Bug#868429: nmu: gstreamer-vaapi_1.12.3-1

[Andreas Beckmann]

Followup-For: Bug #868429

all that gstreamer-vaapi needs is a binNMU:

nmu gstreamer-vaapi_1.12.3-1 . ANY . unstable . -m 'Rebuild against 
gst-plugins-bad1.0 1.12.3'

Andreas

Processed: reassign 868429 to release.debian.org, severity of 868429 is normal ..., usertagging 868429

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 868429 release.debian.org
Bug #868429 [gstreamer1.0-vaapi] gstreamer1.0-vaapi 1.12.3-1 is uninstallable 
on sid
Bug reassigned from package 'gstreamer1.0-vaapi' to 'release.debian.org'.
No longer marked as found in versions gstreamer-vaapi/1.12.3-1 and 
gstreamer-vaapi/1.12.2-1.
Ignoring request to alter fixed versions of bug #868429 to the same values 
previously set
> severity 868429 normal
Bug #868429 [release.debian.org] gstreamer1.0-vaapi 1.12.3-1 is uninstallable 
on sid
Severity set to 'normal' from 'serious'
> retitle 868429 nmu: gstreamer-vaapi_1.12.3-1
Bug #868429 [release.debian.org] gstreamer1.0-vaapi 1.12.3-1 is uninstallable 
on sid
Changed Bug title to 'nmu: gstreamer-vaapi_1.12.3-1' from 'gstreamer1.0-vaapi 
1.12.3-1 is uninstallable on sid'.
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was a...@debian.org).
> usertags 868429 binnmu
There were no usertags set.
Usertags are now: binnmu.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868429: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868429
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-edu-doc_1.921~20170603+deb9u2_all.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20170615+deb9u2_amd64.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_armel.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_armhf.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_i386.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20170615+deb9u2_arm64.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_mips.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_mips64el.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_mipsel.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_ppc64el.changes
  ACCEPT
Processing changes file: debian-installer_20170615+deb9u2_s390x.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: vim_8.0.0197-4+deb9u1_mipsel.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20170615+deb9u2_source.changes
  ACCEPT

Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2

[Adam D. Barratt]

On Sun, 2017-10-01 at 16:48 +, Holger Levsen wrote:
> On Sun, Oct 01, 2017 at 05:39:30PM +0100, Adam D. Barratt wrote:
> > The package has been accepted into proposed-updates by dak.
> > 
> > Nope. It had been accepted into stable-new by dak. The acceptance
> > into
> > p-u only comes when requested by the Release Team; now done.
> 
> hmpf. I think I've been fooled by this before, the subject says so,
> but then the body basically reverts what the subject said:
> 
> -quote mutt view-
> Subject: debian-edu-doc_1.921~20170603+deb9u2_source.changes ACCEPTED
> into proposed-updates->stable-new
> 

The key thing is the "->stable-new". Once it's actually in p-u it's
"proposed-updates->stable-new, proposed-updates".

Regards,

Adam

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: vim_8.0.0197-4+deb9u1_mips64el.changes
  ACCEPT

Re: how do you want your britney commits (unfinished)

[Paul Gevers]

Hi Niels,

On 01-10-17 08:36, Niels Thykier wrote:
>> Do you already have an idea in mind how this could/should be
>> accomplished? While going through britney, I see several (most, if not
>> all, of them hacky) ways this can be done.
>>
> 
> At the moment, no, I do not have a brilliant idea.

Good to know. This eases my mind a bit.

> Short term/for testing purposes, I would just add a comment in the
> excuses and then leave the aging as it is.

If I read you correctly, I think I would be nearly so far now that we
could start doing this once debci is enhanced to listen to britney and
provide feedback (hi Antonio). We could use the temporary failures
instead of the currently used hard failures or the to be implemented method.

Have you already looked at the current state? If so, are there already
comments you like to share?

