Bug#899030: jessie-pu: package intel-microcode/3.20180425.1~deb8u1

[Henrique de Moraes Holschuh]

On Fri, 08 Jun 2018, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2018-05-18 at 12:24 -0300, Henrique de Moraes Holschuh wrote:
> ...
> > I'd like to update the intel-microcode package in Debian jessie.
> > 
> > This update adds the microcode-side fix for CVE-2017-5715 aka Spectre
> > v2.
> > 
> > It has been very extensibly tested, as noted in the changelog:
> > 
> 
> Please go ahead.

Uploaded, thank you!

Now waiting for a go-ahead for the stretch-pu version (#899006).  It is
the very same package, the only differences between the two are in
debian/changelog.

-- 
  Henrique Holschuh

Processed: Re: Bug#899030: jessie-pu: package intel-microcode/3.20180425.1~deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #899030 [release.debian.org] jessie-pu: package 
intel-microcode/3.20180425.1~deb8u1
Added tag(s) confirmed.

-- 
899030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#899014: stretch-pu: package blktrace/1.1.0-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #899014 [release.debian.org] stretch-pu: package blktrace/1.1.0-2
Ignoring request to alter tags of bug #899014 to the same tags previously set

-- 
899014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#899030: jessie-pu: package intel-microcode/3.20180425.1~deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2018-05-18 at 12:24 -0300, Henrique de Moraes Holschuh wrote:
...
> I'd like to update the intel-microcode package in Debian jessie.
> 
> This update adds the microcode-side fix for CVE-2017-5715 aka Spectre
> v2.
> 
> It has been very extensibly tested, as noted in the changelog:
> 

Please go ahead.

Regards,

Adam

Bug#899014: stretch-pu: package blktrace/1.1.0-2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2018-05-18 at 21:13 +0200, Bas Zoetekouw wrote:
> Hi!
> 
> > Please use 1.0.5-1+deb8u1 and as target distribution just 'jessie'.
> > Use 1.1.0-2+deb9u1 and targeting 'stretch' instead (not
> > stretch-security).
> > 
> 
> Fixed.  New debdiffs follow:
> 

Please go ahead.

Regards,

Adam

Bug#888767: jessie-pu: package debian-security-support/2018.01.29~deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2018-01-29 at 17:45 +0100, Guido Günther wrote:
> This update brings debian-security-support in line with unstable.
> Most
> notably in oldstable this affects swftools since security support for
> it is
> now limited and chromium which doesn't receive any further security
> updates.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#888767: jessie-pu: package debian-security-support/2018.01.29~deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #888767 [release.debian.org] jessie-pu: package 
debian-security-support/2018.01.29~deb8u1
Added tag(s) confirmed.

-- 
888767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872642: marked as done (stretch-pu: package hdf5/1.10.0-patch1+docs-3)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 21:49:52 +0100
with message-id <1528490992.2075.63.ca...@adam-barratt.org.uk>
and subject line Re: Bug#872642: stretch-pu: package hdf5/1.10.0-patch1+docs-3
has caused the Debian Bug report #872642,
regarding stretch-pu: package hdf5/1.10.0-patch1+docs-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
872642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

HDF5 in stretch is affected by RC bug #871506 now fixed in unstable and
testing.
I have prepared release 1.10.0-patch1+docs-3+deb9u1 for stretch with the
very same fix as in unstable. Debdiff attached.
I'd appreciate if you consider allowing this upload to stretch.
Thanks in advance,

_g.

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru hdf5-1.10.0-patch1+docs/debian/changelog 
hdf5-1.10.0-patch1+docs/debian/changelog
--- hdf5-1.10.0-patch1+docs/debian/changelog2016-12-05 09:27:39.0 
+0100
+++ hdf5-1.10.0-patch1+docs/debian/changelog2017-08-19 09:33:00.0 
+0200
@@ -1,3 +1,9 @@
+hdf5 (1.10.0-patch1+docs-3+deb9u1) stretch; urgency=medium
+
+  * debian/rules: fix javahelper invocation (closes: #871506)
+
+ -- Gilles Filippini   Sat, 19 Aug 2017 09:33:00 +0200
+
 hdf5 (1.10.0-patch1+docs-3) unstable; urgency=medium
 
   * Enable openmpi flavor on hppa (closes: #833457)
diff -Nru hdf5-1.10.0-patch1+docs/debian/rules 
hdf5-1.10.0-patch1+docs/debian/rules
--- hdf5-1.10.0-patch1+docs/debian/rules2016-12-05 09:27:39.0 
+0100
+++ hdf5-1.10.0-patch1+docs/debian/rules2017-08-18 13:01:20.0 
+0200
@@ -107,7 +107,7 @@
 # No java >= 1.7 on hppa and hurd-i386
 ifeq (,$(filter $(DEB_HOST_ARCH),hppa hurd-i386))
 SERIAL_FLAGS += --enable-java
-DH_HELPERS = --with-javahelper
+DH_HELPERS = --with javahelper
 install_jni := install_jni
 dh_install_java := dh_install_java
 PACKAGES_java := libhdf5-java libhdf5-jni
--- End Message ---
--- Begin Message ---
On Fri, 2018-03-02 at 22:38 +, Adam D. Barratt wrote:
> Control: tags 1 + pending
> 
> On Tue, 2018-02-27 at 22:27 +0100, Gilles Filippini wrote:
> > Adam D. Barratt a écrit le 27/02/2018 à 20:57 :
> > > On Tue, 2018-02-27 at 20:53 +0100, Gilles Filippini wrote:
> > > > Hi,
> > > > 
> > > > On Sun, 27 Aug 2017 14:03:38 +0100 "Adam D. Barratt"
> > > >  wrote:
> > > > > Control: tags -1 + confirmed
> > > > > 
> > > > > On Sat, 2017-08-19 at 19:20 +0200, Gilles Filippini wrote:
> > > > > > HDF5 in stretch is affected by RC bug #871506 now fixed in
> > > > > > unstable and
> > > > > > testing.
> > > > > > I have prepared release 1.10.0-patch1+docs-3+deb9u1 for
> > > > > > stretch
> > > > > > with the
> > > > > > very same fix as in unstable. Debdiff attached.
> > > > > 
> > > > > Please go ahead.
> > > > 
> > > > I've just got reminded this pending upload request I had
> > > > completely
> > > > forgotten about, because I missed the 'go' which occurred
> > > > during
> > > > my
> > > > holidays.
> > > > Since it is 6 months old now, could you please confirm that the
> > > > 'go'
> > > > is
> > > > still granted?
> > > 
> > > Sure.
> > 
> > Done.
> > 
> 
> Flagged for acceptance into p-u.
> 

This bug was unfortunately missed when cleaning up the lists of
released updates previously.

