Bug#998390: buster-pu: package ruby-activeldap/5.2.2-2+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
There is an open bug report about ruby-activeldap missing a dependency on
ruby-builder. This issue is only present in Buster and the fix is quite easy.
Please consider this minor update.
https://bugs.debian.org/982522
[ Impact ]
The user has to manually install ruby-builder to be able to use
ruby-activeldap or hope another package will pull it in.
[ Tests ]
This update adds only a dependency. It doesn't change the behavior. The package
did not have the tests enabled at this point (was done in 5.2.4-1). I could
enable the tests, but it will make the diff significantly larger because it
requires applying more of the package changes done in version 5.2.4-1. I
actually don't see any benefit here.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The only change is that ruby-builder was added to the dependency list.
Regards, Daniel
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmGCmnkACgkQS80FZ8KW
0F2JxxAAq2WraAFBeXlkpzED0MQseNgOzAG9oGEKgoFauzweMbYx4V4yIHuLYIgj
xQC5/2xQJwXx11/v9yr+uyq4/7g3r66oRWk4k/pG2YhS0PYV5QeM7dUFRWTadFI+
+ZtL17AA4+Z9uwVouH2gdSvGT/f3hP92iVYJtKSxY7KZMoolHqfasHrdHArwx/ZS
u1rmrWHZdonp0FCFqlrc1yUEkYhXtqBSSHQQJRjyyTBeCVMwHBkaJ1UMHpER+CbV
9ZEque/cC2KDAc4opfy/YYECYrZhTDLQal4YZlQvEtxIeqOKtdqZ3EAuZSIEZP0O
60ntpPSZlSJfOZ9t/ewKKnopojVJDfbp1JzTOw7BMFGvUmUkqheVu1ntR270UovR
01oy0Dj5QsTphOmwYvLp+LECCWpcWandjoYPYRSmSSsoh/C+PXjUBhQW2oyxeOjo
Zde0yYWn6F51/dZtG32Gond4A60O6zsNfCTLHaf/ZlGUjnFxhuEH+5IDSfMRDNC5
fSW9HmH5mh4SFcgvz3neRPY9m3JpZu/Us6fxmtJVgVEAapjdX+tpJmJFxpTu2EKF
j87APMe8cEFiDeezNQRlkJzTHOQlVLsiJrOJ3DcE0Kqvz0LNSlld0ZRaI0sX4YRP
2akbvKPeXpwsdjUGshk1VS1aWfhzLtC9i+q/pMl8ORkVxyENAl8=
=JmsM
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index 6c9ba2a..20756aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ruby-activeldap (5.2.2-2+deb10u1) buster; urgency=medium
+
+ * Add missing dependency on ruby-builder (closes: #982522).
+
+ -- Daniel Leidert Wed, 03 Nov 2021 15:10:29 +0100
+
ruby-activeldap (5.2.2-2) unstable; urgency=medium
* Removed dependency on ruby-gettext-i18n-rails, not needed since
diff --git a/debian/control b/debian/control
index e92b671..b2452b9 100644
--- a/debian/control
+++ b/debian/control
@@ -22,6 +22,7 @@ XB-Ruby-Versions: ${ruby:Versions}
Depends: ruby | ruby-interpreter,
ruby-activemodel,
ruby-activesupport,
+ ruby-builder,
ruby-gettext,
ruby-locale,
ruby-net-ldap (>= 0.9.13),
Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible
Package: release.debian.org Severity: serious -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 A week ago, Theodore Ts'o uploaded e2fsprogs 1.47.0 into Debian unstable. This version contains a unannounced change that basically breaks grub2 (and grub-install). This issue has been reported as #1030939 [1] and #1030846 [2]. To "fix" the issue, instead of turning the feature off, a patch to grub2 in Sid has been committed recently. Unfortunately, that only fixes grub in Sid. Grub in Bullseye or any current Ubuntu release *cannot* deal with a filesystem created by this version of e2fsprogs. This basically breaks the debootstrap method of installing a Debian or Ubuntu. If e2fsprogs 1.47.0 is allowed into Testing, we can no longer use the debootstrap method to install a Debian Bullseye (or older) or any Ubuntu release. It requires to manually change the filesystem features before it can be used again. It also makes e.g. vmdb2 in Sid unusable to create images of Bullseye or older Debian releases, or Ubuntu releases. The gain of enabling the metadata_csum_seed feature by default is not noteworthy. It is a feature that hardly anybody needs. I have not seen one use-case nor even relevant search hits. But the loss is heavy. User's can no longer simply follow [3] to install any Debian or Ubuntu system if the filesystem has been created with e2fsprogs 1.47.0. It also breaks software in the midst of the freeze. I hereby ask the release team to step in and either make sure that the metadata_csum_seed feature is not turned on by default in e2fsprogs in Bookworm or that version 1.47.0 is not shipped as part of Bookworm. Reasons: - - this breaks existing tools for no apparant reason - - introducing this breaking change is too late in the release cycle to deal with it properly - - the metadata_csum_seed feature is hardly useful or requested; it can be turned on if necessary; no need to make it the default in Bookworm - - there is no grub upstream release with support for it; only patched grub versions can cope with it - - the change makes it impossible to create filesystems with this version of e2fsprogs and then run a grub-install from a target system that does not cope with that feature; basically breaking the debootstrap method of installing Debian or Ubuntu onto a server (violating #4 of the Debian social contract) - - to cope with the former issues, users will have to know about that incompatibility and ways to deal with it; none of that is prepared; the package maintainer even refuses a NEWS entry - - it breaks vmdb2, only allowing to make images of Debian Bookworm and Sid (if grub is involved) - - pushing this metadata_csum_seed feature violates #4 of the Debian social contract Instead, turning on this feature should be postponed for the next release cycle where a proper transition can be done. [1] https://bugs.debian.org/1030939 [2] https://bugs.debian.org/1030846 [3] https://www.debian.org/releases/stable/amd64/apds03 Daniel Leidert -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmPsE8UACgkQS80FZ8KW 0F0Aug/+Kb6xrQcILq+VYpKk/161UXgQA47ccydz78uT3r1eRBVJIPReULZPdjvk W4PDDOYypScsx4+EahdOVViAMiOyzI0eroivZmDItxY1HR6LpKdeQFPLET6FdbfM pDHezFKXqsulYQWLu5M6yPCtMWGCmAtiH9NeppzUY7+dnBr2yzZGitH4pPSh7MmS 9jxRIKG0xGa3wF+a1yEgHE0nPvqD5a97GlwL5+MTg580k/e1VRpaQaYrTRr3CHyK EJbVOu70K+qXgP837x6B5eyYmihJWiNBMxm9JqF1TrwTKXwk26zpZ2+T1uKVgVKj Y5AlZX8Gypdxq0Q3uFPSlzBhetd2wvrUt9hKEb52fdzw3L4AsY2Ken98sAhqy7Xi PGVdihiUSAT5gslthm3qB3fGQQMIEXI3UdHqSx7ARgZJ6Gkf/zIjk5sKl/xiGe+t jJExPdCR7H8+tPNZhJEhx6BLtLs8tLm+zhOAr3rZVekEn3PJJAHOKPs1KPBWinYr FsVBsWBWzOgKNARu31u/o4s5BFV99M45gZqHLs3Mp5TvJqIxkbwS0FDoCa/TausP vojuW4kDPM7Jjw568W4O8csXBiI/qEcEPXZGPrgGVs3Yo1hV/KkJUOkQ9y/VvRps POx+RwF400ov8zOxGPqETkqDjl/2JQ47OOvogJMi6FDRQk+YE2w= =bKh7 -END PGP SIGNATURE-
Bug#1031376: tzdata 2022g-3 removed /etc/timezone without a proper transition, breaking multiple packages
Package: release.debian.org Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 A recent upload of tzdata [1] removes the file /etc/timezone from user's computers. This broke multiple packages of the ruby-team (samizdat and ruby-et-orbi being two of them). A quick search on codesearch.d.o [2] for the usage of the file reveals more packages that are likely affected. While the change itself is not unreasnable, it has a bad timing, and since it went unannounced, multiple package require fixing now for Bookworm. I ask you to find a reasonable approach to deal with this for the Bookworm release. [1] https://tracker.debian.org/news/1418475/accepted-tzdata-2022g-3-source-into-unstable/ [2] https://codesearch.debian.net/search?q=%2Fetc%2Ftimezone&literal=1 Regards, Daniel -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmPtdMMACgkQS80FZ8KW 0F11txAAxzQK/ackamzXJT8RChyY+EurntwQaMCuS6GzgVV/cdHEklSUzT51XAWk Su4C3umDtcjmBQgMNqP94umV/Xp32zHJboVxC1RDmjxcK0CoWlgVNiCtNOO7K/sm 3t+oIMlsIsFbjxsJaCKuW1Q7Ob+ebJ9cEUI7y59zt0hWKxtgeqBeDbrgyuwguW/y THigG9PnF4ObosO8HV8EgvdREl5GjynYALLlEv1quWX9lc6JKgt8uTW8+txjsE0o jRiz7iXxHZdPwnVV10WFZM3MXO5Nbibe0YDd4lRIqBC58owE8KmeDv3eDpdl5vyA CLBDlFUyq5gysgpte7veN0OMUh0HCL5akFc1EBda6xwI5+PqehQoULaTKvmSZ25A HcY15c6eLJ+qPVYWZC7XFsnYH9ETOtRhkiuKEOxuVsKq+dwgaX1PYQiSo/OHqmXF cOQQ7R0Mwc6CNnDVVbFHerUdS8Ur42MRm7OkaFfoBP/qkIBjjNBxlMgmkuV0GZw6 pLkTltK+ITooSXBh4307uo0qybq6QesE81NEbMGAB94yTSi1YIn0yXikd1JT2PYR tdvxn9z1X6ssmAUSiy9y9q6wFqv/GTTGSXe33ieRGah11OD+oP1GcLx5ESo7W9Cz IhHCX0nQxdS1EQbSnl6ZkM4ephqZ/41P4z+2MQLoHAJyBNNyMSo= =ASWO -END PGP SIGNATURE-
Bug#1031376: tzdata 2022g-3 removed /etc/timezone without a proper transition, breaking multiple packages
Am Donnerstag, dem 16.02.2023 um 08:41 +0100 schrieb Paul Gevers: > Control: tags -1 moreinfo > Control: severity -1 normal > > Hi Daniel, > > On 16-02-2023 01:11, Daniel Leidert wrote: > > I ask you to > > find a reasonable approach to deal with this for the Bookworm > > release. > > That's not how we normally work. Please come with concrete proposals and > we can evaluate them. Hi Paul. That is the release team's job. Your team should be on top of that situation and control that. There is already a freeze in process. You made that very clear. New transitions are not allowed. The date has passed that re-introductions into Testing are not allowed anymore. And people break other packages just like that? It is my expectation that your team evaluates the situation together with the maintainer of tzdata now, and then comes to a conclusion and a decision, how this should be handled. codesearch.d.o proves that multiple packages use code that relies on the existence of /etc/timezone. So, its removal should have been handled in a coordinated way in the first place. Either the maintainer of tzdata does a mass-bug filing, or this change should be reverted. I have already spent two dozen unpaid hours of tracking down and handling breakages introduced since February 7th(!!) by fellow DDs. I spent multiple dozen hours of bug-fixing and uploading since the new year started, to make sure users will get the software they expect in Bookworm, also unpaid of course. And now I have to evaluate the impact of the change in tzdata as well and create proposals? No. I'm not the tzdata maintainer and I'm not a member of the release team. It is your job to handle transitions. And I suggest that you finally do your job and make sure that people stop uploading breaking changes, so the work for Bookworm gets less and not constantly more. Daniel
Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible
Am Donnerstag, dem 16.02.2023 um 18:37 +0200 schrieb Adrian Bunk: > On Wed, Feb 15, 2023 at 12:05:41AM +0100, Daniel Leidert wrote: > > ... > > Reasons: > > ... > > - - the change makes it impossible to create filesystems with this version > > of > > e2fsprogs and then run a grub-install from a target system that does not > > cope > > with that feature; basically breaking the debootstrap method of installing > > Debian or Ubuntu onto a server (violating #4 of the Debian social > > contract) > > ... > > Instead, turning on this feature should be postponed for the next release > > cycle > > where a proper transition can be done. > > ... > > Daniel, you are contradicting yourself when claiming that a change that > would allegedly violate the Debian social contract could be done in the > next release cycle. Actually, I'm not. I have never said that I reject the introduction of that change. But I reject it in the current situation, and I reject the way it is handled. And if you read the whole report and the discussion I was involved in, then maybe you can understand that I perceive it that both, Steve and Theodore, were very well with the idea of breaking with Bullseye and Ubuntu and other systems, where grub doesn't support that feature, right now and "just like that". And I think this is a violation of #4. I have also written in [1] how I think the transition should be handled (IMO), especially given the fact that grub has no upstream release with a fix yet. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030939#108 Regards, Daniel
Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible
Am Donnerstag, dem 16.02.2023 um 20:10 +0200 schrieb Adrian Bunk: [..] > I am currently spending time trying to summarize the situation and open > questions, and I am a bit underwhelmed by the inaccuracies and lack of > technical detail in your emails. Well, I didn't have weeks to prepare. I had <24 hours and gave you already enough information so you did not have to start from scratch. I will summarize my points at the bottom. > The instructions you cite in [1] are for installing bullseye from > non-Debian systems. That is simply not true. Those are general instructions, they are not limited to non-Debian systems. Most server providers have exctly *one* rescue system from where I can do a clean installation with deboostrap (and that even usually is a Debian). I cannot choose to use one that hasn't an e2fsprogs that has this breaking change enabled. Say for example, grml, used by multiple providers I know as rescue system and based on Debian, picks up Bookworm with e2fsprogs with that change. Now users trying to install anything other than a Debian Bookworm using the deboostrap method will run into the situation that "grub-install" will fail, and it won't even indicate that they will have to tune the just created ext4 filesystem or even change /etc/mke2fs.conf. I spent a few hours until I tracked it down. And the situation right now is, that I can simply install any system with the deboostrap method. I'm not aware that there are any breakages or incompatibilities. > What bookworm ships does not matter much there, > these instructions will be wrong as soon as some *other* distribution > like Fedora changes the default. Fedora isn't used much as a rescue system, don't you think? Have you ever encountered that? I do custom server setups with deboostrap for almost two decades now. I haven't seen any distribution so far that changed the created filesystem to be incomatible with grub-install from the systems that might be installed. Most of the rescue systems were Debian based, JFTR. > I am wondering how exactly your often repeated "there is no grub > upstream release with support for it" would be relevant in practice. > Whether it's 2.06-8 or 2.07-1 in bookworm shouldn't make a difference. You completely miss the point here. It would lead to exactly the same situation if 2.07 would be the *first* to support it and could be shipped with Bookworm as long as e2fsprogs makes this breaking change now. But it makes a huge difference if 2.07 with a fix is released in around the same time as Bookworm and can spread until Trixie is prepared and the breaking change is postponed to Trixie. Ubuntu 24 would have picked up that fix by then. 22 and maybe even 20 would probably have picked it up either. Even bullseye could get a patch to deal with that. The breakage would have less impact than it has now, while nothing is prepared. And it is completely illusional to say that people should first create a Bullseye chroot to then do a deboostrap setup of a target system from that chroot, as Theodore suggested. Well, I'm more than underwhlemed by suggestions like this. > Sebastian has now created #1031364 for your original vmdb2 problem, > everyone discussing in #1030939 seems to have missed that tools in > bookworm creating images for < bookworm must handle such changes. > That's not different from debootstrap having code to handle > apt-transport-https being required in some older releases. I agree. So don't you think introducing this now is a really bad timing? I checked a search engine to find out what this feature even does. Turns out, there were less than 500 hits. It is a feature available since kernel 4.4 and not widely used nor default. So what is the gain here? I also tried to understand why our users would need to be able to change the UUID of the filesystem. In 20 years with Debian, I haven't encountered a situation where this has been necessary (I didn't even know that one could). My gut feeling is, that this feature is only useful to a handful of people. I haven't heard any explanation so far why this needs to be turned on by default just now. The whole discussion so far has been Theodore argueing why he doesn't care about his actions and why he doesn't have to. If this feature should be turned on, then I still think that doing this for Trixie is the better choice. The tools affected can be fixed to work around the issue. The other distributions can pick up the grub- install fix. And JFTR: The attitude I preceived since I got into the discussion with the simple sentence that fixing grub in Bookworm might not be enough, can be summarized as "I/we don't care". So, sorry, I care, even if my less excellent mails might be underwhelming for you. Daniel
Re: Bits from the Release Team: ride like the wind, Bullseye!
Am Sonntag, den 07.07.2019, 02:47 +0100 schrieb Jonathan Wiltshire: > Shortly before the end of the 6th July, we released Debian 10, > "buster". Is it intentional, that the "Version" value in InRelease files at [1] has been removed? In non-security repositories this value is still present in InRelease files. [1] http://security-cdn.debian.org/dists/ Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#1029225: Announced soft freeze date clashes with Ruby team's team-meeting to prepare for Bookworm
Package: release.debian.org Severity: normal X-Debbugs-Cc: debian-r...@lists.debian.org, terce...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, on December 19th, 2022, the Ruby team announced a proposed meeting from February 6th to 10th 2023 [1,2]. One of the main tasks will be the preparation for Bookworm and the final switch to Ruby 3.1. Yesterday, the release team announced the final freeze dates [3]. Unfortunately, the date for the soft freeze is scheduled for February 12th, which will make it virtually impossible for us to get the packages, which are not yet in Testing (e.g. the whole Jekyll ecosystem), and the packages, which are scheduled for removal before the meeting, back into Testing and therefore into Bookworm. We would like to ask you to postpone the freeze date(s) by a full week, so we can care about all affected packages properly and ship them with Bookworm. I know, that these dates have been proposed a year ago. Unfortunately, nobody spotted this timing issue sooner. Otherwise, we would have contacted you, of course. Regards, Daniel [1] https://lists.debian.org/debian-sprints/2022/12/msg2.html [2] https://wiki.debian.org/Teams/Ruby/Meeting/Paris2023 [3] https://lists.debian.org/debian-devel-announce/2023/01/msg4.html -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmPJ31wACgkQS80FZ8KW 0F0+XQ//SX5f0NO5tbfHhV0bqMziEZneXJ5TQVAd/0C0owkCigWy5LprofRyMRUe DR70CJwd1xsNVqQD9qnN0NrvJX2iT7R0sU28So7u3lefpMh9ISMp3NyqWYnO/CEI BZ3b8w1iy73REg9pHnYBtvB2z2+WSfwVY6yqq2lpCmN1EDx/tezY2IAtpq/FZ2Up Vn4f83E7nD/3LgPao/jYzPRtARxod2DfKKTkHUzLged5dSXvSGZPY6Nm1kkIdpCj mw7o8+5ilsIAc11FiZ6u2Yfy6bj7Qwgds3hGrkA1cZH0lVMlyVyBExY1SRCgqmUO nSymzomKsfqEOjuZnknVwwz0k2R8ZaId+KfbwSmWt7VtVtZEpT1ztHBPBUuURBeS B/44Rv6+PLfENB6DT0GjzdidQPNiOGPtbe8tX2qvotbXHmpxSu2820c4eYsdnoMm 6G1xnt6JieFw7FdC6w0BZnA8SJG3KZ9hS5AUe+SVj3BT6CQU1X1HBEEm6CP1JFlT t7+GqrVjyaiR7FYsTTF6Uc+ZJeprkn2IXF9awYGKzNe1KegXgu4GlsqHF3QSn2lM 4XZ7Jl007PLmez6GhPCvAI+L6jHLcxLqJ90cSFFEhzvpIzjbb2XcZecNENTUY6CT S3bthBRtZerAIdJxVJfL2f5j9XRLvkoAFjOpVv8AjzXScf9Lve4= =S4nU -END PGP SIGNATURE-
