Bug#821772: transition: hunspell
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, new hunspell upstream release. As the time of this writing it hasn't cleared NEW, though. Upstream says: --- snip --- I bumped the soname because chunks of the exposed api were changed or deleted, but the part of the api used by anything outside of the hunspell utilities is unchanged and nearly everything in fedora at least rebuilds against it fine. trivial fix for enchant: http://bugzilla.abisource.com/show_bug.cgi?id=13772 trivial fix for libreoffice: https://gerrit.libreoffice.org/#/c/24218/ --- snip --- The enchant bug is filed as #821464. For LibreOffice I'll take care myself for this tiny patch (or more likely upload 5.1.3 rc1 which has it included) Ben file: title = "hunspell"; is_affected = .depends ~ "libhunspell-1.3-0" | .depends ~ "libhunspell-1.4-0"; is_good = .depends ~ "libhunspell-1.4-0"; is_bad = .depends ~ "libhunspell-1.3-0"; Ben will tell us but from looking in Packages I see the following source packages affected: aegisub codelite enchant firefox firefox-esr focuswriter goldendict gwaei hunspell icedove libreoffice libtext-hunspell-perl licq lokalize mudlet onboard plume-creator pyhunspell scribus sigil sonnet tea texstudio texworks I have a rebuild test of all those running right now. Regards, Rene -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: armhf (armv7l) Kernel: Linux 3.18.0-trunk-rpi2 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Processed: block 821772 with 821467
Processing commands for cont...@bugs.debian.org: > block 821772 with 821467 Bug #821772 [release.debian.org] transition: hunspell 821772 was not blocked by any bugs. 821772 was not blocking any bugs. Added blocking bug(s) of 821772: 821467 > thanks Stopping processing here. Please contact me if you need assistance. -- 821772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: unblock 821772 with 821467, block 821772 with 821464
Processing commands for cont...@bugs.debian.org: > unblock 821772 with 821467 Bug #821772 [release.debian.org] transition: hunspell 821772 was blocked by: 821467 821772 was not blocking any bugs. Removed blocking bug(s) of 821772: 821467 > block 821772 with 821464 Bug #821772 [release.debian.org] transition: hunspell 821772 was not blocked by any bugs. 821772 was not blocking any bugs. Added blocking bug(s) of 821772: 821464 > thanks Stopping processing here. Please contact me if you need assistance. -- 821772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#821784: girara: FTBFS: libjson-c.a: error adding symbols: Bad value
Processing control commands: > reassign -1 libjson-c-dev 0.12-2 Bug #821784 [src:girara] girara: FTBFS: libjson-c.a: error adding symbols: Bad value Bug reassigned from package 'src:girara' to 'libjson-c-dev'. No longer marked as found in versions girara/0.2.6-1. Ignoring request to alter fixed versions of bug #821784 to the same values previously set Bug #821784 [libjson-c-dev] girara: FTBFS: libjson-c.a: error adding symbols: Bad value Marked as found in versions json-c/0.12-2. > forcemerge 821768 -1 Bug #821768 [libjson-c-dev] libjson-c-dev: broken .so symlink Bug #821784 [libjson-c-dev] girara: FTBFS: libjson-c.a: error adding symbols: Bad value 821077 was blocked by: 821768 821077 was not blocking any bugs. Added blocking bug(s) of 821077: 821784 Merged 821768 821784 > affects -1 src:girara Bug #821784 [libjson-c-dev] girara: FTBFS: libjson-c.a: error adding symbols: Bad value Bug #821768 [libjson-c-dev] libjson-c-dev: broken .so symlink Added indication that 821784 affects src:girara Added indication that 821768 affects src:girara -- 821077: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821077 821768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821768 821784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821784 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#821772: transition: hunspell
block 821772 by 820106 block 821772 by 821802 thanks Hi, On Tue, Apr 19, 2016 at 09:27:17AM +0200, Rene Engelhard wrote: > I have a rebuild test of all those running right now. Most build fine, except: > enchant See before-mentioned bug. > libreoffice See gerrit change. Will be fixed with next upload. > licq Unrelated FTBFS: #820106, marked for autoremoval from testing on 2016-05-04 > lokalize Needs source fix to find libhunspell-1.4.so(?): filed as #821802 Regards, Rene
Processed: Re: transition: hunspell