Regards,

Adam--- End Message ---

Bug#888788: marked as done (stretch-pu: package lxc/1:2.0.7-2+deb9u2)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 21:47:21 +0100
with message-id <1528490841.2075.61.ca...@adam-barratt.org.uk>
and subject line Re: Bug#888788: stretch-pu: package lxc/1:2.0.7-2+deb9u2
has caused the Debian Bug report #888788,
regarding stretch-pu: package lxc/1:2.0.7-2+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888788: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888788
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

iproute has been a transitional package for a while, but the lxc-debian
template was refering to it. Now that iproute has been finally removed,
creating buster or sid containers fails.

This update replaces iproute with iproute2. I am running it on
ci.debian.net

Diff attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 04e3af6..cd60ca9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lxc (1:2.0.7-2+deb9u2) stretch; urgency=medium
+
+  * 0005-debian-Use-iproute2-instead-of-iproute.patch: pull iproute2 instead
+of iproute, fixing the creation of testing and unstable containers after
+the iproute binary package was dropped.
+
+ -- Antonio Terceiro   Mon, 29 Jan 2018 20:23:36 -0200
+
 lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium
 
   * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
diff --git a/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch
new file mode 100644
index 000..6bc61e4
--- /dev/null
+++ b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch
@@ -0,0 +1,29 @@
+From: =?utf-8?q?St=C3=A9phane_Graber?= 
+Date: Mon, 29 Jan 2018 18:18:34 -0200
+Subject: debian: Use iproute2 instead of iproute
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: base64
+
+VGhlIHBhY2thZ2UgaGFzIHByZXR0eSBtdWNoIGFsd2F5cyBiZWVuIGlwcm91dGUyIHdpdGggaXBy
+b3V0ZSBiZWluZyBhbgphbGlhcyBmb3IgaXQsIHRoZSBhbGlhcyBpcyBub3cgZ29uZSBzbyB3ZSBu
+ZWVkIHRvIHVzZSBpcHJvdXRlMi4KClNpZ25lZC1vZmYtYnk6IFN0w6lwaGFuZSBHcmFiZXIgPHN0
+Z3JhYmVyQHVidW50dS5jb20+CkJhY2twb3J0LWJ5OiBBbnRvbmlvIFRlcmNlaXJvIDx0ZXJjZWly
+b0BkZWJpYW4ub3JnPgo=
+---
+ templates/lxc-debian.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
+index 2245770..c927bf6 100644
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -271,7 +271,7 @@ dialog,\
+ isc-dhcp-client,\
+ netbase,\
+ net-tools,\
+-iproute,\
++iproute2,\
+ openssh-server
+ 
+ cache=$1
diff --git a/debian/patches/series b/debian/patches/series
index 5e0bb25..587502e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 lxc-2.0-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
 0003-lxc-debian-don-t-hardcode-valid-releases.patch
 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch
+0005-debian-Use-iproute2-instead-of-iproute.patch


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On Fri, 2018-03-02 at 22:41 +, Adam D. Barratt wrote:
> Control: tags 1- + pending
> 
> On Sun, 2018-02-25 at 15:39 -0300, Antonio Terceiro wrote:
> > On Fri, Feb 23, 2018 at 04:58:11PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > > 
> > > On Mon, 2018-01-29 at 20:40 -0200, Antonio Terceiro wrote:
> > > > iproute has been a transitional package for a while, but the
> > > > lxc-
> > > > debian
> > > > template was refering to it. Now that iproute has been finally
> > > > removed,
> > > > creating buster or sid containers fails.
> > > > 
> > > > This update replaces iproute with iproute2. I am running it on
> > > > ci.debian.net
> > > > 
> > > 
> > > Please go ahead.
> > 
> > Uploaded.
> 
> Flagged for acceptance.
> 

This was apparently missed when cleaning up previously released
updates.

Regards,

Adam--- End Message ---

Bug#882587: marked as done (stretch-pu: package iproute2/4.9.0-1+deb9u1)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 21:48:51 +0100
with message-id <1528490931.2075.62.ca...@adam-barratt.org.uk>
and subject line Re: Bug#882587: stretch-pu: package iproute2/4.9.0-1+deb9u1
has caused the Debian Bug report #882587,
regarding stretch-pu: package iproute2/4.9.0-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to get an update to iproute2 into stretch to fix a 'tc' segfault.
libxtables now makes it mandatory to initialize a structure member, and
leads to a segfault when that isn't done. I've used codesearch to find
other packages possibly affected by this but found no obvious issues, see
details/report in [1].

 1. https://bugs.debian.org/868059#20

Unfortunately, the bugfix isn't sufficient, since there's also an embedded
copy of the xtables.h header, and a structure got updated with a new
member (right in the middle) during the latest ABI bump; as a result, the
outdated header leads tc to compute the wrong addresses inside the struct.
The proposed patch fixes this issue as well.

Changelog entry:
| iproute2 (4.9.0-1+deb9u1) stretch; urgency=medium
| 
|   * Backport upstream commit 97a02cabef to fix segfault with iptables 1.6;
| the xtables_globals structure needs to have its new member compat_rev
| initialized. (Closes: #868059)
|   * Sync include/xtables.h from iptables to make sure the right offset is
| used when accessing structure members defined in libxtables. One could
| get “Extension does not know id …” otherwise. (See also: #868059)
| 
|  -- Cyril Brulebois   Fri, 24 Nov 2017 09:22:10 +

The fix is in unstable, has been tested in stretch for a customer on both
amd64 and i386, and can be found attached.


Thanks for considering.
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
diff -Nru iproute2-4.9.0/debian/changelog iproute2-4.9.0/debian/changelog
--- iproute2-4.9.0/debian/changelog	2016-12-13 15:57:50.0 +
+++ iproute2-4.9.0/debian/changelog	2017-11-24 09:22:10.0 +
@@ -1,3 +1,14 @@
+iproute2 (4.9.0-1+deb9u1) stretch; urgency=medium
+
+  * Backport upstream commit 97a02cabef to fix segfault with iptables 1.6;
+the xtables_globals structure needs to have its new member compat_rev
+initialized. (Closes: #868059)
+  * Sync include/xtables.h from iptables to make sure the right offset is
+used when accessing structure members defined in libxtables. One could
+get “Extension does not know id …” otherwise. (See also: #868059)
+
+ -- Cyril Brulebois   Fri, 24 Nov 2017 09:22:10 +
+
 iproute2 (4.9.0-1) unstable; urgency=medium
 