Bug#972310: buster-pu: package puma/3.12.0-2+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 There are several security advisories open for the puma version in Buster: CVE-2020-5247 CVE-2020-5249 CVE-2020-11076 CVE-2020-11077 This upload fixes all these issues with patches taken from upstream's git repository. The added patches contain references to the commits used. Furthermore the upload contains a two-liner to add patch headers to an existing patch. A few new tests from upstream are added as well and a few other have been ifixed to apply to the fixed sources. Non-necessary changes have been omitted. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [pending] the issue is verified as fixed in unstable Unstable contains the 4.x series of puma while buster contains the 3.12 series. The upload of puma 4.3.6 will follow within one or two days of this report. Please don't hesitate to contact me if any questions arise. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.8.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl+I6K0ACgkQS80FZ8KW 0F1jSg//XplFcjLWUESWhyT6UWng0bRxafeQvBen5rhi35WCpQdkkGR5VVH7WiEQ cPLXjVifn66vJtP7/BKpqIWKJkZnotdNRtNXPslYkRb6WvQqTPUguPKQUM7fxOw3 qkKJN0bY49lPnWObiw+CFcXlZQ+lwwbKh7/Ud4MBNoHDd5nWRLwFzs2QndARR2u0 i7nv31ihaD85evcSX6MWKtqXLUzGY4dtp7RR0ecyzcQmyxwT8GEcNxqWBzzVqisk CkRwvHZESGM+eqcTiqIRFmvMEj+0H4foo5SxGPq/WKlH0/ENvt2VwnDKswyavc5q YuC1ZUB+hI5uJLJtQ3/ES3FrNgPdH9hjFutG3qzBWi1+M76rrSpT281dr0DYe33R ycDk2+PDbGpAg13j819MXWSDfR91nYDZ0TOWq1Kx+s2xQ5ObIw/KtvX/K93Vjwb4 SyPrYvqLoeZyAm+erNjyx+BhkrNnzQmkCVgNAD/9N9tHmN1DIOpH4CNNc1zCQfWK vXmK8ZLuKxGQWNmOMy0JHnDxlHNy1XDvJ8tJOdmjHg6ylncueepFhwQu5nUDv8rs eW+ICHejvc/W/tBO9TOyB2AE6yMLafAyzMH9qHn/mZPkcR0+s1F3Pu1A96fnz2vn hMDVrBeoLOD/UUuLe6yR5Reehewmfk3HxoTIFKipB9T+imiTLbw= =llit -END PGP SIGNATURE- diff -Nru puma-3.12.0/debian/changelog puma-3.12.0/debian/changelog --- puma-3.12.0/debian/changelog2020-03-04 00:15:43.0 +0100 +++ puma-3.12.0/debian/changelog2020-10-15 23:39:36.0 +0200 @@ -1,3 +1,23 @@ +puma (3.12.0-2+deb10u2) buster; urgency=medium + + * Team upload. + * d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and +bug tracker information. + * d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247. +- Fix header value could inject their own HTTP response (closes: #952766). + * d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249. +- Fix splitting newlines in headers and another vector for HTTP injection + (closes: #953122). + * d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076. +- Better handle client input to fix HTTP Smuggling via Transfer-Encoding + header (closes: #972102). + * d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077. +- Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding + header (closes: #972102). + * d/patches/series: Enable new patches. + + -- Daniel Leidert Thu, 15 Oct 2020 23:39:36 +0200 + puma (3.12.0-2+deb10u1) buster; urgency=medium * Team upload. diff -Nru puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch --- puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch 2020-03-04 00:15:43.0 +0100 +++ puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch 2020-10-15 23:39:36.0 +0200 @@ -1,9 +1,19 @@ +From: Pirate Praveen +Date: Sun, 10 Feb 2019 18:56:23 +0530 +Subject: disable-tests-failing-in-single-cpu + Disable test failing on single cpu -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921931 +Bug-Debian: https://bugs.debian.org/921931 +--- + test/test_pumactl.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test_pumactl.rb b/test/test_pumactl.rb +index 813ec32..11466b2 100644 --- a/test/test_pumactl.rb +++ b/test/test_pumactl.rb -@@ -33,7 +33,7 @@ +@@ -33,7 +33,7 @@ class TestPumaControlCli < Minitest::Test def test_control_url skip if Puma.jruby? || Puma.windows? diff -Nru puma-3.12.0/debian/patches/CVE-2020-11076.patch puma-3.12.0/debian/patches/CVE-2020-11076.patch --- puma-3.12.0/debian/patches/CVE-2020-11076.patch 1970-01-01 01:00:
Bug#950795: buster-pu: package puma/3.12.0-2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The proposed update will fix CVE-2019-16770 (#946312) for Buster users. The security team marked the issue no-dsa and asked to schedule the fix via the next point release. The debdiff is attached. The patch to fix the CVE has been taken from upstream's Git repository. The debdiff is attached. Please let me know, how to proceed. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl48P9cACgkQS80FZ8KW 0F2aKQ//VCdYXCl4gK1NSWOH5NtwoyIFoUcC6ofglL+shomnFMbvwr3V7H4rpVta 7oOysLOfGEmsCJXL5kcl0awijAmFz58dmlRmeSAOlirJ+09eyS56v/gSVPODueTA 7UjvjPQV3gJRgA0bsLEjTfIyyE9S17ylxDF9t1FRYGqngkTM3aYaz4NR5WMrFWGs b0ogyJxjpDW3VHgy2b0smrED5j2/Amo11DIg9CYhNyV5zAoNmH93cMlS+67p7CDK WIghSH4BoMjv0THRh521HK7hVywKFKhCHhG/fXCAEQnPgfP9umtBaM1eQeItpRRf A5MGtYBDLrvm8YLbtL0Fl8TsEYjdJmEUoS4Pr1HtVC4TiFLei6QxmriAY2pv+7h0 XtMyZ/L4dCCiilSUd58cnLBSdCm8OTf/NUI7m7zdCBDwG76ewbeuWQ59X6a8j+oH uOGeOjJJvxKlO1ngyLrPC8jZOcKNwGwdsBpI6YgOvSGWbQU3RWjlzmw+M/YgVaHL zIg5nEJHnTmdZUr22e4vaQ0kwH73Ggst+hA68LdZ9auDlb+o/37Rp8tz7M966c/x Tcoduwr5TLDMzLBtDYMpqw+8jakdpwACWGErqR46XcUtUtjQAy0GMQXucgQNwIw/ mZp5UDEsKR7RE6baUPMcQKMcU0W7AIWXGD2LrYMW/WmV9HverYY= =Fie4 -END PGP SIGNATURE- diff -Nru puma-3.12.0/debian/changelog puma-3.12.0/debian/changelog --- puma-3.12.0/debian/changelog2019-02-10 14:26:47.0 +0100 +++ puma-3.12.0/debian/changelog2020-02-06 13:25:24.0 +0100 @@ -1,3 +1,12 @@ +puma (3.12.0-2+deb10u1) buster-security; urgency=medium + + * Team upload. + * d/patches/CVE-2019-16770.patch: Add patch. +- Backport fix for CVE-2019-16770 from upstream (closes: #946312). + * d/patches/series: Add patch. + + -- Daniel Leidert Thu, 06 Feb 2020 13:25:24 +0100 + puma (3.12.0-2) unstable; urgency=medium * Disable tests failing in single cpu (Closes: #921931) diff -Nru puma-3.12.0/debian/patches/CVE-2019-16770.patch puma-3.12.0/debian/patches/CVE-2019-16770.patch --- puma-3.12.0/debian/patches/CVE-2019-16770.patch 1970-01-01 01:00:00.0 +0100 +++ puma-3.12.0/debian/patches/CVE-2019-16770.patch 2020-02-06 13:25:24.0 +0100 @@ -0,0 +1,69 @@ +From: Nate Berkopec +Date: Thu, 5 Dec 2019 14:19:32 +0700 +Subject: Merge pull request from GHSA-7xx3-m584-x994 + +could monopolize a thread. Previously, this could make a DoS attack more +severe. + +Co-authored-by: Evan Phoenix + +Debian-Bug: https://bugs.debian.org/946312 +Acked-By: Daniel Leidert +Origin: https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e.patch +--- + lib/puma/const.rb | 7 +++ + lib/puma/server.rb | 16 +++- + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/lib/puma/const.rb b/lib/puma/const.rb +index f9e0a2a..7fc105c 100644 +--- a/lib/puma/const.rb b/lib/puma/const.rb +@@ -116,6 +116,13 @@ module Puma + # sending data back + WRITE_TIMEOUT = 10 + ++# How many requests to attempt inline before sending a client back to ++# the reactor to be subject to normal ordering. The idea here is that ++# we amortize the cost of going back to the reactor for a well behaved ++# but very "greedy" client across 10 requests. This prevents a not ++# well behaved client from monopolizing the thread forever. ++MAX_FAST_INLINE = 10 ++ + # The original URI requested by the client. + REQUEST_URI= 'REQUEST_URI'.freeze + REQUEST_PATH = 'REQUEST_PATH'.freeze +diff --git a/lib/puma/server.rb b/lib/puma/server.rb +index e2e862f..66a982a 100644 +--- a/lib/puma/server.rb b/lib/puma/server.rb +@@ -468,6 +468,8 @@ module Puma + clean_thread_locals = @options[:clean_thread_locals] + close_socket = true + ++requests = 0 ++ + while true + case handle_request(client, buffer) + when false +@@ -481,7 +483,19 @@ module Puma + + ThreadPool.clean_thread_locals if clean_thread_locals + +-unless client.reset(@status == :run) ++requests += 1 ++ ++check_for_more_data = @status == :run ++ ++if requests >= MAX_FAST_INLINE ++ # This will mean that reset will only try to use the data it already ++ # has buffered and won't try to read more data. What this means is that ++ # every client, independent
Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The package installs a file to /usr/bin with a generic name. This file is not meant to be shipped and can cause file conflicts. This upload fixes it. https://bugs.debian.org/910930 Attached is a minimal diff. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5c8kAACgkQS80FZ8KW 0F12kxAAx1kH0oIzC67MSOw+l0w+nt+2KZX4tQjFw8BUI4OJADuZM3S58Z+tEPct pq3B3+TzBjdBZu3GMEmhEV9lkpVwuEauPSC7aEdBXkBQ7zlrALqpDXAERsurm373 puEpciIAbnYAxzlARmtpKEuShfl9k5AhLk5mdQzmHG70k6P6qs6wJ23YJQ/5m3Qe YrJweClxRDybPT6pDIKr6og2U2+SR7Nm6SORrLvn9a1qc676m2iYHiy89zBvhqJY Xio046ba3CrI9dZ/97hXwEyydiCobefEX/goV1RpsbnKnI4ptzR+Tgb8zyw4xjVH n9u+gpF3yGNtRU8sUOqeOYdZ23DdsWZxXjzJMQGD57QrvCacAae9C+4nNUS8QZT1 uZFNZaR2ykC5vdaimswgW9CrFiETaSuCtZyy6s/KlpfV35+AhNBPwrllNVUQ49Kj G3fih7dVED7mt23mumtD8p/y1UaF5lfXtRMQe4OCVNFhw8PWDzc7gNddQ5Ccw1Oa meSYLDDh0IRS/R8q0rydfnfSIC8xIJhqu2auaeWzmZ4CBPwa5l4UkNVtIwq0wS9x Y0DDeKZlRJDI08Jz+yr/VSA1H9LHMn/35rUGOmAcgwoDZS6EWnneZo68icaRUIzn z4OGmKbMmX2RcMKjYVh4j4IuCAZCpNPyNMBHKgfntoYo4MvHVzU= =W6ly -END PGP SIGNATURE-
Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Package: release.debian.org Followup-For: Bug #952960 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Forgot to attach the diff. Now here is it. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5c8wEACgkQS80FZ8KW 0F2bvA//WAWvQy95JzKr/3/lCNXZ88I4NNc6KxcmHpYkLsHM73SP6TM8IQm0Uvm8 686sQopiicW8CwCeixP7dK3tuInq6CwH1ILbtzIwzbK36CG9VXY//w+Du69h6VH/ hsfv0nvLJDCH04PP1nMo7SIi+FoYmMN3wnCZFue8Cj8wadElD2QvvH2F+UQvEZIb LbaMADoPQ6xSBbt+bNOCdmjvVuYjoEy7PhF9KrP8K++5fh1NxYSlcl6MW3+CyBu1 bIPnamAhze2OlrkrU0UyhGAyHfRFbjCJFFRuTnBBuwJKtGJ7jB+elRRd5FdXyCCg q/wGxcZQIvM9/n4hk4uJCr54mZ2tYC+QYiGHpZ8XlMVlKUaIsorAKshdZKTYY3gN 32yK/05ye+Ac3IjEKqrjzybNYrkwld1K+6TzvYiwjcxmGnZ4L/ohZId+OfjqRuNU F+RivQUMX51wLckr8DlzVWmjLgS2r0stNByu4NWENDvfRsYwERoFJ1/COFaqrvba Hc9FWuv017eZiIvhLjc4d6n1nkB00ncYu7MtIIgEqXHpWLzGx9kSsCuM9AYq35PT 4HXkGkv8MCEz3QA97/7+/LflLSwm2dSs6XgmO+70bDB8A0oaJPuLJCAm1QRPNYP0 dElNc72+Rv949nv8sgHoyQ0VcPdNVeFAK3wiwBNlDl7L8Gulz6I= =hEHQ -END PGP SIGNATURE- diff -Nru ruby-factory-girl-rails-4.7.0/debian/changelog ruby-factory-girl-rails-4.7.0/debian/changelog --- ruby-factory-girl-rails-4.7.0/debian/changelog 2016-09-15 12:38:40.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/changelog 2020-03-02 12:30:46.0 +0100 @@ -1,3 +1,11 @@ +ruby-factory-girl-rails (4.7.0-1+deb10u1) buster; urgency=medium + + * Team upload + * d/control (Vcs-Browser, Vcs-Git): Use salsa.d.o. + * d/rules: Don't install/ship generic files in /usr/bin/ (closes: #910930). + + -- Daniel Leidert Mon, 02 Mar 2020 12:30:46 +0100 + ruby-factory-girl-rails (4.7.0-1) unstable; urgency=medium * New upstream release diff -Nru ruby-factory-girl-rails-4.7.0/debian/control ruby-factory-girl-rails-4.7.0/debian/control --- ruby-factory-girl-rails-4.7.0/debian/control2016-09-15 12:37:46.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/control2020-03-02 12:30:46.0 +0100 @@ -8,8 +8,8 @@ ruby-factory-girl (>= 4.7~), ruby-railties (>= 3.0~), Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/pkg-ruby-extras/ruby-factory-girl-rails.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-factory-girl-rails.git +Vcs-Git: https://salsa.debian.org/ruby-team/ruby-factory-bot-rails.git -b debian/buster +Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-factory-bot-rails Homepage: http://github.com/thoughtbot/factory_girl_rails XS-Ruby-Versions: all diff -Nru ruby-factory-girl-rails-4.7.0/debian/rules ruby-factory-girl-rails-4.7.0/debian/rules --- ruby-factory-girl-rails-4.7.0/debian/rules 2016-09-15 12:32:19.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/rules 2020-03-02 12:30:46.0 +0100 @@ -4,3 +4,7 @@ %: dh $@ --buildsystem=ruby --with ruby + +override_dh_install: + dh_install + $(RM) -rf $(CURDIR)/debian/ruby-factory-girl-rails/usr/bin/
Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Am Montag, den 02.03.2020, 12:08 + schrieb Adam D. Barratt: > On 2020-03-02 11:50, Daniel Leidert wrote: > > Forgot to attach the diff. Now here is it. > > Thanks for looking at fixing this in stable. > > As far as I can see, ruby-factory-girl-rails currently has the same > package version in both unstable and stable, which means that this bug > also affects unstable. In that case, it would need to be fixed there > first, please. This package has been superseeded by (and renamed by upstream to) ruby-factory- bot-rails. I'm in contact with the maintainer to clarify if ruby-factory-girl- rails can be removed from unstable. Is this acceptible or would we still need to upload a fix in unstable? JFTR: gem2deb blacklists these files (bin/setup, bin/console) now so they don't get installed. A simple rebuild of ruby-factory-girl-rails would already fix this in unstable. [1] https://tracker.debian.org/pkg/ruby-factory-bot-rails Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Package: release.debian.org Followup-For: Bug #952960 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I've uploaded the fix to unstable and updated the diff (Vcs* fields changed, see attached). Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5dSZsACgkQS80FZ8KW 0F3fYxAA2PgNkbxWxv2bw6QuNzm6Jowr/D/NLxqhHaW0gfrd0OhhisGgV1UU6v4i AcIQIOlnAv/KB0EBXZ8wv52drv7SMeZ4MQ2z/gj1r9quSDFLEyBMBexIa5EiiLDN g5Ci5QzLWialsit+r4LPQ54wJNd3jVTcNqMhbsMvUKSEaqL+7ltzqWKAKq5LVTVY Ktp1CTePW0OyGfEmJn0uTiCx8tnHjNHlR+ZaRHO3YSFIhmRLq2LEXqNiJ4d6HIq9 dvwlHNx9HuRq96+Gidm/7/f0iQi0VqNbkwHBA0Irb/9BjVp2/aVtIzymFsMRlaub AH9MgM6V0LWdSKhKs6MrMndJjS4C+xXSzwpPnT2LdjWngdZ5SziNYOu4giSGrIl8 SsAeEpX+mgZ4iOHG9BKP59br730icIkwi/quC/5dnkVKQB6iM2OlMQvFU800E7Ji O5SEGTk2w2yuPkpZEF4bNqg5TebwOyzHdu8/gc20LBfg0dy3Fi8PsohXMLCJNk3E 9dMK29Su/1JCHn6G1Ie+a8nSlFGEPcRiOYEKXTW0HKvilIUqHMGQS+H17j43Ww3w 6SlCsZ7cnUbq56u1ISz8aUoVti86DtfGGDxl9aAsAJMAeIWPcMgzf108vOMxRqws sRk09P73N8Y328xlJpKRlqS8g9ACcZDYemTV4EP6FCkFjSejV7Y= =OeyB -END PGP SIGNATURE- diff -Nru ruby-factory-girl-rails-4.7.0/debian/changelog ruby-factory-girl-rails-4.7.0/debian/changelog --- ruby-factory-girl-rails-4.7.0/debian/changelog 2016-09-15 12:38:40.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/changelog 2020-03-02 18:54:34.0 +0100 @@ -1,3 +1,11 @@ +ruby-factory-girl-rails (4.7.0-1+deb10u1) buster; urgency=medium + + * Team upload + * d/control (Vcs-Browser, Vcs-Git): Use salsa.d.o. + * d/rules: Don't install/ship generic files in /usr/bin/ (closes: #910930). + + -- Daniel Leidert Mon, 02 Mar 2020 18:54:34 +0100 + ruby-factory-girl-rails (4.7.0-1) unstable; urgency=medium * New upstream release diff -Nru ruby-factory-girl-rails-4.7.0/debian/control ruby-factory-girl-rails-4.7.0/debian/control --- ruby-factory-girl-rails-4.7.0/debian/control2016-09-15 12:37:46.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/control2020-03-02 18:54:34.0 +0100 @@ -8,8 +8,8 @@ ruby-factory-girl (>= 4.7~), ruby-railties (>= 3.0~), Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/pkg-ruby-extras/ruby-factory-girl-rails.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-factory-girl-rails.git +Vcs-Git: https://salsa.debian.org/ruby-team/ruby-factory-girl-rails.git -b debian/buster +Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-factory-girl-rails Homepage: http://github.com/thoughtbot/factory_girl_rails XS-Ruby-Versions: all diff -Nru ruby-factory-girl-rails-4.7.0/debian/rules ruby-factory-girl-rails-4.7.0/debian/rules --- ruby-factory-girl-rails-4.7.0/debian/rules 2016-09-15 12:32:19.0 +0200 +++ ruby-factory-girl-rails-4.7.0/debian/rules 2020-03-02 18:54:34.0 +0100 @@ -4,3 +4,7 @@ %: dh $@ --buildsystem=ruby --with ruby + +override_dh_install: + dh_install + $(RM) -rf $(CURDIR)/debian/ruby-factory-girl-rails/usr/bin/
Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 This update is to fix #939645 [1]. The debdiff is attached. The issue has already been fixed in unstable. [1] https://bugs.debian.org/939645 Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5dnhoACgkQS80FZ8KW 0F2jYhAApx/qthfa1gElUjn/xmLStJBYuuuIa2S0/0HL3EnYcj2VUmJsn9aQ7H84 Ch8n88J7fxxt1KCAZ1m3wS8EsrCdFKKFRXTGN9xOGBoBBBWrz6Rjab7j/L1CbVDS 4U8Atlegb4SBsnALm5QsB4nmjJ+zsXV0aCNC8Y9itSIpDCtkx5sWtAKcaS/CyUdy spjiYvsBmp4bbZZEFagXVpOyeploZ8T635gXsdSzQsguk/bZm1rVX0jspPhLWjfS s1HU/m54CjhT204AWBRv358scBl0wzsM3RivFPffOPBXYkfady0susZMf6N2asXz M3TPPkpkWptUWZvS6NTXWo/c0OWSaVY1/Irth6T5c5XE2PBS+ki5d8fdCsR2Itb1 h70kZOwksXyIer7QfqrE1nJgrSmxAgRlKCTnszNE9VZRpYgl/g+fjsNa4rEbzYTO AzfqXHTekLc7rRbrHKVOEUyBXZRwBgxQw5R0lZ+7LneC+2cYF6rypBFRyE+JStjl bsF34TBDppIpYJjlcn/hE97c9vcPwG61EFXSVCkp0qRxtzRv4kHnpXT4/raOl9GE JLYok4jdZ0+Wxp7y7vqLhV68VWm/aG7DsY3u4pdgsOyQzl4+w1nusB4wnWBaV10n wdGBQHHA0SF7cxOF2kT7qZx5n6WuMoeOh4UNzF47bLX1mSujupw= =uJcm -END PGP SIGNATURE-
Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Package: release.debian.org
Followup-For: Bug #953005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Sorry. Now it should be.
- -- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5es1gACgkQS80FZ8KW
0F0jvw//Wp6PT3t3pNC8alsKBju7IbOwPFgBRKhe2LsG27JMWvYu/6VIzfay5K1Q
FaTVGv+nYHLvf+NXUq/zymzRX/3CYOqbtmze07VCsBP6/jMzVFMmhIDEKhPyawzJ
c5AXnsqOX/hiAstInS3ma9dJgMXUPTl/gh77G4YfprtKkwiIHdSOo9aderf7z5KY
uFTDdeuuXuGmRa/68rCmhtvO1BCJkGxN5AA88TTYVaJj9AxI7m2h3xVKcM7sqVGH
v8G0mhkKuc7NLD9Vnbv4hUlXpLSe4oc3yRQT4VDubN3y9a5NV3bZZUoxtjHg0MTj
po+h18br9huPqRCoZmzSlRNZX5Sxm5nvDWOq2cxFazk4/lMrBUtDsJogL7lUFtdZ
V+NyliM+/fOSP2TsGUlh4cmZY+wSAnZ7+jR6+oy+YSZJnubLGNo0KrPvZglfqgPi
FAiobAN/qicxGANYoiWeOpYvwSBB5W4OAV7et0SbL1t0f6/I8yEH+4SPgFOuqegY
ldhRPeqQ/d8zuhtDfxLlKYp6coSgmoh04HoG0ijjDN1eUkyZjvjNEcPJSC4j95+c
9fcn8s5DsKN1swljMwRFdUJrVBmjwCw6+PBheu24nDUnPa7dFESP31FUD6kflaW+
QK23ZRjHdDRhvbtnWyKXD5W//5diCWVNyfLI2Q/Zr3b7qc3iKDk=
=ZiIa
-END PGP SIGNATURE-
diff -Nru serverspec-runner-1.2.2/debian/changelog
serverspec-runner-1.2.2/debian/changelog
--- serverspec-runner-1.2.2/debian/changelog2016-09-15 12:48:17.0
+0200
+++ serverspec-runner-1.2.2/debian/changelog2020-03-02 23:41:24.0
+0100
@@ -1,3 +1,11 @@
+serverspec-runner (1.2.2-1+deb10u1) buster; urgency=medium
+
+ * d/patches/fix-yaml-load-document-missing: Add patch.
+- Support Ruby 2.5 and replace YAML.load_documents (closes: #939645).
+ * d/patches/series: Add new patch.
+
+ -- Daniel Leidert Mon, 02 Mar 2020 23:41:24 +0100
+
serverspec-runner (1.2.2-1) unstable; urgency=medium
* New upstream release.
diff -Nru serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing
serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing
--- serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing
1970-01-01 01:00:00.0 +0100
+++ serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing
2020-03-02 23:41:24.0 +0100
@@ -0,0 +1,19 @@
+From: hiracy
+Date: Fri, 16 Nov 2018 19:43:15 +0900
+Acked-By: Daniel Leidert
+Origin:
https://github.com/hiracy/serverspec-runner/commit/c459787defe1b08bbe46a5acf0ea07039fe44f61.patch
+Bug-Debian: https://bugs.debian.org/939645
+Description: [PATCH] Support ruby 2.5 over
+ Use YAML.load_stream instead of YAML.load_documents.
