NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u1_mips64el.changes ACCEPT
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u1_armel.changes ACCEPT Processing changes file: systemd_241-7~deb10u1_armhf.changes ACCEPT Processing changes file: systemd_241-7~deb10u1_mips.changes ACCEPT
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u1_arm64.changes ACCEPT Processing changes file: systemd_241-7~deb10u1_i386.changes ACCEPT
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u1_amd64.changes ACCEPT Processing changes file: systemd_241-7~deb10u1_ppc64el.changes ACCEPT Processing changes file: systemd_241-7~deb10u1_s390x.changes ACCEPT
Bug#930795: unblock: ruby-airbrussh/1.3.2-1
Hello Adam, Thanks for your patience and explanation, here's the debdiff with the solution I picked, I backported the fix to 1.3.1-2, the version is 1.3.1-2+deb10u1 and I will need to wait until 1.3.3-1 hits testing*, which is fine (2 days), to upload it. * because the current version in testing is the same as in stable, and the version in testing needs to be higher/bug fixed in there as well. Regards, -- Samuel Henrique ruby-airbrussh_1.3.1-2+deb10u1.debdiff Description: Binary data
Bug#887507: marked as done (stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u1)
Your message dated Wed, 21 Aug 2019 01:16:01 +0200 with message-id <20190820231601.ga4...@debian.org> and subject line Re: Bug#887507: stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u1 has caused the Debian Bug report #887507, regarding stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 887507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887507 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hey, upstream releases only bugfix releases for the 1.2 branch. As they, do not add any new feature IMO it would makes sense to ship the newest 1.2.7 for Debian Stretch users. This is a prepackage request, I havn't packaged 1.2.7 for Debian yet, as I would only put effort into it, if it can enter stretch in principal. What I can present at the current state is a diff of the upstream tarballs (excluded the minified files, cause we create those in the packageing process itself). I don't expect any changes in the debian folder itself, but I would present a complete debdiff, if you approved the general idea of shipping 1.2.7 via pu. Regards, sandro -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -ru -x '*.min.js' -x '*.min.css' roundcubemail-1.2.3/bin/installto.sh roundcubemail-1.2.7/bin/installto.sh --- roundcubemail-1.2.3/bin/installto.sh2016-11-27 17:08:57.0 +0100 +++ roundcubemail-1.2.7/bin/installto.sh2017-11-08 19:52:27.0 +0100 @@ -42,7 +42,6 @@ $input = trim(fgets(STDIN)); if (strtolower($input) == 'y') { - $err = false; echo "Copying files to target location..."; // Save a copy of original .htaccess file (#1490623) @@ -56,16 +55,16 @@ } foreach ($dirs as $dir) { // @FIXME: should we use --delete for all directories? -$delete = in_array($dir, array('program', 'installer')) ? '--delete ' : ''; -if (!system("rsync -avC " . $delete . INSTALL_PATH . "$dir/* $target_dir/$dir/")) { - $err = true; - break; +$delete = in_array($dir, array('program', 'installer')) ? '--delete ' : ''; +$command = "rsync -aC --out-format \"%n\" " . $delete . INSTALL_PATH . "$dir/* $target_dir/$dir/"; +if (!system($command, $ret) || $ret > 0) { + rcube::raise_error("Failed to execute command: $command", false, true); } } foreach (array('index.php','.htaccess','config/defaults.inc.php','composer.json-dist','CHANGELOG','README.md','UPGRADING','LICENSE','INSTALL') as $file) { -if (!system("rsync -av " . INSTALL_PATH . "$file $target_dir/$file")) { - $err = true; - break; +$command = "rsync -a --out-format \"%n\" " . INSTALL_PATH . "$file $target_dir/$file"; +if (file_exists(INSTALL_PATH . $file) && (!system($command, $ret) || $ret > 0)) { + rcube::raise_error("Failed to execute command: $command", false, true); } } @@ -96,13 +95,12 @@ echo "done.\n\n"; } - if (!$err) { -echo "Running update script at target...\n"; -system("cd $target_dir && php bin/update.sh --version=$oldversion"); -echo "All done.\n"; - } + echo "Running update script at target...\n"; + system("cd $target_dir && php bin/update.sh --version=$oldversion"); + echo "All done.\n"; } -else +else { echo "Update cancelled. See ya!\n"; +} ?> diff -ru -x '*.min.js' -x '*.min.css' roundcubemail-1.2.3/CHANGELOG roundcubemail-1.2.7/CHANGELOG --- roundcubemail-1.2.3/CHANGELOG 2016-11-27 17:08:57.0 +0100 +++ roundcubemail-1.2.7/CHANGELOG 2017-11-08 19:52:27.0 +0100 @@ -1,6 +1,61 @@ CHANGELOG Roundcube Webmail === +RELEASE 1.2.7 +- +- Fix rewind(): stream does not support seeking (#5950) +- Fix bug where HTML messages could have been rendered empty on some systems (#5957) +- Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) +- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959) +- Fix file disclosure
Processed: tagging 929611
Processing commands for cont...@bugs.debian.org: > # Silly thinko > tags 929611 - moreinfo + confirmed Bug #929611 [release.debian.org] stretch-pu: package lemonldap-ng/1.9.7-3+deb9u2 Removed tag(s) moreinfo. Bug #929611 [release.debian.org] stretch-pu: package lemonldap-ng/1.9.7-3+deb9u2 Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 929611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#902683: marked as done (stretch-pu: package python-proliantutils/2.1.11-2)
Your message dated Tue, 20 Aug 2019 23:56:00 +0100 with message-id and subject line Re: Bug#902683: stretch-pu: package python-proliantutils/2.1.11-2 has caused the Debian Bug report #902683, regarding stretch-pu: package python-proliantutils/2.1.11-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 902683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902683 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, I've prepared an update to python-proliantutils which fixes FTBFS when there is internet connectivity in the build host. Please find the diff attached to this bug report. Trivially, it replaces 1.1.1.1 by a never reachable IP address in the test suite. This update package will fix #902241. The resulting built package is here: http://sid.gplhost.com/stretch-proposed-updates/proliantutils/ Cheers, Thomas Goirand (zigo) diff -Nru python-proliantutils-2.1.11/debian/changelog python-proliantutils-2.1.11/debian/changelog --- python-proliantutils-2.1.11/debian/changelog2016-09-26 19:13:41.0 +0200 +++ python-proliantutils-2.1.11/debian/changelog2018-06-29 16:25:22.0 +0200 @@ -1,3 +1,10 @@ +python-proliantutils (2.1.11-2+deb9u1) stretch; urgency=medium + + * Add replace-quad1-by-doc-reserved-ip.patch which fixes FTBFS when the +build machine has internet connectivity (Closes: #902241). + + -- Thomas Goirand Fri, 29 Jun 2018 16:25:22 +0200 + python-proliantutils (2.1.11-2) unstable; urgency=medium * d/s/options: extend-diff-ignore of .gitreview diff -Nru python-proliantutils-2.1.11/debian/patches/replace-quad1-by-doc-reserved-ip.patch python-proliantutils-2.1.11/debian/patches/replace-quad1-by-doc-reserved-ip.patch --- python-proliantutils-2.1.11/debian/patches/replace-quad1-by-doc-reserved-ip.patch 1970-01-01 01:00:00.0 +0100 +++ python-proliantutils-2.1.11/debian/patches/replace-quad1-by-doc-reserved-ip.patch 2018-06-29 16:25:22.0 +0200 @@ -0,0 +1,23 @@ +Description: Replace 1.1.1.1 by doc reserved IPs + Looks like there's connectivity to 1.1.1.1 when the build machine has + internet access. Swiching to 198.51.100.1 never works, as it is a reserved + IP range for documentation purpose. + . + Note that upstream already removed 1.1.1.1 from its test decoration, so it + isn't needed to forward the patch in upstream master branch. +Author: Thomas Goirand +Bug-Debian: https://bugs.debian.org/902241 +Forwarded: not-needed +Last-Update: 2018-06-29 + +--- python-proliantutils-2.1.11.orig/proliantutils/tests/ilo/test_firmware_controller.py python-proliantutils-2.1.11/proliantutils/tests/ilo/test_firmware_controller.py +@@ -551,7 +551,7 @@ class FirmwareImageUploaderTestCase(unit + self.assertEqual(returned_sock, ssl_mock.wrap_socket()) + + @ddt.data(('foo.bar.com', exception.IloConnectionError), +- ('1.1.1.1', exception.IloConnectionError), ++ ('198.51.100.1', exception.IloConnectionError), + ('any_kind_of_address', exception.IloConnectionError),) + @ddt.unpack + def test__get_socket_throws_exception_in_case_of_failed_connection( diff -Nru python-proliantutils-2.1.11/debian/patches/series python-proliantutils-2.1.11/debian/patches/series --- python-proliantutils-2.1.11/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ python-proliantutils-2.1.11/debian/patches/series 2018-06-29 16:25:22.0 +0200 @@ -0,0 +1 @@ +replace-quad1-by-doc-reserved-ip.patch --- End Message --- --- Begin Message --- On Tue, 2019-07-16 at 20:31 +0100, Adam D. Barratt wrote: > On Sat, 2019-03-09 at 16:40 +, Adam D. Barratt wrote: > > On Thu, 2018-11-01 at 20:32 +, Adam D. Barratt wrote: > > > Control: tags -1 + confirmed > > > > > > On Fri, 2018-06-29 at 16:50 +0200, Thomas Goirand wrote: > > > > I've prepared an update to python-proliantutils which fixes > > > > FTBFS > > > > when there is internet connectivity in the build host. Please > > > > find > > > > the diff attached to this bug report. Trivially, it replaces > > > > 1.1.1.1 > > > > by a never reachable IP address in the test suite. > > > > > > This wasn't fixed in unstable last time I looked, but apparently > > > has > > > been in the meantime, so please go ahead. > > > > Ping? > > Ping? If nothing happens by August 15th then I plan to close this > bug. > Doing so with this message. Regards, Adam--- End Message ---
