Bug#888731: stretch-pu: package virt-what/1.15-1+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu The update fixes problems with virt detection arch/aarch64 since these fall back to uname -m. x86 uses cpuid mostly so it went there undetected. Cheers, -- Guido -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff --git a/debian/changelog b/debian/changelog index beabec6..a9fcd09 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +virt-what (1.15-1+deb9u1) stable-proposed-updates; urgency=medium + + * Unbreak virt detection on arm/aarch64 (Closes: #888690) + + -- Guido Günther Sun, 28 Jan 2018 19:41:53 +0100 + virt-what (1.15-1) unstable; urgency=medium [ Guido Günther ] diff --git a/debian/gbp.conf b/debian/gbp.conf index 760033d..a57e359 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch=upstream/latest -debian-branch=debian/sid +debian-branch=debian/stretch [pq] patch-numbers = False diff --git a/debian/patches/Determine-architecture-via-uname-m.patch b/debian/patches/Determine-architecture-via-uname-m.patch new file mode 100644 index 000..3352f96 --- /dev/null +++ b/debian/patches/Determine-architecture-via-uname-m.patch @@ -0,0 +1,28 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= +Date: Sat, 27 Jan 2018 13:11:36 +0100 +Subject: Determine architecture via 'uname -m' + +'uname -p' only gives unknown on x86_64, i386, arm6l (rpi) and aarch64 +(scaleways). + +Closes: #888690 +--- + virt-what.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/virt-what.in b/virt-what.in +index a5ed33e..ddfb53a 100644 +--- a/virt-what.in b/virt-what.in +@@ -101,9 +101,9 @@ cpuid=$(virt-what-cpuid-helper) + dmi=$(LANG=C dmidecode 2>&1) + + # Architecture. +-# Note for the purpose of testing, we only call uname with -p option. ++# Note for the purpose of testing, we only call uname with -m option. + +-arch=$(uname -p | sed -e 's/i.86/i386/' | sed -e 's/arm.*/arm/') ++arch=$(uname -m | sed -e 's/i.86/i386/' | sed -e 's/arm.*/arm/') + + # Check for VMware. + # cpuid check added by Chetan Loke. diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000..4879f6d --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +Determine-architecture-via-uname-m.patch
Bug#888751: transition: gdbm
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal Hello Release team, I think it is time to do the transition. (KAction is MIA now, I prefer to not delay it any longer) Affected packages: am-utils apr-util clisp courier-authlib couriergrey elk gauche gnarwl gnu-smalltalk ifmail librep magicrescue man-db metview mit-scheme modem-manager-gui nis pam-shield perdition perl pypy python-stdlib-extensions python3-stdlib-extensions ruby2.3 ruby2.5 sjeng slgdbm sortmail avahi courier freeradius fsvs lighttpd maildrop qsf pike7.8 Bad packages: ifmail/sortmail -> patch (adding the compat package to depends) pike7.8 -> patch (cherry-pick from pike8.0 the build fix, undef an already defined variable) clisp -> fix available in gdbm 1.14.1 (currently in binNEW). I'll push for gdbm 1.14 once it clears new and I get an ack (rebuilds against the new release are ongoing, nothing should have been changed looking at the diff) I'm opening right now the bugs for ifmail, sortmail and pike7.8, blocking this one. Ben file not needed, the auto-tracker seems to be fine Gianfranco signature.asc Description: OpenPGP digital signature
Processed: gdbm: add blocking bugs
