Bug#891817: transition: petsc
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition I'd like to proceed with the transition of petsc (and slepc) from 3.7 to 3.8. I've confirmed rdepends getdp, sundials and deal.ii will build. dolfin will build after a source upload (it has a tight dependency on the petsc version) I've reorganised the packaging so there are no longer patch-specific packages, just the minor version (libpetsc-real3.8 and libpetsc-complex3.8 instead of libpetsc3.7.7 and libpetsc-complex-3.7.7). I added "real" to the package name (for real number support) to get naming symmetry with the complex number package, and to better reflect the soname of the library. I will also update slepc from 3.7 to 3.8 as part of this transition. Ben file: title = "petsc"; is_affected = .depends ~ "libpetsc3.7.7" | .depends ~ "libpetsc-real3.8"; is_good = .depends ~ "libpetsc-real3.8"; is_bad = .depends ~ "libpetsc3.7.7"; -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#891807: stretch-pu: package libdate-holidays-de-perl/1.9-1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hello release team, some states in Germany are about to make Reformation Day (Oct 31st) a new holiday. So far, Hamburg and Schleswig-Holstein have passed according laws, see the patch below for details. In order to avoid confusion, I'd like to update libdate-holidays-de-perl in stretch, a module to determine German holiday dates. The debdiff is attached. Regards, Christoph diff -Nru libdate-holidays-de-perl-1.9/debian/changelog libdate-holidays-de-perl-1.9/debian/changelog --- libdate-holidays-de-perl-1.9/debian/changelog 2016-12-04 16:59:55.0 +0100 +++ libdate-holidays-de-perl-1.9/debian/changelog 2018-03-01 00:06:15.0 +0100 @@ -1,3 +1,10 @@ +libdate-holidays-de-perl (1.9-1+deb9u1) stretch; urgency=low + + * Mark Reformation Day as a holiday in Hamburg and +Schleswig-Holstein from 2018 on + + -- Christoph Biedl Thu, 01 Mar 2018 00:06:15 +0100 + libdate-holidays-de-perl (1.9-1) unstable; urgency=low * Initial Release. Closes: #829833 diff -Nru libdate-holidays-de-perl-1.9/debian/patches/refo.patch libdate-holidays-de-perl-1.9/debian/patches/refo.patch --- libdate-holidays-de-perl-1.9/debian/patches/refo.patch 1970-01-01 01:00:00.0 +0100 +++ libdate-holidays-de-perl-1.9/debian/patches/refo.patch 2018-03-01 00:06:05.0 +0100 @@ -0,0 +1,33 @@ +Subject: Add new regional holidays from 2018 on +Author: Christoph Biedl +Forwarded: https://rt.cpan.org/Ticket/Display.html?id=124559 +Last-Update: 2018-02-28 + +Sources (in German): +Schleswig-Holstein: + http://www.spiegel.de/karriere/reformationstag-wird-in-schleswig-holstein-neuer-feiertag-a-1195092.html +Hamburg: + http://www.spiegel.de/karriere/hamburg-reformationstag-wird-feiertag-a-1195881.html + +--- a/DE.pm b/DE.pm +@@ -121,6 +121,9 @@ + + # Extras for Hamburg + @{$holidays{'hh'}} = qw(); ++ if ($year >= 2018) { ++ push @{$holidays{'hh'}}, qw(refo); ++ } + + # Extras for Hessen + @{$holidays{'he'}} = qw(fron); +@@ -148,6 +151,9 @@ + + # Extras for Schleswig-Holstein + @{$holidays{'sh'}} = qw(); ++ if ($year >= 2018) { ++ push @{$holidays{'sh'}}, qw(refo); ++ } + + # Extras for Thueringen + @{$holidays{'th'}} = qw(refo); diff -Nru libdate-holidays-de-perl-1.9/debian/patches/series libdate-holidays-de-perl-1.9/debian/patches/series --- libdate-holidays-de-perl-1.9/debian/patches/series 2016-12-04 16:59:55.0 +0100 +++ libdate-holidays-de-perl-1.9/debian/patches/series 2018-03-01 00:06:05.0 +0100 @@ -1 +1,2 @@ fix-typo-in-manpage.patch +refo.patch signature.asc Description: PGP signature
Bug#891801: stretch-pu: package unbound/1.6.0-3+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, I would like to fix a DNSSEC validation bug (CVE-2017-15105) in the unbound package shipped in stretch. After discussion with the security team, this bug was deemed minor enough that the fix could be shipped in a point release: https://security-tracker.debian.org/tracker/CVE-2017-15105 Please see attached a debdiff for unbound 1.6.0-3+deb9u2 containing the backported fix from upstream version 1.6.8. I'd like to have this considered for the upcoming stable point release. Details on the bug and its impact are available in this upstream advisory: https://unbound.net/downloads/CVE-2017-15105.txt I have cherry-picked two commits (svn r4441, r4528) from the upstream repository containing the fix and a test case. Those upstream commits are available here: https://github.com/NLnetLabs/unbound/commit/2a6250e3fb3ccd6e9a0a16b6908c5cfb76d8d6f3 https://github.com/NLnetLabs/unbound/commit/eff62cecac1388214032906eb6944ceb9c0e6d41 (There was a minor conflict when merging the cherry-picked commit r4441 due to the renaming of some internal types in svn r3989.) A very similar fix has already been shipped for wheezy-lts in 1.4.17-3+deb7u3. Thanks! -- Robert Edmonds edmo...