x /etc/network/if-up.d/wpad-proxy-update -fi +# Add post-up stanza to interfaces file to let proxy changes take effect +# immediately after reboot (would take up to 15 min. otherwise). Exclude the +# gateway; the script doesn't make sense and would taint network setup. + rm -f /etc/network/if-up.d/wpad-proxy-update +if [ -f /etc/network/interfaces ] && ! grep -q gateway /etc/hostname && \ + ! grep -q update-proxy /etc/network/interfaces ; then + sed -i '/iface eth0 inet dhcp/a \post-up \/usr\/share\/debian-edu-config\/tools\/update-proxy-from-wpad' \ + /etc/network/interfaces +fi # Add post-up stanza to interfaces file to let hostname changes take effect # immediately after reboot (would take up to 15 min. otherwise). Exclude the # gateway; the script doesn't make sense and would taint network setup. + rm -f /etc/network/if-up.d/hostname if [ -f /etc/network/interfaces ] && ! grep -q gateway /etc/hostname && \ - ! grep -q post-up /etc/network/interfaces ; then + ! grep -q update-hostname /etc/network
Bug#966310: buster-pu: package debian-edu-config/2.10.65+deb10u6
On Sun, Jul 26, 2020 at 03:19:49PM +0200, Holger Levsen wrote: > debian-edu-config (2.10.65+deb10u6) buster; urgency=medium I've uploaded now too (as it's Sunday afternoon already...) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
introducing an epoch for src:debian-security-support
hi, debian-security-support | 2019.12.12~deb8u2 | jessie-security | source, all debian-security-support | 2020.06.21~deb9u1 | stretch | source, all debian-security-support | 2020.06.21~deb10u1 | buster | source, all debian-security-support | 2020.07.12 | bullseye | source, all debian-security-support | 2020.07.12 | sid | source, all is what we currently have in the archive and which is a bit of a hassle to maintain due to keeping version constraints sane (=newer releases should always have higher versions) and since rather frequently there are changes only affecting older releases (so one has to upload to sid first, then do a stable update and then update oldstable to propagate something which is only relevant for oldstable atm.) Hence I propose to bump the epoch and introduce this versioning scheme: sid:0:11~2020.08.17 bullseye: 0:11~2020.08.17 buster: 0:10~2020.08.17 stretch:0:9~2020.08.17 and so on. Right now debian-security-support for stretch and jessie is already maintained in extra branches, not sure when this will be useful for buster as well. Feedback welcome. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Religion has been more harmful to humanity than cigarettes. signature.asc Description: PGP signature
Re: introducing an epoch for src:debian-security-support
Hi Emilio, On Wed, Aug 19, 2020 at 01:27:55PM +0200, Emilio Pozuelo Monfort wrote: > > Hence I propose to bump the epoch and introduce this versioning scheme: > > sid:0:11~2020.08.17 > > bullseye: 0:11~2020.08.17 > > and so on. > A 0 epoch is equal to no epoch, so you need 1: here. haha, right. I had this mail planned for some time but then wrote it rather spontaniously when seeing a similar mail on -devel and then I forgot this detail (which I was aware of)... > btw why keep the dates? I'd just do something like 11-1, 10-3, 9-5... The date > is still in the changelog if someone needs to look at it, but I don't think it > conveys any special information here. It makes it easier to see which suite has which content. If I see buster has 10-3 I need to check d/changelog to see if I need to update the package. If (I know that sid has 0:11~2020.08.20) and see that buster has 0:10~2020.08.17 and I know the change in 0:11~2020.08.20 was about stretch, I know - without looking - that I don't need to update the buster package. > Anyway that's up to you. The epoch sounds > good to me to disentangle the updates as most of the time updates to d-s-s > need > to happen to older releases, which carry older versions of packages, which are > no longer sustainable to maintain. yup. Thanks for your feedback! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C Moral, truth, long term- and holistic thinking seem to mean nothing to us. The emperors are naked. Every single one. It turns out our whole society is just one big nudist party. (Greta Thunberg about the world reacting to the corona crisis but not reacting appropriatly to the climate crisis.) signature.asc Description: PGP signature
Re: introducing an epoch for src:debian-security-support
hi Adrian, On Sat, Aug 22, 2020 at 09:41:46AM +0300, Adrian Bunk wrote: [...] > > is what we currently have in the archive and which is a bit of a hassle to > > maintain due to keeping version constraints sane (=newer releases should > > always > > have higher versions) and since [...] > Looks reasonable to me. thank you and everyone for your feedback on this matter! > > Hence I propose to bump the epoch and introduce this versioning scheme: > > > > sid:0:11~2020.08.17 > > bullseye: 0:11~2020.08.17 > > buster: 0:10~2020.08.17 > > stretch:0:9~2020.08.17 > > and so on. > >... > > Feedback welcome. > > One nitpick: > > ~ works, but the "before" semantics makes it look confusing. > 10~2020.08.17 is the 2020.08.17 snapshot/prerelease before 10. > > I would suggest one of >1:11.2020.08.17 >1:11+2020.08.17 awesome! I like nitpicking! (well, often.) I'll pick 1:11+2020.08.17 as this IMO looks better than 1:11.2020.08.17 and also because 1+1 is sorted lower by dpkg than 1.1... I'll do the git commit right away, though won't upload before more meaningful changes are there. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C "There's no glory in prevention." (Christian Drosten) signature.asc Description: PGP signature
