NEW changes in oldstable-new
Processing changes file: gajim_0.15.1-4.1+deb7u1_amd64.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_amd64.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_armel.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_armhf.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_i386.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_ia64.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_kfreebsd-amd64.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_kfreebsd-i386.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_mips.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_mipsel.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_powerpc.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_s390.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_s390x.changes ACCEPT Processing changes file: lighttpd_1.4.31-4+deb7u4_sparc.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_amd64.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_armel.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_armhf.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_i386.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_ia64.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_kfreebsd-amd64.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_kfreebsd-i386.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_mips.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_mipsel.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_powerpc.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_s390.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_s390x.changes ACCEPT Processing changes file: xerces-c_3.1.1-3+deb7u2_sparc.changes ACCEPT
Bug#804385: jessie-pu: package mongrel2/1.9.1-6
On Sat, Feb 20, 2016 at 02:16:07PM +, Adam D. Barratt wrote: > Please go ahead. Ok, I just uploaded the package: On Fri, Feb 26, 2016 at 11:11:48AM +, Debian FTP Masters wrote: > mongrel2_1.9.1-6+deb8u1_amd64.changes uploaded successfully to localhost > along with the files: > mongrel2_1.9.1-6+deb8u1.dsc > mongrel2_1.9.1-6+deb8u1.debian.tar.xz > > Greetings, > > Your Debian queue daemon (running on host franck.debian.org) > Best regards, Jan
Bug#815995: release.debian.org: britney fail with KeyError: error
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: britney Hi, Since 3 or 4 days britney fail with this error. Christian FAILED I: [Fri Feb 26 08:23:05 2016] - > Removing obsolete source packages from testing Removing obsolete source packages from testing (206): start: 304+0: a-33:a-58:a-33:a-33:i-32:m-41:m-41:p-33 orig: 304+0: a-33:a-58:a-33:a-33:i-32:m-41:m-41:p-33 Traceback (most recent call last): File "/debian/britney/code/b2/britney.py", line 2933, in Britney().main() File "/debian/britney/code/b2/britney.py", line 2897, in main self.upgrade_testing() File "/debian/britney/code/b2/britney.py", line 2604, in upgrade_testing self.do_all(actions=removals) File "/debian/britney/code/b2/britney.py", line 2443, in do_all (nuninst_end, extra) = self.iter_packages(upgrade_me, selected, nuninst=nuninst_end, lundo=lundo) File "/debian/britney/code/b2/britney.py", line 2313, in iter_packages updates, rms, _ = self._compute_groups(y.package, y.suite, y.architecture, y.is_removal) File "/debian/britney/code/b2/britney.py", line 1919, in _compute_groups and binaries_t[parch][0][binary][SOURCE] != source_name): KeyError: 'libx265-68' -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 4.1.18 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#816002: wheezy-pu: package c-icap/1:0.1.6-1.1+deb7u2
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
In order to address the current FTBFS of c-icap-modules here is an
update for c-icap which resolves the problem. With this patch I was able
to build c-icap-modules again.
Mathieu, I will be happy to perform the upload unless you want to do
this yourself.
Sebastian
diff -Nru c-icap-0.1.6/debian/changelog c-icap-0.1.6/debian/changelog
--- c-icap-0.1.6/debian/changelog 2014-12-10 17:38:58.0 +0100
+++ c-icap-0.1.6/debian/changelog 2016-02-26 15:35:32.0 +0100
@@ -1,3 +1,12 @@
+c-icap (1:0.1.6-1.1+deb7u2) oldstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add 0008-Rename-CONF-to-C_ICAP_CONF.patch
+Rename the CONF symbol which is also declared by openssl in order to
+fix FTBFS of c-icap-modules (Closes: #768684).