Processing commands for cont...@bugs.debian.org: > block 888751 by 888752 Bug #888751 [release.debian.org] transition: gdbm 888751 was not blocked by any bugs. 888751 was not blocking any bugs. Added blocking bug(s) of 888751: 888752 > block 888751 by 888753 Bug #888751 [release.debian.org] transition: gdbm 888751 was blocked by: 888752 888751 was not blocking any bugs. Added blocking bug(s) of 888751: 888753 > block 888751 by 888754 Bug #888751 [release.debian.org] transition: gdbm 888751 was blocked by: 888753 888752 888751 was not blocking any bugs. Added blocking bug(s) of 888751: 888754 > thanks Stopping processing here. Please contact me if you need assistance. -- 888751: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888751 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#888766: stretch-pu: package debian-security-support/2018.01.29~deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu This update brings debian-security-support in line with unstable. Most notably in stable this affects swftools since security support for it is now limited. Cheers, -- Guido -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff --git a/debian/changelog b/debian/changelog index 28a9b5d..669e194 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,44 @@ +debian-security-support (2018.01.29~deb9u1) stable-proposed-updates; urgency=medium + + * Rebuild for stretch + + -- Guido Günther Mon, 29 Jan 2018 17:23:45 +0100 + +debian-security-support (2018.01.29) unstable; urgency=medium + + [ Markus Koschany ] + * Add teamspeak to security-support-ended.deb7 + * Add libstruts1.2-java to security-support-ended.deb7. + * Add nvidia-graphics-drivers to security-support-ended.deb7. +Non-free is not supported + * Add glassfish to security-support-ended.deb7 + * Mark jbossas4 as end-of-life in Wheezy. + * Mark jasperreports as unsupported in Wheezy. +No sponsor users it. Targeted fixes not possible because detailed +information about the vulnerabilities and their solution (patches) is not +available. + + [ Salvatore Bonaccorso ] + * Mark chromium-browser as end-of-life for Debian 8 (Jessie) + + [ Raphaël Hertzog ] + * Mark libnet-ping-external-perl as unsupported in wheezy. + * Mark mp3gain as unsupported in wheezy. + + [ Emilio Pozuelo Monfort ] + * Mark tor as unsupported in wheezy. + + [ Guido Günther ] + * Add swftools to security support limited +swftools is orphaned (#885088) and the security tracker is currently +counting 25 open CVEs. It is a useful tool with trusted content though. + * Bump standards version to 4.1.3. +No changes needed + * Bump debhelper compat level to 9 which is available in oldoldstable +(wheezy). + + -- Guido Günther Mon, 29 Jan 2018 17:05:46 +0100 + debian-security-support (2017.06.02) unstable; urgency=medium [ Moritz Muehlenhoff ] diff --git a/debian/compat b/debian/compat index 45a4fb7..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -8 +9 diff --git a/debian/control b/debian/control index 2b827d1..f764ab9 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Christoph Biedl Uploaders: Debian Security Team -Build-Depends: debhelper (>= 8~), +Build-Depends: debhelper (>= 9~), asciidoc, gettext, gawk, @@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 8~), original-awk, po-debconf, xmlto, -Standards-Version: 3.9.8 +Standards-Version: 4.1.3 Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000..ee4e7df --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch=stretch diff --git a/security-support-ended.deb7 b/security-support-ended.deb7 index 5cfd110..5278edb 100644 --- a/security-support-ended.deb7 +++ b/security-support-ended.deb7 @@ -52,3 +52,13 @@ kfreebsd-8 8.3-6+deb7u12016-02-06 Not supported in Deb kfreebsd-9 9.0-10+deb70.10 2016-02-06 Not supported in Debian LTS ioquake31.36+svn2287-1 2017-03-15 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/03/msg00075.html) autotrace 0.31.1-16 2017-06-01 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/05/msg00124.html) +teamspeak-server2.0.24.1+debian-1.1 2017-07-31 Not supported in Debian LTS (non-free) +teamspeak-client2.0.32-3.1 2017-07-31 Not supported in Debian LTS (non-free) +libstruts1.2-java 1.2.9-5+deb7u2 2017-09-23 Not supported in Debian LTS +nvidia-graphics-drivers 304.131-1 2017-09-24 Not supported in Debian LTS (non-free) +glassfish 1:2.1.1-b31g-3 2017-09-26 Not supported in Debian LTS +jbossas44.2.3.GA-7 2017-10-31 Not supported in Debian LTS +libnet-ping-external-perl 0.13-12017-12-21 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/threads.html#00073) +mp3gain 1.5.2-r2-2+deb7u1 201
