Bug#985045: unblock: apt/2.2.2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: j...@debian.org
Please unblock package apt
[ Reason ]
Three things:
1. Improvements for rred with empty patches. APT would display errors
and fall back to fetching full files when it saw empty patches,
confusing people and causing them to ask questions about it
2. Fix the flakiness of autopkgtest on armhf
3. Make a MACRO be a single statement by wrapping it in do { ... } while (0)
as we used it in an if statement without { } in 2.2.1 and that caused
compiler warning because the second statement was run outside the if
statement. This caused us to split dpkg commandlines earlier than
necessary, so not a huge deal, but still.
Adding this change, rather than "fixing" the call such that if we
backport another change in that area we don't forget about putting {}
around it again :D
[ Impact ]
I think I explained that above already. Flaky tests on armhf, and
confusing behavior when apt stumbles upon empty rred patches.
[ Tests ]
Changes in 1 are accompanied by integration tests, change 2 is a test
itself, and change 3 is essentially tested too - it's the macro adding
arguments to dpkg, the test suite wouldn't work without it.
All these tests are run by autopkgtest, so hooray, automatic validation of
all our changes :)
[ Risks ]
I don't see any huge risk here. If there's a regression in the pdiff
changes, we'd fall back to fetching full files (again), if there's a
regression in the flaky test it could be more flaky; and the macro
wrapped in do ... while (0) is trivial.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
unblock apt/2.2.2
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
diff -Nru apt-2.2.1/apt-pkg/acquire-item.cc apt-2.2.2/apt-pkg/acquire-item.cc
--- apt-2.2.1/apt-pkg/acquire-item.cc 2021-03-01 22:27:55.0 +0100
+++ apt-2.2.2/apt-pkg/acquire-item.cc 2021-03-12 09:15:59.0 +0100
@@ -2564,26 +2564,16 @@
}
}
-
- bool foundStart = false;
- for (std::vector::iterator cur = available_patches.begin();
- cur != available_patches.end(); ++cur)
- {
- if (LocalHashes != cur->result_hashes)
- continue;
-
- available_patches.erase(available_patches.begin(), cur);
- foundStart = true;
- break;
- }
-
- if (foundStart == false || unlikely(available_patches.empty() == true))
{
- ErrorText = "Couldn't find the start of the patch series";
- return false;
- }
+ auto const foundStart = std::find_if(available_patches.rbegin(), available_patches.rend(),
+ [&](auto const &cur) { return LocalHashes == cur.result_hashes; });
+ if (foundStart == available_patches.rend() || unlikely(available_patches.empty()))
+ {
+ ErrorText = "Couldn't find the start of the patch series";
+ return false;
+ }
+ available_patches.erase(available_patches.begin(), std::prev(foundStart.base()));
- {
auto const patch = std::find_if(available_patches.cbegin(), available_patches.cend(), [](auto const &patch) {
return not patch.result_hashes.usable() ||
not patch.patch_hashes.usable() ||
@@ -3050,14 +3040,11 @@
State = StateErrorDiff;
return;
}
- std::string const PatchFile = GetMergeDiffsPatchFileName(UnpatchedFile, patch.file);
std::string const PatchedFile = GetKeepCompressedFileName(UncompressedUnpatchedFile, Target);
switch (State)
{
case StateFetchDiff:
- Rename(DestFile, PatchFile);
-
// check if this is the last completed diff
State = StateDoneDiff;
for (std::vector::const_iterator I = allPatches->begin();
@@ -3068,6 +3055,8 @@
std::clog << "Not the last done diff in the batch: " << Desc.URI << std::endl;
return;
}
+ for (auto * diff : *allPatches)
+ Rename(diff->DestFile, GetMergeDiffsPatchFileName(UnpatchedFile, diff->patch.file));
// this is the last completed diff, so we are ready to apply now
DestFile = GetKeepCompressedFileName(UncompressedUnpatchedFile + "-patched", Target);
if(Debug)
@@ -3098,8 +3087,8 @@
if(Debug)
std::clog << "allDone: " << DestFile << "\n" << std::endl;
return;
- case StateDoneDiff: _error->Fatal("Done called for %s which is in an invalid Done state", PatchFile.c_str()); break;
- case StateErrorDiff: _error->Fatal("Done called for %s which is in an invalid Error state", PatchFile.c_str()); break;
+ case StateDoneDiff: _error->Fatal("Done called for %s which is in an invalid Done state", patch.file.c_str()); break;
+ case StateErrorDiff: _error->Fatal("Done called for %s which is in an invalid Error state", patch.file.c_str()); break;
}
}
/*}}}*/
@@ -3188,8 +3177,8 @@
/* The only header we u
Processed: Re: Bug#984988: pre-approval: unblock: golang-1.15/1.15.9-1
Processing control commands: > tags -1 + confirmed Bug #984988 [release.debian.org] pre-approval: unblock: golang-1.15/1.15.9-1 Added tag(s) confirmed. -- 984988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984988 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#984988: pre-approval: unblock: golang-1.15/1.15.9-1
Control: tags -1 + confirmed
On 2021-03-12 00:04:15, Shengjing Zhu wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: z...@debian.org, team+go-compi...@tracker.debian.org
>
> Please unblock package golang-1.15
>
> [ Reason ]
> Upstream security release, only target fix is introduced.
> CVE-2021-27918: encoding/xml: infinite loop when using `xml.NewTokenDecoder`
> with a custom `TokenReader`.
> https://github.com/golang/go/issues/44913
>
> [ Impact ]
> Without this version, the Go compiler is vulnerable.
> However with the new undetermined Go security policy, this
> bug is classified as LOW (severity issues affect niche configurations,
> have very limited impact, or are already widely known).
> https://github.com/golang/go/issues/44918
>
> [ Tests ]
> + Upstream tests in source package.
> + Have manually test some Go packages.
>
> [ Risks ]
> + No autopkgtest
> + Diff is small
>
> [ Checklist ]
> [x] all changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in testing
>
> [ Other info ]
> If this package is blocked in unstable, all Go packages will be prevented
> from migrating to testing, due to the Built-Using thing..
> So I fill this pre-approval request. And if possible, reduce the age too.
>
> unblock golang-1.15/1.15.9-1
Assuming the uploads happens soon, please go ahead.
Cheers
>
>
> diff -Nru golang-1.15-1.15.8/debian/changelog
> golang-1.15-1.15.9/debian/changelog
> --- golang-1.15-1.15.8/debian/changelog 2021-02-15 23:19:39.0
> +0800
> +++ golang-1.15-1.15.9/debian/changelog 2021-03-11 23:43:18.0
> +0800
> @@ -1,3 +1,12 @@
> +golang-1.15 (1.15.9-1) unstable; urgency=medium
> +
> + * Team upload.
> + * New upstream version 1.15.9
> ++ encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a
> + custom `TokenReader`. CVE-2021-27918
> +
> + -- Shengjing Zhu Thu, 11 Mar 2021 23:43:18 +0800
> +
> golang-1.15 (1.15.8-4) unstable; urgency=medium
>
>* Team upload.
> diff -Nru golang-1.15-1.15.8/src/encoding/xml/xml.go
> golang-1.15-1.15.9/src/encoding/xml/xml.go
> --- golang-1.15-1.15.8/src/encoding/xml/xml.go2021-02-05
> 20:48:37.0 +0800
> +++ golang-1.15-1.15.9/src/encoding/xml/xml.go2021-03-10
> 22:29:35.0 +0800
> @@ -271,7 +271,7 @@
> // it will return an error.
> //
> // Token implements XML name spaces as described by
> -// https://www.w3.org/TR/REC-xml-names/. Each of the
> +// https://www.w3.org/TR/REC-xml-names/. Each of the
> // Name structures contained in the Token has the Space
> // set to the URL identifying its name space when known.
> // If Token encounters an unrecognized name space prefix,
> @@ -285,16 +285,17 @@
> if d.nextToken != nil {
> t = d.nextToken
> d.nextToken = nil
> - } else if t, err = d.rawToken(); err != nil {
> - switch {
> - case err == io.EOF && d.t != nil:
> - err = nil
> - case err == io.EOF && d.stk != nil && d.stk.kind != stkEOF:
> - err = d.syntaxError("unexpected EOF")
> + } else {
> + if t, err = d.rawToken(); t == nil && err != nil {
> + if err == io.EOF && d.stk != nil && d.stk.kind !=
> stkEOF {
> + err = d.syntaxError("unexpected EOF")
> + }
> + return nil, err
> }
> - return t, err
> + // We still have a token to process, so clear any
> + // errors (e.g. EOF) and proceed.
> + err = nil
> }
> -
> if !d.Strict {
> if t1, ok := d.autoClose(t); ok {
> d.nextToken = t
> diff -Nru golang-1.15-1.15.8/src/encoding/xml/xml_test.go
> golang-1.15-1.15.9/src/encoding/xml/xml_test.go
> --- golang-1.15-1.15.8/src/encoding/xml/xml_test.go 2021-02-05
> 20:48:37.0 +0800
> +++ golang-1.15-1.15.9/src/encoding/xml/xml_test.go 2021-03-10
> 22:29:35.0 +0800
> @@ -33,30 +33,90 @@
>
> func TestDecodeEOF(t *testing.T) {
> start := StartElement{Name: Name{Local: "test"}}
> - t.Run("EarlyEOF", func(t *testing.T) {
> - d := NewTokenDecoder(&toks{earlyEOF: true, t: []Token{
> - start,
> - start.End(),
> - }})
> - err := d.Decode(&struct {
> - XMLName Name `xml:"test"`
> - }{})
> - if err != nil {
> - t.Error(err)
> + tests := []struct {
> + name string
> + tokens []Token
> + ok bool
> + }{
> + {
> + name: "OK",
> + tokens: []Token{
> + start,
> + start.