Bug#887427: marked as done (stretch-pu: package buildbot/0.8.12-3.2)
Your message dated Tue, 20 Aug 2019 23:55:16 +0100 with message-id and subject line Re: Bug#887427: stretch-pu: package buildbot/0.8.12-3.2 has caused the Debian Bug report #887427, regarding stretch-pu: package buildbot/0.8.12-3.2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 887427: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887427 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hello there, In Stretch we have buildbot package version 0.8.12-3.2 (abandoned by maintainer). Unfortunately it's unusable, because of hardcoded versioned dependence on sqlalchemy with version lesser than one in stretch. Piotr Ozarowski tried to fix this, removing dependence from control, but this is not enough (package builds, installs but not work at all), see #867588 This could be easy fixed by removing versioned runtime dependencies: diff --git a/setup.py b/setup.py index e70ab16..2f9f716 100755 --- a/setup.py +++ b/setup.py @@ -381,11 +381,8 @@ else: ] setup_args['install_requires'] += [ -# sqlalchemy-0.8 betas show issues with sqlalchemy-0.7.2, so stick to 0.7.10 -'sqlalchemy >= 0.6, <= 0.7.10', -# buildbot depends on sqlalchemy internals, and this is the tested -# version. -'sqlalchemy-migrate==0.7.2', +'sqlalchemy >= 0.6', +'sqlalchemy-migrate>=0.7.2', 'python-dateutil>=1.5', ] setup_args['tests_require'] = [ After that package could be installed and used in Debian Stretch release. (At least autotests pass and buildbot works as expected.) Waiting for approve to do NMU to stretch-proposed-updates. -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (670, 'stable-updates'), (670, 'stable'), (630, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8), LANGUAGE=ru_RU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On Tue, 2019-07-16 at 20:29 +0100, Adam D. Barratt wrote: > On Sun, 2018-12-02 at 16:53 +0100, Julien Cristau wrote: > > Control: tag -1 - moreinfo > > Control: tag -1 + confirmed > > > > On Tue, Jan 16, 2018 at 02:54:14PM +0300, Alexander GQ Gerasiov > > wrote: > [...] > > > Waiting for approve to do NMU to stretch-proposed-updates. > > > > > > > Sounds ok. Please use version 0.8.12-3.2+deb9u1. > > Ping? If nothing happens by August 15th then I plan to close this > bug. Doing so with this message. Regards, Adam--- End Message ---
Processed: Bug#932111: buster-pu: package webkit2gtk/2.24.3-1~deb10u1
Processing control commands: > tags -1 + confirmed Bug #932111 [release.debian.org] buster-pu: package webkit2gtk/2.24.3-1~deb10u1 Added tag(s) confirmed. -- 932111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932111 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#912068: marked as done (stretch-pu: package apache-directory-server/2.0.0~M15-4)
Your message dated Tue, 20 Aug 2019 23:56:39 +0100 with message-id and subject line Re: Bug#912068: stretch-pu: package apache-directory-server/2.0.0~M15-4 has caused the Debian Bug report #912068, regarding stretch-pu: package apache-directory-server/2.0.0~M15-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 912068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I would like to upload fixes for two RC bugs that affect stretch and make the package uninstallable and, after manually fixing that, unusable: #909063 - apacheds: package installation fails due to incorrect apacheds.service unit #911557 - apacheds: broken symlinks: /usr/share/apacheds/lib/{log4j-1.2,commons-io,antlr}.jar Find attached the diff between the version now in stretch and the proposed version. -BEGIN PGP SIGNATURE- iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlvUzCUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylrCFD/0QUhlM ijX+9V3iHy8/j5T/jsLB5jyOcYuuFofC1vucHN9IQAx809U002X1ODYwicydkXcq wpo9RAvPqJr1zYO47p9O8M/qj0wf1r4g/avZRH0rJbf1n0I8O8yJAUvTHtKjQXub sARZm3HmZ/axSES281IzBthvjmPnMMJR6347irFrTIemgvBO84yxTw6n4qHMD+uc hJPfjJ0bYuk+db0zv99QG8cSfGJoZG5IxpasIQKFvkBzj147EW+uzEahy/UxnqUw kUobzzsviLR9qh2R2Rf8RlIIuKsfP9Fvdtf4aUwd00XpsW6nk3O37Rrlz/ZeWosP RPEizy0cwaFYWxlTwVRd/2Gj6wKnGVHbNBU6x++XRGEae5nyFB5AnQcbWw8Zoj+M Q4Cgfh07RtN5nu9o07MNrorr1ks/2muDFp+0Mu8T2inQ4p0V9Wf2RFEEJy/BPZMX p7/h+4iP5CO2vtT130zhZhbj0laxdQ1HRVIjAmknSrYHF5QAY3BNINHiYp4YjfTH piIGjddlW+DDwNvN/UXIAOtmxJlfpB/pcblSzzMLnTnxgNoxXxfPVN2qYQDJznvf vk9yx1t2P829QE09eeOpR9TQnujU6uwN5rOosTw8mv4oH2Z7YOcJQ3V7otMUCXp4 Z3IfnTn+Cyj1HBMixuPc4KduGAufG6mdvX2Osw== =oswM -END PGP SIGNATURE- diff --git a/debian/apacheds.service b/debian/apacheds.service index e6de514..23efa17 100644 --- a/debian/apacheds.service +++ b/debian/apacheds.service @@ -8,14 +8,15 @@ Type=simple User=apacheds Group=apacheds EnvironmentFile=/etc/default/apacheds -ExecStart=${JAVA_HOME}/bin/java ${JAVA_OPTS} \ --Dapacheds.controls=${ADS_CONTROLS} \ --Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \ - -Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \ --Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \ --cp '${ADS_HOME}/lib/*' \ -org.apache.directory.server.UberjarMain \ -${ADS_INSTANCES}/${ADS_INSTANCE}/ +ExecStart=/bin/sh -c "exec \ +${JAVA_HOME}/bin/java ${JAVA_OPTS} \ + -Dapacheds.controls=${ADS_CONTROLS} \ + -Dapacheds.extendedOperations=${ADS_EXTENDED_OPERATIONS} \ + -Dlog4j.configuration=file:${ADS_INSTANCES}/${ADS_INSTANCE}/conf/log4j.properties \ + -Dapacheds.log.dir=${ADS_INSTANCES}/${ADS_INSTANCE}/log \ + -cp '${ADS_HOME}/lib/*' \ + org.apache.directory.server.UberjarMain \ + ${ADS_INSTANCES}/${ADS_INSTANCE}/" PrivateTmp=true [Install] diff --git a/debian/changelog b/debian/changelog index 62c6358..bdfa64f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +apache-directory-server (2.0.0~M15-4+deb9u1) stretch; urgency=medium + + * Team upload. + * Fix command in systemd service file. (Closes: #909063) + * Add missing dependencies to libraries. (Closes: #911557) + + -- Dominik George Sat, 27 Oct 2018 15:32:48 +0200 + apache-directory-server (2.0.0~M15-4) unstable; urgency=medium * Transition to Jetty 9 diff --git a/debian/control b/debian/control index 0b02379..31df170 100644 --- a/debian/control +++ b/debian/control @@ -30,7 +30,14 @@ Homepage: http://directory.apache.org Package: libapacheds-java Architecture: all -Depends: ${maven:Depends}, ${misc:Depends}, libapacheds-i18n-java (= ${source:Version}), libapacheds-kerberos-codec-java (= ${source:Version}) +Depends: + libantlr-java, + libapacheds-i18n-java (= ${source:Version}), + libapacheds-kerberos-codec-java (= ${source:Version}), + libcommons-io-java, + liblog4j1.2-java, + ${maven:Depends}, + ${misc:Depends}, Suggests: ${maven:OptionalDepends} Description: Apache Directory Server (Libraries) ApacheDS is an embbedable directory server entirely written in Java, which --- End Message --- --- Begin Message --- On Tue, 2019-07-16 at
Bug#932111: buster-pu: package webkit2gtk/2.24.3-1~deb10u1
Control: tags -1 + confirmed This request never reached debian-release, most likely due to the size of the diff. On Mon, 2019-07-15 at 13:57 +0300, Alberto Garcia wrote: > the i386 build of webkit2gtk that went into buster requires an > SSE2-capable CPU. Because of this, apps that use this library > (e.g. Zenity or Liferea) can crash. > > A bug was filed for this problem (#930935) but it was too late > to fix the package for buster, so it was decided to do it in the > first update. There's a section on the release notes explaining the > situation and warning affected i386 users to wait until this is > solved: [...] > This upload fixes this problem. Note that I'm also updating the > package to the most recent stable release (version 2.24.3), published > two weeks ago. It contains many other fixes including those for two > other Debian bugs (#929749, #870814). The reason why I'm doing this > is because that's the same approach that we are going to follow with > the webkit2gtk security releases. Please go ahead. Regards, Adam
Processed: Bug#934308: buster-pu: package dpdk/18.11.2-2+deb10u1