+
+ -- Sebastian Andrzej Siewior Fri, 26 Feb 2016 15:30:44 +0100
+
c-icap (1:0.1.6-1.1+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru c-icap-0.1.6/debian/patches/0008-Rename-CONF-to-C_ICAP_CONF.patch c-icap-0.1.6/debian/patches/0008-Rename-CONF-to-C_ICAP_CONF.patch
--- c-icap-0.1.6/debian/patches/0008-Rename-CONF-to-C_ICAP_CONF.patch 1970-01-01 01:00:00.0 +0100
+++ c-icap-0.1.6/debian/patches/0008-Rename-CONF-to-C_ICAP_CONF.patch 2016-02-26 15:27:13.0 +0100
@@ -0,0 +1,477 @@
+From 6673de8b3b04c6ed43bb6f2ed582b5775a066ed3 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior
+Date: Fri, 26 Feb 2016 15:21:11 +0100
+Subject: [PATCH] Rename CONF to C_ICAP_CONF
+
+Based on a patch by Mathieu Parent done by sed:
+
+ sed -i 's@\@C_ICAP_CONF@g' *.c include/*.h
+
+In order to address FTBFS of c-icap-modules in Wheezy (openssl and
+c-icap define CONF in a public header).
+
+See also: https://bugs.debian.org/768684
+Signed-off-by: Sebastian Andrzej Siewior
+---
+ aserver.c | 14 +--
+ cfg_param.c | 66 +--
+ include/cfg_param.h |2 +-
+ module.c| 32 -
+ mpmt_server.c |8 +++
+ service.c |6 ++---
+ 6 files changed, 64 insertions(+), 64 deletions(-)
+
+diff --git a/aserver.c b/aserver.c
+index 4602f10..249497c 100644
+--- a/aserver.c
b/aserver.c
+@@ -100,9 +100,9 @@ int main(int argc, char **argv)
+ ci_txt_template_init();
+ ci_txt_template_set_dir(DATADIR"templates");
+
+- if (!(CONF.MAGIC_DB = ci_magic_db_load(CONF.magics_file))) {
++ if (!(C_ICAP_CONF.MAGIC_DB = ci_magic_db_load(C_ICAP_CONF.magics_file))) {
+ ci_debug_printf(1, "Can not load magic file %s!!!\n",
+- CONF.magics_file);
++ C_ICAP_CONF.magics_file);
+ }
+ init_conf_tables();
+ request_stats_init();
+@@ -113,26 +113,26 @@ int main(int argc, char **argv)
+ ci_debug_printf(2, "My hostname is:%s\n", MY_HOSTNAME);
+
+ #if ! defined(_WIN32)
+- if (is_icap_running(CONF.PIDFILE)) {
++ if (is_icap_running(C_ICAP_CONF.PIDFILE)) {
+ ci_debug_printf(1, "c-icap server already running!\n");
+ exit(-1);
+ }
+ if (DAEMON_MODE)
+ run_as_daemon();
+- if (!set_running_permissions(CONF.RUN_USER, CONF.RUN_GROUP))
++ if (!set_running_permissions(C_ICAP_CONF.RUN_USER, C_ICAP_CONF.RUN_GROUP))
+ exit(-1);
+- store_pid(CONF.PIDFILE);
++ store_pid(C_ICAP_CONF.PIDFILE);
+ #endif
+
+ if (!log_open()) {
+ ci_debug_printf(1, "Can not init loggers. Exiting.\n");
+ exit(-1);
+ }
+- if (!init_server(CONF.ADDRESS, CONF.PORT, &(CONF.PROTOCOL_FAMILY)))
++ if (!init_server(C_ICAP_CONF.ADDRESS, C_ICAP_CONF.PORT, &(C_ICAP_CONF.PROTOCOL_FAMILY)))
+ return -1;
+ post_init_modules();
+ post_init_services();
+ start_server();
+- clear_pid(CONF.PIDFILE);
++ clear_pid(C_ICAP_CONF.PIDFILE);
+ return 0;
+ }
+diff --git a/cfg_param.c b/cfg_param.c
+index 5b8f5ba..0a2039d 100644
+--- a/cfg_param.c
b/cfg_param.c
+@@ -37,7 +37,7 @@
+ int ARGC;
+ char **ARGV;
+
+-struct ci_server_conf CONF = {
++struct ci_server_conf C_ICAP_CONF = {
+ NULL, /* LISTEN ADDRESS */ 1344, /*PORT*/ AF_INET,/*SOCK_FAMILY */
+ #ifdef _WIN32
+ "c:\\TEMP", /*TMPDIR*/ "c:\\TEMP\\c-icap.pid", /*PIDFILE*/ ".\\pipe\\c-icap", /*COMMANDS_SOCKET; */
+@@ -128,9 +128,9 @@ struct sub_table {
+ };
+
+ static struct ci_conf_entry conf_variables[] = {
+- {"ListenAddress", &CONF.ADDRESS, intl_cfg_set_str, NULL},
+- {"PidFile", &CONF.PIDFILE, intl_cfg_set_str, NULL},
+- {"CommandsSocket", &CONF.COMMANDS_SOCKET, intl_cfg_set_str, NULL},
++ {"ListenAddress", &C_ICAP_CONF.ADDRESS, intl_cfg_set_str, NULL},
++ {"PidFile", &C_ICAP_CONF.PIDFILE, intl_cfg_set_str, NULL},
++ {"CommandsSocket", &C_ICAP_CONF.COMMANDS_SOCKET, intl_cfg_set_str, NULL},
+ {"Timeout", (void *) (&TI
Bug#813237: transition: ruby2.3
On 26/02/16 00:47, Antonio Terceiro wrote: > Some of the failures above have already been fixed. Please binNMU the > following packages: Scheduled. Cheers, Emilio
Bug#815995: release.debian.org: britney fail with KeyError: error
Control: tags -1 moreinfo Christian Marillat: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: britney > > Hi, > > Since 3 or 4 days britney fail with this error. > > Christian > > [...] > Hi, Can you please provide the following information: * Can we get a copy of the data set that triggers the issue? (including the config file). * What version of Britney are you using (e.g. the git commit)? Thanks, ~Niels signature.asc Description: OpenPGP digital signature
Bug#765639: affecting more and more people
