date:20170727

Bug#869854: nmu: restbed-4.0~dfsg1-4 on armel

2017-07-27 Thread Alexandre Viau

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hello,

It looks like it was restbed rebuilt on all architectures except armel.
Ring,which depends on restbed, fails to build on armel. I could
reproduce the build failure on a porter box. Then I rebuilt restbed and
it solved the issue.

This is my first time doing this:

nmu restbed-4.0~dfsg1-4 . armel . -m 'Rebuild against ssl1.1'

Cheers <3

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#864028: stretch-pu: package flatpak 0.8.7-1~deb9u1

2017-07-27 Thread Simon McVittie

Hi,
Now that stretch r1 is out, can this update be considered for r2?

Filtered diff (patched tree in security vs. what I propose) in
https://lists.debian.org/debian-release/2017/07/msg00555.html aka
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864028#57 aka
Message-ID: <20170715163609.nemdxrefaeird...@perpetual.pseudorandom.co.uk>.
Notes on the differences and what I filtered are in the same mail.

I would also be happy to add the equivalent of
https://anonscm.debian.org/git/collab-maint/flatpak.git/diff/?id=debian/0.8.7-2=debian/0.8.7-1
to make this flatpak compatible with buster's libostree, if the SRMs
would be OK with that; that would turn it into 0.8.7-2~deb9u1. The
relevant commits will be in upstream release 0.8.8 eventually.

Thanks,
S

Bug#869920: stretch-pu: package whois/5.2.17+deb9u1

2017-07-27 Thread Marco d'Itri

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

ICANN mandated a whois output change that broke the .com, .net, .jobs, 
.bz, .cc and .tv gTLDs, so we need a stable update.
At the same time I would also like to fix support for 6to4 IP addresses, 
which I forgot to upload in time for the release.
The other changes are just database updates.


diff -Nru whois-5.2.15/debian/changelog whois-5.2.17+deb9u1/debian/changelog
--- whois-5.2.15/debian/changelog   2017-02-27 00:37:41.0 +0100
+++ whois-5.2.17+deb9u1/debian/changelog2017-07-27 17:45:04.0 
+0200
@@ -1,3 +1,32 @@
+whois (5.2.17+deb9u1) unstable; urgency=high
+
+  * Rebuilt for stretch.
+
+ -- Marco d'Itri   Thu, 27 Jul 2017 17:45:04 +0200
+
+whois (5.2.17) unstable; urgency=high
+
+  * Fixed whois referrals for .com, .net, .jobs, .bz, .cc and .tv, broken
+by an ICANN-mandated output change:
+https://www.icann.org/resources/pages/rdds-labeling-policy-2017-02-01-en
+  * Added the .xn--2scrj9c (ಭಾರತ, India), .xn--3hcrj9c (ଭାରତ, India),
+.xn--45br5cyl (ভাৰত, India), .xn--h2breg3eve (भारतम्, India),
+.xn--h2brj9c8c (भारोत, India), .xn--mgbbh1a (ﺏﺍﺮﺗ, India),
+.xn--mgbgu82a (ڀﺍﺮﺗ, India) and .xn--rvc1e0am3e (ഭാരതം, India)
+TLD servers.
+  * Updated the list of new gTLDs.
+  * whois.1: fixed a typo. (Closes: #866742)
+
+ -- Marco d'Itri   Thu, 27 Jul 2017 17:08:47 +0200
+
+whois (5.2.16) unstable; urgency=medium
+
+  * Fixed parsing of 6to4 addresses broken in 5.2.15.
+  * Updated the .do TLD server.
+  * Updated the list of new gTLDs.
+
+ -- Marco d'Itri   Mon, 13 Mar 2017 01:40:38 +0100
+
 whois (5.2.15) unstable; urgency=medium
 