   * New upstream release, tested by Julian Wollrath.
diff -Nru iproute2-4.9.0/debian/patches/0003-fix-segfault-with-iptables-1.6.patch iproute2-4.9.0/debian/patches/0003-fix-segfault-with-iptables-1.6.patch
--- iproute2-4.9.0/debian/patches/0003-fix-segfault-with-iptables-1.6.patch	1970-01-01 01:00:00.0 +0100
+++ iproute2-4.9.0/debian/patches/0003-fix-segfault-with-iptables-1.6.patch	2017-11-24 09:20:48.0 +
@@ -0,0 +1,36 @@
+From 97a02cabefb2e2dcfe27f89943709afa84be5525 Mon Sep 17 00:00:00 2001
+From: Phil Sutter 
+Date: Thu, 12 Jan 2017 15:22:49 +0100
+Subject: [PATCH] tc: m_xt: Fix segfault with iptables-1.6.0
+
+Said iptables version introduced struct xtables_globals field
+'compat_rev', a function pointer. Initializing it is mandatory as
+libxtables calls it without existence check.
+
+Without this, tc segfaults when using the xt action like so:
+
+| tc filter add dev d0 parent : u32 match u32 0 0 \
+|	action xt -j MARK --set-mark 20
+
+Signed-off-by: Phil Sutter 
+---
+ tc/m_xt.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tc/m_xt.c b/tc/m_xt.c
+index dbb54981..57ed40d7 100644
+--- a/tc/m_xt.c
 b/tc/m_xt.c
+@@ -77,6 +77,9 @@ static struct xtables_globals tcipt_globals = {
+ 	.orig_opts = original_opts,
+ 	.opts = original_opts,
+ 	.exit_err = NULL,
++#if (XTABLES_VERSION_CODE >= 11)
++	.compat_rev = xtables_compatible_revision,
++#endif
+ };
+ 
+ /*
+-- 
+2.11.0
+
diff -Nru iproute2-4.9.0/debian/patches/0004-sync-iptables-header.patch iproute2-4.9.0/debian/patches/0004-sync-iptables-header.patch
--- iproute2-4.9.0/debian/patches/0004-sync-iptables-header.patch	1970-01-01 01:00:00.0 +0100
+++ iproute2-4.9.0/debian/patches/0004-sync-iptables-header.patch	

Bug#888018: marked as done (stretch-pu: package libdatetime-timezone-perl/1:2.09-1+2018b)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 21:44:18 +0100
with message-id <1528490658.2075.59.ca...@adam-barratt.org.uk>
and subject line Re: Bug#888018: stretch-pu: package 
libdatetime-timezone-perl/1:2.09-1+2018b
has caused the Debian Bug report #888018,
regarding stretch-pu: package libdatetime-timezone-perl/1:2.09-1+2018b
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I've prepared an update for libdatetime-timezone-perl in stretch,
incorporating the tzdata 2018b release. The changes are in a quilt
patch which only touches the data files.

Changes in the olson db 2018b, copied from upstream:

  Changes to past and future time stamps

São Tomé and Príncipe switched from +00 to +01 on 2018-01-01 at
01:00.  (Thanks to Steffen Thorsen and Michael Deckers.)

  Changes to future time stamps

Starting in 2018 southern Brazil will begin DST on November's
first Sunday instead of October's third Sunday.  (Thanks to
Steffen Thorsen.)

  Changes to tm_isdst

Change Europe/Dublin so that it observes Irish Standard Time (UT
+01) in summer and GMT (as negative daylight-saving) in winter,
instead of observing standard time (GMT) in winter and Irish
Summer Time (UT +01) in summer.  This change does not affect UT
offsets or abbreviations; it affects only whether timestamps are
considered to be standard time or daylight-saving time, as
expressed in the tm_isdst flag of C's struct tm type.
(Discrepancy noted by Derick Rethans.)


Manually trimmed down debdiff attached.


I guess the people using São Tomé and Príncipe timezone would be
happy to see this update in -updates.


Cheers,
gregor

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAlpmHxlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgalKg/9FH0vUoh1ksthy67rVBAGYz1ZC8GJ72LgkvtpKOj/e2dwyuvbuyUaR1o7
z4QRPg7C12r+WatphRBF3kE5E+ghjqB2DIDIl3qWikRmNa7cYqA3gwPG5fpt+aID
gShUfthEu0Wm3G/J/WYcfmRmR6tTi9DFMT2YfgrxsDCMJRCr7oiFvhEfRR3HHSWC
g4HMWWhirnxny+z8EhosCIm4zOj8v8/2R87kMIQDyC0Cd+jf6X/8UtwGUU6Os3WY
3l0VNX+JVcsbB9uLocgB7Cm+kaz/Kd2YDdiHE/A40hbn1T+dTwcPwxwMowSumgO3
+hwov8ppUdkKr8klyUDglu0nc86VTznXm8Qd86zLwHjDfuaj+PCsaATT3f+UUkZ6
xCxDgv/dKA+U+18qSp2FsqMW6RAeMaTL9syVGyj3aOjwpOdZ47xjbR+aDsznyTdR
BYQwl3fssVOlj5wqD4+8ATDQFEl9W55n1EExPLaMltPEKFM4r64R9KqyAFxD6fM0
ZAh1+OUlm/mPyDZ83ObDTPX0Eru06fBBRjUGRu5VqHBBdPcNi1z75s0iNmxpRK3Z
fHlnnrTToMwkUK81oN6SVtCu7poU31qA+0+YwMXuYFvrIShB2UPjitsyw9AkLYR9
k8ypIsmMzC1Z6sjhGgwAxeR0uRUdFQJJ6lzUu4F5FJR818JAHxg=
=5dSE
-END PGP SIGNATURE-
diff -Nru libdatetime-timezone-perl-2.09/debian/changelog 
libdatetime-timezone-perl-2.09/debian/changelog
--- libdatetime-timezone-perl-2.09/debian/changelog 2017-10-24 
16:32:02.0 +0200
+++ libdatetime-timezone-perl-2.09/debian/changelog 2018-01-22 
17:55:44.0 +0100
@@ -1,3 +1,11 @@
+libdatetime-timezone-perl (1:2.09-1+2018b) UNRELEASED; urgency=medium
+
+  * Update to Olson database version 2018b.
+This update contains contemporary changes for São Tomé and Príncipe,
+Brazil, and Ireland.
+
+ -- gregor herrmann   Mon, 22 Jan 2018 17:55:44 +0100
+
 libdatetime-timezone-perl (1:2.09-1+2017c) stretch; urgency=medium
 
   * Update to Olson database version 2017c.
diff -Nru libdatetime-timezone-perl-2.09/debian/patches/olson-2018b 
libdatetime-timezone-perl-2.09/debian/patches/olson-2018b
--- libdatetime-timezone-perl-2.09/debian/patches/olson-2018b   1970-01-01 
01:00:00.0 +0100
+++ libdatetime-timezone-perl-2.09/debian/patches/olson-2018b   2018-01-22 
17:55:44.0 +0100
@@ -0,0 +1,17086 @@
+Description: update to olson db 2018b
+Origin: vendor
+Author: gregor herrmann 
+Last-Update: 2018-01-22
+
+--- a/lib/DateTime/TimeZone/Africa/Abidjan.pm
 b/lib/DateTime/TimeZone/Africa/Abidjan.pm
+@@ -3,7 +3,7 @@
+ # DateTime::TimeZone module distribution in the tools/ directory
+ 
+ #
+-# Generated from debian/tzdata/africa.  Olson data version 2017c
++# Generated from debian/tzdata/africa.  Olson data version 2018b
+ #
+ # Do not edit this file directly.
+ #
+@@ -43,11 +43,11 @@
+ ],
+ ];
+ 
+-sub olson_version {'2017c'}
++sub olson_version {'2018b'}
+ 
+ sub has_dst_changes {0}
+ 
+-sub _max_year {2027}

Bug#888783: marked as done (stretch-pu: package postfix/3.1.8-0+deb9u1)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 21:45:38 +0100
with message-id <1528490738.2075.60.ca...@adam-barratt.org.uk>
and subject line Re: Bug#888783: stretch-pu: package postfix/3.1.8-0+deb9u1
has caused the Debian Bug report #888783,
regarding stretch-pu: package postfix/3.1.8-0+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888783: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888783
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

This update is intended to accomplish several improvements:

1.  The regression introduced by the libdb security fix is corrected by
upstream.  This was tested by me and is in Unstable in 3.2.5-1.  This
should be allowed to migrate to testing before this upload for stable.
This issue was specifically requested to be fixed by a SRM.