Processing control commands: > tags -1 + confirmed Bug #934308 [release.debian.org] buster-pu: package dpdk/18.11.2-2+deb10u1 Added tag(s) confirmed. -- 934308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#934308: buster-pu: package dpdk/18.11.2-2+deb10u1
Control: tags -1 + confirmed This request never made it to debian-release, most likely due to the size of the diff. On Fri, 2019-08-09 at 13:54 +0100, Luca Boccassi wrote: > We would like to upload a new LTS release version of DPDK to buster. > We have already done this previously in stretch, and it was approved > for the 16.11 LTS series [1][2][3], but given this is a new Debian > release in combination with a new LTS release train I have not yet > uploaded to p-u and will wait for an explicit ACK. We would like to > upload new 18.11 LTS versions as they are released upstream to buster > - > EOL is projected in November 2020. What's the plan for after that point? > As with the 16.11 LTS, the 18.11 LTS point release has only bug > fixes and no API/ABI changes and has been tested extensively and > deployed on Debian Buster and more distros, which includes running > regression tests. Please go ahead. Regards, Adam
Processed: Re: Bug#887736: stretch-pu: package openvswitch/2.6.2~pre+git20161223-3
Processing control commands: > tags -1 + moreinfo Bug #887736 [release.debian.org] stretch-pu: package openvswitch/2.6.2~pre+git20161223-3 Added tag(s) moreinfo. -- 887736: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887736 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#887736: stretch-pu: package openvswitch/2.6.2~pre+git20161223-3
Control: tags -1 + moreinfo On Fri, 2018-01-19 at 15:21 +0100, Thomas Goirand wrote: > I started maintaining OpenVSwitch long after the Stretch release, and > discovered #858418, which is very annoying for OpenVSwitch users. > > tl;dr: #858418 prevent anyone that has a valid > /etc/network/interfaces > with OpenVSwitch directive from having a working network at boot. The > init script uses a non-documented, not-to-be-used systemd internal, > which is miserably failing. > > After a long discussion with the bug reporter (which can be read on > the BTS), I came to the conclusion that he's right, and that the most > reasonable and safe way to fix the current situation is to apply the > patch he suggested (and which resulting debdiff I attached to this > bug). As I understand things, that fix swaps use of one systemd internal for another, which doesn't seem like a great plan. When this was discussed (some time ago) on IRC, one of the systemd maintainers essentially said "don't do that". With apologies for the delay in doing so, I've CCed the maintainer list to see if we can find a mutually acceptable solution. Regards, Adam
Bug#905061: marked as done (stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1)
Your message dated Tue, 20 Aug 2019 23:29:27 +0100 with message-id <098ffdfec287b4849a660b71c3855ef01a23a357.ca...@adam-barratt.org.uk> and subject line Re: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1 has caused the Debian Bug report #905061, regarding stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 905061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear stable release manager, I hereby propose an update for stretch of mruby. It contains a patch fixing CVE-2017-9527 [1]. The security issue was marked as being no-DSA [2]. The changelog entry is: mruby (1.2.0+20161228+git30d5424a-1+deb9u1) stretch; urgency=high * Backport patches from 1.3.0. (Closes: #865778) - CVE-2017-9527: heap-based use-after-free -- Nobuhiro Iwamatsu Tue, 14 Nov 2017 12:40:35 +0900 Please see the attached debdiff for details. Best regards, Nobuhiro [1] https://bugs.debian.org/865778 [2] https://security-tracker.debian.org/tracker/CVE-2017-9527 -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 mruby_1.2.0+20161228+git30d5424a-1+deb9u1.debdiff Description: Binary data --- End Message --- --- Begin Message --- On Thu, 2018-11-01 at 20:37 +, Adam D. Barratt wrote: > On Tue, 2018-07-31 at 11:56 +0200, Moritz Mühlenhoff wrote: > > On Tue, Jul 31, 2018 at 11:29:16AM +0900, Nobuhiro Iwamatsu wrote: > [...] > > > I hereby propose an update for stretch of mruby. > > > > There's a few more no-dsa issues for mruby, if you're doing an > > update > > anyway, could you also check whether they make sense to be fixed in > > stretch? > > > > See here: > > https://security-tracker.debian.org/tracker/CVE-2018-10191 > > https://security-tracker.debian.org/tracker/CVE-2018-14337 > > https://security-tracker.debian.org/tracker/CVE-2018-12249 > > https://security-tracker.debian.org/tracker/CVE-2018-12248 > > https://security-tracker.debian.org/tracker/CVE-2018-11743 > > Ping? There's been no response in over a year, so I'm closing this request. Regards, Adam--- End Message ---
Processed: Re: Bug#916650: stretch-pu: package liquidsoap/1.1.1-7.2
Processing control commands: > tags -1 -moreinfo +confirmed Bug #916650 [release.debian.org] stretch-pu: package liquidsoap/1.1.1-7.2 Removed tag(s) moreinfo. Bug #916650 [release.debian.org] stretch-pu: package liquidsoap/1.1.1-7.2 Added tag(s) confirmed. -- 916650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931968: stretch-pu: package libtk-img/1:1.4.6+dfsg-1+deb9u1 pre-approval
Control; tags -1 -moreinfo +confirmed On Mon, 2019-07-29 at 10:42 +0300, Sergei Golovan wrote: > Hi Adam, > > On Fri, Jul 26, 2019 at 10:46 PM Adam D. Barratt > wrote: > > Control: tags -1 + moreinfo > > > > On 2019-07-13 01:26, Sergei Golovan wrote: > > > I'd like to fix #931422 (see [1]) for stretch (the bug is already > > > fixed > > > in unstable, see also #931967 [2]). > > > > > > The diff with the current 1:1.4.6+dfsg-1 is attaced. > > > > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931422 > > > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931967 > > > > The same question applies here as for the buster update, i.e. what > > is > > the practical impact of the change? > > The answer is the same as for bug 931967. From the user point of view > nothing should be changed. Just some images which now cause a > segfault when loaded by libtk-img will load just fine. Thanks. Please go ahead. Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On Tue, 2019-08-20 at 23:38 +0200, Sebastian Andrzej Siewior wrote: > On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote: > > Indeed, and then we dropped the ball again. :-( > > > > Let's get this going. > > So I upload the here promissed Stretch package Yep, then we smile sweetly at ftp-master to get it processed from NEW. > and then open p-u bugs > for the transition? Is anything required beyond binNMUs of r-deps? Regards, Adam
Bug#887507: stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u1
On Mon, 2018-12-03 at 08:15 +0100, Julien Cristau wrote: > Control: tag -1 + moreinfo > > On Wed, Jan 17, 2018 at 05:04:15PM +0100, Sandro Knauß wrote: > > Package: release.debian.org > > Severity: normal > > Tags: stretch > > User: release.debian@packages.debian.org > > Usertags: pu > > > > Hey, > > > > upstream releases only bugfix releases for the 1.2 branch. As they, > > do not add any new feature IMO it would makes sense to ship the > > newest > > 1.2.7 for Debian Stretch users. This is a prepackage request, I > > havn't > > packaged 1.2.7 for Debian yet, as I would only put effort into it, > > if it > > can enter stretch in principal. What I can present at the current > > state > > is a diff of the upstream tarballs (excluded the minified files, > > cause > > we create those in the packageing process itself). I don't expect > > any > > changes in the debian folder itself, but I would present a complete > > debdiff, if you approved the general idea of shipping 1.2.7 via pu. > > > Hi Sandro, > > sounds fine to me in theory, please follow up with a tested debdiff > and > remove the moreinfo tag. That was 8 months ago now and there's been no follow up. Is this still of any interest? Regards, Adam
Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2
Control: tags -1 + confirmed On Thu, 2019-07-18 at 05:07 +0200, Christoph Biedl wrote: > Adam D. Barratt wrote... > > > Assuming I count correctly, your mail was from approximately 6 > > weeks > > before the date of the upcoming 9.9 point release. > > This story has a tendency to fall off radar repeatedly. Perhaps we > can > eventually find a solution for this in the next days? I guess we should just get on with it. FWIW, we're currently about 2.5 weeks from the next point release. I realise that {c,sh}ould have been longer. Regards, Adam
Processed: Re: Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2