@debian.org diff -Nru unbound-1.6.0/debian/changelog unbound-1.6.0/debian/changelog --- unbound-1.6.0/debian/changelog 2017-08-27 00:43:42.0 -0400 +++ unbound-1.6.0/debian/changelog 2018-02-28 17:00:51.0 -0500 @@ -1,3 +1,12 @@ +unbound (1.6.0-3+deb9u2) stretch; urgency=high + + * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105: +vulnerability in the processing of wildcard synthesized NSEC records." + * Cherry-pick upstream commit svn r4528, "Added tests with wildcard +expanded NSEC records (CVE-2017-15105 test)". + + -- Robert Edmonds Wed, 28 Feb 2018 17:00:51 -0500 + unbound (1.6.0-3+deb9u1) stretch; urgency=high * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor diff -Nru unbound-1.6.0/debian/patches/debian-changes unbound-1.6.0/debian/patches/debian-changes --- unbound-1.6.0/debian/patches/debian-changes 2017-08-27 00:43:42.0 -0400 +++ unbound-1.6.0/debian/patches/debian-changes 2018-02-28 17:00:51.0 -0500 @@ -5,14 +5,12 @@ information below has been extracted from the changelog. Adjust it or drop it. . - unbound (1.6.0-3+deb9u1) stretch; urgency=high + unbound (1.6.0-3+deb9u2) stretch; urgency=high . - * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor - when two anchors are present, makes both valid. Checks hash of DS but - not signature of new key. This fixes installs between sep11 and oct11 - 2017." - * debian/control: unbound: Add versioned dependency on dns-root-data (>= - 2017072601~) for KSK-2017 in RFC 5011 state VALID. + * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105: + vulnerability in the processing of wildcard synthesized NSEC records." + * Cherry-pick upstream commit svn r4528, "Added tests with wildcard + expanded NSEC records (CVE-2017-15105 test)". Author: Robert Edmonds --- @@ -26,7 +24,7 @@ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: -Last-Update: 2017-08-27 +Last-Update: 2018-02-28 --- unbound-1.6.0.orig/acx_python.m4 +++ unbound-1.6.0/acx_python.m4 @@ -79,6 +77,165 @@ +echo "Setup success. Certificates created." exit 0 +--- unbound-1.6.0.orig/testcode/unitverify.c unbound-1.6.0/testcode/unitverify.c +@@ -186,7 +186,9 @@ verifytest_rrset(struct module_env* env, + ntohs(rrset->rk.rrset_class)); + } + setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ +- sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason); ++ /* ok to give null as qstate here, won't be used for answer section. */ ++ sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, ++ LDNS_SECTION_ANSWER, NULL); + if(vsig) { + printf("verify outcome is: %s %s\n", sec_status_to_string(sec), + reason?reason:""); +--- /dev/null unbound-1.6.0/testdata/val_nodata_failwc.rpl +@@ -0,0 +1,71 @@ ++; config options ++; The island of trust is at nsecwc.nlnetlabs.nl ++server: ++ trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" ++ val-override-date: "20181202115531" ++ target-fetch-policy: "0 0 0 0 0" ++ fake-sha1: yes ++ trust-anchor-signaling: no ++stub-zone: ++ name: "nsecwc.nlnetlabs.nl" ++ stub-addr: "185.49.140.60" ++ ++CONFIG_END ++ ++SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. ++ ++ ; ns.example.com.
Bug#891793: stretch-pu: package obfsproxy/0.2.13-2+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Don't install the broken AppArmor profile. (Closes: #882103) diff -Nru obfsproxy-0.2.13/debian/changelog obfsproxy-0.2.13/debian/changelog --- obfsproxy-0.2.13/debian/changelog 2016-09-22 14:15:38.0 +0300 +++ obfsproxy-0.2.13/debian/changelog 2018-02-28 23:03:50.0 +0200 @@ -1,3 +1,10 @@ +obfsproxy (0.2.13-2+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Don't install the broken AppArmor profile. (Closes: #882103) + + -- Adrian Bunk Wed, 28 Feb 2018 23:03:50 +0200 + obfsproxy (0.2.13-2) unstable; urgency=medium * Team upload. diff -Nru obfsproxy-0.2.13/debian/control obfsproxy-0.2.13/debian/control --- obfsproxy-0.2.13/debian/control 2016-09-22 14:15:38.0 +0300 +++ obfsproxy-0.2.13/debian/control 2018-02-28 23:03:48.0 +0200 @@ -5,7 +5,6 @@ Priority: extra Build-Depends: asciidoc, debhelper (>= 9), - dh-apparmor, dh-python, docbook-xsl, python-all (>= 2.6.6-3~), diff -Nru obfsproxy-0.2.13/debian/obfsproxy.dirs obfsproxy-0.2.13/debian/obfsproxy.dirs --- obfsproxy-0.2.13/debian/obfsproxy.dirs 2016-09-22 14:15:38.0 +0300 +++ obfsproxy-0.2.13/debian/obfsproxy.dirs 1970-01-01 02:00:00.0 +0200 @@ -1 +0,0 @@ -etc/apparmor.d diff -Nru obfsproxy-0.2.13/debian/obfsproxy.maintscript obfsproxy-0.2.13/debian/obfsproxy.maintscript --- obfsproxy-0.2.13/debian/obfsproxy.maintscript 