Bug#868429: nmu: gstreamer-vaapi_1.12.3-1
Followup-For: Bug #868429 all that gstreamer-vaapi needs is a binNMU: nmu gstreamer-vaapi_1.12.3-1 . ANY . unstable . -m 'Rebuild against gst-plugins-bad1.0 1.12.3' Andreas
Processed: reassign 868429 to release.debian.org, severity of 868429 is normal ..., usertagging 868429
Processing commands for cont...@bugs.debian.org: > reassign 868429 release.debian.org Bug #868429 [gstreamer1.0-vaapi] gstreamer1.0-vaapi 1.12.3-1 is uninstallable on sid Bug reassigned from package 'gstreamer1.0-vaapi' to 'release.debian.org'. No longer marked as found in versions gstreamer-vaapi/1.12.3-1 and gstreamer-vaapi/1.12.2-1. Ignoring request to alter fixed versions of bug #868429 to the same values previously set > severity 868429 normal Bug #868429 [release.debian.org] gstreamer1.0-vaapi 1.12.3-1 is uninstallable on sid Severity set to 'normal' from 'serious' > retitle 868429 nmu: gstreamer-vaapi_1.12.3-1 Bug #868429 [release.debian.org] gstreamer1.0-vaapi 1.12.3-1 is uninstallable on sid Changed Bug title to 'nmu: gstreamer-vaapi_1.12.3-1' from 'gstreamer1.0-vaapi 1.12.3-1 is uninstallable on sid'. > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was a...@debian.org). > usertags 868429 binnmu There were no usertags set. Usertags are now: binnmu. > thanks Stopping processing here. Please contact me if you need assistance. -- 868429: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868429 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: debian-edu-doc_1.921~20170603+deb9u2_all.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20170615+deb9u2_amd64.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_armel.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_armhf.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_i386.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20170615+deb9u2_arm64.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_mips.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_mips64el.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_mipsel.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_ppc64el.changes ACCEPT Processing changes file: debian-installer_20170615+deb9u2_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: vim_8.0.0197-4+deb9u1_mipsel.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20170615+deb9u2_source.changes ACCEPT
Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2
On Sun, 2017-10-01 at 16:48 +, Holger Levsen wrote: > On Sun, Oct 01, 2017 at 05:39:30PM +0100, Adam D. Barratt wrote: > > The package has been accepted into proposed-updates by dak. > > > > Nope. It had been accepted into stable-new by dak. The acceptance > > into > > p-u only comes when requested by the Release Team; now done. > > hmpf. I think I've been fooled by this before, the subject says so, > but then the body basically reverts what the subject said: > > -quote mutt view- > Subject: debian-edu-doc_1.921~20170603+deb9u2_source.changes ACCEPTED > into proposed-updates->stable-new > The key thing is the "->stable-new". Once it's actually in p-u it's "proposed-updates->stable-new, proposed-updates". Regards, Adam
NEW changes in stable-new
Processing changes file: vim_8.0.0197-4+deb9u1_mips64el.changes ACCEPT
Re: how do you want your britney commits (unfinished)
Hi Niels, On 01-10-17 08:36, Niels Thykier wrote: >> Do you already have an idea in mind how this could/should be >> accomplished? While going through britney, I see several (most, if not >> all, of them hacky) ways this can be done. >> > > At the moment, no, I do not have a brilliant idea. Good to know. This eases my mind a bit. > Short term/for testing purposes, I would just add a comment in the > excuses and then leave the aging as it is. If I read you correctly, I think I would be nearly so far now that we could start doing this once debci is enhanced to listen to britney and provide feedback (hi Antonio). We could use the temporary failures instead of the currently used hard failures or the to be implemented method. Have you already looked at the current state? If so, are there already comments you like to share? Paul signature.asc Description: OpenPGP digital signature
NEW changes in stable-new
Processing changes file: debian-edu-doc_1.921~20170603+deb9u2_source.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_all.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_amd64.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_arm64.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_armel.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_armhf.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_i386.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_mips.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_ppc64el.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_s390x.changes ACCEPT
Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2
