Bug#989869: unblock: trousers/0.3.14+fixed1-1.2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package trousers
[ Reason ]
The current package manages the /var/lib/tpm and tss user, but other
packages in debian, namely the tpm-udev package, is also doing so. Same
for the udev rules that shipped in both the trousers package and the
tpm-udev one.
The goal was to migrate the management of the tss user and its home
directory and the needed udev rules to a central package so the
different implementaitons of the tpm stack could co-exist.
[ Impact ]
Multiple udev rules will be evaluated for the same device.
Also, if the trousers package is purged, the tss user will be removed
and the udev rules shipped by the tpm-udev package will not work
anymore.
[ Tests ]
I tried to purge the tpm-udev and trousers package an tried to
reinstall them. Trousers daemon starts properly
The permissions on the /dev/tpm devices are ok, even after reboot.
[ Risks ]
if the tss user or /var/lib/tpm is not properly created, the daemon will
more than probably fail to start.
The way of creating the tss user is the same between the tpm-udev and
former trousers package so that shouldn't be a problem
tpm-udev:
adduser --system --ingroup tss --shell /bin/false --home /var/lib/tpm
--no-create-home --gecos "TPM software stack" tss
trousers:
adduser --system --quiet --home /var/lib/tpm --shell /bin/false
--no-create-home --group tss
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The trousers package is not shipping the /var/lib/tpm directory anymore,
I decided to give full ownership of that directory to the tpm-udev
package, not sure if that was the best solution
Also note bug #989867
unblock trousers/0.3.14+fixed1-1.2
diff -Nru trousers-0.3.14+fixed1/debian/changelog
trousers-0.3.14+fixed1/debian/changelog
--- trousers-0.3.14+fixed1/debian/changelog 2020-08-17 07:36:43.0
+0200
+++ trousers-0.3.14+fixed1/debian/changelog 2021-06-15 00:29:18.0
+0200
@@ -1,3 +1,12 @@
+trousers (0.3.14+fixed1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Migrate to tpm-udev package, do not ship the udev rule file, create the
+user or /var/lib/tpm directory anymore (Closes: #787244, #889491, #944751)
+ * debian/trousers.prerm: Remove migration code path that predates Jessie
+
+ -- Laurent Bigonville Tue, 15 Jun 2021 00:29:18 +0200
+
trousers (0.3.14+fixed1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru trousers-0.3.14+fixed1/debian/control
trousers-0.3.14+fixed1/debian/control
--- trousers-0.3.14+fixed1/debian/control 2016-11-20 16:10:31.0
+0100
+++ trousers-0.3.14+fixed1/debian/control 2021-06-14 23:19:13.0
+0200
@@ -13,7 +13,7 @@
Package: trousers
Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, adduser, lsb-base (>= 3.0-6)
+Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base (>= 3.0-6), tpm-udev
Breaks: udev (<< 136-1)
Description: open-source TCG Software Stack (daemon)
TrouSerS is an implementation of the Trusted Computing Group's Software Stack
diff -Nru trousers-0.3.14+fixed1/debian/rules
trousers-0.3.14+fixed1/debian/rules
--- trousers-0.3.14+fixed1/debian/rules 2016-11-20 16:10:31.0 +0100
+++ trousers-0.3.14+fixed1/debian/rules 2021-06-14 23:15:06.0 +0200
@@ -16,6 +16,3 @@
override_dh_strip:
dh_strip --dbg-package=trousers-dbg
-
-override_dh_installudev:
- dh_installudev -n --priority=45
diff -Nru trousers-0.3.14+fixed1/debian/trousers.install
trousers-0.3.14+fixed1/debian/trousers.install
--- trousers-0.3.14+fixed1/debian/trousers.install 2016-11-20
16:10:31.0 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.install 2021-06-15
00:06:23.0 +0200
@@ -2,4 +2,3 @@
/usr/sbin
/usr/share/man/man8
/usr/share/man/man5
-/var/lib/tpm
diff -Nru trousers-0.3.14+fixed1/debian/trousers.postinst
trousers-0.3.14+fixed1/debian/trousers.postinst
--- trousers-0.3.14+fixed1/debian/trousers.postinst 2016-11-20
16:10:31.0 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.postinst 2021-06-14
23:25:54.0 +0200
@@ -4,22 +4,11 @@
case "${1}" in
configure)
- # Adding tss system user
- adduser --system --quiet --home /var/lib/tpm --shell /bin/false
--no-create-home --group tss
-
# Setting owner
- chown tss:tss /var/lib/tpm -R
chown tss:tss /etc/tcsd.conf
# Setting permissions
chmod 0600 /etc/tcsd.conf
- chmod 0700 /var/lib/tpm
-
- # ask udev to check for new udev rules (and fix device
permissions)
- if [ -e /dev/tpm0 ] && udevadm --version > /dev/null; then
-
Bug#989948: unblock: polari/3.38.0-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hello,
Please unblock package polari
With everything happening in the IRC world ATM, I think it's important
that libera.chat is being added to the default list of IRC network.
The favorite flag is only used for the initial setup dialog that is
being displayed on the first run for polari.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock polari/3.38.0-2
diff -Nru polari-3.38.0/debian/changelog polari-3.38.0/debian/changelog
--- polari-3.38.0/debian/changelog 2020-10-01 00:52:45.0 +0200
+++ polari-3.38.0/debian/changelog 2021-06-16 12:46:04.0 +0200
@@ -1,3 +1,11 @@
+polari (3.38.0-2) unstable; urgency=medium
+
+ * d/p/networks-Add-Libera-Chat.patch: Add Libera.chat network
+ * d/p/favorite-liberachat.patch: Mark Libera Chat as favorite instead of
+Freenode
+
+ -- Laurent Bigonville Wed, 16 Jun 2021 12:46:04 +0200
+
polari (3.38.0-1) unstable; urgency=medium
* New upstream release
diff -Nru polari-3.38.0/debian/patches/favorite-liberachat.patch
polari-3.38.0/debian/patches/favorite-liberachat.patch
--- polari-3.38.0/debian/patches/favorite-liberachat.patch 1970-01-01
01:00:00.0 +0100
+++ polari-3.38.0/debian/patches/favorite-liberachat.patch 2021-06-16
12:46:04.0 +0200
@@ -0,0 +1,22 @@
+Description: Mark Libera Chat as favorite instead of Freenode
+Forwarded: no
+Bug: https://gitlab.gnome.org/GNOME/polari/-/issues/169
+
+--- a/data/resources/networks.json
b/data/resources/networks.json
+@@ -269,7 +269,6 @@
+ {
+ "name": "Freenode",
+ "id": "freenode",
+-"favorite": true,
+ "servers": [
+ { "ssl": true, "port": 6697, "address": "chat.freenode.net" },
+ { "ssl": true, "port": 7000, "address": "chat.freenode.net" },
+@@ -391,6 +390,7 @@
+ {
+ "name": "Libera Chat",
+ "id": "liberachat",
++"favorite": true,
+ "servers": [
+ { "ssl": true, "port": 6697, "address": "irc.libera.chat" },
+ { "ssl": false, "port": 6667, "address": "irc.libera.chat" }
diff -Nru polari-3.38.0/debian/patches/networks-Add-Libera-Chat.patch
polari-3.38.0/debian/patches/networks-Add-Libera-Chat.patch
--- polari-3.38.0/debian/patches/networks-Add-Libera-Chat.patch 1970-01-01
01:00:00.0 +0100
+++ polari-3.38.0/debian/patches/networks-Add-Libera-Chat.patch 2021-06-16
12:46:04.0 +0200
@@ -0,0 +1,28 @@
+From: =?utf-8?q?Florian_M=C3=BCllner?=
+Date: Thu, 20 May 2021 21:41:35 +0200
+Subject: networks: Add Libera Chat
+
+https://gitlab.gnome.org/GNOME/polari/-/merge_requests/187
+---
+ data/resources/networks.json | 8
+ 1 file changed, 8 insertions(+)
+
+diff --git a/data/resources/networks.json b/data/resources/networks.json
+index f509c87..bf85295 100644
+--- a/data/resources/networks.json
b/data/resources/networks.json
+@@ -388,6 +388,14 @@
+ { "ssl": false, "port": 6667, "address": "irc.krstarica.com" }
+ ]
+ },
++ {
++"name": "Libera Chat",
++"id": "liberachat",
++"servers": [
++ { "ssl": true, "port": 6697, "address": "irc.libera.chat" },
++ { "ssl": false, "port": 6667, "address": "irc.libera.chat" }
++]
++ },
+ {
+ "name": "Librenet",
+ "id": "librenet",
diff -Nru polari-3.38.0/debian/patches/series
polari-3.38.0/debian/patches/series
--- polari-3.38.0/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ polari-3.38.0/debian/patches/series 2021-06-16 12:46:04.0 +0200
@@ -0,0 +1,2 @@
+networks-Add-Libera-Chat.patch
+favorite-liberachat.patch
Bug#993351: transition: folks
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, I would like to upload src:folks to unstable All the library packages have bump their soname from 25 to 26 I tried to rebuild all the rdependencies and they build fine https://release.debian.org/transitions/html/auto-folks.html Kind regards, Laurent Bigonville
Bug#985429: unblock: geoclue-2.0/2.5.7-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package geoclue-2.0
When using an application in flatpak, that application is supposed to
be sandboxed and requests to geoclue to get the location should be
explicitly granted by the user.
[ Reason ]
With cgroups v2, the code detecting that the application is running in a
flatpak is broken and geoclue is always granting access to the location
information without prompting the user.
[ Impact ]
This is only impacting the user of applications running in flatpak
[ Tests ]
I tried to run gnome-maps (flatpak run org.gnome.Maps) without and the
with the patch and with the patch, I correctly get a dialog asking me if
I want to share the location with the application.
I also tried to run gnome-maps outside of flatpak and it is still
working as expected.
[ Risks ]
The code is pretty isolated. I didn't test geoclue on a machine with
cgroup v1 though.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The patch has already been merged upstream in the master branch, I
cherry-picked it and it applies cleanly in the package shipped in
debian.
unblock geoclue-2.0/2.5.7-3
diff --git a/debian/changelog b/debian/changelog
index c5c1bc0..8cf8a35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+geoclue-2.0 (2.5.7-3) unstable; urgency=medium
+
+ * Properly detect that applications are running in flatpak when using cgroup
+v2. Thanks to Guido Günther (Closes: #985345)
+
+ -- Laurent Bigonville Wed, 17 Mar 2021 15:53:13 +0100
+
geoclue-2.0 (2.5.7-2) unstable; urgency=medium
* d/p/fix-nowifi-query.patch: Fix getting a location if the computer has no
diff --git a/debian/patches/0006-client-info-Support-cgroup-v2.patch
b/debian/patches/0006-client-info-Support-cgroup-v2.patch
new file mode 100644
index 000..2f0760b
--- /dev/null
+++ b/debian/patches/0006-client-info-Support-cgroup-v2.patch
@@ -0,0 +1,93 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?=
+Date: Tue, 16 Mar 2021 12:22:30 +0100
+Subject: client-info: Support cgroup v2
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+For v2 cgroups the /proc//cgroup format changed to a single line¹.
+Support this too to not misdetect flatpaks as system apps.
+
+1) See
https://www.kernel.org/doc/html/v4.18/admin-guide/cgroup-v2.html#processes
+
+Signed-off-by: Guido Günther
+---
+ src/gclue-client-info.c | 44 +---
+ 1 file changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/src/gclue-client-info.c b/src/gclue-client-info.c
+index d609b34..dd403a6 100644
+--- a/src/gclue-client-info.c
b/src/gclue-client-info.c
+@@ -181,6 +181,42 @@ on_name_vanished (GDBusConnection *connection,
+0);
+ }
+
++
++static gchar *
++parse_cgroup_v2 (GStrv lines)
++{
++const char *unit, *name;
++char *dash, *xdg_id;
++g_autofree char *scope = NULL;
++
++/* Cgroup v2 is always a single line:
++ *
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-flatpak-org.gnome.Maps-3358.scope
++ */
++if (g_strv_length (lines) != 2)
++return NULL;
++
++if (!g_str_has_prefix (lines[0], "0::"))
++ return NULL;
++
++unit = lines[0] + strlen ("0::");
++scope = g_path_get_basename (unit);
++if (!g_str_has_prefix (scope, "app-flatpak-") ||
++!g_str_has_suffix (scope, ".scope"))
++return NULL;
++
++name = scope + strlen("app-flatpak-");
++dash = strchr (name, '-');
++if (dash == NULL)
++return NULL;
++*dash = 0;
++
++xdg_id = g_strdup (name);
++g_debug ("Found xdg_id %s", xdg_id);
++
++return xdg_id;
++}
++
++
+ /* Based on got_credentials_cb() from xdg-app source code */
+ static char *
+ get_xdg_id (guint32 pid)
+@@ -188,7 +224,7 @@ get_xdg_id (guint32 pid)
+ char *xdg_id = NULL;
+ g_autofree char *path = NULL;
+ g_autofree char *content = NULL;
+-gchar **lines;
++g_auto(GStrv) lines = NULL;
+ int i;
+
+ path = g_strdup_printf ("/proc/%u/cgroup", pid);
+@@ -197,6 +233,10 @@ get_xdg_id (guint32 pid)
+ return NULL;
+ lines = g_strsplit (content, "\n", -1);
+
++ xdg_id = parse_cgroup_v2 (lines);
++ if (xdg_id != NULL)
++ return xdg_id;
++
+ for (i = 0; lines[i] != NULL; i++) {
+ const char *unit = lines[i] + strlen ("1:name=systemd:");
+ g_autofree char *scope = NULL;
+@@ -224,8 +264,6 @@ get_xdg_id (guint32 pid)
+ xdg
Bug#985662: unblock: gimp/2.10.22-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gimp
[ Reason ]
gimp now needs a hard dependency on graphviz as it uses an optional
feature of libgegl that requires the "dot" executable. Adding an hard
dependency on graphviz in libgegl package looks overkill as the other
packages dont seem to use that feature.
I also added a patch that define PATH_MAX for hurd, this is not changing
anything on the release architectures.
[ Impact ]
Without the graphviz package installed, gimp fails to start
[ Tests ]
Gimp now starts, this has been confirmed by some users.
[ Risks ]
Adding the dependency has no risk
PATH_MAX should already be defined in all other architectures than hurd,
so there is also no risks possible here either
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
This has been reported multiple times on the r/debian subreddit, so
there are actuall users impacted by this
unblock gimp/2.10.22-3
diff -Nru gimp-2.10.22/debian/changelog gimp-2.10.22/debian/changelog
--- gimp-2.10.22/debian/changelog 2020-11-24 10:25:51.0 +0100
+++ gimp-2.10.22/debian/changelog 2021-03-20 12:21:08.0 +0100
@@ -1,3 +1,13 @@
+gimp (2.10.22-3) unstable; urgency=medium
+
+ * debian/control.in: Add graphviz to the dependencies.
+Some optional functionality of libgegl used in gimp now requires the dot
+executable shipped in the graphviz package (Closes: #985317)
+ * debian/patches/02_hurd_ftbfs.patch: Fix FTBFS on hurd-i386.
+Thanks to Svante Signell (Closes: #934077)
+
+ -- Laurent Bigonville Sat, 20 Mar 2021 12:21:08 +0100
+
gimp (2.10.22-2) unstable; urgency=medium
* Team upload
diff -Nru gimp-2.10.22/debian/control gimp-2.10.22/debian/control
--- gimp-2.10.22/debian/control 2020-11-24 10:25:51.0 +0100
+++ gimp-2.10.22/debian/control 2021-03-20 12:21:08.0 +0100
@@ -6,7 +6,7 @@
Priority: optional
Section: graphics
Maintainer: Debian GNOME Maintainers
-Uploaders: Iain Lane , Jeremy Bicha , Ari
Pollak
+Uploaders: Iain Lane , Jeremy Bicha ,
Laurent Bigonville , Ari Pollak
Build-Depends: debhelper-compat (= 13),
desktop-file-utils ,
dh-sequence-gnome,
@@ -74,6 +74,7 @@
libgimp2.0 (<= ${source:Upstream-Version}-z),
gimp-data (>= ${source:Upstream-Version}),
gimp-data (<= ${source:Upstream-Version}-z),
+ graphviz,
xdg-utils,
${shlibs:Depends},
${misc:Depends}
diff -Nru gimp-2.10.22/debian/control.in gimp-2.10.22/debian/control.in
--- gimp-2.10.22/debian/control.in 2020-11-24 10:25:51.0 +0100
+++ gimp-2.10.22/debian/control.in 2021-03-20 12:21:08.0 +0100
@@ -70,6 +70,7 @@
libgimp2.0 (<= ${source:Upstream-Version}-z),
gimp-data (>= ${source:Upstream-Version}),
gimp-data (<= ${source:Upstream-Version}-z),
+ graphviz,
xdg-utils,
${shlibs:Depends},
${misc:Depends}
diff -Nru gimp-2.10.22/debian/patches/02_hurd_ftbfs.patch
gimp-2.10.22/debian/patches/02_hurd_ftbfs.patch
--- gimp-2.10.22/debian/patches/02_hurd_ftbfs.patch 1970-01-01
01:00:00.0 +0100
+++ gimp-2.10.22/debian/patches/02_hurd_ftbfs.patch 2021-03-20
12:21:08.0 +0100
@@ -0,0 +1,12 @@
+--- a/plug-ins/common/qbist.c
b/plug-ins/common/qbist.c
+@@ -38,6 +38,9 @@
+
+ #include "libgimp/stdplugins-intl.h"
+
++#ifndef PATH_MAX
++#define PATH_MAX 4096
++#endif
+
+ /** qbist renderer
***/
+
diff -Nru gimp-2.10.22/debian/patches/series gimp-2.10.22/debian/patches/series
--- gimp-2.10.22/debian/patches/series 2020-11-24 10:25:51.0 +0100
+++ gimp-2.10.22/debian/patches/series 2021-03-20 12:21:08.0 +0100
@@ -1 +1,2 @@
01_hurd_ftbfs.patch
+02_hurd_ftbfs.patch
Bug#985761: unblock: plymouth/0.9.5-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: couc...@debian.org
Please unblock package plymouth
So apparently I forgot to ask for an unblock my last upload of plymouth
[ Reason ]
The main change is the switch to the new "homeworld" theme
The other changes are:
- Removing a dependency against a package removed from the archive
(ttf-dejavu-core)
- Remove the support for /etc/vconsole.conf that is not used anywhere in
debian.
