NEW changes in stable-new
Processing changes file: base-files_8+deb8u6_amd64.changes ACCEPT Processing changes file: base-files_8+deb8u6_arm64.changes ACCEPT Processing changes file: base-files_8+deb8u6_armel.changes ACCEPT Processing changes file: base-files_8+deb8u6_armhf.changes ACCEPT Processing changes file: base-files_8+deb8u6_i386.changes ACCEPT Processing changes file: base-files_8+deb8u6_mips.changes ACCEPT Processing changes file: base-files_8+deb8u6_mipsel.changes ACCEPT Processing changes file: base-files_8+deb8u6_powerpc.changes ACCEPT Processing changes file: base-files_8+deb8u6_ppc64el.changes ACCEPT Processing changes file: base-files_8+deb8u6_s390x.changes ACCEPT
Bug#837458: jessie-pu: package mactelnet/0.4.0-1
Hi, Disclaimer, I'm not member of the release team/stable release managers. > Request for uploading to stable, as there is posted a CVE for a bug > in mactelnet-client. > This update is a backport of the fix that is done upstream, that > fixes only the mentioned bug. Generally the stable release managers request that the fix should land first in unstable, could you upload the fix as well there? Or Is there a new upstream version which could be uploaded? Regards, Salvatore
Bug#837312: marked as done (nmu: cdist_4.3.1-1)
Your message dated Mon, 12 Sep 2016 00:03:35 + with message-idand subject line Bug#837312: fixed in cdist 4.3.1-2 has caused the Debian Bug report #837312, regarding nmu: cdist_4.3.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 837312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837312 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, cdist-doc depends on "sphinx-common (<< 1.4.5.0~), sphinx-common (>= 1.4.5)". This causes the following issues: * It's uninstallable in unstable * sphinx doesn't migrate to testing[0] Rebuilding against sphinx 1.4.6-1 inside a clean chroot (e.g. pbuilder) helps[1]. So please schedule a BinNMU on architecture "all" for cdist: nmu cdist_4.3.1-1 . all . unstable . -m "Rebuild documentation against sphinx 1.4.6" (Hope, I got the "Architecture: all" thing right in the line above. :-) [0] https://qa.debian.org/excuses.php?package=sphinx [1] Be aware of https://bugs.debian.org/837311 (cdist FTBFS with additional packages being installed; seems a Python 2 vs 3 issue) -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-rc5-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) --- End Message --- --- Begin Message --- Source: cdist Source-Version: 4.3.1-2 We believe that the bug you reported is fixed in the latest version of cdist, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 837...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Bogatov (supplier of updated cdist package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 10 Sep 2016 16:33:38 +0300 Source: cdist Binary: cdist cdist-doc Architecture: source all Version: 4.3.1-2 Distribution: unstable Urgency: medium Maintainer: Dmitry Bogatov Changed-By: Dmitry Bogatov Description: cdist - Usable Configuration Management System cdist-doc - Usable Configuration Management System (html documentation) Closes: 837311 837312 Changes: cdist (4.3.1-2) unstable; urgency=medium . * Rebuild for unstable to get latest sphinx dependency (Closes: #837312) * Force `sphinx-build' use Python3 (Closes: #837311) Checksums-Sha1: c346848569af0dac9961f396719b529e954701eb 1996 cdist_4.3.1-2.dsc 980f9c1750131679b5b5e7eb281a39c5f7148725 7432 cdist_4.3.1-2.debian.tar.xz 644ae84ca4c17ca793922374cd252c76b61f8b3e 144806 cdist-doc_4.3.1-2_all.deb 