+
+--- a/Rakefile
b/Rakefile
+@@ -165,7 +165,7 @@
+ end
+
+ File.open(ENV['scenario'] || "#{ENV['specroot']}/scenario.yml") do |f|
+-YAML.load_documents(f).each_with_index do |data, idx|
++YAML.load_stream(f).each_with_index do |data, idx|
+ if idx == 0
+ scenarios = data
+ else
diff -Nru serverspec-runner-1.2.2/debian/patches/series
serverspec-runner-1.2.2/debian/patches/series
--- serverspec-runner-1.2.2/debian/patches/series 2016-09-01
13:13:41.0 +0200
+++ serverspec-runner-1.2.2/debian/patches/series 2020-03-02
23:41:24.0 +0100
@@ -1 +1,2 @@
fix-path-issue
+fix-yaml-load-document-missing
Bug#950795: buster-pu: package puma/3.12.0-2
Am Dienstag, den 03.03.2020, 20:37 + schrieb Adam D. Barratt: > On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote: > > The proposed update will fix CVE-2019-16770 (#946312) for Buster > > users. The security team marked the issue no-dsa and asked to > > schedule the fix via the next point release. The debdiff is attached. > > The patch to fix the CVE has been taken from upstream's Git > > repository. > > +puma (3.12.0-2+deb10u1) buster-security; urgency=medium > > Just "buster" for p-u, please. Yes I already saw it. I prepared the upload first for security. But they asked me to do the upload via p-u. I'll fix this. > +Subject: Merge pull request from GHSA-7xx3-m584-x994 > + > +could monopolize a thread. Previously, this could make a DoS attack more > +severe. > > Is there a missing line (or at least words) before "could monopolize" > there? No. This is the original commit message I kept from upstream. > In any case, please go ahead (with the fixed distribution). Thanks. Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#950716: transition: ruby2.7
Am Montag, den 02.03.2020, 15:01 -0300 schrieb Lucas Kanashiro: > On 02/03/2020 08:35, Graham Inggs wrote: > > Hi Lucas > > > > I notice kamailio and klayout still appear red in the Debian tracker > > [1], but went green in Ubuntu [2]. > > > > Do you have any ideas? Do we miss something in Debian? > > Since we basically have the same version in Debian and Ubuntu I believe > the only difference is that in Ubuntu we already have Ruby 2.7 as the > only default, in Debian it is just in experimental. So when we upload > version 1:2.7~0 to unstable they should get green as in Ubuntu. Can yóu please schedule a rebuild of facter too? At least three FTBFS reports are caused by factor only providing the Ruby2.5 library (#952024, #952022, #952070). I cannot upload the fixed packages. If this is not the right place, please let me know. Regarding this issue: should the ben file include sources build-depending on ruby-all-dev? $ reverse-depends -lb ruby-all-dev broccoli-ruby facter gem2deb libprelude ruby-ffi ruby-pgplot rubygems-integration sonic-pi uwsgi xapian-bindings Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#958395: buster-pu: package ruby-i18n/1.5.3-1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The ruby-i18n package in stable contains a gemspec file with the wrong version number (0.7). This happened due to ruby-i18n 0.7 being present on the build-system and being loaded first when creating the gemspec (it tempers with LOAD_PATH). Unfortunately this breaks redmine in buster. The proposed update applies the patch we use in testing and unstable to fix the LOAD_PATH and generate the correct .gemspec file. This fixes #927339 [1] in stable. Unfortunately it will break jekyll. But Jekyll requires just a minor patch to fix the situation. I'm preparing a Jekyll upload for Buster too. [1] https://bugs.debian.org/927339 Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl6e8BMACgkQS80FZ8KW 0F0j2g//UL/wu1XOQuGHWojFoKYTSKLK+Efuzm8jd35EpO3JjtYbu5TvrSwl8jmk TkVXA5colBd+CT8HSHI0QqIXIP81lpSQfaiL9vo8UHXFSHc+GXVFw2FCZeMMlpLO A9Fdz7DsE0KzFIWcGGuz145uGR7+afehYF75+3FawCeYx0F/3ZDhOTOdlvY1BFr+ q/ATHh22mdxbzwooqWKNctko05rK/K9orLuP8llB5VmwJyMoZRbOVZChD0JCFxRn C/bPi4Wlc4cR5WTjaQvoy51m0gHArdNzPd54l9yEwrHIf6eLET3VFcQ8eq1d4Xzz zYb5rHq+sXJmF1khfKMP4CtTCeKX9eODSggSzLh4ytkimvyHmhzBGfhEclgBgx5x bqb7tkeT0S+wvO3hP+8XZa09CURebu0AfEQdvxOCWba2WBqm1Y2qopye4/LWKIB7 zvA1Y5hlaXsYCJqEe8t2IcIv/kT7TZ4Qhw+og5IA+ikVy31OI/UdsEYTnqg9w4fU F9IAd4Se8DBdL0t+lGgx02qUFtVWu1n9PK4IAHFAJYOGNZYQhaxjI1/pR95jAp2B gBj6fwx/J4USxXTgAQYFtyHue+ln0EK5uFnnVKNDnY9m97pZ6z2KFEnA9OtGa+Tk RrDZwcvb1xwweTmR43ifIzh+xhrOXTFEPlhAtq2+sOErNkWyLNA= =xIkd -END PGP SIGNATURE-
Bug#958395: debdiff
Package: release.debian.org Tags: buster Followup-For: Bug #958395 User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Please find attached the debdiff. - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl6e+xMACgkQS80FZ8KW 0F3udQ//T0pYGhiJGbKiapotylSYrm3KFCdP7bdLUB0RSZPzQrdDdGfPoqucUTJ+ ZvJW8zmNJWwL96KFuUW6B1iJqzSvfY6Z5U9OXiY9J2E/FJ+43u+DcdSpamFn2TKA Ypd6cyRsn8j0UwnZm5xlfIQF5lwH7iQP3ChcziMZLyHXTVGz678E5pahKubNvH4h l+jm8a7GnjlX6vdmxWBdLGVUYdbzLZVjCOjotQjh4XyJZ5y9wF5cDLG5Kdty7Z7O jWO13rzTATrrHSRrV/Lq7FMYaD4gSFxuOEaKSVes8c5HwrekArPUyL5wGLacBBad mUdCiBScqyzaUI1sp+WXGRivt9J3DY2ipEmH7dJZ5kfpdp81Dz33XSm+jsu9TDNg n6K6ntG90CRsIm1EkQZfOhhJ4GLTBq9klr/mU4ZxzZ1f8MSS6rq4Z9vnwIANEkQi p811mxwh6laEv7psVTXjW1JRIC8GaeIXbjhfkuYxF4DjbjBgiOggMOzklZDSbBmd ty6jBiPmtjpfaMPsoXTJb33FE22JK+bNJEuYkXIO0NICthF23rMwCNuoSKgR+GP1 4MagTLYY0ox9xbjwqUrcHNFam9DmDm3OJBNd/Kgm/U5s3XnYVLFDm9GBhfFgVIcW yF/tXBOHYt7egvnhQllpQaZJ4bvrymCTCmbdxM163I/wx3vgIXM= =5nqT -END PGP SIGNATURE- diff -Nru ruby-i18n-1.5.3/debian/changelog ruby-i18n-1.5.3/debian/changelog --- ruby-i18n-1.5.3/debian/changelog2019-02-02 13:46:00.0 +0100 +++ ruby-i18n-1.5.3/debian/changelog2020-04-21 13:54:58.0 +0200 @@ -1,3 +1,21 @@ +ruby-i18n (1.5.3-1+deb10u1) buster; urgency=medium + + * Team upload. + * Pick up patch from unstable to fix .gemspec created and shipped. + + [ Antonio Terceiro ] + * d/patches/strip_bundler.patch: Rename to +d/patches/0001-disable-bundler-on-build-time-do-not-install-stuff-a.patch. + * d/patches/0002-gemspec-prepend-local-directory-to-the-LOAD_PATH.patch: Add +patch to avoid picking up the version number from an installed version of +the package (Closes: #927339). + * d/patches/series: Adjust. + + [ Daniel Leidert ] + * d/control (Homepage): Fix homepage-field-uses-insecure-uri. + + -- Daniel Leidert Tue, 21 Apr 2020 13:54:58 +0200 + ruby-i18n (1.5.3-1) unstable; urgency=medium * debian/watch: pull from github diff -Nru ruby-i18n-1.5.3/debian/control ruby-i18n-1.5.3/debian/control --- ruby-i18n-1.5.3/debian/control 2019-02-02 13:46:00.0 +0100 +++ ruby-i18n-1.5.3/debian/control 2020-04-21 13:54:58.0 +0200 @@ -11,9 +11,9 @@ ruby-test-declarative, ruby-test-unit, Standards-Version: 4.3.0 -Vcs-Git: https://salsa.debian.org/ruby-team/ruby-i18n.git +Vcs-Git: https://salsa.debian.org/ruby-team/ruby-i18n.git -b debian/buster Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-i18n -Homepage: http://github.com/ruby-i18n/i18n +Homepage: https://github.com/ruby-i18n/i18n Testsuite: autopkgtest-pkg-ruby XS-Ruby-Versions: all Rules-Requires-Root: no diff -Nru ruby-i18n-1.5.3/debian/patches/0001-disable-bundler-on-build-time-do-not-install-stuff-a.patch ruby-i18n-1.5.3/debian/patches/0001-disable-bundler-on-build-time-do-not-install-stuff-a.patch --- ruby-i18n-1.5.3/debian/patches/0001-disable-bundler-on-build-time-do-not-install-stuff-a.patch 1970-01-01 01:00:00.0 +0100 +++ ruby-i18n-1.5.3/debian/patches/0001-disable-bundler-on-build-time-do-not-install-stuff-a.patch 2020-04-21 13:54:58.0 +0200 @@ -0,0 +1,21 @@ +From: Jonas Genannt +Date: Thu, 6 Feb 2020 18:20:06 +0100 +Subject: disable bundler on build time, do not install stuff at build time + +Forwarded: not-needed +--- + test/test_helper.rb | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/test/test_helper.rb b/test/test_helper.rb +index d4a8488..cc81aec 100644 +--- a/test/test_helper.rb b/test/test_helper.rb +@@ -11,7 +11,6 @@ class TEST_CASE + end + end + +-require 'bundler/setup' + require 'i18n' + require 'mocha/setup' + require 'test_declarative' diff -Nru ruby-i18n-1.5.3/debian/patches/0002-gemspec-prepend-local-directory-to-the-LOAD_PATH.patch ruby-i18n-1.5.3/debian/patches/0002-gemspec-prepend-local-directory-to-the-LOAD_PATH.patch --- ruby-i18n-1.5.3/debian/patches/0002-gemspec-prepend-local-directory-to-the-LOAD_PATH.patch 1970-01-01 01:00:00.0 +0100 +++ ruby-i18n-1.5.3/debian/patches/0002-gemspec-prepend-local-directory-to-the-LOAD_PATH.patch 2020-04-21 13:54:58.0 +0200 @@ -0,0 +1,20 @@ +From: Antonio Terceiro +Date: Thu, 6 Feb 2020 18:20:29 +0100 +Subject: gemspec: prepend local directory to the $LOAD_PATH + +--- + i18n.gemspec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/i18n.
Bug#958399: buster-pu: package jekyll/3.8.3+dfsg-4
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The ruby-i18n package is broken in Buster. I've uploaded a fixed package to buster-p-u (#958395). This will fix the gemspec issue in Buster. Unfortunately jekyll requires ruby-i18n (>= 0.7, << 1.0) and might be broken by this upload. So this is a fixed version of jekyll which requires the i18n gem >=0.7 and <<2. Actually jekyll works just fine with this i18n version, so only the .gemspec needed patching. Debdiff is attached. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl6e/NQACgkQS80FZ8KW 0F2xmg//b+gy3buYflogTCT7MGPOWdGayjMmZ4Xh1jl5c5hH6QgZAvCCX+TG+RnL YK+iHE7v2Q41tOhuWnhUrvabAckP2QUpR2QYuksNQn1Jx0bBCu7jo3Q0B9g82BvK bCgSCjbAYWGJuM87MZcdF0PwFe7xgS9rG+nJobvNoBdeptarpGP2V039exmwTsMq gdQGtFb0mLOArt4dIr5OcEl2RQeFmLep4bp2B++OiDRDDogtqpKBnwL7Xwu6Kj+G Gj5sGx/+9FfvC+d0ylDCoHywja6yhDX5SeANXymz2OYj88tw1uYDZTQ6tuwspZFx wsgaA4JTmj29BYZMyA+CrV6Sv9nFEQ+1rwMM7Q5DgdnOoi60Ed1FRQN/5oiL8AFU /bz4zyh96ZKNoPBLfCd2zcdKCkP8MO92U8VUwG37f/atljyJ0RatZ+rZgSPxXh86 d5KIb4JqtgqiKoOU3gBAviOS4rdxPNn4aQTLRlJ2QLVkydz6Sq7ZN/ttpmn+rAEu MEPsMyYIYE97gckf68kuwo98byA4j/Y3FVVRptaX7EalRgMh6Ho7S6iuNrVFBhil 7igqSWrAEK7n0sLzX1sFZDgHXWvVWpgdt7LF2vbXC2PGY8dRzIDKybI5LwjTB5eH piThC4QRYAl0vOND9bmRuLyYp4MM0IjkcGlXirONf2Fa1sgsybc= =djwW -END PGP SIGNATURE-
Bug#958399: debdiff
Package: release.debian.org
Tags: buster
Followup-For: Bug #958399
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
debdiff attached this time
- -- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl6e/YwACgkQS80FZ8KW
0F3yjw//V2h1hS+87kv1hJfDLChofQBO/SeMfKfx6c1KS1VHmwJ17CFXeGI+KIMy
PZxysKYE9VcWkGpSa3o12qvWy6Yd0LbKpuEKfy4rpRjaG/IgDrIYc2c1da0ziPXe
EHnAB+kgMdg0eqONbl3XnJ5xkTl3IhqKa7+cib+iT/8mj1SkQFgE+29eyUTQFOqP
fkiI2Rp96nU8FaVDhUOBIVFsSLZjmnGgfV4209RQeCV9qgrMgrwojvnZBYy/uuB2
qGZjp0UUbay/lSkriaKq0IL37ELDnzV3yllIn/nP4Sd7B3+qpe1ja03x02V0oNIJ
hCAGX5vheORtmy7R05owvfmV0TpNPcGCRJgJvwP9fT9ZAnVSANs8HXYoPhqHXXUF
R+iloe/FKb6yCNPId71RKTnAlhZhc3mwByy6/HHn73XtRhOOlAUkdA1YQfrQ6JQ9
80yscQ62o4Xqo0BYt63dvYfBYmgRub2jRzFebvJwCWrycU6SLgPA+KEW/7NDNZ0t
rPVtWRp8E8srMSgtFsPA3XLdYwIXSaGq4ZmSuo1oBEXqF6VpmCSAK4nEeC4RyMTS
X4RsESlvweF58pNRI2fAj05BAd4v8af6c5JgAzq5ykMWjAuu2LVu6/PBF4CpFIBd
Tdusm6kRIDmxI2rjobtbYziMMioAhkxNX75REnQicLna0Zg8aC0=
=pGYM
-END PGP SIGNATURE-
diff -Nru jekyll-3.8.3+dfsg/debian/changelog jekyll-3.8.3+dfsg/debian/changelog
--- jekyll-3.8.3+dfsg/debian/changelog 2019-03-16 11:33:25.0 +0100
+++ jekyll-3.8.3+dfsg/debian/changelog 2020-04-21 15:20:38.0 +0200
@@ -1,3 +1,13 @@
+jekyll (3.8.3+dfsg-4+deb10u1) unstable; urgency=medium
+
+ * Team upload.
+ * d/control (Vcs-Git): Add branch information.
+ * d/patches/0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch: Add patch.
+- Allow ruby-i18n 0.x and 1.x (closes: #948215).
+ * d/patches/series: Add patch.
+
+ -- Daniel Leidert Tue, 21 Apr 2020 15:20:38 +0200
+
jekyll (3.8.3+dfsg-4) unstable; urgency=medium
* d/control: Add bundler to Depends (Closes: #924230)
diff -Nru jekyll-3.8.3+dfsg/debian/control jekyll-3.8.3+dfsg/debian/control
--- jekyll-3.8.3+dfsg/debian/control2019-03-16 11:11:14.0 +0100
+++ jekyll-3.8.3+dfsg/debian/control2020-04-21 15:20:38.0 +0200
@@ -45,7 +45,7 @@
webpack
Standards-Version: 4.2.0
Vcs-Browser: https://salsa.debian.org/ruby-team/jekyll
-Vcs-Git: https://salsa.debian.org/ruby-team/jekyll.git
+Vcs-Git: https://salsa.debian.org/ruby-team/jekyll.git -b debian/buster
Homepage: https://github.com/mojombo/jekyll
Testsuite: autopkgtest-pkg-ruby
XS-Ruby-Versions: all
diff -Nru jekyll-3.8.3+dfsg/debian/.gitignore
jekyll-3.8.3+dfsg/debian/.gitignore
--- jekyll-3.8.3+dfsg/debian/.gitignore 2019-02-13 03:40:42.0 +0100
+++ jekyll-3.8.3+dfsg/debian/.gitignore 1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-!node_modules
diff -Nru
jekyll-3.8.3+dfsg/debian/patches/0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch
jekyll-3.8.3+dfsg/debian/patches/0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch
---
jekyll-3.8.3+dfsg/debian/patches/0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch
1970-01-01 01:00:00.0 +0100
+++
jekyll-3.8.3+dfsg/debian/patches/0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch
2020-04-21 15:20:38.00000 +0200
@@ -0,0 +1,23 @@
+From: Daniel Leidert
+Date: Sun, 5 Jan 2020 14:41:21 +0100
+Subject: Allow jekyll to run with ruby-i18n 1.x
+
+Bug-Debian: https://bugs.debian.org/948215
+Origin: https://github.com/jekyll/jekyll/pull/7044
+---
+ jekyll.gemspec | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jekyll.gemspec b/jekyll.gemspec
+index f4c0c23..4d9feb9 100644
+--- a/jekyll.gemspec
b/jekyll.gemspec
+@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
+ s.add_runtime_dependency("addressable", "~> 2.4")
+ s.add_runtime_dependency("colorator", "~> 1.0")
+ s.add_runtime_dependency("em-websocket", "~> 0.5")
+- s.add_runtime_dependency("i18n", "~> 0.7")
++ s.add_runtime_dependency("i18n", ">= 0.7", "< 2")
+ s.add_runtime_dependency("jekyll-sass-converter", "~> 1.0")
+ s.add_runtime_dependency("jekyll-watch", "~> 2.0")
+ s.add_runtime_dependency("kramdown", "~> 1.14")
diff -Nru jekyll-3.8.3+dfsg/debian/patches/series
jekyll-3.8.3+dfsg/debian/patches/series
--- jekyll-3.8.3+dfsg/debian/patches/series 2019-03-16 10:13:41.0
+0100
+++ jekyll-3.8.3+dfsg/debian/patches/series 2020-04-21 15:20:38.0
+0200
@@ -3,3 +3,4 @@
0003-Remove-relative-LOAD_PATH.patch
skip-test-requiring-network-access.patch
0015-Fix-CVE-2018-17567-Closes-909933.patch
+0017-allow-jekyll-to-run-with-ruby-i18n-1.x.patch
Bug#958395: [DRE-maint] Bug#958395: debdiff
This was the original bug report against redmine: https://bugs.debian.org/947770 Regards, Daniel signature.asc Description: This is a digitally signed message part
[SRM] Bug#536080 - segfault in gchempaint
Hi,
I would like to get bug #536080 [1] fixed with the next point release. A
segmentation occurs during startup, which makes the issue grave for all
(affected) users. The fix/patch is pretty simply by calling
g_type_init() at the right place. The debdiff is attached.
I'm DM for this package. Shall/may I upload to proposed-updates myself?
Regards, Daniel
diff -u gchempaint-0.8.7/debian/patches/00list gchempaint-0.8.7/debian/patches/00list
--- gchempaint-0.8.7/debian/patches/00list
+++ gchempaint-0.8.7/debian/patches/00list
@@ -2,0 +3 @@
+536080_fix_segmentation_fault
diff -u gchempaint-0.8.7/debian/changelog gchempaint-0.8.7/debian/changelog
--- gchempaint-0.8.7/debian/changelog
+++ gchempaint-0.8.7/debian/changelog
@@ -1,3 +1,12 @@
+gchempaint (0.8.7-2+lenny1) stable; urgency=low
+
+ * Upload to stable to fix a segmentation fault.
+ * debian/patches/536080_fix_segmentation_fault.dpatch: Added.
+- lib/theme.cc: Call g_type_init() in the constructor and fix a
+ segmentation fault (closes: #536080).
+
+ -- Daniel Leidert (dale) Sat, 23 Jan 2010 15:44:55 +0100
+
gchempaint (0.8.7-2) unstable; urgency=high
* debian/rules (LDFLAGS): We have to accept unresolved symobols in the
only in patch2:
unchanged:
--- gchempaint-0.8.7.orig/debian/patches/536080_fix_segmentation_fault.dpatch
+++ gchempaint-0.8.7/debian/patches/536080_fix_segmentation_fault.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 536080_fix_segmentation_fault.dpatch by Daniel Leidert (dale)
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix a segmentation fault because of g_type_init() not being called
+## DP: at the right place.
+## DP:
+## DP: http://bugs.debian.org/536080>
+
+...@dpatch@
+diff -urNad gchempaint~/lib/theme.cc gchempaint/lib/theme.cc
+--- gchempaint~/lib/theme.cc 2007-12-13 13:30:31.0 +0100
gchempaint/lib/theme.cc 2010-01-23 15:23:55.628445971 +0100
+@@ -183,6 +183,7 @@
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ #endif
+ GError *error = NULL;
++ g_type_init ();
+ m_ConfClient = gconf_client_get_default ();
+ gconf_client_add_dir (m_ConfClient, "/apps/gchempaint/settings", GCONF_CLIENT_PRELOAD_ONELEVEL, NULL);
+ GCU_GCONF_GET (ROOTDIR"bond-length", float, DefaultBondLength, 140.)
+@@ -241,7 +242,6 @@
+
+ gcpThemeManager::~gcpThemeManager ()
+ {
+- g_type_init ();
+ gconf_client_notify_remove (m_ConfClient, m_NotificationId);
+ gconf_client_remove_dir (m_ConfClient, "/apps/gchempaint/settings", NULL);
+ g_object_unref (m_ConfClient);
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
Re: [SRM] Bug#536080 - segfault in gchempaint
Am Samstag, den 23.01.2010, 17:25 + schrieb Adam D. Barratt: > [Sorry for the out-of-thread reply, I don't have access to a copy of the > original mail to reply to right now] > > On Sat, 23 Jan 2010 16:04:40 +0100, Daniel Leidert wrote: > > I would like to get bug #536080 [1] fixed with the next point > > release. A segmentation occurs during startup, which makes the > > issue grave for all (affected) users. The fix/patch is pretty > > simply by calling g_type_init() at the right place. The > > debdiff is attached. > > The debdiff looks fine for stable. > > > I'm DM for this package. Shall/may I upload to proposed-updates > > myself? > > Yes, please upload (bearing in mind that the window for acceptance from > p-u-new for the next point release is closing this wekeend). Nope. My package gets rejected, because unstable/experimental doesn't contain a gchempaint source package anymore (gchempaint was merged into the gnome-chemistry-utils - so the source in Sid + experimental now is gnome-chemistry-utils). Please upload yourself. I will further inform Michael Banck. Maybe he can upload tomorrow. Regards, Daniel signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Future freeze exception for docbook-xsl, docbook-xsl-ns, docbook-xsl-doc 1.76.0
Julien Cristau wrote: > On Wed, Sep 1, 2010 at 21:00:00 +0200, Daniel Leidert wrote: > >> Finally the first release candidate of docbook-xsl 1.76.0 has been >> released and I would like to get version 1.76.0 into Squeeze. >> > I'm a bit hesitant with this as docbook-xsl is used by quite a few > packages' build processes. What's the likelyhood of regressions there? First: I'm in vacation, so nothing will happen before September 12th and I'll probably be unsable to naswer before Sunday. Second: Release 1.76.0 is the same code as 1.76.0-RC1 without changes. The new release contains almost bug-fixes. A few of them have already been tested by Debian users (e.g. the portable apostrophe fix). Of course there are also changes not yet tested. Unfortunately there isn't a test- suite to test for regressions. There is just some crude test-suite for manual pages. What I can do is to test packages build-depending on docbook-xsl(-ns) and check the results and tell you then. This can happen next week. I would really like to get this release into Squeeze, but I understand your objections. Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/6abde0b4c358d614f365d23e23cba37e.squir...@webmail.wgdd.de
unblock xmlto/0.0.20-5
Hi,
Please unblock xmlto 0.0.20-5. It fixes two minor bugs. But both fixes
are one-liners (and safe). The debdiff is attached.
Regards, Daniel
diff -u xmlto-0.0.20/debian/changelog xmlto-0.0.20/debian/changelog
--- xmlto-0.0.20/debian/changelog
+++ xmlto-0.0.20/debian/changelog
@@ -1,3 +1,22 @@
+xmlto (0.0.20-5) unstable; urgency=low
+
+ * debian/patches/483503_postvalid_needs_noent.dpatch: Added.
+- xmlto.in: xmllints --postvalid switch needs the --noent switch
+ to substitute entity values and avoid 'references an unknown ID'
+ errors (closes: #483503). Thanks to Daniel Burrows for the
+ report.
+
+ -- Daniel Leidert (dale) Sun, 25 Jan 2009 20:35:14 +0100
+
+xmlto (0.0.20-4) unstable; urgency=low
+
+ * debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch: Adjusted.
+- xmlto.in: The value of a given (string)param=value pair was not
+ parsed correctly due to a missing curly brace (closes: #513011).
+ Thanks to Max Kellermann.
+
+ -- Daniel Leidert (dale) Sun, 25 Jan 2009 18:41:30 +0100
+
xmlto (0.0.20-3) unstable; urgency=low
* debian/control (Suggests): Added xmltex now providing passivetex
diff -u xmlto-0.0.20/debian/patches/00list xmlto-0.0.20/debian/patches/00list
--- xmlto-0.0.20/debian/patches/00list
+++ xmlto-0.0.20/debian/patches/00list
@@ -3,0 +4 @@
+483503_postvalid_needs_noent
diff -u xmlto-0.0.20/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch xmlto-0.0.20/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch
--- xmlto-0.0.20/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch
+++ xmlto-0.0.20/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch
@@ -6,12 +6,16 @@
## DP: 'warning: failed to load external entity "XSLTPARAMS" [..]'. The patch
## DP: has been suggested by Zed Pobre.
## DP:
+## DP: * xmlto.in: Using the --stringparam option failes because of a missing
+## DP: opening brace. Thanks to Max Kellermann.
+## DP:
## DP: http://bugs.debian.org/499200>
+## DP: http://bugs.debian.org/513011>
@DPATCH@
diff -urNad trunk~/xmlto.in trunk/xmlto.in
trunk~/xmlto.in 2008-10-09 10:47:10.0 +0200
-+++ trunk/xmlto.in 2008-10-09 10:48:23.0 +0200
+--- trunk~/xmlto.in 2009-01-25 18:34:09.0 +0100
trunk/xmlto.in 2009-01-25 18:34:28.0 +0100
@@ -272,8 +272,8 @@
;;
--stringparam)
@@ -19,7 +23,7 @@
- XSLTPARAMS="XSLTPARAMS --stringparam ${MYPARAM%=*}"
- XSLTPARAMS="XSLTPARAMS $MYPARAM#*=}"
+ XSLTPARAMS="$XSLTPARAMS --stringparam ${MYPARAM%=*}"
-+ XSLTPARAMS="$XSLTPARAMS $MYPARAM#*=}"
++ XSLTPARAMS="$XSLTPARAMS ${MYPARAM#*=}"
shift 2
;;
--noclean)
only in patch2:
unchanged:
--- xmlto-0.0.20.orig/debian/patches/483503_postvalid_needs_noent.dpatch
+++ xmlto-0.0.20/debian/patches/483503_postvalid_needs_noent.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 483503_postvalid_needs_noent.dpatch by Daniel Leidert (dale)
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: * xmlto.in: The xmllint call uses --pistvalid switch, which may not try to
+## DP: fetch external parsed entities and therefor can lead to errors:
+## DP:
+## DP: IDREF attribute linkend references an unknown ID
+## DP:
+## DP: Adding the --noent switch solves the issue.
+## DP:
+## DP: http://bugs.debian.org/483503>
+## DP: http://mail.gnome.org/archives/xml/2004-December/msg00062.html>
+
+...@dpatch@
+diff -urNad trunk~/xmlto.in trunk/xmlto.in
+--- trunk~/xmlto.in 2009-01-25 20:25:00.0 +0100
trunk/xmlto.in 2009-01-25 20:25:44.0 +0100
+@@ -413,8 +413,8 @@
+ then
+ VALIDATION="${XSLT_PROCESSED_DIR}/validation-errors"
+ [ "$VERBOSE" -ge 1 ] && \
+-echo >&2 "xmllint >/dev/null --xinclude --postvalid \"$INPUT_FILE\""
+- xmllint >/dev/null --xinclude --postvalid "$INPUT_FILE" 2>"${VALIDATION}"
++echo >&2 "xmllint >/dev/null --xinclude --postvalid --noent \"$INPUT_FILE\""
++ xmllint >/dev/null --xinclude --postvalid --noent "$INPUT_FILE" 2>"${VALIDATION}"
+ xmllint_status=$?