2.  A packaging fix to resolve one cause of postfix faling to start if
inet_interfaces is set to something other than all.  This fix has been in
Unstable/Testing since last year with no negative feedback.

3.  Fixes a regression from oldstable where dynamic maps were not available to
the sendmail command.

4.  Fixes a significant issue in DANE support (new feature for stretch).

5.  Other low risk (including documentation) fixes.

There are also a couple of things that are here that won't affect the user
either way:

1.  A slight bit of patch cruft due to needing to refresh a patch that
slightly colllided with the fix for the security regression.  Ideally it
wouldn't be in the diff, but it didn't seem to clutter things too badly
and it seemed lower risk not to hand edit the patch.

2.  Added a postfix 3.1 specific debian watch file for the maintainer's
convenience.  This is useful for my work flow and has no user impact or
risk.

As usual, the postfix upstream is very careful and thorough in micro-release
updates and all the upstream changes are good things for our users.  I have
the proposed package in production and have not noted any issues.

Thanks for reviewing,

Scott K
diff -Nru postfix-3.1.6/debian/changelog postfix-3.1.8/debian/changelog
--- postfix-3.1.6/debian/changelog	2017-09-27 00:59:24.0 -0400
+++ postfix-3.1.8/debian/changelog	2018-01-29 12:31:22.0 -0500
@@ -1,3 +1,43 @@
+postfix (3.1.8-0+deb9u1) stretch; urgency=medium
+
+[Scott Kitterman]
+
+  * Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
+failures when inet_interfaces != all.  Closes: #882141
+  * Refresh patches
+  * Add postfix 3.1 specific watch file
+
+  [Wietse Venema]
+
+  * 3.1.7
+- Bugfix (introduced: Postfix 3.1): DANE support. Postfix
+  builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
+  some sites with "TLSA 2 X X" records associated with an
+  intermediate CA certificate. Problem report and initial
+  fix by Erwan Legrand. File: src/tls/tls_dane.c.
+- Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
+  in the Postfix sendmail command broke authorized_submit_users
+  with a dynamically-loaded map type. File: sendmail/sendmail.c. 
+  * 3.1.8
+- Bugfix (introduced: Postfix 2.1): don't log warnings
+  that some restriction returns OK, when the access map
+  DISCARD feature is in effect. File: smtpd/smtpd_check.c.
+- Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
+  Berkeley DB configurations with a relative pathname.  File:
+  util/dict_db.c. Closes: #879200
+- Workaround: reportedly, some res_query(3) implementation
+  can return -1 with h_errno==0. Instead of terminating with
+  a panic, the Postfix DNS client now logs a warning and sets
+  h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
+- Documentation patches by Sven Neuhaus. Files:
+  proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
+- Cleanup: missing mailbox seek-to-end error check in the
+  local(8) delivery agent. File: local/mailbox.c.
+- Cleanup: incorrect mailbox seek-to-end error message in the
+  virtual(8) delivery agent. File: virtual/mailbox.c.
+
+ -- Scott Kitterman   Mon, 29 Jan 2018 12:31:19 -0500
+
 postfix (3.1.6-0+deb9u1) stretch; urgency=medium
 
 [Wietse Venema]
diff -Nru postfix-3.1.6/debian/patches/11_postmap_update.diff postfix-3.1.8/debian/patches/11_postmap_update.diff
--- postfix-3.1.6/debian/patches/11_postmap_update.diff	2017-09-27 00:26:51.0 -0400
+++ 

Bug#901089: stretch-pu: package dosbox/0.74-4.2+deb9u1

[Moritz Muehlenhoff]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

dosbox is broken in the default setting on a number of systems/DOS binaries
(see #857341). This got fixed in unstable back in September, but the patch
is also needed in stretch. Apart from debian/changelog, the debdiff the
only change applied to the package in unstable since the stretch release.

I've verified that with updated packages "Syndicate" now works fine.

Cheers,
Moritz
diff -Nru dosbox-0.74/debian/changelog dosbox-0.74/debian/changelog
--- dosbox-0.74/debian/changelog2015-10-13 16:55:00.0 +0200
+++ dosbox-0.74/debian/changelog2018-05-21 22:55:46.0 +0200
@@ -1,3 +1,10 @@
+dosbox (0.74-4.2+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload:
+  * Fix crashes with core=dynamic (Closes: #857341)
+
+ -- Moritz Mühlenhoff   Mon, 21 May 2018 22:55:46 +0200
+
 dosbox (0.74-4.2) unstable; urgency=medium
 