Processing control commands: > tags -1 + confirmed Bug #925251 [release.debian.org] stretch-pu: package file/1:5.30-1+deb9u2 Added tag(s) confirmed. -- 925251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#916650: stretch-pu: package liquidsoap/1.1.1-7.2
Control: tags -1 -moreinfo +confirmed On Sat, 2019-02-09 at 22:05 +0200, Kyle Robbertze wrote: > On 2019/02/09 16:08, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Sun, 2018-12-16 at 23:58 +0200, Kyle Robbertze wrote: > > > The current liquidsoap package in stable segfaults imediately on > > > run. > > > Details are in bug #812591. The segfault is due to Ocaml version > > > 4.02 > > > which is present in stable. The fix upstream has been applied > > > here > > > (sourced from Ubuntu where it has been working since 17.10). It > > > is > > > part of the version currently in buster and unstable. > > > > Apologies for not getting back to you sooner. > > No worries, we all get busy :) Apparently so. *sigh* [...] > > If a package is incompatible with a newer version of Ocaml, is > > there no > > way of indicating this via e.g. dependency relationships, or the > > package somehow indicating which versions of Ocaml it is compatible > > with? This seems like the sort of thing that could also cause > > issues > > with partial upgrades between stable releases. > > With this fix, it is compatible with newer Ocaml versions and the new > version in buster and unstable are too. As far as I can tell, there > have > been no issues with newer versions outside of this. The common > convention seems to be to declare an un-versioned or minimum version > dependency on Ocaml and expect it to work with future versions. > OK, I guess we can go with this. Sorry for the delay (again). Regards, Adam
Bug#887324: stretch-pu: package python-flask-rdf/0.2.0-1.1~deb9u1
On Mon, 2018-06-25 at 05:17 +0200, Andreas Beckmann wrote: > Control: tag -1 moreinfo > > On Sun, 14 Jan 2018 23:45:31 +0100 Andreas Beckmann > wrote: > > Let's fix the python3 dependency by rebuilding the package from > > sid, > > Depends: [-python3-mimeparse-] {+python3-mimeparse, python3-six, > > python3:any (>= 3.3.2-2~)+} > > That is not sufficient: #896358, #896385 > > ImportError: No module named 'rdflib' What's the status here? Regards, Adam
Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
On Sun, 2019-03-31 at 15:44 -0400, Roberto C.Sánchez wrote: > On Sun, Mar 31, 2019 at 08:09:27PM +0100, Adam D. Barratt wrote: > > On Thu, 2018-11-01 at 21:07 -0400, Roberto C.Sánchez wrote: > > > On Thu, Nov 01, 2018 at 06:50:53PM +, Adam D. Barratt wrote: > > > > Control: tags -1 + moreinfo > > > > > > > > On Wed, 2018-10-31 at 23:25 -0400, Roberto C. Sanchez wrote: > > > > > I have prepared an update for exiv2 in jessie (0.24- > > > > > 4.1+deb8u2) > > > > > related to CVE-2018-16336 and also including a minor fix to > > > > > the > > > > > previous patch for CVE-2018-10958 and CVE-2018-10999. > > > > > > > > The Security Tracker indicates that CVE-2018-16336 is as-yet > > > > unfixed in > > > > unstable; is that correct? > > > > > > > > > > Hi Adam, > > > > > > That is correct. I completely overlooked it. I will check with > > > the > > > maintainers about their plans for unstable. > > > > Was there any progress there? The issue is still marked as > > affecting > > unstable in the tracker. > > > No real progress. I sent a message [0] to the packaging team's > mailing > list that same day (1st November). Salvatore responded a few days > later, but there was no response after that. > > Regards, > > -Roberto > > [0] > https://alioth-lists.debian.net/pipermail/pkg-kde-extras/2018-November/029728.html > Still nothing? We're about to hit 10 months since the initial request. :-( Regards, Adam
Bug#885069: stretch-pu: package open-iscsi/2.0.874-3~deb9u1
On Fri, 2019-04-26 at 21:42 +0200, Salvatore Bonaccorso wrote: > Hi Christian, > > On Fri, Nov 09, 2018 at 06:53:07AM +0100, Salvatore Bonaccorso wrote: > > Hi Christian, > > > > On Sat, Feb 10, 2018 at 10:15:48AM +0100, Julien Cristau wrote: > > > Control: tag -1 moreinfo > > > > > > On Sat, Dec 23, 2017 at 13:40:43 +0100, Christian Seiler wrote: [...] > > > The above makes little sense to me. We find out the peer uid, > > > then > > > instead of just comparing that against 0 we turn it into a struct > > > passwd > > > and compare pw_name against "root". Why? > > > > Did you had any chance to look at Julien's concerns/questions back > > on > > this proposed update for stretch? > > Friendly ping :) > If there's no follow-up by the time the 9.10 point release happens (~2.5 weeks time) then I will close this request. Regards, Adam
Bug#902487: debdiff log
Control: tags -1 + confirmed Sorry for the delay in getting back to you. On Wed, 2018-06-27 at 11:45 +0530, Manas Kashyap wrote: > diff -Nru ruby-encryptor-3.0.0/debian/changelog ruby-encryptor- > 3.0.0/debian/changelog > --- ruby-encryptor-3.0.0/debian/changelog 2016-04-06 > 19:23:59.0 + > +++ ruby-encryptor-3.0.0/debian/changelog 2018-06-26 > 07:14:17.0 + > @@ -1,3 +1,11 @@ > +ruby-encryptor (3.0.0-1+deb9u1) stretch; urgency=medium > + > + * Team upload > + * Ignore test failures (Its only reverse dependency is ruby-attr- > encrypted > +which handles this correctly, all of its tests pass) (Closes: > #880276) > This really doesn't make me happy as a fix, but let's go with it. Regards, Adam
Processed: Re: Bug#902487: debdiff log
Processing control commands: > tags -1 + confirmed Bug #902487 [release.debian.org] stretch-pu: package ruby-encryptor/3.0.0-1+deb9u1 Added tag(s) confirmed. -- 902487: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902487 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928556: stretch-pu: package gocode/20150303-3+deb9u2
Control: tags -1 + confirmed On Tue, 2019-05-07 at 05:57 +0200, Andreas Beckmann wrote: > the last stretch-pu update of gocode caused a regression on > jessie->stretch updates. If I make the recently added Pre-Depends > versioned to pull in the version from stretch first, everything seems > to > work again as expected. > Hopefully there won't be too many such updates in practice now. Please go ahead. Regards, Adam
Processed: Re: Bug#928556: stretch-pu: package gocode/20150303-3+deb9u2
Processing control commands: > tags -1 + confirmed Bug #928556 [release.debian.org] stretch-pu: package gocode/20150303-3+deb9u2 Added tag(s) confirmed. -- 928556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#917880: stretch-pu: package kamailio/4.4.4-2+deb9u3
Processing control commands: > tags -1 + moreinfo Bug #917880 [release.debian.org] stretch-pu: package kamailio/4.4.4-2+deb9u3 Added tag(s) moreinfo. -- 917880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#917880: stretch-pu: package kamailio/4.4.4-2+deb9u3
Control: tags -1 + moreinfo On Mon, 2018-12-31 at 11:22 +0100, Victor Seva wrote: > version in stable can't be used with TLS enabled due to #902452 with > severity grave. If user enables TLS kamailio fails to start. > Apologies for the delay in getting back to you. Is the result of the patch that kamaillo assumes that Kerberos is always OK with newer OpenSSL versions, or the reverse? Regards, Adam
Bug#915935: stretch-pu: package zfs-auto-snapshot/1.2.1-1+deb9u1
Control: tags -1 + confirmed On Sat, 2018-12-08 at 01:07 +0100, Andreas Beckmann wrote: > Can we backport the changes from unstable that silence the cronjobs > after package removal? #850776 > Please go ahead; sorry for the delay. Regards, Adam
Processed: Re: Bug#915935: stretch-pu: package zfs-auto-snapshot/1.2.1-1+deb9u1
Processing control commands: > tags -1 + confirmed Bug #915935 [release.debian.org] stretch-pu: package zfs-auto-snapshot/1.2.1-1+deb9u1 Added tag(s) confirmed. -- 915935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#934356: stretch-pu: package mitmproxy/0.18.2-6
Processing control commands: > tags -1 + confirmed Bug #934356 [release.debian.org] stretch-pu: package mitmproxy/0.18.2-6 Added tag(s) confirmed. -- 934356: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934356 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#934356: stretch-pu: package mitmproxy/0.18.2-6
Control: tags -1 + confirmed On Sat, 2019-08-10 at 09:27 +0200, Sebastien Delafond wrote: > Could 0.18.2-6+deb9u1 be included in stretch's next point release ? > It > closes #934033, which is an FTBFS on stretch, by blacklisting a > couple > #more things from the test suite. > Please go ahead. Regards, Adam
Bug#933176: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u1
Control: tags -1 + confirmed On Sat, 2019-07-27 at 11:33 +0200, Roland Rosenfeld wrote: > This fixes CVE-2019-14275 in stretch. Since this is tagged > "unimportant" by the security team on > https://security-tracker.debian.org/tracker/CVE-2019-14275 they won't > publish a DSA, so I tend to send this into the next point release of > buster. stretch. :-) > Attached you'll find the diff against 3.2.6a-2+deb9u1. > Please go ahead. Regards, Adam