1970-01-01 02:00:00.0 +0200 +++ obfsproxy-0.2.13/debian/obfsproxy.maintscript 2018-02-28 23:03:50.0 +0200 @@ -0,0 +1 @@ +rm_conffile /etc/apparmor.d/usr.bin.obfsproxy 0.2.13-2+deb9u1~ obfsproxy diff -Nru obfsproxy-0.2.13/debian/rules obfsproxy-0.2.13/debian/rules --- obfsproxy-0.2.13/debian/rules 2016-09-22 14:15:38.0 +0300 +++ obfsproxy-0.2.13/debian/rules 2018-02-28 23:03:48.0 +0200 @@ -5,9 +5,6 @@ override_dh_install: dh_install -O--buildsystem=pybuild - cp debian/apparmor-profile debian/obfsproxy/etc/apparmor.d/usr.bin.obfsproxy - dh_apparmor --profile-name=usr.bin.obfsproxy -pobfsproxy - override_dh_installman: a2x --no-xmllint --doctype manpage --format manpage debian/obfsproxy.1.txt dh_installman -O--buildsystem=pybuild
Bug#891791: stretch-pu: package local-apt-repository/0.4+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Backport changes from Joachim Breitner to stop breaking apt when the package is removed but not purged. (Closes: #881753) diff -Nru local-apt-repository-0.4/debian/changelog local-apt-repository-0.4+deb9u1/debian/changelog --- local-apt-repository-0.4/debian/changelog 2016-06-15 15:45:19.0 +0300 +++ local-apt-repository-0.4+deb9u1/debian/changelog2018-02-28 22:52:28.0 +0200 @@ -1,3 +1,11 @@ +local-apt-repository (0.4+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Backport changes from Joachim Breitner to stop breaking apt +when the package is removed but not purged. (Closes: #881753) + + -- Adrian Bunk Wed, 28 Feb 2018 22:52:28 +0200 + local-apt-repository (0.4) unstable; urgency=medium * Use apt-ftparchive instead of dpkg-scansources (Closes: #804542). diff -Nru local-apt-repository-0.4/debian/local-apt-repository.install local-apt-repository-0.4+deb9u1/debian/local-apt-repository.install --- local-apt-repository-0.4/debian/local-apt-repository.install 2015-08-22 14:16:16.0 +0300 +++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.install 2018-02-28 22:52:24.0 +0200 @@ -1,4 +1,5 @@ rebuild /usr/lib/local-apt-repository -local-apt-repository.list /etc/apt/sources.list.d/ +# it is linked from /etc/apt/sources.list.d/ using maintainer scripts +local-apt-repository.list /usr/lib/local-apt-repository local-apt-repository.path /lib/systemd/system/ local-apt-repository.service /lib/systemd/system/ diff -Nru local-apt-repository-0.4/debian/local-apt-repository.maintscript local-apt-repository-0.4+deb9u1/debian/local-apt-repository.maintscript --- local-apt-repository-0.4/debian/local-apt-repository.maintscript 1970-01-01 02:00:00.0 +0200 +++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.maintscript 2018-02-28 22:52:24.0 +0200 @@ -0,0 +1 @@ +rm_conffile /etc/apt/sources.list.d/local-apt-repository.list 0.4 diff -Nru local-apt-repository-0.4/debian/local-apt-repository.postinst local-apt-repository-0.4+deb9u1/debian/local-apt-repository.postinst --- local-apt-repository-0.4/debian/local-apt-repository.postinst 2015-08-22 21:23:25.0 +0300 +++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.postinst 2018-02-28 22:52:24.0 +0200 @@ -6,6 +6,7 @@ configure) /usr/lib/local-apt-repository/rebuild -f +ln -fs /usr/lib/local-apt-repository/local-apt-repository.list /etc/apt/sources.list.d/local-apt-repository.list ;; abort-upgrade|abort-remove|abort-deconfigure) diff -Nru local-apt-repository-0.4/debian/local-apt-repository.prerm local-apt-repository-0.4+deb9u1/debian/local-apt-repository.prerm --- local-apt-repository-0.4/debian/local-apt-repository.prerm 2015-08-22 14:47:34.0 +0300 +++ local-apt-repository-0.4+deb9u1/debian/local-apt-repository.prerm 2018-02-28 22:52:24.0 +0200 @@ -5,6 +5,7 @@ case "$1" in remove|deconfigure) +rm -f /etc/apt/sources.list.d/local-apt-repository.list rm -rf /var/lib/local-apt-repository/ ;;
Bug#891788: stretch-pu: package starplot/0.95.5-8.2+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Add patch from Bernhard Übelacker to fix startup crash. (Closes: #862065) diff -Nru starplot-0.95.5/debian/changelog starplot-0.95.5/debian/changelog --- starplot-0.95.5/debian/changelog2016-12-24 23:59:59.0 +0200 +++ starplot-0.95.5/debian/changelog2018-02-28 22:37:50.0 +0200 @@ -1,3 +1,11 @@ +starplot (0.95.5-8.2+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Add patch from Bernhard Übelacker to fix startup crash. +(Closes: #862065) + + -- Adrian Bunk Wed, 28 Feb 2018 22:37:50 +0200 + starplot (0.95.5-8.2) unstable; urgency=low * Non-maintainer upload to fix RC bug. diff -Nru starplot-0.95.5/debian/patches/05-startup-crash.diff starplot-0.95.5/debian/patches/05-startup-crash.diff --- starplot-0.95.5/debian/patches/05-startup-crash.diff1970-01-01 02:00:00.0 +0200 +++ starplot-0.95.5/debian/patches/05-startup-crash.diff2018-02-28 