   * non-maintainer upload
diff -Nru dosbox-0.74/debian/patches/series dosbox-0.74/debian/patches/series
--- dosbox-0.74/debian/patches/series   2015-06-17 20:28:00.0 +0200
+++ dosbox-0.74/debian/patches/series   2018-05-21 22:55:31.0 +0200
@@ -3,3 +3,4 @@
 fix-ftbfs-format-security.patch
 wine-move-z-mount-svn3736.patch
 wine-style-namemangling-svn3742.patch
+update-64bit-recompiler.patch
diff -Nru dosbox-0.74/debian/patches/update-64bit-recompiler.patch 
dosbox-0.74/debian/patches/update-64bit-recompiler.patch
--- dosbox-0.74/debian/patches/update-64bit-recompiler.patch1970-01-01 
01:00:00.0 +0100
+++ dosbox-0.74/debian/patches/update-64bit-recompiler.patch2018-05-21 
22:55:22.0 +0200
@@ -0,0 +1,437 @@
+From: gulikoza
+Bug-Debian: https://bugs.debian.org/857341
+Description: Update 64bit dynamic recompiler to fix several bugs
+ This adds support for absolute 64bit addressing and fixes the
+ "Unhandled memory reference" crash. This comes from upstream SVN
+ r3951, and includes related patches r3674 and r3894. This patch also
+ contains an LLVM compile fix (r3990).
+Index: dosbox-0.74/src/cpu/core_dynrec/risc_x64.h
+===
+--- dosbox-0.74.orig/src/cpu/core_dynrec/risc_x64.h
 dosbox-0.74/src/cpu/core_dynrec/risc_x64.h
+@@ -83,36 +83,106 @@ static void gen_mov_regs(HostReg reg_dst
+   cache_addb(0xc0+(reg_dst<<3)+reg_src);
+ }
+ 
++// move a 64bit constant value into a full register
++static void gen_mov_reg_qword(HostReg dest_reg,Bit64u imm) {
++  cache_addb(0x48);
++  cache_addb(0xb8+dest_reg);  // mov dest_reg,imm
++  cache_addq(imm);
++}
+ 
+-static INLINE void gen_memaddr(HostReg reg,void* data) {
+-  Bit64s diff = (Bit64s)data-((Bit64s)cache.pos+5);
+-  if ((diff<0x8000LL) && (diff>-0x8000LL)) {
++
++// This function generates an instruction with register addressing and a 
memory location
++static INLINE void gen_reg_memaddr(HostReg reg,void* data,Bit8u op,Bit8u 
prefix=0) {
++  Bit64s diff = (Bit64s)data-((Bit64s)cache.pos+(prefix?7:6));
++//if ((diff<0x8000LL) && (diff>-0x8000LL)) { //clang messes 
itself up on this...
++  if ( (diff>>63) == (diff>>31) ) { //signed bit extend, test to see if 
value fits in a Bit32s
++  // mov reg,[rip+diff] (or similar, depending on the op) to 
fetch *data
++  if(prefix) cache_addb(prefix);
++  cache_addb(op);
+   cache_addb(0x05+(reg<<3));
+   // RIP-relative addressing is offset after the instruction 
+   cache_addd((Bit32u)(((Bit64u)diff)&0xLL)); 
+   } else if ((Bit64u)data<0x1LL) {
++  // mov reg,[data] (or similar, depending on the op) when 
absolute address of data is <4GB
++  if(prefix) cache_addb(prefix);
++  cache_addb(op);
+   cache_addw(0x2504+(reg<<3));
+   cache_addd((Bit32u)(((Bit64u)data)&0xLL));
+   } else {
+-  E_Exit("DRC64:Unhandled memory reference");
++  // load 64-bit data into tmp_reg and do mov reg,[tmp_reg] (or 
similar, depending on the op)
++  HostReg tmp_reg = HOST_EAX;
++  if(reg == HOST_EAX) tmp_reg = HOST_ECX;
++
++  cache_addb(0x50+tmp_reg);   // push rax/rcx
++  gen_mov_reg_qword(tmp_reg,(Bit64u)data);
++
++  if(prefix) cache_addb(prefix);
++  cache_addb(op);
++  cache_addb(tmp_reg+(reg<<3));
++
++  cache_addb(0x58+tmp_reg);   // pop rax/rcx
+   }
+ }
+ 
++// Same as above, but with immediate addressing and a memory location
++static INLINE void gen_memaddr(Bitu modreg,void* data,Bitu off,Bitu imm,Bit8u 
op,Bit8u prefix=0) {
++  Bit64s diff = (Bit64s)data-((Bit64s)cache.pos+off+(prefix?7:6));
++//if ((diff<0x8000LL) && (diff>-0x8000LL)) {
++  if ( (diff>>63) == (diff>>31) ) {
++

Bug#887047: jessie-pu: package dh-make-perl/0.84-2+deb8u1

[gregor herrmann]

On Fri, 08 Jun 2018 21:21:35 +0100, Adam D. Barratt wrote:

> On Sat, 2018-01-13 at 02:42 +0100, gregor herrmann wrote:
> > I've prepared an update for dh-make-perl in jessie which fixes
> > #851848.
> 
> Please go ahead; sorry for the long delay.

Thank you. Uploaded.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   NP: Police: The Bed's Too Big Without You


signature.asc
Description: Digital Signature

Bug#867461: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Mon, 2017-10-23 at 08:59 -0400, Antoine Beaupré wrote:
> On 2017-07-19 11:35:56, Michael Shuler wrote:
...
> > I spent a few sessions over the past few days getting the mozilla
> > bundle
> > 2.14 committed to all the suite branches wheezy and newer. I have
> > some
> > more verification to work on and I'll get some packages rolled up
> > and
> > tested for all the suites.
> > 
> > I appreciate the notes here!
> 
> Hi!
> 
> Any update here? According to our records, this issue is still
> pending... I see you pushed the updates to wheezy, but didn't upload
> the
> results... Do you need help preparing the upload?
> 

Ping? We're a week away from the final chance to get an update into
jessie-as-oldstable before it becomes jessie-lts.

Regards,

Adam

Processed: Re: Bug#867461: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #867461 [release.debian.org] jessie-pu: package 
ca-certificates/20141019+deb8u3
Added tag(s) moreinfo.

-- 
867461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867461
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#862030: jessie-pu: package rar/2:4.2.0+dfsg.1-0.1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2017-11-24 at 17:14 +, Ben Hutchings wrote:
> On Tue, 2017-06-27 at 22:55 +0200, Cyril Brulebois wrote:
> > Control: tag -1 moreinfo
> > 
> > Ben Hutchings  (2017-05-07):
> > > rar should be updated to fix #860952.
> > > 
> > > The orig tarballs need to be repacked to exclude
> > > rar_static.  Then I
> > > would apply the following source patch:
> > > 
> > 
...
> > Based on the last line of context and the first line of the diff
> > (marked
> > with <=== above), I'm not sure whether you plan to remove
> > default.sfx
> > along with it, since the previous line still mentions it, and the
> > rules
> > file as well, see below.
> 
> That was intentional, although I forgot to mention it.  default.sfx
> hasn't been statically linked since (I think) version 3.9.3-1.
> 

Please go ahead; apologies for the long delay.

Regards,

Adam

Processed: Re: Bug#862030: jessie-pu: package rar/2:4.2.0+dfsg.1-0.1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #862030 [release.debian.org] jessie-pu: package rar/2:4.2.0+dfsg.1-0.1
Added tag(s) confirmed.

-- 
862030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882904: MariaDB 10.0.33 to next Jessie point release

[Adam D. Barratt]

Control: tags -1 +moreinfo

On Mon, 2017-11-27 at 19:50 +, Adam D. Barratt wrote:
...
> On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote:
...
> > I will prepare the final changelog when I have thumbs up from you
> > to
> > do so.
> 
> You appear to be stuck in a little bit of a chicken-and-egg
> situation,
> given that the final decision as to whether to accept the package
> will
> be based on a diff of the final source package.
> 
...
> We very much prefer diffs to form part of the bug log, not least
> because they're guaranteed to persist in that manner.
> 

That never happened, and 10.0.32 is stuck in oldstable-new because it
FTBFS on multiple architectures. Is 10.0.33 expected to fix all of
those issues?