Processing commands for cont...@bugs.debian.org: > block 821772 by 820106 Bug #821772 [release.debian.org] transition: hunspell 821772 was blocked by: 821464 821772 was not blocking any bugs. Added blocking bug(s) of 821772: 820106 > block 821772 by 821802 Bug #821772 [release.debian.org] transition: hunspell 821772 was blocked by: 821464 820106 821772 was not blocking any bugs. Added blocking bug(s) of 821772: 821802 > thanks Stopping processing here. Please contact me if you need assistance. -- 821772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#821816: Automatic removals changes in [KEY-PACKAGES] for PHP 7.0 transition
Package: release.debian.org Severity: normal Hi, please remove: - reason: popcon source: php-json - reason: popcon source: php5 - reason: php-json build-depends dh-php5 source: dh-php5 add: - reason: php7.0 depends php-defaults source: php - reason: popcon source: php7.0 change: - reason: php5-dev depends shtool source: shtool to - reason: php7.0-dev depends shtool source: shtool - reason: php5 build-depends freetds-dev source: freetds to - reason: php7.0 build-depends freetds-dev source: freetds - reason: php5 build-depends libxmltok1-dev source: libxmltok to - reason: php7.0 build-depends libxmltok1-dev source: libxmltok possible addition (not mandatory): - reason: many php extensions build-depend on dh-php source: dh-php Thanks, Ondrej -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (700, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#821816: Automatic removals changes in [KEY-PACKAGES] for PHP 7.0 transition
On 19/04/16 16:08, Ondřej Surý wrote: > Package: release.debian.org > Severity: normal > > Hi, > > please > > remove: > > - reason: popcon > source: php-json > - reason: popcon > source: php5 > - reason: php-json build-depends dh-php5 > source: dh-php5 > > add: > > - reason: php7.0 depends php-defaults > source: php > - reason: popcon > source: php7.0 > > change: > > - reason: php5-dev depends shtool > source: shtool > to > - reason: php7.0-dev depends shtool > source: shtool > > - reason: php5 build-depends freetds-dev > source: freetds > to > - reason: php7.0 build-depends freetds-dev > source: freetds > > - reason: php5 build-depends libxmltok1-dev > source: libxmltok > to > - reason: php7.0 build-depends libxmltok1-dev > source: libxmltok > > possible addition (not mandatory): > > - reason: many php extensions build-depend on dh-php > source: dh-php Key packages are automatically generated, based on popcon (and possibly priority) then recursively getting their (build-)deps. If php5 is going to be removed from the archive, then it will go away from the list when that happens; no need to worry about it. As for php7, it will eventually get there automatically (assuming enough installations). Cheers, Emilio
Bug#821772: transition: hunspell
On 19/04/16 09:27, Rene Engelhard wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, > > new hunspell upstream release. As the time of this writing it hasn't cleared > NEW, though. Looking good. Let us know once this clears NEW and you're ready to start the transition. Emilio
Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi Release Team, There's a vulnerability in Crypto++, the C++ class library of cryptographic schemes. It's CVE-2016-3995, bogus protection from timing attacks in AES (Rijndael) cipher. GCC could optimize the protection out. The patch (already in Sid + Stretch) prevents this. It's minor for a security update, but can be enough for a normal package update. Thanks for consideration, Laszlo/GCS diff -Nru libcrypto++-5.6.1/debian/changelog libcrypto++-5.6.1/debian/changelog --- libcrypto++-5.6.1/debian/changelog 2015-06-28 13:58:22.0 + +++ libcrypto++-5.6.1/debian/changelog 2016-04-11 16:16:30.0 + @@ -1,3 +1,9 @@ +libcrypto++ (5.6.1-6+deb7u2) wheezy; urgency=medium + + * Fix CVE-2016-3995, Rijndael timing attack counter measure. + + -- Laszlo Boszormenyi (GCS) Mon, 11 Apr 2016 16:13:54 + + libcrypto++ (5.6.1-6+deb7u1) wheezy-security; urgency=high * Fix CVE-2015-2141, misuse of blinding technique that is aimed at diff -Nru libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch --- libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 1970-01-01 00:00:00.0 + +++ libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 2016-04-16 11:38:13.0 + @@ -0,0 +1,52 @@ +From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001 +From: Pierre Lestringant +Date: Wed, 6 Apr 2016 15:51:17 +0200 +Subject: [PATCH] Fix the Rijndael timing attack counter measure + +--- + rijndael.