Paul



signature.asc
Description: OpenPGP digital signature

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-edu-doc_1.921~20170603+deb9u2_source.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_all.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_amd64.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_arm64.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_armel.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_armhf.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_i386.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_mips.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_s390x.changes
  ACCEPT

Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2

[Holger Levsen]

On Sun, Oct 01, 2017 at 05:39:30PM +0100, Adam D. Barratt wrote:
> In this instance, as it's arch:all-only and already uploaded, I've
> decided to accept it in any case. This should not be interpreted as
> setting a precedent and should definitely not be relied upon in future.

Thanks!

> > The package has been accepted into proposed-updates by dak.
> Nope. It had been accepted into stable-new by dak. The acceptance into
> p-u only comes when requested by the Release Team; now done.

hmpf. I think I've been fooled by this before, the subject says so,
but then the body basically reverts what the subject said:

-quote mutt view-
Subject: debian-edu-doc_1.921~20170603+deb9u2_source.changes ACCEPTED into 
proposed-updates->stable-new

Mapping stretch to stable.
Mapping stable to proposed-updates.

Accepted:

$changes file
-end quote-

I'll try to remember this for the future!


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Processed: Re: Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #877415 [release.debian.org] stretch-pu: package 
debian-edu-doc/1.921~20170603+deb9u2
Added tag(s) pending.

-- 
877415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2

[Adam D. Barratt]

Control: tags -1 + pending

On Sun, 2017-10-01 at 17:12 +0200, Holger Levsen wrote:
> please accept debian-edu-doc/1.921~20170603+deb9u2 into 9.2, it's an
> documenatation only update with this changelog:
> 

As mentioned on IRC, this is technically late for 9.2.

In this instance, as it's arch:all-only and already uploaded, I've
decided to accept it in any case. This should not be interpreted as
setting a precedent and should definitely not be relied upon in future.
Please don't leave things to the last minute.

> The package has been accepted into proposed-updates by dak.

Nope. It had been accepted into stable-new by dak. The acceptance into
p-u only comes when requested by the Release Team; now done.

Regards,

Adam

Bug#877420: stretch-pu: xml2/0.4-3.1+deb9u1

[Boyuan Yang]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
Tags: stretch

Hello,

I am dealing with the package "xml2" to fix its RC bugs. A previous QA upload 
into Unstable was uploaded and migrated into Testing. Now I want to do some 
stable uploads and fix this bug inside Stretch.

For previous QA upload, see https://bugs.debian.org/876286 .

All fixes are taken from upstream's release tarball of next version.

Debdiff attached:

diff -u xml2-0.4/debian/control xml2-0.4/debian/control
--- xml2-0.4/debian/control
+++ xml2-0.4/debian/control
@@ -1,7 +1,7 @@
 Source: xml2
 Section: utils
 Priority: optional
-Maintainer: Patrick Schoenfeld 
+Maintainer: Debian QA Group 
 Homepage: http://ofb.net/~egnor/xml2/
 Vcs-Git: git://git.debian.org/git/collab-maint/xml2.git
 Vcs-Browser: http://git.debian.org/?p=collab-maint/xml2.git
diff -u xml2-0.4/debian/changelog xml2-0.4/debian/changelog
--- xml2-0.4/debian/changelog
+++ xml2-0.4/debian/changelog
@@ -1,3 +1,14 @@
+xml2 (0.4-3.1+deb9u1) stretch; urgency=medium
+
+  * QA upload.
+  * Set maintainer to Debian QA Group.
+  * Backport patch to fix corruption when dealing with UTF-8 files.
+(Closes: #506805; Closes: #698072)
+  * Backport patch to fix usage string for 2csv tool.
+(Closes: #506788)
+
+ -- Boyuan Yang <073p...@gmail.com>  Sun, 01 Oct 2017 23:30:42 +0800
+
 xml2 (0.4-3.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u xml2-0.4/debian/patches/series xml2-0.4/debian/patches/series
--- xml2-0.4/debian/patches/series
+++ xml2-0.4/debian/patches/series
@@ -2,0 +3,2 @@
+0003-Fix-corrupted-handling-with-UTF-8-text.patch
+0004-Fix-help-msg-of-2csv-tool.patch
only in patch2:
unchanged:
--- xml2-0.4.orig/debian/patches/0003-Fix-corrupted-handling-with-UTF-8-
text.patch
+++ xml2-0.4/debian/patches/0003-Fix-corrupted-handling-with-UTF-8-text.patch
@@ -0,0 +1,22 @@
+From: Vincent Lefevre 
+Date: Sun, 1 Oct 2017 23:27:14 +0800
+Subject: Fix corrupted handling with UTF-8 text
+
+---
+ xml2.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/xml2.c b/xml2.c
+index fc94d69..d786021 100644
+--- a/xml2.c
 b/xml2.c
+@@ -247,8 +247,7 @@ int main(int argc,char *argv[])
+   init();
+ 
+   if (1 == argc && !strcmp(name,"html2")) {
+-  ctxt = htmlCreatePushParserCtxt(,NULL,NULL,0,"stdin",
+-  XML_CHAR_ENCODING_8859_1);
++  ctxt = htmlCreatePushParserCtxt(,NULL,NULL,0,"stdin",0);
+   parseChunk = htmlParseChunk;
+   freeCtxt = htmlFreeParserCtxt;
+   do_compress_whitespace = 1;
only in patch2:
unchanged:
--- xml2-0.4.orig/debian/patches/0004-Fix-help-msg-of-2csv-tool.patch
+++ xml2-0.4/debian/patches/0004-Fix-help-msg-of-2csv-tool.patch
@@ -0,0 +1,22 @@
+From: Boyuan Yang <073p...@gmail.com>
+Date: Sun, 1 Oct 2017 23:30:13 +0800
+Subject: Fix help msg of 2csv tool
+
+---
+ 2csv.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/2csv.c b/2csv.c
+index 7370e8c..c672b56 100644
+--- a/2csv.c
 b/2csv.c
+@@ -4,7 +4,8 @@
+ #include 
+ 
+ void usage(void) {
+-  fputs("usage: 2csv record field [field ...] < in > csv\n",stderr);
++  fputs("usage: 2csv [-q quote] [-d comma] "
++  "record field [field ...] < in > csv\n",stderr);
+   exit(2);
+ }
+


signature.asc
Description: This is a digitally signed message part.

Processed (with 1 error): your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 877168 transition: ldc
Bug #877168 [release.debian.org] nmu: gtk-d_3.6.5-2
Changed Bug title to 'transition: ldc' from 'nmu: gtk-d_3.6.5-2'.
> tags 877168 transition
Unknown tag/s: transition.
Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid 
help security upstream pending sarge sarge-ignore experimental d-i confirmed 
ipv6 lfs fixed-in-experimental fixed-upstream l10n newcomer a11y etch 
etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore 
jessie jessie-ignore stretch stretch-ignore buster buster-ignore bullseye 
bullseye-ignore.

>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
877168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877168
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877415: stretch-pu: package debian-edu-doc/1.921~20170603+deb9u2

[Holger Levsen]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
x-debbugs-cc: debian-...@lists.debian.org

Hi,

please accept debian-edu-doc/1.921~20170603+deb9u2 into 9.2, it's an
documenatation only update with this changelog:

debian-edu-doc (1.921~20170603+deb9u2) stretch; urgency=medium

  * Merge stretch related documentation and translation updates from the
debian-edu-doc package in sid:
  * Update Debian Edu Stretch manual from the wiki.

  [ Wolfgang Schweer ]
  * Replace existing boot menu screenshots with recent ones from the wiki.
  * documentation/debian-edu-stretch: Add Debian_Edu_Network_Stretch.odg
as source for the related (en|fr|de) PNG files.

  [ Stretch Manual translation updates ]
  * Simplified Chinese: Ma Yong.
  * Italian: Claudio Carboncini.
  * German: Wolfgang Schweer.
  * Japanese: Victory, also provided screenshots in Japanese.
  * Norwegian Bokmål: Petter Reinholdtsen.
  * Dutch: Frans Spiesschaert.