22:37:38.0 +0200 @@ -0,0 +1,84 @@ +From f603ddfa6a0eb6fc90bc8f14d0bb010efef975fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= +Date: Mon, 8 May 2017 23:05:28 +0200 +Subject: Replace c-like qsort with c++-like std::sort. + +https://bugs.debian.org/862065 +--- + src/classes/stararray.cc | 49 +--- + 1 file changed, 17 insertions(+), 32 deletions(-) + +diff --git a/src/classes/stararray.cc b/src/classes/stararray.cc +index 26cc6a0..72cc856 100644 +--- a/src/classes/stararray.cc b/src/classes/stararray.cc +@@ -26,6 +26,7 @@ + + #define NEED_FULL_NAMES + #include "constellations.h" ++#include + + using std::string; + using std::vector; +@@ -167,42 +168,26 @@ typedef struct { + + // Next, the function to compare for qsort(). + +-int compare_function(const void *p, const void *q) +-{ +- double x1 = ((const sortable *)p)->xposition; +- double x2 = ((const sortable *)q)->xposition; +- return (x1 - x2 >= 0.0) ? 1 : -1; +-} ++struct sort_class { ++ Rules &rules; ++ sort_class(Rules &r) : rules(r) {}; ++ bool operator() (const Star &p, const Star &q) ++ { ++SolidAngle orientation = rules.ChartOrientation; ++Vector3 relativeLocation; ++relativeLocation = p.GetStarXYZ() - rules.ChartLocation; ++double x1 = relativeLocation.getX() * cos(orientation.getPhi()) + relativeLocation.getY() * sin(orientation.getPhi()); ++relativeLocation = q.GetStarXYZ() - rules.ChartLocation; ++double x2 = relativeLocation.getX() * cos(orientation.getPhi()) + relativeLocation.getY() * sin(orientation.getPhi()); ++return (x1 - x2 >= 0.0) ? 1 : -1; ++ } ++}; + +-// Finally, the main function which calls qsort() ++// Finally, the main function which calls std::sort() + + void StarArray::Sort() + { +- size_t size = Array.size(); +- Vector3 relativeLocation; +- SolidAngle orientation = ArrayRules.ChartOrientation; +- sortable *temparray = new sortable[size]; +- +- // Make a temporary array for qsort(), consisting of "sortable" structs +- // which each contain a Star and a position in local coordinates. +- for (size_t i = 0; i < size; i++) { +-relativeLocation = Array[i].GetStarXYZ() - ArrayRules.ChartLocation; +-temparray[i].xposition = +- relativeLocation.getX() * cos(orientation.getPhi()) +- + relativeLocation.getY() * sin(orientation.getPhi()); +-temparray[i].star = Array[i]; +- } +- +- qsort(temparray, size, sizeof(sortable), compare_function); +- +- // Put the sorted temporary array back into the vector +- Array.clear(); +- for (size_t i = 0; i < size; i++) { +-temparray[i].star.SetPlace(i+1);// label stars starting at 1 +-Array.push_back(temparray[i].star); +- } +- +- delete [] temparray; ++ std::sort(Array.begin(), Array.end(), sort_class(ArrayRules)); + return; + } + +-- +2.11.0 + diff -Nru starplot-0.95.5/debian/patches/series starplot-0.95.5/debian/patches/series --- starplot-0.95.5/debian/patches/series 2016-12-24 23:59:40.0 +0200 +++ starplot-0.95.5/debian/patches/series 2018-02-28 22:37:47.0 +0200 @@ -1,3 +1,4 @@ 01-starplot_desktop_file.diff 02-fix-ftbfs-and-hrdiagram-opts.diff 03-fix-ftbfs-convert.diff +05-startup-crash.diff
Bug#891784: stretch-pu: package abiword/3.0.2-2+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Solve binary file conflict between abiword-dbgsym and abiword-plugin-grammar-dbgsym (Closes: #868537). diff -Nru abiword-3.0.2/debian/changelog abiword-3.0.2/debian/changelog --- abiword-3.0.2/debian/changelog 2017-10-01 02:04:08.0 +0300 +++ abiword-3.0.2/debian/changelog 2018-02-28 22:17:26.0 +0200 @@ -1,3 +1,13 @@ +abiword (3.0.2-2+deb9u2) stretch; urgency=medium + + * QA upload. + + [ Simon Quigley ] + * Solve binary file conflict between abiword-dbgsym +and abiword-plugin-grammar-dbgsym (Closes: #868537). + + -- Adrian Bunk Wed, 28 Feb 2018 22:17:26 +0200 + abiword (3.0.2-2+deb9u1) stretch; urgency=medium * QA upload. diff -Nru abiword-3.0.2/debian/rules abiword-3.0.2/debian/rules --- abiword-3.0.2/debian/rules 2017-10-01 02:04:08.0 +0300 +++ abiword-3.0.2/debian/rules 2018-02-28 22:17:26.0 +0200 @@ -73,8 +73,11 @@ -dh_auto_test override_dh_makeshlibs: - $(RM) -v debian/abiword/usr/lib/$(DEB_HOST_MULTIARCH)/abiword-*/plugins/grammar.* dh_makeshlibs -V override_dh_strip: dh_strip --dbgsym-migration='abiword-dbg (<< 3.0.1-7~)' + +override_dh_install: + dh_install + $(RM) -v debian/abiword/usr/lib/$(DEB_HOST_MULTIARCH)/abiword-*/plugins/grammar.*
Bug#890791: stretch-pu: package dpkg/1.18.25