On Sun, Oct 01, 2017 at 05:39:30PM +0100, Adam D. Barratt wrote: > In this instance, as it's arch:all-only and already uploaded, I've > decided to accept it in any case. This should not be interpreted as > setting a precedent and should definitely not be relied upon in future. Thanks! > > The package has been accepted into proposed-updates by dak. > Nope. It had been accepted into stable-new by dak. The acceptance into > p-u only comes when requested by the Release Team; now done. hmpf. I think I've been fooled by this before, the subject says so, but then the body basically reverts what the subject said: -quote mutt view- Subject: debian-edu-doc_1.921~20170603+deb9u2_source.changes ACCEPTED into proposed-updates->stable-new Mapping stretch to stable. Mapping stable to proposed-updates. Accepted: $changes file -end quote- I'll try to remember this for the future! -- cheers, Holger signature.asc Description: PGP signature
Processed: Re: Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2
Processing control commands: > tags -1 + pending Bug #877415 [release.debian.org] stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2 Added tag(s) pending. -- 877415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877415 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2
Control: tags -1 + pending On Sun, 2017-10-01 at 17:12 +0200, Holger Levsen wrote: > please accept debian-edu-doc/1.921~20170603+deb9u2 into 9.2, it's an > documenatation only update with this changelog: > As mentioned on IRC, this is technically late for 9.2. In this instance, as it's arch:all-only and already uploaded, I've decided to accept it in any case. This should not be interpreted as setting a precedent and should definitely not be relied upon in future. Please don't leave things to the last minute. > The package has been accepted into proposed-updates by dak. Nope. It had been accepted into stable-new by dak. The acceptance into p-u only comes when requested by the Release Team; now done. Regards, Adam
Bug#877420: stretch-pu: xml2/0.4-3.1+deb9u1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Tags: stretch Hello, I am dealing with the package "xml2" to fix its RC bugs. A previous QA upload into Unstable was uploaded and migrated into Testing. Now I want to do some stable uploads and fix this bug inside Stretch. For previous QA upload, see https://bugs.debian.org/876286 . All fixes are taken from upstream's release tarball of next version. Debdiff attached: diff -u xml2-0.4/debian/control xml2-0.4/debian/control --- xml2-0.4/debian/control +++ xml2-0.4/debian/control @@ -1,7 +1,7 @@ Source: xml2 Section: utils Priority: optional -Maintainer: Patrick Schoenfeld+Maintainer: Debian QA Group Homepage: http://ofb.net/~egnor/xml2/ Vcs-Git: git://git.debian.org/git/collab-maint/xml2.git Vcs-Browser: http://git.debian.org/?p=collab-maint/xml2.git diff -u xml2-0.4/debian/changelog xml2-0.4/debian/changelog --- xml2-0.4/debian/changelog +++ xml2-0.4/debian/changelog @@ -1,3 +1,14 @@ +xml2 (0.4-3.1+deb9u1) stretch; urgency=medium + + * QA upload. + * Set maintainer to Debian QA Group. + * Backport patch to fix corruption when dealing with UTF-8 files. +(Closes: #506805; Closes: #698072) + * Backport patch to fix usage string for 2csv tool. +(Closes: #506788) + + -- Boyuan Yang <073p...@gmail.com> Sun, 01 Oct 2017 23:30:42 +0800 + xml2 (0.4-3.1) unstable; urgency=low * Non-maintainer upload. diff -u xml2-0.4/debian/patches/series xml2-0.4/debian/patches/series --- xml2-0.4/debian/patches/series +++ xml2-0.4/debian/patches/series @@ -2,0 +3,2 @@ +0003-Fix-corrupted-handling-with-UTF-8-text.patch +0004-Fix-help-msg-of-2csv-tool.patch only in patch2: unchanged: --- xml2-0.4.orig/debian/patches/0003-Fix-corrupted-handling-with-UTF-8- text.patch +++ xml2-0.4/debian/patches/0003-Fix-corrupted-handling-with-UTF-8-text.patch @@ -0,0 +1,22 @@ +From: Vincent Lefevre +Date: Sun, 1 Oct 2017 23:27:14 +0800 +Subject: Fix corrupted handling with UTF-8 text + +--- + xml2.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/xml2.c b/xml2.c +index fc94d69..d786021 100644 +--- a/xml2.c b/xml2.c +@@ -247,8 +247,7 @@ int main(int argc,char *argv[]) + init(); + + if (1 == argc && !strcmp(name,"html2")) { +- ctxt = htmlCreatePushParserCtxt(,NULL,NULL,0,"stdin", +- XML_CHAR_ENCODING_8859_1); ++ ctxt = htmlCreatePushParserCtxt(,NULL,NULL,0,"stdin",0); + parseChunk = htmlParseChunk; + freeCtxt = htmlFreeParserCtxt; + do_compress_whitespace = 1; only in patch2: unchanged: --- xml2-0.4.orig/debian/patches/0004-Fix-help-msg-of-2csv-tool.patch +++ xml2-0.4/debian/patches/0004-Fix-help-msg-of-2csv-tool.patch @@ -0,0 +1,22 @@ +From: Boyuan Yang <073p...@gmail.com> +Date: Sun, 1 Oct 2017 23:30:13 +0800 +Subject: Fix help msg of 2csv tool + +--- + 2csv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/2csv.c b/2csv.c +index 7370e8c..c672b56 100644 +--- a/2csv.c b/2csv.c +@@ -4,7 +4,8 @@ + #include + + void usage(void) { +- fputs("usage: 2csv record field [field ...] < in > csv\n",stderr); ++ fputs("usage: 2csv [-q quote] [-d comma] " ++ "record field [field ...] < in > csv\n",stderr); + exit(2); + } + signature.asc Description: This is a digitally signed message part.