On Thu, Feb 25, 2016 at 20:56:39 -0500, Simon Ruggier wrote: > On Fri, 19 Feb 2016 23:01:24 -0500 Simon Ruggier wrote: > > Also, my own testing seems to show that the certificate chain issue is > > still present in the latest 1.0.1 release (as I commented on 813468), so > > adopting the latest 1.0.2 release seems like the only reasonable > > alternative. > > As I commented in bug #813468, it turns out that I hadn't tested this > correctly, and the latest 1.0.1 release does, in fact, fix this issue. Please avoid 1) Subject lines that don't make sense without context 2) breaking threads by replying without proper References That'd make it much easier to figure out what you're talking about when your mail ends up in one's inbox. Thanks, Julien
Processed: Re: Bug#815995: release.debian.org: britney fail with KeyError: error
Processing control commands: > tags -1 moreinfo Bug #815995 [release.debian.org] release.debian.org: britney fail with KeyError: error Added tag(s) moreinfo. -- 815995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815995 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#808521: marked as done (transition: mpich)
Your message dated Fri, 26 Feb 2016 18:23:00 +0100 with message-id <56d089f4.3080...@debian.org> and subject line Re: Bug#808521: transition: mpich has caused the Debian Bug report #808521, regarding transition: mpich to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 808521: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808521 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear release team, it seems my new upload of mpich, which removed old libmpl1 and libopa1 libraries requires transition at least on s390x. Ben file: title = "mpich"; is_affected = .depends ~ "libmpl1" | .depends ~ "libmpich12" | .depends ~ "libopa1"; is_good = .depends ~ "libmpich12"; is_bad = .depends ~ "libmpl1" | .depends ~ "libopa1"; Thanks and sorry for uncoordinated transition Anton --- End Message --- --- Begin Message --- On 16/01/16 11:36, Emilio Pozuelo Monfort wrote: > On 16/01/16 10:05, Anton Gladky wrote: >> Hi Emilio, >> >> 2016-01-09 12:07 GMT+01:00 Emilio Pozuelo Monfort : >>> >>> netpipe-mpich2 depends on mpich2 >>> >> >> Fixed (NMUed). >> >> >>> espresso/s390x failed to build >>> >> >> Fixed in package elpa, could you please schedule espresso_s390x > > Done. > >> and check, whether we can finish this transition? > > Will do. This seems to be over. Closing. Emilio--- End Message ---
Bug#813721: marked as done (transition: libsodium)
Your message dated Fri, 26 Feb 2016 18:24:46 +0100 with message-id <56d08a5e.60...@debian.org> and subject line Re: Bug#813721: transition: libsodium has caused the Debian Bug report #813721, regarding transition: libsodium to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 813721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813721 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition A small transition of libsodium. It has soname 13 in Sid and 18 in experimental. Affected packages are: dnscrypt-proxy fastd netsniff-ng python-nacl zeromq3 Package maintainers noted ten days ago and confirmed my tests that those can be safely binNMUed. This also mean that libsodium library packages are co-installable. Ben file: title = "libsodium; is_affected = .depends ~ "libsodium13" | .depends ~ "libsodium18"; is_good = .depends ~ "libsodium18"; is_bad = .depends ~ "libsodium13"; --- End Message --- --- Begin Message --- On 04/02/16 18:48, László Böszörményi (GCS) wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > A small transition of libsodium. It has soname 13 in Sid and 18 in > experimental. This is done now. Closing. Emilio--- End Message ---
Bug#813019: marked as done (transition: nfft 3.3)
Your message dated Fri, 26 Feb 2016 18:23:47 +0100 with message-id <56d08a23.8040...@debian.org> and subject line Re: Bug#813019: transition: nfft 3.3 has caused the Debian Bug report #813019, regarding transition: nfft 3.3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 813019: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813019 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, I would like to request a transition for the latest version of nfft from experimental to unstable. Some API breaking changes were introduced from in version 3.3.0 and current rdeps of nfft will require appropriate patching. The following bugs have been filed with severity important: * pynfft: #812997 * yorick-ynfft: #812995 Let me know if further action is required on my end. I intend to fix pynfft, since I am the personal maintainer and upstream author of the package. Best regards, Ghis Ben file: title = "nfft"; is_affected = .depends ~ "libnfft3-1" | .depends ~ "libnfft3-2"; is_good = .depends ~ "libnfft3-2"; is_bad = .depends ~ "libnfft3-1"; -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (2, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 02/02/16 20:57, Emilio Pozuelo Monfort wrote: > Since there are no collisions with other transitions, I guess you can go > ahead. This is over now. Closing. Emilio--- End Message ---