On Wed, 2018-02-28 at 20:11 +0100, Manuel A. Fernandez Montecelo wrote: > 2018-02-28 19:45 GMT+01:00 Adam D. Barratt > : > > We understand that this is inconvenient for the riscv porters, so > > are > > exploring whether it would be possible to have the dak support made > > available via p-u after the upcoming point release. > > I'd appreciate if you can find some alternative solution for the > RISC-V support, waiting to the next stable update is a bit too much, > and still there's no guarantee that it'll be accepted then. For the record, I don't foresee any issues with getting the RISC-V support accepted, it's simply unfortunate timing for this point release. Regards, Adam
Bug#890791: stretch-pu: package dpkg/1.18.25
2018-02-28 19:45 GMT+01:00 Adam D. Barratt : > We understand that this is inconvenient for the riscv porters, so are > exploring whether it would be possible to have the dak support made > available via p-u after the upcoming point release. I'd appreciate if you can find some alternative solution for the RISC-V support, waiting to the next stable update is a bit too much, and still there's no guarantee that it'll be accepted then. Cheers. -- Manuel A. Fernandez Montecelo
Bug#888510: marked as done (stretch-pu: package xmltooling/1.6.0-4)
Your message dated Wed, 28 Feb 2018 18:56:05 + with message-id <1519844165.15218.7.ca...@adam-barratt.org.uk> and subject line Re: Bug#888510: stretch-pu: package xmltooling/1.6.0-4 has caused the Debian Bug report #888510, regarding stretch-pu: package xmltooling/1.6.0-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Release Team, The Security Team advised that CVE-2018-0486 should be fixed by a stable update, because it isn't exploitable in the stretch version of the Shibboleth stack, but software outside Debian could still be affected by the issue. Stretch currently has version 1.6.0; upstream fixed this security issue in 1.6.3 (already uploaded to unstable). Since 1.6.2 was a revert of the most part of the changes in 1.6.1, 1.6.3 is effectively three code changes beyond 1.6.0: the security fix itself: diff --git a/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp b/xmltooling/io/AbstractXMLObjectUnmarshal ler.cpp index ae2709e..487348e 100644 --- a/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp +++ b/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp @@ -206,6 +206,8 @@ void AbstractXMLObjectUnmarshaller::unmarshallContent(const DOMElement* domEleme else if (childNode->getNodeType() == DOMNode::TEXT_NODE || childNode->getNodeType() == DOMNode::CDATA_SECTION_NODE) { m_log.debug("processing text content at position (%d)", position); setTextContent(childNode->getNodeValue(), position); +} else if (childNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE || childNode->getNodeType() == DOMNode::ENTITY_NODE) { +throw UnmarshallingException("Unmarshaller found Entity/Reference node."); } childNode = childNode->getNextSibling(); a more general fix for the same issue for Xerces 3.2 (stretch has 3.1): diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp index bad84f7..d157074 100644 --- a/xmltooling/util/ParserPool.cpp +++ b/xmltooling/util/ParserPool.cpp @@ -418,6 +418,7 @@ DOMLSParser* ParserPool::createBuilder() parser->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true); parser->getDomConfig()->setParameter(XMLUni::fgDOMResourceResolver, dynamic_cast(this)); parser->getDomConfig()->setParameter(XMLUni::fgXercesSecurityManager, m_security.get()); +parser->getDomConfig()->setParameter(XMLUni::fgDOMDisallowDoctype, true); return parser; } and an equivalent transformation of ptr_vector<> into vector> to work around some Visual C++ 15 quirk: diff --git a/xmltooling/security/AbstractPKIXTrustEngine.h b/xmltooling/security/AbstractPKIXTrustEngin e.h index 3666fb7..427904d 100644 --- a/xmltooling/security/AbstractPKIXTrustEngine.h +++ b/xmltooling/security/AbstractPKIXTrustEngine.h @@ -33,7 +33,8 @@ #include #include -#include +#include +#include namespace xmltooling { @@ -66,7 +67,7 @@ namespace xmltooling { AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr); /** Plugins used to perform path validation. */ -boost::ptr_vector m_pathValidators; +std::vector< boost::shared_ptr > m_pathValidators; /** Controls revocation checking, currently limited to CRLs and supports "off", "entityOnly", "fullChain". */ std::string m_checkRevocation; diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPK IXTrustEngine.cpp index 5554fb9..54ceada 100644 --- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp +++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp @@ -50,7 +50,6 @@ using namespace xmlsignature; using namespace xmltooling::logging; using namespace xmltooling; using namespace std; -using boost::ptr_vector; namespace xmltooling { // Adapter between TrustEngine and PathValidator @@ -162,7 +161,8 @@ AbstractPKIXTrustEngine::AbstractPKIXTrustEngine(const xercesc::DOMElement* e) delete pv; throw XMLSecurityException("PathValidator doesn't support OpenSSL interface.") ; } -m_pathValidators.push_back(ospv); +boost::shared_ptr ptr(ospv); +m_pathValidators.push_back(ptr); } } c