Processed: Re: Bug#933176: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u1
Processing control commands: > tags -1 + confirmed Bug #933176 [release.debian.org] stretch-pu: package fig2dev/1:3.2.6a-2+deb9u1 Added tag(s) confirmed. -- 933176: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933176 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931350: stretch-pu: package fence-agents/4.0.25-1
Control: tags -1 + confirmed On Tue, 2019-07-02 at 21:20 +0200, Valentin Vidic wrote: > I would like to upload a new version of fence-agents to stretch in > order > to fix the UTF-8 problem that was recently fixed for buster too. > debdiff > of the change is attached. > Please go ahead; sorry for the delay. Regards, Adam
Processed: Re: Bug#931350: stretch-pu: package fence-agents/4.0.25-1
Processing control commands: > tags -1 + confirmed Bug #931350 [release.debian.org] stretch-pu: package fence-agents/4.0.25-1 Added tag(s) confirmed. -- 931350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931350 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Processing control commands: > tags -1 + confirmed Bug #931610 [release.debian.org] stretch-pu: package pound/2.7-1.3+deb9u1 Added tag(s) confirmed. -- 931610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931610 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931610: stretch-pu: package pound/2.7-1.3+deb9u1
Control: tags -1 + confirmed On Sat, 2019-07-13 at 12:36 +0200, Carsten Leonhardt wrote: > Control: tags -1 - moreinfo > > Hi, > > attached is a new debdiff, the only change is that I removed some > cruft > from the "Origin" field in the patch metadata. > > I've deployed this version on live servers this morning and tested > them. > Please go ahead; thanks. Regards, Adam
Bug#929611: Update
Control: tags -1 + moreinfo On Wed, 2019-06-26 at 14:08 +0200, Xavier wrote: > Hi all, > > I updated my debdiff due to a little security hole discovered in > lemonldap-ng 1.9.x Please go ahead; sorry for the delay. Regards, Adam
Processed: Re: Bug#929611: Update
Processing control commands: > tags -1 + moreinfo Bug #929611 [release.debian.org] stretch-pu: package lemonldap-ng/1.9.7-3+deb9u2 Added tag(s) moreinfo. -- 929611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote: > Indeed, and then we dropped the ball again. :-( > > Let's get this going. So I upload the here promissed Stretch package and then open p-u bugs for the transition? > Regards, > > Adam Sebastian
Bug#930795: unblock: ruby-airbrussh/1.3.2-1
On Tue, 2019-08-20 at 22:22 +0100, Samuel Henrique wrote: > Hello Adam, > > > It certainly can't be 1.3.2-1+deb10u1, as that version number is > > higher > > than the package in unstable. Either one would need to go with > > 1.3.1- > > 2+deb10u1 with just the bug fix applied, or 1.3.2-1~deb10u1 with a > > "backports-style" changelog containing both 1.3.2-1 and then the > > stable > > update. In either case we would need a debdiff that reflects the > > chosen > > approach. > > > > One thing that will need to be fixed in unstable first either way: > > > > Not built on buildd: arch all binaries uploaded by samueloph > > > > As per the d-d-a announcement, that will need a new source upload > > to > > unstable to resolve, as arch:all can't be usefully binNMUed. > > I just uploaded 1.3.3-1 (source-only) to unstable, can I just wait > until it migrates to testing and then go with "1.3.2-1+deb10u1" ? > If so, I will remove the "moreinfo" tag when it the package migrates > to Testing (in 2 days) and we can use the latest debdiff on this > thread. That doesn't really make sense as a version here, as it's not a stable update on top of 1.3.2-1; stable only has 1.3.1-2. If you really want to go with the complete version rather than just the specific fix, then either 1.3.2-1~deb10u1 - and therefore with the original 1.3.2-1 changelog with a "backports style" entry on top - or 1.3.2-0+deb10u1. Regards, Adam
Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?
Adam D. Barratt dixit: >Please go ahead; sorry for the delay. Done, thanks! bye, //mirabilos -- > Hi, does anyone sell openbsd stickers by themselves and not packaged > with other products? No, the only way I've seen them sold is for $40 with a free OpenBSD CD. -- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc
Bug#932251: buster-pu: package spl-linux/0.7.12-2+deb10u1
Control: tags -1 + confirmed On Wed, 2019-07-17 at 07:06 +, Aron Xu wrote: > On Wed, Jul 17, 2019 at 01:41:12AM +, Aron Xu wrote: > > We would like to apply a single-line patch in addition to spl- > > linux/0.7.12-2 > > which fixes a deadlock[1], please see the changes in debdiff. > > > > [1] > > https://github.com/zfsonlinux/spl/commit/cb4464f1549087794fdbe0f5ad2328618de2033e > > Please go ahead. Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
Control: tags -1 + confirmed On Sat, 2019-05-18 at 23:41 +0200, Sebastian Andrzej Siewior wrote: > On 2019-03-27 19:43:13 [+], Adam D. Barratt wrote: > > Sure. To make things easier to keep track of (at least for me), > > could > > you open a new bug for the 0.100.3 update, and we'll keep using > > this > > one for the effective transition. > > Please find attach a debdiff between 0.100.3 (current Stretch) and > 0.101.2 (Buster and proposed Stretch). > The package is unchanged since I created the bug. I have no idea who > is > waiting here for whom but I *think* the stable team waited for an > update. In case it is not, I am back to patience mode :) Indeed, and then we dropped the ball again. :-( Let's get this going. Regards, Adam
Processed: Re: Bug#931282: unblock: s-nail/14.9.11-3
Processing control commands: > tags -1 + moreinfo Bug #931282 [release.debian.org] buster-pu: package s-nail/14.9.11-2+deb10u1 Added tag(s) moreinfo. -- 931282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931282 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931282: unblock: s-nail/14.9.11-3
Control: tags -1 + moreinfo On Mon, 2019-07-01 at 10:49 +0200, Paride Legovini wrote: > Paul Gevers wrote on 30/06/2019: > > > Hi Paride, > > > > On 30-06-2019 14:55, Paride Legovini wrote: > > > Please unblock package s-nail. Version 14.9.11-3 contains a > > > targeted fix for > > > #930691 I've got from upstream. The debdiff between -2 and -3 is > > > attached. > > > > The time for unblocks for buster has come and gone. The deadline > > was > > last Tuesday, we are now in deep freeze. If you consider the bug > > severe > > enough (please fix the bug metadata if you do) you can consider a > > stable > > release update targeting buster (I have updated this bugs > > metadata), > > such that this can be fixed in the first point release. > > Thanks Paul, > > I'll call this a off-by-one-week error. I am sorry. At least I know > that > when I've got the patch for #930691 it was already too late for an > unblock. > > I reviewed the policy for stable release updates; while definitely a > deal breaker for some users I'm not sure #930691 qualifies as "a > truly > critical functionality problem". Affected users are those using the > GSSAPI + Kerberos authentication. > > What's the take of the stable release team here? Sorry for the delay in getting back to you. This looks like it would be OK for stable, but we would need a debdiff of a package built and tested on stable (and appropriately versioned), please. Regards, Adam
Processed: Re: Bug#932251: buster-pu: package spl-linux/0.7.12-2+deb10u1
Processing control commands: > tags -1 + confirmed Bug #932251 [release.debian.org] buster-pu: package spl-linux/0.7.12-2+deb10u1 Added tag(s) confirmed. -- 932251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
Processing control commands: > tags -1 + confirmed Bug #924278 [release.debian.org] stretch-pu: package clamav/0.101.2+dfsg-0+deb9u1 Added tag(s) confirmed. -- 924278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924278 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930795: unblock: ruby-airbrussh/1.3.2-1
Hello Adam, It certainly can't be 1.3.2-1+deb10u1, as that version number is higher > than the package in unstable. Either one would need to go with 1.3.1- > 2+deb10u1 with just the bug fix applied, or 1.3.2-1~deb10u1 with a > "backports-style" changelog containing both 1.3.2-1 and then the stable > update. In either case we would need a debdiff that reflects the chosen > approach. > > One thing that will need to be fixed in unstable first either way: > > Not built on buildd: arch all binaries uploaded by samueloph > > As per the d-d-a announcement, that will need a new source upload to > unstable to resolve, as arch:all can't be usefully binNMUed. > I just uploaded 1.3.3-1 (source-only) to unstable, can I just wait until it migrates to testing and then go with "1.3.2-1+deb10u1" ? If so, I will remove the "moreinfo" tag when it the package migrates to Testing (in 2 days) and we can use the latest debdiff on this thread. Thanks, -- Samuel Henrique