Bug#888767: jessie-pu: package debian-security-support/2018.01.29~deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu X-Debbugs-CC: t...@security.debian.org This update brings debian-security-support in line with unstable. Most notably in oldstable this affects swftools since security support for it is now limited and chromium which doesn't receive any further security updates. Cheers, -- Guido -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff --git a/debian/changelog b/debian/changelog index 94d43a6..f55e7e1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,44 @@ +debian-security-support (2018.01.29~deb8u1) oldstable-proposed-updates; urgency=medium + + * Rebuild for jessie + + -- Guido Günther Mon, 29 Jan 2018 17:30:46 +0100 + +debian-security-support (2018.01.29) unstable; urgency=medium + + [ Markus Koschany ] + * Add teamspeak to security-support-ended.deb7 + * Add libstruts1.2-java to security-support-ended.deb7. + * Add nvidia-graphics-drivers to security-support-ended.deb7. +Non-free is not supported + * Add glassfish to security-support-ended.deb7 + * Mark jbossas4 as end-of-life in Wheezy. + * Mark jasperreports as unsupported in Wheezy. +No sponsor users it. Targeted fixes not possible because detailed +information about the vulnerabilities and their solution (patches) is not +available. + + [ Salvatore Bonaccorso ] + * Mark chromium-browser as end-of-life for Debian 8 (Jessie) + + [ Raphaël Hertzog ] + * Mark libnet-ping-external-perl as unsupported in wheezy. + * Mark mp3gain as unsupported in wheezy. + + [ Emilio Pozuelo Monfort ] + * Mark tor as unsupported in wheezy. + + [ Guido Günther ] + * Add swftools to security support limited +swftools is orphaned (#885088) and the security tracker is currently +counting 25 open CVEs. It is a useful tool with trusted content though. + * Bump standards version to 4.1.3. +No changes needed + * Bump debhelper compat level to 9 which is available in oldoldstable +(wheezy). + + -- Guido Günther Mon, 29 Jan 2018 17:05:46 +0100 + debian-security-support (2017.06.02~deb8u1) jessie; urgency=medium * Rebuild for jessie. diff --git a/debian/compat b/debian/compat index 45a4fb7..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -8 +9 diff --git a/debian/control b/debian/control index 2b827d1..f764ab9 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Christoph Biedl Uploaders: Debian Security Team -Build-Depends: debhelper (>= 8~), +Build-Depends: debhelper (>= 9~), asciidoc, gettext, gawk, @@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 8~), original-awk, po-debconf, xmlto, -Standards-Version: 3.9.8 +Standards-Version: 4.1.3 Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000..525d1b4 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch=jessie diff --git a/security-support-ended.deb7 b/security-support-ended.deb7 index 5cfd110..5278edb 100644 --- a/security-support-ended.deb7 +++ b/security-support-ended.deb7 @@ -52,3 +52,13 @@ kfreebsd-8 8.3-6+deb7u12016-02-06 Not supported in Deb kfreebsd-9 9.0-10+deb70.10 2016-02-06 Not supported in Debian LTS ioquake31.36+svn2287-1 2017-03-15 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/03/msg00075.html) autotrace 0.31.1-16 2017-06-01 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/05/msg00124.html) +teamspeak-server2.0.24.1+debian-1.1 2017-07-31 Not supported in Debian LTS (non-free) +teamspeak-client2.0.32-3.1 2017-07-31 Not supported in Debian LTS (non-free) +libstruts1.2-java 1.2.9-5+deb7u2 2017-09-23 Not supported in Debian LTS +nvidia-graphics-drivers 304.131-1 2017-09-24 Not supported in Debian LTS (non-free) +glassfish 1:2.1.1-b31g-3 2017-09-26 Not supported in Debian LTS +jbossas44.2.3.GA-7 2017-10-31 Not supported in Debian LTS +libnet-ping-external-perl 0.13-12017-12-21 Not supported in Debian LTS (https