Bug#891776: stretch-pu: package xfrisk/1.2-3+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Recommend xfonts-75dpi or -100dpi since they are required by the X client, but not for the server alone. (Closes: #528058) diff -u xfrisk-1.2/debian/control xfrisk-1.2/debian/control --- xfrisk-1.2/debian/control +++ xfrisk-1.2/debian/control @@ -1,7 +1,7 @@ Source: xfrisk Section: games Priority: optional -Maintainer: Joe Nahmias +Maintainer: Debian QA Group Standards-Version: 3.8.0 Build-Depends: xaw3dg-dev, debhelper (>> 6), libxaw7-dev Homepage: http://tuxick.net/xfrisk/ @@ -9,6 +9,7 @@ Package: xfrisk Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} +Recommends: xfonts-75dpi | xfonts-100dpi Description: Server and X11 client for playing risk with humans or AIs Risk is a board game played on a map of the world. You control a group of armies and attempt to capture large sections of the world and try to diff -u xfrisk-1.2/debian/changelog xfrisk-1.2/debian/changelog --- xfrisk-1.2/debian/changelog +++ xfrisk-1.2/debian/changelog @@ -1,3 +1,12 @@ +xfrisk (1.2-3+deb9u1) stretch; urgency=medium + + * QA upload. + * Set Maintainer to Debian QA Group. (See #869300) + * Recommend xfonts-75dpi or -100dpi since they are required by the X +client, but not for the server alone. (Closes: #528058) + + -- Adrian Bunk Wed, 28 Feb 2018 20:25:58 +0200 + xfrisk (1.2-3) unstable; urgency=low * Ack NMU, closes: #370232.
Bug#890791: stretch-pu: package dpkg/1.18.25
Hi, On Wed, 2018-02-28 at 16:05 +0100, Manuel A. Fernandez Montecelo wrote: [..] > 2018-02-18 22:26 Guillem Jover: [...] > > I'd like to update dpkg in stretch. This includes several fixes for > > documentation, regressions, misbheavior, minor security issues, and > > a new arch definition so that DAK can accept packages using it. The > > fixes have been in sid/buster for a while now. > > We depend on this version being accepted and installed in the systems > where DAK lives to learn about the new architecture. After that, > several other packages can add support for the architecture, without > receiving an automatic reject when uploaded. > > It would be great if this update could enter in the next stable > update, so we can make progress on that front. We've been discussing this amongst the SRMs and are quite wary of a dpkg update this close to the p-u freeze. We appreciate that the changes individually seem self-contained but would like to have an update of such a key package able to be tested more than is feasible in the time available. (On a related note, in practical terms it's very unlikely that there would be sufficient time to get the new strings that are introduced translated.) We understand that this is inconvenient for the riscv porters, so are exploring whether it would be possible to have the dak support made available via p-u after the upcoming point release. Regards, Adam
Bug#883963: stretch-pu: package xchain/1.0.1-9~deb9u1
Control: tags -1 -moreinfo On Sat, Jan 13, 2018 at 06:17:18PM +0100, Julien Cristau wrote: > Control: tag -1 moreinfo > > On Sat, Dec 9, 2017 at 21:21:27 +0100, Andreas Beckmann wrote: > > > Package: release.debian.org > > Severity: normal > > Tags: stretch > > User: release.debian@packages.debian.org > > Usertags: pu > > > > Let's fix the dependency problem of xchain in stretch, too. #878090 > > It calls /usr/bin/wish, therefore it needs to depend on wish and not > > tk8.5 (which no longer provides the generic wish binary, that's tk8.6 > > realm now). > > > Was there a reason for the version-specific tk dependency? Was xchain > tested with wish 8.6? Except for the half day when 1.0.1-8 was in unstable, xchain has always[1] called /usr/bin/wish. /usr/bin/wish is provided by the tk package, and points to wish8.6 in unstable since tcltk-defaults 8.6.0+8 was uploaded on 08 Mar 2014. xchain works for me with 8.6, and there are no bugs in the BTS indicating that it wouldn't work in jessie (sic) or stretch. The only bug was the dependency "tk8.5 | wish", the tk8.5 package never provided /usr/bin/wish. > Cheers, > Julien cu Adrian [1] at least since wheezy, I haven't checked older versions -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Processed: Re: Bug#883963: stretch-pu: package xchain/1.0.1-9~deb9u1
