NEW changes in stable-new
Processing changes file: debian-installer_20190702+deb10u4_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20190702+deb10u4_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20190702+deb10u4_amd64-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_armel-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_armhf-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_i386-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_mips-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_ppc64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20190702+deb10u4_arm64-buildd.changes ACCEPT Processing changes file: debian-installer_20190702+deb10u4_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-installer_20190702+deb10u4_source.changes ACCEPT
Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
On Mon, May 04, 2020 at 06:33:26PM +0200, Julien Cristau wrote: > > I think in this case it’s okay because of this NEWS entry: > > > > https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/ > I'm not sure how that makes it any better? NEWS is shown on upgrade at > best, so anyone installing this on buster won't see it. True; I haven’t thought about people who never had synapse installed before. In any case, I think anyone installing this on buster does follow the news about Matrix and probably tried to figure out how to upgrade. -- Cheers, Andrej
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Le 04/05/2020 à 18:53, Mattia Rizzolo a écrit :
> Hi,
>
> let me reply before adsb has a chance ;)
>
> On Mon, May 04, 2020 at 02:24:20PM +0200, Xavier wrote:
>> Finally I found a way to fix CVE and keep autopkgtest OK
>> (node-markdown-it-html5-embed). Here is a debdiff for a future point release
>
> This is good, however,
>
>> diff --git a/debian/changelog b/debian/changelog
>> index b985661..64df8db 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog
>> @@ -1,3 +1,11 @@
>> +node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
>> +
>> + * Team upload
>> + * Disallow calling "helperMissing" and "blockHelperMissing" directly
>> +(Closes: CVE-2019-19919)
>> +
>> + -- Xavier Guimard Mon, 04 May 2020 14:21:11 +0200
>
> By now 3:4.1.0-1+deb10u1 is already accepted in p-u, built and all, and
> it can't really be removed from there and replaced by a same-versined
> pacakge.
>
> Please prepare a +deb10u2 version, and post here a debdiff against the
> already uploaded +deb10u1 one.
Is it good so ?
diff --git a/debian/changelog b/debian/changelog
index 95811b9..e49c409 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-handlebars (3:4.1.0-1+deb10u2) buster; urgency=medium
+
+ * Fix regression introduced in 3:4.1.0-1+deb10u1
+
+ -- Xavier Guimard Mon, 04 May 2020 22:01:16 +0200
+
node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019-19919.patch
b/debian/patches/CVE-2019-19919.patch
index f63f106..d34e77a 100644
--- a/debian/patches/CVE-2019-19919.patch
+++ b/debian/patches/CVE-2019-19919.patch
@@ -75,6 +75,21 @@ Last-Update: 2019-12-30
);
}
+--- a/lib/handlebars/helpers.js
b/lib/handlebars/helpers.js
+@@ -15,3 +15,12 @@
+ registerLookup(instance);
+ registerWith(instance);
+ }
++
++export function moveHelperToHooks(instance, helperName, keepHelper) {
++ if (instance.helpers[helperName]) {
++instance.hooks[helperName] = instance.helpers[helperName];
++if (!keepHelper) {
++ delete instance.helpers[helperName];
++}
++ }
++}
--- a/lib/handlebars/runtime.js
+++ b/lib/handlebars/runtime.js
@@ -1,6 +1,7 @@
Bug#946779: marked as done (buster-pu: package logrotate/3.14.0-4)
Your message dated Mon, 4 May 2020 21:40:21 +0200 with message-id and subject line Re: Bug#946779: buster-pu: package logrotate/3.14.0-4 has caused the Debian Bug report #946779, regarding buster-pu: package logrotate/3.14.0-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 946779: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu With version 3.14.0 [1] logrotate split the configuration for btmp and wtmp into separate configuration files. There are bug reports regarding this issue: 945932, 928516, 922045. Package version 3.14.0-4+deb10u1 adds a NEWS entry about this change. The packaging can be found at [2]. An upload can be found at [3]. <> debdiff diff -Nru logrotate-3.14.0/debian/changelog logrotate-3.14.0/debian/changelog --- logrotate-3.14.0/debian/changelog 2018-08-29 00:21:11.0 +0200 +++ logrotate-3.14.0/debian/changelog 