[ Impact ]
Plymouth uses the old theme from Buster
[ Tests ]
Reboot and the new theme is displayed.
The keymap is still read properly from /etc/default/keyboard
[ Risks ]
NA
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock plymouth/0.9.5-3
diff -Nru plymouth-0.9.5/debian/changelog plymouth-0.9.5/debian/changelog
--- plymouth-0.9.5/debian/changelog 2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/changelog 2021-03-02 13:18:12.0 +0100
@@ -1,3 +1,15 @@
+plymouth (0.9.5-3) unstable; urgency=medium
+
+ [ Laurent Bigonville ]
+ * debian/control: Remove dependency the ttf-dejavu-core alternative
+ * Don't use /etc/vconsole.conf after all as it's not used anywhere in debian
+ * d/p/0003-default-theme.patch: Switch to homeworld for bullseye
+
+ [ Simon McVittie ]
+ * Unfuzz 0008-show-delay.patch to apply cleanly
+
+ -- Laurent Bigonville Tue, 02 Mar 2021 13:18:12 +0100
+
plymouth (0.9.5-2) unstable; urgency=medium
* debian/local/plymouth.hook: Copy logo-text-version-64.png in the initramfs
diff -Nru plymouth-0.9.5/debian/control plymouth-0.9.5/debian/control
--- plymouth-0.9.5/debian/control 2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/control 2021-03-02 13:18:12.0 +0100
@@ -110,7 +110,7 @@
Depends: fontconfig,
fontconfig-config,
fonts-cantarell,
- fonts-dejavu-core | ttf-dejavu-core,
+ fonts-dejavu-core,
plymouth (= ${binary:Version}),
plymouth-label (= ${binary:Version}),
${misc:Depends},
diff -Nru plymouth-0.9.5/debian/local/plymouth.hook
plymouth-0.9.5/debian/local/plymouth.hook
--- plymouth-0.9.5/debian/local/plymouth.hook 2020-12-09 15:58:50.0
+0100
+++ plymouth-0.9.5/debian/local/plymouth.hook 2021-03-02 13:18:12.0
+0100
@@ -121,17 +121,12 @@
esac
fc-cache -s -y "${DESTDIR}" > /dev/null 2>&1
- # copy /etc/default/keyboard and /etc/vconsole.conf (needed for
keymap detection)
+ # copy /etc/default/keyboard (needed for keymap detection)
if [ -e /etc/default/keyboard ]
then
mkdir -p "${DESTDIR}/etc/default"
cp /etc/default/keyboard "${DESTDIR}/etc/default"
fi
- if [ -e /etc/vconsole.conf ]
- then
- mkdir -p "${DESTDIR}/etc"
- cp /etc/vconsole.conf "${DESTDIR}/etc"
- fi
# for two-step
case "$(sed -n 's/^ModuleName=\(.*\)/\1/p' ${THEME})" in
diff -Nru plymouth-0.9.5/debian/patches/0003-default-theme.patch
plymouth-0.9.5/debian/patches/0003-default-theme.patch
--- plymouth-0.9.5/debian/patches/0003-default-theme.patch 2020-12-09
15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/0003-default-theme.patch 2021-03-02
13:18:12.0 +0100
@@ -7,7 +7,7 @@
# Administrator customizations go in this file
#[Daemon]
-#Theme=fade-in
-+#Theme=futureprototype
++#Theme=homeworld
--- a/src/plymouthd.defaults
+++ b/src/plymouthd.defaults
@@ -1,6 +1,6 @@
@@ -15,6 +15,6 @@
# upgrades.
[Daemon]
-Theme=spinner
-+Theme=futureprototype
++Theme=homeworld
ShowDelay=0
DeviceTimeout=8
diff -Nru plymouth-0.9.5/debian/patches/0008-show-delay.patch
plymouth-0.9.5/debian/patches/0008-show-delay.patch
--- plymouth-0.9.5/debian/patches/0008-show-delay.patch 2020-12-09
15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/0008-show-delay.patch 2021-03-02
13:18:12.0 +0100
@@ -6,5 +6,5 @@
@@ -1,3 +1,4 @@
# Administrator customizations go in this file
#[Daemon]
- #Theme=futureprototype
+ #Theme=homeworld
+#ShowDelay=0
diff -Nru plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch
plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch
--- plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch
2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch
2021-03-02 13:18:12.0 +0100
@@ -1,17 +1,17 @@
+Description: Use /etc/default/keyboard instead of /etc/vconsole.conf
+Forwarded: not-needed
+
--- a/s
Bug#986149: unblock: libgweather/3.36.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libgweather [ Reason ] met.no (Norwegian Weather institute) asked libgweather upstream to set in the User-Agent the application that is actually doing the request to their service. The version of the library in bullseye do not have the needed patch We have backported almost all the functional patches from 3.36.2 already, so an alternative would be to just update to 3.36.2 [ Impact ] With out that patch met.no could consider that we are not following their TOS and could block our user to use their service. [ Tests ] gnome-weather still shows the weather information. I didn't test with an application not providing a .desktop file, but the code seems to take that case into account [ Risks ] The code is self contained and at worst the string "null" will be added the user agent. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock libgweather/3.36.1-3
Bug#987299: unblock: gstreamer1.0/1.18.4-1
Hello,
On Wed, 21 Apr 2021 09:31:12 +0300 =?utf-8?q?Sebastian_Dr=C3=B6ge?=
wrote:
> Please unblock package gstreamer1.0
>
> GStreamer 1.18.4 is a bugfix release on top of 1.18.3, which is
currently in
> testing/unstable. 1.18.4 is currently waiting in experimental until the
> unblock request is accepted.
>
> This does not affect only the gstreamer1.0 source package but also:
> - gst-plugins-base1.0
> - gst-plugins-good1.0
> - gst-plugins-bad1.0
Yesterday, I uploaded src:gst-plugins-bad1.0 1.18.4-3 without knowing
that the unblock was already requested.
My changes (see in the attached patch) are not impacting the release
architectures, they are fixing issues with different ports.
Are my changes a problem for the release team? Should they be reverted?
Sorry for the disturbance,
Kind regards,
Laurent Bigonville
diff --git a/debian/changelog b/debian/changelog
index 3cf3095a..1b45bf3d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+gst-plugins-bad1.0 (1.18.4-3) unstable; urgency=medium
+
+ * Team upload.
+ * debian/control: Add more architectures to the opencv BD
+ * debian/control: Do not make libgstreamer-plugins-bad1.0-dev depend on
+opencv where it's not available (Closes: #987396)
+ * Do not try to install the sctp on non-linux architectures
+
+ -- Laurent Bigonville Mon, 26 Apr 2021 17:07:50 +0200
+
gst-plugins-bad1.0 (1.18.4-2) unstable; urgency=medium
* Upload to unstable.
diff --git a/debian/control b/debian/control
index e2dece74..de5bbf23 100644
--- a/debian/control
+++ b/debian/control
@@ -51,8 +51,8 @@ Build-Depends: debhelper,
libnice-dev (>= 0.1.14),
libofa0-dev (>= 0.9.3),
libopenal-dev (>= 1:1.14),
- libopencv-dev (>= 3.0.0) [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x powerpc ppc64 riscv64],
- opencv-data [amd64 arm64 armel armhf i386 mips64el mipsel
ppc64el s390x powerpc ppc64 riscv64],
+ libopencv-dev (>= 3.0.0) [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x alpha hppa hurd-i386 m68k powerpc ppc64 riscv64],
+ opencv-data [amd64 arm64 armel armhf i386 mips64el mipsel
ppc64el s390x alpha hppa hurd-i386 m68k powerpc ppc64 riscv64],
libwpebackend-fdo-1.0-dev (>= 1.6.0) [amd64 arm64 armel
armhf hppa i386 mipsel ppc64 ppc64el s390x sparc64 x32],
libwpewebkit-1.0-dev (>= 2.28.0) [amd64 arm64 armel armhf hppa i386 mipsel ppc64 ppc64el s390x sparc64 x32],
libopenexr-dev,
@@ -166,7 +166,7 @@ Description: GStreamer plugins from the "bad" set
real live maintainer, or some actual wide use.
Package: gstreamer1.0-opencv
-Architecture: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
powerpc ppc64 riscv64
+Architecture: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
alpha hppa hurd-i386 m68k powerpc ppc64 riscv64
Multi-Arch: same
Depends: ${misc:Depends},
${shlibs:Depends},
@@ -248,7 +248,7 @@ Description: GStreamer libraries from the "bad" set
is not guaranteed to be stable.
Package: libgstreamer-opencv1.0-0
-Architecture: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
powerpc ppc64 riscv64
+Architecture: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
alpha hppa hurd-i386 m68k powerpc ppc64 riscv64
Section: libs
Priority: optional
Multi-Arch: same
@@ -279,11 +279,11 @@ Section: libdevel
Priority: optional
Depends: ${misc:Depends},
libgstreamer-plugins-bad1.0-0 (= ${binary:Version}),
- libgstreamer-opencv1.0-0 (= ${binary:Version}),
+ libgstreamer-opencv1.0-0 (= ${binary:Version}) [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x alpha hppa hurd-i386 m68k powerpc ppc64 riscv64],
libgstreamer1.0-dev,
libgstreamer-plugins-base1.0-dev,
gir1.2-gst-plugins-bad-1.0 (= ${binary:Version}),
- libopencv-dev (>= 2.3.0)
+ libopencv-dev (>= 2.3.0) [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x alpha hppa hurd-i386 m68k powerpc ppc64 riscv64]
Conflicts: pitivi (<< 0.)
Description: GStreamer development files for libraries from the "bad" set
GStreamer is a streaming media framework, based on graphs of filters
diff --git a/debian/gstreamer1.0-plugins-bad.install b/debian/gstreamer1.0-plugins-bad.install
index 7949901b..fe627515 100644
--- a/debian/gstreamer1.0-plugins-bad.install
+++ b/debian/gstreamer1.0-plugins-bad.install
@@ -84,7 +84,6 @@ debian/tmp/usr/lib/*/gstreamer-1.0/libgstrtmp.so
debian/tmp/usr/lib/*/gstreamer-1.0/libgstrtmp2.so
debian/tmp/usr/lib/*/gstreamer-1.0/libgstrtponvif.so
debian/tmp/usr/lib/*/gstreamer-1.0/libgstrtpmanagerbad.so
-debian/tmp/usr/lib/*/gstreamer-1.0/libgstsctp.so
debian/tmp/usr/lib/*/gstreamer-1.0/libgstsdpelem.so
debian/tmp/usr/lib/*/gstreamer-1.0/libgstsegmentclip.
Bug#988229: unblock: tepl/5.0.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tepl [ Reason ] The gir sequence (dh_girepository) is currenly not called during the build. Without this, the gir1.2-tepl-5 package has no dependencies defined. [ Impact ] Dependencies will not be installed and the binding will fail to work [ Tests ] The gir1.2-tepl-5 now has a Depends field [ Risks ] The change is pretty trivial [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock tepl/5.0.1-2 diff --git a/debian/changelog b/debian/changelog index 3f7df53..223775f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +tepl (5.0.1-2) unstable; urgency=medium + + * debian/rules: Call the gir sequence during the build + + -- Laurent Bigonville Sat, 08 May 2021 10:23:06 +0200 + tepl (5.0.1-1) unstable; urgency=medium * New upstream release diff --git a/debian/rules b/debian/rules index f95f5a2..9f5c98e 100755 --- a/debian/rules +++ b/debian/rules @@ -6,7 +6,7 @@ export DEB_LDFLAGS_MAINT_APPEND = -Wl,-O1 -Wl,-z,defs -Wl,--as-needed CHECK_HOME = $(CURDIR)/debian/tmp/home %: - dh $@ --with gnome + dh $@ --with gnome,gir override_dh_auto_configure: dh_auto_configure -- -Dgtk_doc=true
Bug#998067: transition: libsepol and libsemanage
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, libsepol and libsemanage have both bumped their soname from 1 to 2, the packages already went through the NEW queue and are in experimental. The transition trackers are already created: https://release.debian.org/transitions/html/auto-libsepol.html https://release.debian.org/transitions/html/auto-libsemanage.html Most of the packages are from the same upstream. For libsemanage, sssd and shadow will have to adjust their build-dependencies For libsepol, dmraid must remove the build-dependency, this is useless, see #929484. Note that dmraid already has a RC bug, for other reasons. Kind regards, Laurent Bigonville
Bug#998067: transition: libsepol and libsemanage
On Thu, 4 Nov 2021 22:29:41 +0100 Sebastian Ramacher wrote: > Control: tags -1 moreinfo > > On 2021-10-29 13:44:16 +0200, Laurent Bigonville wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Hello, > > > > libsepol and libsemanage have both bumped their soname from 1 to 2, the > > packages already went through the NEW queue and are in experimental. > > > > The transition trackers are already created: > > > > https://release.debian.org/transitions/html/auto-libsepol.html > > https://release.debian.org/transitions/html/auto-libsemanage.html > > > > Most of the packages are from the same upstream. > > > > For libsemanage, sssd and shadow will have to adjust their build-dependencies > > Have bugs been filed for that? > I just did that now, see #998633 and #998634 Note that I uploaded a new revision (3.1-2) of libsemanage in unstable to ease the dependency between the library package and the -common one and allow co-installation between libsemanage1 and libsemanage2. Maybe we should wait until 3.1-2 has migrated to testing (and maybe reduce the migration time so we are not waiting 5 days?)
Bug#998067: transition: libsepol and libsemanage
On Fri, 29 Oct 2021 13:44:16 +0200 Laurent Bigonville wrote: > > Hello, [...] > > For libsepol, dmraid must remove the build-dependency, this is useless, > see #929484. Note that dmraid already has a RC bug, for other reasons. A binNMU dmraid is actually enough to drop the runtime dependencies against the old libsepol1 package (and there is no libsepol1-dev BD), that's probably easier that doing a NMU. Can somebody schedule a binNMU for dmraid? I'll switch the bug back to important instead of serious as I still think that the libselinux BD is not needed, but that's not RC Kind regards, Laurent Bigonville
Bug#1004121: nmu: libgsf_1.14.47-1+b1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Apparently libgsf-1-dev in the archive is not co-installable due to the documentation (see #814502) I quickly tried to rebuild the package in amd64 and i386 and it seems that the documentation in the -dev package is now identical, so something has been fixed somewhere else. Could you please schedule a binNMU so the package is co-installable? Kind regards, Laurent Bigonville nmu libgsf_1.14.47-1+b1 . ANY . unstable . -m "Rebuild to fix multi-arch co-installation"
Bug#1004121: nmu: libgsf_1.14.47-1+b1
Le 23/01/22 à 18:54, Sebastian Ramacher a écrit :
Control: tags -1 moreinfo
On 2022-01-21 10:33:22 +0100, Laurent Bigonville wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Hello,
Apparently libgsf-1-dev in the archive is not co-installable due to the
documentation (see #814502)
Are you sue that this bug is still present? The binaries from the last
binNMU (1.14.47-1+) only differ in /usr/lib/${DEB_HOST_MULTIARCH} which
is to be expected.