Processing control commands: > tags -1 -moreinfo Bug #883963 [release.debian.org] stretch-pu: package xchain/1.0.1-9~deb9u1 Removed tag(s) moreinfo. -- 883963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883963 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#891772: stretch-pu: package tinyproxy/1.8.4-3~deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu * Add sighup_hang.patch: Fix Tinyproxy ceasing to listen to connections after it receives a SIGHUP, something that happens daily in our default setup (closes: #880427). * Fix path to tinyproxy.conf in sysvinit script. Thanks, Guo Yixuan (郭溢譞) (closes: #870325). * Add Depends on adduser. diff -Nru tinyproxy-1.8.4/debian/changelog tinyproxy-1.8.4/debian/changelog --- tinyproxy-1.8.4/debian/changelog2017-01-21 13:40:00.0 +0200 +++ tinyproxy-1.8.4/debian/changelog2018-02-28 19:33:56.0 +0200 @@ -1,3 +1,22 @@ +tinyproxy (1.8.4-3~deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Rebuild for stretch. + + -- Adrian Bunk Wed, 28 Feb 2018 19:33:56 +0200 + +tinyproxy (1.8.4-3) unstable; urgency=medium + + * Add sighup_hang.patch: Fix Tinyproxy ceasing to listen to connections +after it receives a SIGHUP, something that happens daily in our default +setup (closes: #880427). + * Fix path to tinyproxy.conf in sysvinit script. Thanks, Guo Yixuan (郭溢譞) +(closes: #870325). + * Add Depends on adduser. + * Update Standards-Version to 4.1.1, with no changes needed. + + -- Jordi Mallach Wed, 15 Nov 2017 02:28:58 +0100 + tinyproxy (1.8.4-2) unstable; urgency=medium * Remove obsolete preinst and postinst maintainer scripts. @@ -270,13 +289,13 @@ tinyproxy (1.6.2-3) unstable; urgency=low - * Properly close file handles on daemonize (Closes: #248124) + * Properly close file handles on daemonize (Closes: #248124) -- Ed Boraas Mon, 9 Aug 2004 22:23:55 -0600 tinyproxy (1.6.2-2) unstable; urgency=low - * Actually depend on logrotate + * Actually depend on logrotate -- Ed Boraas Mon, 9 Aug 2004 18:16:09 -0600 @@ -303,22 +322,22 @@ tinyproxy (1.6.1-1) unstable; urgency=low - * New upstream release (Closes: #186935) + * New upstream release (Closes: #186935) -- Ed Boraas Mon, 11 Aug 2003 19:32:18 -0600 tinyproxy (1.5.1-2) unstable; urgency=low - * Open logfile with elevated permissions, passing fd to children + * Open logfile with elevated permissions, passing fd to children (Closes: #159614) * Urgency still low since the affected version is not in testing - + -- Ed Boraas Wed, 4 Sep 2002 23:05:16 -0600 tinyproxy (1.5.1-1) unstable; urgency=low * New upstream release (Closes: #157315) - + -- Ed Boraas Sat, 24 Aug 2002 16:48:50 -0600 tinyproxy (1.4.3-3) unstable; urgency=high @@ -328,7 +347,7 @@ * postrm only cleans /etc/tinyproxy on purge, as it should have * SECURITY: Please use this package in woody, as -2 won't upgrade over 1.4.3-1 because of the postrm bug - + -- Ed Boraas Thu, 23 May 2002 06:54:19 -0700 tinyproxy (1.4.3-2) unstable; urgency=high @@ -394,7 +413,7 @@ tinyproxy (1.3.3b-1) unstable; urgency=low * New upstream release - * Fixed some obscure file permissions that were causing + * Fixed some obscure file permissions that were causing problems for the auto-builders (Closes: #92099) -- Ed Boraas Thu, 29 Mar 2001 07:05:19 -0700 diff -Nru tinyproxy-1.8.4/debian/control tinyproxy-1.8.4/debian/control --- tinyproxy-1.8.4/debian/control 2017-01-13 11:21:07.0 +0200 +++ tinyproxy-1.8.4/debian/control 2017-11-15 03:28:58.0 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Ed Boraas Uploaders: Jordi Mallach -Standards-Version: 3.9.8 +Standards-Version: 4.1.1 Build-Depends: debhelper (>= 10), asciidoc, xmlto @@ -13,7 +13,7 @@ Package: tinyproxy Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 3.0-6) +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, logrotate, lsb-base (>= 3.0-6) Description: Lightweight, non-caching, optionally anonymizing HTTP proxy An anonymizing HTTP proxy which is very light on system resources, ideal for smaller networks and similar situations where other proxies diff -Nru tinyproxy-1.8.4/debian/init tinyproxy-1.8.4/debian/init --- tinyproxy-1.8.4/debian/init 2017-01-12 12:45:28.0 +0200 +++ tinyproxy-1.8.4/debian/init 2017-11-15 02:38:47.0 +0200 @@ -14,7 +14,7 @@ # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -CONFIG=/etc/tinyproxy.conf +CONFIG=/etc/tinyproxy/tinyproxy.conf DAEMON=/usr/sbin/tinyproxy DESC="Tinyproxy lightweight HTTP proxy daemon" FLAGS= diff -Nru tinyproxy-1.8.4/debian/patches/series tinyproxy-1.8.4/debian/patches/series --- tinyproxy-1.8.4/debian/patches/series 1970-01-01 02:00:00.0 +0200 +++ tinyproxy-1.8.4/debian/patches/series 2017-11-15 02:22:25.0 +0200 @@ -0,0 +1 @@ +sighup_hang.patch diff -Nru tinyproxy-1.8.4/debian/patches/sighup_hang.patch tinyproxy-1.8.4/debian/patches/sighup_hang.patch --- tinyproxy-1.8.4/debian/patches/sighup_hang.patch1970-01-01 02:00:00.