Processed (with 1 error): your mail
Processing commands for cont...@bugs.debian.org: > retitle 877168 transition: ldc Bug #877168 [release.debian.org] nmu: gtk-d_3.6.5-2 Changed Bug title to 'transition: ldc' from 'nmu: gtk-d_3.6.5-2'. > tags 877168 transition Unknown tag/s: transition. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n newcomer a11y etch etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie jessie-ignore stretch stretch-ignore buster buster-ignore bullseye bullseye-ignore. > End of message, stopping processing here. Please contact me if you need assistance. -- 877168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877168 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu x-debbugs-cc: debian-...@lists.debian.org Hi, please accept debian-edu-doc/1.921~20170603+deb9u2 into 9.2, it's an documenatation only update with this changelog: debian-edu-doc (1.921~20170603+deb9u2) stretch; urgency=medium * Merge stretch related documentation and translation updates from the debian-edu-doc package in sid: * Update Debian Edu Stretch manual from the wiki. [ Wolfgang Schweer ] * Replace existing boot menu screenshots with recent ones from the wiki. * documentation/debian-edu-stretch: Add Debian_Edu_Network_Stretch.odg as source for the related (en|fr|de) PNG files. [ Stretch Manual translation updates ] * Simplified Chinese: Ma Yong. * Italian: Claudio Carboncini. * German: Wolfgang Schweer. * Japanese: Victory, also provided screenshots in Japanese. * Norwegian Bokmål: Petter Reinholdtsen. * Dutch: Frans Spiesschaert. -- Holger LevsenSun, 01 Oct 2017 16:29:13 +0200 $ LANG=C debdiff debian-edu-doc_1.921~20170603+deb9u1.dsc debian-edu-doc_1.921~20170603+deb9u2.dsc|diffstat /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01-Installer_64bit_boot_menu.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01a-Installer_64bit_advanced_options.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01b-Installer_32bit_boot_menu.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/02-select_a_language.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/03-select_your_location.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/04-Configure_the_keyboard.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/05-Detect_and_mount_CD-ROM.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/06-Load_installer_components_from_CD.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/07-Detect_network_hardware.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/08-Choose_Debian_Edu_profile.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/09-Really_use_the_automatic_partitioning_tool.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/10-Really_use_the_automatic_partitioning_tool-Yes.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/11-Participate_in_the_package_usage_survey.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12-Set_up_users_and_passwords.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12a-Set_up_users_and_passwords.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12b-Set_up_users_and_passwords.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12c-Set_up_users_and_passwords.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12d-Setting-up-the-partitioner.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/13-Install+the+base+system.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/14-Select_and_install_software.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/Debian_Edu_Network_Stretch.png |binary /tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/source/Debian_Edu_Network_Stretch.odg |binary debian-edu-doc-1.921~20170603+deb9u2/debian/changelog | 21 debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/debian-edu-stretch-manual.da.po
Bug#876706: stretch-pu: package liblouis/3.0.0-3
Hello, Adam D. Barratt, on jeu. 28 sept. 2017 06:46:42 +0100, wrote: > On Mon, 2017-09-25 at 01:31 +0200, Samuel Thibault wrote: > > Several CVEs have been reported against liblouis in Bug#874302. The > > upstream fixes have been tested for 6 days in Debian unstable then 5 > > days in Debian testing. > > It might be nice to have slightly more descriptive changelog entries. Right, I'm not used to such CVE-related uploads, I added in the changelog the kind of security issue of the CVEs: buffer overflows and use-after-free. > In any case, please feel free to upload. I have done so now. Thanks, Samuel