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u1_source.changes ACCEPT
Bug#935137:
Hello, > I forgot to add the patch to d/series, you'll find the updated debdiff > > attached. > > Please go ahead. > acme-tiny_4.0.4-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new -- Samuel Henrique
Bug#933125: systemd 241-7~deb10u1 flagged for acceptance
package release.debian.org tags 933125 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: systemd Version: 241-7~deb10u1 Explanation: network: Fix failure to bring up interface with Linux kernel 5.2; ask-password: Prevent buffer overflow when reading from keyring; network: Behave more gracefully when IPv6 has been disabled
Processed: systemd 241-7~deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 933125 = buster pending Bug #933125 [release.debian.org] buster-pu: package systemd/241-5+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 933125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933125 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#933769: buster-pu: package erlang-p1-pkix/1.0.0-3+deb10u1
Processing control commands: > tags -1 + confirmed Bug #933769 [release.debian.org] buster-pu: package erlang-p1-pkix/1.0.0-3+deb10u1 Added tag(s) confirmed. -- 933769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933769 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#933754: buster-pu: package mariadb-10.3 10.3.17-0+deb9u1
Control: tags -1 + moreinfo On Thu, 2019-08-08 at 19:23 +0200, Moritz Mühlenhoff wrote: > On Fri, Aug 02, 2019 at 10:48:53PM +0100, Otto Kekäläinen wrote: > > MariaDB 10.3.17 includes security fixes and a few bug fixes > > appropriate for a stable release. > > > > This bug report is intentionally void of the debdiff as I might > > still > > amend something, or the severity of the security issues might > > change > > on further investigation. > > > > See buster branch at > > https://salsa.debian.org/mariadb-team/mariadb-10.3/ > > > > > > Changelog: > > > > mariadb-10.3 (1:10.3.17-0+deb9u1) buster; urgency=high > > Should rather be +deb10u1, Buster is the tenth stable release. Indeed. However, as Otto said, there isn't a finalised diff included for checking. Regards, Adam
Processed: Re: Bug#933754: buster-pu: package mariadb-10.3 10.3.17-0+deb9u1
Processing control commands: > tags -1 + moreinfo Bug #933754 [release.debian.org] buster-pu: package mariadb-10.3 10.3.17-0+deb9u1 Added tag(s) moreinfo. -- 933754: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933754 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#934300: buster-pu: package apt/1.8.3~deb10u1
Processing control commands: > tags -1 + moreinfo Bug #934300 [release.debian.org] buster-pu: package apt/1.8.3~deb10u1 Added tag(s) moreinfo. -- 934300: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934300 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#934300: buster-pu: package apt/1.8.3~deb10u1
Control: tags -1 + moreinfo On Fri, 2019-08-09 at 11:50 +0200, Julian Andres Klode wrote: > I just uploaded 1.8.3 to unstable which includes a fix for HTTPS > proxying - when using the CONNECT method, we were sending the proxy's > host name in the Host header, where we should have sent the > destination > host name. > > This breaks ACLs on proxies that filter on that field and might thus > prevent access to HTTPS repositories over such proxies. > +apt (1.8.3) unstable; urgency=medium Please provide a debdiff for the proposed buster upload, as built and tested there. Regards, Adam
Bug#933769: buster-pu: package erlang-p1-pkix/1.0.0-3+deb10u1
Control: tags -1 + confirmed On Fri, 2019-08-16 at 11:03 +0200, Philipp Huebner wrote: > Control: tags -1 - moreinfo > > > Thanks for looking at fixing this is stable. The unstable upload is > > a > > pre-requisite to that, so tagging accordingly - please remove the > > "moreinfo" tag once the fix is in unstable. > > It is now. > Thanks. Please go ahead. Regards, Adam
Bug#935200: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1
Control: tags -1 + confirmed On Tue, 2019-08-20 at 22:37 +0200, Bernhard Schmidt wrote: > I'd like to update asterisk with a fix for two minor CVEs that have > been deemed > no-dsa. Exactly the same change (apart from the d/gbp.conf update for > the > Buster branch) has been uploaded to sid as -2 and migrated to testing > a month > ago. > Please go ahead. Regards, Adam
Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
Control: tags -1 + confirmed On Tue, 2019-08-20 at 13:33 +0300, Nikos Tsipinakis wrote: > I'd like to patch a use-after-free bug in newsboat. It was reported > in debian > in #898559[1] and fixed upstream[2]. While I haven't been able to > reproduce a > crash with it it's clear that it's there and I have received feedback > that it > indeed fixes the linked issue. > Please go ahead. Regards, Adam
Bug#934934: buster-pu: package piuparts/1.0.0+deb10u1
Control: tags -1 + confirmed On Fri, 2019-08-16 at 22:33 +0200, Holger Levsen wrote: > We'd like to update piuparts with the following changes in buster, > fixing a > bunch of rather important bugs (as well as one trivial wishlist bug > and a > trivial normal bug), including one for buster=stable (which missed > the buster > relase because 1.0.1 was not accepted). > Please go ahead. Regards, Adam
Processed: Re: Bug#935200: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #935200 [release.debian.org] buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1 Added tag(s) confirmed. -- 935200: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935200 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#934934: buster-pu: package piuparts/1.0.0+deb10u1
Processing control commands: > tags -1 + confirmed Bug #934934 [release.debian.org] buster-pu: package piuparts/1.0.0+deb10u1 Added tag(s) confirmed. -- 934934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934934 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#935165: buster-pu: package newsboat/2.13-1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #935165 [release.debian.org] buster-pu: package newsboat/2.13-1+deb10u1 Added tag(s) confirmed. -- 935165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#933839: buster-pu: package resource-agents/1:4.2.0-2+deb10u1
Processing control commands: > tags -1 + confirmed Bug #933839 [release.debian.org] buster-pu: package resource-agents/1:4.2.0-2+deb10u1 Added tag(s) confirmed. -- 933839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#933911: buster-pu: package pulseaudio
Processing control commands: > tags -1 + confirmed Bug #933911 [release.debian.org] buster-pu: package pulseaudio Added tag(s) confirmed. -- 933911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933911 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#933636: CVE-2019-14934
Processing control commands: > tags -1 + moreinfo Bug #933637 [release.debian.org] buster-pu: package pdfresurrect/0.15-2 Added tag(s) moreinfo. -- 933637: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933637 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#933911: buster-pu: package pulseaudio
Control: tags -1 + confirmed On Thu, 2019-08-15 at 11:28 -0400, Felipe Sateler wrote: > Control: tags -1 -moreinfo > > On Sun, Aug 11, 2019 at 9:53 AM Jonathan Wiltshire > wrote: > > Control: tag -1 moreinfo > > > > Hi, > > > > On Sun, Aug 04, 2019 at 09:31:37PM -0400, Felipe Sateler wrote: [...] > > > There is a bug affecting pulseaudio users: #913102. This bug > > causes the > > > mute state to be incorrectly restored. Some users have asked for > > the fix > > > (which is now on unstable), to be backported to buster given that > > GDM is > > > affected by this bug. The upstream patch fixing this issue is > > very > > > small[1]. Please go ahead; thanks. Regards, Adam
Bug#933839: buster-pu: package resource-agents/1:4.2.0-2+deb10u1
Control: tags -1 + confirmed On Sun, 2019-08-04 at 11:08 +0200, Valentin Vidic wrote: > * ethmonitor: does not list interfaces without assigned IP address > * ZFS: monitoring action broken by a bashism bug > * Xen: toolstack detection generates warnings in the logs > Please go ahead. Regards, Adm
Processed: Re: Bug#933636: CVE-2019-14934
Processing control commands: > tags -1 + moreinfo Bug #933636 [release.debian.org] stretch-pu: package pdfresurrect/0.12-6 Added tag(s) moreinfo. -- 933636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933636 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#933636: CVE-2019-14934