Regards,

Adam

Processed: Re: Bug#882904: MariaDB 10.0.33 to next Jessie point release

[Debian Bug Tracking System]

Processing control commands:

> tags -1 +moreinfo
Bug #882904 [release.debian.org] jessie-pu: package 
mariadb-10.0/10.0.33-0+deb8u1
Bug #882909 [release.debian.org] jessie-pu: package 
mariadb-10.0/10.0.33-0+deb8u1
Added tag(s) moreinfo.
Added tag(s) moreinfo.

-- 
882904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882904
882909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#883831: jessie-pu: package publicsuffix/20171028.2055-0+deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #883831 [release.debian.org] jessie-pu: package 
publicsuffix/20171028.2055-0+deb8u1
Added tag(s) moreinfo.

-- 
883831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883831
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885028: jessie-pu: package mosquitto/1.3.4-2+deb8u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2017-12-22 at 23:44 +, Roger A. Light wrote:
> This patch fixes CVE-2017-9868 for mosquitto. The security team
> believes
> it is not worthy of a DSA and should be fixed by a point release
> instead.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Processed: Re: Bug#885028: jessie-pu: package mosquitto/1.3.4-2+deb8u2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #885028 [release.debian.org] jessie-pu: package mosquitto/1.3.4-2+deb8u2
Added tag(s) confirmed.

-- 
885028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885028
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#885087: Slightly improved version

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #885087 [release.debian.org] jessie-pu: package kildclient/3.0.0-2+deb8u1
Added tag(s) confirmed.

-- 
885087: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885087
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#883831: jessie-pu: package publicsuffix/20171028.2055-0+deb8u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Thu, 2017-12-07 at 18:14 -0500, d...@fifthhorseman.net wrote:
> Please consider an update to publicsuffix in debian jessie.
> 
> This package reflects the state of the network, and keeping it
> current
> is useful for all the packages that depend on it.
> 

I'm guessing you'd prefer to look at a more recent revision by now.
(Although bear in mind that we're looking at just over a week before
the final window for getting fixes into jessie-as-oldstable rather than
jessie-lts.)

Regards,

Adam

Bug#885087: Slightly improved version

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2018-01-20 at 11:22 -0200, Eduardo M KALINOWSKI wrote:
> I've made a small change to the package, changing the new dependency
> from gvfs to desktop-file-utils, since that's what's really necessary
> (as discovered in #885086).
> 
> The new debdiff is attached.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#885533: jessie-pu: package soundtouch/1.8.0-1+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Wed, 2017-12-27 at 17:19 +, James Cowgill wrote:
> This soundtouch update fixes 3 no-DSA security bugs: #870854,
> #870856,
> and #870857. I have tested the package on jessie and with the
> attached
> debdiff, soundstretch still works and the proof of concepts for the 3
> security issues behave correctly now.

Please go ahead. Sorry for the long delay.

Regards,

Adam

Processed: Re: Bug#885533: jessie-pu: package soundtouch/1.8.0-1+deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #885533 [release.debian.org] jessie-pu: package soundtouch/1.8.0-1+deb8u1
Added tag(s) confirmed.

-- 
885533: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885533
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#885584: jessie-pu: package ncurses/5.9+20140913-1+deb8u3

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #885584 [release.debian.org] jessie-pu: package 
ncurses/5.9+20140913-1+deb8u3
Added tag(s) confirmed.

-- 
885584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885584
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885584: jessie-pu: package ncurses/5.9+20140913-1+deb8u3

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2017-12-28 at 11:43 +0100, Sven Joachim wrote:
> 
The same problem with the same fix as in #885582 for stretch.

Please go ahead. Apologies for the very long delay.

Regards,

Adam

Processed: Re: Bug#887047: jessie-pu: package dh-make-perl/0.84-2+deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #887047 [release.debian.org] jessie-pu: package dh-make-perl/0.84-2+deb8u1
Added tag(s) confirmed.

-- 
887047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#887047: jessie-pu: package dh-make-perl/0.84-2+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sat, 2018-01-13 at 02:42 +0100, gregor herrmann wrote:
> I've prepared an update for dh-make-perl in jessie which fixes
> #851848.
> 
> The problem is that the Contents files have changed between then and
> now, and dh-make-perl in jessie fails to parse them now. Manfred
> Stock has provides a patch which simply removes the check for the
> "headers", which don't exist in the Contents files anymore, and
> additionally adds tests.
> 

Please go ahead; sorry for the long delay.

Regards,

Adam

Bug#885619: jessie-pu: package libextractor/1:1.3-2

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Thu, 2017-12-28 at 17:32 +0100, Bertrand Marc wrote:
> Would you allow an update of libextractor 1.3-2 in Jessie to fix
> several minor security issues?
> 7 issues skipped by the security teams:
> 
[...]
>   * CVE-2017-15600  2017-15600>: In GNU Libextractor 1.4, there is a NULL Pointer
> Dereference in the
> EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
> 

I assume the same issue that Julien raised for the stretch package
applies here.

Regards,

Adam

Processed: Re: Bug#885619: jessie-pu: package libextractor/1:1.3-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #885619 [release.debian.org] jessie-pu: package libextractor/1:1.3-2
Added tag(s) moreinfo.

-- 
885619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2018-02-23 at 20:03 +0100, Didier 'OdyX' Raboud wrote:
> (Mirroring #891142 for stretch):
> 
> CUPS is affected by CVE-2017-18190: remote attackers could execute
> arbitrary
> IPP commands by sending POST requests to the CUPS daemon in
> conjunction with
> DNS rebinding. This was caused by a whitelisted
> "localhost.localdomain" entry.
> 
> According to the Security Team it doesn't warrant a DSA, but still
> makes sense
> to be addressed on Jessie (and Stretch). It was fixed independently
> on wheezy
> already.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Processed: Re: Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #891251 [release.debian.org] jessie-pu: package cups/1.7.5-11+deb8u3
Added tag(s) confirmed.

-- 
891251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891251
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#892032: jessie-pu: package wayland/1.6.0-2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sun, 2018-03-04 at 18:52 +0100, Héctor Orón Martínez wrote:
> Hello,
> 
> 2018-03-04 15:44 GMT+01:00 Emilio Pozuelo Monfort :
> > On 04/03/18 12:46, Héctor Orón Martínez wrote:
> > > 
> > > diff --git a/debian/changelog b/debian/changelog
> > > index 645a4bc..b6409a8 100644
> > > --- a/debian/changelog
> > > +++ b/debian/changelog
> > > @@ -1,3 +1,14 @@
> > > +wayland (1.6.0-2+deb8u1) stretch; urgency=medium
> > 
> > Distribution should be jessie.
> 
> Ouch! Right. Find new version attached

Please go ahead. Sorry for the delay.

Regards,

Adam

Processed: Re: Bug#892032: jessie-pu: package wayland/1.6.0-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #892032 [release.debian.org] jessie-pu: package wayland/1.6.0-2
Added tag(s) confirmed.