Bug#877168: [Pkg-d-devel] Bug#877168: nmu: gtk-d_3.6.5-2
2017-10-01 14:06 GMT+02:00 Michael Biebl: > Hi Matthias, > > I see that you made a sourceful upload of gtk-d, so I thought that this > binNMU request is now moot. > Unfortunately, tilix still doesn't want to start: > > The error is a different one now though: > $ tilix > tilix: symbol lookup error: tilix: undefined symbol: > _D3gio9DBusProxy9DBusProxy9__mixin3622getAsyncInitableStructMFbZPS4gtkc8giotypes14GAsyncInitable Hmm, weird, it looks like GtkD broke ABI then - so now we need to rebuild Tilix again as well. I think the only long-term solution here, while GtkD and D don't have an ABI stability promise, is to bump the soname of GtkD libraries constantly. Looks like others are also having fun with this: https://github.com/gnunn1/tilix/issues/1064 I will make a new Tilix upload, solving this issue, and starting with the next GtkD release, I'll just bump the SOVERSION every time (maybe I can also get upstream to do that). Cheers, Matthias -- I welcome VSRE emails. See http://vsre.info/
Bug#877195: the patches
On Friday, 29 September 2017 4:39:15 PM AEDT Adam D. Barratt wrote: > On Sat, 2017-09-30 at 01:08 +1000, Russell Coker wrote: > > I've attached the patches. These all come from the package currently > > in > > Testing. > > Thanks, but we don't review individual patches (at least, we don't > ack/nack uploads based on looking at individual patches). https://www.debian.org/doc/manuals/developers-reference/pkgs.html Section 5.5.1 of the above seemed to indicate that I should do it that way. Did I misunderstand it or does the documentation need improving? > If you'd like an ack for an upload to stable, we'd need to see a full > source debdiff for a package that's been built and tested on stable. I've attached such a debdiff. NB It has one thing that is not required (but is still handy) that is a build-conflicts against too-new versions of the SE Linux tools. This prevents anyone from accidentally building it on Testing or Unstable (which will be unusable). Obviously the package will work OK without such a build-conflict, unless you build it with the wrong packages installed. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ diff -Nru refpolicy-2.20161023.1/debian/changelog refpolicy-2.20161023.1/debian/changelog --- refpolicy-2.20161023.1/debian/changelog 2017-01-26 00:52:00.0 +1100 +++ refpolicy-2.20161023.1/debian/changelog 2017-09-13 23:47:21.0 +1000 @@ -1,3 +1,28 @@ +refpolicy (2:2.20161023.1-10) unstable; urgency=medium + + * Add patch for typebounds. This patch was rejected upstream, to quote +Chris PeBenito: +NAK. This has already been fixed with the upcoming nnp_transition +nosuid_transition permissions in refpolicy. I'm afraid distros will +have to carry policy patches until they can roll out kernels that +support these permissions. +https://marc.info/?l=selinux=150151037511601=2 +Closes: #874201 + * Make it build-depend on the Stretch versions of tools. +Closes: #875546 + * Allow systemd-tmpfiles to delete /var/lib/sudo files. +Closes: #875668 + * Allow brctl to create files in sysfs and correctly label +/usr/lib/bridge-utils/.*\.sh +Closes: #875669 + * Give bootloader_t all the access it needs to create initramfs images in +different situations and communicate with dpkg_t. +Closes: #875676 + * Allow dnsmasq_t to read it's config dir +Closes: #875681 + + -- Russell CokerWed, 13 Sep 2017 23:47:21 +1000 + refpolicy (2:2.20161023.1-9) unstable; urgency=medium * Dontaudit dkim_milter_t binding to labeled udp ports diff -Nru refpolicy-2.20161023.1/debian/control refpolicy-2.20161023.1/debian/control --- refpolicy-2.20161023.1/debian/control 2017-01-04 00:10:28.0 +1100 +++ refpolicy-2.20161023.1/debian/control 2017-09-12 15:29:26.0 +1000 @@ -9,12 +9,12 @@ Standards-Version: 3.9.8 Build-Depends: debhelper (>= 9) Build-Depends-Indep: bzip2, - checkpolicy (>= 2.5), + checkpolicy (>= 2.5), checkpolicy (<< 2.7~rc2-1), gawk, - libsepol1 (>= 2.5), + libsepol1 (>= 2.5), libsepol1 (<<2.7~rc2-1), m4, - policycoreutils (>= 2.5), - policycoreutils-python-utils (>= 2.5), + policycoreutils (>= 2.5), policycoreutils (<<2.7~rc2-1), + policycoreutils-python-utils (>= 2.5), policycoreutils-python-utils (<<2.7~rc2-1), python, # Needed for the --sort=name option, can probably be removed when this version # hits stable. diff -Nru refpolicy-2.20161023.1/debian/patches/0200-stretch-updates refpolicy-2.20161023.1/debian/patches/0200-stretch-updates --- refpolicy-2.20161023.1/debian/patches/0200-stretch-updates 1970-01-01 10:00:00.0 +1000 +++ refpolicy-2.20161023.1/debian/patches/0200-stretch-updates 2017-09-13 22:41:33.0 +1000 @@ -0,0 +1,243 @@ +Index: refpolicy-2.20161023.1/policy/modules/contrib/pulseaudio.te +=== +--- refpolicy-2.20161023.1.orig/policy/modules/contrib/pulseaudio.te refpolicy-2.20161023.1/policy/modules/contrib/pulseaudio.te +@@ -212,6 +212,12 @@ optional_policy(` + ') + + optional_policy(` ++ # when pulseaudio is run from a user session on systems it uses files ++ # under /run/systemd/users ++ systemd_read_logind_pids(pulseaudio_t) ++') ++ ++optional_policy(` + udev_read_pid_files(pulseaudio_t) + udev_read_state(pulseaudio_t) + udev_read_db(pulseaudio_t) +Index: refpolicy-2.20161023.1/policy/modules/system/userdomain.if +=== +--- refpolicy-2.20161023.1.orig/policy/modules/system/userdomain.if refpolicy-2.20161023.1/policy/modules/system/userdomain.if +@@ -66,7 +66,9 @@ template(`userdom_base_user_template',` + # avoid annoying messages on
Bug#877403: stretch-pu: package dbus/1.10.24-0+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu I've made another upstream stable release of dbus, and as usual I'd like to update stretch via stretch-p-u, to minimize weirdness and diffstat if I have to do a security release later. There is nothing particularly vital here, and I can revert or fix anything that the SRMs are not happy with. If you want to say "yes but only after 9.2", that would also be fine. This upstream release is in testing already (versioned as 1.11.16+really1.10.24-1 due to an unfortunate dch -r accident). This will probably be the last 1.10.x release in testing/unstable, since I'm planning to move to the 1.11.x branch in preparation for starting a 1.12.0 stable branch upstream. The attached debdiff excludes ./configure, which gets regenerated during the build. (I still need to smoke-test this on a real stretch system, which I'll do before upload; it passes autopkgtests though.) Thanks, smcv debdiff dbus_1.10.{22,24}-0+deb9u1.dsc | filterdiff --exclude='*/configure' diffstat for dbus-1.10.22 dbus-1.10.24 NEWS | 26 ++ aclocal.m4|2 bus/activation.c | 10 +- bus/config-loader-expat.c | 14 +++ bus/connection.c | 13 +-- bus/connection.h |2 bus/dispatch.c| 56 ++--- bus/driver.c |4 bus/signals.c | 15 ++- config.h.in |3 configure | 48 +++ configure.ac | 12 ++ dbus/dbus-sysdeps-unix.c | 11 +- debian/changelog | 21 test/monitor.c| 197 +++--- tools/dbus-send.c |2 16 files changed, 363 insertions(+), 73 deletions(-) diff -Nru dbus-1.10.22/aclocal.m4 dbus-1.10.24/aclocal.m4 --- dbus-1.10.22/aclocal.m4 2017-07-27 14:03:36.0 +0100 +++ dbus-1.10.24/aclocal.m4 2017-09-25 21:03:14.0 +0100 @@ -883,7 +883,7 @@ dnl supported. (2.0 was released on October 16, 2000). dnl FIXME: Remove the need to hard-code Python versions here. m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python python2 python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl +[python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) diff -Nru dbus-1.10.22/bus/activation.c dbus-1.10.24/bus/activation.c --- dbus-1.10.22/bus/activation.c 2017-02-16 13:46:23.0 + +++ dbus-1.10.24/bus/activation.c 2017-09-25 14:54:34.0 +0100 @@ -1967,6 +1967,7 @@ DBusString service_string; BusService *service; BusRegistry *registry; + DBusConnection *systemd = NULL; /* OK, we have a systemd service configured for this entry, hence let's enqueue an activation request message. This @@ -2015,11 +2016,14 @@ _dbus_string_init_const (_string, "org.freedesktop.systemd1"); service = bus_registry_lookup (registry, _string); + if (service) +systemd = bus_service_get_primary_owners_connection (service); + /* Following the general principle of "log early and often", * we capture that we *want* to send the activation message, even if * systemd is not actually there to receive it yet */ if (!bus_transaction_capture (activation_transaction, -NULL, message)) +NULL, systemd, message)) { dbus_message_unref (message); BUS_SET_OOM (error); @@ -2033,8 +2037,8 @@ service_name, entry->systemd_service); /* Wonderful, systemd is connected, let's just send the msg */ - retval = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), - message, error); + retval = bus_dispatch_matches (activation_transaction, NULL, + systemd, message, error); } else { diff -Nru dbus-1.10.22/bus/config-loader-expat.c dbus-1.10.24/bus/config-loader-expat.c --- dbus-1.10.22/bus/config-loader-expat.c 2017-07-27 12:57:16.0 +0100 +++ dbus-1.10.24/bus/config-loader-expat.c 2017-07-28 11:15:46.0 +0100 @@ -203,6 +203,20 @@ goto failed; } + /* We do not need protection against hash collisions (CVE-2012-0876) + * because we are only parsing trusted XML; and if we let Expat block + * waiting for the CSPRNG to be initialized, as it does by default to + * defeat CVE-2012-0876, it can cause timeouts during early
Bug#877366: stretch-pu: package abiword/3.0.2-2+deb9u1
abiword 3.0.2-4 built on all architectures. It would be in testing in 2 days except that mesa is holding things up. (By the way, I think the mesa RC bugs are steam bugs, not mesa bugs.) Thanks, Jeremy Bicha
NEW changes in stable-new
Processing changes file: libidn2-0_0.16-1+deb9u1_amd64.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_arm64.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_armel.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_armhf.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_i386.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_mips.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_mips64el.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_mipsel.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_ppc64el.changes ACCEPT Processing changes file: libidn2-0_0.16-1+deb9u1_s390x.changes ACCEPT Processing changes file: vim_8.0.0197-4+deb9u1_source.changes ACCEPT
Bug#877168: [Pkg-d-devel] Bug#877168: nmu: gtk-d_3.6.5-2
Hi Matthias, I see that you made a sourceful upload of gtk-d, so I thought that this binNMU request is now moot. Unfortunately, tilix still doesn't want to start: The error is a different one now though: $ tilix tilix: symbol lookup error: tilix: undefined symbol: _D3gio9DBusProxy9DBusProxy9__mixin3622getAsyncInitableStructMFbZPS4gtkc8giotypes14GAsyncInitable -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1
Processing control commands: > tags -1 + pending Bug #877348 [release.debian.org] stretch-pu: package vim/8.0.0197-4+deb9u1 Added tag(s) pending. -- 877348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877348 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1
Control: tags -1 + pending On Sat, 2017-09-30 at 20:15 -0400, James McCoy wrote: > On Sat, Sep 30, 2017 at 09:42:14PM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sat, 2017-09-30 at 14:48 -0400, James McCoy wrote: > > > * Backport upstream patches to fix CVE-2017-11109 (Closes: > > > #867720) > > > + 8.0.0703: Illegal memory access with empty :doau command > > > + 8.0.0706: Crash when cancelling the cmdline window in Ex mode > > > + 8.0.0707: Freeing wrong memory when manipulating buffers in > > > autocommands > > > > > > > Please go ahead, bearing in mind that the window for 9.2 closes > > during > > this weekend. > > Thanks! Uploaded. > Thanks, flagged for acceptance. Regards, Adam
Re: how do you want your britney commits (unfinished)