Bug#985049: unblock: libgweather/3.36.1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libgweather
[ Reason ]
The provider of the weather data (yr.no/met.no) changed their API and we
need to use the new one.
There was also a request to reduce the precision of the coordinates sent
in the query to improve caching on their side.
[ Impact ]
The applications using libgweather (ie. gnome-weather, gnome-shell,...)
are not showing any weather data.
[ Tests ]
gnome-weather and gnome-shell now display the data.
[ Risks ]
The changes are quite straightforward and all patches have been
backported by Andreas from upstream git.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The provider has asked upstream to rename everything from yr.no to
met.no. Upstream renamed everything, including the name of constants in
the API, something we cannot do now due to the freeze.
https://gitlab.gnome.org/GNOME/libgweather/-/issues/59
unblock libgweather/3.36.1-2
diff -Nru libgweather-3.36.1/debian/changelog
libgweather-3.36.1/debian/changelog
--- libgweather-3.36.1/debian/changelog 2020-08-29 00:36:23.0 +0200
+++ libgweather-3.36.1/debian/changelog 2021-03-10 18:26:48.0 +0100
@@ -1,3 +1,18 @@
+libgweather (3.36.1-2) unstable; urgency=medium
+
+ [ Andreas Henriksson ]
+ * Add patches from upstream for yr.no->met.no API. These patches has been
+cherry-picked from upstream and modified to apply directly to the yrno
+backend (without renaming it to metno and breaking the API). (Closes:
+#983917)
+
+ [ Laurent Bigonville ]
+ * Only use 4 significant decimals for locations when sending the query.
+Patch from upstream. More precision is not needed and this helps to
+improve caching on the provider side and reduce their load.
+
+ -- Iain Lane Wed, 10 Mar 2021 17:26:48 +
+
libgweather (3.36.1-1) unstable; urgency=medium
* Team upload
diff -Nru libgweather-3.36.1/debian/libgweather-3-16.symbols
libgweather-3.36.1/debian/libgweather-3-16.symbols
--- libgweather-3.36.1/debian/libgweather-3-16.symbols 2020-08-29
00:36:23.0 +0200
+++ libgweather-3.36.1/debian/libgweather-3-16.symbols 2021-03-10
18:26:48.0 +0100
@@ -1,6 +1,7 @@
libgweather-3.so.16 libgweather-3-16 #MINVER#
* Build-Depends-Package: libgweather-3-dev
_gweather_location_reset_world@Base 3.32.0
+ _radians_to_degrees_str@Base 3.36.1-2~
gweather_conditions_to_string@Base 3.7.91
gweather_conditions_to_string_full@Base 3.25.91
gweather_distance_unit_get_type@Base 3.7.91
diff -Nru
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
---
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
1970-01-01 01:00:00.0 +0100
+++
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
2021-03-10 18:26:48.0 +0100
@@ -0,0 +1,179 @@
+From: Bastien Nocera
+Date: Thu, 7 Jan 2021 12:46:34 +0100
+Subject: gweather: Only use 4 significant decimals for locations
+
+1/1000th of a degree of longitude or latitude corresponds to around
+100 meters. There's no reason for the weather to be any more precise
+than this.
+
+See https://www.thoughtco.com/degree-of-latitude-and-longitude-distance-4070616
+
+Closes: #69
+---
+ libgweather/gweather-private.c | 21 -
+ libgweather/gweather-private.h | 3 +++
+ libgweather/test_libgweather.c | 16
+ libgweather/weather-iwin.c | 7 ---
+ libgweather/weather-owm.c | 7 ---
+ libgweather/weather-yrno.c | 7 ---
+ 6 files changed, 47 insertions(+), 14 deletions(-)
+
+diff --git a/libgweather/gweather-private.c b/libgweather/gweather-private.c
+index b214ad9..0ccc21b 100644
+--- a/libgweather/gweather-private.c
b/libgweather/gweather-private.c
+@@ -22,8 +22,19 @@
+
+ #include "gweather-private.h"
+
+-/*
+- There is no code here: the purpose of this header is so that
+- gnome-builder knows how to pick up the include flags to parse
+- gweather-private.h properly.
+-*/
++/* sign, 3 digits, separator, 4 decimals, nul-char */
++#define DEGREES_STR_SIZE (1 + 3 + 1 + 4 + 1)
++
++char *
++_radians_to_degrees_str (gdouble radians)
++{
++ char *str;
++ double degrees;
++
++ str = g_malloc0 (DEGREES_STR_SIZE);
++ /* Max 4 decimals */
++ degrees = (double) ((int) (RADIANS_TO_DEGREES (radians) * 1)) / 1;
++ /* Too many digits */
++ g_return_val_if_fail (degrees <= 1000 || degrees >= -1000, NULL);
++ return g_ascii_formatd (str, G_ASCII_DTOSTR_BUF_SIZE, "%g", degrees);
++}
+diff --git a/libgweather/gweather-private.h b/libgweather/gweather-private.h
+index ddf0a41..be73768 100644
+--- a/libgweath
Bug#985055: nmu: glasscoder_1.0.1-1~bpo10+1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu glasscoder_1.0.1-1~bpo10+1 . amd64 . buster-backports . -m "Rebuild in a clean buster(-backports) environment." The maintainer uploaded amd64 binaries depend on libgcc-s1. Andreas
Bug#985049: marked as done (unblock: libgweather/3.36.1-2)
Your message dated Fri, 12 Mar 2021 10:15:50 + with message-id and subject line unblock libgweather has caused the Debian Bug report #985049, regarding unblock: libgweather/3.36.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985049: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985049 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libgweather [ Reason ] The provider of the weather data (yr.no/met.no) changed their API and we need to use the new one. There was also a request to reduce the precision of the coordinates sent in the query to improve caching on their side. [ Impact ] The applications using libgweather (ie. gnome-weather, gnome-shell,...) are not showing any weather data. [ Tests ] gnome-weather and gnome-shell now display the data. [ Risks ] The changes are quite straightforward and all patches have been backported by Andreas from upstream git. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The provider has asked upstream to rename everything from yr.no to met.no. Upstream renamed everything, including the name of constants in the API, something we cannot do now due to the freeze. https://gitlab.gnome.org/GNOME/libgweather/-/issues/59 unblock libgweather/3.36.1-2 diff -Nru libgweather-3.36.1/debian/changelog libgweather-3.36.1/debian/changelog --- libgweather-3.36.1/debian/changelog 2020-08-29 00:36:23.0 +0200 +++ libgweather-3.36.1/debian/changelog 2021-03-10 18:26:48.0 +0100 @@ -1,3 +1,18 @@ +libgweather (3.36.1-2) unstable; urgency=medium + + [ Andreas Henriksson ] + * Add patches from upstream for yr.no->met.no API. These patches has been +cherry-picked from upstream and modified to apply directly to the yrno +backend (without renaming it to metno and breaking the API). (Closes: +#983917) + + [ Laurent Bigonville ] + * Only use 4 significant decimals for locations when sending the query. +Patch from upstream. More precision is not needed and this helps to +improve caching on the provider side and reduce their load. + + -- Iain Lane Wed, 10 Mar 2021 17:26:48 + + libgweather (3.36.1-1) unstable; urgency=medium * Team upload diff -Nru libgweather-3.36.1/debian/libgweather-3-16.symbols libgweather-3.36.1/debian/libgweather-3-16.symbols --- libgweather-3.36.1/debian/libgweather-3-16.symbols 2020-08-29 00:36:23.0 +0200 +++ libgweather-3.36.1/debian/libgweather-3-16.symbols 2021-03-10 18:26:48.0 +0100 @@ -1,6 +1,7 @@ libgweather-3.so.16 libgweather-3-16 #MINVER# * Build-Depends-Package: libgweather-3-dev _gweather_location_reset_world@Base 3.32.0 + _radians_to_degrees_str@Base 3.36.1-2~ gweather_conditions_to_string@Base 3.7.91 gweather_conditions_to_string_full@Base 3.25.91 gweather_distance_unit_get_type@Base 3.7.91 diff -Nru libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch --- libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch 1970-01-01 01:00:00.0 +0100 +++ libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch 2021-03-10 18:26:48.0 +0100 @@ -0,0 +1,179 @@ +From: Bastien Nocera +Date: Thu, 7 Jan 2021 12:46:34 +0100 +Subject: gweather: Only use 4 significant decimals for locations + +1/1000th of a degree of longitude or latitude corresponds to around +100 meters. There's no reason for the weather to be any more precise +than this. + +See https://www.thoughtco.com/degree-of-latitude-and-longitude-distance-4070616 + +Closes: #69 +--- + libgweather/gweather-private.c | 21 - + libgweather/gweather-private.h | 3 +++ + libgweather/test_libgweather.c | 16 + libgweather/weather-iwin.c | 7 --- + libgweather/weather-owm.c | 7 --- + libgweather/weather-yrno.c | 7 --- + 6 files changed, 47 insertions(+), 14 deletions(-) + +diff --git a/libgweather/gweather-private.c b/libgweather/gweather-private.c +index b214ad9..0ccc21b 100644 +--- a/libgweather/gweather-private.c b/libgweather/gweather-private.c +@@ -22,8 +22,19 @@ + + #include "gweather-private.h" + +-/* +- There is no code here: the purpo
Bug#985055: marked as done (nmu: glasscoder_1.0.1-1~bpo10+1)
Your message dated Fri, 12 Mar 2021 11:14:53 +0100 with message-id <20210312101451.ga6...@debian.org> and subject line Re: nmu: glasscoder_1.0.1-1~bpo10+1 has caused the Debian Bug report #985055, regarding nmu: glasscoder_1.0.1-1~bpo10+1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985055 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu glasscoder_1.0.1-1~bpo10+1 . amd64 . buster-backports . -m "Rebuild in a clean buster(-backports) environment." The maintainer uploaded amd64 binaries depend on libgcc-s1. Andreas --- End Message --- --- Begin Message --- Hi, On Fri, Mar 12, 2021 at 11:03:21AM +0100, Andreas Beckmann wrote: > nmu glasscoder_1.0.1-1~bpo10+1 . amd64 . buster-backports . -m "Rebuild in a > clean buster(-backports) environment." Scheduled. > The maintainer uploaded amd64 binaries depend on libgcc-s1. I Cc'ed the maintainer, so they are aware of the issue and can avoid it in the future. Cheers, Ivo--- End Message ---
Bug#985056: unblock: pygments/2.7.1+dfsg-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: team+pyt...@tracker.debian.org
Please unblock package pygments
[ Reason ]
Fixes CVE-2021-20270: infinite loop in the SML lexer
[ Impact ]
CPU exhaustion via crafted SML files in services using pygments
[ Tests ]
There's a simple test case in the upstream bug that I used to
verify that -1 is vulnerable (100% CPU usage) and -2 fixes the
issue.