2019-12-15 18:53:33.0 +0100 @@ -1,3 +1,9 @@ +logrotate (3.14.0-4+deb10u1) stable; urgency=medium + + * d/NEWS: add entry about (b|w)tmp config split + + -- Christian Göttsche Sun, 15 Dec 2019 18:53:33 +0100 + logrotate (3.14.0-4) unstable; urgency=medium * d/control: diff -Nru logrotate-3.14.0/debian/NEWS logrotate-3.14.0/debian/NEWS --- logrotate-3.14.0/debian/NEWS2018-08-29 00:21:11.0 +0200 +++ logrotate-3.14.0/debian/NEWS2019-12-15 18:53:33.0 +0100 @@ -1,3 +1,17 @@ +logrotate (3.14.0-1) unstable; urgency=medium + + The shipped configurations for "/var/log/btmp" and "/var/log/wtmp" have + been split from the main configuration file (/etc/logrotate.conf) into + separate standalone files (/etc/logrotate.d/btmp respectively + /etc/logrotate.d/wtmp). + + If you had modified /etc/logrotate.conf in this regard, make sure + to re-adjust the two new files to your needs and drop any references to + (b|w)tmp from the main file, to avoid logrotate skip rotation due to a + duplicate definition. + + -- Christian Göttsche Sun, 15 Dec 2019 18:49:00 +0200 + logrotate (3.8.0-1) experimental; urgency=low Please note that this update changes the behaviour of logrotate: <---> debdiff end Best regards, Christian Göttsche [1] https://github.com/logrotate/logrotate/blob/master/ChangeLog.md [2] https://salsa.debian.org/debian/logrotate/tree/stable-buster [3] https://mentors.debian.net/package/logrotate --- End Message --- --- Begin Message --- Closed via adding a section to release notes, see #959191--- End Message ---
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Hi, let me reply before adsb has a chance ;) On Mon, May 04, 2020 at 02:24:20PM +0200, Xavier wrote: > Finally I found a way to fix CVE and keep autopkgtest OK > (node-markdown-it-html5-embed). Here is a debdiff for a future point release This is good, however, > diff --git a/debian/changelog b/debian/changelog > index b985661..64df8db 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,11 @@ > +node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium > + > + * Team upload > + * Disallow calling "helperMissing" and "blockHelperMissing" directly > +(Closes: CVE-2019-19919) > + > + -- Xavier Guimard Mon, 04 May 2020 14:21:11 +0200 By now 3:4.1.0-1+deb10u1 is already accepted in p-u, built and all, and it can't really be removed from there and replaced by a same-versined pacakge. Please prepare a +deb10u2 version, and post here a debdiff against the already uploaded +deb10u1 one. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
On Mon, May 4, 2020 at 18:30:23 +0200, Andrej Shadura wrote: > On Mon, May 04, 2020 at 03:35:25PM +0200, Julien Cristau wrote: > > On Mon, May 04, 2020 at 03:30:53PM +0200, Andrej Shadura wrote: > > > Synapse 0.99 was never meant to be a properly usable release in buster, > > > and it was only included as some sort of a plug to make upgrades a tiny > > > bit easier for users — they were supposed to upgrade the package to the > > > version from backports almost immediately. > > > > > > However, the time when this version was usable has definitely passed. It > > > has a bunch of security issues fixed in the newer releases, and the > > > effort of porting them back is significant, while most probably everyone > > > running synapse on buster is on the version from backports or the > > > version from the upstream. > > > > > > Please remove matrix-synapse from buster only. > > > That is terrible practice. Shipping something in stable is a commitment > > to support it throughout the release's lifetime. Removing it from > > stable doesn't remove it from user systems, doesn't communicate to them > > that it is not fit for purpose, or anything like that. Please > > reconsider your strategy here. > > I think in this case it’s okay because of this NEWS entry: > > https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/ > I'm not sure how that makes it any better? NEWS is shown on upgrade at best, so anyone installing this on buster won't see it. Cheers, Julien
Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