Bug#886294: transition: nodejs
On 2018-01-25 11:36, Aurelien Jarno wrote: Bumping the baseline to z196 looks like the easiest way and as you said, it would also fix go, rustc and maybe more software. However we discussed raising the ISA to z10 about one year and a half ago, and the conclusion was that we still have users with older machines. I'll try to restart the discussion again. What's the venue to have this discussion in? :) Kind regards and thanks Philipp Kern
NEW changes in stable-new
Processing changes file: clamav_0.99.2+dfsg-6+deb9u1_mipsel.changes ACCEPT
Bug#888783: stretch-pu: package postfix/3.1.8-0+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu This update is intended to accomplish several improvements: 1. The regression introduced by the libdb security fix is corrected by upstream. This was tested by me and is in Unstable in 3.2.5-1. This should be allowed to migrate to testing before this upload for stable. This issue was specifically requested to be fixed by a SRM. 2. A packaging fix to resolve one cause of postfix faling to start if inet_interfaces is set to something other than all. This fix has been in Unstable/Testing since last year with no negative feedback. 3. Fixes a regression from oldstable where dynamic maps were not available to the sendmail command. 4. Fixes a significant issue in DANE support (new feature for stretch). 5. Other low risk (including documentation) fixes. There are also a couple of things that are here that won't affect the user either way: 1. A slight bit of patch cruft due to needing to refresh a patch that slightly colllided with the fix for the security regression. Ideally it wouldn't be in the diff, but it didn't seem to clutter things too badly and it seemed lower risk not to hand edit the patch. 2. Added a postfix 3.1 specific debian watch file for the maintainer's convenience. This is useful for my work flow and has no user impact or risk. As usual, the postfix upstream is very careful and thorough in micro-release updates and all the upstream changes are good things for our users. I have the proposed package in production and have not noted any issues. Thanks for reviewing, Scott K diff -Nru postfix-3.1.6/debian/changelog postfix-3.1.8/debian/changelog --- postfix-3.1.6/debian/changelog 2017-09-27 00:59:24.0 -0400 +++ postfix-3.1.8/debian/changelog 2018-01-29 12:31:22.0 -0500 @@ -1,3 +1,43 @@ +postfix (3.1.8-0+deb9u1) stretch; urgency=medium + +[Scott Kitterman] + + * Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix +failures when inet_interfaces != all. Closes: #882141 + * Refresh patches + * Add postfix 3.1 specific watch file + + [Wietse Venema] + + * 3.1.7 +- Bugfix (introduced: Postfix 3.1): DANE support. Postfix + builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to + some sites with "TLSA 2 X X" records associated with an + intermediate CA certificate. Problem report and initial + fix by Erwan Legrand. File: src/tls/tls_dane.c. +- Bugfix (introduced: Postfix 3.0) missing dynamicmaps support + in the Postfix sendmail command broke authorized_submit_users + with a dynamically-loaded map type. File: sendmail/sendmail.c. + * 3.1.8 +- Bugfix (introduced: Postfix 2.1): don't log warnings + that some restriction returns OK, when the access map + DISCARD feature is in effect. File: smtpd/smtpd_check.c. +- Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke + Berkeley DB configurations with a relative pathname. File: + util/dict_db.c. Closes: #879200 +- Workaround: reportedly, some res_query(3) implementation + can return -1 with h_errno==0. Instead of terminating with + a panic, the Postfix DNS client now