Bug#800509: LLVM default to 3.6 transition ?
On 30/09/15 11:38, Emilio Pozuelo Monfort wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > X-debbugs-cc: sylves...@debian.org > > On 30/09/15 09:52, Sylvestre Ledru wrote: >> Hello, >> >> Le 11/08/2015 11:10, Sylvestre Ledru a écrit : >>> Hello, >>> >>> I am planning to update llvm-default to LLVM & Clang 3.6. The changes have >>> been in exp for a while. >>> However, I would like to know what is best from the release team POV: >>> >> Can we start this transition? > > I have been going through transition requests but I have missed this because > there isn't a bug report. Opening one now. > >> FYI, LLVM 3.7 has been released. >> The safe way would be to do 3.5 => 3.6 now and 3.6 => 3.7 once 3.7.1 is >> released (in one or two months) >> or the fun way would be to skip 3.6 in the transition. >> I would prefer the first option but I don't mind if you prefer to avoid >> a transition. > > Going through 3.6 first is fine. Have you done a test rebuild for the rdeps? I > have created a tracker, does it look good? > > https://release.debian.org/transitions/html/llvm-defaults-3.6.html So basically there's ghc and gambas3 left. ghc is using 3.7 in experimental, so it will be fixed with the next haskell transition. gambas3 seems a bit more problematic: https://packages.qa.debian.org/g/gambas3/news/20160104T120048Z.html Unfortunately I can't access the upstream bug report. BTW we currently have 3.5, 3.6 and 3.7 in testing, and I guess 3.8 will follow soon. So we'll need more clean-ups. Cheers, Emilio
Bug#815931: transition: cfitsio
On 2016-02-26 00:30, Emilio Pozuelo Monfort wrote: > Control: tags -1 confirmed > > On 25/02/16 22:10, Aurelien Jarno wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Dear release team, > > > > The new release of cfitsio changes the soname version from 2 to 4. The > > version 3 has been skipped given some distributions including Debian > > where using this to provide a version with a stabilized ABI while it was > > not fully stable on the upstream side. > > > > The package is already in experimental and has been built successfully > > on all official architectures and all non-official ones except sh4. This > > transition involves about 30 source packages [1]. The changes to the ABI > > are rather limited, so I don't expect any FTBFS due to the transition > > itself. > > Ack. Thanks, I have just uploaded the package. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Bug#815995: release.debian.org: britney fail with KeyError: error
On 26 févr. 2016 17:53, Niels Thykier wrote: > Control: tags -1 moreinfo > > Christian Marillat: [...] > Can you please provide the following information: > > * Can we get a copy of the data set that triggers the issue? >(including the config file). Config file is here : britney2.conf Description: Binary data Command line is : /debian/britney/code/b2/britney.py -c /debian/britney/etc/britney2.conf --control-files Data files : https://www.deb-multimedia.org/tests/britney-data.tar.xz I see also the same bug in Ubuntu, but this is not the same code : https://bazaar.launchpad.net/~ubuntu-release/britney/britney2-ubuntu/revision/566 > * What version of Britney are you using (e.g. the git commit)? britney2 commit is 92deb4d1b9e1237316e96b8c9b745836b69eab38 Christian
Bug#816023: jessie-pu: package glibc/2.19-18+deb8u4
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear stable release team,
I would like to do an upload of glibc in jessie to fix a longstanding
security issue with the pt_chown helper (CVE-2013-2207). The upstream
solution is to just remove the pt_chown helper and rely on the kernel
to properly set up the permissions through the devpts filesystem. The
userland in jessie correctly mounts it with the correct permissions,
but given the ill kernel implementation, any subsequent mount of the
devpts filesystem without the "newinstance" option (e.g. /etc/fstab or
in a chroot) reset all the permissions for all mounts, breaking systems.