Control: tags -1 + moreinfo On Tue, 2019-08-13 at 23:29 -0700, Francois Marier wrote: > There is now an additional CVE that affects pdfresurrect in buster > and > stretch: > > https://security-tracker.debian.org/tracker/CVE-2019-14934 > > Neither this one or CVE-2019-14267 are deemed worthy of a DSA > however. > > If you approve the first upload I have prepared for buster and > stretch, I > will revise it to include the fix for this second CVE, but I will > wait for > your initial approval before putting any more work into this. It looks OK to me. Tagging moreinfo until there's a final diff. Regards, Adam
Processed: Re: Bug#933175: buster-pu: package fig2dev/1:3.2.7a-5
Processing control commands: > tags -1 + confirmed Bug #933175 [release.debian.org] buster-pu: package fig2dev/1:3.2.7a-5 Added tag(s) confirmed. -- 933175: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933175 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#933369: buster-pu: package dma/0.11-1+deb10u1
Control: tags -1 + confirmed On Mon, 2019-07-29 at 21:13 +0200, Laurent Bigonville wrote: > dma currently use the TLSv1_client_method() function that means that > it > only support TLS 1.0 which is considered deprecated (and forbidden by > PCI certification). > > For what I can read, major providers are planning to remove support > for > TLS 1.0 and TLS 1.1 current 2020. > > The attached patches (cherry-picked from upstream) are switching to > the > "version-flexible" function (TLS_client_method()) > Please go ahead. Regards, Adam
Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1
Control: tags -1 + confirmed On Thu, 2019-08-08 at 21:33 +0200, Hugo Lefeuvre wrote: > Hi Salvatore, > > > > Done! You can find an updated debdiff for buster in attachement. > > > The new > > > debdiff ships CVE-2019-5058.patch which addresses the remaining > > > issue in > > > IMG_xcf.c. > > > > Is the attachment missing? > > Right, attachment is missing! Better now :) > Please go ahead; thanks. Regards, Adam
Bug#933175: buster-pu: package fig2dev/1:3.2.7a-5
Control: tags -1 + confirmed On Sat, 2019-07-27 at 11:30 +0200, Roland Rosenfeld wrote: > This fixes CVE-2019-14275 in buster. Since this is tagged > "unimportant" by the security team on > https://security-tracker.debian.org/tracker/CVE-2019-14275 they won't > publish a DSA, so I tend to send this into the next point release of > buster. > > Attached you'll find the diff agains 3.2.7a-5. The patch is a little > longer, because I included the test code to check for this > vulnerability and code for the salsa CI pipeline. Please go ahead. Regards, Adam
Processed: Re: Bug#933369: buster-pu: package dma/0.11-1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #933369 [release.debian.org] buster-pu: package dma/0.11-1+deb10u1 Added tag(s) confirmed. -- 933369: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933369 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#933147: buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #933147 [release.debian.org] buster-pu: package libsdl2-image/2.0.4+dfsg1+deb10u1 Added tag(s) confirmed. -- 933147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933147 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#935200: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, I'd like to update asterisk with a fix for two minor CVEs that have been deemed no-dsa. Exactly the same change (apart from the d/gbp.conf update for the Buster branch) has been uploaded to sid as -2 and migrated to testing a month ago. Debdiff attached. Bernhard diff -Nru asterisk-16.2.1~dfsg/debian/changelog asterisk-16.2.1~dfsg/debian/changelog --- asterisk-16.2.1~dfsg/debian/changelog 2019-03-07 23:13:24.0 +0100 +++ asterisk-16.2.1~dfsg/debian/changelog 2019-08-20 22:31:33.0 +0200 @@ -1,3 +1,13 @@ +asterisk (1:16.2.1~dfsg-1+deb10u1) buster; urgency=medium + + * AST-2019-002 / CVE-2019-12827 +Buffer overflow in res_pjsip_messaging (Closes: #931980) + * AST-2019-003 / CVE-2019-13161 +Remote Crash Vulnerability in chan_sip (Closes: #931981) + * d/gbp.conf: Update for Buster branch + + -- Bernhard Schmidt Tue, 20 Aug 2019 22:31:36 +0200 + asterisk (1:16.2.1~dfsg-1) unstable; urgency=medium * New upstream version 16.2.1~dfsg diff -Nru asterisk-16.2.1~dfsg/debian/gbp.conf asterisk-16.2.1~dfsg/debian/gbp.conf --- asterisk-16.2.1~dfsg/debian/gbp.conf2019-03-07 23:13:24.0 +0100 +++ asterisk-16.2.1~dfsg/debian/gbp.conf2019-08-20 22:31:33.0 +0200 @@ -4,3 +4,4 @@ pristine-tar = True sign-tags = True filter = .gitignore +debian-branch = buster diff -Nru asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch --- asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch 1970-01-01 01:00:00.0 +0100 +++ asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch 2019-08-20 22:31:33.0 +0200 @@ -0,0 +1,40 @@ +From 785bf3a755e47d92caef110e6040295764d08127 Mon Sep 17 00:00:00 2001 +From: George Joseph +Date: Wed, 12 Jun 2019 12:03:04 -0600 +Subject: [PATCH] res_pjsip_messaging: Check for body in in-dialog message + +We now check that a body exists and it has a length > 0 before +attempting to process it. + +ASTERISK-28447 +Reported-by: Gil Richard + +Change-Id: Ic469544b22ab848734636588d4c93426cc6f4b1f +--- + res/res_pjsip_messaging.c | 9 ++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c +index 0e10a8f047..930cf84a53 100644 +--- a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c +@@ -90,10 +90,13 @@ static enum pjsip_status_code check_content_type_in_dialog(const pjsip_rx_data * + static const pj_str_t text = { "text", 4}; + static const pj_str_t application = { "application", 11}; + ++ if (!(rdata->msg_info.msg->body && rdata->msg_info.msg->body->len > 0)) { ++ return res; ++ } ++ + /* We'll accept any text/ or application/ content type */ +- if (rdata->msg_info.msg->body && rdata->msg_info.msg->body->len +- && (pj_stricmp(>msg_info.msg->body->content_type.type, ) == 0 +- || pj_stricmp(>msg_info.msg->body->content_type.type, ) == 0)) { ++ if (pj_stricmp(>msg_info.msg->body->content_type.type, ) == 0 ++ || pj_stricmp(>msg_info.msg->body->content_type.type, ) == 0) { + res = PJSIP_SC_OK; + } else if (rdata->msg_info.ctype + && (pj_stricmp(>msg_info.ctype->media.type, ) == 0 +-- +2.21.0 + diff -Nru asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch --- asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch 1970-01-01 01:00:00.0 +0100 +++ asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch 2019-08-20 22:31:33.0 +0200 @@ -0,0 +1,39 @@ +From 1e4df0215af4f192ed06a7fc7589c799f1ec6091 Mon Sep 17 00:00:00 2001 +From: Francesco Castellano +Date: Fri, 28 Jun 2019 18:15:31 +0200 +Subject: [PATCH] chan_sip: Handle invalid SDP answer to T.38 re-invite + +The chan_sip module performs a T.38 re-invite using a single media +stream of udptl, and expects the SDP answer to be the same. + +If an SDP answer is received instead that contains an additional +media stream with no joint codec a crash will occur as the code +assumes that at least one joint codec will exist in this +scenario. + +This change removes this assumption. + +ASTERISK-28465 + +Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87 +--- + +diff --git a/channels/chan_sip.c b/channels/chan_sip.c +index 898b646..a609ff8 100644 +--- a/channels/chan_sip.c b/channels/chan_sip.c +@@ -10965,7 +10965,13 @@ + ast_rtp_lookup_mime_multiple2(s3, NULL, newnoncodeccapability, 0, 0)); + } + +- if (portno != -1 || vportno != -1 || tportno != -1) { ++ /* When UDPTL is negotiated it is expected that there are no compatible codecs as audio or ++ * video is not being transported, thus we continue in this function further up if that is
Bug#933125: buster-pu: package systemd/241-5+deb10u1
Hi, Apologies for missing your mail originally. On Sun, 2019-08-18 at 19:36 +0200, Michael Biebl wrote: > Hi Adam > > Am 16.08.19 um 22:08 schrieb Adam D. Barratt: > > Control: tags -1 + confirmed > > > > On Fri, 2019-07-26 at 21:43 +0200, Michael Biebl wrote: [...] > > > 241-5+deb10u1 is identical to 241-7 which has been uploaded to > > > unstable/bullseye and we haven't received any regression reports > > > so > > > far. > > > > In that case, feel free to make it -7~deb10u1, with the appropriate > > changelog wrangling, if that would be preferable. > > I considered adding a changelog entry like this as it seemed the most > obvious correct one: > > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +systemd (241-7~deb10u1) buster; urgency=medium > + > + * Rebuild for buster > + > + -- Michael Biebl Sat, 17 Aug 2019 11:00:59 > +0200 > + > systemd (241-7) unstable; urgency=medium > >[ Michael Biebl ] [...] > But this then triggers warnings from dpkg-genchanges: > > dpkg-genchanges: warning: the current version (241-7~deb10u1) is > earlier than the previous one (241-7) > > and lintian: > W: systemd: latest-debian-changelog-entry-without-new-version [...] > Adam, so I wonder, what's the proper changelog wrangling in this > case? I would say this and ignore the warnings. It looks like you already did that. :-) Regards, Adam