I indeed didn't check myself if the existing packages were having a
conflict, but I trusted the error/warning displayed on
https://tracker.debian.org/pkg/libgsf
So the issue is maybe not present on all the architectures actually, mhh
Bug#1004121: nmu: libgsf_1.14.47-1+b1
Le 24/01/22 à 09:51, Laurent Bigonville a écrit :
Le 23/01/22 à 18:54, Sebastian Ramacher a écrit :
Control: tags -1 moreinfo
On 2022-01-21 10:33:22 +0100, Laurent Bigonville wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Hello,
Apparently libgsf-1-dev in the archive is not co-installable due to the
documentation (see #814502)
Are you sue that this bug is still present? The binaries from the last
binNMU (1.14.47-1+) only differ in /usr/lib/${DEB_HOST_MULTIARCH} which
is to be expected.
I indeed didn't check myself if the existing packages were having a
conflict, but I trusted the error/warning displayed on
https://tracker.debian.org/pkg/libgsf
So the issue is maybe not present on all the architectures actually, mhh
Just tried and actually there are still differences between amd64 and
arm64 (-dev) packages, but it's not the .html file, it's the .png that
contains a different timestamp.
And this is caused by the binNMU debian/changelog file that has a
different timestamp
Re: Bug#927667: gnome: please confirm or revert choice of Wayland for default desktop
On 19/06/19 22:19, Simon McVittie wrote: [...] I would very much appreciate input from the rest of the team, particularly: - Laurent: I know you've had strong opinions about using Wayland for GNOME. Do you feel strongly that Debian should be defaulting to Wayland? Are there any reasons for that default that are missing from my attempt to summarize earlier on the bug? [...] I'm personally using wayland for more than 3 years on my work laptop (Intel card) and my home desktop (ATI/AMD with OSS driver) and even if there were transient issues at some point, everything is pretty stable now with 3.30 (the version that will be released with buster). Like Iain the main annoyance I have in my daily use is with the desktop/window sharing in firefox. Wayland has been (re)made the default in debian back in July 2017 (beginning of the dev cycle for buster), I don't remember receiving any objections at the time. The question about using it by default was raised by Jonathan in Apr 2019, two months in the (soft) freeze, it was already quite late at that point IMHO to switch back. This makes me wonder, are there even people using GNOME in sid/testing? Are there people testing with the default settings or has everybody switch back to X11? Because we had a full development cycle and we didn't have a massive number of bugs being filled about this, how should we interpret that? It's also important to note that we are not pioneer in this, Fedora is defaulting to GNOME Wayland since Fedora 25 (Nov 2016). Both RHEL 8 (just released and using GNOME 3.28, so one release lower) and SUSE Linux Enterprise Desktop 15 (released in end of June last year using GNOME 3.26) are also defaulting to GNOME Wayland. We could indeed revert to X11 in a point release if things are going horribly wrong, some first step could be to put more information about this in the release notes. RHEL has https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/8.0_release_notes/index#desktop but I don't think that everything there applies to Debian
Bug#932702: nmu: Please binNMU the following packages that have not been built on a buildd
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, So apparently I missed the memo and my first round of packages uploaded to unstable after the release have not been built on a buildd. Could it be possible to binNMU them? libsepol must probably be rebuilt first as other packages are statically linking against it and are adding a Built-Using field: nmu libsepol_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu checkpolicy_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu libselinux_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu mcstrans_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu policycoreutils_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu restorecond_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu semodule-utils_2.9-2 . amd64 . unstable . -m "Rebuilt on a buildd" nmu setools_4.2.2-1 . amd64 . unstable . -m "Rebuilt on a buildd" nmu deja-dup_40.1-1 . amd64 . unstable . -m "Rebuilt on a buildd" Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#933369: buster-pu: package dma/0.11-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
dma currently use the TLSv1_client_method() function that means that it
only support TLS 1.0 which is considered deprecated (and forbidden by
PCI certification).
For what I can read, major providers are planning to remove support for
TLS 1.0 and TLS 1.1 current 2020.
The attached patches (cherry-picked from upstream) are switching to the
"version-flexible" function (TLS_client_method())
Could this be included in buster?
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
diff -Nru dma-0.11/debian/changelog dma-0.11/debian/changelog
--- dma-0.11/debian/changelog 2016-05-29 12:29:47.0 +0200
+++ dma-0.11/debian/changelog 2019-07-29 20:56:49.0 +0200
@@ -1,3 +1,12 @@
+dma (0.11-1+deb10u1) buster; urgency=medium
+
+ * d/p/0002-crypto-Don-t-limit-to-TLSv1-only.patch: Do not limit SSL
+connection to TLSv1 (Closes: #871429)
+ * d/p/0003-properly-deal-with-SSL_connect-return-value.patch: Properly check
+ the return code of SSL_connect()
+
+ -- Laurent Bigonville Mon, 29 Jul 2019 20:56:49 +0200
+
dma (0.11-1) unstable; urgency=medium
[ Arno Töll ]
diff -Nru dma-0.11/debian/patches/0002-crypto-Don-t-limit-to-TLSv1-only.patch
dma-0.11/debian/patches/0002-crypto-Don-t-limit-to-TLSv1-only.patch
--- dma-0.11/debian/patches/0002-crypto-Don-t-limit-to-TLSv1-only.patch
1970-01-01 01:00:00.0 +0100
+++ dma-0.11/debian/patches/0002-crypto-Don-t-limit-to-TLSv1-only.patch
2019-07-29 20:56:49.0 +0200
@@ -0,0 +1,27 @@
+From: Michael Tremer
+Date: Sun, 11 Feb 2018 11:05:43 +
+Subject: crypto: Don't limit to TLSv1 only
+
+Signed-off-by: Michael Tremer
+---
+ crypto.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto.c b/crypto.c
+index 897b55b..440c882 100644
+--- a/crypto.c
b/crypto.c
+@@ -93,7 +93,12 @@ smtp_init_crypto(int fd, int feature)
+ SSL_library_init();
+ SSL_load_error_strings();
+
+- meth = TLSv1_client_method();
++ // Allow any possible version
++#if (OPENSSL_VERSION_NUMBER >= 0x1010L)
++ meth = TLS_client_method();
++#else
++ meth = SSLv23_client_method();
++#endif
+
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL) {
diff -Nru
dma-0.11/debian/patches/0003-properly-deal-with-SSL_connect-return-value.patch
dma-0.11/debian/patches/0003-properly-deal-with-SSL_connect-return-value.patch
---
dma-0.11/debian/patches/0003-properly-deal-with-SSL_connect-return-value.patch
1970-01-01 01:00:00.0 +0100
+++
dma-0.11/debian/patches/0003-properly-deal-with-SSL_connect-return-value.patch
2019-07-29 20:56:49.0 +0200
@@ -0,0 +1,22 @@
+From: Simon Schubert <2...@0x2c.org>
+Date: Thu, 13 Sep 2018 16:44:50 +0200
+Subject: properly deal with SSL_connect() return value
+
+Submitted-by: lc3412
+---
+ crypto.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto.c b/crypto.c
+index 440c882..ef08144 100644
+--- a/crypto.c
b/crypto.c
+@@ -160,7 +160,7 @@ smtp_init_crypto(int fd, int feature)
+
+ /* Open SSL connection */
+ error = SSL_connect(config.ssl);
+- if (error < 0) {
++ if (error != 1) {
+ syslog(LOG_ERR, "remote delivery deferred: SSL handshake failed
fatally: %s",
+ ssl_errstr());
+ return (1);
diff -Nru dma-0.11/debian/patches/series dma-0.11/debian/patches/series
--- dma-0.11/debian/patches/series 2016-05-29 12:29:47.0 +0200
+++ dma-0.11/debian/patches/series 2019-07-29 20:56:49.0 +0200
@@ -1,2 +1,3 @@
03-debian-locations.patch
-#10-liblockfile.patch
+0002-crypto-Don-t-limit-to-TLSv1-only.patch
+0003-properly-deal-with-SSL_connect-return-value.patch
Bug#935888: buster-pu: package osinfo-db/0.20181120-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, The current version of osinfo-db in Buster is not supporting buster itself which is quite annoying (see #919486 and #935551). In addition to that, the download links for the stretch iso are no longer valid. I've prepared an update for buster version that fixes these two issues. My update also fixes an issue with the parameter name use in the automated installation profile as described in the documentation and used in the implementations. All the changes are already fixed in last upstream release (currently in unstable) Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru osinfo-db-0.20181120/debian/changelog osinfo-db-0.20181120/debian/changelog --- osinfo-db-0.20181120/debian/changelog 2018-11-20 22:41:36.0 +0100 +++ osinfo-db-0.20181120/debian/changelog 2019-08-24 10:06:02.0 +0200 @@ -1,3 +1,16 @@ +osinfo-db (0.20181120-1+deb10u1) buster; urgency=medium + + * debian/patches/debian9-update.patch: Fix the URL's to download the iso +files and point to the latest point release (9.9.0) + * debian/patches/debian10-Add-info.patch: Add information about the debian +buster/10 release (Closes: #935551) + * d/p/debian-preseed-Fix-typo-in-config-s-name.patch: Fix the name of the +parameter used to set the fullname when generating a preseed file, the +documentation explicitly talks about "user-realname" but the profile was +using "user-fullname" (the debconf parameter name) by mistake + + -- Laurent Bigonville Sat, 24 Aug 2019 10:06:02 +0200 + osinfo-db (0.20181120-1) unstable; urgency=medium * [aa777b6] New upstream version 0.20181120 diff -Nru osinfo-db-0.20181120/debian/patches/debian10-Add-info.patch osinfo-db-0.20181120/debian/patches/debian10-Add-info.patch --- osinfo-db-0.20181120/debian/patches/debian10-Add-info.patch 1970-01-01 01:00:00.0 +0100 +++ osinfo-db-0.20181120/debian/patches/debian10-Add-info.patch 2019-08-24 10:06:02.0 +0200 @@ -0,0 +1,223 @@ +From 13e84168d359b4ab1170451716098b5e72ac15f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Tue, 9 Jul 2019 08:55:30 +0200 +Subject: [PATCH] debian10: Add info +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Debian 10 has been released on July 6th, 2019. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +--- + data/os/debian.org/debian-10.xml.in | 203 + 1 file changed, 203 insertions(+) + create mode 100644 data/os/debian.org/debian-10.xml.in + +--- /dev/null b/data/os/debian.org/debian-10.xml.in +@@ -0,0 +1,203 @@ ++ ++ ++ http://debian.org/debian/10";> ++debian10 ++debianbuster ++<_name>Debian 10 ++10 ++<_vendor>Debian Project ++linux ++debian ++buster ++http://debian.org/debian/9"/> ++http://debian.org/debian/9"/> ++ ++2019-07-06 ++ ++ ++ ++10 ++1 ++1073741824 ++10737418240 ++ ++ ++10 ++1073741824 ++21474836480 ++ ++ ++ ++ ++ <_name>Debian 10 ++ ++ ++ <_name>Debian 10 ++ ++ ++ ++ ++ ++ http://cdimage.debian.org/cdimage/release/10.0.0/i386/iso-cd/debian-10.0.0-i386-netinst.iso ++ ++Debian 10.(\d)+.(\d)+ i386 n ++ ++ install.386/vmlinuz ++ install.386/initrd.gz ++ ++ ++ ++ http://cdimage.debian.org/cdimage/release/10.0.0/amd64/iso-cd/debian-10.0.0-amd64-netinst.iso ++ ++Debian 10.(\d)+.(\d)+ amd64 n ++ ++ install.amd/vmlinuz ++ install.amd/initrd.gz ++ ++ ++ ++ http://cdimage.debian.org/cdimage/release/10.0.0/arm64/iso-cd/debian-10.0.0-arm64-netinst.iso ++ ++Debian 10.(\d)+.(\d)+ arm64 n ++ ++ install.a64/vmlinuz ++ install.a64/initrd.gz ++ ++ ++ ++ http://cdimage.debian.org/cdimage/release/10.0.0/armhf/iso-cd/debian-10.0.0-armhf-netinst.iso ++ ++Debian 10.(\d)+.(\d)+ armhf n ++ ++ install.armhf/vmlinuz ++ install.armhf/initrd.gz ++ ++ ++ ++ http://cdimage.debian.org/cdimage/release/10.0.0/ppc64el/iso-cd/debian-10.0.0-ppc64el-netinst.iso ++ ++Debian 10
Bug#942428: transition: gssdp/gupnp
On Mon, 21 Oct 2019 21:19:14 +0200 Paul Gevers wrote: > Hi Andreas, > > On 16-10-2019 08:37, Andreas Henriksson wrote: > > The final real blocker as I can see it is the gupnp-igd armel FTBFS. > > Could you please file a bug about this and add it as a blocker of this bug? > > > The problem is 100% reproducible on abel porterbox. > > The tests that hangs are the final two: > > test_gupnp_simple_igd_invalid_ip > > test_gupnp_simple_igd_empty_ip > > According to gdb the main thread is hanging in g_object_unref (igd) > > that's called last in the test functions. > > > Since there's no obvious solution to this and I'm not going to invest > > (more) time into it nor to track down anyone who cares about armel > > issues I'm leaving this here as tagged moreinfo until someone has a plan > > for how the transition can happen. So apparently this was a bug in gupnp that was making the tests deadlock and for some reasons the version fixing this was stuck in the armel buildd... anyway, gupnp-igd is now building fine in experimental. I think most of the work is already done in experimental, could we go forward? Kind regards, Laurent Bigonville
Bug#942428: transition: gssdp/gupnp
Le 30/12/19 à 22:24, Paul Gevers a écrit : > Hi Laurent, Andreas, > What's the current status of the two packages reported unfixed? It's not > clear if they either FTBFS or if they are just not tried to be fixed in > experimental. I asked to have bugs filed, but I didn't spot them. > > peony-extensions - no rdeps, unmaintained <--- temporary removal? > not really, the package is > aging now in unstable as it had recent updates AFAICS peony-extensions has no dependency against gssdp or gupnp, so that's fine I guess > upnp-router-control - no rdeps, unmaintained for years <-- permament > removal? That package definitely look unmaintained (no upload since 2013), I see some recent activity upstream (a few uploads in 2019, the previous uploads where somewhere in 2013), but even the development branch does not built with the last version of gssdp/gupnp I've opened a bug upstream and I just opened a serious bug in debian So I guess that removing the package from testing should be fine for now? > If this is cleared up, we can probably go ahead. > > Paul >
Bug#947930: transition: gspell
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, The soname of the gspell library has bumped its soname from libgspell-1-1 to libgspell-1-2 I rebuilt all the rdeps and they all build fine with the new library. BUT ATM there is an issue with gnome-software (and sysprof) on ppc64el that should be fixed first before we can start the transition. The following packages needs a source upload as they also need to be updated to use enchant-2 to avoid having both enchant(1) and enchant-2 linked inside the same binary: geary gnome-builder evolution Kind regards, Laurent Bigonville Ben file: title = "gspell"; is_affected = .depends ~ "libgspell-1-1" | .depends ~ "libgspell-1-2"; is_good = .depends ~ "libgspell-1-2"; is_bad = .depends ~ "libgspell-1-1"; -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-1-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#947930: transition: gspell
On Thu, 02 Jan 2020 10:20:13 +0100 Laurent Bigonville wrote: > [...] > BUT ATM there is an issue with gnome-software (and sysprof) on ppc64el > that should be fixed first before we can start the transition. > [...] The problem is now fixed in sysprof and gnome-software, so IMVHO there is nothing holding back the transition
Please add a tracker for the enchant -> enchant-2 transition
Hello, Could you please add a tracker for the enchant -> enchant-2 "transition" I'm not expecting to see this transition happening overnight as it requires changes in almost all packages (the build system at least) to use the new library, but that's not really a problem as the source package has been also renamed. is_affected = depends ~ /\b(enchant|libenchant\-dev|libenchant\-voikko|libenchant1c2a|enchant\-2|libenchant\-2\-2|libenchant\-2\-dev|libenchant\-2\-voikko)\b/; is_good = .depends ~ /\b(enchant\-2|libenchant\-2\-2|libenchant\-2\-dev|libenchant\-2\-voikko)\b/; is_bad = .depends ~ /\b(enchant|libenchant\-dev|libenchant\-voikko|libenchant1c2a)\b/; Kind regards, Laurent Bigonville
Bug#948429: nmu: gtkspellmm_3.0.5+dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Could you please schedule a binNMU for gtkspellmm? Rebuilding gtkspellmm will remove the (unneeded) dependency against libenchant1c2a nmu gtkspellmm_3.0.5+dfsg-2 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw gtkspellmm_3.0.5+dfsg-2 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' Thanks Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#948429: nmu: gtkspellmm_3.0.5+dfsg-2 and gimagereader_3.3.1-1
On Wed, 08 Jan 2020 16:56:25 +0100 Laurent Bigonville wrote: > > Could you please schedule a binNMU for gtkspellmm? > > Rebuilding gtkspellmm will remove the (unneeded) dependency against libenchant1c2a > > nmu gtkspellmm_3.0.5+dfsg-2 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" > dw gtkspellmm_3.0.5+dfsg-2 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' > Could you also add a binNMU for gimagereader? nmu gimagereader_3.3.1-1 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw gimagereader_3.3.1-1 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' Thanks!
