Bug#926817: unblock: publicsuffix/20190329.0756-1
Control: tags 926817 - moreinfo Control: retitle 926817 unblock: publicsuffix/20190415.1030-1 unblock publicsuffix/20190415.1030-1 On Sun 2019-04-14 12:35:44 +0200, Ivo De Decker wrote: > We don't accept debhelper compat changes during the freeze. Please do an > upload reverting that change and update this request after that. There are no differences between the binary package output for debhelper 11 and debhelper 12, but ok, i've reverted that change. I've gone ahead and updated to the latest upstream data as well. The updated debdiff is attached. Thanks for your work on the release! --dkg diff --git publicsuffix-20190221.0923-1/debian/changelog publicsuffix-20190415.1030-1/debian/changelog index 818926d..80eae84 100644 --- publicsuffix-20190221.0923-1/debian/changelog +++ publicsuffix-20190415.1030-1/debian/changelog @@ -1,3 +1,15 @@ +publicsuffix (20190415.1030-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Mon, 15 Apr 2019 13:47:04 -0400 + +publicsuffix (20190329.0756-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Wed, 03 Apr 2019 22:49:31 -0400 + publicsuffix (20190221.0923-1) unstable; urgency=medium * new upstream version diff --git publicsuffix-20190221.0923-1/debian/control publicsuffix-20190415.1030-1/debian/control index 683edff..e50f1e4 100644 --- publicsuffix-20190221.0923-1/debian/control +++ publicsuffix-20190415.1030-1/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 11~), psl-make-dafsa, python3-minimal, -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: https://publicsuffix.org Vcs-Browser: https://salsa.debian.org/debian/publicsuffix Vcs-Git: https://salsa.debian.org/debian/publicsuffix.git diff --git publicsuffix-20190221.0923-1/debian/upstream-changes.txt publicsuffix-20190415.1030-1/debian/upstream-changes.txt index f575c27..027116e 100644 --- publicsuffix-20190221.0923-1/debian/upstream-changes.txt +++ publicsuffix-20190415.1030-1/debian/upstream-changes.txt @@ -1,3 +1,143 @@ +commit 033221af7f600bcfce38dcbfafe03b9a2269c4cc +Author: İlhan Subaşı +Date: Mon Apr 15 13:30:45 2019 +0300 + +Update .TR (#741) + +- Add tsk.tr +- Sort entries + +commit 9375b697baddb0827a5995c81bd3c75877a0b35d +Author: Paulus Schoutsen +Date: Mon Apr 15 03:15:13 2019 -0700 + +Add Nabu Casa (#781) + +Nabu Casa offers Home Assistant Cloud, a cloud extension for the open source home automation platform Home Assistant. With Home Assistant Cloud, local running Home Assistant instances can be accessed via the internet and integrate with cloud-only services like Alexa and Google Assistant. + +To allow remote connection to Home Assistant instances, we're soon giving users the option to access their local running instance under the domain https://.ui.nabu.casa. These domains will be served by their local Home Assistant instances, not under our control. Home Assistant allows users to built extensions in both Python and JavaScript, which will allow the user to run any code under their domain. For security, cookies should not be allowed to be shared across subdomains. + +commit 93e545f2989a4541eb1cfdf9ed9ed9bb9e2e4ab4 +Author: Paul Cammish <30495014+pcamm...@users.noreply.github.com> +Date: Mon Apr 15 11:12:33 2019 +0100 + +Added uk0.bigv.io under Bytemark Hosting (#745) + +uk0.bigv.io is used as a domain name for our self-service customers, and therefore hosts various customer virtual machines under the same 'public' domain name. These domains are often used for administrative control panels, and other interfaces, so cookie security at this level would be very useful. + +Note: This had to be excluded from #620 due to technical issues preventing the DNS verification at the time, but that issue has now been resolved. + +commit b1bb1c841157eada1e88840e3d813e6fb8e8b81a +Author: Tom Whitwell +Date: Mon Apr 15 11:05:52 2019 +0100 + +Add GOV.UK PaaS client domains (#765) + +GOV.UK Platform as a Service is the UK Government's PaaS - these are the domains we use for client applications, ie. appname.cloudapps.digital / appname.london.cloudapps.digital. + +We need these domains to be in the public suffix list as each subdomain is specific to one client application: cookie isolation is required. + +Additionally, one of our subdomains has been flagged as phishing, which has resulted in the whole london.cloudapps.digital being flagged as dangerous. We would like an explicit distinction between independent subdomains. + +commit 826d762a078ae21cd8bb95fa8f38ae84bb3948e7 +Author: Rishabh +Date: Fri Mar 29 00:56:08 2019 -0700 + +Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768) + +At Discourse (Civilized Discourse Construction Kit, Inc.), we host free +discussion forums for open source organizations under the `discourse.group` domain. +
Bug#926817: unblock: publicsuffix/20190329.0756-1