8274b4845109345a123e6b85a0766a8ff86bb1a8 237004 cdist_4.3.1-2_all.deb Checksums-Sha256: 4d6922dffd019c67dc58afb918ca4b6a34dcdcb97195c38ae6f3eb329ba95e75 1996 cdist_4.3.1-2.dsc e0fc48af2e46707794fdc78c99cac2532163d77346f046e364d512c8cdb6e5dc 7432 cdist_4.3.1-2.debian.tar.xz 000dbd2111e52046a3ccedafbcb878468f0d9df7b5e5df523ecccf2e03d5eb91 144806 cdist-doc_4.3.1-2_all.deb 182db0ba6ea6a299501fea321d0074a74bf706bd020a6f4c8743b3a594fa66aa 237004 cdist_4.3.1-2_all.deb Files: e0641a3af34e645f88bc9c39ad6a03c5 1996 admin optional cdist_4.3.1-2.dsc f74a0fb8a047fd861e6ccbc28c0ca465 7432 admin optional cdist_4.3.1-2.debian.tar.xz 4b48bb6d72cc4aed7d5c609c6aca8b47 144806 doc optional cdist-doc_4.3.1-2_all.deb caa744c7156d2941f281fb668302ac49 237004 admin optional cdist_4.3.1-2_all.deb -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJX1eswAAoJEGvmY8daNcl1phoP/i3yHOaQ8iA+hCttAAf4n8wt UwxIAtJsC9cQvkorba9zHwMmIJNX8YpyjS0MEkKrAXkU1rxxpPnSHC47NYCoBfu8 I1VgHjlO5KLtu21VYKa+O5CH0bS+dAyf9nvFv9mExLEUpiRQP9PScqcARDLWj5hi fss5j2zI8owKk5+QRatIgbWSdJPOXKktNGmCeZeIeVKDVUACzFm6pYWmwi0rvrgk kS1heiyvh3sTaHe0kHVGkcHJhgZMdjsaiFW7Il6kii/vgMq1iahyh7FIZm2Lk4Cm 9n6kUMLId7tPU0Mnb8WPJgDt2ydayx4g8CHQ3Q4PqshgAzvl1CHeDLMJOJ7xsOq7
Bug#837312: Bug#837311: cdist: FTBFS with some additional packages being installed: ImportError: No module named sphinx_rtd_theme
Hi Dmitry, Dmitry Bogatov wrote: > > > I will add Build-Conflicts: in incoming 18 hours, ping you, you will > > > upload, and bug will be closed. [...] > New version on mentors, with following changelog: > > * Rebuild for unstable to get latest sphinx dependency (Closes: #837312) > * Force `sphinx-build' use Python3 (Closes: #837311) Thanks! Uploaded. Regards, Axel -- ,''`. | Axel Beckert, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
NEW changes in stable-new
Processing changes file: flashplugin-nonfree_3.6.1+deb8u1_i386.changes ACCEPT
NEW changes in stable-new
Processing changes file: base-files_8+deb8u6_source.changes ACCEPT
Bug#834854: jessie-pu: package charybdis/3.4.2-5~deb8u1
Control: tags -1 -moreinfo Hi, New developments on the Charybdis front: a patch has been developed upstream to fix the issue, but it is pretty invasive. They have basically rewritten the whole GNUTLS backend to make it on par with the other implementations. It's a good thing: there were memory leaks and all sorts of other issues, namely one that I mentioned earlier. At the very least, we'd need to factor in this p-u a patch like this one: https://github.com/charybdis-ircd/charybdis/issues/215#issuecomment-246202759 ... to fix timeout issues in the gnutls code that crashes the ssld. But even with that, there are at least two major issues that should be fixed here: 1. Charybdis 3.4 supports only SHA-1 for certificates, which has serious security vulnerabilities. To give an unrelated example, the APT team plans to remove all SHA-1 support in their repositories next year 2. 3.4 also has several memory leaks that are fixed by the gnutls rewrite. There are three way forward here: 1. ignore the above two extra issues and simply add the patch for #215 to the pile of patches in jessie 2. import the new gnutls.c module from an eventual new 3.5 release upstream directly in jessie - this may be difficult because of internal API changes 3. import 3.5.x directly in jessie I would like to have feedback from the release team as to which approach to take forward. Thanks! A. -- Advertisers, not governments, are the primary censors of media content in the United States today. - C. Edwin Baker