[ Risks ]
Low risk: minimal change addressing a targeted issue via a patch,
worst case we can unapply the patch if a regression is found.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock pygments/2.7.1+dfsg-2
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (200, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-3-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru pygments-2.7.1+dfsg/debian/changelog
pygments-2.7.1+dfsg/debian/changelog
--- pygments-2.7.1+dfsg/debian/changelog2020-10-09 00:54:38.0
+0200
+++ pygments-2.7.1+dfsg/debian/changelog2021-03-12 10:54:46.0
+0100
@@ -1,3 +1,15 @@
+pygments (2.7.1+dfsg-2) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Sandro Tosi ]
+ * Use the new Debian Python Team contact name and address
+
+ [ Emilio Pozuelo Monfort ]
+ * CVE-2021-20270: infinite loop in the SML lexer (Closes: #984664).
+
+ -- Emilio Pozuelo Monfort Fri, 12 Mar 2021 10:54:46 +0100
+
pygments (2.7.1+dfsg-1) unstable; urgency=medium
[ Emmanuel Arias ]
diff -Nru pygments-2.7.1+dfsg/debian/control pygments-2.7.1+dfsg/debian/control
--- pygments-2.7.1+dfsg/debian/control 2020-10-09 00:54:38.0 +0200
+++ pygments-2.7.1+dfsg/debian/control 2021-03-12 10:54:46.0 +0100
@@ -2,7 +2,7 @@
Section: python
Priority: optional
Maintainer: Piotr Ożarowski
-Uploaders: Debian Python Modules Team
+Uploaders: Debian Python Team
Build-Depends: debhelper-compat (= 13)
Build-Depends-Indep: dh-python,
python3-all,
diff -Nru pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch
pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch
--- pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch 1970-01-01
01:00:00.0 +0100
+++ pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch 2021-03-12
10:54:46.0 +0100
@@ -0,0 +1,45 @@
+From f91804ff4772e3ab41f46e28d370f57898700333 Mon Sep 17 00:00:00 2001
+From: Georg Brandl
+Date: Thu, 10 Dec 2020 08:19:21 +0100
+Subject: [PATCH] fixes #1625: infinite loop in SML lexer
+
+Reason was a lookahead-only pattern which was included in the state
+where the lookahead was transitioning to.
+---
+ CHANGES | 8
+ pygments/lexers/ml.py | 12 ++--
+ 2 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/pygments/lexers/ml.py b/pygments/lexers/ml.py
+index 8ca8ce3eb..f2ac367c5 100644
+--- a/pygments/lexers/ml.py
b/pygments/lexers/ml.py
+@@ -142,7 +142,7 @@ def id_callback(self, match):
+ (r'#\s+(%s)' % symbolicid_re, Name.Label),
+ # Some reserved words trigger a special, local lexer state change
+ (r'\b(datatype|abstype)\b(?!\')', Keyword.Reserved, 'dname'),
+-(r'(?=\b(exception)\b(?!\'))', Text, ('ename')),
++(r'\b(exception)\b(?!\')', Keyword.Reserved, 'ename'),
+ (r'\b(functor|include|open|signature|structure)\b(?!\')',
+ Keyword.Reserved, 'sname'),
+ (r'\b(type|eqtype)\b(?!\')', Keyword.Reserved, 'tname'),
+@@ -315,15 +315,14 @@ def id_callback(self, match):
+ 'ename': [
+ include('whitespace'),
+
+-(r'(exception|and)\b(\s+)(%s)' % alphanumid_re,
++(r'(and\b)(\s+)(%s)' % alphanumid_re,
+ bygroups(Keyword.Reserved, Text, Name.Class)),
+-(r'(exception|and)\b(\s*)(%s)' % symbolicid_re,
++(r'(and\b)(\s*)(%s)' % symbolicid_re,
+ bygroups(Keyword.Reserved, Text, Name.Class)),
+ (r'\b(of)\b(?!\')', Keyword.Reserved),
++(r'(%s)|(%s)' % (alphanumid_re, symbolicid_re), Name.Class),
+
+-include('breakout'),
+-include('core'),
+-(r'\S+', Error),
++default('#pop'),
+ ],
+
+ 'datcon': [
diff -Nru pygments-2.7.1+dfsg/debian/patches/series
pygments-2.7.1+dfsg/debian/patches/series
--- pygments-2.7.1+dfsg/debian/patches/series 2020-10-09 00:54:38.0
+0200
+++ pygments-2.7.1+dfsg/debian/patches/series 2021-03-12 10:54:46.0
+0100
@@ -1,3 +1,4 @@
0002
Bug#985056: marked as done (unblock: pygments/2.7.1+dfsg-2)
Your message dated Fri, 12 Mar 2021 10:23:44 +
with message-id
and subject line unblock pygments
has caused the Debian Bug report #985056,
regarding unblock: pygments/2.7.1+dfsg-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
985056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: team+pyt...@tracker.debian.org
Please unblock package pygments
[ Reason ]
Fixes CVE-2021-20270: infinite loop in the SML lexer
[ Impact ]
CPU exhaustion via crafted SML files in services using pygments
[ Tests ]
There's a simple test case in the upstream bug that I used to
verify that -1 is vulnerable (100% CPU usage) and -2 fixes the
issue.
[ Risks ]
Low risk: minimal change addressing a targeted issue via a patch,
worst case we can unapply the patch if a regression is found.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock pygments/2.7.1+dfsg-2
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (200, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-3-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru pygments-2.7.1+dfsg/debian/changelog
pygments-2.7.1+dfsg/debian/changelog
--- pygments-2.7.1+dfsg/debian/changelog2020-10-09 00:54:38.0
+0200
+++ pygments-2.7.1+dfsg/debian/changelog2021-03-12 10:54:46.0
+0100
@@ -1,3 +1,15 @@
+pygments (2.7.1+dfsg-2) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Sandro Tosi ]
+ * Use the new Debian Python Team contact name and address
+
+ [ Emilio Pozuelo Monfort ]
+ * CVE-2021-20270: infinite loop in the SML lexer (Closes: #984664).
+
+ -- Emilio Pozuelo Monfort Fri, 12 Mar 2021 10:54:46 +0100
+
pygments (2.7.1+dfsg-1) unstable; urgency=medium
[ Emmanuel Arias ]
diff -Nru pygments-2.7.1+dfsg/debian/control pygments-2.7.1+dfsg/debian/control
--- pygments-2.7.1+dfsg/debian/control 2020-10-09 00:54:38.0 +0200
+++ pygments-2.7.1+dfsg/debian/control 2021-03-12 10:54:46.0 +0100
@@ -2,7 +2,7 @@
Section: python
Priority: optional
Maintainer: Piotr Ożarowski
-Uploaders: Debian Python Modules Team
+Uploaders: Debian Python Team
Build-Depends: debhelper-compat (= 13)
Build-Depends-Indep: dh-python,
python3-all,
diff -Nru pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch
pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch
--- pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch 1970-01-01
01:00:00.0 +0100
+++ pygments-2.7.1+dfsg/debian/patches/CVE-2021-20270.patch 2021-03-12
10:54:46.0 +0100
@@ -0,0 +1,45 @@
+From f91804ff4772e3ab41f46e28d370f57898700333 Mon Sep 17 00:00:00 2001
+From: Georg Brandl
+Date: Thu, 10 Dec 2020 08:19:21 +0100
+Subject: [PATCH] fixes #1625: infinite loop in SML lexer
+
+Reason was a lookahead-only pattern which was included in the state
+where the lookahead was transitioning to.
+---
+ CHANGES | 8
+ pygments/lexers/ml.py | 12 ++--
+ 2 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/pygments/lexers/ml.py b/pygments/lexers/ml.py
+index 8ca8ce3eb..f2ac367c5 100644
+--- a/pygments/lexers/ml.py
b/pygments/lexers/ml.py
+@@ -142,7 +142,7 @@ def id_callback(self, match):
+ (r'#\s+(%s)' % symbolicid_re, Name.Label),
+ # Some reserved words trigger a special, local lexer state change
+ (r'\b(datatype|abstype)\b(?!\')', Keyword.Reserved, 'dname'),
+-(r'(?=\b(exception)\b(?!\'))', Text, ('ename')),
++(r'\b(exception)\b(?!\')', Keyword.Reserved, 'ename'),
+ (r'\b(functor|include|open|signature|structure)\b(?!\')',
+ Keyword.Reserved, 'sname'),
+ (r'\b(type|eqtype)\b(?!\')', Keyword.Reserved, 'tname'),
+@@ -315,15 +315,14 @@ def id_callback(self, match):
+ 'ename': [
+ include('whitespace'),
+
+-(r'(exception|and)\b(\s+)(%s)' % alphanumid_re,
++(r'(and\b)(\s+)(%s)' % alphanumid_re,
+ bygroups(Keyword.Reserved, Text
Bug#985062: unblock: lxc-templates/3.0.4-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team,
Please unblock package lxc-templates from unstable to testing.
lxc-templates 3.0.4-5, which has just been accepted in unstable, fixes 3 bugs
that will be beneficial for the stability of the package in bullseye. I should
clearly state that none of these bugs are release critical.