+ if [ $xmllint_status -ne 0 ]
+ then
[SRM] Update of gnupg/gnupg2 to fix a memory leak (was: Bug#345911: gnupg: Memory leak fix)
Hi, In the past it had been reported several times, that importing a large keyring (for example the Debian keyring) might need a really long time and make gnupg allocate much memory (trying to reproduce the issue I observed a DoS). I recently reported the issue to Werner Koch and he found a memory leak and fixed the issue. It seems the patch applies to gnupg (probably to 1.4.6 in oldstable too) as well as gnupg2. Should this be fixed in stable and olstable? Then I would prepare the packages for gnupg (CCed Eric for gnupg2). http://bugs.debian.org/345911 (#345911, #113897, #172115) https://bugs.g10code.com/gnupg/issue1034 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=345911_svn4993.diff;att=1;bug=345911 http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/branches/STABLE-BRANCH-1-4/g10/keyring.c?root=GnuPG&rev=4993&r1=4963&r2=4993 (gnupg 1.4) http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/keyring.c?root=GnuPG&rev=4994&r1=4980&r2=4994 (gnupg2) Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: [SRM] Update of gnupg/gnupg2 to fix a memory leak
Am Sonntag, den 24.05.2009, 19:37 +0200 schrieb Luk Claes: > Daniel Leidert wrote: > > Hi, > > > > In the past it had been reported several times, that importing a large > > keyring (for example the Debian keyring) might need a really long time > > and make gnupg allocate much memory (trying to reproduce the issue I > > observed a DoS). I recently reported the issue to Werner Koch and he > > found a memory leak and fixed the issue. It seems the patch applies to > > gnupg (probably to 1.4.6 in oldstable too) as well as gnupg2. > > > > Should this be fixed in stable and olstable? Then I would prepare the > > packages for gnupg (CCed Eric for gnupg2). > > Please upload for stable and oldstable. A question: I have another fix I would like to apply. It fixes gnupg to not leave the terminal in noecho-mode (#321871 [1]). The patch [2] is pretty small. Any objections? @Eric: The patch also applies to gnupg2 AFAIK. [1] http://bugs.debian.org/321871 [2] http://svn.debian.org/wsvn/pkg-gnupg/gnupg/branches/lenny/debian/patches/101_321871_unset_noecho_on_sigint.dpatch Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Proposed release goal: Renaming and design change of update-catalog
Hi, As requested, I'm currently preparing updates for sgml-base involving two major changes: 1) update-catalog is renamed to update-sgmlcatalaog 2) catalog registration has to be changed to comply to the policy About 1): Well, it has been requested [1], that update-catalog changes its name to update-sgmlcatalog. This will be done as of version 1.99.0 of sgml-base. It won't break any existing scripts, but a message will be printed to STDERR to inform, that the script name has been changed and that update-catalog will disappear in the future (probably in squeeze +1?). About 2): The current design always re-adds the catalog to the system catalog, even if the user has decided to remove the catalog from the system catalog and thus, the application violates the Debian policy section 10.7.3 [2,3]. I currently think about 2 possible solution. It might be necessary to bin-NMU all packages registering SGML catalogs. I can tell you as soon as the final solution has been found. [1] http://bugs.debian.org/88008 [2] http://bugs.debian.org/88010 [3] http://bugs.debian.org/477751 Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Dropping expat libtool .la file
Hi, I'm in favour of finally dropping the libtool .la file in the libexpat1-dev package. This has already been done in the past, but reverted [1] for Lenny. I'm currently preparing an update of the package and I would like to drop this file. But this might require a bunch of binNMUs. I did not yet check, which packages are affected (usually only those shipping a libtool .la file themself). I will attach a list of packages ASAP. Are you ok with this? [1] http://bugs.debian.org/485460 Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
docbook2x 0.8.7: Hint to Etch possible?
Hi, In the Debian XML/SGML group we were discussing, if we should try to get docbook2x 0.8.7 into Etch (atm in experimental). The question: Would you allow this update? There is one important issue, that is fixed with this release: it also builds with the libxml-sax-perl version currently in Sid. There are further several upstream fixes improvements (http://docbook2x.sourceforge.net/latest/doc/changes.html). The docbook2x package does not have any reverse-dependencies, that could break. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: docbook2x 0.8.7: Hint to Etch possible?
Am Donnerstag, den 01.03.2007, 11:04 +0100 schrieb Marc 'HE' Brockschmidt: > Daniel Leidert <[EMAIL PROTECTED]> writes: > > In the Debian XML/SGML group we were discussing, if we should try to get > > docbook2x 0.8.7 into Etch (atm in experimental). The question: Would you > > allow this update? There is one important issue, that is fixed with this > > release: it also builds with the libxml-sax-perl version currently in > > Sid. There are further several upstream fixes improvements > > (http://docbook2x.sourceforge.net/latest/doc/changes.html). The > > docbook2x package does not have any reverse-dependencies, that could > > break. > > But there are quite a few packages that build-depend on it, so I would > prefer to not allow it into etch. Ok. Thanks for the info. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[Fwd: Re: required CMake version is still 2.4.3]
Hi, I read this one on kde-core-devel: http://lists.kde.org/?l=kde-core-devel&m=117345955528326&w=2 Forwarded Message > Von: Alexander Neundorf > Antwort an: kde-core-devel[at]kde.org, neundorf[at]kde.org > Kopie: kde-core-devel[at]kde.org > Betreff: Re: required CMake version is still 2.4.3 > Datum: Fri, 9 Mar 2007 17:47:25 +0100 > > On Friday 09 March 2007 13:02, Boyd Stephen Smith Jr. wrote: > > On Thursday 08 March 2007 11:36:03 Alexander Neundorf wrote: > > > Do you know when SUSE 10.3 and kUbuntu 7.04 Feisty Fawn wil be released > > > > and > > > > > which versions they will ship ? > > > > I'm running feisty right now and have 2.4.5-1build1 installed. My Gentoo > > box > > at home has 2.4.3 stable and 2.4.6 in testing. Debian has only 2.0.5 in > > stable, but etch should be moving to stable "real soon now" and it > > currently > > has 2.4.4-1. I'm not sure what level of freeze is in place @ Debian, but > > the only outstanding bug against 2.4.5-1 is on hurd-i386 so it could make it > > into etch before it becomes stable. > > 2.4.4 had some serious problems, it shouldn't be in stable. Can you contact > somebody from Debian and push a bit that they go for 2.4.5 or 2.4.6 ? Chances for an update of the Debian package (what about the hurd-i386 issue?)? Chances for hinting? CCing the maintainer (maybe the KDE packagers are interested in this too?) Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[binNMU] clamav 0.90.2-3 (i386)
Hi, I would like to request a binNMU for the clamav package because of the libcurl transition. The uploaded package (i386) was build against libcurl3-dev (CCing Stephen Gran for this), which is not longer available in Sid (bot probably installed on the maintainers system) and so it was correctly built on the buildds for the other architectures. So the i386 arch package remains uninstallable, but the others do not. A binNMU should fix this problem for the i386 arch too. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please binNMU git-core
Am Mittwoch, den 22.08.2007, 11:36 +0200 schrieb Mike Hommey: > On Wed, Aug 22, 2007 at 02:24:59AM -0700, Steve Langasek <[EMAIL PROTECTED]> > wrote: > > On Tue, Aug 21, 2007 at 11:47:25PM +0200, Mike Hommey wrote: > > > > > Please binNMU git-core to build it against docbook-xsl 0.73.1.dfsg.1-1, > > > which will fix #420114. > > > > On what architectures? > > They all have been build against docbook-xsl 1.72.0, which is broken, so, > all of them. JFTR: docbook-xsl 1.72.0 is not "broken". Some templates used in the git-core XSL stylesheet are just not compliant to docbook-xsl 1.72. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: T&S for Release Assistents
Hi, Am Donnerstag, den 30.08.2007, 13:51 +0200 schrieb Luk Claes: > [Cced the victi^Wpotential assistents this time - next time get it from > the list :] > > Hi guys, > > Your first assignment, should you choose to accept it, is to solve the > following bugs: > > Robert Edmonds [..] > 405186 docbook2x: FTBFS: reference to nonexistent nodes [..] JFTR: This is a bug in libxml-sax-perl, not in docbook2x - it's just the title has not been changed. So don't waste time to fix this issue in docbook2x. There we already worked around it (and IIRC the bug was not reproducible with 0.8.7/8 anymore). However, if you need my assistence (I'm responsible for docbook2x atm), don't hesitate to contact me. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Package lists for (stable) distribution CDs/DVDs
Am Freitag, den 07.09.2007, 15:00 +0200 schrieb Daniel Leidert: > Hi, > > In a local group a user complained, and IMHO he is right, that there are > no package lists for the Debian CDs/DVDs. > http://www.debian.org/CD/faq/index.en.html#which-cd says, the packages > are sorted via popularity (and IIRC there is also some separation for > GNOME, KDE etc.). But there is no package list. Say a user want to > check, where or if an installation medium contains a list of packages he > wants to install. There is AFAIK no way to to this. So is i possible to > create package lists, like e.g. > http://ftp.uni-erlangen.de/pub/mirrors/knoppix/packages.txt for every CD > and DVD image? Or is here already something, I simply did not find? Ok. A few seconds later I found the http://www.debian.org/CD/jigdo-cd/#search. However, the list at http://atterer.net/jigdo/jigdo-search.php?list is very large and maybe that's not very comfortable. So opinions about plain lists (just for the current stable and oldstable release cd/dvd images)? Or should it be implemented in the packages.debian.org site, so the site tells, which CD/DVD contains the package? > CCing debian-cd Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package lists for (stable) distribution CDs/DVDs
Hi, In a local group a user complained, and IMHO he is right, that there are no package lists for the Debian CDs/DVDs. http://www.debian.org/CD/faq/index.en.html#which-cd says, the packages are sorted via popularity (and IIRC there is also some separation for GNOME, KDE etc.). But there is no package list. Say a user want to check, where or if an installation medium contains a list of packages he wants to install. There is AFAIK no way to to this. So is i possible to create package lists, like e.g. http://ftp.uni-erlangen.de/pub/mirrors/knoppix/packages.txt for every CD and DVD image? Or is here already something, I simply did not find? CCing debian-cd Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Package lists for (stable) distribution CDs/DVDs (integrating to package.d.o)
Am Freitag, den 07.09.2007, 15:06 +0200 schrieb Daniel Leidert: > Am Freitag, den 07.09.2007, 15:00 +0200 schrieb Daniel Leidert: > > Hi, > > > > In a local group a user complained, and IMHO he is right, that there are > > no package lists for the Debian CDs/DVDs. > > http://www.debian.org/CD/faq/index.en.html#which-cd says, the packages > > are sorted via popularity (and IIRC there is also some separation for > > GNOME, KDE etc.). But there is no package list. Say a user want to > > check, where or if an installation medium contains a list of packages he > > wants to install. There is AFAIK no way to to this. So is i possible to > > create package lists, like e.g. > > http://ftp.uni-erlangen.de/pub/mirrors/knoppix/packages.txt for every CD > > and DVD image? Or is here already something, I simply did not find? > > Ok. A few seconds later I found the > http://www.debian.org/CD/jigdo-cd/#search. However, the list at > http://atterer.net/jigdo/jigdo-search.php?list is very large and maybe > that's not very comfortable. So opinions about plain lists (just for the > current stable and oldstable release cd/dvd images)? Or should it be > implemented in the packages.debian.org site, so the site tells, which > CD/DVD contains the package? And what about e.g. showing an overview like http://packages.debian.org/stable/oldlibs/ but as http://packages.debian.org/stable/cd1/ or http://packages.debian.org/stable/dvd1/? CCing debian-devel instead of debian-cd for this question Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: gfortran release goal?
Am Samstag, den 16.02.2008, 13:16 +0200 schrieb Riku Voipio: > As noted by the latest gfortran transition update[1] by Kumar Appaiah, > the transition is now in full swing. The complex packages lower in > dependency chain have been uploaded to unstable, and for the rest > of packages bugs/patches have been filed. > > Our main problem remains unresponsive maintainers. We suggest promoting > gfortran transition to a official release goal, so we can start > more aggresively NMU'ing packages. Please do NOT NMU any packages maintained by the debichem team. These packages are: mopac7, mpqc, libghemical and ghemical. I summarized the current state at: http://lists.alioth.debian.org/pipermail/debichem-devel/2008-February/000566.html We plan to do the transition in experimental to allow the openbabel transition to proceed (waiting for gchempaint being built on mips). And we want to get rid of the libf2c2-dependency of mopac7 as discussed in #465723. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: intend to hijack GnuPG
x-post, fup2 debian-devel if possible Am Samstag, den 19.04.2008, 09:57 +0200 schrieb Andreas Barth: > * Laszlo Boszormenyi ([EMAIL PROTECTED]) [080419 07:42]: > > I intend to hijack GnuPG[1], but as it builds an udeb and has priority > > important, I ask if the Release Team allow it. [..] > And, BTW, most of us (including me) have a paid dayjob, and are of > course active on that one for the contracted time - for obvious reasons. > Telling that I would neglect Debian because I'm spending more time on my > dayjob than Debian wouldn't motivate me, and that's probably the same > for everyone else. I also have to say that last time I spoke with elmo > on IRC, he answered within minutes to me. There are >130(!) open reports and even after taking a quick look at them I found: - several are fixed in newer releases - several are already fixed in the version in Debian - most miss a statement by James (also the one asking for an update) There is no activity and trying to contact him also failed for several people. I'm sorry, but I even cannot imagine, that James is actively maintaining this package (CCed him). However, I would feel a lot better, if he would officially orphan the package in this case, so we don't need a hijack, which has IMHO the potential for bad blood. > So, the only on-topic question is: Do we want 1.4.9 in Lenny, I guess, its simply too late, because this package is pretty important. Walking through the list of open bug reports and addressing them will need too much time I guess. But I support a maintainer change and maybe the update can be made in experimental for the moment. Regards, Daniel
Tagging #477751 lenny-ignore?
Hi, http://bugs.debian.org/477751 This issue has been reported as a serious bug. Unfortunately solving it will very probably mean to rethink/rewrite the system. So I would like to request to tag the bug with "lenny-ignore" and solve it after the lenny release. Thanks and regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFC: expat transition or update - before or after lenny?
Am Donnerstag, den 29.05.2008, 11:31 -0700 schrieb Kevin B. McCarty: > > Adeodato Simó wrote: > >> So, to get this moving, who does the archive inspection? > > I wrote: > > As it happens, I already had a script prepared that did something very > > similar (for the purpose of looking for mis-compiled gfortran code on > > mips*). I've modified it to look for r-depends of libexpat1 containing > > ELF files having a NEEDED libexpat.so.0 and it's running now. (At the > > moment it's processing packages in Etch; on i386, amd64 and powerpc > > architectures; main, contrib and non-free components). Should be done > > in a few hours, and I'll post the results and the script here. Let me > > know if you'd like me to search additional architectures or distributions. > > I've finished with the script run (the script is attached for > completeness although it is pretty straightforward), and the conclusion > is this: of the packages with a direct dependency on libexpat1, NONE of > them (in Etch on i386, amd64, or powerpc; looking at main, contrib and > non-free) contain an ELF file with NEEDED libexpat.so.0. [..] > There are 101 such binary packages on Etch/i386. The only one which has > an ELF file with NEEDED libexpat.so.0 is wink. > > Of course it's conceivable that there is a pre-compiled binary packaged > on some non-i386 architecture that needs libexpat.so.0. But the vast > majority of pre-compiled binaries for Linux are made available only for > i386, so I think it's quite unlikely. Thus I'd suggest just contacting > wink upstream about a fix, and not bothering about a libexpat0 > compatibility package. Thanks for the information. I think, in this case we can go without a transition. I will think about, how to handle wink and then decide, how to proceed. So @the release team: Is there an interest for updating expat before the Lenny release or are there objections? Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFC: expat transition or update - before or after lenny?
Am Montag, den 02.06.2008, 09:16 -0700 schrieb Kevin B. McCarty: > Adeodato Simó wrote: > > > However, I'm not sure who mentioned this possibility, but shipping > > /usr/lib/libexpat.so.0 within wink sounds very ugly to me. > > It was me that suggested it ... > > > If upstream > > won't update their binary, and you want to drop the symlink, on possible > > solution is that wink ships a symlink in /usr/lib/wink/libexpat.so.0, > > and uses LD_LIBRARY_PATH=/usr/lib/wink from the /usr/bin/wink wrapper > > script. > > ... but I agree that this proposal is much better, especially since > /usr/bin/wink is already a wrapper script anyway. It is the solution, Daniel Baumann - the wink maintainer - accepted. The fix has been uploaded today. So an update of libexpat dropping the symlink should be possible now. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFC: expat transition or update - before or after lenny?
Am Dienstag, den 03.06.2008, 23:52 +0200 schrieb Adeodato Simó: > * Daniel Leidert [Tue, 03 Jun 2008 23:45:17 +0200]: > > > So an update of libexpat dropping the symlink should be possible now. > > I'm now curious what applcation do they mean in this comment: > > https://bugs.launchpad.net/ubuntu/+source/expat/+bug/218963/comments/14 I have no idea. I agree to Matthias Klose to ignore this user request. The update is now ready [1] and I'm waiting for my sponsor to upload it. [1] http://debian.wgdd.de/debian/incoming/packages/debian-xml-sgml/ Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFC: expat transition or update - before or after lenny?
Am Montag, den 26.05.2008, 17:02 +0200 schrieb Daniel Leidert: > The expat library [1] is outdated for some time now. I prepared an > update accordingly to the request in #429175 [2]. Just want to let you know, that the update reached the archive. Many thanks to the FTP masters/assistents and to all, who replied in this thread and helped with the topic. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [xml/sgml-pkgs] Bug#485460: Missing libexpat.la in package
A. Am Montag, den 09.06.2008, 19:16 +0200 schrieb Mike Hommey: > On Mon, Jun 09, 2008 at 12:53:29PM -0400, Claudio Saavedra wrote: > > Package: libexpat1-dev > > Version: 2.0.1-3 > > Severity: important > > > > While trying to build gtk+, libtool failed with this message: > > > > creating libgtk-x11-2.0.la > > /bin/sed: can't read /usr/lib/libexpat.la: No such file or > > directory > > libtool: link: `/usr/lib/libexpat.la' is not a valid libtool > > archive > > make[4]: *** [libgtk-x11-2.0.la] Error 1 > > > > The libexpat.la file is missing: > > > > [EMAIL PROTECTED]:~/svn/maemo/gtk+$ LANG= ls /usr/lib/libexpat.la > > ls: cannot access /usr/lib/libexpat.la: No such file or > > directory > > Mmmm I'd say it would be better, in the long term, to have packages > including .la files requiring libexpat.la to be rebuilt, but with the > freeze being approaching, it might be better to, at least temporarily, > add a libexpat.la file. Re-added in -4 and uploaded. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [xml/sgml-pkgs] Bug#482140: docbook-xml: Package does not install: update-xmlcatalog: error: entity, already registered
Am Dienstag, den 10.06.2008, 04:05 -0400 schrieb Akira: > Same error upgrading from Etch to Lenny on i686 (Core2 Duo). Worked around > the issue by running the following two commands. > > update-xmlcatalog --del --type public --id '-//OASIS//DTD DocBook XML > V4.1//EN' --package docbook-xml > update-xmlcatalog --del --type public --id '-//OASIS//DTD XML Exchange Table > Model 19990315//EN' --package docbook-xml These commands are part of the prerm script of the docbook-xml etch package (4.4-5). So this shouldn't be necessary. I clearly need help and I get the impression, that the problem only appears on the amd64 architecture. CCing debian-release, debian-devel for help Hello guys, Some users reported an issue upgrading docbook-xml from Etch to Lenny/Sid. I'm unable to reproduce it and I currently have no idea, what's going on. From reading the reports it might be an amd64-specific issue - which is some kind of surprising, because docbook-xml is Arch:all. But maybe the package has been corrupted on the amd64 installation CD/DVDs. The fact, that after a reinstallation of the docbook-xml package, the issue seems to disappear could be a hint, that this is the case. I really have no clue (and not much time till the end of next week). So I hereby request your help. I really appreciate any information, which helps to track down the issue and fix it. An NMU is of course allowed if you find the cause. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please unblock expat 2.0.1-4
Please unblock expat 2.0.1-4. It has been in unstable for 25 days now without any bug report. Objections? http://packages.qa.debian.org/e/expat.html http://packages.debian.org/changelogs/pool/main/e/expat/current/changelog Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
freeze-exception request for docbook2x 0.8.8-8
Hello, I would like to request a freeze exception for docbook2x 0.8.8-8 (now 15days in unstable). I simply fixed the command names in the manual pages: docbook2x (0.8.8-8) unstable; urgency=low * debian/rules (binary-post-install): Fix manpages to talk about the renamed commands. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: freeze-exception request for docbook2x 0.8.8-8
Am Mittwoch, den 24.09.2008, 00:16 +0100 schrieb Adeodato Simó: > * Daniel Leidert [Mon, 22 Sep 2008 14:31:12 +0200]: > > > Hello, > > > I would like to request a freeze exception for docbook2x 0.8.8-8 (now > > 15days in unstable). I simply fixed the command names in the manual > > pages: > > > docbook2x (0.8.8-8) unstable; urgency=low > > > * debian/rules (binary-post-install): Fix manpages to talk about the > > renamed > > commands. > > Unblocked, I'll trust that there's no more elegant way to do it. JFTR: I'm in discussion with maintainers of other distributions (initiated by Peter Volkov from Gentoo), because all distributions rename the docbook2x utils in a different way to solve the name conflict with docbook-utils (also noted at #262990). We are near a compromise, but upstream does not answer to our mails so the final decision is delayed. For the moment the change done in 0.8.8-8 just adjusts the program names in the manual pages to what we used for years for the commands - IMHO a correct fix for the documentation. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Lenny-ignore tag request for #477751 (sgml-base)
Hi, Second try: Bug http://bugs.debian.org/477751 (sgml-base) is about how the whole catalog system works. To "solve" it a full design change is necessary and planned for Lenny+1. I would like to tag this bug `lenny-ignore'. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Lenny-ignore tag request for #477751 (sgml-base)
Am Dienstag, den 07.10.2008, 15:11 +0200 schrieb Daniel Leidert: > Second try: Bug http://bugs.debian.org/477751 (sgml-base) is about how > the whole catalog system works. To "solve" it a full design change is > necessary and planned for Lenny+1. I would like to tag this bug > `lenny-ignore'. Any objections? Otherwise I'm going to tag it. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Lenny-ignore tag request for #477751 (sgml-base)
Am Freitag, den 10.10.2008, 16:40 +0200 schrieb Daniel Leidert: > Am Dienstag, den 07.10.2008, 15:11 +0200 schrieb Daniel Leidert: > > > Second try: Bug http://bugs.debian.org/477751 (sgml-base) is about how > > the whole catalog system works. To "solve" it a full design change is > > necessary and planned for Lenny+1. I would like to tag this bug > > `lenny-ignore'. > > Any objections? Otherwise I'm going to tag it. I got an ok by Osamu Aoki and went for it. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please unblock xmlto/0.0.20-3
Please unblock xmlto:
> xmlto (0.0.20-3) unstable; urgency=low
>
> * debian/control (Suggests): Added xmltex now providing passivetex
> (closes: #416622, #440518). Thanks to Robert Wohlrab.
> (Description): Added information about fop/docbook-xsl as
> alternative to passivetex.
> * debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch: Added.
> - xmlto.in: Fixed error message using --stringparam switch
> (closes: #499200). Thanks to Zed Pobre.
> * debian/patches/00list: Adjusted.
These fixes 2 important bugs:
#416622, #440518: passivetex had been removed a while ago. Now a user
informed me that it has been re-added as part of the xmltex package. So
xmltex has been added to Suggests in debian/control. This re-adds
important functionality to the package (DVI/PDF/PS output).
#499200: Using the --stringparam option results in an error just because
a variable was not declared as a variable. The fix was pretty easy
(debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch).
Further the description in debian/control has been extended by one
sentence to tell about docbook-xsl/fop as alternative to passivetex.
The debdiff is attached. The changes are safe.