Processed: Re: Bug#834854: jessie-pu: package charybdis/3.4.2-5~deb8u1
Processing control commands: > tags -1 -moreinfo Bug #834854 [release.debian.org] jessie-pu: package charybdis/3.4.2-5~deb8u1 Removed tag(s) moreinfo. -- 834854: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834854 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#837469: nmu: dose3_5.0.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu dose3_5.0.1-1 . ANY . unstable . -m "rebuild for camlzip 1.06-1"
Re: Bug#836940: [buildd-tools-devel] Bug#836940: cowbuilder, sbuild: should behave identically in regard to default gnupg installation
On Thu, Sep 8, 2016 at 13:35:51 +0200, Lucas Nussbaum wrote: > 1) packages failing to build when gnupg is not installed in the chroot. > gnupg is priority: important, and is not installed by debootstrap > --variant=buildd. > > 2) packages failing to build when tzdata is not installed in the chroot. > tzdata is priority: required, and it is installed by debootstrap > --variant=buildd. But since it is not essential, not build-essential, > and not a dependency of essential or build-essential packages, it can > safely be removed (e.g. with debfoster -o MaxPriority=required). I > count about 150 packages failing in that case. > > Both classes of bugs are valid bugs. However, I'm wondering if it's OK > to consider both classes as release critical. > I think they should both be serious, and tzdata's priority should be fixed up by ftpmaster. Cheers, Julien
Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1
On Wed, Sep 7, 2016 at 11:48:46 +0200, Victor Seva wrote: > diff -Nru kamailio-4.2.0/debian/patches/fix_tls.patch > kamailio-4.2.0/debian/patches/fix_tls.patch > --- kamailio-4.2.0/debian/patches/fix_tls.patch 1970-01-01 > 01:00:00.0 +0100 > +++ kamailio-4.2.0/debian/patches/fix_tls.patch 2016-09-07 > 10:00:32.0 +0200 > @@ -0,0 +1,34 @@ > +From 0a5f99b28d01d79cf2675df6d2a6220167e2476e Mon Sep 17 00:00:00 2001 > +From: Daniel-Constantin Mierla> +Date: Tue, 7 Jun 2016 15:21:06 +0200 > +Subject: [PATCH] tls: proper check of libssl versions used for compilation > and > + available on system > + > +- shift out the last 12bits, being the patch version and status (see man > + SSLeay) > +- reported by Victor Seva, GH #662 > + > +(cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf) > +(cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2) > +(cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f) > +--- > + modules/tls/tls_init.c | 6 -- > + 1 file changed, 4 insertions(+), 2 deletions(-) > + > +diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c > +index a381be1..7bfc10f 100644 > +--- a/modules/tls/tls_init.c > b/modules/tls/tls_init.c > +@@ -543,8 +543,10 @@ int init_tls_h(void) > + #endif > + ssl_version=SSLeay(); > + /* check if version have the same major minor and fix level > +- * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */ > +-if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){ > ++ * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) > ++ * - values is represented as 0xMMNNFFPPS: major minor fix patch status > ++ * 0x00090705f == 0.9.7e release */ > ++if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){ > + LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library " > + "version is too different from the library the > ser tls module " > + "was compiled with: installed \"%s\" (0x%08lx), > compiled " TBH, this seems just as wrong; libssl has a SONAME for a reason, no need to reinvent broken checks in each user. Cheers, Julien
Bug#836592: jessie-pu: package gdcm/2.4.4-3