-- 
892032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892032
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#895935: jessie-pu: package patch/2.7.5-1+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2018-04-17 at 17:45 +0200, Laszlo Boszormenyi (GCS) wrote:
> I'd like to fix CVE-2018-1000156 in patch for Jessie, which is an
> arbitrary command execution in ed-style patches.
> While it might be used for remote compromise, it would need a setup
> to
> accept patches unconditionally. But then an attacker has an easy path
> already to insert vulnerable code to source files or JavaScript
> injection to HTML pages, etc. Hence it doesn't warrant a DSA on its
> own, but would be good to fix in a point release.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#893507: jessie-pu: package reportbug/6.6.3+deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #893507 [release.debian.org] jessie-pu: package reportbug/6.6.3+deb8u1
Added tag(s) confirmed.

-- 
893507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893507
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#895935: jessie-pu: package patch/2.7.5-1+deb8u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #895935 [release.debian.org] jessie-pu: package patch/2.7.5-1+deb8u1
Added tag(s) confirmed.

-- 
895935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895935
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#893507: jessie-pu: package reportbug/6.6.3+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2018-03-19 at 14:39 +0100, Salvatore Bonaccorso wrote:
> This is the corresponding request to #891918 but for jessie-pu.
> 
> I like to propose the following little change for the upcoming point
> release to include for reportbug. The secure testing security team
> does not exists for a long time by now, and when alioth will be
> decomissioned the secure-testing-team list will disapear. Cf.
> #32.
> 
> It would thus be good if reportbug stops Cc'ing the secure-testing
> team.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#899014: jessie-pu: package blktrace/1.0.5-1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2018-05-18 at 21:13 +0200, Bas Zoetekouw wrote:
> Hi!
> 
> > Please use 1.0.5-1+deb8u1 and as target distribution just 'jessie'.
> > Use 1.1.0-2+deb9u1 and targeting 'stretch' instead (not
> > stretch-security).
> > 
> 
> Fixed.  New debdiffs follow:
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#899014: jessie-pu: package blktrace/1.0.5-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #899014 [release.debian.org] stretch-pu: package blktrace/1.1.0-2
Added tag(s) confirmed.

-- 
899014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Scheduling 9.5

[Laura Arjona Reina]

El 8 de junio de 2018 19:51:18 CEST, "Adam D. Barratt" 
 escribió:
>[Cc += debian-kernel]
>
>On Sun, 2018-05-20 at 12:04 +0200, Joerg Jaspert wrote:
>> On 15037 March 1977, Jonathan Wiltshire wrote:
>> >  - May 26th (meaning freeze this coming weekend, which might be a
>> > big
>> >  ask)
>> 
>> No.
>> 
>> >  - Jun 2nd (which may require an unusual SRM)
>> 
>> Possible.
>> 
>> >  - Jun 9th (getting quite a way out of cadence, but maybe that
>> > can't be
>> >    helped)
>> 
>> Possible.
>
>We're past any of the above by now, and while looking through the to-do
>
>list for the final jessie point release, I noticed that we currently
>have some packages in opu with versions higher than stable.
>
>We can either accept the packages and put up with the situation for a
>short while, or do 9.5 before 8.11. In practical terms, that would
>likely mean both 9.5 and 8.11 on June 23rd, freezing both next weekend.
>How do people feel about that?
>

Ok for publicity.

Cheers

-- 
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
Sent with K-9 mail

Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1

[Sylvain]

Hi,

On 08/06/2018 19:55, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2018-06-06 at 19:54 +0200, b...@debian.org wrote:
>> Please consider this update to freedink-dfarc for stretch.
>> It fixes a security issue that can overwrite arbitrary user files.
>> Sending to stable following security team's directions from 2018-06-
>> 01.
> +freedink-dfarc (3.12-1+deb9u1) stable; urgency=high
>
> Please use "stretch" as the distribution.
>
> +  * Fix directory traversal in D-Mod extractor (CVE-2018-0496)
> +  * Upload to 'stable' as security team rejected a DSA to
> +'stretch-security' (no justification)
>
> The changelog is not the place for such commentary - please remove it.
>
> With the above changes made, and assuming that the resulting package
> has been tested on stretch, please feel free to upload.

As per Social Contract #3 I do have to explain to my users why they get
the security fix after the disclosure.
This is not a commentary, this is purely factual.

Please advise.

- Sylvain

Re: Scheduling 9.5

[Steve McIntyre]

On Fri, Jun 08, 2018 at 06:51:18PM +0100, Adam Barratt wrote:
>[Cc += debian-kernel]
>
>On Sun, 2018-05-20 at 12:04 +0200, Joerg Jaspert wrote:
>> On 15037 March 1977, Jonathan Wiltshire wrote:
>> >  - May 26th (meaning freeze this coming weekend, which might be a
>> > big
>> >  ask)
>> 
>> No.
>> 
>> >  - Jun 2nd (which may require an unusual SRM)
>> 
>> Possible.
>> 
>> >  - Jun 9th (getting quite a way out of cadence, but maybe that
>> > can't be
>> >    helped)
>> 
>> Possible.
>
>We're past any of the above by now, and while looking through the to-do 
>list for the final jessie point release, I noticed that we currently
>have some packages in opu with versions higher than stable.
>
>We can either accept the packages and put up with the situation for a
>short while, or do 9.5 before 8.11. In practical terms, that would
>likely mean both 9.5 and 8.11 on June 23rd, freezing both next weekend.
>How do people feel about that?

That works ok for me.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"This dress doesn't reverse." -- Alden Spiess

Processed: Re: Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #900920 [release.debian.org] stretch-pu: package 
freedink-dfarc/3.12-1+deb9u1
Added tag(s) confirmed.

-- 
900920: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900920
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#900920: stretch-pu: package freedink-dfarc/3.12-1+deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Wed, 2018-06-06 at 19:54 +0200, b...@debian.org wrote:
> Please consider this update to freedink-dfarc for stretch.
> It fixes a security issue that can overwrite arbitrary user files.
> Sending to stable following security team's directions from 2018-06-
> 01.

+freedink-dfarc (3.12-1+deb9u1) stable; urgency=high

Please use "stretch" as the distribution.

+  * Fix directory traversal in D-Mod extractor (CVE-2018-0496)
+  * Upload to 'stable' as security team rejected a DSA to
+'stretch-security' (no justification)

The changelog is not the place for such commentary - please remove it.

With the above changes made, and assuming that the resulting package
has been tested on stretch, please feel free to upload.

Regards,

Adam

Re: Scheduling 9.5

[Adam D. Barratt]

[Cc += debian-kernel]

On Sun, 2018-05-20 at 12:04 +0200, Joerg Jaspert wrote:
> On 15037 March 1977, Jonathan Wiltshire wrote:
> >  - May 26th (meaning freeze this coming weekend, which might be a
> > big
> >  ask)
> 
> No.
> 
> >  - Jun 2nd (which may require an unusual SRM)
> 
> Possible.
> 
> >  - Jun 9th (getting quite a way out of cadence, but maybe that
> > can't be
> >    helped)
> 
> Possible.