The first bug is to add a Suggest to qemu-user-static.
The second is to add a missing Recommend that made lxc-debian template not
working since a patch I made in October.
The third and last is to fix some errors in some templates that could lead to
catastrophic rm in case of sigint spawned while installing a container for some
distributions (arch, centos, ...). It contains the patch 0004, which is the
reason this debdiff has some lines
Please don't hesitate if you need more intel.
Here is the debdiff:
diff -Nru lxc-templates-3.0.4/debian/changelog
lxc-templates-3.0.4/debian/changelog
--- lxc-templates-3.0.4/debian/changelog2020-10-17 22:42:34.0
+0200
+++ lxc-templates-3.0.4/debian/changelog2021-03-12 11:53:24.0
+0100
@@ -1,3 +1,18 @@
+lxc-templates (3.0.4-5) unstable; urgency=medium
+
+ [ Gianfranco Costamagna ]
+ * d/control:
+- Add Suggests: qemu-user-static (Closes: #973345)
+
+ [ Pierre-Elliott Bécue ]
+ * d/control:
+- Add distro-info to the Recommends of lxc-templates (Closes: #974569)
+- Bump Standards-Version to 4.5.1
+ * d/p/0004: fix path variable in some templates to avoid catastrophic rm
+(Closes: #839843)
+
+ -- Pierre-Elliott Bécue Fri, 12 Mar 2021 11:53:24 +0100
+
lxc-templates (3.0.4-4) unstable; urgency=medium
* d/patches/0002: Update lxc.debian template to document alternatives to the
diff -Nru lxc-templates-3.0.4/debian/control lxc-templates-3.0.4/debian/control
--- lxc-templates-3.0.4/debian/control 2020-10-17 22:42:34.0 +0200
+++ lxc-templates-3.0.4/debian/control 2021-03-12 11:53:22.0 +0100
@@ -4,7 +4,7 @@
Maintainer: pkg-lxc
Uploaders: Pierre-Elliott Bécue
Build-Depends: debhelper-compat (= 13)
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: https://linuxcontainers.org/
Vcs-Git: https://salsa.debian.org/lxc-team/lxc-templates.git
Vcs-Browser: https://salsa.debian.org/lxc-team/lxc-templates
@@ -17,11 +17,13 @@
busybox-static,
cloud-image-utils | cloud-utils,
debootstrap | cdebootstrap,
+distro-info,
mmdebstrap,
openssl,
rsync,
uuid-runtime,
xz-utils
+Suggests: qemu-user-static
Description: Linux Containers userspace tools (templates)
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
diff -Nru
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
---
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
1970-01-01 01:00:00.0 +0100
+++
lxc-templates-3.0.4/debian/patches/0004-Fixes-path-variable-in-some-templates.patch
2021-03-12 11:50:28.0 +0100
@@ -0,0 +1,180 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?=
+Date: Fri, 12 Mar 2021 11:50:00 +0100
+Subject: Fixes path variable in some templates
+
+The behaviour of the path variable is somewhat inconsistent with a
+relevant way of generating containers. path now points to a directory,
+where ${path}/${name} will be created and handle the new container's
+config/rootfs
+---
+ templates/lxc-archlinux.in | 8 +---
+ templates/lxc-centos.in| 6 --
+ templates/lxc-fedora-legacy.in | 8 +---
+ templates/lxc-fedora.in| 8 +---
+ templates/lxc-pld.in | 7 +--
+ templates/lxc-voidlinux.in | 8 +++-
+ 6 files changed, 31 insertions(+), 14 deletions(-)
+
+diff --git a/templates/lxc-archlinux.in b/templates/lxc-archlinux.in
+index f8d4ba0..afa2f11 100644
+--- a/templates/lxc-archlinux.in
b/templates/lxc-archlinux.in
+@@ -206,8 +206,8 @@ usage:
+ Mandatory args:
+ -n,--name container name, used to as an identifier for that
container from now on
+ Optional args:
+- -p,--path path to where the container rootfs will be created
(${default_path})
+- --rootfspath for actual container rootfs,
(${default_path}/rootfs)
++ -p,--path path the directory where the container directory will
be created (${default_path})
++ --rootfspath for actual container rootfs,
(${default_path}/{container_name}/rootfs)
+ -P,--packages preinstall additional packages, comma-separated list
+ -e,--enable_units enable systemd services, comma-separated list
+ -d,--disable_units disable systemd services, comma-separated list
+@@ -256,9 +256,11 @@ if [ ${?}
Bug#985063: unblock: lxcfs/3.0.3-2+deb10u1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team
Please do tell me if I can upload lxcfs 3.0.3-2+deb10u1 to stable.
A canonical employee reported a swap accounting bug that could make a
container look like it uses all the host's swap. The fix being minor,
I've designed a patch I'd like to have uploaded to stable.
The upload is not done yet, as I'd rather wait for your opinion.
The bug is already fixed in testing, as this patch has also been included in
lxcfs 4.
Thanks in advance!
diff -Nru lxcfs-3.0.3/debian/changelog lxcfs-3.0.3/debian/changelog
--- lxcfs-3.0.3/debian/changelog2018-12-09 22:06:41.0 +0100
+++ lxcfs-3.0.3/debian/changelog2021-03-12 12:17:23.0 +0100
@@ -1,3 +1,11 @@
+lxcfs (3.0.3-2+deb10u1) buster; urgency=medium
+
+ [ Kellen Renshaw ]
+ * d/p/0001 : Fix a misreport of swap being fully used due to a computation
+error (Closes: #955499)
+
+ -- Pierre-Elliott Bécue Fri, 12 Mar 2021 12:17:23 +0100
+
lxcfs (3.0.3-2) unstable; urgency=medium
* Add a call to dpkg-maintscript-helper rm_conffile to handle properly the
diff -Nru lxcfs-3.0.3/debian/gbp.conf lxcfs-3.0.3/debian/gbp.conf
--- lxcfs-3.0.3/debian/gbp.conf 2018-12-09 22:06:41.0 +0100
+++ lxcfs-3.0.3/debian/gbp.conf 2021-03-12 12:17:23.0 +0100
@@ -1,2 +1,3 @@
[DEFAULT]
pristine-tar = True
+debian-branch=debian/buster
diff -Nru
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
---
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
1970-01-01 01:00:00.0 +0100
+++
lxcfs-3.0.3/debian/patches/0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
2021-03-12 12:17:05.0 +0100
@@ -0,0 +1,26 @@
+From: Kellen Renshaw
+Date: Fri, 12 Mar 2021 12:16:47 +0100
+Subject: =?utf-8?q?bindings=3A_Adjusts_the_logic_for_calculating_SwapFree_t?=
+ =?utf-8?q?o_better_handle=E2=80=A6?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+… conditions where swap usage is reported to be <0.
+---
+ bindings.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings.c b/bindings.c
+index 5858c6d..fc89789 100644
+--- a/bindings.c
b/bindings.c
+@@ -3186,7 +3186,7 @@ static int proc_meminfo_read(char *buf, size_t size,
off_t offset,
+ printme = lbuf;
+ } else if (startswith(line, "SwapFree:") && memswlimit > 0 &&
memswusage > 0) {
+ unsigned long swaptotal = memswlimit,
+- swapusage = memswusage - memusage,
++ swapusage = memusage > memswusage ? 0 :
memswusage - memusage,
+ swapfree = swapusage < swaptotal ?
swaptotal - swapusage : 0;
+ snprintf(lbuf, 100, "SwapFree: %8lu kB\n",
swapfree);
+ printme = lbuf;
diff -Nru lxcfs-3.0.3/debian/patches/series lxcfs-3.0.3/debian/patches/series
--- lxcfs-3.0.3/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ lxcfs-3.0.3/debian/patches/series 2021-03-12 12:17:05.0 +0100
@@ -0,0 +1 @@
+0001-bindings-Adjusts-the-logic-for-calculating-SwapFree-.patch
unblock lxcfs/3.0.3-2+deb10u1
-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Processed: Re: Bug#985063: Acknowledgement (unblock: lxcfs/3.0.3-2+deb10u1)
Processing commands for cont...@bugs.debian.org: > usertags 985063 - unblock + pu User is p...@debian.org There were no usertags set. There are now no usertags set. > tags 985063 + buster Bug #985063 [release.debian.org] unblock: lxcfs/3.0.3-2+deb10u1 Added tag(s) buster. > retitle 985063 buster-pu: lxcfs/3.0.3-2+deb10u1 Bug #985063 [release.debian.org] unblock: lxcfs/3.0.3-2+deb10u1 Changed Bug title to 'buster-pu: lxcfs/3.0.3-2+deb10u1' from 'unblock: lxcfs/3.0.3-2+deb10u1'. > thanks Stopping processing here. Please contact me if you need assistance. -- 985063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#985063: Acknowledgement (unblock: lxcfs/3.0.3-2+deb10u1)
usertags 985063 - unblock + pu tags 985063 + buster retitle 985063 buster-pu: lxcfs/3.0.3-2+deb10u1 thanks Fixing my misqueuing. Le vendredi 12 mars 2021 à 11:45:03+, Debian Bug Tracking System a écrit : > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 985063: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > Your message has been sent to the package maintainer(s): > Debian Release Team > > If you wish to submit further information on this problem, please > send it to 985...@bugs.debian.org. > > Please do not send mail to ow...@bugs.debian.org unless you wish > to report a problem with the Bug-tracking system. > > -- > 985063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985063 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#985067: unblock: libint/1.2.1-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libint
This appears to be required because libint does not have autopkgtests, and will
make libint and psi4 transition.
unblock libint/1.2.1-5
-- System Information:
Debian Release: 10.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-13-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 32539f9..494cc22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,37 @@
+libint (1.2.1-5) unstable; urgency=medium
+
+ * Team upload
+ * Add Breaks on psi4 (<< 1:1.3.2+dfsg-1)
+
+ -- Graham Inggs Thu, 04 Mar 2021 14:25:43 +
+
+libint (1.2.1-4) unstable; urgency=medium
+
+ * debian/rules (override_dh_auto_configure): Increase angular momentum
+configure options by one.