On Mon, May 04, 2020 at 03:35:25PM +0200, Julien Cristau wrote: > On Mon, May 04, 2020 at 03:30:53PM +0200, Andrej Shadura wrote: > > Synapse 0.99 was never meant to be a properly usable release in buster, > > and it was only included as some sort of a plug to make upgrades a tiny > > bit easier for users — they were supposed to upgrade the package to the > > version from backports almost immediately. > > > > However, the time when this version was usable has definitely passed. It > > has a bunch of security issues fixed in the newer releases, and the > > effort of porting them back is significant, while most probably everyone > > running synapse on buster is on the version from backports or the > > version from the upstream. > > > > Please remove matrix-synapse from buster only. > That is terrible practice. Shipping something in stable is a commitment > to support it throughout the release's lifetime. Removing it from > stable doesn't remove it from user systems, doesn't communicate to them > that it is not fit for purpose, or anything like that. Please > reconsider your strategy here. I think in this case it’s okay because of this NEWS entry: https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/ -- Cheers, Andrej
Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
On Mon, May 04, 2020 at 03:30:53PM +0200, Andrej Shadura wrote: > Synapse 0.99 was never meant to be a properly usable release in buster, > and it was only included as some sort of a plug to make upgrades a tiny > bit easier for users — they were supposed to upgrade the package to the > version from backports almost immediately. > > However, the time when this version was usable has definitely passed. It > has a bunch of security issues fixed in the newer releases, and the > effort of porting them back is significant, while most probably everyone > running synapse on buster is on the version from backports or the > version from the upstream. > > Please remove matrix-synapse from buster only. > That is terrible practice. Shipping something in stable is a commitment to support it throughout the release's lifetime. Removing it from stable doesn't remove it from user systems, doesn't communicate to them that it is not fit for purpose, or anything like that. Please reconsider your strategy here. Cheers, Julien
Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Synapse 0.99 was never meant to be a properly usable release in buster, and it was only included as some sort of a plug to make upgrades a tiny bit easier for users — they were supposed to upgrade the package to the version from backports almost immediately. However, the time when this version was usable has definitely passed. It has a bunch of security issues fixed in the newer releases, and the effort of porting them back is significant, while most probably everyone running synapse on buster is on the version from backports or the version from the upstream. Please remove matrix-synapse from buster only. - -- Cheers, Andrej -BEGIN PGP SIGNATURE- iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl6wGQYUHGFuZHJld3No QGRlYmlhbi5vcmcACgkQXkCM2RzYOdIOBQgApcBo4SaRyku51aDRpwXOO4NIDYU5 OSYiz9T5/zIcfemivOt52ZieEunwA5aq2xNApkhuqVGGi5Y3n8MPgTWC9ZNDLUjv iCGx9UKEFJWXYCyrk31nqs+Ljazpg3CU2wGbkdilHb5RX6/QWQU5Rn+OzKITxOfI +0C+7+LqAVNDE5G1J2sZqrIqx0kCEaOeWOYHFI00yfENxiYWmM2nNUz+vpwYW3jW MI0v7baYIxc54vguWTh/LWFh6ScgMRwoEJe1Q2LpEOCyjCuN44e8l57VLjrFXt/c OQl2NAQT0JtHAyyrfjl+AsdXtLecy8gCiST4pLGCjVVGxLvlcP0UKJmTow== =gXcO -END PGP SIGNATURE-
Bug#959133: release.debian.org: Transition for gsl
On 4 May 2020 at 09:27, Graham Inggs wrote: | Control: tags -1 + confirmed | | Hi Dirk | | On Wed, 29 Apr 2020 at 21:33, Dirk Eddelbuettel wrote: | > GNU GSL 2.6 was release last fall; the package is stable and does not move | > too much upstream. It has been in 'auto transition' for a while following my | > initial upload to experimental. Could we maybe nudge it towards transition? | | Please go ahead and upload to unstable. Will do! Thanks for the help with this. Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Le 04/05/2020 à 11:54, Adam D. Barratt a écrit :
> On Mon, 2020-05-04 at 11:36 +0200, Xavier wrote:
>> Le 02/05/2020 à 11:58, Adam D. Barratt a écrit :
>>> On Sat, 2020-04-25 at 21:30 +0200, Paul Gevers wrote:
Hi Xavier,
On Sat, 8 Feb 2020 08:23:25 +0100 Xavier wrote:
> Le 07/02/2020 à 20:16, Adam D. Barratt a écrit :
>> On Sat, 2020-01-25 at 20:40 +, Adam D. Barratt wrote:
>> This apparently causes regressions in the autopkgtests of
>> node-
>> markdown-it-html5-embed, which you also most recently
>> uploaded -
>> see
>> https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed[]=stable[]=amd64
>>
>> Is this enough of an issue to not include the node-handlebars
>> update?
>>
>> Regards,
>>
>> Adam
>
> Hi,
>
> then please defer node-handlebars update until I understand
> what
> happens.
Did you figure this out in the mean time? The next point release
is
going to happen on 9 May 2020, so it would be good to know if the
package can be included.
>>>
>>> Ping?
>>>
>>> Regards,
>>>
>>> Adam
>>
>> Hi,
>>
>> Sorry for the delay.
>>
>> handlebar patch is based on some other commits, its test succeeds but
>> renders it unusable as shown by node-markdown-it-html5-embed
>> regression.
>> I've to pick some other commits...
>
> Thanks for getting back to us.
>
> The window for getting fixes into 10.4 closed yesterday, so I guess
> we'll be excluding node-handlebars again?
>
> Regards,
>
> Adam
Finally I found a way to fix CVE and keep autopkgtest OK
(node-markdown-it-html5-embed). Here is a debdiff for a future point release
Cheers,
Xavier
diff --git a/debian/changelog b/debian/changelog
index b985661..64df8db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Disallow calling "helperMissing" and "blockHelperMissing" directly
+(Closes: CVE-2019-19919)
+
+ -- Xavier Guimard Mon, 04 May 2020 14:21:11 +0200
+
node-handlebars (3:4.1.0-1) unstable; urgency=medium
* New upstream version 4.1.0 (Closes: #923042)
diff --git a/debian/patches/CVE-2019-19919.patch
b/debian/patches/CVE-2019-19919.patch
new file mode 100644
index 000..d34e77a
--- /dev/null
+++ b/debian/patches/CVE-2019-19919.patch
@@ -0,0 +1,228 @@
+Description: Disallow calling "helperMissing" and "blockHelperMissing" directly
+ Fix for CVE-2019-19919
+Author: Nils Knappmeier
+Origin: upstream, https://github.com/wycats/handlebars.js/commit/2078c72
+Bug: https://github.com/wycats/handlebars.js/issues/1558
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard
+Last-Update: 2019-12-30
+
+--- a/lib/handlebars/compiler/javascript-compiler.js
b/lib/handlebars/compiler/javascript-compiler.js
+@@ -311,7 +311,7 @@
+ // replace it on the stack with the result of properly
+ // invoking blockHelperMissing.
+ blockValue: function(name) {
+-let blockHelperMissing = this.aliasable('helpers.blockHelperMissing'),
++let blockHelperMissing =
this.aliasable('container.hooks.blockHelperMissing'),
+ params = [this.contextName(0)];
+ this.setupHelperArgs(name, 0, params);
+
+@@ -329,7 +329,7 @@
+ // On stack, after, if lastHelper: value
+ ambiguousBlockValue: function() {
+ // We're being a bit cheeky and reusing the options value from the prior
exec
+-let blockHelperMissing = this.aliasable('helpers.blockHelperMissing'),
++let blockHelperMissing =
this.aliasable('container.hooks.blockHelperMissing'),
+ params = [this.contextName(0)];
+ this.setupHelperArgs('', 0, params, true);
+
+@@ -622,18 +622,31 @@
+ // If the helper is not found, `helperMissing` is called.
+ invokeHelper: function(paramSize, name, isSimple) {
+ let nonHelper = this.popStack(),
+-helper = this.setupHelper(paramSize, name),
+-simple = isSimple ? [helper.name, ' || '] : '';
++helper = this.setupHelper(paramSize, name);
+
+-let lookup = ['('].concat(simple, nonHelper);
++let possibleFunctionCalls = [];
++
++if (isSimple) { // direct call to helper
++ possibleFunctionCalls.push(helper.name);
++}
++// call a function from the input object
++possibleFunctionCalls.push(nonHelper);
+ if (!this.options.strict) {
+- lookup.push(' || ', this.aliasable('helpers.helperMissing'));
++
possibleFunctionCalls.push(this.aliasable('container.hooks.helperMissing'));
+ }
+-lookup.push(')');
+-
+-this.push(this.source.functionCall(lookup, 'call', helper.callParams));
++let functionLookupCode = ['(',
this.itemsSeparatedBy(possibleFunctionCalls, '||'), ')'];
++let functionCall = this.source.functionCall(functionLookupCode, 'call',
helper.callParams);
++this.push(functionCall);
+ },
+
++ itemsSeparatedBy: function(items, separator) {
++let result = [];
++result.push(items[0]);
++for (let i
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Le 04/05/2020 à 11:54, Adam D. Barratt a écrit : > On Mon, 2020-05-04 at 11:36 +0200, Xavier wrote: >> Le 02/05/2020 à 11:58, Adam D. Barratt a écrit : >>> On Sat, 2020-04-25 at 21:30 +0200, Paul Gevers wrote: Hi Xavier, On Sat, 8 Feb 2020 08:23:25 +0100 Xavier wrote: > Le 07/02/2020 à 20:16, Adam D. Barratt a écrit : >> On Sat, 2020-01-25 at 20:40 +, Adam D. Barratt wrote: >> This apparently causes regressions in the autopkgtests of >> node- >> markdown-it-html5-embed, which you also most recently >> uploaded - >> see >> https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed[]=stable[]=amd64 >> >> Is this enough of an issue to not include the node-handlebars >> update? >> >> Regards, >> >> Adam > > Hi, > > then please defer node-handlebars update until I understand > what > happens. Did you figure this out in the mean time? The next point release is going to happen on 9 May 2020, so it would be good to know if the package can be included. >>> >>> Ping? >>> >>> Regards, >>> >>> Adam >> >> Hi, >> >> Sorry for the delay. >> >> handlebar patch is based on some other commits, its test succeeds but >> renders it unusable as shown by node-markdown-it-html5-embed >> regression. >> I've to pick some other commits... > > Thanks for getting back to us. > > The window for getting fixes into 10.4 closed yesterday, so I guess > we'll be excluding node-handlebars again? Yes, I've not enough time to fix this Cheers, Xavier
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
On Mon, 2020-05-04 at 11:36 +0200, Xavier wrote: > Le 02/05/2020 à 11:58, Adam D. Barratt a écrit : > > On Sat, 2020-04-25 at 21:30 +0200, Paul Gevers wrote: > > > Hi Xavier, > > > > > > On Sat, 8 Feb 2020 08:23:25 +0100 Xavier wrote: > > > > Le 07/02/2020 à 20:16, Adam D. Barratt a écrit : > > > > > On Sat, 2020-01-25 at 20:40 +, Adam D. Barratt wrote: > > > > > This apparently causes regressions in the autopkgtests of > > > > > node- > > > > > markdown-it-html5-embed, which you also most recently > > > > > uploaded - > > > > > see > > > > > https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed[]=stable[]=amd64 > > > > > > > > > > Is this enough of an issue to not include the node-handlebars > > > > > update? > > > > > > > > > > Regards, > > > > > > > > > > Adam > > > > > > > > Hi, > > > > > > > > then please defer node-handlebars update until I understand > > > > what > > > > happens. > > > > > > Did you figure this out in the mean time? The next point release > > > is > > > going to happen on 9 May 2020, so it would be good to know if the > > > package can be included. > > > > Ping? > > > > Regards, > > > > Adam > > Hi, > > Sorry for the delay. > > handlebar patch is based on some other commits, its test succeeds but > renders it unusable as shown by node-markdown-it-html5-embed > regression. > I've to pick some other commits... Thanks for getting back to us. The window for getting fixes into 10.4 closed yesterday, so I guess we'll be excluding node-handlebars again? Regards, Adam
Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Le 02/05/2020 à 11:58, Adam D. Barratt a écrit : > On Sat, 2020-04-25 at 21:30 +0200, Paul Gevers wrote: >> Hi Xavier, >> >> On Sat, 8 Feb 2020 08:23:25 +0100 Xavier wrote: >>> Le 07/02/2020 à 20:16, Adam D. Barratt a écrit : On Sat, 2020-01-25 at 20:40 +, Adam D. Barratt wrote: This apparently causes regressions in the autopkgtests of node- markdown-it-html5-embed, which you also most recently uploaded - see https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed[]=stable[]=amd64 Is this enough of an issue to not include the node-handlebars update? Regards, Adam >>> >>> Hi, >>> >>> then please defer node-handlebars update until I understand what >>> happens. >> >> Did you figure this out in the mean time? The next point release is >> going to happen on 9 May 2020, so it would be good to know if the >> package can be included. > > Ping? > > Regards, > > Adam Hi, Sorry for the delay. handlebar patch is based on some other commits, its test succeeds but renders it unusable as shown by node-markdown-it-html5-embed regression. I've to pick some other commits...
NEW changes in stable-new
Processing changes file: pango1.0_1.42.4-8~deb10u1_all.changes ACCEPT
Bug#959505: release.debian.org: Is erlang autoremoval is necessary?
On Sun, May 03, 2020 at 09:02:11PM +0200, Paul Gevers wrote: > > Alright, then I recommend this: > > reassign 958841 src:erlang 1:22.3.2+dfsg-1 > > clone 958841 -1 > > reassign -1 src:elixir-lang 1.9.1.dfsg-1.3 > > retitle -1 elixir-lang: incompatible with erlang 22 > > # consider also leaving a longer message somewhere…? > > close 958841 1:22.3.3+dfsg-1 > > > > Doing that should live a RC bug in elixir-lang, and cause its autorm in > > a while, and leave erlang where it is, letting it migrate to testing as > > soon as elixir-lang is out. The rm from testing of elixir-lang could be > > expedited if nothing happens. > > I agree with this approach. It leaves the maintainers of elixir-lang > some time to fix the situation. If they don't fix it, it will be removed > and erlang can migrate. Unless there is some issue that I am not aware > of that warrants a faster migration (and hence removal of elixir-lang). Very well, I've now send that to command@, and added a `summary` to the cloned bug to explain a bit what's happening. The new bug against elixir-lang is #959701. > Given the issue as I understand it, I don't want to binNMU it. I think > the binNMU'd package can migrate before erlang and then the package in > testing is broken (until erlang migrates) which isn't cool I don't think that would happen. bin:elixir depends on erlang-pcre-8.43, which is provided by bin:erlang-core in testing, but erlang-core in unstable only provides erlang-pcre-8.43-1 instead. (I believe that's the original cause of the breakage, an ABI break in that thing.) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#959133: release.debian.org: Transition for gsl
Control: tags -1 + confirmed Hi Dirk On Wed, 29 Apr 2020 at 21:33, Dirk Eddelbuettel wrote: > GNU GSL 2.6 was release last fall; the package is stable and does not move > too much upstream. It has been in 'auto transition' for a while following my > initial upload to experimental. Could we maybe nudge it towards transition? Please go ahead and upload to unstable. Regards Graham
Processed: Re: Bug#959133: release.debian.org: Transition for gsl
Processing control commands: > tags -1 + confirmed Bug #959133 [release.debian.org] release.debian.org: Transition for gsl Added tag(s) confirmed. -- 959133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959133 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u4_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: systemd_241-7~deb10u4_mipsel-buildd.changes ACCEPT