That's why we have deferred the update so far, preferring to leave a
low security issue open and avoid breaking many systems.
It seems that with the development of kernel namespaces there are more
way to trigger this security issue, so it's probably time to fix it. We
have found a way to not break systems in case the devpts filesystem is
mounted with the wrong permissions. This is been accepted upstream and
is present in testing and sid for more than 2 months, without any report
of system breakage.
I would therefore like to get this issue also fixed in jessie. I am
confident this patch will not break any system, that said it's probably
better to leave the package in jessie-proposed-updates for a few weeks
and call for testing.
At the same time I would like to fix a small issue introduced in the
last security update, which causes a test in the testsuite to use a lof
of system resources, even causing timeout when the build machine has a
lot of swap like on our build daemons. It doesn't changes the binaries
shipped in the package.
You'll find the full debdiff below.
Thanks for considering,
Aurelien
diff --git a/debian/changelog b/debian/changelog
index 19e3a4e..8b6054e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+glibc (2.19-18+deb8u4) UNRELEASED; urgency=medium
+
+ [ Aurelien Jarno ]
+ * Update from upstream stable branch:
+ - Fixes bug18240 failing with a timeout on machines with a lot of swap.
+ * patches/any/cvs-grantpt-pty-owner.diff: new patch from upstream to
+improve granpt when /dev/pts is not mounted with the correct options.
+ * rules.d/debhelper.mk: only install pt_chown when built.
+ * sysdeps/linux.mk: don't build pt_chown (CVE-2013-2207). Closes: #717544.
+
+ -- Aurelien Jarno Tue, 16 Feb 2016 23:02:13 +0100
+
glibc (2.19-18+deb8u3) stable-security; urgency=medium
[ Aurelien Jarno ]
diff --git a/debian/patches/any/cvs-grantpt-pty-owner.diff
b/debian/patches/any/cvs-grantpt-pty-owner.diff
new file mode 100644
index 000..2ff35bb
--- /dev/null
+++ b/debian/patches/any/cvs-grantpt-pty-owner.diff
@@ -0,0 +1,46 @@
+2015-12-10 Aurelien Jarno
+ Jakub Wilk
+
+ [BZ #19347]
+ * sysdeps/unix/grantpt.c [!HAVE_PT_CHOWN] (grantpt): Do not try
+ to change the group of the device to the tty group.