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rijndael.cpp b/rijndael.cpp +index f394960..92f9dea 100644 +--- a/rijndael.cpp b/rijndael.cpp +@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c + // timing attack countermeasure. see comments at top for more details + // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, + // QUARTER_ROUND_LD will use Td, which is already preloaded. +- u = 0; ++ u = _u; + for (i=0; i<256; i+=cacheLineSize) + u &= *(const word32 *)(Sd+i); + u &= *(const word32 *)(Sd+252); diff -Nru libcrypto++-5.6.1/debian/patches/series libcrypto++-5.6.1/debian/patches/series --- libcrypto++-5.6.1/debian/patches/series 2015-06-28 13:58:08.0 + +++ libcrypto++-5.6.1/debian/patches/series 2016-04-11 16:25:12.0 + @@ -7,3 +7,4 @@ salsa.patch gcc-4.7-ftbfs.diff CVE-2015-2141.patch +CVE-2016-3995.patch
Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi Release Team, There's a vulnerability in Crypto++, the C++ class library of cryptographic schemes. It's CVE-2016-3995, bogus protection from timing attacks in AES (Rijndael) cipher. GCC could optimize the protection out. The patch (already in Sid + Stretch) prevents this. It's minor for a security update, but can be enough for a normal package update. Thanks for consideration, Laszlo/GCS diff -Nru libcrypto++-5.6.1/debian/changelog libcrypto++-5.6.1/debian/changelog --- libcrypto++-5.6.1/debian/changelog 2015-06-28 13:41:08.0 + +++ libcrypto++-5.6.1/debian/changelog 2016-04-11 16:16:44.0 + @@ -1,3 +1,9 @@ +libcrypto++ (5.6.1-6+deb8u2) jessie; urgency=medium + + * Fix CVE-2016-3995, Rijndael timing attack counter measure. + + -- Laszlo Boszormenyi (GCS) Mon, 11 Apr 2016 16:13:56 + + libcrypto++ (5.6.1-6+deb8u1) jessie-security; urgency=high * Fix CVE-2015-2141, misuse of blinding technique that is aimed at diff -Nru libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch --- libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 1970-01-01 00:00:00.0 + +++ libcrypto++-5.6.1/debian/patches/CVE-2016-3995.patch 2016-04-16 11:42:14.0 + @@ -0,0 +1,52 @@ +From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001 +From: Pierre Lestringant +Date: Wed, 6 Apr 2016 15:51:17 +0200 +Subject: [PATCH] Fix the Rijndael timing attack counter measure + +--- + rijndael.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rijndael.cpp b/rijndael.cpp +index f394960..92f9dea 100644 +--- a/rijndael.cpp b/rijndael.cpp +@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c + t3 = rk[7]; + rk += 8; + +- // timing attack countermeasure. see comments at top for more details ++ // timing attack countermeasure. see comments at top for more details. ++ // also see http://github.com/weidai11/cryptopp/issues/146 + const int cacheLineSize = GetCacheLineSize(); + unsigned int i; +- word32 u = 0; ++ volatile word32 _u = 0; ++ word32 u = _u; + #ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + for (i=0; i<2048; i+=cacheLineSize) + #else +@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c + // timing attack countermeasure. see comments at top for more details + // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, + // QUARTER_ROUND_LD will use Td, which is already preloaded. +- u = 0; ++ u = _u; + for (i=0; i<256; i+=cacheLineSize) + u &= *(const word32 *)(Sd+i); + u &= *(const word32 *)(Sd+252); diff -Nru libcrypto++-5.6.1/debian/patches/series libcrypto++-5.6.1/debian/patches/series --- libcrypto++-5.6.1/debian/patches/series 2015-06-28 13:37:49.0 + +++ libcrypto++-5.6.1/debian/patches/series 2016-04-11 16:25:58.0 + @@ -7,3 +7,4 @@ salsa.patch gcc-4.7-ftbfs.diff CVE-2015-2141.patch +CVE-2016-3995.patch
Bug#821816: Automatic removals changes in [KEY-PACKAGES] for PHP 7.0 transition
On Tue, Apr 19, 2016, at 17:35, Emilio Pozuelo Monfort wrote: > Key packages are automatically generated, based on popcon (and possibly > priority) then recursively getting their (build-)deps. Bummer > If php5 is going to be removed from the archive, then it will go away > from the > list when that happens; no need to worry about it. As for php7, it will > eventually get there automatically (assuming enough installations). The idea behind was to let the RC bug on php5 kick-in, so we don't have to manually remove all the src:php5 r-deps from testing. This would prevent converting all the php7.0-transition bugs[1] to be turned in RC bugs. 1. https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=php7.0-transition;users=pkg-php-ma...@lists.alioth.debian.org Cheers, -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Processed: Re: Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