+
+ -- Michael Banck Sun, 17 Jan 2021 18:50:04 +0100
+
+libint (1.2.1-3) unstable; urgency=medium
+
+ * debian/rules (override_dh_auto_configure): Set cmake's MAX_AM_ERI variable
+to 5 to be more in-line with the autotools build.
+ * debian/rules (override_dh_auto_configure): Add ENABLE_XHOST=OFF to cmake
+variables.
+ * debian/rules (override_dh_auto_install): Skip installing the cmake build.
+ * debian/libint-dev.install: Install the cmake files directly out of the
+build directory.
+ * debian/rules (override_dh_auto_configure): Add --with-pic to configure
+arguments.
+ * debian/control (Standards-Version): Bumped to 4.5.1.
+ * debian/compat: Bump to 11.
+ * debian/rules (override_dh_auto_install,override_dh_install): Targets
+removed.
+ * debian/libint1.install,debian/libint-dev.install: Update for multiarch
+libdir.
+
+ -- Michael Banck Sat, 16 Jan 2021 19:50:14 +0100
+
libint (1.2.1-2) unstable; urgency=medium
* debian/libint1.links: Reintroduce lib*-stable.so.1 as symlinks (Closes:
diff --git a/debian/compat b/debian/compat
index 45a4fb7..b4de394 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-8
+11
diff --git a/debian/control b/debian/control
index 5a6bc33..ad2769a 100644
--- a/debian/control
+++ b/debian/control
@@ -11,15 +11,16 @@ Build-Depends: autotools-dev (>> 20100122.1~),
texlive-base-bin,
texlive-font-utils,
texlive-latex-base
-Standards-Version: 3.9.4
+Standards-Version: 4.5.1
Homepage: http://sourceforge.net/p/libint/home/
-Vcs-Browser: http://anonscm.debian.org/viewvc/debichem/unstable/libint/
-Vcs-Svn: svn://anonscm.debian.org/debichem/unstable/libint/
+Vcs-Browser: https://salsa.debian.org/debichem-team/libint
+Vcs-Git: https://salsa.debian.org/debichem-team/libint.git
Package: libint1
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: psi4 (<< 1:1.3.2+dfsg-1)
Description: Evaluate the integrals in modern atomic and molecular theory
The LIBINT library is used to evaluate the traditional (electron repulsion)
and certain novel two-body matrix elements (integrals) over Cartesian
diff --git a/debian/libint-dev.install b/debian/libint-dev.install
index 103f8eb..42c016b 100644
--- a/debian/libint-dev.install
+++ b/debian/libint-dev.install
@@ -1,4 +1,5 @@
usr/include/*
-usr/lib/lib*.a
-usr/lib/lib*.so
-usr/share/cmake
+usr/lib/*/lib*.a
+usr/lib/*/lib*.so
+obj-*/stage/usr/share/cmake/Libint /usr/share/cmake
+obj-*/LibintConfig*cmake /usr/share/cmake/Libint
diff --git a/debian/libint1.install b/debian/libint1.install
index d0dbfd1..3ddde58 100644
--- a/debian/libint1.install
+++ b/debian/libint1.install
@@ -1 +1 @@
-usr/lib/lib*.so.*
+usr/lib/*/lib*.so.*
diff --git a/debian/rules b/debian/rules
index 0c58153..71bd4ef 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,29 +30,24 @@ override_dh_auto_configure:
--enable-deriv \
--enable-r12 \
--enable-debug=opt \
- --with-libint-max-am=5 \
- --with-libderiv-max-am1=4 \
- --with-libderiv-max-am2=3 \
+ --with-libint-max-am=6 \
+ --with-libderiv-max-am1=5 \
+ --with-libderiv-max-am2=4 \
--prefix=/usr \
--with-cc-optflags="$(CFLAGS) $(CPPFLAGS)" \
--with-cxx-optflags="$(CXXFLAGS) $(CPPFLAGS)" \
- --with-libdirs="$(LDFLAGS)"
+ --with-libdirs="$(LDFLAGS)" \
+ --with-pic
dh_auto_configure --buildsystem=cmake --\
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_INSTALL_LIBDIR=lib \
- -DMAX_AM_ERI=4
+ -DMAX_AM_ERI=6 \
Bug#984988: pre-approval: unblock: golang-1.15/1.15.9-1
On Fri, Mar 12, 2021 at 5:16 PM Sebastian Ramacher wrote: > > unblock golang-1.15/1.15.9-1 > > Assuming the uploads happens soon, please go ahead. > Thansk, it's has been uploaded and built on all arch. -- Shengjing Zhu
Bug#984988: marked as done (pre-approval: unblock: golang-1.15/1.15.9-1)
Your message dated Fri, 12 Mar 2021 16:57:54 +
with message-id
and subject line unblock golang-1.15
has caused the Debian Bug report #984988,
regarding pre-approval: unblock: golang-1.15/1.15.9-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
984988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984988
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: z...@debian.org, team+go-compi...@tracker.debian.org
Please unblock package golang-1.15
[ Reason ]
Upstream security release, only target fix is introduced.
CVE-2021-27918: encoding/xml: infinite loop when using `xml.NewTokenDecoder`
with a custom `TokenReader`.
https://github.com/golang/go/issues/44913
[ Impact ]
Without this version, the Go compiler is vulnerable.
However with the new undetermined Go security policy, this
bug is classified as LOW (severity issues affect niche configurations,
have very limited impact, or are already widely known).
https://github.com/golang/go/issues/44918
[ Tests ]
+ Upstream tests in source package.
+ Have manually test some Go packages.
[ Risks ]
+ No autopkgtest
+ Diff is small
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
If this package is blocked in unstable, all Go packages will be prevented
from migrating to testing, due to the Built-Using thing..
So I fill this pre-approval request. And if possible, reduce the age too.
unblock golang-1.15/1.15.9-1
diff -Nru golang-1.15-1.15.8/debian/changelog
golang-1.15-1.15.9/debian/changelog
--- golang-1.15-1.15.8/debian/changelog 2021-02-15 23:19:39.0 +0800
+++ golang-1.15-1.15.9/debian/changelog 2021-03-11 23:43:18.0 +0800
@@ -1,3 +1,12 @@
+golang-1.15 (1.15.9-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream version 1.15.9
++ encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a
+ custom `TokenReader`. CVE-2021-27918
+
+ -- Shengjing Zhu Thu, 11 Mar 2021 23:43:18 +0800
+
golang-1.15 (1.15.8-4) unstable; urgency=medium
* Team upload.
diff -Nru golang-1.15-1.15.8/src/encoding/xml/xml.go
golang-1.15-1.15.9/src/encoding/xml/xml.go
--- golang-1.15-1.15.8/src/encoding/xml/xml.go 2021-02-05 20:48:37.0
+0800
+++ golang-1.15-1.15.9/src/encoding/xml/xml.go 2021-03-10 22:29:35.0
+0800
@@ -271,7 +271,7 @@
// it will return an error.
//
// Token implements XML name spaces as described by
-// https://www.w3.org/TR/REC-xml-names/. Each of the
+// https://www.w3.org/TR/REC-xml-names/. Each of the
// Name structures contained in the Token has the Space
// set to the URL identifying its name space when known.
// If Token encounters an unrecognized name space prefix,
@@ -285,16 +285,17 @@
if d.nextToken != nil {
t = d.nextToken
d.nextToken = nil
- } else if t, err = d.rawToken(); err != nil {
- switch {
- case err == io.EOF && d.t != nil:
- err = nil
- case err == io.EOF && d.stk != nil && d.stk.kind != stkEOF:
- err = d.syntaxError("unexpected EOF")
+ } else {
+ if t, err = d.rawToken(); t == nil && err != nil {
+ if err == io.EOF && d.stk != nil && d.stk.kind !=
stkEOF {
+ err = d.syntaxError("unexpected EOF")
+ }
+ return nil, err
}
- return t, err
+ // We still have a token to process, so clear any
+ // errors (e.g. EOF) and proceed.
+ err = nil
}
-
if !d.Strict {
if t1, ok := d.autoClose(t); ok {
d.nextToken = t
diff -Nru golang-1.15-1.15.8/src/encoding/xml/xml_test.go
golang-1.15-1.15.9/src/encoding/xml/xml_test.go
--- golang-1.15-1.15.8/src/encoding/xml/xml_test.go 2021-02-05
20:48:37.0 +0800
+++ golang-1.15-1.15.9/src/encoding/xml/xml_test.go 2021-03-10
22:29:35.0 +0800
@@ -33,30 +33,90 @@
func TestDecodeEOF(t *testing.T) {
start := StartElement{Name: Name{Local: "test"}}
- t.Run("EarlyEOF", func(t *testing.T) {
- d := NewTokenDecoder(&toks{earlyEOF: true, t: []Token{
- start,
- start.End(),
- }})
- err := d.D
Bug#985067: marked as done (unblock: libint/1.2.1-5)
Your message dated Fri, 12 Mar 2021 18:26:03 +
with message-id
and subject line unblock libint
has caused the Debian Bug report #985067,
regarding unblock: libint/1.2.1-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
985067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985067
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libint
This appears to be required because libint does not have autopkgtests, and will
make libint and psi4 transition.
unblock libint/1.2.1-5
-- System Information:
Debian Release: 10.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-13-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 32539f9..494cc22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,37 @@
+libint (1.2.1-5) unstable; urgency=medium
+
+ * Team upload
+ * Add Breaks on psi4 (<< 1:1.3.2+dfsg-1)
+
+ -- Graham Inggs Thu, 04 Mar 2021 14:25:43 +
+
+libint (1.2.1-4) unstable; urgency=medium
+
+ * debian/rules (override_dh_auto_configure): Increase angular momentum
+configure options by one.