Paul Gevers: > Hi Niels, > Hi, > On 12-09-17 22:15, Niels Thykier wrote: >> Paul Gevers: >>> - adjust britney2 to not block on autopkgtest failure but instead adjust >>> the required age depending on the results (lower for pass, raise for >>> regression) > > Do you already have an idea in mind how this could/should be > accomplished? While going through britney, I see several (most, if not > all, of them hacky) ways this can be done. > At the moment, no, I do not have a brilliant idea. Short term/for testing purposes, I would just add a comment in the excuses and then leave the aging as it is. > One idea of mine is to create an internal urgency that the age policy > can take to adjust the age. If that is the case, I guess I have to make > sure the order of policies is correct. Minor point, but was it your > intent to change to know urgency ages? Or e.g. age to 20 days, which is > no urgency age, when regressions pop up? > > Paul > I think we would prefer modifying the age-requirement over urgency fiddling. Among other because changing the urgency is "exclusive" so we cannot have multiple policies altering the aging in that case. But I do not really have a good way of doing it atm. (either way) Thanks, ~Niels
Bug#877374: stretch-pu: shadow 1:4.4-4.1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have prepared an update for the shadow package which may be released as a stable update: Changes: shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium . * Revert adding pts/0 and pts/1 to securetty. Adding pts/* defeats the purpose of securetty. Let containers add it if needed as described in #830255. * Fix buffer overflow if NULL line is present in db (CVE-2017-12424) (Closes: #756630) The Security Team suggested fixing those minor security-related issues via proposed-updates rather than via stretch-security. Thanks, Balint diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog --- shadow-4.4/debian/changelog 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/changelog 2017-09-30 03:30:30.0 +0200 @@ -1,3 +1,13 @@ +shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium + + * Revert adding pts/0 and pts/1 to securetty. +Adding pts/* defeats the purpose of securetty. Let containers add it if +needed as described in #830255. + * Fix buffer overflow if NULL line is present in db (CVE-2017-12424) +(Closes: #756630) + + -- Balint ReczeyFri, 29 Sep 2017 21:30:30 -0400 + shadow (1:4.4-4.1) unstable; urgency=high * Non-maintainer upload. diff -Nru shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch --- shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 1970-01-01 01:00:00.0 +0100 +++ shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 2017-09-30 03:30:30.0 +0200 @@ -0,0 +1,42 @@ +From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 31 Mar 2017 16:25:06 +0200 +Subject: [PATCH] Fix buffer overflow if NULL line is present in db. + +If ptr->line == NULL for an entry, the first cycle will exit, +but the second one will happily write past entries buffer. +We actually do not want to exit the first cycle prematurely +on ptr->line == NULL. +Signed-off-by: Tomas Mraz +--- + lib/commonio.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index b10da06a..31edbaaf 100644 +--- a/lib/commonio.c b/lib/commonio.c +@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) + for (ptr = db->head; + (NULL != ptr) + #if KEEP_NIS_AT_END +- && (NULL != ptr->line) +- && ( ('+' != ptr->line[0]) +- && ('-' != ptr->line[0])) ++ && ((NULL == ptr->line) ++ || (('+' != ptr->line[0]) ++ && ('-' != ptr->line[0]))) + #endif + ; + ptr = ptr->next) { + n++; + } + #if KEEP_NIS_AT_END +- if ((NULL != ptr) && (NULL != ptr->line)) { ++ if (NULL != ptr) { + nis = ptr; + } + #endif +-- +2.11.0 + diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series --- shadow-4.4/debian/patches/series 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/patches/series 2017-09-30 03:30:30.0 +0200 @@ -6,6 +6,7 @@ 0006-French-manpage-translation.patch 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch 0008-su-properly-clear-child-PID.patch +0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch 301-Reset-pid_child-only-if-waitpid-was-successful.patch # These patches are only for the testsuite: diff -Nru shadow-4.4/debian/securetty.linux shadow-4.4/debian/securetty.linux --- shadow-4.4/debian/securetty.linux 2017-05-17 13:59:59.0 +0200 +++ shadow-4.4/debian/securetty.linux 2017-09-30 03:30:30.0 +0200 @@ -164,11 +164,6 @@ ttyM1 #... -# Unix98 PTY slaves -pts/0 -pts/1 -#... - # Technology Concepts serial card ttyT0 ttyT1