Bug#948429: nmu: gtkspellmm_3.0.5+dfsg-2 and gimagereader_3.3.1-1 pan_0.146-1
retitle 948429 gtkspellmm_3.0.5+dfsg-2 gimagereader_3.3.1-1 pan_0.146-1 thanks Le 8/01/20 à 17:15, Laurent Bigonville a écrit : On Wed, 08 Jan 2020 16:56:25 +0100 Laurent Bigonville wrote: > > Could you please schedule a binNMU for gtkspellmm? > > Rebuilding gtkspellmm will remove the (unneeded) dependency against libenchant1c2a > > nmu gtkspellmm_3.0.5+dfsg-2 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" > dw gtkspellmm_3.0.5+dfsg-2 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' > Could you also add a binNMU for gimagereader? nmu gimagereader_3.3.1-1 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw gimagereader_3.3.1-1 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' Thanks! There these is also pan to binNMU, sorry for the noise So to recap could you binNMU the following: nmu gtkspellmm_3.0.5+dfsg-2 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw gtkspellmm_3.0.5+dfsg-2 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' nmu gimagereader_3.3.1-1 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw gimagereader_3.3.1-1 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' nmu pan_0.146-1 . ANY . unstable . -m "Rebuild to get rid of libenchant1c2a dependency" dw pan_0.146-1 . ANY . -m 'libgtkspell3-3-0 (>= 3.0.10-1)' Thanks
Bug#966528: nmu: package-update-indicator_5-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, The Makefile of package-update-indicator is prioritising libappindicator (which is orphanned) over libayatana-appindicator3-1 (the "new" one) and for some reasons the package was built against the former. Rebuilding the package make it builds against libayatana-appindicator as expected. Please binNMU package-update-indicator: nmu package-update-indicator_5-1 . ANY . unstable . -m "Build against libayatana-appindicator3-1" Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#968180: nmu: selint_1.1.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Could you please binNMU selint on amd64? The package was not built on a buildd and is blocked for migrating Kind regards, Laurent Bigonville nmu selint_1.1.0-1 . amd64 . unstable . -m "Rebuild on buildd" -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#977201: transition: glade
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, I would like to upload glade 3.38 in unstable, but this requires a transiton (libgladeui-2-6 -> libgladeui-2-13) I tried to rebuild all the rdeps and they all build fine except libhandy and libgtkdatabox For libhandy I opened #977187 (with a patch). For libgtkdatabox I opened #977184 but I'm not really sure that can be fixed easily (at all?) as it seems there is a mismatch between gtk2 and gtk3 in the source. IMVHO, the only option is to remove the glade plugin. AFAICS, there is not rdeps in the archive, I've also a patch for that. Kind regards, Laurent Bigonville Ben file: title = "glade"; is_affected = .depends ~ "libgladeui-2-6" | .depends ~ "libgladeui-2-13"; is_good = .depends ~ "libgladeui-2-13"; is_bad = .depends ~ "libgladeui-2-6"; -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#978091: buster-pu: package geoclue-2.0/2.5.2-1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hello, [ Reason ] There are currently several issues with geoclue-2.0 in debian buster: 1) The daemon is not respecting the user choice to not query the location, that could be seen as a privacy/GDPR breach as it contacts MLS and sends data (ESSID,..) to them without explicit approval. This is only happening for "system" (non-flatpak) applications. 2) The indicator (in the gnome-shell,...) showing that geoclue is active and looking for the location of the computer is never turned on. 3) This version of geoclue is using a generic Mozilla Location service API key, Mozilla would like us to use a dedicated key for geoclue in debian: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/136 [ Impact ] There is a privacy issue and also the risk that geoclue might stop working overnight when MLS revoke the API key currently used. [ Tests ] Smoke testing on a debian buster VM [ Risks ] The changes are minimal and straightforward. All the patches have been backported from upstream git repository [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] 1) The biggest change is the fact that the daemon will now query the "agent" (gnome-shell or other) to check the user preference about the usage of geolocation before querying the location (and contacting MLS). 2) The "in_use" property is set now when there is a client requesting the location connected. 3) We also change the MLS API key to the one generated especially for debian and stop exposing it in the configuration file. While testing, I discovered that the daemon is crashing if submission-url is not defined in the configuration file, this is fixed as well. [ Other info ] NA -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000..7f1315b --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,8 @@ +geoclue-2.0 for Debian +- + +geoclue uses the Mozilla Location Service (MLS) to estimate the location of +your computer. Please refer to the Privacy Notice on the Mozilla website for +all privacy concerns: https://location.services.mozilla.com/privacy + + -- Laurent Bigonville Thu, 23 Apr 2020 14:28:03 +0200 diff --git a/debian/changelog b/debian/changelog index 02ce138..4b654ce 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +geoclue-2.0 (2.5.2-1+deb10u1) buster; urgency=medium + + * debian/README.Debian: Add information about MLS and a link to the service +Privacy Notice page + * Check the maximum allowed accuracy level even for system applications. +Respect the value of the user preference concerning the usage of their +geolocation. This should fix the privacy and GDPR conformity concerns as +the user explicitly needs to enable the option. +Note that there is no distinction between the system applications +anymore, turning on the option is allowing them all to get the location. +(Closes: #924516, #958497) + * d/p/: Add a patch to make the Mozilla API key configurable + * debian/rules: Use the key that has been allocated to debian for MLS queries + * d/p: Add an upstream patch to fix the display of the usage indicator + * Fix crash if submission-url is not set in the config, patch from upstream + + -- Laurent Bigonville Fri, 25 Dec 2020 17:19:50 +0100 + geoclue-2.0 (2.5.2-1) unstable; urgency=medium * [da1f3cfb] New upstream version 2.5.2 diff --git a/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch new file mode 100644 index 000..f4183d8 --- /dev/null +++ b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch @@ -0,0 +1,70 @@ +From: Laurent Bigonville +Date: Fri, 23 Oct 2020 21:37:12 +0200 +Subject: service: Check the maximum allowed accuracy level even for system + apps + +We need to check the maximum allowed accuracy even for system apps +otherwise the user cannot disable the geolocalization for these +(max_accuracy set to 0) + +Fix: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/111 +--- + src/gclue-service-client.c | 16 +
Bug#985049: unblock: libgweather/3.36.1-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libgweather
[ Reason ]
The provider of the weather data (yr.no/met.no) changed their API and we
need to use the new one.
There was also a request to reduce the precision of the coordinates sent
in the query to improve caching on their side.
[ Impact ]
The applications using libgweather (ie. gnome-weather, gnome-shell,...)
are not showing any weather data.
[ Tests ]
gnome-weather and gnome-shell now display the data.
[ Risks ]
The changes are quite straightforward and all patches have been
backported by Andreas from upstream git.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The provider has asked upstream to rename everything from yr.no to
met.no. Upstream renamed everything, including the name of constants in
the API, something we cannot do now due to the freeze.
https://gitlab.gnome.org/GNOME/libgweather/-/issues/59
unblock libgweather/3.36.1-2
diff -Nru libgweather-3.36.1/debian/changelog
libgweather-3.36.1/debian/changelog
--- libgweather-3.36.1/debian/changelog 2020-08-29 00:36:23.0 +0200
+++ libgweather-3.36.1/debian/changelog 2021-03-10 18:26:48.0 +0100
@@ -1,3 +1,18 @@
+libgweather (3.36.1-2) unstable; urgency=medium
+
+ [ Andreas Henriksson ]
+ * Add patches from upstream for yr.no->met.no API. These patches has been
+cherry-picked from upstream and modified to apply directly to the yrno
+backend (without renaming it to metno and breaking the API). (Closes:
+#983917)
+
+ [ Laurent Bigonville ]
+ * Only use 4 significant decimals for locations when sending the query.
+Patch from upstream. More precision is not needed and this helps to
+improve caching on the provider side and reduce their load.
+
+ -- Iain Lane Wed, 10 Mar 2021 17:26:48 +
+
libgweather (3.36.1-1) unstable; urgency=medium
* Team upload
diff -Nru libgweather-3.36.1/debian/libgweather-3-16.symbols
libgweather-3.36.1/debian/libgweather-3-16.symbols
--- libgweather-3.36.1/debian/libgweather-3-16.symbols 2020-08-29
00:36:23.0 +0200
+++ libgweather-3.36.1/debian/libgweather-3-16.symbols 2021-03-10
18:26:48.0 +0100
@@ -1,6 +1,7 @@
libgweather-3.so.16 libgweather-3-16 #MINVER#
* Build-Depends-Package: libgweather-3-dev
_gweather_location_reset_world@Base 3.32.0
+ _radians_to_degrees_str@Base 3.36.1-2~
gweather_conditions_to_string@Base 3.7.91
gweather_conditions_to_string_full@Base 3.25.91
gweather_distance_unit_get_type@Base 3.7.91
diff -Nru
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
---
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
1970-01-01 01:00:00.0 +0100
+++
libgweather-3.36.1/debian/patches/gweather-Only-use-4-significant-decimals-for-locations.patch
2021-03-10 18:26:48.0 +0100
@@ -0,0 +1,179 @@
+From: Bastien Nocera
+Date: Thu, 7 Jan 2021 12:46:34 +0100
+Subject: gweather: Only use 4 significant decimals for locations
+
+1/1000th of a degree of longitude or latitude corresponds to around
+100 meters. There's no reason for the weather to be any more precise
+than this.
+
+See https://www.thoughtco.com/degree-of-latitude-and-longitude-distance-4070616
+
+Closes: #69
+---
+ libgweather/gweather-private.c | 21 -
+ libgweather/gweather-private.h | 3 +++
+ libgweather/test_libgweather.c | 16
+ libgweather/weather-iwin.c | 7 ---
+ libgweather/weather-owm.c | 7 ---
+ libgweather/weather-yrno.c | 7 ---
+ 6 files changed, 47 insertions(+), 14 deletions(-)
+
+diff --git a/libgweather/gweather-private.c b/libgweather/gweather-private.c
+index b214ad9..0ccc21b 100644
+--- a/libgweather/gweather-private.c
b/libgweather/gweather-private.c
+@@ -22,8 +22,19 @@
+
+ #include "gweather-private.h"
+
+-/*
+- There is no code here: the purpose of this header is so that
+- gnome-builder knows how to pick up the include flags to parse
+- gweather-private.h properly.
+-*/
++/* sign, 3 digits, separator, 4 decimals, nul-char */
++#define DEGREES_STR_SIZE (1 + 3 + 1 + 4 + 1)
++
++char *
++_radians_to_degrees_str (gdouble radians)
++{
++ char *str;
++ double degrees;
++
++ str = g_malloc0 (DEGREES_STR_SIZE);
++ /* Max 4 decimals */
++ degrees = (double) ((int) (RADIANS_TO_DEGREES (radians) * 1)) / 1;
++ /* Too many digits */
++ g_return_val_if_fail (degrees <= 1000 || degrees >= -1000, NULL);
++ return g_ascii_formatd (str, G_ASCII_DTOSTR_BUF_SIZE, "%g", degrees);
++}
+diff --git a/libgweather/gweather-private.h b/libgweather/gweather-private.h
+in
pyfribidi/fribidi transition
Hello, Could someone have a look at why pyfribidi and fribidi are not transitioning to unstable (I'm not sure how the regression tests are impacting the transitions)? This apparently blocks pango1.0. Kind regards, Laurent Bigonville
Bug#951209: transition: libgusb
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, libgusb is carrying in debian a patch[0] to revert/fix an after the fact change that was done upstream in the versioning of the symbols. I don't think we should/can carry this patch forever and due to the fact that the number of reverse-dependencies is quite limited, I was planning to simply drop it, but that would require to binNMU them to be certain they are using the correct version of the symbol. r-deps are: colord colorhug-client fwupd gnome-multi-writer simple-scan I quickly tested and among of these, only fwupd seems impacted. I updated the .symbols file of libgusb2 so the symbols affcted by this version change will generate a dependency against the lastest version of the library. Could you please give me the greenlight to upload the new version of libgusb and then schedule a binNMU of fwupd (or all the rdeps if you prefere) Kind regards, Laurent Bigonville [0] https://salsa.debian.org/debian/libgusb/blob/master/debian/patches/revert-versioning.patch -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Re: pyfribidi/fribidi transition
Bas Couwenberg wrote: On 2020-02-10 09:58, Laurent Bigonville wrote: Could someone have a look at why pyfribidi and fribidi are not transitioning to unstable (I'm not sure how the regression tests are impacting the transitions)? This apparently blocks pango1.0. The autopkgtest for pyfribidi is failing, this is a blocker for testing migration. Until the autopkgtest for pyfribidi is fixed fribidi & its rdepends won't migrate to testing. The thing is that the tests both in unstable and testing are passing. So it means it's the combination of src:pyfribidi unstable and src:fribidi of testing that is failing. src:fribidi also has a new version in unstable, so if both are migrating at the same time, the test should succeed. Could you please ignore the results of that test and let everything migrate?
Bug#951209: transition: libgusb
On Wed, 12 Feb 2020 15:24:42 +0100 Laurent Bigonville wrote: > Could you please give me the greenlight to upload the new version of > libgusb and then schedule a binNMU of fwupd (or all the rdeps if you > prefere) > Any opinion on this?
Bug#951209: transition: libgusb
On Tue, 3 Mar 2020 20:19:12 +0100 Julien Cristau wrote: > On Wed, Feb 12, 2020 at 03:24:42PM +0100, Laurent Bigonville wrote: > > libgusb is carrying in debian a patch[0] to revert/fix an after the fact > > change that was done upstream in the versioning of the symbols. > > > > I don't think we should/can carry this patch forever and due to the fact > > that the number of reverse-dependencies is quite limited, I was planning > > to simply drop it, but that would require to binNMU them to be > > certain they are using the correct version of the symbol. > > > IMO we should keep compatibility with the old version until the next > upstream SONAME bump. That might mean keeping this patch, or something > different, if we can add properly versioned aliases for the affected > symbols? I'm not exactly sure how to do that TBH FTR, a more persistent link to the file was talking about in my initial mail https://salsa.debian.org/debian/libgusb/-/blob/80d3862872ff72b9cf10c90959973baf9755c7e9/debian/patches/revert-versioning.patch
Bug#947979: Please add a tracker for the enchant -> enchant-2 transition
On Thu, 12 Mar 2020 08:50:30 +0100 Paul Gevers wrote: > Hi Laurent, > > On 10-01-2020 21:09, Paul Gevers wrote: > > Slightly different from a regular transition: all involved > > packages need a source-full upload to switch and this can happen over a > > longer period. > > How is this faring. I haven't seen progress in a month to this > transition. Are all reverse dependencies aware now, there are only 4 > blocking bugs against this transition. Do you intend to finish this > before the freeze, we don't want be shipping two enchants with bullseye. Nothing much as moved on my side, I'll try to check if all rdeps have a bug open. But, looking at the tracker, I realized that there are false positive in it, the regex seems to match python3-enchant as well, which is definitely not intended Can somebody check? Thanks
Bug#959081: buster-pu: package libssh/0.8.7-1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hello,
Please allow an upload to fix #956308 (CVE-2020-1730).
That upload should also probably end up in the coming point release
changelog|
7 +++
patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch |
32
patches/series |
1 +
3 files changed, 40 insertions(+)
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
>From 75f81629de6636a82d0129ad86d9b41dd5d9b8da Mon Sep 17 00:00:00 2001
From: Laurent Bigonville
Date: Wed, 29 Apr 2020 10:38:58 +0200
Subject: [PATCH] Fix possible DoS in client and server when handling AES-CTR
keys with OpenSSL, cherry-picked from upstream (Closes: #956308
CVE-2020-1730)
---
debian/changelog | 7
...ossible-segfault-when-zeroing-AES-CT.patch | 32 +++
debian/patches/series | 1 +
3 files changed, 40 insertions(+)
create mode 100644
debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
diff --git a/debian/changelog b/debian/changelog
index c4273f2f..8225fbd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libssh (0.8.7-1+deb10u1) buster; urgency=medium
+
+ * Fix possible DoS in client and server when handling AES-CTR keys with
+OpenSSL, cherry-picked from upstream (Closes: #956308 CVE-2020-1730)
+
+ -- Laurent Bigonville Tue, 28 Apr 2020 13:40:28 +0200
+
libssh (0.8.7-1) unstable; urgency=medium
* New upstream bug fix release 0.8.7.
diff --git
a/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
b/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
new file mode 100644
index ..cdbc51f5
--- /dev/null
+++
b/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
@@ -0,0 +1,32 @@
+From: Andreas Schneider
+Date: Tue, 11 Feb 2020 11:52:33 +0100
+Subject: CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key
+
+Fixes T213
+
+Signed-off-by: Andreas Schneider
+Reviewed-by: Anderson Toshiyuki Sasaki
+(cherry picked from commit b36272eac1b36982598c10de7af0a501582de07a)
+---
+ src/libcrypto.c | 8 ++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index 340a3e6..b3285e0 100644
+--- a/src/libcrypto.c
b/src/libcrypto.c
+@@ -636,8 +636,12 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct
*cipher, void *in, void *ou
+ }
+
+ static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
+-explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+-SAFE_FREE(cipher->aes_key);
++if (cipher != NULL) {
++if (cipher->aes_key != NULL) {
++explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
++}
++SAFE_FREE(cipher->aes_key);
++}
+ }
+
+ #endif /* HAVE_OPENSSL_EVP_AES_CTR */
diff --git a/debian/patches/series b/debian/patches/series
index 842c602c..db23779b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
+0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
1003-custom-lib-names.patch
2003-disable-expand_tilde_unix-test.patch
--
2.26.2
Bug#854700: unblock: libproxy/0.4.14-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package libproxy
I recently discovered that the networkmanager libproxy plugin was not
listening to the correct NM event meaning that the cache of libproxy was
not properly cleaned up in case of network topology change.