 -- Holger Levsen   Sun, 01 Oct 2017 16:29:13 +0200

$ LANG=C debdiff debian-edu-doc_1.921~20170603+deb9u1.dsc 
debian-edu-doc_1.921~20170603+deb9u2.dsc|diffstat
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01-Installer_64bit_boot_menu.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01a-Installer_64bit_advanced_options.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/01b-Installer_32bit_boot_menu.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/02-select_a_language.png
  |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/03-select_your_location.png
   |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/04-Configure_the_keyboard.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/05-Detect_and_mount_CD-ROM.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/06-Load_installer_components_from_CD.png
  |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/07-Detect_network_hardware.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/08-Choose_Debian_Edu_profile.png
  |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/09-Really_use_the_automatic_partitioning_tool.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/10-Really_use_the_automatic_partitioning_tool-Yes.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/11-Participate_in_the_package_usage_survey.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12-Set_up_users_and_passwords.png
 |binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12a-Set_up_users_and_passwords.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12b-Set_up_users_and_passwords.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12c-Set_up_users_and_passwords.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/12d-Setting-up-the-partitioner.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/13-Install+the+base+system.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/14-Select_and_install_software.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/ja/Debian_Edu_Network_Stretch.png
|binary
 
/tmp/xdIFdtwwLp/debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/images/source/Debian_Edu_Network_Stretch.odg
|binary
 debian-edu-doc-1.921~20170603+deb9u2/debian/changelog  
   |   21 
 
debian-edu-doc-1.921~20170603+deb9u2/documentation/debian-edu-stretch/debian-edu-stretch-manual.da.po
  

Bug#876706: stretch-pu: package liblouis/3.0.0-3

[Samuel Thibault]

Hello,

Adam D. Barratt, on jeu. 28 sept. 2017 06:46:42 +0100, wrote:
> On Mon, 2017-09-25 at 01:31 +0200, Samuel Thibault wrote:
> > Several CVEs have been reported against liblouis in Bug#874302. The
> > upstream fixes have been tested for 6 days in Debian unstable then 5
> > days in Debian testing.
> 
> It might be nice to have slightly more descriptive changelog entries.

Right, I'm not used to such CVE-related uploads, I added in the
changelog the kind of security issue of the CVEs: buffer overflows and
use-after-free.

> In any case, please feel free to upload.

I have done so now.

Thanks,
Samuel

Bug#877168: [Pkg-d-devel] Bug#877168: nmu: gtk-d_3.6.5-2

[Matthias Klumpp]

2017-10-01 14:06 GMT+02:00 Michael Biebl :
> Hi Matthias,
>
> I see that you made a sourceful upload of gtk-d, so I thought that this
> binNMU request is now moot.
> Unfortunately, tilix still doesn't want to start:
>
> The error is a different one now though:
> $ tilix
> tilix: symbol lookup error: tilix: undefined symbol:
> _D3gio9DBusProxy9DBusProxy9__mixin3622getAsyncInitableStructMFbZPS4gtkc8giotypes14GAsyncInitable

Hmm, weird, it looks like GtkD broke ABI then - so now we need to
rebuild Tilix again as well. I think the only long-term solution here,
while GtkD and D don't have an ABI stability promise, is to bump the
soname of GtkD libraries constantly.
Looks like others are also having fun with this:
https://github.com/gnunn1/tilix/issues/1064

I will make a new Tilix upload, solving this issue, and starting with
the next GtkD release, I'll just bump the SOVERSION every time (maybe
I can also get upstream to do that).

Cheers,
Matthias


-- 
I welcome VSRE emails. See http://vsre.info/

Bug#877195: the patches

[Russell Coker]

On Friday, 29 September 2017 4:39:15 PM AEDT Adam D. Barratt wrote:
> On Sat, 2017-09-30 at 01:08 +1000, Russell Coker wrote:
> > I've attached the patches.  These all come from the package currently
> > in 
> > Testing.
> 
> Thanks, but we don't review individual patches (at least, we don't
> ack/nack uploads based on looking at individual patches).

https://www.debian.org/doc/manuals/developers-reference/pkgs.html

Section 5.5.1 of the above seemed to indicate that I should do it that way.  
Did I misunderstand it or does the documentation need improving?

> If you'd like an ack for an upload to stable, we'd need to see a full
> source debdiff for a package that's been built and tested on stable.