On Fri, Sep 9, 2016 at 17:33:08 +0100, Adam D. Barratt wrote: > On Fri, 2016-09-09 at 17:08 +0200, Gert Wollny wrote: > > > As far as I can tell, the problem isn't the documentation, it's: > > > > > > make[3]: *** No rule to make target > > > '/usr/lib/jvm/default-java/jre/lib/ppc64/libjawt.so', needed by > > > 'bin/libvtkgdcmJava.so'. Stop. > > > > > > > > Agreed, I didn't see this because I was scanning for "error:". > > > > The compilation failure is still unrelated to the patches though, > > because the patches only touch the C++ code, the compilation error is a > > result of some problem on the part that cmake does. > > > > At the beginning of the build log one can even see that the library is > > correctly detected in the JRE ppc64el sub-directory, but later it wants > > ppc64 only and I can't find the according code in the gdcm VTK java > > module definition. > > I was wondering if this might be a similar issue to javatool's #833572 > (now fixed in p-u), but I don't know either gdcm or Java packaging in > general well enough to immediately point to a solution I'm afraid. > After apt-get build-dep gdcm: (jessie_ppc64el-dchroot)jcristau@plummer:~$ rgrep ppc64/libjawt /usr/lib/ /usr/lib/vtk-5.8/VTKTargets-release.cmake: IMPORTED_LINK_INTERFACE_LIBRARIES_RELEASE "vtkGraphics;vtkFilteringJava;/usr/lib/jvm/default-java/jre/lib/ppc64/libjawt.so" /usr/lib/vtk-5.8/VTKTargets-release.cmake: IMPORTED_LINK_INTERFACE_LIBRARIES_RELEASE "vtkRendering;vtkGraphicsJava;vtkImagingJava;/usr/lib/jvm/default-java/jre/lib/ppc64/libjawt.so" /usr/lib/vtk-5.8/VTKTargets-release.cmake: IMPORTED_LINK_INTERFACE_LIBRARIES_RELEASE "vtkCharts;vtkViewsJava;/usr/lib/jvm/default-java/jre/lib/ppc64/libjawt.so" /usr/lib/vtk-5.8/VTKConfig-Java.cmake:SET(VTK_JAVA_AWT_LIBRARY "/usr/lib/jvm/default-java/jre/lib/ppc64/libjawt.so") cmake brain damage strikes again. Cheers, Julien
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sat, Sep 10, 2016 at 12:34:51 +0100, Adam D. Barratt wrote: > On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote: > > Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet). > > But it's true we asked (originally Andrew Barlett), to have samba > > updated via a point release to adresss remaining (minor) regressions > > introduced by the original fixes. Samba upstream has released several > > updates in meanwhile and the idea was to have the packages exposed to > > more wider testing via the jessie-proposed-updates before beeing > > included in stable. > > Okay, thanks. That makes sense, although a package uploaded now will > either not get much (if any) testing or have to wait for 8.7. > Even if we wait for 8.7, it's not like p-u gets a lot of user attention. Cheers, Julien
Bug#837458: jessie-pu: package mactelnet/0.4.0-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Request for uploading to stable, as there is posted a CVE for a bug in mactelnet-client. This update is a backport of the fix that is done upstream, that fixes only the mentioned bug. Mor information here: https://security-tracker.debian.org/tracker/CVE-2016-7115 and here: https://bugs.debian.org/836320 -- System Information: Debian Release: stretch/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-21-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru mactelnet-0.4.0/debian/changelog mactelnet-0.4.0/debian/changelog --- mactelnet-0.4.0/debian/changelog 2016-09-10 23:43:04.0 +0200 +++ mactelnet-0.4.0/debian/changelog 2016-09-10 23:46:41.0 +0200 @@ -1,3 +1,9 @@ +mactelnet (0.4.0-2) stable; urgency=low + + * Backported bugfix of CVE 2016-7115 (closes: 836320) + + -- Håkon NessjøenSun, 10 Sep 2016 23:11:32 +0200 + mactelnet (0.4.0-1) unstable; urgency=low * Upstream release 0.4.0 diff -Nru mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch --- mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch 1970-01-01 01:00:00.0 +0100 +++ mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch 2016-09-10 23:49:20.0 +0200 @@ -0,0 +1,51 @@ +--- a/mactelnet.c b/mactelnet.c +@@ -75,7 +75,7 @@ + + static int keepalive_counter = 0; + +-static unsigned char encryptionkey[128]; ++static unsigned char pass_salt[16]; + static char username[255]; + static char password[255]; + static char nonpriv_username[255]; +@@ -191,18 +191,21 @@ + char *terminal = getenv("TERM"); + char md5data[100]; + unsigned char md5sum[17]; +- int plen; ++ int plen, act_pass_len; + md5_state_t state; + +- /* Concat string of 0 + password + encryptionkey */ ++ /* calculate the actual password's length */ ++ act_pass_len = strnlen(password, 82); ++ ++ /* Concat string of 0 + password + pass_salt */ + md5data[0] = 0; +- strncpy(md5data + 1, password, 82); +- md5data[83] = '\0'; +- memcpy(md5data + 1 + strlen(password), encryptionkey, 16); ++ memcpy(md5data + 1, password, act_pass_len); ++ /* in case that password is long, calculate only using the used-up parts */ ++ memcpy(md5data + 1 + act_pass_len, pass_salt, 16); + + /* Generate md5 sum of md5data with a leading 0 */ + md5_init(); +- md5_append(, (const md5_byte_t *)md5data, strlen(password) + 17); ++ md5_append(, (const md5_byte_t *)md5data, 1 + act_pass_len + 16); + md5_finish(, (md5_byte_t *)md5sum + 1); + md5sum[0] = 0; + +@@ -279,9 +282,9 @@ + + while (success) { + +- /* If we receive encryptionkey, transmit auth data back */ ++ /* If we receive pass_salt, transmit auth data back */ + if (cpkt.cptype == MT_CPTYPE_ENCRYPTIONKEY) { +-memcpy(encryptionkey, cpkt.data, cpkt.length); ++memcpy(pass_salt, cpkt.data, 16); + send_auth(username, password); + } + diff -Nru mactelnet-0.4.0/debian/patches/series mactelnet-0.4.0/debian/patches/series --- mactelnet-0.4.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ mactelnet-0.4.0/debian/patches/series 2016-09-10 23:49:03.0 +0200 @@ -0,0 +1 @@ +CVE-2016-7115.patch
NEW changes in stable-new
Processing changes file: flashplugin-nonfree_3.6.1+deb8u1_amd64.changes ACCEPT
Processed: tagging 833433
Processing commands for cont...@bugs.debian.org: > tags 833433 + pending Bug #833433 [release.debian.org] jessie-pu: package flashplugin-nonfree/1:3.6.1+deb8u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 833433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833433 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#833433: jessie-pu: package flashplugin-nonfree/1:3.6.1+deb8u1
Control; tags -1 + pending On Sun, 2016-09-11 at 08:04 +, Bart Martens wrote: > On Sat, Sep 10, 2016 at 04:59:29PM +0100, Adam D. Barratt wrote: > > Please go ahead, bearing in mind that the window for 8.6 closes this > > weekend. > > Apology accepted. I uploaded for stable just now. Flagged for acceptance. Regards, Adam
Processed: block 836917 with 822021
Processing commands for cont...@bugs.debian.org: > block 836917 with 822021 Bug #836917 [release.debian.org] transition: openmpi 836917 was blocked by: 835680 831164 817690 811907 830440 837059 837061 837062 837058 837055 825934 812036 811651 837012 837109 837030 836917 was not blocking any bugs. Added blocking bug(s) of 836917: 822021 > thanks Stopping processing here. Please contact me if you need assistance. -- 836917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836917 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#837300: jessie-pu: package mariadb-10.0/10.0.27-0+deb8u1