Processing control commands: > tags -1 + confirmed Bug #821834 [release.debian.org] wheezy-pu: package libcrypto++/5.6.1-6+deb7u2 Added tag(s) confirmed. -- 821834: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821834 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
Control: tags -1 + confirmed On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote: > There's a vulnerability in Crypto++, the C++ class library of > cryptographic schemes. > It's CVE-2016-3995, bogus protection from timing attacks in AES > (Rijndael) cipher. GCC could optimize the protection out. The patch > (already in Sid + Stretch) prevents this. It's minor for a security > update, but can be enough for a normal package update. Please go ahead. Regards, Adam
Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Control: tags -1 + confirmed On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote: > There's a vulnerability in Crypto++, the C++ class library of > cryptographic schemes. > It's CVE-2016-3995, bogus protection from timing attacks in AES > (Rijndael) cipher. GCC could optimize the protection out. The patch > (already in Sid + Stretch) prevents this. It's minor for a security > update, but can be enough for a normal package update. Please go ahead. Regards, Adam
Processed: Re: Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
Processing control commands: > tags -1 + confirmed Bug #821835 [release.debian.org] jessie-pu: package libcrypto++/5.6.1-6+deb8u2 Added tag(s) confirmed. -- 821835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818908: jessie-pu: package dpkg/1.17.27
Control: tags -1 +confirmed -moreinfo On Sun, 2016-03-27 at 12:06 +0200, Guillem Jover wrote: > Hi! > > On Wed, 2016-03-23 at 20:52:04 +0100, Julien Cristau wrote: > > On Mon, Mar 21, 2016 at 16:49:35 +0100, Guillem Jover wrote: [...] > > > -The program \fBdpkg\fP will execute when starting a new shell. > > > +The program \fBdpkg\fP will execute when starting a new interactive > > > shell. > > > .TP > > > .B COLUMNS > > > Sets the number of columns \fBdpkg\fP should use when displaying > > > formatted > > > > This change regresses translations. As it's essentially a clarification > > rather than a fix to the previous text, wouldn't it be better to leave > > the text as-is so as not to invalidate existing translations? > > I always hesitate with string changes, as PO files are designed to > cope with this gracefully, but in this case I guess it's indeed > probably not worth it. So I've removed them and rerolled the release. > Attached the new patch. Apologies for the delays in getting back to you. Please go ahead. Regards, Adam
Processed: Re: Bug#818908: jessie-pu: package dpkg/1.17.27
Processing control commands: > tags -1 +confirmed -moreinfo Bug #818908 [release.debian.org] jessie-pu: package dpkg/1.17.27 Added tag(s) confirmed. Bug #818908 [release.debian.org] jessie-pu: package dpkg/1.17.27 Removed tag(s) moreinfo. -- 818908: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818908 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#818906: wheezy-pu: package dpkg/1.16.18
Control: tags -1 -moreinfo +confirmed On Sun, 2016-03-27 at 12:07 +0200, Guillem Jover wrote: > Hi! > > On Wed, 2016-03-23 at 18:07:46 +0100, Guillem Jover wrote: > > On Mon, 2016-03-21 at 16:36:16 +0100, Guillem Jover wrote: [...] > > > Here's a proposed dpkg 1.16.18, with cherry picked fixes from master > > > (already in unstable). These include fixes for regressions, memory leaks, > > > segmentation faults, portability and interaction with tools such as > > > GNU tar or the system shell. [...] > > The same reply as the one for jessie applies here. I've also taken out > > the git log fix here, and I'm attaching the compressed full diff. Let > > me know if anything else needs clarification, etc. > > Same as for the 1.17.x release, I've removed the string changes in the > man page and rerolled the release. Attached the new patch. Apologies for the delay in getting back to you. Please go ahead. Regards, Adam
Processed: Re: Bug#818906: wheezy-pu: package dpkg/1.16.18