After fixing that bug, I discovered that I could create a segfault in
some situation when the cache was invalidated.
The two patches have already been merged upstream
Upstream bug: https://github.com/libproxy/libproxy/issues/58 and
https://github.com/libproxy/libproxy/issues/59
unblock libproxy/0.4.14-2
Regards,
Laurent Bigonville
-- System Information:
Debian Release: 9.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libproxy-0.4.14/debian/changelog libproxy-0.4.14/debian/changelog
--- libproxy-0.4.14/debian/changelog2017-01-22 13:58:45.0 +0100
+++ libproxy-0.4.14/debian/changelog2017-02-08 12:17:50.0 +0100
@@ -1,3 +1,11 @@
+libproxy (0.4.14-2) unstable; urgency=medium
+
+ * debian/patches/fix-clean-reload-cache.patch: Make sure that the PAC/WPAD
+cache is cleanup when network topology changes and prevent a segfault in
+the process, patches merged upstream.
+
+ -- Laurent Bigonville Wed, 08 Feb 2017 12:17:50 +0100
+
libproxy (0.4.14-1) unstable; urgency=medium
* New upstream release.
diff -Nru libproxy-0.4.14/debian/libgproxy1-plugin-gsettings.install
libproxy-0.4.14/debian/libgproxy1-plugin-gsettings.install
--- libproxy-0.4.14/debian/libgproxy1-plugin-gsettings.install 2013-11-26
02:22:50.0 +0100
+++ libproxy-0.4.14/debian/libgproxy1-plugin-gsettings.install 1970-01-01
01:00:00.0 +0100
@@ -1,2 +0,0 @@
-usr/lib/libproxy/0.4.7/modules/config_gnome3.so
-usr/lib/libproxy/0.4.7/pxgsettings
diff -Nru libproxy-0.4.14/debian/patches/fix-clean-reload-cache.patch
libproxy-0.4.14/debian/patches/fix-clean-reload-cache.patch
--- libproxy-0.4.14/debian/patches/fix-clean-reload-cache.patch 1970-01-01
01:00:00.0 +0100
+++ libproxy-0.4.14/debian/patches/fix-clean-reload-cache.patch 2017-02-07
16:48:06.0 +0100
@@ -0,0 +1,52 @@
+From 1bf46e951b9d35e2e5ad61c85b15f32496017247 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville
+Date: Tue, 7 Feb 2017 16:02:29 +0100
+Subject: [PATCH] Use StateChanged signal instead of StateChange
+
+StateChange signal has been deprecated since NM 0.7 and has been
+completely removed in 0.9, see:
+https://developer.gnome.org/NetworkManager/0.9/ref-migrating.html
+
+Closes: #58
+---
+ libproxy/modules/network_networkmanager.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libproxy/modules/network_networkmanager.cpp
b/libproxy/modules/network_networkmanager.cpp
+index 5198860..546a8ee 100644
+--- a/libproxy/modules/network_networkmanager.cpp
b/libproxy/modules/network_networkmanager.cpp
+@@ -62,7 +62,7 @@ class networkmanager_network_extension : public
network_extension {
+
+ // If connection was successful, set it up
+ dbus_connection_set_exit_on_disconnect(conn, false);
+- dbus_bus_add_match(conn, "type='signal',interface='"
NM_DBUS_INTERFACE "',member='StateChange'", NULL);
++ dbus_bus_add_match(conn, "type='signal',interface='"
NM_DBUS_INTERFACE "',member='StateChanged'", NULL);
+ dbus_connection_flush(conn);
+ }
+
+From 0bdcf9f9dbee67dee47694e0012fa891588abc89 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville
+Date: Tue, 7 Feb 2017 16:05:00 +0100
+Subject: [PATCH] Set lasturl to NULL after free/delete
+
+It avoids the lasturl to be freed a 2nd time when the rewind() method is
+called.
+
+Closes: #59
+---
+ libproxy/modules/wpad_dns_alias.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libproxy/modules/wpad_dns_alias.cpp
b/libproxy/modules/wpad_dns_alias.cpp
+index 669dccf..5b8c2e0 100644
+--- a/libproxy/modules/wpad_dns_alias.cpp
b/libproxy/modules/wpad_dns_alias.cpp
+@@ -39,6 +39,7 @@ class dns_alias_wpad_extension : public wpad_extension {
+ lastpac = *pac = lasturl->get_pac();
+ if (!lastpac) {
+ delete lasturl;
++ lasturl = NULL;
+ return NULL;
+ }
+
diff -Nru libproxy-0.4.14/debian/patches/series
libproxy-0.4.14/debian/patches/series
--- libproxy-0.4.14/debian/patches/series 2017-01-22 13:49:57.0
Bug#860186: unblock: bijiben/3.20.2-1.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package bijiben
I discovered that the bijiben gnome-shell provider and internal bijiben
search were not working at all. The included patch fix that by renaming
the remaining references to the old .desktop file to the new one.
I also moved the search provider executable from /usr/lib/*/ to
/usr/lib/bijiben.
Could you please
unblock bijiben/3.20.2-1.1
Thanks,
Laurent Bigonville
-- System Information:
Debian Release: 9.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru bijiben-3.20.2/debian/changelog bijiben-3.20.2/debian/changelog
--- bijiben-3.20.2/debian/changelog 2016-05-10 12:01:44.0 +0200
+++ bijiben-3.20.2/debian/changelog 2017-04-10 14:15:28.0 +0200
@@ -1,3 +1,14 @@
+bijiben (3.20.2-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * d/p/Rename-remaining-references-of-bijibendesktop-to-o.patch: Rename
+remaining references of bijiben.desktop to org.gnome.bijiben.desktop, this
+fixes the search provider and zeitgeist integration (Closes: #859985)
+ * debian/rules: Move bijiben-shell-search-provider to /usr/lib/bijiben
+(Closes: #860021)
+
+ -- Laurent Bigonville Mon, 10 Apr 2017 14:15:28 +0200
+
bijiben (3.20.2-1) unstable; urgency=medium
* New upstream release.
diff -Nru
bijiben-3.20.2/debian/patches/Rename-remaining-references-of-bijibendesktop-to-o.patch
bijiben-3.20.2/debian/patches/Rename-remaining-references-of-bijibendesktop-to-o.patch
---
bijiben-3.20.2/debian/patches/Rename-remaining-references-of-bijibendesktop-to-o.patch
1970-01-01 01:00:00.0 +0100
+++
bijiben-3.20.2/debian/patches/Rename-remaining-references-of-bijibendesktop-to-o.patch
2017-04-10 14:00:24.0 +0200
@@ -0,0 +1,74 @@
+From 3f5005e58aebd468ab9af9f888bfb4b572100c37 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville
+Date: Mon, 10 Apr 2017 01:22:56 +0200
+Subject: [PATCH] Rename remaining references of bijiben.desktop to
+ org.gnome.bijiben.desktop
+
+This fixes the search provider and zeitgeist integration
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781106
+---
+ data/org.gnome.bijiben-search-provider.ini | 4 ++--
+ src/bijiben-shell-search-provider.c| 2 +-
+ src/libbiji/biji-zeitgeist.c | 6 +++---
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/data/org.gnome.bijiben-search-provider.ini
b/data/org.gnome.bijiben-search-provider.ini
+index f9f60ce..b103eaa 100644
+--- a/data/org.gnome.bijiben-search-provider.ini
b/data/org.gnome.bijiben-search-provider.ini
+@@ -1,5 +1,5 @@
+ [Shell Search Provider]
+-DesktopId=bijiben.desktop
++DesktopId=org.gnome.bijiben.desktop
+ BusName=org.gnome.bijiben.SearchProvider
+ ObjectPath=/org/gnome/bijiben/SearchProvider
+-Version=2
+\ No newline at end of file
++Version=2
+diff --git a/src/bijiben-shell-search-provider.c
b/src/bijiben-shell-search-provider.c
+index 0ea055e..41dfb42 100644
+--- a/src/bijiben-shell-search-provider.c
b/src/bijiben-shell-search-provider.c
+@@ -325,7 +325,7 @@ handle_activate_result (BijibenShellSearchProvider2
*skeleton,
+
+ g_application_hold (user_data);
+
+- app = G_APP_INFO (g_desktop_app_info_new ("bijiben.desktop"));
++ app = G_APP_INFO (g_desktop_app_info_new ("org.gnome.bijiben.desktop"));
+
+ context = gdk_display_get_app_launch_context (gdk_display_get_default ());
+ gdk_app_launch_context_set_timestamp (context, timestamp);
+diff --git a/src/libbiji/biji-zeitgeist.c b/src/libbiji/biji-zeitgeist.c
+index 34c71fa..9c52ffd 100644
+--- a/src/libbiji/biji-zeitgeist.c
b/src/libbiji/biji-zeitgeist.c
+@@ -34,7 +34,7 @@ biji_zeitgeist_init (void)
+
+ log = zeitgeist_log_new ();
+ event = zeitgeist_event_new_full (
+-NULL, NULL, "application://bijiben.desktop", NULL, NULL);
++NULL, NULL, "application://org.gnome.bijiben.desktop", NULL, NULL);
+
+ ptr_arr = g_ptr_array_new ();
+ g_ptr_array_add (ptr_arr, event);
+@@ -95,7 +95,7 @@ check_insert_create_zeitgeist (BijiNoteObj *note)
+ templates = g_ptr_array_new ();
+ event = zeitgeist_event_new_full (ZEITGEIST_ZG_CREATE_EVENT,
+ NULL,
+-"application://bijiben.desktop",
++"application://org.gnome.bijiben.desktop",
+ NULL, NULL);
+ subject = zeitgeist_subject_new ();
+ zeitgeist_subject_set_uri (subject, uri
Bug#862831: unblock: tpm-tools/1.3.9.1-0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock package tpm-tools I've uploaded tpm-tools 1.3.9.1-0.1 to unstable. This version fixes a segfault in tpm_sealdata command. $ debdiff tpm-tools_1.3.9-0.1.dsc tpm-tools_1.3.9.1-0.1.dsc |diffstat config.h.in~| 114 debian/changelog| 10 debian/control |2 lib/Makefile.am |2 lib/Makefile.in |2 lib/tpm_unseal.c|2 po/stamp-po |1 src/cmds/tpm_sealdata.c |2 8 files changed, 15 insertions(+), 120 deletions(-) unblock tpm-tools/1.3.9.1-0.1 Cheers, Laurent Bigonville -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru tpm-tools-1.3.9/config.h.in~ tpm-tools-1.3.9.1/config.h.in~ --- tpm-tools-1.3.9/config.h.in~2016-11-17 20:42:24.0 +0100 +++ tpm-tools-1.3.9.1/config.h.in~ 1970-01-01 01:00:00.0 +0100 @@ -1,114 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define to 1 if translation of program messages to the user's native - language is requested. */ -#undef ENABLE_NLS - -/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the - CoreFoundation framework. */ -#undef HAVE_CFLOCALECOPYCURRENT - -/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in - the CoreFoundation framework. */ -#undef HAVE_CFPREFERENCESCOPYAPPVALUE - -/* Define if the GNU dcgettext() function is already present or preinstalled. - */ -#undef HAVE_DCGETTEXT - -/* Define to 1 if you have the header file. */ -#undef HAVE_DLFCN_H - -/* Define if the GNU gettext() function is already present or preinstalled. */ -#undef HAVE_GETTEXT - -/* Define if you have the iconv() function. */ -#undef HAVE_ICONV - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* Define to 1 if you support file names longer than 14 characters. */ -#undef HAVE_LONG_FILE_NAMES - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -#undef LT_OBJDIR - -/* Name of package */ -#undef PACKAGE - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define as the return type of signal handlers (`int' or `void'). */ -#undef RETSIGTYPE - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Version number of package */ -#undef VERSION - -/* Define to empty if `const' does not conform to ANSI C. */ -#undef const - -/* Define to `int' if doesn't define. */ -#undef gid_t - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* Define to `int' if does not define. */ -#undef mode_t - -/* Define to `long int' if does not define. */ -#undef off_t - -/* Define to `int' if does not define. */ -#undef pid_t - -/* Define to `unsigned int' if does not define. */ -#undef size_t - -/* Define to `int' if doesn't define. */ -#undef uid_t diff -Nru tpm-tools-1.3.9/debian/changelog tpm-tools-1.3.9.1/debian/changelog --- tpm-tools-1.3.9/debian/changelog2017-02-05 23:24:09.0 +0100 +++ tpm-tools-1.3.9.1/debian/changelog 2017-05-13 13:55:08.0 +0200 @@ -1,3 +1,13 @@ +tpm-tools (1.3.9.1-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream release +- Fix segfault in tpm_sealda
Bug#862832: unblock: minissdpd/1.2.20130907-4.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock package minissdpd In version 1.2.20130907-4, After=network-online.target was added in the .service file, see #861231. The problem is that network-online.target is not pulled in the dependency chain by default, so "Wants=network-online.target" is also needed. In the old LSB initscript, there was also a "Should-Start: $network", After/Wants=network-online.target is the equivalant for systemd. $ debdiff minissdpd_1.2.20130907-4.dsc minissdpd_1.2.20130907-4.1.dsc diff -Nru minissdpd-1.2.20130907/debian/changelog minissdpd-1.2.20130907/debian/changelog --- minissdpd-1.2.20130907/debian/changelog 2017-04-26 17:07:25.0 +0200 +++ minissdpd-1.2.20130907/debian/changelog 2017-05-08 16:12:09.0 +0200 @@ -1,3 +1,12 @@ +minissdpd (1.2.20130907-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Also add Wants=network-online.target in the .service file, +network-online.target is not part of the default dependency chain, this +should really (Closes: #861231) + + -- Laurent Bigonville Mon, 08 May 2017 16:12:09 +0200 + minissdpd (1.2.20130907-4) unstable; urgency=medium * Add After=network-online.target in the .service file (Closes: #861231). diff -Nru minissdpd-1.2.20130907/debian/minissdpd.service minissdpd-1.2.20130907/debian/minissdpd.service --- minissdpd-1.2.20130907/debian/minissdpd.service 2017-04-26 17:07:25.0 +0200 +++ minissdpd-1.2.20130907/debian/minissdpd.service 2017-05-08 16:12:05.0 +0200 @@ -2,6 +2,7 @@ Description=keep memory of all UPnP devices that announced themselves Documentation=man:minissdpd(1) After=network-online.target +Wants=network-online.target [Service] Type=forking unblock minissdpd/1.2.20130907-4.1 Thanks, Laurent Bigonville -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#911445: transition: libtirpc
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, Unstable currently contains libtirpc 0.2.5 which is quite old. Experimental contains a newer version but this newer version had a soname bump. The newer version of libtirpc is needed by gluster, see #911097 I tested the different rdeps and they all build fine except yp-tools (not in testing ATM and probably not related to libtirpc anyway). Note also that nfs-utils will require a source-full upload as it has an explicit dependency against libtirpc1(?). I'm planning to upload rpcbind, currently in unstable, at the same time. Kind regards, Laurent Bigonville Ben file: title = "libtirpc"; is_affected = .depends ~ "libtirpc1" | .depends ~ "libtirpc3"; is_good = .depends ~ "libtirpc3"; is_bad = .depends ~ "libtirpc1"; -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#911445: transition: libtirpc
Le 20/10/18 à 12:59, Emilio Pozuelo Monfort a écrit : Control: tags -1 confirmed On 20/10/2018 11:14, Laurent Bigonville wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, Unstable currently contains libtirpc 0.2.5 which is quite old. Experimental contains a newer version but this newer version had a soname bump. The newer version of libtirpc is needed by gluster, see #911097 I tested the different rdeps and they all build fine except yp-tools (not in testing ATM and probably not related to libtirpc anyway). Note also that nfs-utils will require a source-full upload as it has an explicit dependency against libtirpc1(?). I'm planning to upload rpcbind, currently in unstable, at the same time. Go ahead. libtirpc is now built on all linux architectures and rpcbind and nfs-utils have been uploaded. I guess the other binNMU can be scheduled? Thanks!