On Sat, 2016-09-10 at 14:42 +0300, Otto Kekäläinen wrote: > The powerpc build of the security release 10.0.26-0+deb8u1 fails to > build due to an upstream regression (see Bug#832931). This has been > fixed in 10.0.27, but as it is not a security release (at least not > publicly at the moment) I propose it to be uploaded via > stable-updates. Unfortunately 10.0.27 still FTBFS on powerpc, with failures that look the same as those seen for 10.0.26-0+deb8u1. Regards, Adam
Bug#836941: Acknowledgement (nmu: shibboleth-sp2_2.6.0+dfsg1-3)
Shall I file a serious bug against libshibsp7 to keep it out of testing until these binNMUs are scheduled? -- Thanks, Feri
Bug#830997: release.debian.org: Permission to consider dpkg-buildpackage -A bugs as RC
On Sun, 11 Sep 2016, Niels Thykier wrote: > On Mon, 1 Aug 2016 23:23:14 +0200 (CEST) Santiago Vila> wrote: > > Greetings. > > > > I've finally raised to "serious" all the known bugs regarding > > "dpkg-buildpackage -A" that were still open. > > > > Thanks. > > AFAICT, this bug is now resolved - closing accordingly. :) It is resolved in the sense it was agreed to make this RC, but I still expected the release policy to be updated accordingly: https://release.debian.org/stretch/rc_policy.txt before closing this report. [ Not that updating the policy is particularly helpful. In fact, current policy already says "packages must autobuild" and there are still people who downgrade RC bugs about missing build-dependencies to "normal"... ]. Thanks.
Bug#830997: marked as done (release.debian.org: Permission to consider dpkg-buildpackage -A bugs as RC)
Your message dated Sun, 11 Sep 2016 12:32:00 + with message-id <1c189e6d-ff48-a179-8130-25d1290ed...@thykier.net> and subject line Re: Bug#830997: release.debian.org: Permission to consider dpkg-buildpackage -A bugs as RC has caused the Debian Bug report #830997, regarding release.debian.org: Permission to consider dpkg-buildpackage -A bugs as RC to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 830997: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: wishlist Dear Release Managers: Back in November I started to check and report each and every source package for which "dpkg-buildpackage -A" fails. Approximately 293 bugs so far have been filed about this issue: https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=binary-indep;users=sanv...@debian.org Most of them (182) are already fixed and a bunch of the remaining ones have patches available. With this report I'd like to ask for permission to consider this as a release goal for stretch. This way the bugs would be raised to serious and they would be treated like any other FTBFS bug. Making this a release goal would mean that each and every package in stretch (once it's stable) would be suitable to be uploaded in source-only form. I think this feature would be particularly interesting for the security team. If you agree on making this a release goal, I can think of two ways of doing this: 1) The wording in this page could be modified: https://release.debian.org/stretch/rc_policy.txt Currently it says: Packages must autobuild without failure on all architectures on which they are supported. Maybe adding "This requirement includes the traditional architecture-specific autobuilders and also the "Arch: all" autobuilder". or something alike. 