   * Updated the .gf and .mq TLD servers.
diff -Nru whois-5.2.15/new_gtlds_list whois-5.2.17+deb9u1/new_gtlds_list
--- whois-5.2.15/new_gtlds_list 2017-02-27 00:37:41.0 +0100
+++ whois-5.2.17+deb9u1/new_gtlds_list  2017-07-27 17:44:55.0 +0200
@@ -60,6 +60,7 @@
 app
 apple
 aquarelle
+arab
 aramco
 archi
 army
@@ -333,6 +334,7 @@
 esq
 estate
 esurance
+etisalat
 eurovision
 eus
 events
@@ -446,6 +448,7 @@
 gratis
 green
 gripe
+grocery
 group
 guardian
 gucci
@@ -487,6 +490,7 @@
 hosting
 hot
 hoteles
+hotels
 hotmail
 house
 how
@@ -635,6 +639,7 @@
 man
 management
 mango
+map
 market
 marketing
 markets
@@ -655,6 +660,7 @@
 men
 menu
 meo
+merckmsd
 metlife
 miami
 microsoft
@@ -768,6 +774,7 @@
 pet
 pfizer
 pharmacy
+phd
 philips
 phone
 photo
@@ -855,6 +862,7 @@
 rogers
 room
 rsvp
+rugby
 ruhr
 run
 rwe
@@ -890,6 +898,7 @@
 scjohnson
 scor
 scot
+search
 seat
 secure
 security
@@ -1169,6 +1178,7 @@
 xn--kput3i
 xn--mgba3a3ejt
 xn--mgba7c0bbn0a
+xn--mgbaakc7dvf
 xn--mgbab2bd
 xn--mgbb9fbpob
 xn--mgbca7dzdo
@@ -1178,6 +1188,7 @@
 xn--mxtq1m
 xn--ngbc5azd
 xn--ngbe9e0a
+xn--ngbrx
 xn--nqv7f
 xn--nqv7fs00ema
 xn--nyqy26a
diff -Nru whois-5.2.15/tld_serv_list whois-5.2.17+deb9u1/tld_serv_list
--- whois-5.2.15/tld_serv_list  2017-02-27 00:37:41.0 +0100
+++ whois-5.2.17+deb9u1/tld_serv_list   2017-07-27 17:44:55.0 +0200
@@ -127,7 +127,7 @@
 .djWEB http://www.nic.dj/whois.php
 .dkwhois.dk-hostmaster.dk
 .dmwhois.nic.dm
-.doWEB http://www.nic.do/whois-h.php3
+.dowhois.nic.do
 .dzwhois.nic.dz
 .ecwhois.nic.ec
 .eewhois.tld.ee
@@ -183,7 +183,7 @@
 .joWEB http://www.dns.jo/Whois.aspx
 .jpwhois.jprs.jp
 .kewhois.kenic.or.ke
-.kgwhois.domain.kg
+.kgwhois.kg
 .khNONE# 
http://www.trc.gov.kh/index.php/en/newsCategory/view?id=42_id=68
 .kiwhois.nic.ki
 .kmNONE# www.domaine.km
@@ -349,7 +349,10 @@
 
 # AW means that I had to guess the whois server name, but I was not able
 # to find any registered subdomains to verify it.
+.xn--2scrj9c   whois.inregistry.net# India
 .xn--3e0b707e  whois.kr# Korea, Republic of
+.xn--3hcrj9c   whois.inregistry.net# India
+.xn--45br5cyl  whois.inregistry.net# India
 .xn--45brj9c   whois.inregistry.net# India, Bengali AW
 .xn--54b7fta0ccNONE# Bangladesh
 .xn--80ao21a   whois.nic.kz# Kazakhstan
@@ -364,6 +367,8 @@
 .xn--fpcrj9c3d whois.inregistry.net# India, Telugu AW
 .xn--fzc2c9e2c whois.nic.lk# Sri Lanka, Sinhala
 .xn--gecrj9c   whois.inregistry.net# India, Gujarati AW
+.xn--h2breg3evewhois.inregistry.net# India
+.xn--h2brj9c8c whois.inregistry.net# India
 .xn--h2brj9c   whois.inregistry.net# India, Hindi AW
 .xn--j1amh whois.dotukr.com# Ukraine
 .xn--j6w193g   whois.hkirc.hk  # Hong Kong
@@ -371,24 +376,27 @@
 .xn--kpry57d   whois.twnic.net.tw  # Taiwan, Traditional Chinese
 .xn--l1acc NONE# Mongolia
 .xn--lgbbat1ad8j   whois.nic.dz

Bug#869956: transition: libevent 2.1.8-stable-2

2017-07-27 Thread Balint Reczey

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Block: -1 by 869900  869902 869951

Dear Release Team,

I would like to upload libevent 2.1.8-stable to unstable.

Test rebuild in Debian revealed 3 reverse build dependencies which
FTBFS and I filed
bugs against them linking to the build logs [1].

Test rebuild in Ubuntu showed similar results with a few unrelated
build failures [2]

Thanks,
Balint

[1] 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=libevent-20170726=rbalint%40ubuntu.com;dist=unstable
[2] https://launchpad.net/~rbalint/+archive/ubuntu/libevent-2.1/+packages

-- 
Balint Reczey
Debian & Ubuntu Developer

Bug#869949: jessie-pu: package ipsec-tools/1:0.8.2+20140711-2+deb8u1

2017-07-27 Thread Noah Meyerhans

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I'd like to update ipsec-tools in the next oldstable point release to
address a security vulnerability in which a remote unauthenticated
attacker could cause racoon to exhause CPU resources resulting in a
denial-of-service. Because the issue has been known for some time, the
security team does not feel that this warrants a DSA. Instead it should
be updated via (old)stable-updates. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986 for details.