Bug#912685: debian/rules is not binNMU safe
Source: net-snmp Version: 5.7.3+dfsg-4 Severity: serious Hi, In debian/rules you have the following: UPSTREAM_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ':' | sed 's/ //' | sed 's/~dfsg.*$$//') COMPAT_VERSION = $(UPSTREAM_VERSION)~dfsg [...] override_dh_makeshlibs: dh_makeshlibs -plibsnmp$(LIB_VERSION) -V"libsnmp$(LIB_VERSION) (>= $(COMPAT_VERSION))" When a binNMU is scheduled, UPSTREAM_VERSION is set to 5.7.3+dfsg-4+b1 and then COMPAT_VERSION is set to 5.7.3+dfsg-4+b1~dfsg which is completely boggus All the reverse-dependency will have this boggus version in their generated dependency list. Why aren't you using "dh_makeshlibs -V" or the version macro that are present in /usr/share/dpkg/pkg-info.mk ? Kind regards, Laurent Bigonville -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Bug#923324: nmu: libssh_0.8.6-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, libssh is statically linking against nacl. Before 20110221-6.1 (uploaded today), nacl was not built with -fPIC (#92), I suspect that this might be the root cause of #919956. Could you please rebuild libssh against the last upload of nacl? Thanks, Laurent Bigonville nmu libssh_0.8.6-3 . ANY -ia64 -kfreebsd-amd64 -kfreebsd-i386 . unstable . -m "Rebuild against nacl built with -fPIC" dw libssh_0.8.6-3 . ANY . -m "libnacl-dev (>= 20110221-6.1)" -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#867091: stretch-pu: package gnome-settings-daemon/3.22.2-2
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, Today I discovered that gnome-settings-daemon was not remembering the numlock state between the different sessions due to a debian specific patch. This is particularly a problem for people using wayland. Upstream has this enabled for years, but due to an old bug (around 2012) this feature was disabled. This bug is fixed today. The attached debdiff reset the remember-numlock-state dconf key back to the upstream value. This should IMHO be fixed in stable. Regards, Laurent Bigonville -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru gnome-settings-daemon-3.22.2/debian/changelog gnome-settings-daemon-3.22.2/debian/changelog --- gnome-settings-daemon-3.22.2/debian/changelog 2017-04-24 20:54:01.0 +0200 +++ gnome-settings-daemon-3.22.2/debian/changelog 2017-07-03 21:51:39.0 +0200 @@ -1,3 +1,10 @@ +gnome-settings-daemon (3.22.2-2+deb9u1) stretch; urgency=medium + + * Remove debian/gnome-settings-daemon.gsettings-override to remember the +NumLock state between sessions by default (Closes: #649587) + + -- Laurent Bigonville Mon, 03 Jul 2017 21:51:39 +0200 + gnome-settings-daemon (3.22.2-2) unstable; urgency=medium * Team upload diff -Nru gnome-settings-daemon-3.22.2/debian/gnome-settings-daemon.gsettings-override gnome-settings-daemon-3.22.2/debian/gnome-settings-daemon.gsettings-override --- gnome-settings-daemon-3.22.2/debian/gnome-settings-daemon.gsettings-override 2012-09-29 12:14:58.0 +0200 +++ gnome-settings-daemon-3.22.2/debian/gnome-settings-daemon.gsettings-override 1970-01-01 01:00:00.0 +0100 @@ -1,2 +0,0 @@ -[org.gnome.settings-daemon.peripherals.keyboard] -remember-numlock-state=false
Bug#867479: stretch-pu: package adwaita-icon-theme/3.22.0-1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, It seems that the version 3.22.0-1 of adwaita-icon-theme is shipping a malformed .svg icon. The attached patch if fixing that. It will be fixed in unstable/testing in the next adwaita-icon-theme upload. Regards, Laurent Bigonville -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Index: debian/patches/series === --- debian/patches/series (nonexistent) +++ debian/patches/series (révision 52608) @@ -0,0 +1 @@ +01_fix_send-to-symbolic.patch Index: debian/patches/01_fix_send-to-symbolic.patch === --- debian/patches/01_fix_send-to-symbolic.patch(nonexistent) +++ debian/patches/01_fix_send-to-symbolic.patch(révision 52608) @@ -0,0 +1,41 @@ +From 58cd459e1fdba84f3c7e745636188750ad6d44c8 Mon Sep 17 00:00:00 2001 +From: Iain Lane +Date: Tue, 13 Dec 2016 11:52:56 + +Subject: symbolic: re-render send-to + +Re-render send-to to clean up merge conflict grabage. + +https://bugzilla.gnome.org/show_bug.cgi?id=772031 +--- + Adwaita/scalable/actions/send-to-symbolic.svg | 8 ++-- + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/Adwaita/scalable/actions/send-to-symbolic.svg b/Adwaita/scalable/actions/send-to-symbolic.svg +index ac20050..0b661cb 100644 +--- a/Adwaita/scalable/actions/send-to-symbolic.svg b/Adwaita/scalable/actions/send-to-symbolic.svg +@@ -1,7 +1,7 @@ + + + +- ++ + + + +@@ -11,11 +11,7 @@ + + + +-<<<<<<< HEAD +- +-=== +- +->>>>>>> db54204... symbolic: odd recoloring issue workaround ++ + + + Gnome Symbolic Icon Theme +-- +cgit v0.12 + Index: debian/changelog === --- debian/changelog(révision 52605) +++ debian/changelog(révision 52608) @@ -1,3 +1,10 @@ +adwaita-icon-theme (3.22.0-1+deb9u1) UNRELEASED; urgency=medium + + * debian/patches/01_fix_send-to-symbolic.patch: Fix malformed +send-to-symbolic icon (Closes: #838961) + + -- Laurent Bigonville Thu, 06 Jul 2017 20:12:11 +0200 + adwaita-icon-theme (3.22.0-1) unstable; urgency=medium [ Andreas Henriksson ]
Bug#868344: stretch-pu: package gnome-settings-daemon/3.22.2-2+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
When a new user is login-in for the first time, g-s-d will add by
default the machine keyboard layout but also the US one.
The problem is that on the 1st login, for some reason the layout will be
set on US and not on the machine one. This is bug #859268.
A patch that is only adding the US layout if the system configured one
cannot be determined has been merged upstream.
This should probably be fixed in stable as well.
Regrads,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Index: debian/changelog
===
--- debian/changelog(révision 52659)
+++ debian/changelog(révision 52660)
@@ -1,3 +1,12 @@
+gnome-settings-daemon (3.22.2-2+deb9u2) UNRELEASED; urgency=medium
+
+ * d/p/keyboard-Only-add-the-us-layout-if-the-system-config.patch:
+Do not add the "US" keyboard layout by default for new users, for some
+reasons, this keyboard was prefered over the system configured one on the
+first login. (Closes: #859268)
+
+ -- Laurent Bigonville Fri, 14 Jul 2017 18:58:56 +0200
+
gnome-settings-daemon (3.22.2-2+deb9u1) stretch; urgency=medium
* Remove debian/gnome-settings-daemon.gsettings-override to remember the
Index: debian/patches/keyboard-Only-add-the-us-layout-if-the-system-config.patch
===
--- debian/patches/keyboard-Only-add-the-us-layout-if-the-system-config.patch
(nonexistent)
+++ debian/patches/keyboard-Only-add-the-us-layout-if-the-system-config.patch
(révision 52660)
@@ -0,0 +1,72 @@
+From d68ef6ad95bd2a5210715feea4ca5112885bec92 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville
+Date: Fri, 7 Jul 2017 17:40:17 +0200
+Subject: [PATCH 1/4] keyboard: Only add the "us" layout if the system config
+ cannot be determined
+
+Currently, the "us" keyboard layout is always added the first time the
+user is login in, this should only be necessary if the system configured
+layout cannot be determined.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=784654
+---
+ plugins/keyboard/gsd-keyboard-manager.c | 18 +++---
+ 1 file changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/plugins/keyboard/gsd-keyboard-manager.c
b/plugins/keyboard/gsd-keyboard-manager.c
+index dd69..ea67dda1 100644
+--- a/plugins/keyboard/gsd-keyboard-manager.c
b/plugins/keyboard/gsd-keyboard-manager.c
+@@ -441,7 +441,6 @@ get_sources_from_xkb_config (GsdKeyboardManager *manager)
+ gint i, n;
+ gchar **layouts = NULL;
+ gchar **variants = NULL;
+-gboolean have_default_layout = FALSE;
+
+ v = g_dbus_proxy_get_cached_property (priv->localed, "X11Layout");
+ if (v) {
+@@ -451,8 +450,12 @@ get_sources_from_xkb_config (GsdKeyboardManager *manager)
+ g_variant_unref (v);
+ }
+
+-if (!layouts)
+-return;
++init_builder_with_sources (&builder, priv->input_sources_settings);
++
++if (!layouts) {
++g_variant_builder_add (&builder, "(ss)",
INPUT_SOURCE_TYPE_XKB, DEFAULT_LAYOUT);
++goto out;
++ }
+
+ v = g_dbus_proxy_get_cached_property (priv->localed, "X11Variant");
+ if (v) {
+@@ -467,8 +470,6 @@ get_sources_from_xkb_config (GsdKeyboardManager *manager)
+ else
+ n = g_strv_length (layouts);
+
+-init_builder_with_sources (&builder, priv->input_sources_settings);
+-
+ for (i = 0; i < n && layouts[i][0]; ++i) {
+ gchar *id;
+
+@@ -477,16 +478,11 @@ get_sources_from_xkb_config (GsdKeyboardManager *manager)
+ else
+ id = g_strdup (layouts[i]);
+
+-if (g_str_equal (id, DEFAULT_LAYOUT))
+-have_default_layout = TRUE;
+-
+ g_variant_builder_add (&builder, "(ss)",
INPUT_SOURCE_TYPE_XKB, id);
+ g_free (id);
+ }
+
+-if (!have_default_layout)
+-g_variant_builder_add (&builder, "(ss)",
INPUT_SOURCE_TYPE_XKB, DEFAULT_LAYOUT);
+-
++out:
+ g_settings_set_value (priv->input_sources_settings,
KEY_INPUT_SOURCES, g_variant_builder_end (&builder));
+
+ g_strfreev (layouts);
+--
+2.1
Bug#876527: stretch-pu: package gdm3/3.22.3-3
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
XDMCP support in gdm 3.22 is currently completely broken (see: #873199)
I've backported some patches from the later releases and from git master
fix this. The majority of the patches are already included in sid/buster
version, the other ones will be included in the 2nd of Octobre point
release.
I've tested this locally with one client (both direct and indirect
connections) and it's working as expected.
Regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gdm3-3.22.3/debian/changelog gdm3-3.22.3/debian/changelog
--- gdm3-3.22.3/debian/changelog2017-06-06 20:17:04.0 +0200
+++ gdm3-3.22.3/debian/changelog2017-09-23 11:56:40.0 +0200
@@ -1,3 +1,10 @@
+gdm3 (3.22.3-3+deb9u1) stretch; urgency=medium
+
+ * Backports a bunch of patches to fix XDMCP support including a potential
+cracher (Closes: #873199, #814989)
+
+ -- Laurent Bigonville Sat, 23 Sep 2017 11:56:40 +0200
+
gdm3 (3.22.3-3) unstable; urgency=medium
* libgdm1: add breaks/replaces on good old gdm. Who knows how many users
diff -Nru
gdm3-3.22.3/debian/patches/chooser-filter-out-duplicate-hostnames.patch
gdm3-3.22.3/debian/patches/chooser-filter-out-duplicate-hostnames.patch
--- gdm3-3.22.3/debian/patches/chooser-filter-out-duplicate-hostnames.patch
1970-01-01 01:00:00.0 +0100
+++ gdm3-3.22.3/debian/patches/chooser-filter-out-duplicate-hostnames.patch
2017-09-23 11:56:40.0 +0200
@@ -0,0 +1,72 @@
+From 2738cc21830eee9468c83608504d6bf719f8ac03 Mon Sep 17 00:00:00 2001
+From: Ray Strode
+Date: Fri, 31 Mar 2017 15:40:21 -0400
+Subject: [PATCH] chooser: filter out duplicate hostnames
+
+One host may report itself on multiple interfaces.
+GDM only supports based on hostname not interface,
+so that leads duplicate entries in the list.
+
+This commit filters out the dupes.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780787
+---
+ chooser/gdm-host-chooser-widget.c | 34 +-
+ 1 file changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/chooser/gdm-host-chooser-widget.c
b/chooser/gdm-host-chooser-widget.c
+index f8aabf3e..e2507900 100644
+--- a/chooser/gdm-host-chooser-widget.c
b/chooser/gdm-host-chooser-widget.c
+@@ -119,6 +119,33 @@ chooser_host_remove (GdmHostChooserWidget *widget,
+ }
+ #endif
+
++static gboolean
++address_hostnames_equal (GdmAddress *address,
++ GdmAddress *other_address)
++{
++char *hostname, *other_hostname;
++gboolean are_equal;
++
++if (gdm_address_equal (address, other_address)) {
++return TRUE;
++}
++
++if (!gdm_address_get_hostname (address, &hostname)) {
++gdm_address_get_numeric_info (address, &hostname, NULL);
++}
++
++if (!gdm_address_get_hostname (other_address, &other_hostname)) {
++gdm_address_get_numeric_info (other_address, &other_hostname,
NULL);
++}
++
++are_equal = g_strcmp0 (hostname, other_hostname) == 0;
++
++g_free (hostname);
++g_free (other_hostname);
++
++return are_equal;
++}
++
+ static GdmChooserHost *
+ find_known_host (GdmHostChooserWidget *widget,
+ GdmAddress *address)
+@@ -127,8 +154,13 @@ find_known_host (GdmHostChooserWidget *widget,
+ GdmChooserHost *host;
+
+ for (li = widget->priv->chooser_hosts; li != NULL; li = li->next) {
++GdmAddress *other_address;
++
+ host = li->data;
+-if (gdm_address_equal (gdm_chooser_host_get_address (host),
address)) {
++
++other_address = gdm_chooser_host_get_address (host);
++
++if (address_hostnames_equal (address, other_address)) {
+ goto out;
+ }
+ }
+--
+2.14.1
+
diff -Nru
gdm3-3.22.3/debian/patches/chooser-fix-duplicate-entry-in-the-list.patch
gdm3-3.22.3/debian/patches/chooser-fix-duplicate-entry-in-the-list.patch
--- gdm3-3.22.3/debian/patches/chooser-fix-duplicate-entry-in-the-list.patch
1970-01-01 01:00:00.0 +0100
+++ gdm3-3.22.3/debian/patches/chooser-fix-duplicate-entry-in-the-list.patch
2017-09-23 11:56:40.0 +0200
@@ -0,0 +1,27 @@
+From b08bbb52f422b33768cef9351bb860a2fe1ae91d Mon Sep 17 00:00:00 2001
Bug#876527: stretch-pu: package gdm3/3.22.3-3
Le 29/09/17 à 19:43, Adam D. Barratt a écrit : Control: tags -1 + moreinfo On Sat, 2017-09-23 at 13:04 +0200, Laurent Bigonville wrote: XDMCP support in gdm 3.22 is currently completely broken (see: #873199) I've backported some patches from the later releases and from git master fix this. The majority of the patches are already included in sid/buster version, the other ones will be included in the 2nd of Octobre point release. I've tested this locally with one client (both direct and indirect connections) and it's working as expected. Ugh, that's a lot of patches. :-( Yeah :/ Most of patches are backported from: https://bugzilla.gnome.org/show_bug.cgi?id=780787 Two of them are fixing issues introduced by that patch set: https://bugzilla.gnome.org/show_bug.cgi?id=783779 https://bugzilla.gnome.org/show_bug.cgi?id=780618 Two others are fixing XDMCP when using dbus user bus (compared to session bus): https://bugzilla.gnome.org/show_bug.cgi?id=787943 I got the feedback from the original bugreporter (#873199) that his bug was fixed with that set of patches When you say "2nd of October point release", when is that actually expected to be in unstable? gdm 3.26.1 that is including all these patches is now in unstable.
Bug#877934: stretch-pu: package cron/3.0pl1-128.1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
The version of cron currently in stretch is not properly transitioning
the system jobs to the correct SELinux context (See: #857662).
This is breaking cron for the people using SELinux on debian.
The root cause of this is a change in the SELinux policy.
The attached patch (that has been pushed to unstable) is fixing this and
is also avoiding hardcoding identifiers and detect them at runtime
instead. This is a more complete patch than the one proposed on the
original bugreport.
All the changes are only affecting the code path when SELinux is
enabled.
Regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
--- cron-3.0pl1/debian/changelog
+++ cron-3.0pl1/debian/changelog
@@ -1,3 +1,11 @@
+cron (3.0pl1-128+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Properly transition system jobs to system_cronjob_t SELinux context and
+stop relying on refpolicy specific identifiers (Closes: #857662)
+
+ -- Laurent Bigonville Sat, 07 Oct 2017 15:38:27 +0200
+
cron (3.0pl1-128) unstable; urgency=medium
* d/cron.service: Use KillMode=process to kill only the daemon.
diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c
--- cron-3.0pl1/user.c
+++ cron-3.0pl1/user.c
@@ -47,22 +47,31 @@
char *level = NULL;
int i;
+if(getcon(¤t_con)) {
+log_it(name, getpid(), "Can't get current context", tabname);
+return -1;
+}
+
if (name != NULL) {
if (getseuserbyname(name, &seuser, &level)) {
log_it(name, getpid(), "getseuserbyname FAILED", tabname);
+freecon(current_con);
return (security_getenforce() > 0);
}
}
else
{
-seuser = strdup("system_u");
+context_t temp_con = context_new(current_con);
+if (temp_con == NULL) {
+log_it(name, getpid(), "context_new FAILED", tabname);
+freecon(current_con);
+return (security_getenforce() > 0);
+}
+seuser = strdup(context_user_get(temp_con));
+context_free(temp_con);
}
*rcontext = NULL;
-if(getcon(¤t_con)) {
-log_it(name, getpid(), "Can't get current context", tabname);
-return -1;
-}
list_count = get_ordered_context_list_with_level(seuser, level,
current_con, &context_list);
freecon(current_con);
free(seuser);
@@ -215,7 +224,7 @@
if (is_selinux_enabled() > 0) {
char *sname=uname;
if (pw==NULL) {
-sname="system_u";
+sname=NULL;
}
if (get_security_context(sname, crontab_fd,
&u->scontext, tabname) != 0 ) {
Bug#882180: nmu:
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, Apparently pycairo upstream broke the ABI a while back and the package with this breakage has been uploaded (by me) in unstable today. (See: #878080) I don't think that reverting the break is a good idea has it happened upstream sometime ago and IMHO we should just go forward. The number of package impacted is quite limited[0], some have already been fixed by a sourceful upload to day, the remaining ones are: nmu pygtk_2.24.0-5.1 . ANY . unstable . -m "Rebuild after pycairo ABI break" dw pygtk_2.24.0-5.1 . ANY . -m 'python-cairo-dev (>= 1.15.4)' nmu hippo-canvas_0.3.1-1.2 . ANY . unstable . -m "Rebuild after pycairo ABI break" dw hippo-canvas_0.3.1-1.2 . ANY . -m 'python-cairo-dev (>= 1.15.4)' nmu gnome-python-desktop_2.32.0+dfsg-4 . ANY . unstable . -m "Rebuild after pycairo ABI break" dw gnome-python-desktop_2.32.0+dfsg-4 . ANY . -m 'python-cairo-dev (>= 1.15.4)' nmu gcompris_15.10-1 . ANY . unstable . -m "Rebuild after pycairo ABI break" dw gcompris_15.10-1 . ANY . -m 'python-cairo-dev (>= 1.15.4)' nmu pygobject-2_2.28.6-13 . ANY . unstable . -m "Rebuild after pycairo ABI break" dw pygobject-2_2.28.6-13 . ANY . -m 'python-cairo-dev (>= 1.15.4)' Kind regards, Laurent Bigonville [0] https://codesearch.debian.net/search?q=Pycairo_IMPORT -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#882180: nmu: multiple python related packages
On Mon, 20 Nov 2017 00:16:08 +0100 Laurent Bigonville wrote: > Hello, > > Apparently pycairo upstream broke the ABI a while back and the package > with this breakage has been uploaded (by me) in unstable today. (See: > #878080) > > I don't think that reverting the break is a good idea has it happened > upstream sometime ago and IMHO we should just go forward. > > The number of package impacted is quite limited[0], some have already > been fixed by a sourceful upload to day, the remaining ones are: > I think that python-mapnik should be added as well to the list as well, it build-depends against python-cairo-dev and seems to use it
Bug#877934: stretch-pu: package cron/3.0pl1-128.1
On Sat, 07 Oct 2017 15:51:09 +0200 Laurent Bigonville wrote: > Hi, > > The version of cron currently in stretch is not properly transitioning > the system jobs to the correct SELinux context (See: #857662). > > This is breaking cron for the people using SELinux on debian. > > The root cause of this is a change in the SELinux policy. > > The attached patch (that has been pushed to unstable) is fixing this and > is also avoiding hardcoding identifiers and detect them at runtime > instead. This is a more complete patch than the one proposed on the > original bugreport. > > All the changes are only affecting the code path when SELinux is > enabled. Did somebody had the time to look at this?
Bug#611639: Please unblock gupnp-igd/0.1.7-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Could you please unblock gupnp-igd/0.1.7-3. gupnp-igd (0.1.7-3) unstable; urgency=low * debian/watch: Fix URL pattern * debian/control: - Bump Standards-Version to 3.9.1 (no further changes) - Versionize python-all-dev build-dependency * d/p/0001-fix_crash_invalid_address.patch: Fix crash if gateway returns invalid address (Closes: #610398 LP: #704172) -- Laurent Bigonville Tue, 18 Jan 2011 23:40:27 +0100 It fixes bug 610398[0] that makes applications segfault if the router send bogus address/port. The patch is available in git[1] and is taken from upstream. Cheers Laurent Bigonville [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610398 [1] http://git.debian.org/?p=collab-maint/gupnp-igd.git;a=commitdiff;h=ebd4b483b53cad8a9f592ffba960c5281213a983 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110131154657.17f45...@eldamar.bigon.be
Bug#618344: champlain 0.8 transition
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I'd like to start the transition to champlain 0.8 (libchamplain-0.4-0 to libchamplain-0.8-1 and libchamplain-gtk-0.4-0 to libchamplain-gtk-0.8-1) The source packages involved in this transition are: - empathy - emerillon - claws-mail-extra-plugins - geeqie - eog-plugins - evolution The required changes are: - Changing the build-dependencies - Patch the configure to look for the new .pc file The transition has already been done in ubuntu for a while and patches are available for most of the packages. Also the python bindings are gone (no rdeps) and have been replaced by g-i bindings, so I guess this must be done after gobject-introspection transition. Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110314151955.60f5e...@eldamar.bigon.be
Bug#622363: transition: libnotify 0.7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, We would like to perform the transition from libnotify1 to libnotify4. This transition will requires sourcefull uploads as there is a (minimal) API change. libnotify 0.7 is already present in experimental. Cheers Laurent Bigonville bzcat Sources.bz2 |grep-dctrl -s Package -F Build-Depends libnotify-dev|cut -d: -f2|sort -u alarm-clock alarm-clock-applet ario awn-extras-applets balsa bognor-regis boinc brasero claws-mail-extra-plugins collectd deja-dup dhcpcd-ui eiskaltdcpp ekiga empathy enigmail epiphany-browser evolution exo florence flush gir-repository gnoemoe gnome-applets gnome-bluetooth gnome-color-manager gnome-disk-utility gnome-mount gnome-mplayer gnome-packagekit gnome-power-manager gnome-settings-daemon gnome-user-share gnunet-gtk gnunet-qt goobox gsql gwget2 hornsey icedove iceowl instantbird ipwatchd-gnotify ircp-tray java-gnome kerneloops krb5-auth-dialog libgtk2-notify-perl libnotifymm liferea lxmusic mail-notification mango-lassi midori minbar modest muine network-manager-applet notification-daemon notify-osd notify-python openfetion orage osmo padevchooser parole pidgin-libnotify pino pomodoro-applet psensor rhythmbox salasaga seahorse seahorse-plugins sensors-applet sflphone synce-trayicon syncevolution syncmaildir systemd tracker transmission twitux uget update-notifier vagalume vino vlc xchat-gnome xfce4-power-manager xfce4-sensors-plugin xfce4-settings xfce4-volumed xneur zenity -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110412162800.2d023...@eldamar.bigon.be
Bug#622363: transition: libnotify 0.7
Le Wed, 25 May 2011 15:08:39 +0200, Mehdi Dogguy a écrit : > @Laurent: Do you know already which packages will need a sourceful > upload? Reporting bugs against those and user-tagging the reports > would help to see what's needed. During the weekend I've rebuilt all the packages that are depending against libnotify-dev. 70 over the 98 packages I've tried FTBFS... I've not looked at the build logs deeply, but I don't think all the FTBFS are related to libnotify transition, but still this transition will requires some sourceful uploads. I've uploaded the buildlog here: http://people.debian.org/~bigon/libnotify0.7_rebuildlog/ Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110609000702.75fd2...@fornost.bigon.be
binNMU gnome-shell for iceweasel transition
Hi, Could you please schedule a binNMU for gnome-shell in experimental. This is required due to the libmozjs4d -> libmozjs5d renaming. This would close bug #635171 [0] Thanks Laurent Bigonville [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635171 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110723135322.4a2a3...@fornost.bigon.be
Bug#622371: transition: webkit
Hi, I've opened the bugs to asked the maintainer to update the build-dependency: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=webkit1.3_transition;users=pkg-webkit-maintain...@lists.alioth.debian.org Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110725210156.6c3ce...@fornost.bigon.be
Bug#622371: transition: webkit
Hi, libwebkit-dev has been added back in 1.4.2-2 webkitgtk+ upload and it's now a dummy package that depends against the new libwebkitgtk-dev package. Could a binNMU be scheduled for the packages that have not yet adjusted their build depdendencies yet? A BD-wait should be set for libwebkit-dev (>= 1.4.2-2). Thanks Laurent Bigonville PS: Could webkitgtk+ be given back on ia64 and sparc, it FTBFS due to a free disk space issue *sigh*. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110730013033.64f13...@fornost.bigon.be
Bug#622363: transition: libnotify 0.7
Le Sat, 30 Jul 2011 23:18:33 +0200, Julien Cristau a écrit : > Let's go ahead with this. Alright, So here a first list of packages that can be binNMU'ed (their transition bug is marked as closed in unstable): nmu alarm-clock-applet_0.3.2-1 gnunet-gtk_0.8.1a-3 . ALL -i386 . -m 'Rebuild against libnotify4' nmu ario_1.5.1-1 balsa_2.4.10-2 dhcpcd-ui_0.5.2-1 ekiga_3.2.7-4 flush_0.9.10-1 gnome-mplayer_1.0.4-1 ipwatchd-gnotify_1.0.1-1 ircp-tray_0.7.6-1 mango-lassi_001+dfsg-4 osmo_0.2.10+svn922-2 pidgin-libnotify_0.14-5 salasaga_0.8.0~alpha7-2 vagalume_0.8.5-1 xfce4-power-manager_1.0.10-4 xfce4-sensors-plugin_1.2.3-1 . ALL . -m 'Rebuild against libnotify4' dw alarm-clock-applet_0.3.2-1 gnunet-gtk_0.8.1a-3 . ALL -i386 . -m 'libnotify-dev (>= 0.7)' dw ario_1.5.1-1 balsa_2.4.10-2 dhcpcd-ui_0.5.2-1 ekiga_3.2.7-4 flush_0.9.10-1 gnome-mplayer_1.0.4-1 ipwatchd-gnotify_1.0.1-1 ircp-tray_0.7.6-1 mango-lassi_001+dfsg-4 osmo_0.2.10+svn922-2 pidgin-libnotify_0.14-5 salasaga_0.8.0~alpha7-2 vagalume_0.8.5-1 xfce4-power-manager_1.0.10-4 xfce4-sensors-plugin_1.2.3-1 . ALL . -m 'libnotify-dev (>= 0.7)' Let's hope the format is OK. Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110731122126.3afa1...@fornost.bigon.be
Bug#622363: transition: libnotify 0.7
Le Sun, 31 Jul 2011 12:21:26 +0200, Laurent Bigonville a écrit : > Le Sat, 30 Jul 2011 23:18:33 +0200, > Julien Cristau a écrit : > > > Let's go ahead with this. > > Alright, > > So here a first list of packages that can be binNMU'ed (their > transition bug is marked as closed in unstable): And here a second batch of binNMU: nmu eiskaltdcpp_2.2.3-1 florence_0.5.0-3 linuxdcpp_1.1.0-1 mail-notification_5.4.dfsg.1-2.4 midori_0.3.6-2 openfetion_2.2.1-2 orage_4.8.1-2 parole_0.2.0.6-1 pcmanx-gtk2_1.0-2 postler_0.1.1-1 psensor_0.6.1.9-2 steadyflow_0.1.7-2 synapse_0.2.6-1 thunar_1.2.2-1 thunar-volman_0.6.0-4 uget_1.8.0-1 vlc_1.1.11-2 xchat-gnome_0.30.0~git20100421.29cc76-1 xfce4-places-plugin_1.2.0-3 xfce4-settings_4.8.2-2 xfce4-volumed_0.1.13-2 xfdesktop4_4.8.2-1 . ALL . -m 'Rebuild against libnotify4' Thanks Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110731212854.51bcd...@fornost.bigon.be
Bug#636347: RM: open-vm-tools/wheezy -- ROM; RC; FTBFS; block libnotify 0.7 transition
Package: release.debian.org Severity: normal Hi, open-vm-tools is part of the libnotify 0.7 transition but unfortunately currently FTBFS and has several RC bugs. I guess it should be removed from testing to easy the transition. Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110802150651.402da...@eldamar.bigon.be
Bug#622371: transition: webkit
Hi, Could you please schedule binNMU for the webkit 1.3 transition: nmu banshee_2.0.1-3 bibledit_4.0-1 gimp_2.6.11-3 gmpc-plugins_0.20.0-1 kazehakase_0.5.8-4 lekhonee-gnome_0.11-1 miro_4.0.2-1 shotwell_0.9.3-1 surf_0.4.1-4 swt-gtk_3.7-2 uzbl_0.0.0~git.20110412-1 webkit-image_0.0.svn25399-2 xtrkcad_1:4.0.2-2 yelp_2.30.1+webkit-1 . ALL . -m 'Rebuild against libwebkitgtk-1.0-0' nmu haskell-webkit_0.12.1-1 . ALL -mipsel . -m 'Rebuild against libwebkitgtk-1.0-0' nmu postler_0.1.1-1 . ia64 sparc . -m 'Rebuild against libwebkitgtk-1.0-0' dw banshee_2.0.1-3 bibledit_4.0-1 gimp_2.6.11-3 gmpc-plugins_0.20.0-1 kazehakase_0.5.8-4 lekhonee-gnome_0.11-1 miro_4.0.2-1 shotwell_0.9.3-1 surf_0.4.1-4 swt-gtk_3.7-2 uzbl_0.0.0~git.20110412-1 webkit-image_0.0.svn25399-2 xtrkcad_1:4.0.2-2 yelp_2.30.1+webkit-1 haskell-webkit_0.12.1-1 postler_0.1.1-1 . ia64 sparc . -m 'libwebkit-dev (>= 1.4.2-2)' Thanks Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110802205322.56074...@fornost.bigon.be
Bug#622371: transition: webkit
Le Tue, 2 Aug 2011 20:53:22 +0200, Laurent Bigonville a écrit : Hi, Webkitgtk+ has now migrated to testing, I guess can go on with this transition. Could you please binNMU the following packages: nmu bibledit_4.0-1 gmpc-plugins_0.20.0-1 kazehakase_0.5.8-4 surf_0.4.1-4 swt-gtk_3.7-2 uzbl_0.0.0~git.20110412-1 webkit-image_0.0.svn25399-2 xtrkcad_1:4.0.2-2 yelp_2.30.1+webkit-1 . ALL . -m 'Rebuild against libwebkitgtk-1.0-0' nmu postler_0.1.1-1 . ia64 sparc . -m 'Rebuild against libwebkitgtk-1.0-0' nmu gimp_2.6.11-3 liferea_1.6.5-1.2 . ia64 . -m 'Rebuild against libwebkitgtk-1.0-0' Cheers Lairent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110922174511.7f37a...@eldamar.bigon.be
Bug#646095: /usr/lib/claws-mail/plugins/fancy.so: undefined symbol: webkit_web_view_get_selected_text
Hi, FYI claws-mail-fancy-plugin is also affected by this, when trying to load the plugin, I get: /usr/lib/claws-mail/plugins/fancy.so: undefined symbol: webkit_web_view_get_selected_text Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111022152539.1964b...@fornost.bigon.be
hints request for gupnp
Hi, Could you please add a hint to help gupnp package to migrate to testing. Kind regards Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: hints request for gupnp
Le Thu, 15 Oct 2009 15:45:50 +0100, "Adam D. Barratt" a écrit : Hi, > Adam D. Barratt wrote: > > Hi, > > > > On Mon, 2009-10-12 at 10:26 +0200, Laurent Bigonville wrote: > >> Could you please add a hint to help gupnp package to migrate to > >> testing. > > > > I've started preparing a hint for this, but note that farsight2 is > > tied in to gupnp migrating and as a new upstream version of > > farsight2 was uploaded a few hours ago we'll now need to wait for > > that to be ready to transition. > > More importantly (which I should have noticed before), gupnp-tools > has a new RC-bug relative to testing - #549000. Could you have a look at that again? Best regards Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Please unblock acr38 1.7.9-2
Hi,
Please unblock acr38 1.7.9-2.
