Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sitesumm...@packages.debian.org
Control: affects -1 + src:sitesummary
While working on the initial Debian Edu release, Guido Berhöster has
worked on the sitesummary package. All changes target Debian Edu 12, so
we want to release the current version (0.1.55) to Debian bookworm (as
0.1.55~deb12u1).
[ Reason ]
Various slightly security relevant issues have been discovered in
sitesummary that have been resolved (between 0.1.54 and 0.1.55).
Also, a workaround is included for an issue with certain PC hardware
implementations when collecting system data via lspci (screen blackouts
during lspci run).
Furthermore, more SysV -> systemd work was needed.
[ Impact ]
The sitesummary in Debian Edu 12 will be broken if this bookworm-pu gets
rejected.
[ Tests ]
Manual tests on two test systems running a pre-version of Debian Edu 12.
[ Risks ]
As sitesummary is probably not used by anyone except from Debian Edu, the
risk will probably be very minimal to Debian users.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+sitesummary (0.1.55~deb12u1) bookworm; urgency=medium
+
+ * Release to bookworm as 0.1.55~deb12u1.
+
+ -- Mike Gabriel Wed, 23 Aug 2023 13:02:51 +0200
+
+sitesummary (0.1.55) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Fix insecure temporary file and directory creation, error checking.
+Seurely create a temporary directory using mktemp and check for errors both
+when creating the directory and wehn changing the current working
directory.
+Place the tarball inside the temporary directory instead of using a
predictable
+file name in /tmp which may lead to a symlink attack. Ensure the temporary
+directory is always removed. (Closes: #1050289).
+ * Use quoting for fragments.
+
+ -- Mike Gabriel Wed, 23 Aug 2023 10:43:16 +0200
+
+sitesummary (0.1.54) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Disable usage of lspci on clients by default
+This works around a bug that turns off the screen on certain Intel NUC
+models. It can be re-enabled by setting the environment variable
+ENABLE_LSPCI to an arbitrary value.
+
+ -- Mike Gabriel Tue, 22 Aug 2023 15:31:03 +0200
+
+sitesummary (0.1.53) unstable; urgency=medium
+
+ [ Dominik George ]
+ * Remove myself from Uploaders.
+
+ [ Guido Berhoerster ]
+ * Place munin configuration in include file. (Closes: #762652).
+ * Add systemd timer unit for sitesummary-client. (Closes: #1039369).
+ * Add systemd timer for sitesummary maintenance.
+
+ [ Debian Janitor ]
+ * Apply multi-arch hints. + libsitesummary-perl: Add Multi-Arch: foreign.
+
+ -- Mike Gabriel Thu, 10 Aug 2023 18:00:37 +0200
+
+sitesummary (0.1.52) unstable; urgency=medium
+
+ * debian/control:
++ Update R: (sitesummary-client): 'cron' -> 'cron | cron-daemon'. (Closes:
+ #1038956).
+
+ -- Mike Gabriel Thu, 29 Jun 2023 20:55:33 +0200
[ Other info ]
None. Feel free to ask for more details, if needed.
diff -Nru sitesummary-0.1.51/collect.d/system
sitesummary-0.1.55~deb12u1/collect.d/system
--- sitesummary-0.1.51/collect.d/system 2019-04-06 15:59:51.0 +0200
+++ sitesummary-0.1.55~deb12u1/collect.d/system 2023-08-23 13:01:58.0
+0200
@@ -13,7 +13,7 @@
dmidecode > dmidecode 2> /dev/null
fi
-if [ -d /proc/bus/pci ] && type lspci >/dev/null 2>&1; then
+if [ -d /proc/bus/pci ] && [ -n "${ENABLE_LSPCI}" ] && type lspci >/dev/null
2>&1; then
lspci > lspci
lspci -n> lspci-n
fi
diff -Nru sitesummary-0.1.51/debian/changelog
sitesummary-0.1.55~deb12u1/debian/changelog
--- sitesummary-0.1.51/debian/changelog 2022-02-13 09:41:47.0 +0100
+++ sitesummary-0.1.55~deb12u1/debian/changelog 2023-08-23 13:02:51.0
+0200
@@ -1,3 +1,55 @@
+sitesummary (0.1.55~deb12u1) bookworm; urgency=medium
+
+ * Release to bookworm as 0.1.55~deb12u1.
+
+ -- Mike Gabriel Wed, 23 Aug 2023 13:02:51 +0200
+
+sitesummary (0.1.55) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Fix insecure temporary file and directory creation, error checking.
+Seurely create a temporary directory using mktemp and check for errors both
+when creating the directory and wehn changing the current working
directory.
+Place the tarball inside the temporary directory instead of using a
predictable
+file name in /tmp which may lead to a symlink attack. Ensure the temporary
+directory is always removed. (Closes: #1050289).
+ * Use quoting for fragments.
+
+ -- Mike Gabriel Wed, 23 Aug 2023 10:43:16 +0200
+
+sitesummary (0.1.54) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Disable usage of lspci on clients by default
+This works around a bug that turns off the