+
+ -- Michael Banck Sun, 17 Jan 2021 18:50:04 +0100
+
+libint (1.2.1-3) unstable; urgency=medium
+
+ * debian/rules (override_dh_auto_configure): Set cmake's MAX_AM_ERI variable
+to 5 to be more in-line with the autotools build.
+ * debian/rules (override_dh_auto_configure): Add ENABLE_XHOST=OFF to cmake
+variables.
+ * debian/rules (override_dh_auto_install): Skip installing the cmake build.
+ * debian/libint-dev.install: Install the cmake files directly out of the
+build directory.
+ * debian/rules (override_dh_auto_configure): Add --with-pic to configure
+arguments.
+ * debian/control (Standards-Version): Bumped to 4.5.1.
+ * debian/compat: Bump to 11.
+ * debian/rules (override_dh_auto_install,override_dh_install): Targets
+removed.
+ * debian/libint1.install,debian/libint-dev.install: Update for multiarch
+libdir.
+
+ -- Michael Banck Sat, 16 Jan 2021 19:50:14 +0100
+
libint (1.2.1-2) unstable; urgency=medium
* debian/libint1.links: Reintroduce lib*-stable.so.1 as symlinks (Closes:
diff --git a/debian/compat b/debian/compat
index 45a4fb7..b4de394 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-8
+11
diff --git a/debian/control b/debian/control
index 5a6bc33..ad2769a 100644
--- a/debian/control
+++ b/debian/control
@@ -11,15 +11,16 @@ Build-Depends: autotools-dev (>> 20100122.1~),
texlive-base-bin,
texlive-font-utils,
texlive-latex-base
-Standards-Version: 3.9.4
+Standards-Version: 4.5.1
Homepage: http://sourceforge.net/p/libint/home/
-Vcs-Browser: http://anonscm.debian.org/viewvc/debichem/unstable/libint/
-Vcs-Svn: svn://anonscm.debian.org/debichem/unstable/libint/
+Vcs-Browser: https://salsa.debian.org/debichem-team/libint
+Vcs-Git: https://salsa.debian.org/debichem-team/libint.git
Package: libint1
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: psi4 (<< 1:1.3.2+dfsg-1)
Description: Evaluate the integrals in modern atomic and molecular theory
The LIBINT library is used to evaluate the traditional (electron repulsion)
and certain novel two-body matrix elements (integrals) over Cartesian
diff --git a/debian/libint-dev.install b/debian/libint-dev.install
index 103f8eb..42c016b 100644
--- a/debian/libint-dev.install
+++ b/debian/libint-dev.install
@@ -1,4 +1,5 @@
usr/include/*
-usr/lib/lib*.a
-usr/lib/lib*.so
-usr/share/cmake
+usr/lib/*/lib*.a
+usr/lib/*/lib*.so
+obj-*/stage/usr/share/cmake/Libint /usr/share/cmake
+obj-*/LibintConfig*cmake /usr/share/cmake/Libint
diff --git a/debian/libint1.install b/debian/libint1.install
index d0dbfd1..3ddde58 100644
--- a/debian/libint1.install
+++ b/debian/libint1.install
@@ -1 +1 @@
-usr/lib/lib*.so.*
+usr/lib/*/lib*.so.*
diff --git a/debian/rules b/debian/rules
index 0c58153..71bd4ef 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,29 +30,24 @@ override_dh_auto_configure:
--enable-deriv \
--enable-r12 \
--enable-debug=opt \
- --with-libin
Bug#985098: unblock: glib2.0/2.66.7-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package glib2.0 [ Reason ] Fix a symlink attack in file-roller (CVE-2021-28153) [ Impact ] Unpacking a malicious archive with file-roller (or other users of the gnome-autoar library) could result in creation of an empty regular file in an attacker-controlled location. Other code that uses a specific GLib API call to replace a dangling symlink with a regular file could be affected similarly. (This has a CVE ID, but is not *that* serious: arbitrary file overwrite doesn't seem to be possible.) [ Tests ] The proposed patch includes new test coverage, which gets run at build-time and in the autopkgtests. I also tried the proof-of-concept provided on the upstream bug, which now fails. [ Risks ] This is a key package and a dependency of many high-visibility packages, but the changes are reasonably straightforward, have test coverage and have been reviewed. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock glib2.0/2.66.7-2
Bug#985096: unblock: systemd/247.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org, debian-b...@lists.debian.org, k...@debian.org Please unblock package systemd I'd like to see systemd 247.3 unblocked. It contains a number of fixes which are not critical but which I consider polishing. Given the importance of the systemd package, I think those changes are worthwile. An annotated changelog follows: systemd (247.3-3) unstable; urgency=medium * pkg-config: make prefix overridable again (Closes: #984763) https://salsa.debian.org/systemd-team/systemd/-/commit/deaf89e4cbb5d1347a1e17f782df2e56ee58e42c cherry-pick from upstream, low risk change, was explicitly requested for development environments like jhbuild * Downgrade a couple of warnings to debug. If a package still ships only a SysV init script or if a service file or tmpfile uses /var/run, downgrade those messages to debug. We can use lintian to detect those issues. For service files and tmpfiles in /etc, keep the warning, as those files are typically added locally and aren't checked by lintian. (Closes: #981407) https://salsa.debian.org/systemd-team/systemd/-/commit/0c6d90f783093fc255e529f8a33b2ed2a8e6c2d6 given that it only downgrades a couple of warnings, low regression potential. * core: fix mtime calculation of dropin files (Closes: #975289) https://salsa.debian.org/systemd-team/systemd/-/commit/39391c55cf5cee23f934e8ee29c9613ff4d33ed0 cherry-pick from upstream, probably the highest regression potential from all changes. Fixes an annoying issue where systemd would incorrectly report, that a .service file with .drop-in config was modified on disk and requires a daemon-reload. * analyze: slightly reword PrivateTmp= message (Closes: #931753) https://salsa.debian.org/systemd-team/systemd/-/commit/2ab3ec0387b12be15a2b61d3edc90929ec64d6a2 cherry-pick from upstream, trivial documentation update * rules: move ID_SMARTCARD_READER definition to a <70 configuration (Closes: #978011) https://salsa.debian.org/systemd-team/systemd/-/commit/7d68acb67f2ff402fb764664a3b686ff7df424ae cherry-pick from upstream, trivial change * table: drop trailing white spaces of the last cell in row (Closes: #980820) https://salsa.debian.org/systemd-team/systemd/-/commit/7018915f046893bb013ac7fa09f3c95824e3cbc3 cherry-pick from upstream, fixes a regression compared to v241, i.e. the current version in buster. It's more of a cosmetic issue, but the change is rather small and if by chance it helps to fix scripts which parse the output of systemd's tools, then it's probably worthwile to have this change. -- Michael Biebl Sat, 06 Mar 2021 22:32:14 +0100 We run a rather extensive test-suite and a we also have a lot of reverse dependencies which were triggered by the upload, so the chances of a (major) regression are small. Full debdiff is attached. I've CCed kibi/debian-boot, since we build a udeb. Thanks for considering. If there are chances above which you don't consider appropriate, please let me know and I will revert them in a -4 upload. Regards, Michael unblock systemd/247.3-3 diff --git a/debian/changelog b/debian/changelog index d1b21bb..0588fec 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,37 @@ +systemd (247.3-3) unstable; urgency=medium + + * pkg-config: make prefix overridable again (Closes: #984763) + * Revert "units: turn off DNSSEC validation when timesyncd resolves +hostnames" +Support for SYSTEMD_NSS_RESOLVE_VALIDATE=0 requires the changes from +https://github.com/systemd/systemd/pull/17823 for the dnssec bypass +logic. Those are rather invasive changes and not suitable for a stable +backport. + + -- Michael Biebl Thu, 11 Mar 2021 18:09:35 +0100 + +systemd (247.3-2) unstable; urgency=medium + + * Downgrade a couple of warnings to debug. +If a package still ships only a SysV init script or if a service file or +tmpfile uses /var/run, downgrade those messages to debug. We can use +lintian to detect those issues. +For service files and tmpfiles in /etc, keep the warning, as those files +are typically added locally and aren't checked by lintian. +(Closes: #981407) + * core: fix mtime calculation of dropin files +(Closes: #975289) + * analyze: slightly reword PrivateTmp= message +(Closes: #931753) + * rules: move ID_SMARTCARD_READER definition to a <70 configuration +(Closes: #978011) + * units: turn off DNSSEC validation when timesyncd resolves hostnames +(Closes: #898530) + * table: drop trailing white spaces of the last cell in row +(Closes: #980820) + + -- Michael Biebl Sat, 06 Mar 2021 22:32:14 +0100 + systemd (247.3-1) unstable; urgency=medium [ Michael Biebl ] diff --git a/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch b/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch new fil
Bug#985098: unblock: glib2.0/2.66.7-2
On Fri, 12 Mar 2021 at 19:59:36 +, Simon McVittie wrote:
> [x] attach debdiff against the package in testing
Ugh, sorry, see attached.
smcv
diffstat for glib2.0-2.66.7 glib2.0-2.66.7
changelog | 17
patches/glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch | 50 +
patches/glocalfileoutputstream-Factor-out-a-flag-check.patch| 51 +
patches/glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATION-wit.patch | 283 ++
patches/glocalfileoutputstream-Fix-a-typo-in-a-comment.patch| 23
patches/series |5
patches/tests-Stop-using-g_test_bug_base-in-file-tests.patch| 38 +
7 files changed, 465 insertions(+), 2 deletions(-)
diff -Nru glib2.0-2.66.7/debian/changelog glib2.0-2.66.7/debian/changelog
--- glib2.0-2.66.7/debian/changelog 2021-02-11 17:08:14.0 +
+++ glib2.0-2.66.7/debian/changelog 2021-03-11 10:23:38.0 +
@@ -1,9 +1,22 @@
+glib2.0 (2.66.7-2) unstable; urgency=medium
+
+ * d/changelog: Add bug numbers for integer overflows in previous versions
+ * Add patches to fix a symlink attack affecting file-roller.