Regards, Daniel
diff -u xmlto-0.0.20/debian/control xmlto-0.0.20/debian/control
--- xmlto-0.0.20/debian/control
+++ xmlto-0.0.20/debian/control
@@ -3,7 +3,9 @@
Priority: optional
Maintainer: Debian XML/SGML Group <[EMAIL PROTECTED]>
Uploaders: Daniel Leidert (dale) <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>> 5), dpatch, docbook-xsl (>= 1.64.1.0), docbook-xml (>= 4.2-8), xsltproc (>= 1.0.29), libxml2-utils, libpaper-utils, sgml-base
+Build-Depends: debhelper (>> 5), dpatch, docbook-xsl (>= 1.64.1.0),
+ docbook-xml (>= 4.2-8), xsltproc (>= 1.0.29), libxml2-utils,
+ libpaper-utils, sgml-base
Standards-Version: 3.7.3
Homepage: http://cyberelk.net/tim/software/xmlto/
Vcs-Browser: http://svn.debian.org/wsvn/debian-xml-sgml/packages/xmlto/trunk/
@@ -14,7 +16,7 @@
Architecture: any
Depends: ${shlibs:Depends}, xsltproc (>= 1.1.12-8), docbook-xsl (>= 1.64.1.0), docbook-xml (>= 4.2-8), debianutils (>= 1.16), libxml2-utils, sgml-base
Recommends: libpaper-utils
-Suggests: fop | passivetex (>= 1.23), w3m | lynx | links
+Suggests: fop | passivetex (>= 1.23) | xmltex (>= 1.9.debian.1), w3m | lynx | links
Description: XML-to-any converter
xmlto is a front-end to an XSL toolchain. It chooses an appropriate
stylesheet for the conversion you want and applies it using an external
@@ -29 +31 @@
- required.
+ required. Alternatively docbook-xsl and fop produce PDF and PS output.
diff -u xmlto-0.0.20/debian/changelog xmlto-0.0.20/debian/changelog
--- xmlto-0.0.20/debian/changelog
+++ xmlto-0.0.20/debian/changelog
@@ -1,3 +1,16 @@
+xmlto (0.0.20-3) unstable; urgency=low
+
+ * debian/control (Suggests): Added xmltex now providing passivetex
+(closes: #416622, #440518). Thanks to Robert Wohlrab.
+(Description): Added information about fop/docbook-xsl as
+alternative to passivetex.
+ * debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch: Added.
+- xmlto.in: Fixed error message using --stringparam switch
+ (closes: #499200). Thanks to Zed Pobre.
+ * debian/patches/00list: Adjusted.
+
+ -- Daniel Leidert (dale) <[EMAIL PROTECTED]> Thu, 09 Oct 2008 11:03:38 +0200
+
xmlto (0.0.20-2) unstable; urgency=low
* debian/rules (get-orig-source): Use uscan and its --repack feature.
diff -u xmlto-0.0.20/debian/patches/00list xmlto-0.0.20/debian/patches/00list
--- xmlto-0.0.20/debian/patches/00list
+++ xmlto-0.0.20/debian/patches/00list
@@ -2,0 +3 @@
+499200_cannot_parse_XSLTPARAMS
only in patch2:
unchanged:
--- xmlto-0.0.20.orig/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch
+++ xmlto-0.0.20/debian/patches/499200_cannot_parse_XSLTPARAMS.dpatch
@@ -0,0 +1,25 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 499200_cannot_parse_XSLTPARAMS.dpatch by Daniel Leidert (dale) <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: * xmlto.in: Using the --stringparam option results in an error message:
+## DP: 'warning: failed to load external entity "XSLTPARAMS" [..]'. The patch
+## DP: has been suggested by Zed Pobre.
+## DP:
+## DP: http://bugs.debian.org/499200>
+
[EMAIL PROTECTED]@
+diff -urNad trunk~/xmlto.in trunk/xmlto.in
+--- trunk~/xmlto.in 2008-10-09 10:47:10.0 +0200
trunk/xmlto.in 2008-10-09 10:48:23.0 +0200
+@@ -272,8 +272,8 @@
+ ;;
+ --stringparam)
+ MYPARAM="$2"
+- XSLTPARAMS="XSLTPARAMS --stringparam ${MYPARAM%=*}"
+- XSLTPARAMS="XSLTPARAMS $MYPARAM#*=}"
++ XSLTPARAMS="$XSLTPARAMS --stringparam ${MYPARAM%=*}"
++ XSLTPARAMS="$XSLTPARAMS $MYPARAM#*=}"
+ shift 2
+ ;;
+ --noclean)
Re: Please unblock xmlto/0.0.20-3
Am Samstag, den 11.10.2008, 19:22 +0200 schrieb Adeodato Simó: > * Daniel Leidert [Sat, 11 Oct 2008 14:59:37 +0200]: > > > Please unblock xmlto: [..] > (Any reason why passivetex is still Suggested?) Just for Etch users/backports. It will be removed in Lenny+1. IMHO it doesn't hurt. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RC bug #482140 - RfC for upcoming changes
Hi,
With the help of Nico Tyni and Agustin Martin Domingo I think, the RC
bug #482140 [1] can be solved by changing docbook-xml and xml-core. I
already did some cleaning in these two package related to packaging
stuff and I would like to know, if you allow uploading of the proposed
changes for #482140 *together* with these clean-up-changes or if I have
to separate them. I attach the diffs for an upload containing all
changes, so you get an impression of the changes.
[1] http://bugs.debian.org/482140
Regards, Daniel
diff -puN --recursive --exclude=.svn ../tags/0.11/debhelper/dh_installxmlcatalogs ./debhelper/dh_installxmlcatalogs
--- ../tags/0.11/debhelper/dh_installxmlcatalogs 2007-04-18 19:28:50.0 +0200
+++ ./debhelper/dh_installxmlcatalogs 2008-10-11 15:30:22.0 +0200
@@ -121,7 +121,7 @@ use strict;
use Debian::Debhelper::Dh_Lib;
## --
-my $xmlcorever = "0.05";
+my $xmlcorever = "0.12";
## --
my $debug_update_xmlcatalog = 0;
diff -puN --recursive --exclude=.svn ../tags/0.11/debian/changelog ./debian/changelog
--- ../tags/0.11/debian/changelog 2007-04-18 19:28:50.0 +0200
+++ ./debian/changelog 2008-10-11 15:37:10.0 +0200
@@ -1,8 +1,32 @@
+xml-core (0.12) UNRELEASED; urgency=low
+
+ * NOT RELEASED YET
+ * debhelper/dh_installxmlcatalogs (xmlcorever): Increased to 0.12 ("fixed"
+version, see #482140).
+ * tools/update-xmlcatalog: Use File::Spec instead of File::Spec::Functions
+for catfile (see #482140). Thanks to Agustin Martin Domingo.
+
+ * Fixed Kurt Roeckx name in the 0.11 changelog entry. Sorry Kurt.
+ * debian/compat: Raised to v5.
+ * debian/control: Vcs fields transition. Added DM-Upload-Allowed.
+(Vcs-Svn): Fixed location.
+(Build-Depends): Raised debhelper to v5.
+(Standards-Version): Raised to 3.7.3.
+(Description): Fixed reference to directories in /usr/local.
+ * debian/lintian-overrides/xml-core: Added. The empty directories are
+shipped by intention.
+ * debian/rules (clean): Remove the created manual pages.
+(binary-indep): Added call to dh_install. Only depend on perl-base
+(see #482140).
+ * debian/xml-core.install: Added to install lintian override.
+
+ -- Daniel Leidert (dale) <[EMAIL PROTECTED]> Mon, 16 Apr 2007 20:36:43 +0200
+
xml-core (0.11) unstable; urgency=low
[ Daniel Leidert ]
* debian/xml-core.postrm: Only try to remove /var/lib/xml-core, if it
-exists (closes: #358364). Thanks to Kurt Roecks, who catched this issue.
+exists (closes: #358364). Thanks to Kurt Roeckx, who catched this issue.
-- Daniel Leidert (dale) <[EMAIL PROTECTED]> Mon, 16 Apr 2007 19:17:50 +0200
diff -puN --recursive --exclude=.svn ../tags/0.11/debian/compat ./debian/compat
--- ../tags/0.11/debian/compat 2007-04-18 19:28:50.0 +0200
+++ ./debian/compat 2008-01-14 17:15:58.0 +0100
@@ -1 +1 @@
-4
+5
diff -puN --recursive --exclude=.svn ../tags/0.11/debian/control ./debian/control
--- ../tags/0.11/debian/control 2007-04-18 19:28:50.0 +0200
+++ ./debian/control 2008-02-14 04:16:29.0 +0100
@@ -3,11 +3,12 @@ Section: text
Priority: optional
Maintainer: Debian XML/SGML Group <[EMAIL PROTECTED]>
Uploaders: Ardo van Rangelrooij <[EMAIL PROTECTED]>, Daniel Leidert (dale) <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 4.1.75)
+Build-Depends: debhelper (>= 5)
Build-Depends-Indep: perl
-Standards-Version: 3.7.2
-XS-Vcs-Browser: http://svn.debian.org/wsvn/debian-xml-sgml/packages/xml-core/trunk/
-XS-Vcs-Svn: svn://svn.debian.org/svn/debian-xml-sgml/packages/xml-core/
+Standards-Version: 3.7.3
+Vcs-Browser: http://svn.debian.org/wsvn/debian-xml-sgml/packages/xml-core/trunk/
+Vcs-Svn: svn://svn.debian.org/svn/debian-xml-sgml/packages/xml-core/trunk/
+DM-Upload-Allowed: yes
Package: xml-core
Section: text
@@ -23,7 +24,7 @@ Description: XML infrastructure and XML
* infrastructure directories:
- /etc/xml
- /usr/share/xml/{declaration,entities,misc,schema}
- - /usr/share/local/xml/{declaration,entities,misc,schema}
+ - /usr/local/share/xml/{declaration,entities,misc,schema}
.
* XML catalog schema: OASIS XML Catalog Committee Specification 1.0
.
diff -puN --recursive --exclude=.svn ../tags/0.11/debian/lintian-overrides/xml-core ./debian/lintian-overrides/xml-core
--- ../tags/0.11/debian/lintian-overrides/xml-core 1970-01-01 01:00:00.0 +0100
+++ ./debian/lintian-overrides/xml-core 2008-05-01 03:45:27.0 +0200
@@ -0,0 +1,5 @@
+## The xml-core package creates/provides the core XML infrastructure,
+## including these empty directories.
+xml-core binary: package-contains-empty-directory usr/share/xml/misc/
+xml-core binary: package-contains-empty-directory usr/share/xml/entities/
+xml-core binary: package-contains-empty-directo
Re: RC bug #482140 - RfC for upcoming changes
Am Sonntag, den 12.10.2008, 19:05 +0200 schrieb Luk Claes:
> Daniel Leidert wrote:
> > Hi,
> >
> > With the help of Nico Tyni and Agustin Martin Domingo I think, the RC
> > bug #482140 [1] can be solved by changing docbook-xml and xml-core. I
> > already did some cleaning in these two package related to packaging
> > stuff and I would like to know, if you allow uploading of the proposed
> > changes for #482140 *together* with these clean-up-changes or if I have
> > to separate them. I attach the diffs for an upload containing all
> > changes, so you get an impression of the changes.
> >
> > [1] http://bugs.debian.org/482140
>
> Please review the changes of the binary packages (debs) carefully before
> uploading if you include the cleaning.
I will do of course.
A second question: I'm thinking about an update to the package in Etch
to try to solve this issue already there (besides the fixed packages I
prepare for Lenny). So users of an up-to-date Etch will not have the
problem. The proposed changes are attached.
Would this be ok/accepted for Etch?
Regards, Daniel
Index: tools/update-xmlcatalog
===
--- tools/update-xmlcatalog (Revision 1255)
+++ tools/update-xmlcatalog (Arbeitskopie)
@@ -121,7 +121,7 @@
use strict;
## --
-use File::Spec::Functions;
+use File::Spec;
use Getopt::Long;
## --
@@ -196,7 +196,7 @@
{
if ( defined( $package ) )
{
- my $catalog = catfile( $catalog_dir, "$package.xml" );
+ my $catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
if ( ! -f $catalog )
{
print STDERR "$name: error: package catalog $catalog not found\n";
@@ -261,7 +261,7 @@
{
if ( defined( $root ) )
{
- my $catalog = catfile( $catalog_dir, 'catalog' );
+ my $catalog = File::Spec->catfile( $catalog_dir, 'catalog' );
if ( ! -f $catalog )
{
print STDERR "$name: error: root catalog $catalog not found\n";
@@ -275,7 +275,7 @@
}
elsif ( defined( $package ) )
{
- my $catalog = catfile( $catalog_dir, "$package.xml" );
+ my $catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
if ( ! -f $catalog )
{
print STDERR "$name: error: package catalog $catalog not found\n";
@@ -344,8 +344,8 @@
if ( defined( $root ) )
{
$catalog = 'catalog';
-$catalog_data = catfile( $catalog_data_dir, $catalog );
-$catalog = catfile( $catalog_dir, $catalog );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $catalog );
+$catalog = File::Spec->catfile( $catalog_dir, $catalog );
my $start = $type;
$start .= 'Id' unless $type eq 'uri';
$start .= 'StartString';
@@ -358,8 +358,8 @@
}
elsif ( defined( $package ) )
{
-$catalog_data = catfile( $catalog_data_dir, $package );
-$catalog = catfile( $catalog_dir, "$package.xml" );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $package );
+$catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
my $start = $type;
$start .= 'Id' unless $type eq 'uri';
$start .= 'StartString';
@@ -375,7 +375,7 @@
$catalog = $local;
$catalog_data = $local;
$catalog_data =~ tr|/|_|;
-$catalog_data = catfile( $catalog_data_dir, $catalog_data );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $catalog_data );
my $start = ( $type eq 'uri' ) ? 'name' : $type;
$start .= 'Id' unless $type eq 'uri';
$id = "$start=\"$id\"";
Index: debian/changelog
===
--- debian/changelog (Revision 1255)
+++ debian/changelog (Arbeitskopie)
@@ -1,3 +1,12 @@
+xml-core (0.09-0.1etch1) stable; urgency=low
+
+ * Non-maintainer upload.
+ * tools/update-xmlcatalog: Use File::Spec instead of File::Spec::Functions
+as workaround to #482140.
+ * debian/rules: Depend on perl-base rather than the full perl package.
+
+ -- Daniel Leidert (dale) <[EMAIL PROTECTED]> Tue, 14 Oct 2008 20:33:12 +0200
+
xml-core (0.09-0.1) unstable; urgency=low
* Non-maintainer upload.
Index: debian/rules
===
--- debian/rules (Revision 1255)
+++ debian/rules (Arbeitskopie)
@@ -48,7 +48,7 @@
dh_compress
dh_fixperms
dh_installdeb
- dh_perl
+ dh_perl -d
dh_gencontrol
dh_md5sums
dh_builddeb
Re: Preparation of the next stable Debian GNU/Linux update (1st update)
Am Freitag, den 17.10.2008, 13:13 +0200 schrieb Philipp Kern:
[..]
> Preparation of Debian GNU/Linux 4.0r5
> =
[..]
> If you would like to get a package updated in the stable release, you
> are advised to talk to the stable release managers first (see
> <http://www.debian.org/intro/organization>).
I would like to get an update of xml-core into Etch. The reason is bug
#482140 [1]. The update would not change the behaviour, but the
dependencies and parts of the code-base (see the attachment and the bug
report). xml-core would then just depend on perl-base and
update-xmlcatalog should not longer fail during upgrade (seems, that
this does not always happen). Independent from this change I will
prepare an update to xml-core and docbook-xml (and other affected
packages) for Lenny.
[1] http://bugs.debian.org/482140
Regards, Daniel
Index: tools/update-xmlcatalog
===
--- tools/update-xmlcatalog (Revision 1255)
+++ tools/update-xmlcatalog (Arbeitskopie)
@@ -121,7 +121,7 @@
use strict;
## --
-use File::Spec::Functions;
+use File::Spec;
use Getopt::Long;
## --
@@ -196,7 +196,7 @@
{
if ( defined( $package ) )
{
- my $catalog = catfile( $catalog_dir, "$package.xml" );
+ my $catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
if ( ! -f $catalog )
{
print STDERR "$name: error: package catalog $catalog not found\n";
@@ -261,7 +261,7 @@
{
if ( defined( $root ) )
{
- my $catalog = catfile( $catalog_dir, 'catalog' );
+ my $catalog = File::Spec->catfile( $catalog_dir, 'catalog' );
if ( ! -f $catalog )
{
print STDERR "$name: error: root catalog $catalog not found\n";
@@ -275,7 +275,7 @@
}
elsif ( defined( $package ) )
{
- my $catalog = catfile( $catalog_dir, "$package.xml" );
+ my $catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
if ( ! -f $catalog )
{
print STDERR "$name: error: package catalog $catalog not found\n";
@@ -344,8 +344,8 @@
if ( defined( $root ) )
{
$catalog = 'catalog';
-$catalog_data = catfile( $catalog_data_dir, $catalog );
-$catalog = catfile( $catalog_dir, $catalog );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $catalog );
+$catalog = File::Spec->catfile( $catalog_dir, $catalog );
my $start = $type;
$start .= 'Id' unless $type eq 'uri';
$start .= 'StartString';
@@ -358,8 +358,8 @@
}
elsif ( defined( $package ) )
{
-$catalog_data = catfile( $catalog_data_dir, $package );
-$catalog = catfile( $catalog_dir, "$package.xml" );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $package );
+$catalog = File::Spec->catfile( $catalog_dir, "$package.xml" );
my $start = $type;
$start .= 'Id' unless $type eq 'uri';
$start .= 'StartString';
@@ -375,7 +375,7 @@
$catalog = $local;
$catalog_data = $local;
$catalog_data =~ tr|/|_|;
-$catalog_data = catfile( $catalog_data_dir, $catalog_data );
+$catalog_data = File::Spec->catfile( $catalog_data_dir, $catalog_data );
my $start = ( $type eq 'uri' ) ? 'name' : $type;
$start .= 'Id' unless $type eq 'uri';
$id = "$start=\"$id\"";
Index: debian/changelog
===
--- debian/changelog (Revision 1255)
+++ debian/changelog (Arbeitskopie)
@@ -1,3 +1,12 @@
+xml-core (0.09-0.1etch1) stable; urgency=low
+
+ * Non-maintainer upload.
+ * tools/update-xmlcatalog: Use File::Spec instead of File::Spec::Functions
+as workaround to #482140.
+ * debian/rules: Depend on perl-base rather than the full perl package.
+
+ -- Daniel Leidert (dale) <[EMAIL PROTECTED]> Tue, 14 Oct 2008 20:33:12 +0200
+
xml-core (0.09-0.1) unstable; urgency=low
* Non-maintainer upload.
Index: debian/rules
===
--- debian/rules (Revision 1255)
+++ debian/rules (Arbeitskopie)
@@ -48,7 +48,7 @@
dh_compress
dh_fixperms
dh_installdeb
- dh_perl
+ dh_perl -d
dh_gencontrol
dh_md5sums
dh_builddeb
Re: RC bug #482140 - RfC for upcoming changes
Am Donnerstag, den 23.10.2008, 17:06 +0200 schrieb Adeodato Simó: > * Daniel Leidert [Tue, 14 Oct 2008 20:43:21 +0200]: > > Am Sonntag, den 12.10.2008, 19:05 +0200 schrieb Luk Claes: > > > Daniel Leidert wrote: > > > > Hi, > > > > > With the help of Nico Tyni and Agustin Martin Domingo I think, the RC > > > > bug #482140 [1] can be solved by changing docbook-xml and xml-core. I > > > > already did some cleaning in these two package related to packaging > > > > stuff and I would like to know, if you allow uploading of the proposed > > > > changes for #482140 *together* with these clean-up-changes or if I have > > > > to separate them. I attach the diffs for an upload containing all > > > > changes, so you get an impression of the changes. > > > > > [1] http://bugs.debian.org/482140 > > > > Please review the changes of the binary packages (debs) carefully before > > > uploading if you include the cleaning. > > > I will do of course. > > Heya, any news on these uploads? Built both xml-core and docbook-xml, but I'm still testing. One side of the issue is, that packages, which try to register an entity with a different value will fail to install. The other side is, that entities, which are not shipped with Lenny packages stay registered. Thus Im examining, which packages are affected and need a Pre-Depends too. As soon as this is done, I will test a last time and upload (within the next 3 dasy). > > A second question: I'm thinking about an update to the package in Etch > > to try to solve this issue already there (besides the fixed packages I > > prepare for Lenny). So users of an up-to-date Etch will not have the > > problem. The proposed changes are attached. > > > Would this be ok/accepted for Etch? > > Yes. Ok, I will build it too within the next days. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RC bug #482140 - RfC for upcoming changes
Am Freitag, den 24.10.2008, 12:11 +0200 schrieb Daniel Leidert: > Am Donnerstag, den 23.10.2008, 17:06 +0200 schrieb Adeodato Simó: [..] > > Heya, any news on these uploads? > > Built both xml-core and docbook-xml, but I'm still testing. One side of > the issue is, that packages, which try to register an entity with a > different value will fail to install. The other side is, that entities, > which are not shipped with Lenny packages stay registered. Thus Im > examining, which packages are affected and need a Pre-Depends too. As > soon as this is done, I will test a last time and upload (within the > next 3 dasy). docbook-simple is affected too. All other packages depending on xml-core seem to be unaffected. [Etch-update of xml-core] > > > Would this be ok/accepted for Etch? > > > > Yes. > > Ok, I will build it too within the next days. Will finally build and upload today. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RC bug #482140 - RfC for upcoming changes
Adeodato Simó wrote: > * Daniel Leidert [Sun, 26 Oct 2008 14:49:40 +0100]: [..] > > docbook-simple is affected too. All other packages depending on xml-core > > seem to be unaffected. > > Ok, xml-core/0.12 and docbook-simple/1.1-4 unblocked. Did you forgot docbook-xml/4.5-6? Regards, Daniel -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pre-approval for docbook-xsl 1.73.2.dfsg.1-5
Hi, A user requested to backport a trivial fix for a problem, discovered recently. The change would be: --- trunk/xsl/fo/titlepage.xsl 2008-11-13 07:47:49 UTC (rev 8161) +++ trunk/xsl/fo/titlepage.xsl 2008-11-14 03:35:52 UTC (rev 8162) - + This currently doesn't fit the guidelines for an update of the package for Lenny. However, the fix is trivial. Would you allow an update? Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
gpa/0.9.0-3: Setting wheezy-ignore for #634930
Hi, The upload of gpa/0.9.0-2 contained a workaround for #634930 [1] which avoids this crash. The crash itself is not reproducible for me although several people reported it. So the (programmed) cause is still unknown. But the bug appears on a special X.509 certificate [2]. So backporting the --disable-x509 switch is just a workaround. However it looks like the to be the best solution for wheezy atm. I'm therefor asking for setting the wheezy-ignore tag for this RC-bug. (The other RC bug is currently being fixed.) [1] http://bugs.debian.org/634930 [2] http://bugs.debian.org/634930#90 Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1359299982.21904.6.ca...@haktar.debian.wgdd.de
Bug#699099: unblock: gpa/0.9.0-4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please unblock package gpa
In the discussion of #634930 a new issue showed up, a segmentation fault
when running gpa 0.9.0-3 in daemon mode (-d). This bug is known as #699096.
Upstrean pointed to the fix which has been included in the package. Further
the upload containes the minor fix for #696826 - updating the Homepage
field in debian/control.
debdiff attached
unblock gpa/0.9.0-4
- -- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlEFSEUACgkQm0bx+wiPa4ydhACeIOIuuse2kuydMa5IRg2k7uI+
EHEAnimDCXxPdoBW2F+Z1NmIMzHrRPIq
=JChd
-END PGP SIGNATURE-
diff -Nru gpa-0.9.0/debian/changelog gpa-0.9.0/debian/changelog
--- gpa-0.9.0/debian/changelog 2013-01-13 19:48:10.0 +0100
+++ gpa-0.9.0/debian/changelog 2013-01-27 16:20:59.0 +0100
@@ -1,3 +1,11 @@
+gpa (0.9.0-4) unstable; urgency=low
+
+ * debian/control (Homepage): Updated (closes: #696826).
+ * debian/patches/628305_build_with_libassuan_v2.patch: Updated.
+- src/server.c (gpa_start_server): Call assuan_sock_init (closes: #699096).
+
+ -- Daniel Leidert (dale) Sun, 27 Jan 2013 16:20:46 +0100
+
gpa (0.9.0-3) unstable; urgency=low
* debian/gpa.1: Added hidden options and missing references.
diff -Nru gpa-0.9.0/debian/control gpa-0.9.0/debian/control
--- gpa-0.9.0/debian/control 2012-06-23 17:04:43.0 +0200
+++ gpa-0.9.0/debian/control 2013-01-27 16:20:42.0 +0100
@@ -13,7 +13,7 @@
libgpgme11-dev (>> 1.2.0),
libgtk2.0-dev (>> 2.10.0)
Standards-Version: 3.9.3
-Homepage: http://gpa.wald.intevation.org
+Homepage: http://www.gnupg.org/related_software/gpa/
Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gpa/trunk/
Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gpa/trunk/
DM-Upload-Allowed: yes
diff -Nru gpa-0.9.0/debian/patches/628305_build_with_libassuan_v2.patch gpa-0.9.0/debian/patches/628305_build_with_libassuan_v2.patch
--- gpa-0.9.0/debian/patches/628305_build_with_libassuan_v2.patch 2012-06-23 16:05:54.0 +0200
+++ gpa-0.9.0/debian/patches/628305_build_with_libassuan_v2.patch 2013-01-27 16:20:42.0 +0100
@@ -1,12 +1,14 @@
Author: Marcus Brinkmann
Reviewed-By: gregor herrmann
+Bug-Debian: http://bugs.debian.org/628305
Origin: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpa.git;a=commitdiff;h=a27c69e99c5b29b618fc90d8ade6a81d89784e58
-Description: Fix FTBFS with libassuan series 2.
+Bug-Debian: http://bugs.debian.org/699096
+Origin: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpa.git;a=commitdiff;h=de5ed61012cfc76d8ef0ebff81625331d43b8b28
+Description: Fix FTBFS and segfault with libassuan series 2.
* configure.ac: Set NEED_LIBASSUAN_VERSION and NEED_LIBASSUAN_API
to 1.1.0 and 2 resp.
- * server.c: Update to new assuan interface.
+ * server.c: Update to new assuan interface. Call assuan_sock_init.
Forwarded: not-needed
-Bug-Debian: http://bugs.debian.org/628305
--- a/configure.ac
+++ b/configure.ac
@@ -369,16 +371,31 @@
return TRUE; /* Keep the listen_fd in the event loop. */
}
-@@ -1929,7 +1949,7 @@
+@@ -1922,6 +1942,7 @@
+ gpa_start_server (void)
+ {
+ char *socket_name;
++ gpg_error_t err;
+ int rc;
+ assuan_fd_t fd;
+ struct sockaddr_un serv_addr;
+@@ -1929,7 +1950,14 @@
GIOChannel *channel;
unsigned int source_id;
- assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
++ err = assuan_sock_init ();
++ if (err)
++{
++ g_debug ("assuan_sock_init failed: %s <%s>",
++ gpg_strerror (err), gpg_strsource (err));
++ return;
++}
socket_name = g_build_filename (gnupg_homedir, "S.uiserver", NULL);
if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
-@@ -1974,14 +1994,14 @@
+@@ -1974,14 +2002,14 @@
g_free (socket_name);
socket_name = NULL;
Bug#699560: gpa/0.9.0-4: Setting wheezy-ignore for #634930
Package: release.debian.org Severity: normal Weitergeleitete Nachricht > Von: Daniel Leidert > An: debian-release@lists.debian.org > Betreff: gpa/0.9.0-3: Setting wheezy-ignore for #634930 > Datum: Sun, 27 Jan 2013 16:19:42 +0100 > > Hi, > > The upload of gpa/0.9.0-2 contained a workaround for #634930 [1] which > avoids this crash. The crash itself is not reproducible for me although > several people reported it. So the (programmed) cause is still unknown. > But the bug appears on a special X.509 certificate [2]. So backporting > the --disable-x509 switch is just a workaround. However it looks like > the to be the best solution for wheezy atm. > > I'm therefor asking for setting the wheezy-ignore tag for this RC-bug. > (The other RC bug is currently being fixed.) > > [1] http://bugs.debian.org/634930 > [2] http://bugs.debian.org/634930#90 > > Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1359749803.14840.0.ca...@haktar.debian.wgdd.de
Bug#685960: unblock: gnupg/1.4.12-6
Please unblock gnupg/1.4.12-6 The last upload did not fix #685627 as it did not trigger a rebuild of the .gmo file(s). The upload of gnupg/1.4.12-6 will fix that. Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1350209845.6339.2.ca...@haktar.debian.wgdd.de
Bug#1072248: bullseye-pu: package runc/1.0.0~rc93+ds1-5+deb11u4
- It was found that the fix for CVE-2021-30465 introduced a regression in + regards to CVE-2019-19921 which results in an incorrect access control + leading to privilege escalation and bypassing apparmor. + + -- Daniel Leidert Fri, 31 May 2024 00:39:22 +0200 + runc (1.0.0~rc93+ds1-5+deb11u3) bullseye-security; urgency=high * Team upload. diff -Nru runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml --- runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml 2024-02-02 16:14:13.0 +0100 +++ runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml 2024-05-31 00:39:22.0 +0200 @@ -1,37 +1,10 @@ --- -# https://docs.gitlab.com/ce/ci/yaml/#include include: - - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml -## "amd64-unstable" always runs by default followed by lintian. - -## Only for arch:all packages - remove if not required: -binary-indep: - extends: .build-indep - -## Job to check Build-Depends versioning: -amd64-testing_unstable: - extends: .build - variables: -arch: amd64 -dist: testing_unstable - -i386-unstable: - extends: .build - variables: -arch: i386 -dist: unstable - -amd64-experimental: - extends: .build - variables: -arch: amd64 -dist: experimental - -amd64-stable: - extends: .build - when: manual - allow_failure: true - variables: -arch: amd64 -dist: stable +variables: + RELEASE: 'bullseye' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_LINTIAN: 1 diff -Nru runc-1.0.0~rc93+ds1/debian/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch runc-1.0.0~rc93+ds1/debian/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch --- runc-1.0.0~rc93+ds1/debian/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch 2024-02-02 16:14:13.0 +0100 +++ runc-1.0.0~rc93+ds1/debian/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch 2024-05-31 00:39:22.0 +0200 @@ -2,12 +2,15 @@ Date: Sat, 3 Feb 2024 00:02:52 +0800 Subject: Fix busybox tarball url in integration test +https://github.com/opencontainers/runc/blob/main/tests/integration/get-images.sh + +Reviewed-by: Daniel Leidert --- tests/integration/multi-arch.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/multi-arch.bash b/tests/integration/multi-arch.bash -index 1dd751b..91d2c1d 100644 +index 1dd751b..0e07a11 100644 --- a/tests/integration/multi-arch.bash +++ b/tests/integration/multi-arch.bash @@ -2,10 +2,10 @@ @@ -15,11 +18,11 @@ case $(go env GOARCH) in arm64) - echo 'https://github.com/docker-library/busybox/raw/dist-arm64v8/stable/glibc/busybox.tar.xz' -+ echo 'https://github.com/docker-library/busybox/raw/dist-arm64v8/latest/glibc/busybox.tar.xz' ++ echo 'https://github.com/docker-library/busybox/raw/94c664b5ca464546266bce54be0082874a44c7b2/stable/glibc/busybox.tar.xz' ;; *) - echo 'https://github.com/docker-library/busybox/raw/dist-amd64/stable/glibc/busybox.tar.xz' -+ echo 'https://github.com/docker-library/busybox/raw/dist-amd64/latest/glibc/busybox.tar.xz' ++ echo 'https://github.com/docker-library/busybox/raw/31d342ad033e27c18723a516a2274ab39547be27/stable/glibc/busybox.tar.xz' ;; esac } diff -Nru runc-1.0.0~rc93+ds1/debian/patches/0027-Fix-test-for-newer-kernels.patch runc-1.0.0~rc93+ds1/debian/patches/0027-Fix-test-for-newer-kernels.patch --- runc-1.0.0~rc93+ds1/debian/patches/0027-Fix-test-for-newer-kernels.patch 1970-01-01 01:00:00.0 +0100 +++ runc-1.0.0~rc93+ds1/debian/patches/0027-Fix-test-for-newer-kernels.patch 2024-05-31 00:39:22.0 +0200 @@ -0,0 +1,43 @@ +From: Kir Kolyshkin +Date: Tue, 29 Jun 2021 13:19:42 -0700 +Subject: [PATCH] tests/int/no_pivot: fix for new kernels + +The test is failing like this: + + not ok 70 runc run --no-pivot must not expose bare /proc + # (in test file tests/integration/no_pivot.bats, line 20) + # `[[ "$output" == *"mount: permission denied"* ]]' failed + # runc spec (status=0): + # + # runc run --no-pivot test_no_pivot (status=1): + # unshare: write error: Operation not permitted + +Apparently, a recent kernel commit db2e718a47984b9d prevents +root from doing unshare -r unless it has CAP_SETFPCAP. + +Add the capability for this specific test. + +Signed-off-by: Kir Kolyshkin + +Acked-by: Daniel Leidert +Origin: https://github.com/opencontainers/runc/commit/1bbeadae72603c44932d46ade275219dbf718950.patch +Forwarded: not-needed +---
Bug#1072248: runc 1.0.0~rc93+ds1-5+deb11u4 flagged for acceptance
Hi Jonathan, I had to make a second upload because I used the wrong source for the upload (I started with the Go-team repository, but then decided to introduce the code to the Debian LTS repository, where I finalized my work. Unfortunately, I uploaded a build from the first, which was incomplete. After I discovered my mistake, I built from the correct one and uploaded runc 1.0.0~rc93+ds1-5+deb11u5. The debdiff will show that that it is the one that I uploaded to #1072248. Sorry and thanks. Regards, Daniel Am Samstag, dem 29.06.2024 um 20:57 + schrieb Jonathan Wiltshire: > package release.debian.org > tags 1072248 = bullseye pending > thanks > > Hi, > > The upload referenced by this bug report has been flagged for > acceptance into the proposed-updates queue for Debian bullseye. > > Thanks for your contribution! > > Upload details > == > > Package: runc > Version: 1.0.0~rc93+ds1-5+deb11u4 > > Explanation: Fix-busybox-tarball-url; prevent buffer overflow writing > netlink messages [CVE-2021-43784]; fix tests on newer kernels; > prevent write access to user-owned cgroup hierarchy > '/sys/fs/cgroup/user.slice/...' [CVE-2023-25809]
Bug#1072248: runc 1.0.0~rc93+ds1-5+deb11u4 flagged for acceptance
Hi Jonathan, thanks for your swift response. To avoid any further delay, maybe you could check out the proposed handling and my question because I'd like to make sure to get it right. Am Montag, dem 01.07.2024 um 18:49 +0100 schrieb Jonathan Wiltshire: > On Mon, Jul 01, 2024 at 02:38:14AM +0200, Daniel Leidert wrote: > > > > I had to make a second upload because I used the wrong source for the > > upload (I started with the Go-team repository, but then decided to > > introduce the code to the Debian LTS repository, where I finalized my > > work. Unfortunately, I uploaded a build from the first, which was > > incomplete. After I discovered my mistake, I built from the correct one > > and uploaded runc 1.0.0~rc93+ds1-5+deb11u5. The debdiff will show that > > that it is the one that I uploaded to #1072248. Sorry and thanks. > > Fair enough, but you didn't give any clues in your changelog that a > regression fix was needed, or mention it in this request. > You're committed with 1.0.0~rc93+ds1-5+deb11u4 now that it's in the > archive. > > I'm also rejecting your new 1.0.0~rc93+ds1-5+deb11u5 because it changes > history in the changelog and still has an unhelpful message about syncing > with a repository users know nothing about. > > Please don't change history, and send a debdiff (relative to u4) of a > proposed upload fixing the regressions as 1.0.0~rc93+ds1-5+deb11u5 and a > proper changelog. Do not upload without further approval. Ok. So you'll get a debdiff between the uploaded u4 and the proposed u5. The changelog will be adjusted to reflect the changes between these versions and explain the regression. Is it ok if I clean up the changelog from the u4 upload (there are some redundant lines at the end of that entry from gbp) and mention that in the changelog entry of u5? Or do you want the changelog entry for u4 being preserved as is? Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#1072248: runc 1.0.0~rc93+ds1-5+deb11u4 flagged for acceptance
Hi Jonathan, Am Montag, dem 01.07.2024 um 18:49 +0100 schrieb Jonathan Wiltshire: [..] > Please don't change history, and send a debdiff (relative to u4) of a > proposed upload fixing the regressions as 1.0.0~rc93+ds1-5+deb11u5 and a > proper changelog. Do not upload without further approval. Please find attached the debdiff. The u4 upload was missing just one patch. I'm currently looking into the build issues you mentioned. Regards, Daniel diff -Nru runc-1.0.0~rc93+ds1/debian/changelog runc-1.0.0~rc93+ds1/debian/changelog --- runc-1.0.0~rc93+ds1/debian/changelog 2024-06-28 00:16:20.0 +0200 +++ runc-1.0.0~rc93+ds1/debian/changelog 2024-06-28 00:56:20.0 +0200 @@ -1,3 +1,16 @@ +runc (1.0.0~rc93+ds1-5+deb11u5) bullseye; urgency=medium + + * Non-maintainer upload by the Debian LTS Team. + * d/changelog: Cleaned up the last entry for 1.0.0~rc93+ds1-5+deb11u4 +removing some superflous entries. + * d/patches/CVE-2023-27561-and-CVE-2023-28642: Added to fix CVE-2023-27561 +and CVE-2023-27561. +- It was found that the fix for CVE-2021-30465 introduced a regression in + regards to CVE-2019-19921 which results in an incorrect access control + leading to privilege escalation and bypassing apparmor. + + -- Daniel Leidert Fri, 28 Jun 2024 00:56:20 +0200 + runc (1.0.0~rc93+ds1-5+deb11u4) bullseye; urgency=medium * Non-maintainer upload by the Debian LTS Team. @@ -15,11 +28,6 @@ - It was found that rootless runc makes `/sys/fs/cgroup` writable under specific conditions. A container may then gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host. - * Update changelog for 1.0.0~rc93+ds1-5+deb11u4~1.gbpce2b39 release - * Update patch for download URLs of busybox tarball - * Add patch to fix CVE-2021-43784.patch - * Add patch to fix tests with newer kernels - * Add patch to fix CVE-2023-25809 -- Daniel Leidert Fri, 28 Jun 2024 00:16:20 +0200 diff -Nru runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml --- runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml 2024-06-28 00:16:20.0 +0200 +++ runc-1.0.0~rc93+ds1/debian/.gitlab-ci.yml 2024-06-28 00:56:20.0 +0200 @@ -1,37 +1,10 @@ --- -# https://docs.gitlab.com/ce/ci/yaml/#include include: - - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml -## "amd64-unstable" always runs by default followed by lintian. - -## Only for arch:all packages - remove if not required: -binary-indep: - extends: .build-indep - -## Job to check Build-Depends versioning: -amd64-testing_unstable: - extends: .build - variables: -arch: amd64 -dist: testing_unstable - -i386-unstable: - extends: .build - variables: -arch: i386 -dist: unstable - -amd64-experimental: - extends: .build - variables: -arch: amd64 -dist: experimental - -amd64-stable: - extends: .build - when: manual - allow_failure: true - variables: -arch: amd64 -dist: stable +variables: + RELEASE: 'bullseye' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_LINTIAN: 1 diff -Nru runc-1.0.0~rc93+ds1/debian/patches/CVE-2023-27561-and-CVE-2023-28642.patch runc-1.0.0~rc93+ds1/debian/patches/CVE-2023-27561-and-CVE-2023-28642.patch --- runc-1.0.0~rc93+ds1/debian/patches/CVE-2023-27561-and-CVE-2023-28642.patch 1970-01-01 01:00:00.0 +0100 +++ runc-1.0.0~rc93+ds1/debian/patches/CVE-2023-27561-and-CVE-2023-28642.patch 2024-06-28 00:56:20.0 +0200 @@ -0,0 +1,109 @@ +From: Kir Kolyshkin +Date: Thu, 16 Mar 2023 14:35:50 -0700 +Subject: [PATCH] Prohibit /proc and /sys to be symlinks + +Commit 3291d66b9844 introduced a check for /proc and /sys, making sure +the destination (dest) is a directory (and not e.g. a symlink). + +Later, a hunk from commit 0ca91f44f switched from using filepath.Join +to SecureJoin for dest. As SecureJoin follows and resolves symlinks, +the check whether dest is a symlink no longer works. + +To fix, do the check without/before using SecureJoin. + +Add integration tests to make sure we won't regress. + +Signed-off-by: Kir Kolyshkin +(cherry picked from commit 0d72adf96dda1b687815bf89bb245b937a2f603c) +Signed-off-by: Sebastiaan van Stijn + +This patch fixes both, CVE-2023-27561 and CVE-2023-28642 + +Acked-by: Daniel Leidert +Origin: https://github.com/opencontainers/runc/commit/0abab45c9b97c113ff2cdc16f3a7388444c3fbec.patch +Forwarded: not-needed +--- + libcontainer/rootfs_linux.go | 23 +-- + tests/integration/mask.bats | 19 +++ + 2 files changed, 36 insertions(+), 6 deletions(-) + +diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go +index 4791ceb..07303b0 100644 +
Bug#1072248: runc 1.0.0~rc93+ds1-5+deb11u4 flagged for acceptance
Am Dienstag, dem 23.07.2024 um 01:12 +0200 schrieb Daniel Leidert: > Hi Jonathan, > > Am Montag, dem 01.07.2024 um 18:49 +0100 schrieb Jonathan Wiltshire: > > > [..] > > Please don't change history, and send a debdiff (relative to u4) of a > > proposed upload fixing the regressions as 1.0.0~rc93+ds1-5+deb11u5 and a > > proper changelog. Do not upload without further approval. > > Please find attached the debdiff. The u4 upload was missing just one > patch. > > I'm currently looking into the build issues you mentioned. The build failures are unreproducible on porter machines. There, the package builds just fine. Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#1072248: runc 1.0.0~rc93+ds1-5+deb11u4 flagged for acceptance
Hi, Am Dienstag, dem 23.07.2024 um 10:56 +0100 schrieb Jonathan Wiltshire: > On Tue, Jul 23, 2024 at 01:12:21AM +0200, Daniel Leidert wrote: > > Hi Jonathan, > > > > Am Montag, dem 01.07.2024 um 18:49 +0100 schrieb Jonathan Wiltshire: > > > > > > [..] > > > Please don't change history, and send a debdiff (relative to u4) of a > > > proposed upload fixing the regressions as 1.0.0~rc93+ds1-5+deb11u5 and a > > > proper changelog. Do not upload without further approval. > > > > Please find attached the debdiff. The u4 upload was missing just one > > patch. > > Please go ahead. Then I will clone this bug with the new version number for > tracking (don't be alarmed). Ok. I'll upload later today. Thanks for your swift response. > > > The build failures are unreproducible on porter machines. There, the > > package builds just fine. > > The issues are test failures; Correct. But they run during the build. On the porter machines, they succeeded. It seems i386 has succeeded now as well. I will check mipsel later. It is still running. Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#688261: unblock: bluefish/2.2.3-4
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please unblock package bluefish
* debian/patches/fix_segfault_blocksync.patch: Added.
- Fix a segmentation fault in the block synchronization feature.
* debian/patches/fix_segfault_scanner.patch: Added.
- Fix segmentation faults in the language scanner feature.
* debian/patches/series: Adjusted.
The patches fix two segmentation faults, which have only been reported upstream
via private mail. Therefor no public bug report references can be provided.
Please unblock the packages. debdiff is attached.
unblock bluefish/2.2.3-4
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBbax4ACgkQm0bx+wiPa4w5ZACfYeGf6+4W0PFYAZmWcS5i/kMu
8lYAoLj0A7SnSi/CZqauGqNhsQiL8Xtk
=/v9G
-END PGP SIGNATURE-
diff -Nru bluefish-2.2.3/debian/changelog bluefish-2.2.3/debian/changelog
--- bluefish-2.2.3/debian/changelog 2012-07-13 00:30:21.0 +0200
+++ bluefish-2.2.3/debian/changelog 2012-09-10 00:15:16.0 +0200
@@ -1,3 +1,13 @@
+bluefish (2.2.3-4) unstable; urgency=low
+
+ * debian/patches/fix_segfault_blocksync.patch: Added.
+- Fix a segmentation fault in the block synchronization feature.
+ * debian/patches/fix_segfault_scanner.patch: Added.
+- Fix segmentation faults in the language scanner feature.
+ * debian/patches/series: Added.
+
+ -- Daniel Leidert Mon, 10 Sep 2012 00:15:13 +0200
+
bluefish (2.2.3-3) unstable; urgency=low
* debian/patches/bz679203_fix_segfault.patch: Added.
diff -Nru bluefish-2.2.3/debian/patches/fix_segfault_blocksync.patch bluefish-2.2.3/debian/patches/fix_segfault_blocksync.patch
--- bluefish-2.2.3/debian/patches/fix_segfault_blocksync.patch 1970-01-01 01:00:00.0 +0100
+++ bluefish-2.2.3/debian/patches/fix_segfault_blocksync.patch 2012-09-09 13:38:23.0 +0200
@@ -0,0 +1,133 @@
+Author: Olivier Sessink
+Acked-By: Daniel Leidert
+Description: Fixed the regular expression matching for blocksync. Since
+ dotmatchall was no longer enabled by default the synchronise block query
+ did no longer always work anymore. I've added that option to
+ snr3run_extern so it can be enabled by blocksync.
+Origin: http://bluefish.svn.sourceforge.net/viewvc/bluefish?view=revision&revision=7582
+
+--- a/src/blocksync.c
b/src/blocksync.c
+@@ -274,7 +274,7 @@
+ DEBUG_MSG("searchpat=%s\n",searchpat);
+ g_free(tmp1);
+ g_free(tmp2);
+- snr3_run_extern_replace(bsdialog->bfwin->current_document, searchpat, snr3scope_alldocs,snr3type_pcre,TRUE, bsdialog->allblock,FALSE);
++ snr3_run_extern_replace(bsdialog->bfwin->current_document, searchpat, snr3scope_alldocs,snr3type_pcre,TRUE, bsdialog->allblock,FALSE, TRUE);
+ g_free(searchpat);
+
+ /* cleanup */
+--- a/src/file_dialogs.c
b/src/file_dialogs.c
+@@ -709,7 +709,7 @@
+ author_tmp = g_strconcat("uri)
+--- a/src/plugin_snippets/snippets_leaf_snr.c
b/src/plugin_snippets/snippets_leaf_snr.c
+@@ -74,10 +74,11 @@
+ * is_case_sens: #gint
+ * replace_pattern: #gchar* to replace pattern.
+ * unescape: #gint
++ * dotmatchall: gboolean
+ * */
+ DEBUG_MSG("snippets_snr_run_from_strings, useescapechars=%s, unescape=%d\n",useescapechars,unescape);
+ snr3_run_extern_replace(doc, (gchar *)searchpat,
+- scope,type, casesensnum, (gchar *)replacepat,unescape);
++ scope,type, casesensnum, (gchar *)replacepat,unescape, FALSE);
+ }
+
+ typedef struct {
+--- a/src/snr3.c
b/src/snr3.c
+@@ -800,7 +800,7 @@
+ options |= G_REGEX_CASELESS;
+ if (s3run->dotmatchall)
+ options |= G_REGEX_DOTALL;
+-
++ DEBUG_MSG("compile_regex, compiling %s\n", s3run->query);
+ s3run->regex = g_regex_new(s3run->query, options, G_REGEX_MATCH_NEWLINE_ANY, &gerror);
+ if (gerror) {
+ if (s3run->dialog) {
+@@ -846,6 +846,7 @@
+
+ if (s3run->type == snr3type_pcre) {
+ if (!compile_regex(s3run)) {
++ DEBUG_MSG("update_snr3run, failed to compile query %s\n",s3run->query);
+ g_free(s3run->query);
+ s3run->query = NULL; /* mark query as unusable */
+ return -1;
+@@ -1754,25 +1755,29 @@
+ void
+ snr3_run_extern_replace(Tdocument * doc, const gchar * search_pattern, Tsnr3scope scope,
+ Tsnr3type type, gboolean is_case_sens, const gchar * replace_pattern,
+- gboolean unescape)
++ gboolean unescape, gboolean dotmatchall)
+ {
+ gint so,eo;
+ GList *tmplist;
+ Tsnr3run * s3run = snr3run_new(doc->bfw
Bug#688262: unblock: dbtoepub/0+svn9150-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package dbtoepub The files have been installed into a ruby 1.8 related location. Therefor dbtoepub failed to run recently [1]. The fix simply installes the files into a ruby version independent location according to [2]. [1] http://bugs.debian.org/687366 [2] http://lists.debian.org/debian-ruby/2012/04/msg00066.html unblock dbtoepub/0+svn9150-2 - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBbb+kACgkQm0bx+wiPa4xrFgCfTn9guAuB2V2cgLRmJk/3iC8c qXAAn335jJNLPsKcmjkCgKJ69k8gg5QB =lYaj -END PGP SIGNATURE- diff -Nru dbtoepub-0+svn9150/debian/changelog dbtoepub-0+svn9150/debian/changelog --- dbtoepub-0+svn9150/debian/changelog 2012-05-17 18:31:38.0 +0200 +++ dbtoepub-0+svn9150/debian/changelog 2012-09-20 21:27:10.0 +0200 @@ -1,3 +1,11 @@ +dbtoepub (0+svn9150-2) unstable; urgency=low + + * debian/dbtoepub.install: Change installation location to version +independent place according to policy (closes: #687366). + * debian/rules (override_dh_install): Ditto. + + -- Daniel Leidert (dale) Thu, 20 Sep 2012 21:26:54 +0200 + dbtoepub (0+svn9150-1) unstable; urgency=low * New snapshot based on SVN revision 9150. diff -Nru dbtoepub-0+svn9150/debian/dbtoepub.install dbtoepub-0+svn9150/debian/dbtoepub.install --- dbtoepub-0+svn9150/debian/dbtoepub.install 2009-05-10 16:10:55.0 +0200 +++ dbtoepub-0+svn9150/debian/dbtoepub.install 2012-09-20 21:19:15.0 +0200 @@ -1,2 +1,2 @@ bin/dbtoepub usr/bin/ -bin/lib/* usr/lib/ruby/1.8/dbtoepub/ +bin/lib/* usr/lib/ruby/vendor_ruby/dbtoepub/ diff -Nru dbtoepub-0+svn9150/debian/patches/514030_debianize_dbtoepub.patch dbtoepub-0+svn9150/debian/patches/514030_debianize_dbtoepub.patch --- dbtoepub-0+svn9150/debian/patches/514030_debianize_dbtoepub.patch 2012-05-15 23:12:30.0 +0200 +++ dbtoepub-0+svn9150/debian/patches/514030_debianize_dbtoepub.patch 2012-09-20 21:26:11.00000 +0200 @@ -1,7 +1,7 @@ Author: Daniel Leidert Description: The dbtoepub script and its modules need to be debianized. - epub/bin/dbtoepub: The modules are installed into - /usr/lib/ruby/1.8/dbtoepub. + /usr/lib/ruby/vendor_ruby/dbtoepub. - epub/bin/lib/docbook.rb: Create temporary directory with Dir::tmpdir. Use local stylesheet path. Delete output directory. - epub/docbook.xsl: Use local stylesheet paths diff -Nru dbtoepub-0+svn9150/debian/rules dbtoepub-0+svn9150/debian/rules --- dbtoepub-0+svn9150/debian/rules 2012-05-15 23:09:55.0 +0200 +++ dbtoepub-0+svn9150/debian/rules 2012-09-20 21:26:11.0 +0200 @@ -9,4 +9,4 @@ override_dh_install: dh_install - chmod 644 $(CURDIR)/debian/$(PACKAGE)/usr/lib/ruby/1.8/dbtoepub/docbook.rb + chmod 644 $(CURDIR)/debian/$(PACKAGE)/usr/lib/ruby/vendor_ruby/dbtoepub/docbook.rb
Bug#778636: unblock: cvsweb/3:3.0.6-8
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Please unblock package cvsweb
There is an incompatibility with Perl 5.18, which can be fixed by the patch
added in 3:3.0.6-8. The bug itself has been reported with severity important.