We're past any of the above by now, and while looking through the to-do 
list for the final jessie point release, I noticed that we currently
have some packages in opu with versions higher than stable.

We can either accept the packages and put up with the situation for a
short while, or do 9.5 before 8.11. In practical terms, that would
likely mean both 9.5 and 8.11 on June 23rd, freezing both next weekend.
How do people feel about that?

Cheers,

Adam

Bug#901067: unblock: debian-edu-install/2.10.9

[Holger Levsen]

On Fri, Jun 08, 2018 at 05:56:37PM +0200, Cyril Brulebois wrote:
> Holger Levsen  (2018-06-08):
> > Please unblock package debian-edu-install, it is blocked because it
> > has an udeb.
> 
> Its tracker page has:
>  - 9 days old (5 needed)
>  - Updating debian-edu-install introduces new bugs: #900629
> 
> so the block-udeb wasn't what was preventing its migration in the first
> place… Not sure why there's a rush to get it into testing now.
 
because #900629 is also present in testing, I've updated the metainfo
accordingly before filing this bug. (also #900629 should maybe rather be
assigned to samba…)

> > unblock debian-edu-install/2.10.9
> That would need to be unblock-udeb instead.

fine, please 

unblock-udeb debian-edu-install/2.10.9


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#901067: unblock: debian-edu-install/2.10.9

[Cyril Brulebois]

Holger Levsen  (2018-06-08):
> Please unblock package debian-edu-install, it is blocked because it
> has an udeb.

Its tracker page has:
 - 9 days old (5 needed)
 - Updating debian-edu-install introduces new bugs: #900629

so the block-udeb wasn't what was preventing its migration in the first
place… Not sure why there's a rush to get it into testing now.


> unblock debian-edu-install/2.10.9

That would need to be unblock-udeb instead.



Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#901036: marked as done (RM: jruby -- RoST; no longer supported)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jun 2018 16:14:15 +0100
with message-id 
and subject line Re: Bug#901036: no rm
has caused the Debian Bug report #901036,
regarding RM: jruby -- RoST; no longer supported
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
901036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901036
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

jruby has been EOL'd for jessie (see DSA-4219-1), so it should probably
be removed from the next jessie point release so it can't be installed
when installing jessie from scratch.

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---

On 2018-06-08 12:59, Sébastien Delafond wrote:

Actually, that won't be possible: dam rm shows libspring-java among
other rdeps. We'll just stick with the EOL in debian-security-support.


Then let's close this.

Regards,

Adam--- End Message ---

Bug#901067: unblock: debian-edu-install/2.10.9

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-install, it is blocked because it has
an udeb.

unblock debian-edu-install/2.10.9


(Not sure if this is the prefered way to contact the d-i release-manager, 
apologies if it's not.)

-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#901036: no rm

[Sébastien Delafond]

Actually, that won't be possible: dam rm shows libspring-java among
other rdeps. We'll just stick with the EOL in debian-security-support.

Cheers,

--Seb

Processed: tagging 901036, retitle 901036 to RM: jruby -- RoST; no longer supported

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 901036 + jessie
Bug #901036 [release.debian.org] RM: jruby/2.1.5-2+deb8u3
Added tag(s) jessie.
> retitle 901036 RM: jruby -- RoST; no longer supported
Bug #901036 [release.debian.org] RM: jruby/2.1.5-2+deb8u3
Changed Bug title to 'RM: jruby -- RoST; no longer supported' from 'RM: 
jruby/2.1.5-2+deb8u3'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
901036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901036
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#901036: RM: jruby/2.1.5-2+deb8u3

[Sebastien Delafond]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

jruby has been EOL'd for jessie (see DSA-4219-1), so it should probably
be removed from the next jessie point release so it can't be installed
when installing jessie from scratch.

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Bug#901033: stretch-pu: package postgresql-common/181+deb9u2

[Christoph Berg]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Please accept postgresql-common/181+deb9u2 for stretch. It fixes the
problem that removing the old postgresql server packages after
completing the upgrade will also shut down the server running the new
version. (#809811)

The package passes the built-in testsuite and has also been tested
manually.

Thanks,
Christoph


diff -Nru postgresql-common-181+deb9u1/debian/changelog 
postgresql-common-181+deb9u2/debian/changelog
--- postgresql-common-181+deb9u1/debian/changelog   2017-11-07 
20:54:52.0 +0100
+++ postgresql-common-181+deb9u2/debian/changelog   2018-06-08 
11:16:28.0 +0200
@@ -1,3 +1,13 @@
+postgresql-common (181+deb9u2) stretch; urgency=medium
+
+  * maintscripts-functions: Use 'deb-systemd-invoke stop "postgresql@$ver-*"'
+to prevent upgrading/removing server packages from stopping other major
+version clusters when running systemd. (Closes: #809811)
+(Use deb-systemd-invoke instead of invoke-rc.d; jessie's invoke-rc.d does
+not support service patterns.)
+
+ -- Christoph Berg   Fri, 08 Jun 2018 11:16:28 
+0200
+
 postgresql-common (181+deb9u1) stretch-security; urgency=medium
 
   * pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead
diff -Nru postgresql-common-181+deb9u1/debian/control 
postgresql-common-181+deb9u2/debian/control
--- postgresql-common-181+deb9u1/debian/control 2017-11-07 20:54:52.0 
+0100
+++ postgresql-common-181+deb9u2/debian/control 2018-06-08 11:16:28.0 
+0200
@@ -7,8 +7,8 @@
  Christoph Berg ,
  Peter Eisentraut ,
 Standards-Version: 3.9.8
-Vcs-Git: git://anonscm.debian.org/pkg-postgresql/postgresql-common.git
-Vcs-Browser: 
https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git
+Vcs-Git: https://salsa.debian.org/postgresql/postgresql-common.git
+Vcs-Browser: https://salsa.debian.org/postgresql/postgresql-common
 Build-Depends:
  debhelper (>= 9),
  dh-systemd (>= 1.19) | sysvinit (<< 2.88dsf-42),
diff -Nru postgresql-common-181+deb9u1/debian/maintscripts-functions 
postgresql-common-181+deb9u2/debian/maintscripts-functions
--- postgresql-common-181+deb9u1/debian/maintscripts-functions  2017-11-07 
20:54:52.0 +0100
+++ postgresql-common-181+deb9u2/debian/maintscripts-functions  2018-06-08 
10:54:42.0 +0200
@@ -111,7 +111,11 @@
 stop_version() {
 if [ -x /etc/init.d/postgresql ] && [ ! -x /etc/init.d/postgresql-$1 ]; 
then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+if [ -d /run/systemd/system ]; then
+deb-systemd-invoke stop "postgresql@$1-*" || exit $?
+else
 invoke-rc.d postgresql stop $1 || exit $?
+fi
 else
 /etc/init.d/postgresql stop $1 || exit $?
 fi


signature.asc
Description: PGP signature