Control: tags -1 moreinfo Hi, On Wed, Apr 10, 2019 at 03:31:07PM -0400, Daniel Kahn Gillmor wrote: > Please unblock package publicsuffix > > The publicsuffix package contains up-to-date descriptions of the network > environment. In addition to capturing the most recent state of the > DNS's public cutpoints, this update marks the correct level of debian > policy compliance (4.3.0) and moves to debhelper compat level 12 (no > changes to the generated tarball resulted from this shift in dh compat > level). We don't accept debhelper compat changes during the freeze. Please do an upload reverting that change and update this request after that. The other changes look ok. Thanks, Ivo
Bug#926817: unblock: publicsuffix/20190329.0756-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Control: affects -1 src:publicsuffix Please unblock package publicsuffix The publicsuffix package contains up-to-date descriptions of the network environment. In addition to capturing the most recent state of the DNS's public cutpoints, this update marks the correct level of debian policy compliance (4.3.0) and moves to debhelper compat level 12 (no changes to the generated tarball resulted from this shift in dh compat level). Buster should start off with an accurate state of the public network. The debdiff is attached. unblock publicsuffix/20190329.0756-1 Thanks for your work on Buster! --dkg diff --git publicsuffix-20190221.0923-1/debian/changelog publicsuffix-20190329.0756-1/debian/changelog index 818926d..6a336fc 100644 --- publicsuffix-20190221.0923-1/debian/changelog +++ publicsuffix-20190329.0756-1/debian/changelog @@ -1,3 +1,9 @@ +publicsuffix (20190329.0756-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor Wed, 03 Apr 2019 22:49:31 -0400 + publicsuffix (20190221.0923-1) unstable; urgency=medium * new upstream version diff --git publicsuffix-20190221.0923-1/debian/compat publicsuffix-20190329.0756-1/debian/compat deleted file mode 100644 index b4de394..000 --- publicsuffix-20190221.0923-1/debian/compat +++ /dev/null @@ -1 +0,0 @@ -11 diff --git publicsuffix-20190221.0923-1/debian/control publicsuffix-20190329.0756-1/debian/control index 683edff..f9f9dbe 100644 --- publicsuffix-20190221.0923-1/debian/control +++ publicsuffix-20190329.0756-1/debian/control @@ -3,10 +3,10 @@ Section: net Priority: optional Maintainer: Daniel Kahn Gillmor Build-Depends: - debhelper (>= 11~), + debhelper-compat (= 12), psl-make-dafsa, python3-minimal, -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: https://publicsuffix.org Vcs-Browser: https://salsa.debian.org/debian/publicsuffix Vcs-Git: https://salsa.debian.org/debian/publicsuffix.git diff --git publicsuffix-20190221.0923-1/debian/upstream-changes.txt publicsuffix-20190329.0756-1/debian/upstream-changes.txt index f575c27..b85f949 100644 --- publicsuffix-20190221.0923-1/debian/upstream-changes.txt +++ publicsuffix-20190329.0756-1/debian/upstream-changes.txt @@ -1,3 +1,102 @@ +commit 826d762a078ae21cd8bb95fa8f38ae84bb3948e7 +Author: Rishabh +Date: Fri Mar 29 00:56:08 2019 -0700 + +Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768) + +At Discourse (Civilized Discourse Construction Kit, Inc.), we host free +discussion forums for open source organizations under the `discourse.group` domain. +https://blog.discourse.org/2018/11/free-hosting-for-open-source-v2/ + +Therefore, each subdomain of discourse.group should be treated as a distinct domain. +Website: https://www.discourse.org/ + +As we host multiple forums under the discourse.group domain we'd like to add it to the PSL to: + +1. Ensure that each subdomain of discourse.group is treated as a distinct domain. +2. Adding cookie security. + +commit 1def5910a0c1db384691adf55f769de191b4f2b7 +Author: Vincent Fiduccia +Date: Fri Mar 29 00:53:18 2019 -0700 + +Add on-rancher.cloud and on-rio.io (#779) + +We are adding a feature to automatically provide each user cluster with a ..on-rancher.cloud (and on-rio.io) DNS entry, so each user-id is a mutually untrusting third-party that should not be able to set cookies readable by each other. We also plan to provide Let's Encrypt wildcard certs for each user-id. + +commit 2b92a7f2c9c91f1141faea73d3ec2d429da18698 +Author: Boris Rybalkin +Date: Fri Mar 29 07:49:12 2019 + + +Syncloud dynamic dns service (#727) + +Syncloud DDNS server (syncloud.it) hosts user's DNS records and also has its own site at syncloud.it. +So In practice allthesebelong todifferent people: +user1.syncloud.it +user2.syncloud.it +www.syncloud.it + +Also any incorrectly set cookie sharing across all three is not safe as different users can run anything under *.[user].syncloud.it + +commit e2e4e03ff8cba26140f973a8b64a24891d1789b9 +Author: Jennifer Herting +Date: Thu Mar 28 13:38:33 2019 -0400 + +Add git-pages.rit.edu (#690) + +Proper handling of the namespace by browsers. +Prevention of cookie based attacks among others. Sites hosted under this namespace will be controlled by any number of students, staff, faculty, etc. + +commit a4ebab27463e90f80d3ab99220af90211299d7e1 +Author: Jake Riesterer +Date: Thu Mar 28 12:36:52 2019 -0500 + +Add workers.dev (#772) + +Cloudflare customers will given a subdomain of workers.dev to which they can deploy their serverless applications. Because subdomains are each controlled by different customers, they should be treated as separate domains for cookie purposes. + +commit f2f5143bc727d695f41195fe0300ff2133a79953 +Author:
