Bug#989494: buster-pu: package http-parser/2.8.1-1

+0200 +++ http-parser-2.8.1/debian/changelog 2021-06-04 20:59:56.0 +0200 @@ -1,3 +1,10 @@ +http-parser (2.8.1-1+deb10u1) buster; urgency=medium + + * Cherry-pick "Support multi-coding Transfer-Encoding". +Closes: #977467 [CVE-2019-15605] + + -- Christoph Biedl Fri, 04 Jun

Bug#989701: buster-pu: package clevis/11-2+deb10u2

buster; urgency=medium + + * Cherry-pick "Bugfix: set pcr_bank from pcr_bank not pcr_hash +field". Closes: #989648 + + -- Christoph Biedl Wed, 09 Jun 2021 19:58:50 +0200 + clevis (11-2+deb10u1) buster; urgency=medium * Cherry-pick two comments to fix initramfs creation: Closes: #96

Bug#990237: unblock: aoetools/36-5

ebian/changelog --- aoetools-36/debian/changelog2019-02-26 01:05:45.0 +0100 +++ aoetools-36/debian/changelog2021-05-24 12:40:31.0 +0200 @@ -1,3 +1,17 @@ +aoetools (36-5) unstable; urgency=medium + + * postinst: Don't abort from failing module load + + -- Chri

Bug#989494: buster-pu: package http-parser/2.8.1-1

Christoph Biedl wrote... > there is a minor (non-DSA) security issue open in the Debian 10 > ("buster") version of http-parser, and I'd like to fix that in a stable > point release. This is #977467 [CVE-2019-15605]. Gentle ping? Should I upload right away? C

Bug#989494: buster-pu: package http-parser/2.8.1-1

Christoph Biedl wrote... > there is a minor (non-DSA) security issue open in the Debian 10 > ("buster") version of http-parser, and I'd like to fix that in a stable > point release. This is #977467 [CVE-2019-15605]. Now uploaded in the hope it will help to resolve t

Bug#987838: unblock: gnupg2/2.2.27-2

og 2021-04-22 20:40:36.0 +0200 @@ -1,3 +1,10 @@ +gnupg2 (2.2.27-2) unstable; urgency=medium + + * Add a NEWS entry about the end of support for ~/.gnupg/options. +Closes: #985158 + + -- Christoph Biedl Thu, 22 Apr 2021 20:40:36 +0200 + gnupg2 (2.2.27-1) unstable; urgency=medium

Bug#996997: buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster")

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Folks, perhaps I should start with an outright confession: When doing http-parser version 2.8.1-1+deb10u1 for a buster point release, I messed up things horribly. Nobody noticed in time, it's in

Bug#996997: buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster")

Thanks for your swift and kind response. Adam D. Barratt wrote... > On Fri, 2021-10-22 at 09:18 +0200, Christoph Biedl wrote: > > ## Rework the patch > > > > Revert the ABI break by reworking the patch to restore the previous > > struct layout - while maintainin

Bug#996997: buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster")

200 +++ http-parser-2.8.1/debian/changelog 2021-10-31 23:50:09.0 +0100 @@ -1,3 +1,10 @@ +http-parser (2.8.1-1+deb10u2) buster; urgency=medium + + * Fix ABI breakage introduced by accident in 2.8.1-1+deb10u1. +Closes: #996460, #996939, #996997 + + -- Christoph Biedl Sun, 31 Oct 2021 23:50

Bug#996997: buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster")

Julien Cristau wrote... > Would you mind providing the old/new/proposed versions of http_parser.h? > (this is me being lazy, sorry, if I'm being too much of a pain I can go > and figure them out for myself, just let me know). Not that much on my side, so find the files attached. The name for the

Bug#996997: buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster")

Christoph Biedl wrote... > About next steps, I would do the upload in the next days. Let me know if > you prefer other things to happen first or instead. To avoid this gets lost I've just uploaded http-parser 2.8.1-1+deb10u2. Updated debiff attached, only editorial changes since t

Bug#996997: marked as done (buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster"))

Adam D. Barratt wrote... > Apparently we missed this on review, but please don't close release.d.o > bugs in your uploads. > > The bug will get closed once the fix is actually released, which for > (old)stable updates is once the package is in (old)stable. ACK. Sorry for disturbing that. Ch

Bug#996997: marked as done (buster-pu: Cleaning up the http-parser ABI breakage in Debian 10 ("buster"))

[ Thanks for pinging ] Adam D. Barratt wrote... > How does this sound as text for an SUA? To me, it seems worth a idea describing the impact a bit more in detail, so ... > " > http-parser is a parser for HTTP messages, designed to be used in high > performance HTTP applications. > > The update

Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2

Adam D. Barratt wrote... > On Thu, 2019-03-21 at 20:28 +0100, Christoph Biedl wrote: > > for an upcoming stretch point release, I'd like to contribute a new > > version of the file package. This got a bit bigger so I'm using the > > old style of seeking approval b

Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2

Adam D. Barratt wrote... > Assuming I count correctly, your mail was from approximately 6 weeks > before the date of the upcoming 9.9 point release. This story has a tendency to fall off radar repeatedly. Perhaps we can eventually find a solution for this in the next days? Christoph signat

Bug#1017502: bullseye-pu: package http-parser/2.9.4-4+deb11u1

+0200 @@ -1,3 +1,10 @@ +http-parser (2.9.4-4+deb11u1) bullseye; urgency=medium + + * unset F_CHUNKED on new Transfer-Encoding. +Closes: #1016690 [CVE-2020-8287] + + -- Christoph Biedl Fri, 05 Aug 2022 20:33:28 +0200 + http-parser (2.9.4-4) unstable; urgency=medium * Packaging cleanup diff -N

Bug#1027424: transition: libppd

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: lib...@packages.debian.org, Till Kamppeter Control: affects -1 + src:libppd Greetings, possible this is not a regular transition, but in exchange I guess it should be pre

Bug#1027424: transition: libppd

Paul Gevers wrote... > On 31-12-2022 10:06, Christoph Biedl wrote: > > > So src:libppd has been renamed to src:libppd-legacy, and has entered > > experimental yesterday. While doing so, I've fixed a longstanding > > mismatch in the soname version, hence the new num

Bug#933685: transition: http-parser

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, following the procedures as written in the Debian wiki, I am requesting a transition slot for the http-parser library 2.9.2, accepted in experimental earlier today. A test rebuil

Bug#881629: transition: http-parser

Christoph Biedl wrote... > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition Hm, while checking the BTS for the http-parser transition filed yesterday I noticed this one here - from an earlier transition - is still

Bug#933685: transition: http-parser

Jonathan Wiltshire wrote... > Control: tag -1 confirmed > > On Thu, Aug 01, 2019 at 10:12:08PM +0200, Christoph Biedl wrote: > > following the procedures as written in the Debian wiki, I am requesting > > a transition slot for the http-parser library 2.9.2, accepted in >

Bug#933685: transition: http-parser

Jonathan Wiltshire wrote... > On Mon, Aug 05, 2019 at 12:12:46AM +0200, Christoph Biedl wrote: > > Thanks, now uploaded to unstable. > > Just one failure, in python-httptools > https://buildd.debian.org/status/package.php?p=python-httptools Yep, Bug report with upstream fix fi

Bug#943606: stretch-pu: package libdate-holidays-de-perl/1.9-1+deb9u3

7 08:11:30.0 +0100 @@ -1,3 +1,10 @@ +libdate-holidays-de-perl (1.9-1+deb9u4) stretch; urgency=medium + + * Mark International Childrens Day (Sep 20th) as a holiday in +Thuringia from 2019 on + + -- Christoph Biedl Sun, 27 Oct 2019 08:11:30 +0100 + libdate-holidays-de-perl (1.

Bug#943605: buster-pu: package libdate-holidays-de-perl/2.00-2

angelog 2019-10-27 08:22:21.0 +0100 @@ -1,3 +1,10 @@ +libdate-holidays-de-perl (2.00-2+deb10u1) buster; urgency=medium + + * Mark International Childrens Day (Sep 20th) as a holiday in +Thuringia from 2019 on + + -- Christoph Biedl Sun, 27 Oct 2019 08:22:21 +0100 + li

Bug#945965: buster-pu: package bgpdump/1.6.0-1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hello release team, the bgpdump package has an embarrasing bug, starting the program results in an immediate segmentation fault, that's #945881 Luckily, a fix was fairly simple. Fo

Bug#948589: nmu: file_1:5.38-3

Helmut Grohne wrote... > The file package was built with a broken version file wrt #948269. As > such libmagic1 lacks shared library dependencies. A simple rebuild fixes > the problem. This leaves me somewhat confused since I understand your rationale the file package needs itself to be built, in

Bug#948589: nmu: file_1:5.38-3

clone 948589 -1 reassign -1 file retitle -1 file: When building the file package, use the just-built file program in debhelper thanks Andreas Beckmann wrote... > File lists identical (after any substitutions) > > Control files: lines which differ (wdiff format) > ---

Bug#977720: transition: http-parser

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, the http-parser library should see an update from 2.9.2 (unstable) and 2.9.3 (experimental) to 2.9.4. Now I am unsure whether this requires a transition - at least the 2.9.3 uploa

Bug#981047: buster-pu: package tang/7-1

7:45.0 +0200 +++ tang-7/debian/changelog 2021-01-25 18:37:46.0 +0100 @@ -1,3 +1,10 @@ +tang (7-1+deb10u1) buster; urgency=medium + + * Avoid race condition between keygen and update, resulting in "Key +derivation key not available!". Closees: #975343 + + -- Chr

Bug#981059: buster-pu: package clevis/11-2

initramfs creation: Closes: #969361 +- "Delete remaining references to the removed http pin" to unbreak + initramfs generation in dracut. +- "Install cryptsetup and tpm2_pcrlist in the initramfs" to assert + cryptsetup is available in the initramfs + * clevis-d

Bug#981096: buster-pu: package file/1:5.35-4+deb10u1

temd/system) diff -Nru file-5.35/debian/changelog file-5.35/debian/changelog --- file-5.35/debian/changelog 2019-10-22 21:57:17.0 +0200 +++ file-5.35/debian/changelog 2021-01-25 22:40:17.0 +0100 @@ -1,3 +1,9 @@ +file (1:5.35-4+deb10u2) buster; urgency=medium + + * Change defaul

Bug#981096: buster-pu: package file/1:5.35-4+deb10u1

Christoph Biedl wrote... > for the upcoming stable point release, I've just uploaded src:file > ("Recognize the type of data in a file using "magic" numbers") as > version 1:5.35-4+deb10u2. Forgot to sign, to this followup to confirm. Christoph signature.asc Description: PGP signature

Re: Don't ship gnupg1 with bullseye

Dominic Hargreaves wrote... > Do the gnupg1 maintainers agree that it should be removed from bullseye? IMnsHO it's a bad idea to remove gnupg1 any time soon. While it certainly should not be used for encryption, it's still needed when dealing with older keys. Quoting the package description: "It

Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2

Salvatore Bonaccorso wrote... > Is this still something it is worth to pursue and adress those two > CVEs pending for stretch or is the regression risk to high? In my opinion it is worth to pursue it - so let me rebase upon the latest releas in Debian 9 ("stretch") and upload to (old)s-p-u soon,

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

Salvatore Bonaccorso wrote... > Is this still something we should try to get into stretch (now to late > for 9.12 but might be possible for 9.13)? For me, I would like to, so I'll re-visit the scenary and will try to eventually get this done. Christoph signature.asc Description: PGP signat

Bug#951399: buster-pu: package softflowd/0.9.9-5

angelog2019-12-05 00:21:02.0 +0100 @@ -1,3 +1,10 @@ +softflowd (0.9.9-5+deb10u1) buster; urgency=medium + + * Fix roken flow aggregation which might result in flow table overflow +and 100% CPU usage. + + -- Christoph Biedl Thu, 05 Dec 2019 00:21:02 +0100 + softflowd (0.9.9-5) unstable;

Re: Porter roll call for Debian Stretch

John Paul Adrian Glaubitz wrote... > On 09/20/2016 11:16 PM, Niels Thykier wrote: > >- powerpc: No porter (RM blocker) > > I'd be happy to pick up powerpc to keep it for Stretch. I'm already > maintaining powerpcspe which is very similar to powerpc. For somewhat personal reasons I'm interest

Bug#846948: jessie-pu: package file/1:5.22+15-2+deb8u3

2016-05-09 08:23:30.0 +0200 +++ file-5.22+15/debian/changelog 2016-12-04 10:00:07.0 +0100 @@ -1,3 +1,9 @@ +file (1:5.22+15-2+deb8u3) stable; urgency=medium + + * Fix memory leak in magic loader. Closes: #840754 + + -- Christoph Biedl Sun, 04 Dec 2016 10:00:07 +0100 + file

Bug#846948: jessie-pu: package file/1:5.22+15-2+deb8u3

Adam D. Barratt wrote... > Please go ahead. Thanks, now uploaded. Christoph signature.asc Description: Digital signature

Bug#848610: jessie-pu: package pgpdump/0.28-1+deb8u1

+ * Fix endless loop parsing specially crafted input in read_binary. +Upstream commits ece39dd and 0c306f4. Closes: #773747 [CVE-2016-4021] + * Fix a buffer overrun in read_radix64. Upstream commit 6e15953 + + -- Christoph Biedl Thu, 15 Dec 2016 23:30:21 +0100 + pgpdump (0.28-1) un

Bug#848908: jessie-pu: package shutter/0.92-0.1+deb8u1

ystem(). Closes: #798862 [CVE-2015-0854] + + -- Christoph Biedl Tue, 20 Dec 2016 19:00:20 +0100 + shutter (0.92-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru shutter-0.92/debian/patches/CVE-2015-0854.patch shutter-0.92/debian/patches/CVE-2015-0854.patch --- shutter-0.92/debian/pa

Bug#848610: jessie-pu: package pgpdump/0.28-1+deb8u1

Christoph "I had a cold" Biedl wrote... > CVE-2016-4021[1] hasn't been handled in jessie yet. The security team > suggested to use an upcoming point release for this, this got ACKed > by the stable security team. Well, you guess: The security team ACKed to use an upcoming point release for this.

Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2

in finfo_open with malformed magic file. + + -- Christoph Biedl Mon, 09 May 2016 08:18:53 +0200 + file (1:5.22+15-2+deb8u1) stable; urgency=medium * Fix handling of file's --parameter option. Closes: #798410 diff -Nru file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch file-5.22

Bug#830221: jessie-pu: package tcpreplay/3.4.4-2

ets size, add a +size check [CVE-2016-6160]. Closes: #829350 + + -- Christoph Biedl Thu, 07 Jul 2016 10:53:56 +0200 + tcpreplay (3.4.4-2) unstable; urgency=low * debian/control fixed lintian error diff -Nru tcpreplay-3.4.4/debian/patches/enforce-maxpacket.patch tcpreplay-3.4

Bug#830221: jessie-pu: package tcpreplay/3.4.4-2

Salvatore Bonaccorso wrote... > On Thu, Jul 07, 2016 at 05:41:12PM +0200, Adam D. Barratt wrote: > > > Please go ahead. > > I uploaded Christoph's package. Thanks to you both for your work on this issue. Christoph signature.asc Description: Digital signature

Bug#861535: unblock: file/1:5.30-1 (was: Seeking pre-approval to upload new file upstream version for stretch)

Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Hello, please unblock file 1:5.30-1 I've uploaded to unstable. Short version: This upload * fixes several issues in 1:5.29-3, including an assertion failure triggerable from certain fi

Contradicting mails from "testing autoremoval watch" and "testing watch"

Hi, at first: No offense taken. Just a bit confused, and I think the underlying processes could use an improvement. This morning, I found two mails in my box: | From: Debian testing autoremoval watch + Subject: clevis is marked for autoremoval from testing | To: cle...@packages.debian.org | Mes

Bug#924150: stretch-pu: package libdate-holidays-de-perl/1.9-1+deb9u3

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu As I wrote in #902042: > FWIW, there are currently no further plans to change holidays in > Germany, so this is hopefully the last update for a long time. This did not hold. So an

Re: Bug#852962: ycmd FTBFS on mipsel: test failures

James Cowgill wrote... > On Thu, 1 Jun 2017 00:15:28 +0200 Christoph Biedl > > Did so, but failed to reproduce the issue on the mipsel porter box. > > However, the bug seems to manifest when building in a qemu-static > > chroot. In that scenario however, diagnostic tools

Bug#864233: unblock: linux/4.9.30-1

Ben Hutchings wrote... > radvd's autoconf test for has probably failed at least > since Linux 2.6.32 when I made sure the kernel headers would never > define struct sockaddr for userland: > > > But the conflict between and

Bug#876633: nmu: libselinux_2.6-3+b2

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, a few days ago, a binNMU for the src:libselinux Debian package hit stretch-proposed-updates, providing among others a file named libselinux1_2.6-3+b2_amd64.deb - unfortunately such a

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

pc). +Closes: #818499 [CVE-2016-2147] + * Fix directory traversal vulnerability in tar implementation. + Closes: #802702 [CVE-2011-5325] + + -- Christoph Biedl Mon, 25 Sep 2017 22:04:05 +0200 + busybox (1:1.22.0-19) unstable; urgency=medium * busybox-udeb, udhcpc: Remove /udhcpc/usr/shar

Bug#877260: jessie-pu: package busybox/1:1.22.0-9+deb8u2

+ * Fix pointer misuse unziping files. Closes: #803097 + * Fix Heap-based buffer overflow in the DHCP client. +Closes: #818497 [CVE-2016-2148] + * Fix integer overflow in the DHCP client (udhcpc). +Closes: #818499 [CVE-2016-2147] + * Fix directory traversal vulnerability in tar implementat

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

Adam D. Barratt wrote... > I'd be happy with this in general, but the udeb means we need an > explicit d-i RM ack; CCing appropriately. Okay, lesson learned: For such packages, don't proscrastinate the request until close to the deadline that has passed now. There'll be another point relase, I'll

Bug#881629: transition: http-parser

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, this is not a regular transition because I screwed up: The upload of http-parser (soname 2.7.1) last night hit unstable instead of experimental as suggested by the transition wiki

Bug#881629: transition: http-parser

Emilio Pozuelo Monfort wrote... > No need to revert to the previous version, this looks to be in a good shape > and > there are no clashing transitions. I'll get to the binnmus soon. Thanks a lot for your swift and helping reaction. As far as I can see, the failing builds on hurd and kbsd for l

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

Adam D. Barratt wrote... > Folks, what's the current status here? It's not forgotten, but now quite outdated. There are several more fixes that should go into the stretch version of busybox. I will take care of this in the next days. Cyril, you previously mentioned the submission was too close t

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

Cyril Brulebois wrote... > p-u NEW usually gets frozen a week before the point release. Having the > package to review/test a week before that (so 2 weeks before the point > release date) would be awesome. Depending on external things, I could > still make time if that's only a few days before the

Bug#925251: stretch-pu: package file/1:5.30-1+deb9u2

lot of patches that fix obvious issues or seem wise +to include. Also: Closes: #922968 [CVE-2019-8905 CVE-2019-8907] + + -- Christoph Biedl Mon, 18 Mar 2019 22:15:18 +0100 + file (1:5.30-1+deb9u2) stable; urgency=high * Avoid reading past the end of buffer. Closes: #901351 diff -Nru

Bug#877260: jessie-pu: package busybox/1:1.22.0-9+deb8u2

-2017-16544] + + -- Christoph Biedl Thu, 30 Nov 2017 19:41:31 +0100 + busybox (1:1.22.0-9+deb8u1) jessie; urgency=medium * Non-maintainer upload. diff -Nru busybox-1.22.0/debian/patches/cherry-pick.1_22_0-220-g4e314fa.modprobe-rmmod-reject-module-names-with-slashes.patch busybox-1.22.0/deb

Bug#877258: stretch-pu: package busybox/1:1.22.0-19+deb9u1

lity in tar implementation. +Closes: #802702 [CVE-2011-5325] + * Fix integer overflow in bzip2 decompresson. +Closes: #879732 [CVE-2017-15873] + * Filter out terminal escape sequence filtering in autocompletion. +Closes: #882258 [CVE-2017-16544] + + -- Christoph Biedl Mon, 25 Sep 2017 22:

Upcoming source transition of python-magic

Hello release team, there is a python-magic (here and always: also python3-magic) package, in the archive, currently built from src:file. For reasons I plan to switch to another implementation which is provided by src:python-magic (ITP was #877849, and it has all the gory details). So two binary

Bug#891285: stretch-pu: package inputlirc/23-2+b2

rc (23-2+deb9u1) stretch; urgency=medium + + * Include input-event-codes.h instead of input.h. Closes: #879458 +Thanks to Ingo Schneider for reporting the bug and providing the fix. + + -- Christoph Biedl Sat, 24 Feb 2018 09:25:27 +0100 + inputlirc (23-2) unstable; urgency=medium * S

Bug#891807: stretch-pu: package libdate-holidays-de-perl/1.9-1

n Day as a holiday in Hamburg and +Schleswig-Holstein from 2018 on + + -- Christoph Biedl Thu, 01 Mar 2018 00:06:15 +0100 + libdate-holidays-de-perl (1.9-1) unstable; urgency=low * Initial Release. Closes: #829833 diff -Nru libdate-holidays-de-perl-1.9/debian/patches/refo.patch li

Bug#895571: transition: http-parser

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello release team, the http-parser library saw another soname bump, so I'm hereby asking for a transition. The new version 2.8.1-1~exp1 was uploaded to experimental a few days ago, reb

Bug#895571: transition: http-parser

Emilio Pozuelo Monfort wrote... > Go ahead. Thanks for the swift response, much appreciated. Now uploaded to unstable. Christoph signature.asc Description: PGP signature

Bug#901425: jessie-pu: package file/1:5.22+15-2+deb8u3

ming point release, so here we go. Following the new policy, I've already uploaded file_5.22+15-2+deb8u4 to oldstable. Kind regards, Christoph Biedl -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, &#

Bug#901426: stretch-pu: package file/1:5.30-1+deb9u1

ty team we agreed this should be addressed in the upcoming point release, so here we go. Following the new policy, I've already uploaded file_5.30-1+deb9u2 to stable. Kind regards, Christoph Biedl -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy

Bug#902042: stretch-pu: package libdate-holidays-de-perl/1.9-1+deb9u1

hes/refo.patch --- libdate-holidays-de-perl-1.9/debian/patches/refo.patch 2018-03-01 00:06:05.0 +0100 +++ libdate-holidays-de-perl-1.9/debian/patches/refo.patch 2018-06-21 20:40:21.0 +0200 @@ -1,17 +1,20 @@ Subject: Add new regional holidays from 2018 on Author:

Re: Building armel on arm64

Adrian Bunk wrote... > I'd like to get a clear picture regarding the situation of building > armel for buster on arm64, ideally moving it to arm64 hardwre soon. JFTR, I'd appreciate if armel/armhf could continue to be part of a release. > 1. What issues are considered possible problems for movi

Bug#799033: jessie-pu: package file/1:5.22+15-2+deb8u1

--files-from. [commit FILE5_24-23-g4ddb783] + + -- Christoph Biedl Sun, 13 Sep 2015 18:27:47 +0200 + file (1:5.22+15-2) unstable; urgency=medium * Restore detection of some jpeg files. Closes: #780095 diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch file-5

Bug#692594: unblock: ngircd/19.2-2

ranslation: Japanese (victory). Closes: #692479 + + -- Christoph Biedl Tue, 06 Nov 2012 23:26:40 +0100 + ngircd (19.2-1) unstable; urgency=low * New upstream version 19.2 only in patch2: unchanged: --- ngircd-19.2.orig/debian/po/ja.po +++ ngircd-19.2/debian/po/ja.po @@ -0,0 +1,90 @@ +# SOME D

Seeking pre-approval to upload new file upstream version for stretch

Hello, while preparing an upload and an unblock request for file 1:5.29-4 to address two important/serious issues, upstream surprised me with a new release (5.30) today. So I'd like to take the opportunity to ship that one in stretch since there are just a few changes besides those mentioned abov

Bug#1040646: bookworm-pu: package tang/11-2

+0200 @@ -1,3 +1,11 @@ +tang (11-2+deb12u1) bookworm; urgency=medium + + * Fix CVE-2023-1672. Closes: #1038119 +- Cherry-pick "Fix race condition when creating/rotating keys" + - Assert restrictive permissions on tang's key directory + + -- Christoph Biedl Sat, 08 J

Bug#1040668: bullseye-pu: package tang/8-3+deb11u1

directory +In existing multi-user bullseye installations, rotating the keys + is suggested. + * Make the tangd-rotate-keys program executable + + -- Christoph Biedl Sat, 08 Jul 2023 12:41:29 +0200 + tang (8-3+deb11u1) bullseye-security; urgency=high * Fix data leak [CVE-2021-4076] d

Bug#1073966: bullseye-pu: package jose/10-3+deb11u1

Package: release.debian.org Severity: normal Tags: bullseye X-Debbugs-Cc: j...@packages.debian.org, debian.a...@manchmal.in-ulm.de Control: affects -1 + src:jose User: release.debian@packages.debian.org Usertags: pu [ Reason ] "Fix potential DoS issue with p2c header" [CVE-2023-50967] [ Impac

Bug#1073967: bookworm-pu: package jose/11-2+deb12u1

Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: j...@packages.debian.org, debian.a...@manchmal.in-ulm.de Control: affects -1 + src:jose User: release.debian@packages.debian.org Usertags: pu [ Note: Same text as for the bullseye upload ] [ Reason ] "Fix potential DoS

Bug#1073966: bullseye-pu: package jose/10-3+deb11u1

Christoph Biedl wrote... > [x] attach debdiff against the package in (old)stable diff -Nru jose-10/debian/changelog jose-10/debian/changelog --- jose-10/debian/changelog2020-05-25 22:11:30.0 +0200 +++ jose-10/debian/changelog2024-04-04 15:54:12.0 +0200 @@ -1,3 +1

Bug#1073967: bookworm-pu: package jose/11-2+deb12u1

Christoph Biedl wrote... > [x] attach debdiff against the package in (old)stable Now for real. diff -Nru jose-11/debian/changelog jose-11/debian/changelog --- jose-11/debian/changelog2021-12-01 20:33:13.0 +0100 +++ jose-11/debian/changelog2024-04-04 15:11:36.0 +0

Bug#1074018: bookworm-pu: package ngircd/26.1-1+deb12u1

es: #1067237 + * Cherry-pick "Support for server certificate validation on server + links [S2S-TLS]" + * Cherry-pick "METADATA: Fix unsetting "cloakhost"" + + -- Christoph Biedl Wed, 01 May 2024 12:00:00 +0200 + ngircd (26.1-1) unstable; urgency=medium

Bug#1074019: bullseye-pu: package ngircd/26.1-1+deb11u1

1u1) bullseye; urgency=high + + * Cherry-pick "Respect "SSLConnect" option for incoming +connections". Closes: #1067237 + * Cherry-pick "Support for server certificate validation on server + links [S2S-TLS]" + * Cherry-pick "METADATA: Fix unsetting "cl

Re: What to do with d-i on armel?

Emanuele Rocca wrote... > Any armel users out there? :-) Fairly late, but just to avoid the impression there aren't any left: Yes, here. But that's not an objection against plans in Debian kernel and/or d-i, I'm using my own kernel, and should I ever have the need of a new installation, I know h

Bug#778338: unblock: file/1:5.22+15-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Short version: Please unblock file 1:5.22+15-1 It entered unstable a few weeks ago, I did extensive testing before upoading and no issues have been reported. However, switching to a new ups

Bug#772103: unblock: ngircd/19.2-2

22/debian/changelog 2014-10-15 20:47:12.0 +0200 +++ ngircd-22/debian/changelog 2014-11-04 22:27:19.0 +0100 @@ -1,3 +1,11 @@ +ngircd (22-2) unstable; urgency=low + + * Re-enable whois-test + * Cherry-pick upstream commit rel-22-6-g31b3c83: Test suite: Don't +use DNS looku

Bug#772103: unblock: ngircd/19.2-2

retitle -1 unblock: ngircd/22-2 thanks Fixing bug title. Christoph signature.asc Description: Digital signature

Bug#772104: unblock: pptpd/1.4.0-5

0 +0100 @@ -1,3 +1,17 @@ +pptpd (1.4.0-5) unstable; urgency=medium + + * Fix description of patch introduced in 1.4.0-4 + + -- Christoph Biedl Tue, 04 Nov 2014 23:30:46 +0100 + +pptpd (1.4.0-4) unstable; urgency=medium + + * Fix buffer overflow from overlong interface names in bcrelay. +

Re: Bug#373854: libtiff-tools: DSA 1091-1 broke tiffsplit

Christoph Biedl wrote... > Package: libtiff-tools > Version: 3.7.2-5 > Severity: important Let me elaborate on that. How to repeat: Use tiffsplit to split an arbitrary .tiff file: | tiffsplit foo.tif foo. This should result in a file name foo.aaa.tif (and foo.aab.tif and so on if

Re: Bug#373854: libtiff-tools: DSA 1091-1 broke tiffsplit

Christoph Biedl wrote... > > Package: libtiff-tools > > Version: 3.7.2-5 > > Severity: important It's now three weeks since advisory DSA 1901 that broke tiffsplit, 14 days since the initial report about that and ten days since confirmation and patch by the maintainer. But

Bug#778338: unblock: file/1:5.22+15-1

Hi there, while finally preparing an answer I noticed somebody unblocked the file package for jessie without further discussion. Whoever pulled the strings, thanks a lot. And I hope this will not end in regressions or other annoyances. Just one more thing: > Not to mention, in the previous rel

Bug#780248: unblock: file/1:5.22+15-2

ebian/changelog 2015-01-09 08:01:00.0 +0100 +++ file-5.22+15/debian/changelog 2015-03-10 22:13:50.0 +0100 @@ -1,3 +1,9 @@ +file (1:5.22+15-2) unstable; urgency=medium + + * Restore detection of some jpeg files. Closes: #780095 + + -- Christoph Biedl Tue, 10 Mar 2015

Requesting permission to upload certificatepatrol 2.0.14-4+deb7u1 to s-p-u

/changelog +++ certificatepatrol-2.0.14/debian/changelog @@ -1,3 +1,17 @@ +certificatepatrol (2.0.14-4+deb7u1) wheezy; urgency=medium + + * Upload to proposed-stable-updates to make certificatepatrol +usable with iceweasel 24. Closes: #738560 + + -- Christoph Biedl Mon, 10 Feb 2014 17:1

Re: Requesting permission to upload certificatepatrol 2.0.14-4+deb7u1 to s-p-u

Adam D. Barratt wrote... > On 2014-02-10 17:36, Christoph Biedl wrote: > >hereby I'm asking for permission to upload the testing/sid version > >2.0.14-4 of src:certificatepatrol to stable-proprosed-updates as in > >the attached debdiff. > > Thanks for looking a

Re: Requesting permission to upload certificatepatrol 2.0.14-4+deb7u1 to s-p-u

Adam D. Barratt wrote... > Please feel free to upload that version; thanks. Thanks, now uploaded. Christoph -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/13