+
+--- a/sysdeps/unix/grantpt.c
b/sysdeps/unix/grantpt.c
+@@ -155,6 +155,7 @@ grantpt (int fd)
+ }
+ gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;
+
++#if HAVE_PT_CHOWN
+ /* Make sure the group of the device is that special group. */
+ if (st.st_gid != gid)
+ {
+@@ -164,9 +165,26 @@ grantpt (int fd)
+
+ /* Make sure the permission mode is set to readable and writable by
+ the owner, and writable by the group. */
+- if ((st.st_mode & ACCESSPERMS) != (S_IRUSR|S_IWUSR|S_IWGRP))
++ mode_t mode = S_IRUSR|S_IWUSR|S_IWGRP;
++#else
++ /* When built without pt_chown, we have delegated the creation of the
++ pty node with the right group and permission mode to the kernel, and
++ non-root users are unlikely to be able to change it. Therefore let's
++ consider that POSIX enforcement is the responsibility of the whole
++ system and not only the GNU libc. Thus accept different group or
++ permission mode. */
++
++ /* Make sure the permission is set to readable and writable by the
++ owner. For security reasons, make it writable by the group only
++ when originally writable and when the group of the device is that
++ special group. */
++ mode_t mode = S_IRUSR|S_IWUSR|
++ ((st.st_gid == gid) ? (st.st_mode & S_IWGRP) : 0);
++#endif
++
++ if ((st.st_mode & ACCESSPERMS) != mode)
+ {
+- if (__chmod (buf, S_IRUSR|S_IWUSR|S_IWGRP) < 0)
++ if (__chmod (buf, mode) < 0)
+ goto helper;
+ }
+
diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff
index ca3bd98..1a24dd0 100644
--- a/debian/patches/git-updates.diff
+++ b/debian/patches/git-updates.diff
@@ -1,10 +1,14 @@
GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from
glibc-2.19
diff --git a/ChangeLog b/ChangeLog
-index 81c393a..e17bd64 100644
+index 81c393a..9907019 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,439 @@
+@@ -1,3 +1,443 @@
++2
Processed: tagging 815995
Processing commands for cont...@bugs.debian.org: > tags 815995 - moreinfo Bug #815995 [release.debian.org] release.debian.org: britney fail with KeyError: error Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 815995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815995 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#816033: jessie-pu: package suckless-tools/40-1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Team,
I would like to update suckless-tools in jessie in order to fix a bug in
the slock command. Slock is a simple X display locker.
Recently, slock v1.3 was released and it fixes a bug that can be
considered security related. More specifically, the cover window would
not resize correctly when new screens were added or the resolution was
changed while the lock was active, leading to a part of the screen
beings visible (information leakage). The upstream patch that fixes the
above bug can be found here[1].
I contacted the Security Team about this, and they decided this is
not severe enough to warrant a DSA.
Attached is a full debdiff.
Thanks,
Ilias
[1] http://git.suckless.org/slock/commit/?id=f5ef1b8ebda1
diff -Nru suckless-tools-40/debian/changelog suckless-tools-40/debian/changelog
--- suckless-tools-40/debian/changelog 2013-09-15 20:03:11.0 +0300
+++ suckless-tools-40/debian/changelog 2016-02-26 13:07:26.0 +0200
@@ -1,3 +1,14 @@
+suckless-tools (40-1+deb8u1) stable-proposed-updates; urgency=medium
+
+ * Set myself as the maintainer.
+Package has already been adopted in unstable (ITA: #776482).
+ * Patch slock to properly resize the cover window.
+The cover window now resizes correctly when new screens are added
+or the resolution is changed while the lock is active.
+ * Add libxrandr-dev to build dependencies (needed by the above patch).
+
+ -- Ilias Tsitsimpis Fri, 26 Feb 2016 13:05:03 +0200
+
suckless-tools (40-1) unstable; urgency=low
* Suggest surf which can be used with tabbed.
diff -Nru suckless-tools-40/debian/control suckless-tools-40/debian/control
--- suckless-tools-40/debian/control 2013-06-23 12:30:20.0 +0300
+++ suckless-tools-40/debian/control 2016-02-26 13:04:11.0 +0200
@@ -1,8 +1,7 @@
Source: suckless-tools
Section: x11
Priority: optional
-Maintainer: Vasudev Kamath
-Uploaders: Michael Stummvoll
+Maintainer: Ilias Tsitsimpis
Build-Depends: debhelper (>= 9),
libx11-dev,
libxinerama-dev,
@@ -10,6 +9,7 @@
dpkg-dev (>= 1.16.1.1),
libxss-dev,
libxft-dev,
+ libxrandr-dev,
libfreetype6-dev
Standards-Version: 3.9.4
Homepage: http://www.suckless.org
diff -Nru suckless-tools-40/debian/patches/0001_resize_lockscreen.patch suckless-tools-40/debian/patches/0001_resize_lockscreen.patch
--- suckless-tools-40/debian/patches/0001_resize_lockscreen.patch 1970-01-01 02:00:00.0 +0200
+++ suckless-tools-40/debian/patches/0001_resize_lockscreen.patch 2016-02-26 13:22:15.0 +0200
@@ -0,0 +1,76 @@
+Description: Patch slock to correctly resize the cover window
+ Resize the cover window when new screens are added or the resolution is
+ changed while the lock is active. This prevents potential information leakage.