I've attached such a debdiff.  NB It has one thing that is not required (but 
is still handy) that is a build-conflicts against too-new versions of the SE 
Linux tools.  This prevents anyone from accidentally building it on Testing or 
Unstable (which will be unusable).  Obviously the package will work OK without 
such a build-conflict, unless you build it with the wrong packages installed.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
diff -Nru refpolicy-2.20161023.1/debian/changelog refpolicy-2.20161023.1/debian/changelog
--- refpolicy-2.20161023.1/debian/changelog	2017-01-26 00:52:00.0 +1100
+++ refpolicy-2.20161023.1/debian/changelog	2017-09-13 23:47:21.0 +1000
@@ -1,3 +1,28 @@
+refpolicy (2:2.20161023.1-10) unstable; urgency=medium
+
+  * Add patch for typebounds. This patch was rejected upstream, to quote
+Chris PeBenito:
+NAK.  This has already been fixed with the upcoming nnp_transition
+nosuid_transition permissions in refpolicy.  I'm afraid distros will
+have to carry policy patches until they can roll out kernels that
+support these permissions.
+https://marc.info/?l=selinux=150151037511601=2
+Closes: #874201
+  * Make it build-depend on the Stretch versions of tools.
+Closes: #875546
+  * Allow systemd-tmpfiles to delete /var/lib/sudo files.
+Closes: #875668
+  * Allow brctl to create files in sysfs and correctly label
+/usr/lib/bridge-utils/.*\.sh
+Closes: #875669
+  * Give bootloader_t all the access it needs to create initramfs images in
+different situations and communicate with dpkg_t.
+Closes: #875676
+  * Allow dnsmasq_t to read it's config dir
+Closes: #875681
+
+ -- Russell Coker   Wed, 13 Sep 2017 23:47:21 +1000
+
 refpolicy (2:2.20161023.1-9) unstable; urgency=medium
 
   * Dontaudit dkim_milter_t binding to labeled udp ports
diff -Nru refpolicy-2.20161023.1/debian/control refpolicy-2.20161023.1/debian/control
--- refpolicy-2.20161023.1/debian/control	2017-01-04 00:10:28.0 +1100
+++ refpolicy-2.20161023.1/debian/control	2017-09-12 15:29:26.0 +1000
@@ -9,12 +9,12 @@
 Standards-Version: 3.9.8
 Build-Depends: debhelper (>= 9)
 Build-Depends-Indep: bzip2,
- checkpolicy (>= 2.5),
+ checkpolicy (>= 2.5), checkpolicy (<< 2.7~rc2-1),
  gawk,
- libsepol1 (>= 2.5),
+ libsepol1 (>= 2.5), libsepol1 (<<2.7~rc2-1),
  m4,
- policycoreutils (>= 2.5),
- policycoreutils-python-utils (>= 2.5),
+ policycoreutils (>= 2.5), policycoreutils (<<2.7~rc2-1),
+ policycoreutils-python-utils (>= 2.5), policycoreutils-python-utils (<<2.7~rc2-1),
  python,
 # Needed for the --sort=name option, can probably be removed when this version
 # hits stable.
diff -Nru refpolicy-2.20161023.1/debian/patches/0200-stretch-updates refpolicy-2.20161023.1/debian/patches/0200-stretch-updates
--- refpolicy-2.20161023.1/debian/patches/0200-stretch-updates	1970-01-01 10:00:00.0 +1000
+++ refpolicy-2.20161023.1/debian/patches/0200-stretch-updates	2017-09-13 22:41:33.0 +1000
@@ -0,0 +1,243 @@
+Index: refpolicy-2.20161023.1/policy/modules/contrib/pulseaudio.te
+===
+--- refpolicy-2.20161023.1.orig/policy/modules/contrib/pulseaudio.te
 refpolicy-2.20161023.1/policy/modules/contrib/pulseaudio.te
+@@ -212,6 +212,12 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++	# when pulseaudio is run from a user session on systems it uses files
++	# under /run/systemd/users
++	systemd_read_logind_pids(pulseaudio_t)
++')
++
++optional_policy(`
+ 	udev_read_pid_files(pulseaudio_t)
+ 	udev_read_state(pulseaudio_t)
+ 	udev_read_db(pulseaudio_t)
+Index: refpolicy-2.20161023.1/policy/modules/system/userdomain.if
+===
+--- refpolicy-2.20161023.1.orig/policy/modules/system/userdomain.if
 refpolicy-2.20161023.1/policy/modules/system/userdomain.if
+@@ -66,7 +66,9 @@ template(`userdom_base_user_template',`
+ 	# avoid annoying messages on 