2) Or maybe we could just state that "Packages must autobuild" implicitly refers to all available autobuilders, but in such case an official statement from you clarifying how the paragraph should be interpreted would help. In case this release goal is accepted, I'm open for suggestions about how to proceed (for example, if a last warning mail should be sent to the bug reports before raising severities, waiting for a week or two, etc. things like that). Thanks. --- End Message --- --- Begin Message --- On Mon, 1 Aug 2016 23:23:14 +0200 (CEST) Santiago Vilawrote: > Greetings. > > I've finally raised to "serious" all the known bugs regarding > "dpkg-buildpackage -A" that were still open. > > Thanks. > > AFAICT, this bug is now resolved - closing accordingly. :) Thanks, ~Niels--- End Message ---
Bug#837412: transition: liblouis
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, liblouis 3.0.0 bumped ABI and thus soname, there are only two packages that need a rebuild: liblouixml and liblouisutdml, both of which rebuild fine with liblouis 3.0.0. I have already uploaded it to experimental, it builds fine on all archs (I just had to do it by hand on a porterbox for mipsel, because the experimental apt resolver (apt-cudf) on the mipsel buildds seems to be broken and aba didn't answer about it yet, it will not be a problem in sid anyway) Ben file: title = "liblouis"; is_affected = .depends ~ "liblouis10" | .depends ~ "liblouis12"; is_good = .depends ~ "liblouis12"; is_bad = .depends ~ "liblouis10"; Generated from my experimental upload: Affected: .depends ~ /\b(liblouis12|liblouis10)\b/ Good: .depends ~ /\b(liblouis12)\b/ Bad: .depends ~ /\b(liblouis10)\b/ -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.7.0 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#833433: jessie-pu: package flashplugin-nonfree/1:3.6.1+deb8u1
On Sun, 2016-09-11 at 08:04 +, Bart Martens wrote: > Can I do a similar upload for > oldstable? I have at least one user asking for this. The Release Team no longer handle wheezy, that's in the hands of the LTS Team; see https://wiki.debian.org/LTS Regards, Adam
Bug#837388: jessie-pu: package scons-doc/2.3.1-1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, the version 2.3.1-1 contains non free svg files[1]. The attached debdiff replace them with free files from upstream. Many thanks! CU Jörg [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787356 - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX1SBOAAoJEAn4nzyModJdHwYP/jv3cY54s5BHSk3nk5Yrjxiv XcJVTzd2Xe15Sp8Mf56a9ggztVhJbMqEFIlkX8/0I+50yZDcjUaL7liZyjbq3lJB B4l4mt8eQL2a48u8xIPd3GCUqvLw0dJJTEEQgXgiZef+kF32rLciki/CrMXmAEIb 6eJsQkuWrwqEP+FWQXspKcM25VvieHKGBncZ9B315pk7aSaRZM21nhcBN5aYxWaH bn1iRXjDstYhqCJgriyNj9YcaBePALDtNW0BbPPFVjEr8AnyONGDupyf4C2Fi1Bw 8p6bDpLimDD3qVFsWeHTA5b+Gu7yvq0ajekiEZLUkTFTeKIw/LWA4+CH3IAWvA+o sTlDDapbMCoizP853jDfevlLFG6ajRnvo9PJ0zQRFn8DZwwr0SRiBU2udNOlxo7v 6XnSijYQ3lHdYz/B6fscjUSb018wZKJyn7d47srZ/6BjoYqBp6tZfpxbMkZ+TeB3 Y01ZSePI9WZYLk5iRuo+Pw7VaTh3qvV1NpWqiu9vSHem3mFA5y5/nFrkERVFsbmn tJDD0q6nb21CvWUtoK8B6TvvkhGxj07SoMd36LJ7J7+T/B26unPuQIgvkuDp7/Lc Hg6oPbaxJFa3DeWasj7Je3ZQmL1i7TAqk83oTW/d1M4oBGl1AdlndrJzeIs5OWpm xjwIj3m4ec7IitkMI3Al =ZaBr -END PGP SIGNATURE- diff -Nru scons-doc-2.3.1/debian/changelog scons-doc-2.3.1/debian/changelog --- scons-doc-2.3.1/debian/changelog 2014-04-27 12:05:51.0 +0200 +++ scons-doc-2.3.1/debian/changelog 2016-09-11 10:56:22.0 +0200 @@ -1,3 +1,10 @@ +scons-doc (2.3.1-1+deb8u1) stable; urgency=medium + + * New debian/patches/0100_replace_nonfree_svgs.patch (Closes: #787356); ++ Replace nonfree svg files with free from upstream. + + -- Jörg Frings-FürstSun, 11 Sep 2016 10:56:22 +0200 + scons-doc (2.3.1-1) unstable; urgency=medium * New upstream release. diff -Nru scons-doc-2.3.1/debian/patches/0100_replace_nonfree_svgs.patch scons-doc-2.3.1/debian/patches/0100_replace_nonfree_svgs.patch --- scons-doc-2.3.1/debian/patches/0100_replace_nonfree_svgs.patch 1970-01-01 01:00:00.0 +0100 +++ scons-doc-2.3.1/debian/patches/0100_replace_nonfree_svgs.patch 2016-09-11 10:51:28.0 +0200 @@ -0,0 +1,196 @@ +Index: 2.3.1-1deb8u1/doc/design/titlepage/SConsBuildBricks_path.svg +=== +--- 2.3.1-1deb8u1.orig/doc/design/titlepage/SConsBuildBricks_path.svg 2.3.1-1deb8u1/doc/design/titlepage/SConsBuildBricks_path.svg +@@ -14,9 +14,9 @@ +height="80.330002" +id="svg2" +sodipodi:version="0.32" +- inkscape:version="0.48.1 r9760" ++ inkscape:version="0.48.4 r9939" +version="1.0" +- sodipodi:docname="SConsBuildBricks.svg" ++ sodipodi:docname="SConsBuildBricks_path.svg" +inkscape:export-filename="Constructs-using-SCons.png" +inkscape:export-xdpi="100" +inkscape:export-ydpi="100"> +@@ -77,24 +77,22 @@ + + + http://creativecommons.org/licenses/by-nc-sa/2.0/; /> ++ rdf:resource="http://creativecommons.org/licenses/by-sa/3.0/; /> + + http://creativecommons.org/licenses/by-nc-sa/2.5/;> ++ rdf:about="http://creativecommons.org/licenses/by-sa/3.0/;> + http://web.resource.org/cc/Reproduction; /> ++ rdf:resource="http://creativecommons.org/ns#Reproduction; /> + http://web.resource.org/cc/Distribution; /> ++ rdf:resource="http://creativecommons.org/ns#Distribution; /> + http://web.resource.org/cc/Notice; /> ++ rdf:resource="http://creativecommons.org/ns#Notice; /> + http://web.resource.org/cc/Attribution; /> +-http://web.resource.org/cc/CommercialUse; /> ++ rdf:resource="http://creativecommons.org/ns#Attribution; /> + http://web.resource.org/cc/DerivativeWorks; /> ++ rdf:resource="http://creativecommons.org/ns#DerivativeWorks; /> + http://web.resource.org/cc/ShareAlike; /> ++ rdf:resource="http://creativecommons.org/ns#ShareAlike; /> + + + +Index: 2.3.1-1deb8u1/doc/man/titlepage/SConsBuildBricks_path.svg +=== +--- 2.3.1-1deb8u1.orig/doc/man/titlepage/SConsBuildBricks_path.svg 2.3.1-1deb8u1/doc/man/titlepage/SConsBuildBricks_path.svg +@@ -14,9 +14,9 @@ +height="80.330002" +id="svg2" +sodipodi:version="0.32" +- inkscape:version="0.48.1 r9760" ++ inkscape:version="0.48.4 r9939" +version="1.0" +- sodipodi:docname="SConsBuildBricks.svg" ++ sodipodi:docname="SConsBuildBricks_path.svg" +inkscape:export-filename="Constructs-using-SCons.png" +inkscape:export-xdpi="100" +inkscape:export-ydpi="100"> +@@ -77,24 +77,22 @@ + + +
Bug#833433: jessie-pu: package flashplugin-nonfree/1:3.6.1+deb8u1
On Sat, Sep 10, 2016 at 04:59:29PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2016-08-06 at 05:20 +, Bart Martens wrote: > > Control: tag -1 - moreinfo > > > > On Fri, Aug 05, 2016 at 11:02:40PM +0200, Julien Cristau wrote: > > > Control: tag -1 moreinfo > > > > > > The current code is not a guarantee for the future. The function is > > > named "human_time". That makes it IMO wrong to use in a script. It's > > > also not stable across timezones. > > > > Using %Y now, see attached debdiff. Permission to upload? > > Sorry for the delay. > > Please go ahead, bearing in mind that the window for 8.6 closes this > weekend. Apology accepted. I uploaded for stable just now. Can I do a similar upload for oldstable? I have at least one user asking for this. Regards, Bart Martens