Bug#890791: stretch-pu: package dpkg/1.18.25
block 886440 by 890791 block 888793 by 890791 block 889841 by 890791 stop Hello, 2018-02-18 22:26 Guillem Jover: Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi! I'd like to update dpkg in stretch. This includes several fixes for documentation, regressions, misbheavior, minor security issues, and a new arch definition so that DAK can accept packages using it. The fixes have been in sid/buster for a while now. We depend on this version being accepted and installed in the systems where DAK lives to learn about the new architecture. After that, several other packages can add support for the architecture, without receiving an automatic reject when uploaded. It would be great if this update could enter in the next stable update, so we can make progress on that front. Cheers. -- Manuel A. Fernandez Montecelo
Bug#891484: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1
On Tue, Feb 27, 2018 at 06:41:01PM +, Adam D. Barratt wrote: > Control: tags -1 -moreinfo +confirmed > > On Mon, 2018-02-26 at 18:36 -0300, Antonio Terceiro wrote: > > On Mon, Feb 26, 2018 at 08:42:56PM +, Adam D. Barratt wrote: > > > Control: tags -1 + moreinfo > > > > > > On Sun, 2018-02-25 at 22:10 -0300, Antonio Terceiro wrote: > > > > The platform from where vagrant downloads images has been > > > > discontinued > > > > and we need to switch the default download location plus > > > > documentation, > > > > usage messages etc to match the new platform. Without this > > > > update, > > > > vagrant is pretty useless. > > > > > > > > > > So far as I can tell, this issue also affects the version of > > > vagrant in > > > unstable and has not yet been fixed there. Assuming that's correct, > > > the > > > bug will need resolving in unstable first. > > > > Ah, I thought I adjusted the bug metadata yesterday, but it seems I > > didn't. > > > > No, unstable is not affected. This has been done upstream for a > > while, > > this update is a backport of the change -- which we already have in > > the > > version in unstable -- to stable. > > Thanks. Please feel free to upload. uploaded. signature.asc Description: PGP signature
Processed: Re: Bug#888510: stretch-pu: package xmltooling/1.6.0-4
Processing control commands: > tags -1 - moreinfo Bug #888510 [release.debian.org] stretch-pu: package xmltooling/1.6.0-4 Removed tag(s) moreinfo. -- 888510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#888510: stretch-pu: package xmltooling/1.6.0-4
Control: tags -1 - moreinfo "Adam D. Barratt" writes: > On Wed, 2018-02-28 at 06:45 +0100, Salvatore Bonaccorso wrote: > >> FTR, there was a xmltooling DSA yesterday including the fix. But I >> guess the basic question remains if xmltooling still can be updated >> to 1.6.3 (or now 1.6.4 based version?) for stretch. > > I was under the impression from the above exchange that Ferenc was > going to provide a debdiff so we could see exactly what that looked > like. I guess that now wants to be relative to the security update. Hi, I was waiting for the DSA with the followup on this. I think this issue is moot now, because 1.6.0-4+deb9u1 actually contains the fix for CVE-2018-0486 as well, partly because the CVE-2018-0489 fix (which was the reason for DSA-4126-1) was easier to apply on that. So the original basis of this request for a stable update is no more. In practice the above means that the diff between current stable- security (1.6.0-4+deb9u1) and current unstable (1.6.4-1) just got smaller: it's only the version numbers and the Visual C compilation fix. But I don't think these alone warrant a stable update, however elegant that would be. If you agree, I think we can close this issue without further action. -- Regards, Feri
Bug#891277: stretch-pu: package debian-edu-config/1.929+deb9u1
Hi Adam, On Di 27 Feb 2018 19:39:01 CET, Adam D. Barratt wrote: Control: tags -1 -moreinfo +confirmed On Mon, 2018-02-26 at 21:26 +, mike.gabr...@das-netzwerkteam.de wrote: Hi, On Monday, February 26, 2018, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Sat, 2018-02-24 at 02:25 +0100, Mike Gabriel wrote: > [...] > > > > + * Chromium: Pre-configure Chromium Webbrowser system-wide to > auto- > > detect the > > +http proxy settings via WPAD (plus locking the proxy > > settings > > dialog for > > +users). (Closes: #891262). > > > > The BTS metadata for this bug indicates that it also affects d-e-c > in > unstable - is that correct? The issue is fixed in unstable and the bug was especially opened for documenting the issue in stable/stretch. OK. In that case, please go ahead. I will update the bug's metadata tomorrow, once I have my notebook at hand. Thanks. Regards, Adam Uploaded and accepted. The meta info on #891262 has been updated (fixed -1 1.931). Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgp0RTLHbsUEy.pgp Description: Digitale PGP-Signatur
Bug#888006: stretch-pu: package salt/2016.11.2+ds-1
Hi, 2018-02-27 19:34 GMT+01:00 Adam D. Barratt : > Thanks. Please feel free to upload. > uploaded, thank you. -- Best regards Ondřej Nový Email: n...@ondrej.org PGP: 3D98 3C52 EB85 980C 46A5 6090 3573 1255 9D1E 064B