Bug#877403: stretch-pu: package dbus/1.10.24-0+deb9u1

[Simon McVittie]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

I've made another upstream stable release of dbus, and as usual I'd like
to update stretch via stretch-p-u, to minimize weirdness and diffstat
if I have to do a security release later. There is nothing particularly
vital here, and I can revert or fix anything that the SRMs are not
happy with.

If you want to say "yes but only after 9.2", that would also be fine.

This upstream release is in testing already (versioned as
1.11.16+really1.10.24-1 due to an unfortunate dch -r accident).
This will probably be the last 1.10.x release in testing/unstable,
since I'm planning to move to the 1.11.x branch in preparation for
starting a 1.12.0 stable branch upstream.

The attached debdiff excludes ./configure, which gets
regenerated during the build.

(I still need to smoke-test this on a real stretch system, which I'll
do before upload; it passes autopkgtests though.)

Thanks,
smcv
debdiff dbus_1.10.{22,24}-0+deb9u1.dsc | filterdiff --exclude='*/configure'

diffstat for dbus-1.10.22 dbus-1.10.24

 NEWS  |   26 ++
 aclocal.m4|2 
 bus/activation.c  |   10 +-
 bus/config-loader-expat.c |   14 +++
 bus/connection.c  |   13 +--
 bus/connection.h  |2 
 bus/dispatch.c|   56 ++---
 bus/driver.c  |4 
 bus/signals.c |   15 ++-
 config.h.in   |3 
 configure |   48 +++
 configure.ac  |   12 ++
 dbus/dbus-sysdeps-unix.c  |   11 +-
 debian/changelog  |   21 
 test/monitor.c|  197 +++---
 tools/dbus-send.c |2 
 16 files changed, 363 insertions(+), 73 deletions(-)

diff -Nru dbus-1.10.22/aclocal.m4 dbus-1.10.24/aclocal.m4
--- dbus-1.10.22/aclocal.m4	2017-07-27 14:03:36.0 +0100
+++ dbus-1.10.24/aclocal.m4	2017-09-25 21:03:14.0 +0100
@@ -883,7 +883,7 @@
   dnl supported. (2.0 was released on October 16, 2000).
   dnl FIXME: Remove the need to hard-code Python versions here.
   m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
-[python python2 python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
+[python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
  python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
 
   AC_ARG_VAR([PYTHON], [the Python interpreter])
diff -Nru dbus-1.10.22/bus/activation.c dbus-1.10.24/bus/activation.c
--- dbus-1.10.22/bus/activation.c	2017-02-16 13:46:23.0 +
+++ dbus-1.10.24/bus/activation.c	2017-09-25 14:54:34.0 +0100
@@ -1967,6 +1967,7 @@
   DBusString service_string;
   BusService *service;
   BusRegistry *registry;
+  DBusConnection *systemd = NULL;
 
   /* OK, we have a systemd service configured for this entry,
  hence let's enqueue an activation request message. This
@@ -2015,11 +2016,14 @@
   _dbus_string_init_const (_string, "org.freedesktop.systemd1");
   service = bus_registry_lookup (registry, _string);
 
+  if (service)
+systemd = bus_service_get_primary_owners_connection (service);
+
   /* Following the general principle of "log early and often",
* we capture that we *want* to send the activation message, even if
* systemd is not actually there to receive it yet */
   if (!bus_transaction_capture (activation_transaction,
-NULL, message))
+NULL, systemd, message))
 {
   dbus_message_unref (message);
   BUS_SET_OOM (error);
@@ -2033,8 +2037,8 @@
service_name,
entry->systemd_service);
   /* Wonderful, systemd is connected, let's just send the msg */
-  retval = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service),
- message, error);
+  retval = bus_dispatch_matches (activation_transaction, NULL,
+ systemd, message, error);
 }
   else
 {
diff -Nru dbus-1.10.22/bus/config-loader-expat.c dbus-1.10.24/bus/config-loader-expat.c
--- dbus-1.10.22/bus/config-loader-expat.c	2017-07-27 12:57:16.0 +0100
+++ dbus-1.10.24/bus/config-loader-expat.c	2017-07-28 11:15:46.0 +0100
@@ -203,6 +203,20 @@
   goto failed;
 }
 