Processing control commands: > tags -1 -moreinfo +confirmed Bug #818906 [release.debian.org] wheezy-pu: package dpkg/1.16.18 Removed tag(s) moreinfo. Bug #818906 [release.debian.org] wheezy-pu: package dpkg/1.16.18 Added tag(s) confirmed. -- 818906: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818906 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#820059: jessie-pu: package xapian-core/1.2.19-1
Processing control commands: > tags -1 + confirmed Bug #820059 [release.debian.org] jessie-pu: package xapian-core/1.2.19-1 Added tag(s) confirmed. -- 820059: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820059 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#820059: jessie-pu: package xapian-core/1.2.19-1
Control: tags -1 + confirmed On Tue, 2016-04-19 at 02:01 +0100, Olly Betts wrote: > Control: tags -1 + patch > Control: tags -1 - moreinfo > > On Wed, Apr 06, 2016 at 09:35:46PM +0100, Adam D. Barratt wrote: > > On Tue, 2016-04-05 at 17:06 +1200, Olly Betts wrote: > > > The attached patch is from the upstream git repo - it's been on git > > > master since 2015-04-28, and in upstream stable releases since > > > 2015-05-20. > > > > In isolation the patch looks okay, but in order to confirm a upload > > please can we have a debdiff of the proposed source package, as built > > and tested on Jessie? > > Attached. Please go ahead. Regards, Adam
Bug#821205: jessie-pu: package gitolite3/3.6.1-2
Control: tags -1 + confirmed On Sat, 2016-04-16 at 13:24 -0300, David Bremner wrote: > This is a fix for a missing functionality bug (819841) in jessie. The > fix has been in several subsequent upstream releases, so it should be > safe, even if it does involve regex-soup. As regex-soup goes, that's fairly clean. :-) Please go ahead. Regards, Adam
Processed: Re: Bug#821205: jessie-pu: package gitolite3/3.6.1-2
Processing control commands: > tags -1 + confirmed Bug #821205 [release.debian.org] jessie-pu: package gitolite3/3.6.1-2 Added tag(s) confirmed. -- 821205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821205 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#820540: jessie-pu: package bareos/14.2.1+20141017gitc6c5b56-3+deb8u2
Processing control commands: > tags -1 + confirmed Bug #820540 [release.debian.org] jessie-pu: package bareos/14.2.1+20141017gitc6c5b56-3+deb8u2 Added tag(s) confirmed. -- 820540: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820540 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#820540: jessie-pu: package bareos/14.2.1+20141017gitc6c5b56-3+deb8u2
Control: tags -1 + confirmed On Sat, 2016-04-09 at 18:32 +0200, Felix Geyer wrote: > I'd like to update bareos in jessie to fix bug #819807 (TLS completely > broken). > This involves backporting 3 commits from upstream. > Similar changes are in the 14.2.6-3 upload but for jessie another backported > commit > is necessary. > > The debdiff is attached. Most of the diff is the addition of tls autopkgtests. Please go ahead. Regards, Adam
Processed: Re: Bug#821757: wheezy-pu: package xapian-core/1.2.12-2
Processing control commands: > tags -1 + confirmed Bug #821757 [release.debian.org] wheezy-pu: package xapian-core/1.2.12-2 Added tag(s) confirmed. -- 821757: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821757 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#821757: wheezy-pu: package xapian-core/1.2.12-2
Control: tags -1 + confirmed On Tue, 2016-04-19 at 13:51 +1200, Olly Betts wrote: > I'd like to update xapian-core in wheezy to fix a bug which can cause > database corruption. This is triggered by certain usage patterns, and > the recoll package is known to be affected: > > https://bugs.debian.org/808610 Please go ahead. Regards, Adam
Bug#821834: wheezy-pu: package libcrypto++/5.6.1-6+deb7u2
On Tue, Apr 19, 2016 at 9:27 PM, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote: >> There's a vulnerability in Crypto++, the C++ class library of >> cryptographic schemes. [...] > Please go ahead. Thanks, just uploaded. Cheers, Laszlo/GCS
Bug#821835: jessie-pu: package libcrypto++/5.6.1-6+deb8u2
On Tue, Apr 19, 2016 at 9:27 PM, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2016-04-19 at 19:19 +0200, László Böszörményi wrote: >> There's a vulnerability in Crypto++, the C++ class library of >> cryptographic schemes. [...] > Please go ahead. Just uploaded the package. Regards, Laszlo/GCS
Bug#821757: wheezy-pu: package xapian-core/1.2.12-2
On Tue, Apr 19, 2016 at 08:47:15PM +0100, Adam D. Barratt wrote: > Please go ahead. Thanks, now uploaded. Cheers, Olly
Bug#820059: jessie-pu: package xapian-core/1.2.19-1