+When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
+replace a path that is a dangling symlink, previously it would have also
+created the target of the symlink as an empty file, which could
+conceivably be security-sensitive if the symlink is attacker-controlled.
+(Closes: #984969)
+
+ -- Simon McVittie Thu, 11 Mar 2021 10:23:38 +
+
glib2.0 (2.66.7-1) unstable; urgency=high
* New upstream release
- Fix another regression caused by the GHSL-2021-045 fixes in 2.66.6
- Warn and fail on integer overflow in g_byte_array_new_take()
- for arrays larger than G_MAXUINT (similar to GHSL-2021-045)
+ for arrays larger than G_MAXUINT
+ (Closes: #982779; similar to GHSL-2021-045)
- Disallow using currently-undefined D-Bus connection or server flags,
to prevent forward-compatibility problems with new security-sensitive
flags that are likely to be introduced in GLib 2.68
@@ -28,7 +41,7 @@
* New upstream release
- Fix various integer overflows, some of them potentially exploitable
- (GHSL-2021-045)
+ (Closes: #982778, GHSL-2021-045)
-- Simon McVittie Thu, 04 Feb 2021 20:24:20 +
diff -Nru glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch
--- glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch 1970-01-01 01:00:00.0 +0100
+++ glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch 2021-03-11 10:23:38.0 +
@@ -0,0 +1,50 @@
+From: Philip Withnall
+Date: Wed, 24 Feb 2021 17:42:24 +
+Subject: glocalfileoutputstream: Add a missing O_CLOEXEC flag to replace()
+
+Signed-off-by: Philip Withnall
+Origin: upstream, 2.66.8, commit:6c643926
+---
+ gio/glocalfileoutputstream.c | 15 ---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
+index a2c7e3c..4c512ea 100644
+--- a/gio/glocalfileoutputstream.c
b/gio/glocalfileoutputstream.c
+@@ -63,6 +63,12 @@
+ #define O_BINARY 0
+ #endif
+
++#ifndef O_CLOEXEC
++#define O_CLOEXEC 0
++#else
++#define HAVE_O_CLOEXEC 1
++#endif
++
+ struct _GLocalFileOutputStreamPrivate {
+ char *tmp_filename;
+ char *original_filename;
+@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char*filename,
+ sync_on_close = FALSE;
+
+ /* If the file doesn't exist, create it */
+- open_flags = O_CREAT | O_EXCL | O_BINARY;
++ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
+ if (readable)
+ open_flags |= O_RDWR;
+ else
+@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char*filename,
+ set_error_from_open_errno (filename, error);
+ return NULL;
+ }
+-
+-
++#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
++ else
++fcntl (fd, F_SETFD, FD_CLOEXEC);
++#endif
++
+ stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
+ stream->priv->fd = fd;
+ stream->priv->sync_on_close = sync_on_close;
diff -Nru glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Factor-out-a-flag-check.patch glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Factor-out-a-flag-check.patch
--- glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Factor-out-a-flag-check.patch 1970-01-01 01:00:00.0 +0100
+++ glib2.0-2.66.7/debian/patches/glocalfileoutputstream-Factor-out-a-flag-check.patch 2021-03-11 10:23:38.0 +
@@ -0,0 +1,51 @@
+From: Philip Withnall
+Date: Wed, 10 Mar 2021 16:05:55 +
+Subject: glocalfileoutputstream: Factor out a flag c
T’y yy
Sent from my iPhone
Bug#985114: unblock: sendmail/8.15.2-21
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package sendmail
[ Reason ]
This version of sendmail fixes a reproducible builds issue with build
paths, updates the lintian overrides, minor packaging updates and
spelling fixes.
[ Impact ]
Removes only known reproducibility issues for sendmail.
[ Tests ]
None.
[ Risks ]
The changes are trivial, mostly affecting documentation, lintian
overrides, and spelling.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This is a QA package and I did not perform the upload, though was
asked to file the unblock request regarding the reproducible builds
issue.
unblock sendmail/8.15.2-21
live well,
vagrant
diff -Nru sendmail-8.15.2/debian/cf/Makefile.am sendmail-8.15.2/debian/cf/Makefile.am
--- sendmail-8.15.2/debian/cf/Makefile.am 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/cf/Makefile.am 2021-03-03 03:03:42.0 -0800
@@ -35,6 +35,7 @@
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/Build;
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/Makefile;
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/*.cf;
+ $(RM) ${DESTDIR}${pkgdatadir}/cf/cf/README
for dir in ${CF_DIRS}; do \
$(INSTALL) -d ${DESTDIR}${pkgdatadir}/cf/$$dir; \
find $$dir -type f -name '*.mc' -o -name '*.m4' \
diff -Nru sendmail-8.15.2/debian/changelog sendmail-8.15.2/debian/changelog
--- sendmail-8.15.2/debian/changelog 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/changelog 2021-03-03 03:03:42.0 -0800
@@ -1,3 +1,16 @@
+sendmail (8.15.2-21) unstable; urgency=medium
+
+ * QA upload.
+ * Make the build reproducible, thanks to Vagrant Cascadian.
+(Closes: #983902)
+ * Move amavis documentation to /usr/share/doc/sendmail.
+ * Bump watch version to 4. No changes needed.
+ * Update to Standards-Version: 4.5.1.
+ * Fix more typos found by Lintian.
+ * Update Lintian overrides.
+
+ -- Andreas Beckmann Wed, 03 Mar 2021 12:03:42 +0100
+
sendmail (8.15.2-20) unstable; urgency=medium
* QA upload.
diff -Nru sendmail-8.15.2/debian/configure.ac sendmail-8.15.2/debian/configure.ac
--- sendmail-8.15.2/debian/configure.ac 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/configure.ac 2021-03-03 03:03:42.0 -0800
@@ -1482,7 +1482,6 @@
fi;
])
AC_CONFIG_FILES([libmilter${sm_libmilter_version}.install:libmilter.install.in])
-AC_CONFIG_FILES([libmilter${sm_libmilter_version}.lintian-overrides:libmilter.lintian-overrides.in])
AC_CONFIG_FILES([libmilter${sm_libmilter_version}.symbols:libmilter.symbols.in])
AC_CONFIG_FILES([milter.pc])
AC_CONFIG_FILES([sendmail-base.dirs])
diff -Nru sendmail-8.15.2/debian/control sendmail-8.15.2/debian/control
--- sendmail-8.15.2/debian/control 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/control 2021-03-03 03:03:42.0 -0800
@@ -16,7 +16,7 @@
bind-dev,
fakeroot (<< 0.4.5),
Rules-Requires-Root: binary-targets
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: http://www.sendmail.org
Vcs-Browser: https://salsa.debian.org/debian/sendmail
Vcs-Git: https://salsa.debian.org/debian/sendmail.git
diff -Nru sendmail-8.15.2/debian/control.in sendmail-8.15.2/debian/control.in
--- sendmail-8.15.2/debian/control.in 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/control.in 2021-03-03 03:03:42.0 -0800
@@ -16,7 +16,7 @@
bind-dev,
fakeroot (<< 0.4.5),
Rules-Requires-Root: binary-targets
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: http://www.sendmail.org
Vcs-Browser: https://salsa.debian.org/debian/sendmail
Vcs-Git: https://salsa.debian.org/debian/sendmail.git
diff -Nru sendmail-8.15.2/debian/copyright sendmail-8.15.2/debian/copyright
--- sendmail-8.15.2/debian/copyright 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/copyright 2021-03-03 03:03:42.0 -0800
@@ -12,7 +12,7 @@
Copyright: Robert Leslie
1997-1998 Johnie Ingram
1998-2010 Richard A Nelson
- © 2012-2020 Andreas Beckmann
+ © 2012-2021 Andreas Beckmann
License: other-Sendmail
License: other-Sendmail
diff -Nru sendmail-8.15.2/debian/examples/Makefile.am sendmail-8.15.2/debian/examples/Makefile.am
--- sendmail-8.15.2/debian/examples/Makefile.am 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/examples/Makefile.am 2021-03-03 03:03:42.0 -0800
@@ -30,9 +30,10 @@
# Shipped data
#
# Installed example subdirectories
-EXAMPLES_DIRS = amavis db dhcp \
+EXAMPLES_DIRS = db dhcp \
ldap logcheck milter network \
pam.d ppp resolvconf sasl tls
+EXAMPLES_DOCS_DIRS = amavis
#
# Sigh... I wanted to use sysconf_SCRIPTS, but automake says NO!
nobase_dist_sysconf_DATA = dhcp/dhclient-exit-hooks.d/sendmail \
@@ -53,7 +54,13 @@
! -name '*.in' -a ! -name '*.am'
Bug#985115: buster-pu: package iputils/3:20180629-2+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
I'd like to update iputils in buster to address important bugs in the
iputils-ping and iputils-tracepath binary packages:
* #976277: iputils-tracepath: destination address of ipv6 probes is cut
off after the first 64 bits. This basically makes tracepath useless for
IPv6.
* #920434: ping does not round correctly. This causing ping to report
incorrect timing results in some cases.
Both are upstream issues that have since been fixed in the upstream
repositories and in bullseye.