+  /* We do not need protection against hash collisions (CVE-2012-0876)
+   * because we are only parsing trusted XML; and if we let Expat block
+   * waiting for the CSPRNG to be initialized, as it does by default to
+   * defeat CVE-2012-0876, it can cause timeouts during early 

Bug#877366: stretch-pu: package abiword/3.0.2-2+deb9u1

[Jeremy Bicha]

abiword 3.0.2-4 built on all architectures. It would be in testing in
2 days except that mesa is holding things up. (By the way, I think the
mesa RC bugs are steam bugs, not mesa bugs.)

Thanks,
Jeremy Bicha

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: libidn2-0_0.16-1+deb9u1_amd64.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_arm64.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_armel.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_armhf.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_i386.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_mips.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_mips64el.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_mipsel.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_ppc64el.changes
  ACCEPT
Processing changes file: libidn2-0_0.16-1+deb9u1_s390x.changes
  ACCEPT
Processing changes file: vim_8.0.0197-4+deb9u1_source.changes
  ACCEPT

Bug#877168: [Pkg-d-devel] Bug#877168: nmu: gtk-d_3.6.5-2

[Michael Biebl]

Hi Matthias,

I see that you made a sourceful upload of gtk-d, so I thought that this
binNMU request is now moot.
Unfortunately, tilix still doesn't want to start:

The error is a different one now though:
$ tilix
tilix: symbol lookup error: tilix: undefined symbol:
_D3gio9DBusProxy9DBusProxy9__mixin3622getAsyncInitableStructMFbZPS4gtkc8giotypes14GAsyncInitable


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Processed: Re: Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #877348 [release.debian.org] stretch-pu: package vim/8.0.0197-4+deb9u1
Added tag(s) pending.

-- 
877348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877348: stretch-pu: package vim/8.0.0197-4+deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Sat, 2017-09-30 at 20:15 -0400, James McCoy wrote:
> On Sat, Sep 30, 2017 at 09:42:14PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sat, 2017-09-30 at 14:48 -0400, James McCoy wrote:
> > > * Backport upstream patches to fix CVE-2017-11109  (Closes:
> > > #867720)
> > >   + 8.0.0703: Illegal memory access with empty :doau command
> > >   + 8.0.0706: Crash when cancelling the cmdline window in Ex mode
> > >   + 8.0.0707: Freeing wrong memory when manipulating buffers in
> > > autocommands
> > > 
> > 
> > Please go ahead, bearing in mind that the window for 9.2 closes
> > during
> > this weekend.
> 
> Thanks!  Uploaded.
> 
Thanks, flagged for acceptance.

Regards,

Adam

Re: how do you want your britney commits (unfinished)

[Niels Thykier]

Paul Gevers:
> Hi Niels,
> 

Hi,

> On 12-09-17 22:15, Niels Thykier wrote:
>> Paul Gevers:
>>> - adjust britney2 to not block on autopkgtest failure but instead adjust
>>> the required age depending on the results (lower for pass, raise for
>>> regression)
> 
> Do you already have an idea in mind how this could/should be
> accomplished? While going through britney, I see several (most, if not
> all, of them hacky) ways this can be done.
> 

At the moment, no, I do not have a brilliant idea.


Short term/for testing purposes, I would just add a comment in the
excuses and then leave the aging as it is.

> One idea of mine is to create an internal urgency that the age policy
> can take to adjust the age. If that is the case, I guess I have to make
> sure the order of policies is correct. Minor point, but was it your
> intent to change to know urgency ages? Or e.g. age to 20 days, which is
> no urgency age, when regressions pop up?
> 
> Paul
> 

I think we would prefer modifying the age-requirement over urgency
fiddling.  Among other because changing the urgency is "exclusive" so we
cannot have multiple policies altering the aging in that case.