On Tue, Apr 19, 2016 at 08:38:11PM +0100, Adam D. Barratt wrote: > Please go ahead. Thanks, now uploaded. Cheers, Olly
Re: [SUA 96-1] Updated xscreensaver version
unsubscribe > --- > Debian Stable Updates Announcement SUA 96-1 https://www.debian.org > debian-release@lists.debian.org Tormod Volden > April 19th, 2016 > --- > > Package : xscreensaver > Version : 5.30-1+deb8u2 [jessie] > Importance : low > > xscreensaver in Debian 8 includes a warning that the package is not up > to date, both at program start and when the screen is locked. This > update removes that warning. > > Users should not be concerned that the package is out of date. > xscreensaver continues to receive the same security and bug fix > support as other packages in stable; this update is merely cosmetic. > > Upgrade Instructions > > > You can get the updated packages by adding the stable-updates archive > for your distribution to your /etc/apt/sources.list: > > deb http://ftp.debian.org/debian jessie-updates main > deb-src http://ftp.debian.org/debian jessie-updates main > > You can also use any of the Debian archive mirrors. See > 'https://www.debian.org/mirrors/list' for the full list of mirrors. > > For further information about stable-updates, please refer to > https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html > > If you encounter any issues, please don't hesitate to get in touch with > the Debian Release Team at 'debian-release@lists.debian.org' > > Rob Hodgins Calm I come to you. I take your pain away. 780 862-5335 r...@robhodgins.com http://www.robhodgins.com
Bug#821440: transition: ntfs-3g
On Mon, Apr 18, 2016 at 8:52 PM, Emilio Pozuelo Monfort wrote: > On 18/04/16 20:01, Laszlo Boszormenyi (GCS) wrote: >> All three build fine and seem to be correct with the new ntfs-3g >> package. May I upload the it with the new upstream release to Sid? >> Mentioned packages will need to be binNMUed. > > Sure, go ahead. Uploaded and built on all primary architectures. Fails on kFreeBSD ones due to a non-existing (Linux only) errno on them, working on it. You can issue the binNMUs. Regards, Laszlo/GCS
Bug#819979: transition: libgit2
On 04/04/16 15:58, Andreas Henriksson wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > X-Debbugs-CC: Russell Sim , Pirate Praveen > , Dmitry Smirnov > > Hello release team! > > I'd like to request a transition slot for libgit2. This is now finished. Closing. Cheers, Emilio
Bug#819979: marked as done (transition: libgit2)
Your message dated Wed, 20 Apr 2016 08:50:48 +0200 with message-id <571726c8.5040...@debian.org> and subject line Re: Bug#819979: transition: libgit2 has caused the Debian Bug report #819979, regarding transition: libgit2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 819979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819979 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-CC: Russell Sim , Pirate Praveen , Dmitry Smirnov Hello release team! I'd like to request a transition slot for libgit2. I've tested building reverse dependencies: birdfont cargo geany-plugins golang-git2go kate libgit2-glib python-pygit2 ruby-rugged geany-plugins already has a FTBFS bug reported at #819889 but I don't consider it a transition blocker as it has no reverse dependencies and could simply get temporarily removed from testing. The following failed to build with the new version and needs sourceful uploads: * libgit2-glib - I assumed this would simply be fixed by sourceful uploading of matching libgit2-glib v0.24.0, see #819871 * ruby-rugged - Pirate Praveen reported success with the new version he's prepared. So to summarize: RM geany-plugins sourceful uploads: libgit2-glib, ruby-rugged binNMU: birdfont, cargo, geany-plugins, golang-git2go, kate, python-pygit2 The new upstream release 0.24.0 was just uploaded to(wards) experimental (now stuck in NEW ofcourse) so an automatic tracker should be available soon. Ben file: title = "libgit2"; is_affected = .depends ~ "libgit2-23" | .depends ~ "libgit2-24"; is_good = .depends ~ "libgit2-24"; is_bad = .depends ~ "libgit2-23"; -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 20/04/16 08:41, Emilio Pozuelo Monfort wrote: > On 04/04/16 15:58, Andreas Henriksson wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: transition >> X-Debbugs-CC: Russell Sim , Pirate Praveen >> , Dmitry Smirnov >> >> Hello release team! >> >> I'd like to request a transition slot for libgit2. > > This is now finished. Closing. ECOFFEE. Really closing now. Emilio--- End Message ---