However the reporter speaks about "errors".
So given the fact, that the patch makes cvsweb fully functional again and is
pretty small, I'd like to request an unblock of the package.
The .debdiff is attached. It also covers the fact, that the package has been
moved to collab-maint.
Regards, Daniel
unblock cvsweb/3:3.0.6-8
- -- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (500,
'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJU44MvAAoJEEvNBWfCltBdHtAP/0LkjoItzVfo7sixb8lRIAQ9
wQeSBbFRJMZjKGRt3LPVkxZ9HMNhi/yrz6EQLyAR62yMUCWCTvpdKNf2R7gcG9LP
4me54mEq5TweQreEZ4qYVkEgUXW1uy0MlBYSydfy8/E4j/L4vbwWIahSIVtnoI48
h58bd1LP93ztOxkt/uoF83OUAc+rBSC1mQl2MA34CAv9MIW6VJirPZNbgwo9Kh81
tJFuu4D20W/1t8/OJ/gisnOXp7KGKhs87jBPaj6mj6PAr4/hPAaw+P6vvHjwvakP
WkzU5eSOz0OTmLr36bweTd+hdcRAcVqJ19Z0oz8jU2CgyKAyLajm65J0vmSAP4vB
s/eE6NZHzTmkoAXRUDU0meyLcxkkl1U21hSVWei44TulVzo0yXHixx56Feipl0B1
z4HQ5ZomYfd+fa3VhX7+GGchQZEQPq+/wzFWQEXzJPBp12Y2sDx/XaoJLPJymL2M
xte5ERfurb5UV7qXeg3bVXzN+Wq2udgPsutFkiGN6GcTvOCobQCoq846wPN0HyU/
bqc6Zx4eqggQ2zSJnq2f+ZfA4X+YFitHCtL/JjOsdKIHGeoUUAkWF3yh9fS8NisC
rkaaIzqOXBZaUp+CGJ58EdNNnAFqF9v8oXvJby71+A4RZQFMT+7i7WAHaCzIoRV7
BJWV5+QghjhWGkLNEZs7
=TkaI
-END PGP SIGNATURE-
diff -Nru cvsweb-3.0.6/debian/changelog cvsweb-3.0.6/debian/changelog
--- cvsweb-3.0.6/debian/changelog 2011-10-27 23:32:13.0 +0200
+++ cvsweb-3.0.6/debian/changelog 2015-02-17 18:56:43.0 +0100
@@ -1,3 +1,13 @@
+cvsweb (3:3.0.6-8) unstable; urgency=medium
+
+ * debian/control (Vcs-Browser, Vcs-Svn): Relocated to collab-maint.
+(DM-Upload-Allowed): Obsolete and dropped.
+ * debian/patches/733054_perl_518.patch: Added (closes: #733054).
+- Added Perl 5.18 compatibility and fixed errors.
+ * debian/patches/series: Adjusted.
+
+ -- Daniel Leidert Tue, 17 Feb 2015 18:56:37 +0100
+
cvsweb (3:3.0.6-7) unstable; urgency=low
* debian/control: Added Vcs-Svn field.
diff -Nru cvsweb-3.0.6/debian/control cvsweb-3.0.6/debian/control
--- cvsweb-3.0.6/debian/control 2011-10-27 23:23:35.0 +0200
+++ cvsweb-3.0.6/debian/control 2014-11-17 13:41:40.0 +0100
@@ -1,13 +1,12 @@
Source: cvsweb
-Maintainer: Daniel Leidert (dale)
+Maintainer: Daniel Leidert
Section: vcs
Priority: optional
Build-Depends: debhelper (>> 7.0.50~)
Standards-Version: 3.9.2
Homepage: http://www.freebsd.org/projects/cvsweb.html
-Vcs-Browser: https://svn.wgdd.de/svn/packages/cvsweb/trunk/
-Vcs-Svn: https://svn.wgdd.de/svn/packages/cvsweb/trunk/
-DM-Upload-Allowed: yes
+Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/cvsweb/trunk/
+Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/cvsweb/trunk/
Package: cvsweb
Architecture: all
diff -Nru cvsweb-3.0.6/debian/patches/733054_perl_518.patch cvsweb-3.0.6/debian/patches/733054_perl_518.patch
--- cvsweb-3.0.6/debian/patches/733054_perl_518.patch 1970-01-01 01:00:00.0 +0100
+++ cvsweb-3.0.6/debian/patches/733054_perl_518.patch 2015-02-17 12:16:26.0 +0100
@@ -0,0 +1,25 @@
+Origin: http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/pkgsrc/www/cvsweb/patches/patch-cvsweb.cgi?rev=1.1.2.2&content-type=text/plain
+Acked-by: Daniel Leidert
+Description: Add Perl 5.18 compatibility.
+Bug-Debian: https://bugs.debian.org/733054
+
+--- a/cvsweb.cgi
b/cvsweb.cgi
+@@ -1192,7 +1192,7 @@
+ General options
+
+ EOF
+-for my $v qw(hidecvsroot hidenonreadable) {
++for my $v (qw(hidecvsroot hidenonreadable)) {
+ printf(qq{\n},
+ $v, $input{$v} || 0);
+ }
+@@ -2951,7 +2951,7 @@
+ print "\n";
+
+ print '';
+- if (defined @mytz) {
++ if (@mytz) {
+ my ($est) = $mytz[(localtime($date{$_}))[8]];
+ print scalar localtime($date{$_}), " $est (";
+ } else {
diff -Nru cvsweb-3.0.6/debian/patches/series cvsweb-3.0.6/debian/patches/series
--- cvsweb-3.0.6/debian/patches/series 2010-08-07 14:22:52.0 +0200
+++ cvsweb-3.0.6/debian/patches/series 2015-02-17 12:16:26.0 +0100
@@ -1,3 +1,4 @@
+733054_perl_518.patch
01_debianize_script_and_config.patch
02_allow_cgiless_execution.patch
10_483442_fix_perl_510_test_failure.patch
Bug#778636: unblock: cvsweb/3:3.0.6-8
Am Dienstag, den 17.02.2015, 19:44 +0100 schrieb Mehdi Dogguy:
> Le 2015-02-17 19:06, Daniel Leidert a écrit :
> > There is an incompatibility with Perl 5.18, which can be fixed by the
> > patch
> > added in 3:3.0.6-8. The bug itself has been reported with severity
> > important.
> > However the reporter speaks about "errors".
I can verify, that version 3:3.0.6-7 results in an 500er error of the
server, so it doesn't work at all. Thus a higher severity is justified.
> Is this relevant for Perl >=5.18, or 5.18 only? Did you test your
> changes using
> Perl 5.14 too? (so that it keeps working even after a partial upgrade).
I tested with both Perl versions. The patch consists of two changes and
I'll explain both below.
(1) The use of "for my $var qw()" has already been deprecated with Perl
5.14 [1] in Wheezy. cvsweb in Wheezy logs a warning here:
> Use of qw(...) as parentheses is deprecated at /usr/lib/cgi-bin/cvsweb line
> 1197.
So the fix applied in -8 works with Perl 5.14 too and further fixes the
one remaining loop without parenthesis (there are 3 more "for"-loops in
the script, in which the qw() is already correctly surrounded by
parenthesis). With Perl 5.18 cvsweb stops working reporting a syntax
error. This change is vital for Wheezy.
(2) The second change fixes a warning reported by Perl 5.18:
> defined(@array) is deprecated at /usr/lib/cgi-bin/cvsweb line 2956.
Seems, the defined() call is "[..] not useful on arrays because it
checks for an undefined scalar value [..]". To achieve the same a simple
"if (@array) {...}" is enough. So the second change should be safe and
it works with Perl 5.14 too.
[1]
http://blogs.perl.org/users/rurban/2010/09/qw-in-list-context-deprecated.html
Regards, Daniel
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1424266856.7707.13.ca...@wgdd.de
Bug#771606: unblock: bluefish/2.2.6-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please unblock package bluefish The last upload fixes three issues. (1) It fixes an FTBFS. The bluefish source makes use of internationalisation in sub-directories. dh_autoreconf cannot handle this layout (and AFAIK gettext itself also can't). Therefor the time came, when the build failed because of gettext macro version mismatches. I simply put the autogen.sh script to create the bluefish source files into a patch nd run this script in override_dh_autoreconf. AFAICS it's building fine on all architectures. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759935 The next two fixes might not be fully in line with the freeze policy. But both are one-line fixes and should be easy to handle. (2) The command to start the chromium browser in Debian changed from chromium-browser to chromium. There is a one-line-fix to src/rcfile.c to fix the default command. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752234 (3) There was further a report about a conflicting function declaration of rpopup_bevent_in_html_code(). The function itself is only used once and the fix to the conflict is a one-liner too. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747963 The debdiff is attached. unblock bluefish/2.2.6-2 - -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (500, 'oldstable'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUe6gNAAoJEEvNBWfCltBdy0IQAKn/EOvHnoNz4KB/o+qL59vY X81L3rnZdpbpNDNM/ec+pCZJok9XG4Fw2pnv5mEsId5Fs6Zz54ZuMRxbWBJ1gSH1 v929wecbJG04EM26+vUSMltt9EGWt61PavxkqfMp/ExOn5kUpPnd7emjAPxJ9s7s +J076rbLUmrwNmWqqA1VYFz6kQkS8VbdRtMw5G5bQisaboKwAs7VmzKssM2DtzO4 8HNL7yL5jdfPiqjerhq5lt3yFdqPnsdGCYuoCyzA8WWiWWllMqv0yWoxJCb5MQrI Uf0XNIapny5x00AVb5Lq0KK7xgf4Bguwvvi8V3bxkkMDh59GWlqJAPZL3ycSi6AI IbWkOcxivgs8PyhQz/42neWeaKdKyZ8KrXizmMRuK0Yhef6S+ykXub9QMHa7fccg W/ZJyTnLcTuABmIuR2Ff9vn3naV1tv8FOnkHomljnuHJXf0qrx9vfXFQi5UGVFs7 L9CuR8WaH0mZIjvBxO9PgXs0HGIDR2u4M+99NuXIFs/QNEFDyI//ag9BtiATZhlY u3ce6CwS5Z8RU6SPfiAeLHwG/oOEO3b7XbOCoTRycahZNcsg9Oj2ZtWkIJL6Qb5K eW6XWsZU0UZBRC+81ggo1DcM/QbEpdOD4A+KACy1p/23ooe+ogZg3nXoUPSgrFA5 HrRmmw7zw8TYnXZ1wqtn =6sVn -END PGP SIGNATURE- diff -Nru bluefish-2.2.6/debian/changelog bluefish-2.2.6/debian/changelog --- bluefish-2.2.6/debian/changelog 2014-05-10 23:13:42.0 +0200 +++ bluefish-2.2.6/debian/changelog 2014-11-29 20:32:12.0 +0100 @@ -1,3 +1,16 @@ +bluefish (2.2.6-2) unstable; urgency=medium + + * debian/rules: Added override_dh_autoreconf target and run the upstream +autogen.sh script to fix the FTBFS reported in #759935. + * debian/patches/747963_fix_conflicting_declarations.patch: Added. +- Fixed a conflicting function declaration (closes: #747963). + * debian/patches/752234_fix_chromium_command.patch: Added. +- Fixed chromium command (closes: #752234). + * debian/patches/759935_autogen.patch: Added. +- Added the autogen.sh script from upstream (closes: #759935). + + -- Daniel Leidert Sat, 29 Nov 2014 20:32:08 +0100 + bluefish (2.2.6-1) unstable; urgency=medium * New upstream release. diff -Nru bluefish-2.2.6/debian/patches/747963_fix_conflicting_declarations.patch bluefish-2.2.6/debian/patches/747963_fix_conflicting_declarations.patch --- bluefish-2.2.6/debian/patches/747963_fix_conflicting_declarations.patch 1970-01-01 01:00:00.0 +0100 +++ bluefish-2.2.6/debian/patches/747963_fix_conflicting_declarations.patch 2014-11-29 20:31:33.0 +0100 @@ -0,0 +1,16 @@ +Author: Daniel Leidert +Description: There was a conflicting declaration of the + rpopup_bevent_in_html_code() function in src/rcfile.c and src/rcfile.h. +Bug-Debian: https://bugs.debian.org/747963 + +--- a/src/plugin_htmlbar/rpopup.h b/src/plugin_htmlbar/rpopup.h +@@ -20,7 +20,7 @@ + #ifndef __RPOPUP_H_ + #define __RPOPUP_H_ + +-gboolean rpopup_bevent_in_html_code(Tdocument *doc); ++void rpopup_bevent_in_html_code(Tdocument *doc); + gboolean rpopup_doc_located_tag(Tdocument *doc); + gboolean rpopup_doc_located_color(Tdocument *doc); + void rpopup_edit_tag_cb(GtkMenuItem *menuitem,Tdocument *doc); diff -Nru bluefish-2.2.6/debian/patches/752234_fix_chromium_command.patch bluefish-2.2.6/debian/patches/752234_fix_chromium_command.patch --- bluefish-2.2.6/debian/patches/752234_fix_chromium_command.patch 1970-01-01 01:00:00.0 +0100 +++ bluefish-2.2.6/debian/patches/752234_fix_chromium_command.patch 2014-11-29 20:31:33.0 +0100 @@ -0,0 +1,15 @@ +Author: Da
Bug#600695: unblock: gnome-chemistry-utils/0.12.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package gnome-chemistry-utils This is the upstream NEWS entry: Version 0.12.4 GChemTable: * Fixed copying curves to the clipbboard. Other: * Updated translation: zh_TW A few bugs get fixed with this release and no bugs have been reported since the upload of 0.12.4. There are no reverse dependencies. unblock gnome-chemistry-utils/0.12.4-1 - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky9axwACgkQm0bx+wiPa4zkYwCfS25jttodZ5Z0s8J+lnuBq5m+ i9AAoMXUMMuSaKWNK3rO48lpZzR5sUqD =ClK/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101019095546.5474.13489.report...@localhost
Bug#600696: unblock: bluefish/2.0.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package bluefish It is in unstable since 32 days now. No serious issues have been reported to Debian nor upstream. The release 2.0.2 fixed several bugs of the 2.0.1 release and there are no reverse dependencies. So nothing shall break. unblock bluefish/2.0.2-1 - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky9acgACgkQm0bx+wiPa4w5WQCfazJvv4amCYeMzAWwAy7xb226 0Y4AnRaavEpwZsb0+6MApCGuwdLGTy4l =MV6A -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101019095004.5291.46299.report...@localhost
Bug#600701: unblock: gamgi/0.14.10-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package gamgi This is a new upstream release. No bugs have been reported and the package has no reverse dependencies. It is safe to unblock it. unblock gamgi/0.14.10-1 - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky9gCoACgkQm0bx+wiPa4xIRQCeIEpvRsvUvgRK8QIZnIZsVlzw MzsAnAlYatS1IJutci5ceRyqkQ2LxEs1 =lKVR -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101019112532.16183.30879.report...@localhost
Bug#600702: unblock: cvsweb/3:3.0.6-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package cvsweb The new version was a dh 7 rewrite, plus fixing a few issues mentioned by my AM. No changes to the code have been done. So it should be safe to unblock it. It has been in Sid for >70 days now. unblock cvsweb/3:3.0.6-1 - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky9gMQACgkQm0bx+wiPa4yUOgCgsaGVyFg6BQvVF75Vi9FKQ88R 3BwAoOFEU5EWh+oI6aXQIa4cYIAe1kwB =esyZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101019112807.17033.46778.report...@localhost
Packages listing /usr/lib/libgnomeprint*.la
Hello, The libgnome*-dev packages dropped their .la files: http://packages.debian.org/changelogs/pool/main/libg/libgnomeprint/current/changelog#versionversion2.12.1-5 http://packages.debian.org/changelogs/pool/main/libg/libgnomeprintui/current/changelog#versionversion2.12.1-3 but a few .la files still reference the dropped .la files in their .la files. For my system I found: gthumb: /usr/lib/gthumb/libgthumb.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_surface/surface.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/reg_linear/linreg.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/reg_logfit/logfit.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_boxes/boxplot.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_radar/radar.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_barcol/barcol.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_xy/xy.la libgoffice-1-2: /usr/lib/goffice/0.2.1/plugins/plot_pie/pie.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_surface/surface.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/reg_linear/linreg.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/reg_logfit/logfit.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/smoothing/smoothing.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_boxes/boxplot.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_radar/radar.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_barcol/barcol.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_xy/xy.la libgoffice-0-3: /usr/lib/goffice/0.3.0/plugins/plot_pie/pie.la libgoffice-0-dev: /usr/lib/libgoffice-0.la So I would like to request a binNMU of these packages. Thanks and regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[Etch] Please allow docbook-xsl 1.71.0.dfsg.1-1 to propagate into Etch
Hello, I would like to ask for docbook-xsl 1.71.0.dfsg.1-1 in Etch. This version fixed several bugs reported to the BTS (there are still 2 bugs not in the BTS I would like to close and have in Etch). Further we changed the maintainer and the current version in Etch still lists MJ as maintainer, who seems to be not longer active. Every bug-report against the Etch package would not reach the real maintainer. So please consider to allow at minimum version 1.71.0.dfsg.1-1 in Etch. Thanks and regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Etch] Please allow docbook-xsl 1.71.0.dfsg.1-1 to propagate into Etch
Am Sonntag, den 01.10.2006, 04:50 -0700 schrieb Steve Langasek: > On Sun, Oct 01, 2006 at 01:33:42PM +0200, Daniel Leidert wrote: > > > I would like to ask for docbook-xsl 1.71.0.dfsg.1-1 in Etch. > > Where were you looking that you think it isn't there already? :) > > docbook-xsl | 1.71.0.dfsg.1-1 | testing | source, all > docbook-xsl | 1.71.0.dfsg.1-1 | unstable | source, all Ok. The report, that docbook-xsl migrated to testing reached me today. So I was wrong thinking, it might be already frozen. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
New upstream releases for bluefish and docbook-xsl for Etch
Hi, I would like to update bluefish and docbook-xsl with it's latest releases. bluefish: version in Debian is 1.0.6, but 1.0.7 was released soon after we released 1.0.6 to fix a few bugs. It's really just a bug-fix release: [upstream NEWS file] - Updated translations: French, Japanese. - Adds datarootdir to all Makefile.in to avoid warnings with autoconf 2.60 - Fixes application/bluefish-project MIME type icon name - Fixes Tcl highlighting - Fixes a bug when trying to save a file with a new install and a file has never been opened or a project is not open. Closes bug #360401. - Fix a bug where Bluefish would crash when deleting multiple bookmarks. - Fix a bookmark memory leak - README: more complete README bluefish itself does not have any important reverse dependency. So any problem with this update? docbook-xsl: version in Debian is 1.71.0 and the latest available upstream version is 1.71.1 - also a bug-fix release fixing a bug reported to the Debian BTS and several bugs reported only upstream. But the latter one misses some files in the source tarball and it does not contain the fix for Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310895. So I was talking with Michael Smith, one of the upstream authors and release managers for docbook-xsl and he told me, that he could maybe do a new release after November 20th. This release would be 1.72.0, because some changes were made to the behaviour of docbook-xsl. But IMO and AFAIK it will not break any package/application depending on docbook-xsl. I would really like to include the latest available docbook-xsl into Etch and only include important bug-fixes from upstream CVS, not an older docbook-xsl with massive bug-fixes from upstream CVS - this is always a pain, because upstream is very active and some bug-fixes need a rewrite of parts of the stylesheets. So what is your opinion about this? Am I allowed to include the latest available release into Etch? Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New upstream releases for bluefish and docbook-xsl for Etch
Hi Steve, Am Sonntag, den 19.11.2006, 04:37 -0800 schrieb Steve Langasek: > On Fri, Nov 17, 2006 at 03:54:21PM +0100, Daniel Leidert wrote: > > I would like to update bluefish and docbook-xsl with it's latest > > releases. > > > bluefish: version in Debian is 1.0.6, but 1.0.7 was released soon after > > we released 1.0.6 to fix a few bugs. It's really just a bug-fix release: > > > [upstream NEWS file] > > - Updated translations: French, Japanese. > > - Adds datarootdir to all Makefile.in to avoid warnings with autoconf 2.60 > > - Fixes application/bluefish-project MIME type icon name > > - Fixes Tcl highlighting > > - Fixes a bug when trying to save a file with a new install and a file has > > never been opened or a project is not open. Closes bug #360401. > > - Fix a bug where Bluefish would crash when deleting multiple bookmarks. > > - Fix a bookmark memory leak > > - README: more complete README > > > bluefish itself does not have any important reverse dependency. So any > > problem with this update? > > Um, gnome-devel is an important reverse-dependency. We can't just drop > the meta-gnome2 package from etch if bluefish ends up broken, after all. It's just a bug-fix release (I'm upstream as well) and we do many tests to ensure, that it will not "completely break". > By the upstream description, this doesn't sound too bad, but I'm still > somewhat wary because this isn't a package we can just kick out if it's > broken. This release only fixes a bug, that broke clean bluefish installations (see the BTS). The rest are only minor bug-fixes, no heavy or minor code-changes. So I'm pretty sure, that it will not break. > As long as you're agreeing to stay on top of any bugs that do > appear and get them fixed in a timely manner, I'm ok with this. I agree. > > docbook-xsl: version in Debian is 1.71.0 and the latest available > > upstream version is 1.71.1 - also a bug-fix release fixing a bug > > reported to the Debian BTS and several bugs reported only upstream. But > > the latter one misses some files in the source tarball and it does not > > contain the fix for Debian bug > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310895. So I was > > talking with Michael Smith, one of the upstream authors and release > > managers for docbook-xsl and he told me, that he could maybe do a new > > release after November 20th. This release would be 1.72.0, because some > > changes were made to the behaviour of docbook-xsl. But IMO and AFAIK it > > will not break any package/application depending on docbook-xsl. I would > > really like to include the latest available docbook-xsl into Etch and > > only include important bug-fixes from upstream CVS, not an older > > docbook-xsl with massive bug-fixes from upstream CVS - this is always a > > pain, because upstream is very active and some bug-fixes need a rewrite > > of parts of the stylesheets. So what is your opinion about this? Am I > > allowed to include the latest available release into Etch? > > No. An "IMO" is not enough when we're talking about introducing > incompatibilities in a package as deep in the dependency chain as this one > is. We've already been dealing with a dozen or so build failures over the > past few weeks caused by regressions in various TeX-related packages, we > don't need to add to this with behavior changes in our xsl stack. Ok. But could I package the bug-fix release 1.71.1 (+ adding the missing files in the source tarball and the patches to fix the 2 open (forwarded) Debian bugs and a few newly discovered bugs reported to upstream)? It's just a bug-fix release for the current version in Debian Sid/Etch. I followed their SVN changes and I'm sure, it will not break anything. I just did not already do this, because I was offline with a broken harddrive. Do I get an ok for this? Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please unblock docbook-xsl 1.71.0.dfsg.1-2