+Author: Markus Teich
+Orig: upstream, http://git.suckless.org/slock/commit/?id=f5ef1b8eb555
+
+Index: suckless-tools-40/slock/config.mk
+===
+--- suckless-tools-40.orig/slock/config.mk
suckless-tools-40/slock/config.mk
+@@ -7,7 +7,7 @@ VERSION = 1.1
+ PREFIX = /usr/local
+
+ # includes and libs
+-LIBS = -lc -lcrypt -lX11 -lXext
++LIBS = -lc -lcrypt -lX11 -lXext -lXrandr
+
+ # flags
+ CPPFLAGS += -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H -DCOLOR1=\"black\" -DCOLOR2=\"\#005577\"
+Index: suckless-tools-40/slock/slock.c
+===
+--- suckless-tools-40.orig/slock/slock.c
suckless-tools-40/slock/slock.c
+@@ -14,6 +14,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -33,6 +34,9 @@ typedef struct {
+ static Lock **locks;
+ static int nscreens;
+ static Bool running = True;
++static Bool rr;
++static int rrevbase;
++static int rrerrbase;
+
+ static void
+ die(const char *errstr, ...) {
+@@ -146,8 +150,15 @@ readpw(Display *dpy, const char *pws)
+ }
+ }
+ llen = len;
+- }
+- else for(screen = 0; screen < nscreens; screen++)
++ } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
++ XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
++ for (screen = 0; screen < nscreens; screen++) {
++if (locks[screen]->win == rre->window) {
++ XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height);
++ XClearWindow(dpy, locks[screen]->win);
++}
++ }
++ } else for (screen = 0; screen < nscreens; screen++)
+ XRaiseWindow(dpy, locks[screen]->win);
+ }
+ }
+@@ -199,6 +210,8 @@ lockscreen(Display *dpy, int screen) {
+ invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
+ XDefineCursor(dpy, lock->win, invisible);
+ XMapRaised(dpy, lock->win);
++ if (rr)
++ XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
+ for(len = 1000; len; len--) {
+ if(XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMa
Bug#800509: LLVM default to 3.6 transition ?
Hi, >So basically there's ghc and gambas3 left. > >ghc is using 3.7 in experimental, so it will be fixed with the next haskell >transition. true, even if some talks about embedding some llvm code in the source code :) (rationale is: used only for building and only for arm*) >Unfortunately I can't access the upstream bug report. true a little sum up of the upstream bug report: "llvm folks likes to change API/ABI each 6 months, and in some really incompatible way. the guy who did the binding is not available/willing to port to some new llvm version, so you have two choices, keep the old llvm there, or remove/disable the "gambas3-gb-jit" package." >BTW we currently have 3.5, 3.6 and 3.7 in testing, and I guess 3.8 will follow >soon. So we'll need more clean-ups. gambas3 is now RC buggy #814862 and as soon as Ian (cc'd) fixes the RC bug (I don't know how to best fix it), I can followup and push the package on unstable. I already have the changes on git, but there is no need to push it with an unfixed RC bug out there. So, unless you ask me to upload it, I will wait for Ian or someone else (I did a lot of work recently, but I'm still not a gambas3 user, so some maintainer work is appreciated) cheers, G.