logs a warning and sets + h_errno to TRY_AGAIN. File: dns/dns_lookup.c. +- Documentation patches by Sven Neuhaus. Files: + proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html. +- Cleanup: missing mailbox seek-to-end error check in the + local(8) delivery agent. File: local/mailbox.c. +- Cleanup: incorrect mailbox seek-to-end error message in the + virtual(8) delivery agent. File: virtual/mailbox.c. + + -- Scott Kitterman Mon, 29 Jan 2018 12:31:19 -0500 + postfix (3.1.6-0+deb9u1) stretch; urgency=medium [Wietse Venema] diff -Nru postfix-3.1.6/debian/patches/11_postmap_update.diff postfix-3.1.8/debian/patches/11_postmap_update.diff --- postfix-3.1.6/debian/patches/11_postmap_update.diff 2017-09-27 00:26:51.0 -0400 +++ postfix-3.1.8/debian/patches/11_postmap_update.diff 2018-01-29 12:21:20.0 -0500 @@ -1,7 +1,7 @@ Index: postfix/html/postmap.1.html === postfix.orig/html/postmap.1.html 2017-09-27 00:26:44.474769942 -0400 -+++ postfix/html/postmap.1.html 2017-09-27 00:26:44.466769942 -0400 +--- postfix.orig/html/postmap.1.html 2018-01-29 12:21:01.200764381 -0500 postfix/html/postmap.1.html 2018-01-29 12:21:01.196764381 -0500 @@ -10,7 +10,7 @@ postmap - Postfix lookup table management @@ -24,8 +24,8 @@ instead of the default configuration directory. Index: postfix/man/man1/postmap.1 === postfix.orig/man/man1/postmap.1 2017-09-27 00:26:44.474769942 -0400 -+++ postfix/man/man1/postmap.1 2017-09-27 00:26:44.466769942 -0400 +--- postfix.orig/ma
Bug#888788: stretch-pu: package lxc/1:2.0.7-2+deb9u2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu iproute has been a transitional package for a while, but the lxc-debian template was refering to it. Now that iproute has been finally removed, creating buster or sid containers fails. This update replaces iproute with iproute2. I am running it on ci.debian.net Diff attached. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=pt_BR:pt:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff --git a/debian/changelog b/debian/changelog index 04e3af6..cd60ca9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +lxc (1:2.0.7-2+deb9u2) stretch; urgency=medium + + * 0005-debian-Use-iproute2-instead-of-iproute.patch: pull iproute2 instead +of iproute, fixing the creation of testing and unstable containers after +the iproute binary package was dropped. + + -- Antonio Terceiro Mon, 29 Jan 2018 20:23:36 -0200 + lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't diff --git a/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch new file mode 100644 index 000..6bc61e4 --- /dev/null +++ b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch @@ -0,0 +1,29 @@ +From: =?utf-8?q?St=C3=A9phane_Graber?= +Date: Mon, 29 Jan 2018 18:18:34 -0200 +Subject: debian: Use iproute2 instead of iproute +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: base64 + +VGhlIHBhY2thZ2UgaGFzIHByZXR0eSBtdWNoIGFsd2F5cyBiZWVuIGlwcm91dGUyIHdpdGggaXBy +b3V0ZSBiZWluZyBhbgphbGlhcyBmb3IgaXQsIHRoZSBhbGlhcyBpcyBub3cgZ29uZSBzbyB3ZSBu +ZWVkIHRvIHVzZSBpcHJvdXRlMi4KClNpZ25lZC1vZmYtYnk6IFN0w6lwaGFuZSBHcmFiZXIgPHN0 +Z3JhYmVyQHVidW50dS5jb20+CkJhY2twb3J0LWJ5OiBBbnRvbmlvIFRlcmNlaXJvIDx0ZXJjZWly +b0BkZWJpYW4ub3JnPgo= +--- + templates/lxc-debian.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in +index 2245770..c927bf6 100644 +--- a/templates/lxc-debian.in b/templates/lxc-debian.in +@@ -271,7 +271,7 @@ dialog,\ + isc-dhcp-client,\ + netbase,\ + net-tools,\ +-iproute,\ ++iproute2,\ + openssh-server + + cache=$1 diff --git a/debian/patches/series b/debian/patches/series index 5e0bb25..587502e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ lxc-2.0-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch 0003-lxc-debian-don-t-hardcode-valid-releases.patch 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch +0005-debian-Use-iproute2-instead-of-iproute.patch signature.asc Description: PGP signature