Note also that I already uploaded a package targeting stable-updates
without prior approval.  Apologies for getting the process wrong in that
case.

debdiff is attached. The diffstat is:
 changelog|6 ++
 patches/CVE-2016-10396.patch |  201 

 patches/series   |1 
 3 files changed, 208 insertions(+)

Thanks
noah
diff -Nru ipsec-tools-0.8.2+20140711/debian/changelog 
ipsec-tools-0.8.2+20140711/debian/changelog
--- ipsec-tools-0.8.2+20140711/debian/changelog 2015-05-22 01:03:06.0 
-0700
+++ ipsec-tools-0.8.2+20140711/debian/changelog 2017-07-27 14:37:54.0 
-0700
@@ -1,3 +1,9 @@
+ipsec-tools (1:0.8.2+20140711-2+deb8u2) oldstable; urgency=medium
+
+  * Import NetBSD's patch to address CVE-2016-10396 (Closes: #867986)
+
+ -- Noah Meyerhans   Thu, 27 Jul 2017 14:37:54 -0700
+
 ipsec-tools (1:0.8.2+20140711-2+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru ipsec-tools-0.8.2+20140711/debian/patches/CVE-2016-10396.patch 
ipsec-tools-0.8.2+20140711/debian/patches/CVE-2016-10396.patch
--- ipsec-tools-0.8.2+20140711/debian/patches/CVE-2016-10396.patch  
1969-12-31 16:00:00.0 -0800
+++ ipsec-tools-0.8.2+20140711/debian/patches/CVE-2016-10396.patch  
2017-07-27 14:37:54.0 -0700
@@ -0,0 +1,201 @@
+Description: Fix remotely exploitable DoS. 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
+Source: vendor; 
https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
+Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
+
+Index: pkg-ipsec-tools/src/racoon/isakmp_frag.c
+===
+--- pkg-ipsec-tools.orig/src/racoon/isakmp_frag.c
 pkg-ipsec-tools/src/racoon/isakmp_frag.c
+@@ -1,4 +1,4 @@
+-/*$NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $   */
++/*$NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $  
*/
+ 
+ /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
+ 
+@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
+   return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
+ }
+ 
++static int 
++isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
++{
++  struct isakmp_frag_item *pitem = NULL;
++  struct isakmp_frag_item *citem = iph1->frag_chain;
++
++  /* no frag yet, just insert at beginning of list */
++  if (iph1->frag_chain == NULL) {
++  iph1->frag_chain = item;
++  return 0;
++  }
++
++  do {
++  /* duplicate fragment number, abort (CVE-2016-10396) */
++  if (citem->frag_num == item->frag_num)
++  return -1;
++
++  /* need to insert before current item */
++  if (citem->frag_num > item->frag_num) {
++  if (pitem != NULL)
++  pitem->frag_next = item;
++  else
++  /* insert at the beginning of the list  */
++  iph1->frag_chain = item;
++  item->frag_next = citem;
++  return 0;
++  }
++
++  pitem = citem;
++  citem = citem->frag_next;
++  } while (citem != NULL);
++
++  /* we reached the end of the list, insert */
++  pitem->frag_next = item;
++  return 0;
++}
++
+ int 
+ isakmp_frag_extract(iph1, msg)
+   struct ph1handle *iph1;
+@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
+   item->frag_next = NULL;
+   item->frag_packet = buf;
+ 
+-  /* Look for the last frag while inserting the new item in the chain */
+-  if (item->frag_last)
+-  last_frag = item->frag_num;
++  /* Check for the last frag before inserting the new item in the chain */
++  if (item->frag_last) {
++  /* if we have the last fragment, indices must match */
++  if (iph1->frag_last_index != 0 &&
++  item->frag_last != iph1->frag_last_index) {
++  plog(LLV_ERROR, LOCATION, NULL,
++   "Repeated last fragment index mismatch\n");
++  racoon_free(item);
++  vfree(buf);
++  return -1;
++

NEW changes in stable-new

2017-07-27 Thread Debian FTP Masters

Processing changes file: enigmail_1.9.8.1-1~deb9u1_amd64.changes
  REJECT

Bug#869854: nmu: restbed-4.0~dfsg1-4 on armel

Bug#864028: stretch-pu: package flatpak 0.8.7-1~deb9u1

Bug#869920: stretch-pu: package whois/5.2.17+deb9u1

Bug#869956: transition: libevent 2.1.8-stable-2

Bug#869949: jessie-pu: package ipsec-tools/1:0.8.2+20140711-2+deb8u1

NEW changes in stable-new

6 matches

Site Navigation

Mail list logo

Footer information