But I do not really have a good way of doing it atm. (either way)

Thanks,
~Niels

Bug#877374: stretch-pu: shadow 1:4.4-4.1+deb9u1

[Balint Reczey]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

I have prepared an update for the shadow package which may be released
as a stable update:

Changes:
 shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium
 .
   * Revert adding pts/0 and pts/1 to securetty.
     Adding pts/* defeats the purpose of securetty. Let containers add it if
     needed as described in #830255.
   * Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
     (Closes: #756630)

The Security Team suggested fixing those minor security-related issues via
proposed-updates rather than via stretch-security.

Thanks,
Balint

diff -Nru shadow-4.4/debian/changelog shadow-4.4/debian/changelog
--- shadow-4.4/debian/changelog	2017-05-17 13:59:59.0 +0200
+++ shadow-4.4/debian/changelog	2017-09-30 03:30:30.0 +0200
@@ -1,3 +1,13 @@
+shadow (1:4.4-4.1+deb9u1) stretch; urgency=medium
+
+  * Revert adding pts/0 and pts/1 to securetty.
+Adding pts/* defeats the purpose of securetty. Let containers add it if
+needed as described in #830255.
+  * Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
+(Closes: #756630)
+
+ -- Balint Reczey   Fri, 29 Sep 2017 21:30:30 -0400
+
 shadow (1:4.4-4.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch
--- shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch	1970-01-01 01:00:00.0 +0100
+++ shadow-4.4/debian/patches/0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch	2017-09-30 03:30:30.0 +0200
@@ -0,0 +1,42 @@
+From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz 
+Date: Fri, 31 Mar 2017 16:25:06 +0200
+Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
+
+If ptr->line == NULL for an entry, the first cycle will exit,
+but the second one will happily write past entries buffer.
+We actually do not want to exit the first cycle prematurely
+on ptr->line == NULL.
+Signed-off-by: Tomas Mraz 
+---
+ lib/commonio.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index b10da06a..31edbaaf 100644
+--- a/lib/commonio.c
 b/lib/commonio.c
+@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
+ 	for (ptr = db->head;
+ 	(NULL != ptr)
+ #if KEEP_NIS_AT_END
+-	 && (NULL != ptr->line)
+-	 && (   ('+' != ptr->line[0])
+-	 && ('-' != ptr->line[0]))
++	 && ((NULL == ptr->line)
++	 || (('+' != ptr->line[0])
++	 && ('-' != ptr->line[0])))
+ #endif
+ 	 ;
+ 	 ptr = ptr->next) {
+ 		n++;
+ 	}
+ #if KEEP_NIS_AT_END
+-	if ((NULL != ptr) && (NULL != ptr->line)) {
++	if (NULL != ptr) {
+ 		nis = ptr;
+ 	}
+ #endif
+-- 
+2.11.0
+
diff -Nru shadow-4.4/debian/patches/series shadow-4.4/debian/patches/series
--- shadow-4.4/debian/patches/series	2017-05-17 13:59:59.0 +0200
+++ shadow-4.4/debian/patches/series	2017-09-30 03:30:30.0 +0200
@@ -6,6 +6,7 @@
 0006-French-manpage-translation.patch
 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
 0008-su-properly-clear-child-PID.patch
+0009-Fix-buffer-overflow-if-NULL-line-is-present-in-db.patch
 301-Reset-pid_child-only-if-waitpid-was-successful.patch
 
 # These patches are only for the testsuite:
diff -Nru shadow-4.4/debian/securetty.linux shadow-4.4/debian/securetty.linux
--- shadow-4.4/debian/securetty.linux	2017-05-17 13:59:59.0 +0200
+++ shadow-4.4/debian/securetty.linux	2017-09-30 03:30:30.0 +0200
@@ -164,11 +164,6 @@
 ttyM1
 #...
 
-# Unix98 PTY slaves
-pts/0
-pts/1
-#...
-
 # Technology Concepts serial card
 ttyT0
 ttyT1