This package version fixes a long list of bugs: docbook-xsl (1.71.0.dfsg.1-2) unstable; urgency=medium * Acknowledge NMU (closes: #393726, #393808). Thanks to Loic Minier. * debian/patches/11_fo_fix_recursion_depth_bug_for_long_programlistings.dpatch: Added. - fo/verbatim.xsl: Adds two-stage recursion for hyphenate.verbatim to fix recursion depth bug for long programlistings. Revision 6280. * debian/patches/12_fo_axf_attribute_before_fotex.dpatch: Added. - fo/component.xsl: Create axf attribute before adding fotex element. Revision 6293. * debian/patches/13_fo_typo_fixes.dpatch: Added. - fo/inline.xsl: Fix typo bug (xlink.href should be xlink:href). Revision 6312. * debian/patches/14_fo_empty_rows_fix.dpatch: Added. - fo/table.xsl: Empty rows aren't allowed. Revision 6337. * debian/patches/15_html_fixed_namespace_declarations.dpatch: Added. - html/autoidx-kimber.xsl, html/autoidx-kosek.xsl, html/callout.xsl, html/chunker.xsl, html/graphics.xsl, html/oldchunker.xsl, html/table.xsl, html/verbatim.xsl, xhtml/autoidx-kimber.xsl, xhtml/autoidx-kosek.xsl, xhtml/callout.xsl, xhtml/chunker.xsl, xhtml/graphics.xsl, xhtml/oldchunker.xsl, xhtml/table.xsl, xhtml/verbatim.xsl: Made changes in namespace declarations to prevent xmllint's canonicalizer from treating them as relative namespace URIs. Revision 6306. * debian/patches/16_slides_fix_foil_numbers_for_foilgroups.dpatch: Added. - slides/html/slides-common.xsl, slides/xhtml/slides-common.xsl: Foil number is show only on foils not on foilgroups which are not counted at all. Revision 6281. * debian/patches/17_fo_html_add_space_between_orgname_and_orgdiv.dpatch: Added. - fo/titlepage.xsl, html/titlepage.xsl, xhtml/titlepage.xsl: Fixed bug 1566358 (sf.net bug tracker) to add space between orgname and orgdiv. Revision 6347. * debian/patches/18_common_fix_olink_database_access_for_saxon_and_db5.dpatch: Added. - common/olink.xsl: Fixed olink database access for Saxon and DB5. Revision 6348. * debian/patches/19_manpages_fix_output_formatting_bugs.dpatch: Added. - manpages/block.xsl: Make sure there's always a newline before .sp macro in output from simpara. Revision 6359. - manpages/synop.xsl: Fix bug: change to . Revision 6453. * debian/patches/20_html_handle_xalan_quirk.dpatch: Added. - html/db5strip.xsl, xhtml/db5strip.xsl: Handle Xalan quirk as special case. Revision 6397. * debian/patches/21_common_copyof_instead_valueof.dpatch: Added. - common/olink.xsl: Use copy-of instead of value-of for xreftext to preserve markup. Revision 6412. * debian/patches/22_common_fix_extra_white_space_introduced_by_olink.dpatch: Added. - common/targets.xsl: Fix bug 1596737 (sf.net bug tracker) extra white space introduced by olink. Now output indent="no" for target data. Revision 6413. * debian/patches/23_common_fo_html_use_number_function_for_comparison.dpatch: Added. - common/table.xsl, fo/table.xsl, html/table.xsl, xhtml/table.xsl: Use number() in some comparisons to ensure number data type. Revision 6417. * debian/patches/24_html_fix_sgmltag_class_attribute.dpatch: Added. - html/inline.xsl, xhtml/inline.xsl: Fix class attribute on sgmltag. Revision 6436. * debian/patches/25_manpages_typo_fixes.dpatch: Added. - manpages/utility.xsl: Fixed two element name typos. Revision 6444. * debian/patches/26_fo_html_fix_no_space_between_package_and_classname.dpatch: Added. - fo/synop.xsl, html/synop.xsl, xhtml/synop.xsl: Fixed bug 1603790 (sf.net bug tracker) no space between package and classname. Revision 6446. * debian/patches/27_fo_html_fix_citation_linking_to_biblioentry.dpatch: Added. - fo/inline.xsl, html/inline.xsl, xhtml/inline.xsl: Fix bug 1614469 (sf.net bug tracker) for citation linking to biblioentry. Revision 6451. * debian/patches/28_template_added_xalan_workaround.dpatch: Added. - template/titlepage.xsl: Added workaround for Xalan bug: use for-each and copy instead of copy-of. Closes 1604770 (sf.net bug tracker). Revision 6452. * debian/patches/80_common_locale_fixes.dpatch: Added. - common/am.xml, common/bn.xml, common/gu.xml, common/kn.xml, common/pa.xml, common/pt_br.xml, common/sr.xml, common/sv.xml, common/ta.xml, common/vi.xml, common/xh.xml, common/zh_tw.xml: Added HTMLHelp langcodes to several files. Revision 6290. - common/pt.xml: Fixed bug 1583790 (sf.net bug tracker) glossary entry character. Revision 6384. * debian/patches/00list: Adjusted. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock docbook-xsl 1.71.0.dfsg.1-2
Am Mittwoch, den 03.01.2007, 14:10 +0100 schrieb Marc 'HE' Brockschmidt: > Daniel Leidert <[EMAIL PROTECTED]> writes: > > This package version fixes a long list of bugs: > > > > docbook-xsl (1.71.0.dfsg.1-2) unstable; urgency=medium > > I see no bugs in the Debian BTS are fixed by this upload, No newly reported, true. Because I also follow upstream BTS and don't have time to open a new Debian bug entry for every bug reported to upstream BTS, this package version fixes a long list of bugs reported only to upstream. Debian users still suffer from these bugs. > but the diff > is quite long and not really reviewable. The "diff" shows you, that I only apply .dpatch-patches - every patch with an explanation at it's header and all almost short and easy to read. You can review them all by looking at the source or looking at http://alioth.debian.org/plugins/scmcvs/cvsweb.php/packages/docbook-xsl/debian/patches/?cvsroot=debian-xml-sgml. I do not apply changes directly. > I don't think that this upload > matches the criteria we have set for freeze exceptions. I don't know, which criteria has been violated IYO. The fixes are almost simple (many typo-fixes). I'm sorry, that I didn't have time to fix these bugs earlier, but I was lying in a hospital. Thanks and regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please unblock docbook-xsl 1.71.0.dfsg.1-2
Am Mittwoch, den 03.01.2007, 18:38 +0100 schrieb Marc 'HE' Brockschmidt: > Daniel Leidert <[EMAIL PROTECTED]> writes: > > Am Mittwoch, den 03.01.2007, 14:10 +0100 schrieb Marc 'HE' Brockschmidt: > >> Daniel Leidert <[EMAIL PROTECTED]> writes: > >> I don't think that this upload matches the criteria we have set for > >> freeze exceptions. > > I don't know, which criteria has been violated IYO. The fixes are almost > > simple (many typo-fixes). > > See Andi's mail for the freeze announcement: > > | - fixes for release critical bugs (i.e., bugs of severity critical, > |grave, and serious) in all packages; > > Doesn't apply. > > | - changes for release goals, if they are not invasive; > > Doesn't apply. > > | - fixes for severity: important bugs in packages of priority: optional > |or extra, only when this can be done via unstable; Well. So I have to start to copy every bug reported to upstream to Debian BTS and then I apply to this item. > Doesn't apply. > > | - translation updates and Translation updates and fixes are included. See patch debian/patches/80_common_locale_fixes.dpatch. > Doesn't apply. > > | - documentation fixes. > > Doesn't apply. [..] As always, it is the release team's goal to get as much good software into Etch as possible. [..] Fixed software applies to this goal. [..] For packages which missed the freeze only for reasons outside of the control of the maintainers, [..] I already said, where I was. But next time, I will tell my heart to stop making problems ... just for the Debian project. Let's see, what happens. But I see, you are not willing to have a look at the changes. And of course: When the DPL started his job in 2006 is of course an important documentation fix. This is getting too stupid for me. You may explain this to Etch users. EOD, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please unblock gchempaint 0.6.6-3
Please unblock gchempaint 0.6.6-3: gchempaint (0.6.6-3) unstable; urgency=low * debian/patches/04_fix_406405_invisible_grouped_text.dpatch: Added. - plugins/selection/group.cc (gcpGroup::Add): - plugins/selection/group.h (gcpGroup): Get all grouped elements (closes: #406405). Thanks to randall for reporting the bug. The bug fixed wasn't tagged important, but it is annoying. gchempaint does not have any reverse dependencies and it is now in Sid for 10 days without any error report. Please unblock it, the bug fix will not hurt anybody. The patch can also be reviewed at http://svn.debian.org/wsvn/debichem/unstable/gchempaint/debian/patches/04_fix_406405_invisible_grouped_text.dpatch?op=file&rev=0&sc=0. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#681926: unblock: bluefish/2.2.3-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please unblock package bluefish The package got two new patches: - - one fixes a crash (https://bugzilla.gnome.org/679203, https://bugs.launchpad.net/bugs/954879) on platforms where G_GSIZE_FORMAT does not equal %lu. - - the second patch just updates translation .po files unblock bluefish/2.2.3-3 - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlAFzAoACgkQm0bx+wiPa4z9SwCgidvFwEVYyvWqvoW/jcD/emv+ F8sAmKPnq7MLqWRRWovah0nxjvJzSMI= =IjA2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120717203314.29058.56792.report...@haktar.debian.wgdd.de
Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965
Hi, I'm proposing a fix for gabedit in Wheezy. A buffer overflow has been detected, which can be fixed with a one-liner. See these references: http://sourceforge.net/p/gabedit/bugs/2/#f00e http://bugs.debian.org/703965 The debdiff is attached. Regards, Daniel diff -Nru gabedit-2.4.2/debian/changelog gabedit-2.4.2/debian/changelog --- gabedit-2.4.2/debian/changelog 2012-06-10 18:38:22.0 +0200 +++ gabedit-2.4.2/debian/changelog 2013-07-29 00:42:53.0 +0200 @@ -1,3 +1,11 @@ +gabedit (2.4.2-2+wheezy1) stable; urgency=low + + * debian/patches/703965_fix_buffer_overflow.patch: Added. +- Fix buffer overflow parsing GAMESS output files (closes: #703965). + * debian/patches/series: Adjusted. + + -- Daniel Leidert Mon, 29 Jul 2013 00:42:50 +0200 + gabedit (2.4.2-2) unstable; urgency=low * debian/compat: Bumped dh compatibility level to 7. diff -Nru gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch --- gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch 1970-01-01 01:00:00.0 +0100 +++ gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch 2013-07-29 00:03:38.0 +0200 @@ -0,0 +1,17 @@ +Author: Allouche Abdul-Rahman +Reviewed-By: Daniel Leidert +Description: Fix a buffer overflow parsing GAMESS output files. +Origin: http://sourceforge.net/p/gabedit/bugs/2/#f00e +Bug: http://sourceforge.net/p/gabedit/bugs/2/ +Bug-Debian: http://bugs.debian.org/703965 + +--- a/src/Display/AnimationGeomConv.c b/src/Display/AnimationGeomConv.c +@@ -1441,6 +1441,7 @@ + if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]); + + ++ sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); + sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); + sprintf(listOfAtoms[j].mmType,"%s",AtomCoord[0]); + sprintf(listOfAtoms[j].pdbType,"%s",AtomCoord[0]); diff -Nru gabedit-2.4.2/debian/patches/series gabedit-2.4.2/debian/patches/series --- gabedit-2.4.2/debian/patches/series 2012-06-10 18:26:03.0 +0200 +++ gabedit-2.4.2/debian/patches/series 2013-07-29 00:03:38.0 +0200 @@ -1 +1,2 @@ +703965_fix_buffer_overflow.patch hardening_fix.patch signature.asc Description: This is a digitally signed message part
Re: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965
Hi Adam, Am Montag, den 29.07.2013, 21:45 +0100 schrieb Adam D. Barratt: > On Mon, 2013-07-29 at 00:44 +0200, Daniel Leidert wrote: > > I'm proposing a fix for gabedit in Wheezy. A buffer overflow has been > > detected, which can be fixed with a one-liner. See these references: > > Thanks for caring about fixing bugs in stable. For future reference, > it's generally easier (at least for us) to track such requests if > they're filed in the BTS (either via reportbug, or separately with the > appropriate usertags). > > +gabedit (2.4.2-2+wheezy1) stable; urgency=low > > 2.4.2-2+deb7u1, please. No problem. > +--- a/src/Display/AnimationGeomConv.c > b/src/Display/AnimationGeomConv.c > +@@ -1441,6 +1441,7 @@ > + if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]); > + > + > ++ > sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); > + sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); > > Apologies if I'm missing something, but doesn't that sprintf() call > overwrite all of the manipulation performed on AtomCoord[0] (or its > components) during the previous few lines? Please find attached an explanation by the upstream author. Regards, Daniel --- Begin Message --- Dear Daniel, In the old version (without sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); ) : To define the symbol of atoms, Gabedit used the first column of the geometry section of Gamess output file. This column contain "generally" the symbol of atoms. In this case, no problem (no overflow) However , the users of Gamess can also use the name of atoms (Carbon, Oxygen,...). In this case the length of string AtomCoord[0] can be greater 3. The length of listOfAtoms[j].symbol table is limited to 4 . sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); produce a overflow ! In the new version (with sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); ) : To define the symbol of atoms, Gabedit use the second column of the geometry section of Gamess output file. The integer of this column contain the z (the number of electrons in the atom). AtomCoord[0] will be a string of 3 characters. There is no overflow in this case. Certainly I could fix the bug by others (elegant) methods : for example, I can remove if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]); sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); and add sprintf(listOfAtoms[j].symbol,"%s",get_symbol_using_z(atoi(dum)));); Best regards, De : Daniel Leidert [daniel.leid...@wgdd.de] Date d'envoi : samedi 3 août 2013 14:01 À : allouch...@users.sourceforge.net Objet : [Fwd: Re: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965] Hi, I need an explanation about the fix you applied in gabedit 2.4.7 for a buffer overflow reported by a Debian user. I have to answer a question by our Debian FTP masters about the one-line-fix you propose ... see below. Can you explain the fix a bit further, please? Regards, Daniel Weitergeleitete Nachricht > Von: Adam D. Barratt > An: Daniel Leidert > Kopie: debian-release@lists.debian.org > Betreff: Re: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965 > Datum: Mon, 29 Jul 2013 21:45:43 +0100 > > Hi, > > On Mon, 2013-07-29 at 00:44 +0200, Daniel Leidert wrote: > > I'm proposing a fix for gabedit in Wheezy. A buffer overflow has been > > detected, which can be fixed with a one-liner. See these references: [snip] > +--- a/src/Display/AnimationGeomConv.c > b/src/Display/AnimationGeomConv.c > +@@ -1441,6 +1441,7 @@ > + if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]); > + > + > ++ > sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum))); > + sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]); > > Apologies if I'm missing something, but doesn't that sprintf() call > overwrite all of the manipulation performed on AtomCoord[0] (or its > components) during the previous few lines? > > Regards, > > Adam > > --- End Message ---
Bug#710140: gpgme1.0 dropped libgpgme-pth (was: Any progress?)
please try to CC 710...@bugs.debian.org in your response Am Sonntag, den 25.08.2013, 12:19 +0200 schrieb Francesco Poli: > is anyone working on bug #710140 ? > Is there any progress? Well, there was only libgpgme++2 affected by this upstream change and this package has seen two uploads since its own dropping of libgpgme ++-pth.so.2, which was the only binary/library linking to libgpgme-pth inside Debian. I haven't seen any report [1], that there is still an affected package(?). > Could you please clarify the status of the bug? > Thanks for your time! CCing release.d.o. Here is what upstream said about this change: "Remove support for libgpgme-pth. As far as we know, this was never used, and GnuPG is going to use our own npth in the future." [2] Inside Debian I didn't find any reference to the usage of libgpgme-pth except for libgpgme++2, which provided the libgpgme++-pth.so.2 wrapper library, which itself wasn't used by any other Debian package (AFAIK). I'm hereby asking the release team how to proceed? The issue itself seems to have been fixed inside Debian by fixing libgpgme++2, which has already been done [3]. There might be third-party software out there using libgpgme-pth.so or libgpgme++-pth.so. However, I don't know about it; upstream doesn't know about it either (that's why they dropped it I guess) and I haven't seen any comment on this change neither on the gnupg list nor inside #710140 nor for libgpgme++2. I see two ways: (a) start a proper transition; (b) stay with the current solution and wait if someone reports an issue with it. Note, that the affected gpgme version has already hit testing (the issue was discovered late). [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710140 [2] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=3ddf4c3d4000a9b0b52180c3aa3acf1387a193bf [3] http://packages.qa.debian.org/k/kdepimlibs/news/20130614T070347Z.html Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1378213574.23928.18.ca...@haktar.debian.wgdd.de
Re: Bug#710140: gpgme1.0 dropped libgpgme-pth
Am Samstag, den 05.10.2013, 11:41 +0200 schrieb Francesco Poli: > On Tue, 03 Sep 2013 15:06:14 +0200 Daniel Leidert wrote: > > [...] > > Am Sonntag, den 25.08.2013, 12:19 +0200 schrieb Francesco Poli: > [...] > > > Could you please clarify the status of the bug? > > > Thanks for your time! > > > > CCing release.d.o. > > > [...] > > I'm hereby asking the release team how to proceed? The issue itself > > seems to have been fixed inside Debian by fixing libgpgme++2, which has > > already been done [3]. There might be third-party software out there > > using libgpgme-pth.so or libgpgme++-pth.so. > [...] > > [3] http://packages.qa.debian.org/k/kdepimlibs/news/20130614T070347Z.html > > Dear Daniel, > first of all thanks for your kind reply. > > I waited some time before speaking again, as I was hoping to see some > comments from other people, possibly members of the release team. > > Anyway, do I understand correctly that this issue has currently a > practical impact only on boxes where non-packaged (== not included in > Debian) programs or libraries which use libgpgme-pth.so or libgpgme+ > +-pth.so are installed? > Could you please confirm this? Seems to be the case, yes. However, upstream removed libgpgme-pth.so because it didn't get used by others. So the affected user base is very probably very small and they did not yet speak up. So it seems, there is currently nobody affected. Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1383599735.9185.2.ca...@haktar.debian.wgdd.de
Re: Ruby team sprint and release timeline for Trixie
Ping? Am Donnerstag, dem 14.11.2024 um 15:28 +0100 schrieb Daniel Leidert: > (CC ruby team) > > Dear release team, > > the Ruby team is currently looking into organizing a team sprint for > the Trixie release in January or at the beginning or in the middle of > February next year. > > So far, the release timeline for Trixie hasn't been published yet. > Thus, we would like to get your input if any of the dates mentioned > above might conflict with the release schedule. > > Regards, Daniel signature.asc Description: This is a digitally signed message part
Ruby team sprint and release timeline for Trixie
(CC ruby team) Dear release team, the Ruby team is currently looking into organizing a team sprint for the Trixie release in January or at the beginning or in the middle of February next year. So far, the release timeline for Trixie hasn't been published yet. Thus, we would like to get your input if any of the dates mentioned above might conflict with the release schedule. Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#1091764: debdiff
Please find attached the debdiff missing from the original report mail.
Regards, Daniel
diff -Nru setuptools-66.1.1/debian/changelog setuptools-66.1.1/debian/changelog
--- setuptools-66.1.1/debian/changelog 2023-01-27 07:49:44.0 +0100
+++ setuptools-66.1.1/debian/changelog 2024-12-31 01:08:15.0 +0100
@@ -1,3 +1,13 @@
+setuptools (66.1.1-1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS team.
+ * debian/patches/CVE-2024-6345.patch: Fix CVE-2024-6345.
+- Replace the unsafe use of os.system to fix a possible remote code
+ execution by supplying malicious URLs in a package index or via the
+ command line.
+
+ -- Daniel Leidert Tue, 31 Dec 2024 01:08:15 +0100
+
setuptools (66.1.1-1) unstable; urgency=medium
* New upstream version.
diff -Nru setuptools-66.1.1/debian/gbp.conf setuptools-66.1.1/debian/gbp.conf
--- setuptools-66.1.1/debian/gbp.conf 1970-01-01 01:00:00.0 +0100
+++ setuptools-66.1.1/debian/gbp.conf 2024-12-31 01:08:15.0 +0100
@@ -0,0 +1,4 @@
+[DEFAULT]
+upstream-branch = upstream/bookworm
+debian-branch = debian/bookworm
+pristine-tar = true
diff -Nru setuptools-66.1.1/debian/.gitlab-ci.yml setuptools-66.1.1/debian/.gitlab-ci.yml
--- setuptools-66.1.1/debian/.gitlab-ci.yml 1970-01-01 01:00:00.0 +0100
+++ setuptools-66.1.1/debian/.gitlab-ci.yml 2024-12-31 01:08:15.0 +0100
@@ -0,0 +1,7 @@
+---
+
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+ RELEASE: 'bookworm'
diff -Nru setuptools-66.1.1/debian/patches/CVE-2024-6345.patch setuptools-66.1.1/debian/patches/CVE-2024-6345.patch
--- setuptools-66.1.1/debian/patches/CVE-2024-6345.patch 1970-01-01 01:00:00.0 +0100
+++ setuptools-66.1.1/debian/patches/CVE-2024-6345.patch 2024-12-31 01:08:15.0 +0100
@@ -0,0 +1,296 @@
+From: "Jason R. Coombs"
+Date: Mon, 29 Apr 2024 09:38:31 -0400
+Subject: [PATCH 01/10] .. [PATCH 10/10] Modernize package_index VCS handling
+
+The issue is a possible remote code execution by supplying malicious URLs in a
+package index or via the command line. The issue boils down to unsafe use of
+os.system. Because easy_install and package_index are deprecated, the attack
+surface is smaller, but it's conceivable through social engineering or minor
+compromise to a package index could grant remote access. The fix was released
+in v70.0.0.
+
+Acked-By: Daniel Leidert
+Origin: https://github.com/pypa/setuptools/pull/4332
+Bug: https://github.com/pypa/setuptools/issues/4331
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-6345
+Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2024-6345
+---
+ setuptools/package_index.py | 145 +++---
+ setuptools/tests/test_packageindex.py | 34
+ 2 files changed, 100 insertions(+), 79 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index bec4183..ea4d640 100644
+--- a/setuptools/package_index.py
b/setuptools/package_index.py
+@@ -1,6 +1,7 @@
+ """PyPI and direct package downloading."""
+
+ import sys
++import subprocess
+ import os
+ import re
+ import io
+@@ -586,7 +587,7 @@ class PackageIndex(Environment):
+ scheme = URL_SCHEME(spec)
+ if scheme:
+ # It's a url, download it to tmpdir
+-found = self._download_url(scheme.group(1), spec, tmpdir)
++found = self._download_url(spec, tmpdir)
+ base, fragment = egg_info_for_url(spec)
+ if base.endswith('.py'):
+ found = self.gen_setup(found, fragment, tmpdir)
+@@ -813,7 +814,7 @@ class PackageIndex(Environment):
+ else:
+ raise DistutilsError("Download error for %s: %s" % (url, v)) from v
+
+-def _download_url(self, scheme, url, tmpdir):
++def _download_url(self, url, tmpdir):
+ # Determine download filename
+ #
+ name, fragment = egg_info_for_url(url)
+@@ -828,19 +829,58 @@ class PackageIndex(Environment):
+
+ filename = os.path.join(tmpdir, name)
+
+-# Download the file
+-#
+-if scheme == 'svn' or scheme.startswith('svn+'):
+-return self._download_svn(url, filename)
+-elif scheme == 'git' or scheme.startswith('git+'):
+-return self._download_git(url, filename)
+-elif scheme.startswith('hg+'):
+-return self._download_hg(url, filename)
+-elif scheme == 'file':
+-return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
+-else:
+-self.url_ok(url, True) # raises error if not allowed
+-return self._attempt_download(url, filename)
++return self._download_vcs(url, filename