The proposed debdiff is attached.
noah
diff -Nru iputils-20180629/debian/changelog iputils-20180629/debian/changelog
--- iputils-20180629/debian/changelog 2020-01-13 15:29:01.0 -0800
+++ iputils-20180629/debian/changelog 2021-03-08 11:46:59.0 -0800
@@ -1,3 +1,11 @@
+iputils (3:20180629-2+deb10u2) buster; urgency=medium
+
+ * Backport upstream fix for ping rounding errors (Closes: #920434)
+ * Backport upstream fix for tracepath target corruption
+(Closes: #976277)
+
+ -- Noah Meyerhans Mon, 08 Mar 2021 11:46:59 -0800
+
iputils (3:20180629-2+deb10u1) buster; urgency=medium
* Incorporate patches from Benjamin Poirier to
diff -Nru
iputils-20180629/debian/patches/bug-920434-Backport-timing-fixes-from-upstream.patch
iputils-20180629/debian/patches/bug-920434-Backport-timing-fixes-from-upstream.patch
---
iputils-20180629/debian/patches/bug-920434-Backport-timing-fixes-from-upstream.patch
1969-12-31 16:00:00.0 -0800
+++
iputils-20180629/debian/patches/bug-920434-Backport-timing-fixes-from-upstream.patch
2021-03-08 11:33:32.0 -0800
@@ -0,0 +1,39 @@
+From: Noah Meyerhans
+Description: Backport ping timing fixes from upstream
+Bug-Debian: https://bugs.debian.org/920434
+
+---
+ ping_common.c | 18 +-
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+Index: iputils/ping_common.c
+===
+--- iputils.orig/ping_common.c
iputils/ping_common.c
+@@ -853,17 +853,17 @@ restamp:
+ return 1;
+ }
+ if (timing) {
+- if (triptime >= 10)
+- printf(" time=%ld ms", (triptime+500)/1000);
+- else if (triptime >= 1)
+- printf(" time=%ld.%01ld ms", triptime/1000,
+- ((triptime%1000)+50)/100);
++ if (triptime >= 10 - 50)
++ printf(" time=%ld ms", (triptime + 500) / 1000);
++ else if (triptime >= 1 - 5)
++ printf(" time=%ld.%01ld ms", (triptime + 50) /
1000,
++ ((triptime + 50) % 1000) / 100);
+ else if (triptime >= 1000)
+- printf(" time=%ld.%02ld ms", triptime/1000,
+- ((triptime%1000)+5)/10);
++ printf(" time=%ld.%02ld ms", (triptime + 5) /
1000,
++ ((triptime + 5) % 1000) / 10);
+ else
+- printf(" time=%ld.%03ld ms", triptime/1000,
+- triptime%1000);
++ printf(" time=%ld.%03ld ms", triptime / 1000,
++ triptime % 1000);
+ }
+ if (dupflag)
+ printf(" (DUP!)");
diff -Nru
iputils-20180629/debian/patches/bug-976277-tracepath-dont-truncate-destination.patch
iputils-20180629/debian/patches/bug-976277-tracepath-dont-truncate-destination.patch
---
iputils-20180629/debian/patches/bug-976277-tracepath-dont-truncate-destination.patch
1969-12-31 16:00:00.0 -0800
+++
iputils-20180629/debian/patches/bug-976277-tracepath-dont-truncate-destination.patch
2021-03-08 11:46:59.0 -0800
@@ -0,0 +1,21 @@
+From: Noah Meyerhans
+Description: backport tracepath bug fix from upstram
+Bug-Debian: https://bugs.debian.org/976277
+
+---
+ tracepath.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: iputils/tracepath.c
+===
+--- iputils.orig/tracepath.c
iputils/tracepath.c
+@@ -475,7 +475,7 @@ int main(int argc, char **argv)
+ fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (fd < 0)
+ continue;
+- memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr));
++ memcpy(&target, ai->ai_addr, ai->ai_addrlen);
+ targetlen = ai->ai_addrlen;
+ break;
+ }
diff -Nru iputils-20180629/debian/patches/series
iputils-20180629/debian/patches/series
--- iputils-20180629/debian/patches/series 2020-01-13 15
Bug#985098: marked as done (unblock: glib2.0/2.66.7-2)
Your message dated Fri, 12 Mar 2021 23:34:42 + with message-id and subject line unblock glib2.0 has caused the Debian Bug report #985098, regarding unblock: glib2.0/2.66.7-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985098: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985098 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package glib2.0 [ Reason ] Fix a symlink attack in file-roller (CVE-2021-28153) [ Impact ] Unpacking a malicious archive with file-roller (or other users of the gnome-autoar library) could result in creation of an empty regular file in an attacker-controlled location. Other code that uses a specific GLib API call to replace a dangling symlink with a regular file could be affected similarly. (This has a CVE ID, but is not *that* serious: arbitrary file overwrite doesn't seem to be possible.) [ Tests ] The proposed patch includes new test coverage, which gets run at build-time and in the autopkgtests. I also tried the proof-of-concept provided on the upstream bug, which now fails. [ Risks ] This is a key package and a dependency of many high-visibility packages, but the changes are reasonably straightforward, have test coverage and have been reviewed. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock glib2.0/2.66.7-2 --- End Message --- --- Begin Message --- Unblocked glib2.0.--- End Message ---
Bug#985114: marked as done (unblock: sendmail/8.15.2-21)
Your message dated Fri, 12 Mar 2021 23:36:50 +
with message-id
and subject line unblock sendmail
has caused the Debian Bug report #985114,
regarding unblock: sendmail/8.15.2-21
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
985114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package sendmail
[ Reason ]
This version of sendmail fixes a reproducible builds issue with build
paths, updates the lintian overrides, minor packaging updates and
spelling fixes.
[ Impact ]
Removes only known reproducibility issues for sendmail.
[ Tests ]
None.
[ Risks ]
The changes are trivial, mostly affecting documentation, lintian
overrides, and spelling.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This is a QA package and I did not perform the upload, though was
asked to file the unblock request regarding the reproducible builds
issue.
unblock sendmail/8.15.2-21
live well,
vagrant
diff -Nru sendmail-8.15.2/debian/cf/Makefile.am sendmail-8.15.2/debian/cf/Makefile.am
--- sendmail-8.15.2/debian/cf/Makefile.am 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/cf/Makefile.am 2021-03-03 03:03:42.0 -0800
@@ -35,6 +35,7 @@
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/Build;
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/Makefile;
$(RM) ${DESTDIR}${pkgdatadir}/cf/cf/*.cf;
+ $(RM) ${DESTDIR}${pkgdatadir}/cf/cf/README
for dir in ${CF_DIRS}; do \
$(INSTALL) -d ${DESTDIR}${pkgdatadir}/cf/$$dir; \
find $$dir -type f -name '*.mc' -o -name '*.m4' \
diff -Nru sendmail-8.15.2/debian/changelog sendmail-8.15.2/debian/changelog
--- sendmail-8.15.2/debian/changelog 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/changelog 2021-03-03 03:03:42.0 -0800
@@ -1,3 +1,16 @@
+sendmail (8.15.2-21) unstable; urgency=medium
+
+ * QA upload.
+ * Make the build reproducible, thanks to Vagrant Cascadian.
+(Closes: #983902)
+ * Move amavis documentation to /usr/share/doc/sendmail.
+ * Bump watch version to 4. No changes needed.
+ * Update to Standards-Version: 4.5.1.
+ * Fix more typos found by Lintian.
+ * Update Lintian overrides.
+
+ -- Andreas Beckmann Wed, 03 Mar 2021 12:03:42 +0100
+
sendmail (8.15.2-20) unstable; urgency=medium
* QA upload.
diff -Nru sendmail-8.15.2/debian/configure.ac sendmail-8.15.2/debian/configure.ac
--- sendmail-8.15.2/debian/configure.ac 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/configure.ac 2021-03-03 03:03:42.0 -0800
@@ -1482,7 +1482,6 @@
fi;
])
AC_CONFIG_FILES([libmilter${sm_libmilter_version}.install:libmilter.install.in])
-AC_CONFIG_FILES([libmilter${sm_libmilter_version}.lintian-overrides:libmilter.lintian-overrides.in])
AC_CONFIG_FILES([libmilter${sm_libmilter_version}.symbols:libmilter.symbols.in])
AC_CONFIG_FILES([milter.pc])
AC_CONFIG_FILES([sendmail-base.dirs])
diff -Nru sendmail-8.15.2/debian/control sendmail-8.15.2/debian/control
--- sendmail-8.15.2/debian/control 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/control 2021-03-03 03:03:42.0 -0800
@@ -16,7 +16,7 @@
bind-dev,
fakeroot (<< 0.4.5),
Rules-Requires-Root: binary-targets
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: http://www.sendmail.org
Vcs-Browser: https://salsa.debian.org/debian/sendmail
Vcs-Git: https://salsa.debian.org/debian/sendmail.git
diff -Nru sendmail-8.15.2/debian/control.in sendmail-8.15.2/debian/control.in
--- sendmail-8.15.2/debian/control.in 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/control.in 2021-03-03 03:03:42.0 -0800
@@ -16,7 +16,7 @@
bind-dev,
fakeroot (<< 0.4.5),
Rules-Requires-Root: binary-targets
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: http://www.sendmail.org
Vcs-Browser: https://salsa.debian.org/debian/sendmail
Vcs-Git: https://salsa.debian.org/debian/sendmail.git
diff -Nru sendmail-8.15.2/debian/copyright sendmail-8.15.2/debian/copyright
--- sendmail-8.15.2/debian/copyright 2020-07-06 16:44:51.0 -0700
+++ sendmail-8.15.2/debian/copyright 2021-03-03 03:03:42.0 -0800
@@ -12,7 +12,7 @@
Copyright: Robert Leslie
1997-1998 Johnie Ingram
1998-2010 Richard A Nelson
- © 2012-2020 Andreas Beckmann
+