Bug#932522: buster-pu: package pam-u2f/1.0.7-1
Control: tags -1 + confirmed On Tue, 2019-08-13 at 01:15 +0200, Nicolas Braud-Santoni wrote: [...] > On Fri, Jul 26, 2019 at 04:13:20PM -0300, Adam D. Barratt wrote: > > On 2019-07-20 11:15, Nicolas Braud-Santoni wrote: > > > Here is an updated debdiff; the only modification is in the > > > changelog, > > > as I forgot to close #930047 there. > > > > + * Backport a reliability fix > > +pam-u2f could previously segfault following a failure to > > allocate a > > buffer. > > > > I assume this is backported from the version of the package > > currently in unstable? > > Yes, all the fixes are backported from upstream's 1.0.8, which is > currently in sid and bullseye. [...] > > +pam-u2f (1.0.7-1+deb10u1) buster-proposed-updates; urgency=high > > > > Just "buster", please. > > Fixed, thanks for the catch. > May I go ahead and upload? Updated debdiff attached Please do. Regards, Adam
Processed: Re: Bug#932522: buster-pu: package pam-u2f/1.0.7-1
Processing control commands: > tags -1 + confirmed Bug #932522 [release.debian.org] buster-pu: package pam-u2f/1.0.7-1 Added tag(s) confirmed. -- 932522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932522 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#932193: buster-pu: package netdata/1.12.0-1+deb10u1
Control: tags -1 + confirmed On Tue, 2019-07-16 at 15:46 +0200, Daniel Baumann wrote: > attached is the diff for netdata with cherry-picked patches from > later > Debian uploads to disable spying on users and a couple of other > important things. > Please go ahead. Regards, Adam
Processed: Re: Bug#932193: buster-pu: package netdata/1.12.0-1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #932193 [release.debian.org] buster-pu: package netdata/1.12.0-1+deb10u1 Added tag(s) confirmed. -- 932193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932193 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#931766: buster-pu: package openvswitch/2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u1 - new debdiff
Processing control commands: > tags -1 + confirmed Bug #931766 [release.debian.org] buster-pu: package openvswitch/2.10.0+2018.08.28+git.8ca7c82b7d+ds1-13 Added tag(s) confirmed. -- 931766: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931766 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931967: buster-pu: package libtk-img/1:1.4.8+dfsg-1+deb10u1 pre-approval
Control: tags -1 + confirmed On Mon, 2019-07-29 at 10:37 +0300, Sergei Golovan wrote: > Hi Adam, > > On Fri, Jul 26, 2019 at 10:32 PM Adam D. Barratt > wrote: > > On 2019-07-13 01:19, Sergei Golovan wrote: > > > I'd like to fix #931422 (see [1]) for buster (the bug is already > > > fixed > > > in unstable and prospectively in testing). > > > > > > The diff with the current 1:1.4.8+dfsg-1 is attaced, it's fairly > > > small. > > > > What are the implications of the change on functionality and > > consumers > > of the library? > > To my knowledge, the functionality doesn't change. It definitely > doesn't change on a script level, > on a C level there are a few internal symbols that won't be available > in the fixed library (e.g. TkimgTIFFInitJpeg), though they aren't > exported, they aren't listed in `objdump -T libtkimgtiff*.so`, > and they aren't supposed to be used by a caller to this library (and > noone calls them indeed). OK, thanks. Please go ahead. Regards, Adam
Bug#931126: unblock: enigmail/2:2.0.11+ds1-2
Control: tags -1 + moreinfo On Sat, 2019-07-20 at 23:43 -0400, Daniel Kahn Gillmor wrote: > On Sat 2019-07-20 21:41:12 -0300, Jonathan Wiltshire wrote: > > Hi, > > > > On Mon, Jul 01, 2019 at 01:21:22PM -0400, Daniel Kahn Gillmor > > wrote: > > > On Sun 2019-06-30 20:01:21 +0200, Paul Gevers wrote: > > > > The time for unblocks for buster has come and gone. The > > > > deadline was > > > > last Tuesday, we are now in deep freeze and we were not able to > > > > process > > > > your unblock request and give it an exception. I assume this > > > > should be > > > > fixed via the security archive, please confirm that (and I'll > > > > fix this > > > > bugs metadata). Otherwise I propose you prepare a stable > > > > release update > > > > targeting buster, such that this can be fixed in the first > > > > point release. > > > > > > I'm fine with this going through either security or the first > > > buster > > > point release. So yes, Paul, if you can update this issue to be > > > treated > > > as a security issue, that would be great. > > > > Would you prefer to do this as a security upload (in which case > > this > > unblock bug should be closed) or as a no-dsa (we will repurpose it > > for a > > p-u)? > > At this point, given the upstream changes and the issues with the SKS > keyserver network, i think we should aim to import 2.0.12 into > buster, not 2.0.11. > > I would love it if someone else wants to step up and help with this. > I'm currently working on an update to GnuPG for buster, and have not > had time yet to do the 2.0.12 upload for Buster (either as a security > or point release). Tagging as moreinfo for now, until there's a definite plan and diff either way. Regards, Adam
Processed: Re: Bug#931126: unblock: enigmail/2:2.0.11+ds1-2
Processing control commands: > tags -1 + moreinfo Bug #931126 [release.debian.org] buster-pu: package enigmail Added tag(s) moreinfo. -- 931126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931766: buster-pu: package openvswitch/2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u1 - new debdiff
Control: tags -1 + confirmed On Mon, 2019-07-29 at 16:52 +0200, Thomas Goirand wrote: > On 7/22/19 1:47 AM, Jonathan Wiltshire wrote: > > Seem to be some merge artefacts here, including possibly an entire > > duplicate entry? > > Indeed. Sorry for my mistake. Please find attached, the new (cleaner) > debdiff for this p-u. > Please go ahead. Regards, Adam
Processed: Re: Bug#931967: buster-pu: package libtk-img/1:1.4.8+dfsg-1+deb10u1 pre-approval
Processing control commands: > tags -1 + confirmed Bug #931967 [release.debian.org] buster-pu: package libtk-img/1:1.4.8+dfsg-1+deb10u1 pre-approval Added tag(s) confirmed. -- 931967: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931967 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?
Processing control commands: > tags -1 + confirmed Bug #931358 [release.debian.org] buster-pu (pre-approval): musescore/2.3.2+dfsg2-7~deb10u1 Added tag(s) confirmed. -- 931358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931358 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?
Control: tags -1 + confirmed On Wed, 2019-07-03 at 14:31 +0200, Thorsten Glaser wrote: > retitle 931358 buster-pu (pre-approval): musescore/2.3.2+dfsg2- > 7~deb10u1 > thanks > > Hi again, > > now, with sensible amounts of coffee input, the debdiff as > prepared in git and of an actual .dsc/.changes ready for > uploading, attached. > Please go ahead; sorry for the delay. Regards, Adam
Re: Dropping mips architecture for bullseye and sid
On 20.08.19 15:17, Aurelien Jarno wrote: > Dear release team, > > On 2019-07-20 12:46, Aurelien Jarno wrote: >> Dear all, >> >> The mips architecture, supporting 32-bit big-endian MIPS CPUs, has >> been supported in Debian for more than 15 years. Due to the limited 2GB >> virtual address space and due to the fact this architecture is one of >> the last big-endian architecture Debian supports, the porting effort >> is increasingly difficult. On the other hand the interest for this >> architecture is going down, and with it the human resources available >> for porting is going down. >> >> Now that buster has been released, it is probably time to drop this >> architecture from bullseye and sid. Unless there is a sudden interest >> for this architecture, that is commitment from some new porters and new >> hardware for the build daemons, the plan is to ask for the ftpmasters >> to drop this architecture in about 4 weeks. > > This has now been one month, and nobody volunteered to help. Therefore > it's time to drop the "mips" architecture. From what I understood the > first step of the removal is to get rid of it in testing. Could you > please take care of that? > > Once it's done, I'll forward the request to ftpmasters. what's the plan for mips, keep it in ports, or remove it completely? what's the plan with mipsel?
Bug#934967: nmu: rebuild packages for binutils 2.32.51.x
On 17.08.19 15:32, Matthias Klose wrote: > Please binNUM these packages for the recent binutils upload to unstable: > > naev 0.7.0-2 > wcc 0.0.2+dfsg-3 (amd64 only) looking-glass 0+b1-1 is needed too.