Bug#816002: wheezy-pu: package c-icap/1:0.1.6-1.1+deb7u2
2016-02-26 15:59 GMT+01:00 Sebastian Andrzej Siewior : > Package: release.debian.org > Severity: normal > Tags: wheezy > User: release.debian@packages.debian.org > Usertags: pu > > In order to address the current FTBFS of c-icap-modules here is an > update for c-icap which resolves the problem. With this patch I was able > to build c-icap-modules again. Patch looks good. But I don't know which openssl commit broke c-icap. Why does it FTBFS on wheezy now? > Mathieu, I will be happy to perform the upload unless you want to do > this yourself. Please go ahead. Thanks Cheers, -- Mathieu
Bug#816037: RM: php-dompdf/0.6.1+dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, As agreed with the security team (see #813849), can you please remove this security-flawed leaf package from Jessie? Thanks in advance Regards David signature.asc Description: PGP signature
Processed: Re: Bug#816002: wheezy-pu: package c-icap/1:0.1.6-1.1+deb7u2
Processing control commands: > tags -1 + confirmed Bug #816002 [release.debian.org] wheezy-pu: package c-icap/1:0.1.6-1.1+deb7u2 Added tag(s) confirmed. -- 816002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816002 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#816002: wheezy-pu: package c-icap/1:0.1.6-1.1+deb7u2
Control: tags -1 + confirmed On Fri, 2016-02-26 at 15:59 +0100, Sebastian Andrzej Siewior wrote: > In order to address the current FTBFS of c-icap-modules here is an > update for c-icap which resolves the problem. With this patch I was able > to build c-icap-modules again. Please go ahead. Regards, Adam
Bug#816033: jessie-pu: package suckless-tools/40-1
Control: tags -1 + confirmed On Fri, 2016-02-26 at 22:14 +0200, Ilias Tsitsimpis wrote: > I would like to update suckless-tools in jessie in order to fix a bug in > the slock command. Slock is a simple X display locker. > > Recently, slock v1.3 was released and it fixes a bug that can be > considered security related. More specifically, the cover window would > not resize correctly when new screens were added or the resolution was > changed while the lock was active, leading to a part of the screen > beings visible (information leakage). The upstream patch that fixes the > above bug can be found here[1]. Please go ahead. Regards, Adam
Processed: Re: Bug#816033: jessie-pu: package suckless-tools/40-1
Processing control commands: > tags -1 + confirmed Bug #816033 [release.debian.org] jessie-pu: package suckless-tools/40-1 Added tag(s) confirmed. -- 816033: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816033 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#816023: jessie-pu: package glibc/2.19-18+deb8u4
Control: tags -1 + confirmed On Fri, 2016-02-26 at 19:34 +0100, Aurelien Jarno wrote: > I would like to do an upload of glibc in jessie to fix a longstanding > security issue with the pt_chown helper (CVE-2013-2207). [...] > I would therefore like to get this issue also fixed in jessie. I am > confident this patch will not break any system, that said it's probably > better to leave the package in jessie-proposed-updates for a few weeks > and call for testing. Please go ahead. Regards, Adam
Processed: Re: Bug#816023: jessie-pu: package glibc/2.19-18+deb8u4
Processing control commands: > tags -1 + confirmed Bug #816023 [release.debian.org] jessie-pu: package glibc/2.19-18+deb8u4 Added tag(s) confirmed. -- 816023: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816023 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 816037 to RM: php-dompdf -- RoM; security issues, tagging 816037
Processing commands for cont...@bugs.debian.org: > retitle 816037 RM: php-dompdf -- RoM; security issues Bug #816037 [release.debian.org] RM: php-dompdf/0.6.1+dfsg-2 Changed Bug title to 'RM: php-dompdf -- RoM; security issues' from 'RM: php-dompdf/0.6.1+dfsg-2' > tags 816037 + jessie pending Bug #816037 [release.debian.org] RM: php-dompdf -- RoM; security issues Added tag(s) jessie and pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 816037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#816049: RM: tlslite/0.3.8-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, please remove tlslite in the next wheezy point release. This has already been removed from unstable. Given that wheezy will be supported for two more years, the same reasons for the removal from sid in 767539 also apply to wheezy. Cheers, Moritz
Processed: retitle 816049 to RM: tlslite -- RoQA; unmaintained, outdated, orphaned, tagging 816049
Processing commands for cont...@bugs.debian.org: > retitle 816049 RM: tlslite -- RoQA; unmaintained, outdated, orphaned Bug #816049 [release.debian.org] RM: tlslite/0.3.8-2 Changed Bug title to 'RM: tlslite -- RoQA; unmaintained, outdated, orphaned' from 'RM: tlslite/0.3.8-2' > tags 816049 + wheezy pending Bug #816049 [release.debian.org] RM: tlslite -- RoQA; unmaintained, outdated, orphaned Added tag(s) pending and wheezy. > thanks Stopping processing here. Please contact me if you need assistance. -- 816049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816049 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