Bug#888802: stretch-pu: package webkit2gtk/2.18.6-1~deb9u1
Package: release.debian.org X-Debbugs-Cc:webkit2...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: stretch Severity: normal Background - New minor releases of webkit2gtk are made approximately monthly to fix high-impact bugs and security vulnerabilities. New major releases are made every six months (next one is mid-March). Similar to Firefox and Chromium, it's not really feasible to separate the security fixes from other changes. Basically, only one major release series is supported at a time (sometimes, there will be a final security fix for the old series shortly after the first release of the new series, but that's it.) For Debian 9, webkit2gtk is still excluded from normal security support and therefore the Debian Security Team is unwilling to accept webkit2gtk updates via stretch-security to avoid confusing our users. The latest major release webkit2gtk 2.18 was released in September. I am unaware of any remaining regressions in the new series. There was one Ubuntu-specific package that needed to be updated for 2.18. See https://launchpad.net/bugs/1712047 for more details. Generally, all the major distros have updated to 2.18 and there has been plenty of time for regressions to be noticed. News https://webkitgtk.org/2017/09/11/webkitgtk2.18.0-released.html https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html Security Trackers -- This update will fix all current stretch vulnerabilities listed at https://security-tracker.debian.org/tracker/source-package/webkit2gtk https://webkitgtk.org/security/WSA-2017-0008.html https://webkitgtk.org/security/WSA-2017-0009.html https://webkitgtk.org/security/WSA-2017-0010.html https://webkitgtk.org/security/WSA-2018-0001.html https://webkitgtk.org/security/WSA-2018-0002.html https://usn.ubuntu.com/usn/usn-3460-1/ https://usn.ubuntu.com/usn/usn-3481-1/ https://usn.ubuntu.com/usn/usn-3514-1/ https://usn.ubuntu.com/usn/usn-3530-1/ Detailed Commit Log and Diff -- It's not really useful to provide a detailed diff or log for the upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to 2.18.0 upgrade is 10 MB. https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2 debdiff gave me a 71MB file. Builds webkit2gtk 2.18.6 is available in Debian unstable, testing and stretch-backports. It has built successfully on all release architectures. (mips64el is still building on stretch-backports) Proposed Stretch Update I am proposing a straight backport from Buster to Stretch. I am attaching a diff of the debian/ directory. Thanks, Jeremy Bicha webkit2gtk_2.18.6-1~deb9u1.debdiff Description: Binary data
Re: Bug#870056: nmu: robustirc-bridge_1.7-1
This would also be very helpful for fixing security issue #888777. On Sun, Jan 28, 2018 at 8:31 PM, Michael Stapelberg wrote: > Friendly ping? Still interested in getting this set up. > > On Mon, Jan 8, 2018 at 6:56 PM, Michael Stapelberg > wrote: > >> Thanks for the clarification. >> >> So, what’s the next step in this process? Should I file a bug somewhere? >> An RT ticket? An email? >> >> On Sun, Jan 7, 2018 at 11:26 AM, Julien Cristau >> wrote: >> >>> On Sat, Jan 6, 2018 at 19:19:13 +0100, Michael Stapelberg wrote: >>> >>> > On Sat, Jan 6, 2018 at 6:30 PM, Julien Cristau >>> wrote: >>> > >>> > > also implications on visibility of unreleased security updates, so >>> the >>> > > set of people with access needs to stay limited. >>> > >>> > >>> > Just to confirm: is this a side-effect of getting the permission? Being >>> > able to schedule binNMUs doesn’t sound related to security updates to >>> me :) >>> > >>> Yes. Side effect of getting more than guest/read-only access to >>> wanna-build. >>> >>> Cheers, >>> Julien >>> >> >> >> >> -- >> Best regards, >> Michael >> > > > > -- > Best regards, > Michael > -- Best regards, Michael