This upload fix a bug with the post{inst,rm} scripts. This bug prevents
the package to install cleanly with last versions of pcscd. Changes are
minimal, should not cause any problems.
Regards
Laurent Bigonville
diff -u acr38-1.7.9/debian/changelog acr38-1.7.9/debian/changelog
--- acr38-1.7.9/debian/changelog
+++ acr38-1.7.9/debian/changelog
@@ -1,3 +1,10 @@
+acr38 (1.7.9-2) unstable; urgency=low
+
+ * Call restart instead of restart-if-running for restarting pcscd
since it
+disapears without warning.
+
+ -- Laurent Bigonville <[EMAIL PROTECTED]> Wed, 28 Feb 2007 15:59:32
+0100 +
acr38 (1.7.9-1) unstable; urgency=low
* New upstream release.
diff -u acr38-1.7.9/debian/libacr38u.postrm
acr38-1.7.9/debian/libacr38u.postrm ---
acr38-1.7.9/debian/libacr38u.postrm +++
acr38-1.7.9/debian/libacr38u.postrm @@ -22,7 +22,7 @@
remove)
if [ -x /etc/init.d/pcscd ]
then
-invoke-rc.d pcscd restart-if-running 3>/dev/null
+invoke-rc.d pcscd restart 3>/dev/null
fi
;;
diff -u acr38-1.7.9/debian/libacr38u.postinst
acr38-1.7.9/debian/libacr38u.postinst ---
acr38-1.7.9/debian/libacr38u.postinst +++
acr38-1.7.9/debian/libacr38u.postinst @@ -21,7 +21,7 @@
configure)
if [ -x /etc/init.d/pcscd ]
then
-invoke-rc.d pcscd restart-if-running 3> /dev/null
+invoke-rc.d pcscd restart 3> /dev/null
fi
;;
pgp9r0sQl4jbf.pgp
Description: PGP signature
Permission to upload to testing (Was: Please unblock acr38 1.7.9-2)
On Sat, 3 Mar 2007 03:42:57 +0100 Laurent Bigonville <[EMAIL PROTECTED]> wrote: > Hi, > > Please unblock acr38 1.7.9-2. Damm, I forgot to check for the dependencies, acr38 is stalled due to pcsc-lite :/ Could I have the permission to upload directly to testing? package version is 1.7.9-1etch1, same changes than 1.7.9-2. Regards Laurent Bigonville pgpv8Yon15MQE.pgp Description: PGP signature
Re: Permission to upload to testing (Was: Please unblock acr38 1.7.9-2)
On Mon, 5 Mar 2007 01:51:17 -0800 Steve Langasek <[EMAIL PROTECTED]> wrote: > On Sun, Mar 04, 2007 at 02:20:49PM +0100, Laurent Bigonville wrote: > > On Sat, 3 Mar 2007 03:42:57 +0100 > > Laurent Bigonville <[EMAIL PROTECTED]> wrote: > > > > > Please unblock acr38 1.7.9-2. > > > Damm, I forgot to check for the dependencies, acr38 is stalled due > > to pcsc-lite :/ > > > Could I have the permission to upload directly to testing? package > > version is 1.7.9-1etch1, same changes than 1.7.9-2. > > This is an (undeclared!) RC bug, so yes, please do. Not lucky with this package :o My sponsor has uploaded binary packages (for i386) built on unstable instead of testing. So 1.7.9-1etch1 must not hit testing. 1.7.9-1etch2 should be the good one. Sorry for the spam Regards Laurent Bigonville pgpqPBumDo64f.pgp Description: PGP signature
Re: Permission to upload to testing (Was: Please unblock acr38 1.7.9-2)
On Thu, 8 Mar 2007 14:32:10 -0800 Steve Langasek <[EMAIL PROTECTED]> wrote: > On Thu, Mar 08, 2007 at 01:39:36PM +0100, Laurent Bigonville wrote: > > > This is an (undeclared!) RC bug, so yes, please do. > > > Not lucky with this package :o > > My sponsor has uploaded binary packages (for i386) built on unstable > > instead of testing. So 1.7.9-1etch1 must not hit testing. > > 1.7.9-1etch2 should be the good one. > > That should be fixable with a binNMU on amd64, without requiring a > sourceful upload that triggers rebuilds on the other architectures. Well the problem was actually on the i386 package, not the amd64 Regards Laurent Bigonville pgpjOUOVEaFpe.pgp Description: PGP signature
Please rebuild gnome-applets on amd64
Hi, Please could someone rebuild gnome-applets on amd64. The uploaded binary package has been build against some packages (gtk+2.0 and glib2.0) that comes from experimental. That made gnome-applets uninstallable on amd64 Thanks Laurent Bigonville pgpkxO2dQn7g0.pgp Description: PGP signature
Re: Please rebuild gnome-applets on amd64
Nevermind, the binNMU has already been scheduled Sorry for the spam :/ On Sun, 1 Jul 2007 18:38:04 +0200 Laurent Bigonville <[EMAIL PROTECTED]> wrote: > Hi, > > Please could someone rebuild gnome-applets on amd64. The uploaded > binary package has been build against some packages (gtk+2.0 and > glib2.0) that comes from experimental. That made gnome-applets > uninstallable on amd64 > > Thanks > > Laurent Bigonville > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
BinNMU for pam-keyring
Hi, Please schedule a binNMU for pam-keyring now that a new (0.99.7.1-2) version of pam is in unstable. pam-keyring_0.0.8-6, Rebuild against new pam version, 1, alpha amd64 arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc Regards Laurent Bigonville pgpN2EgBpuYT2.pgp Description: PGP signature
Re: BinNMU for pam-keyring
On Mon, 27 Aug 2007 15:28:08 -0700 Steve Langasek <[EMAIL PROTECTED]> wrote: > On Mon, Aug 27, 2007 at 11:45:00PM +0200, Laurent Bigonville wrote: > > > Please schedule a binNMU for pam-keyring now that a new (0.99.7.1-2) > > version of pam is in unstable. > > > pam-keyring_0.0.8-6, Rebuild against new pam version, 1, alpha amd64 arm > > hppa i386 ia64 m68k mips mipsel powerpc s390 sparc > > Why? To get rid of the compatibility code used when pam_prompt is not present (introduced by 0.99 versions) and use the native pam function. Laurent pgpoHzCQgzJig.pgp Description: PGP signature
Hint for empathy
Hi, Please add an hint to help empathy to enter in testing Regards Laurent Bigonville pgpUSAlQyNfBf.pgp Description: PGP signature
BinNMU for telepathy-stream-engine
Hi, Please could you schedule a binNMU for telepathy-stream-engine/0.3.25-1 telepathy-stream-engine_0.3.25-1, Rebuild to fix missing dependency on libfarsight (Closes: #443898), 1, alpha amd64 arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc Thanks :) Laurent pgpFtMzr2eFQY.pgp Description: PGP signature
Please unblock telepathy-salut 0.3.3-2
Hi, Could someone please unblock telepathy-salut 0.3.3-2. This revision add a patch that fix an issue that could cause network flood. Thanks Laurent Bigonville -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please unblock these packages
Hi, Please could you unblock the following packages: d-feet/0.1.8-2 gnome-nds-thumbnailer/1.0.2-2 vim-syntax-gtk/20070925-2 These uploads fix lintian warnings and use my new email address Could you also unblock empathy/0.23.3-3 This upload fix a crash when adding SIP/IRC contacts and libjingle0.3/0.3.11-5 that fix FTBFS on kFreebsd Thanks Laurent Bigonville -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#695930: unblock: [Pre-approval] selinux-basics/0.5.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hello,
This is a pre-approval request for an unblock for the selinux-basics
package.
The changes are quite big (changes to the build system), but the package
is pretty trivial (one arch all package) and it's easy to see unwanted
changes (which I don't see).
selinux-basics (0.5.1) UNRELEASED; urgency=low
* Switch to dpkg-source 3.0 (native) format
* Switch to dh sequence and dh_python2
* debian/control:
- Bump Standards-Version to 3.9.3 (no further changes)
- Add ${misc:Depends} to the dependencies
- Update Vcs-* fields
- Add X-Python-Version field
- Put under the Debian SELinux team maintenance
* Remove udev rules, legacy ptys are not enabled in the kernel since squeeze
(Closes: #622563)
* tests/21_pam.py: Fix detection whether selinux pam module is called from
login service (Closes: #531660)
* Fix python 2.6 deprecations in several tests, thanks to Robert Bihlmeyer
for the patches (Closes: #585354, #654608)
* Add debian/gbp.conf file
* tests/21_pam.py: Fix path of the pam service file
* tests/02_verify_slash_selinux.py: Add support for /sys/fs/selinux
directory
* debian/selinux-basics.postinst: Only run update-grub if a configuration
has been modified
-- Laurent Bigonville Mon, 09 Jul 2012 14:11:29 +0200
bigon@soldur:~/Development/Debian/selinux/selinux-basics [git: debian]$ git
diff debian/0.5.0 |diffstat
b/check-selinux-installation|2 -
b/debian/changelog | 25
b/debian/control| 18 +
b/debian/gbp.conf |6 +
b/debian/rules | 37 ++--
b/debian/selinux-basics.install |1
b/debian/selinux-basics.maintscript |1
b/debian/selinux-basics.manpages|4 +++
b/debian/selinux-basics.postinst|6 -
b/debian/selinux-basics.preinst | 25
b/debian/source/format |1
b/tests/01_verify_init.py | 14 ++---
b/tests/02_verify_slash_selinux.py |9
b/tests/10_test_kernel_processes.py | 10 -
b/tests/20_old-style-ttys.py|5 +---
b/tests/21_pam.py |8 +++
b/tests/24_fsckfix.py |2 -
debian/selinux-basics.dirs |3 --
debian/selinux-basics.postrm| 20 ---
udev/no-legacy-ptys.rules |5
20 files changed, 105 insertions(+), 97 deletions(-)
bigon@soldur:~/Development/Debian/selinux/build-area$ debdiff
/tmp/selinux-basics_0.5.0_amd64.changes selinux-basics_0.5.1_amd64.changes
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-
-rwxr-xr-x root/root /usr/share/python/runtime.d/selinux-basics.rtupdate
-rwxr-xr-x root/root DEBIAN/preinst
-rwxr-xr-x root/root DEBIAN/prerm
Files in first .changes but not in second
-
-rw-r--r-- root/root /etc/udev/no-legacy-ptys.rules
Control files: lines which differ (wdiff format)
Depends: checkpolicy, policycoreutils, selinux-utils, python {+(>= 2.6.6-7~)+}
Installed-Size: [-85-] {+87+}
Maintainer: [-Russell Coker -] {+Debian SELinux
maintainers +}
{+Pre-Depends: dpkg (>= 1.15.7.2)+}
Version: [-0.5.0-] {+0.5.1+}
Cheers
Laurent Bigonville
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
selinux-basics.debdiff.gz
Description: GNU Zip compressed data
Bug#695930: unblock: [Pre-approval] selinux-basics/0.5.1
Le Fri, 14 Dec 2012 14:45:53 +,
Jonathan Wiltshire a écrit :
> TL;DR: read the freeze policy, and then go fish.
I'll probably go drink beers this looks more fun.
> On 2012-12-14 14:15, Laurent Bigonville wrote:
> > The changes are quite big (changes to the build system),
>
> ...which make it already unsuitable for Wheezy.
>
> > but the package
> > is pretty trivial (one arch all package) and it's easy to see
> > unwanted
> > changes (which I don't see).
> >
> > selinux-basics (0.5.1) UNRELEASED; urgency=low
> >
> > * Switch to dpkg-source 3.0 (native) format
>
> not acceptable [1]
>
> > * Switch to dh sequence and dh_python2
>
> not acceptable [1]
There is no usage of a python helper ATM, is that better?
>
> > * debian/control:
> > - Bump Standards-Version to 3.9.3 (no further changes)
> > - Add ${misc:Depends} to the dependencies
> > - Update Vcs-* fields
> > - Add X-Python-Version field
> > - Put under the Debian SELinux team maintenance
>
> not acceptable [1]
>
> > * Remove udev rules, legacy ptys are not enabled in the kernel
> > since squeeze
> > (Closes: #622563)
>
> severity important for an optional package and could be done through
> unstable [1], so just about OK on its own
Surprisingly this is the only change here I was not 100% confident
that would not cause a regression for /some/ users using a custom
kernel (aka people that are compiling with the CONFIG_LEGACY_PTYS
flag)..
>
> > * tests/21_pam.py: Fix detection whether selinux pam module is
> > called from
> > login service (Closes: #531660)
>
> not an RC bug.
The 1/3 of the package functionality is made of tests to troubleshoot
selinux installation and this is probably one of the most important
test to be sure that the user will be running in the correct context.
>
> > * Fix python 2.6 deprecations in several tests, thanks to Robert
> > Bihlmeyer
> > for the patches (Closes: #585354, #654608)
>
> not RC bugs.
Well that should be RC then, I get a complain about the script not
working no later than this morning. Isn't python >= 2.6 support
mandatory for wheezy?
>
> > * Add debian/gbp.conf file
>
> not acceptable [1]
This is only metadata for git-buildpackage, no functional changes,
really who cares?
>
> > * tests/21_pam.py: Fix path of the pam service file
>
> could be RC, if only there was a bug to reference
No user ever saw that the test was not working or bother to report.
> > * tests/02_verify_slash_selinux.py: Add support
> > for /sys/fs/selinux directory
>
> unlikely to be RC
/sys/fs/selinux is the new location since wheezy for the securefs
mountpoint, so yes I guess we want that.
> > * debian/selinux-basics.postinst: Only run update-grub if a
> > configuration
> > has been modified
>
> highly unlikely to be RC.
Indeed that was just cosmetic.
You might be tempted to RM this package from testing, just be aware
that it (unfortunately) also contains an initscript that is doing
relabeling during boot. Removing it would probably causes more troubles
to people that would like to use selinux than doing any good.
In the light of these new information, would anybody please advise me
what would be accepted (which was more or less the point of this bug
in the first place)?
Laurent Bigonville
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121215133207.680e3...@soldur.bigon.be
Bug#684732: unblock: nut/2.6.4-2
Le Thu, 20 Dec 2012 14:33:09 +0100, Julien Cristau a écrit : > Control: tags -1 moreinfo > > On Sun, Dec 2, 2012 at 19:43:44 +0100, Laurent Bigonville wrote: > > > [...] > > > > +# make sure that conffiles are secured and have the correct > > > > ownerships > > > > +if [ -d /etc/nut/ ] ; then > > > > + chown root:nut /etc/nut/ > > > > +fi > > > > +for file in nut.conf upsmon.conf upssched.conf ; do > > > > +if [ -f /etc/nut/$file ] ; then > > > > +chown root:nut /etc/nut/$file > > > > +chmod 640 /etc/nut/$file > > > > +fi > > > > +done > > > > + > > > > > > I still think the chowns/chmods shouldn't be done on upgrades, if > > > for whatever reason the local admin changed those that's their > > > choice. > > > > Is this really blocking the transition? The version in squeeze is > > also doing this. We could remove this later I guess. > > > Well I'm not comfortable unblocking that code. > > > [...] > > > > - # re process nut.conf MODE so that it can be sourced > > > > - NUT_MODE=`grep -e '^ *MODE' /etc/nut/nut.conf | tr -d " > > > > "` > > > > - sed "s/^ *MODE.*/$NUT_MODE/" /etc/nut/nut.conf > > > > > /etc/nut/nut.conf.new > > > > - mv /etc/nut/nut.conf.new /etc/nut/nut.conf > > > > +if dpkg --compare-versions "$2" le "2.6.4-2~" ; then > > > > +rm -f /etc/init.d/nut > > > > +update-rc.d nut remove >/dev/null > > > > > > If /etc/init.d/nut was a conffile, I don't think you get to rm -f > > > it on upgrade, at least if it was modified. > > > > IIRC, I didn't use dpkg-maintscript-helper because the file is > > owned by the nut package in squeeze (which is now a metapackage) > > and it was not really working as expected. The init file should > > probably also be removed in the nut-client package to support > > partial upgrades. > > > What's the status here? (You can do thinks correctly without using > dpkg-maintscript-helper, fwiw.) I have unfortunately not the time for this ATM, so if somebody else want to tackle this, I have no objections. Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121220154322.6e669...@soldur.bigon.be
Bug#684732: unblock: nut/2.6.4-2
Le Thu, 20 Dec 2012 19:57:19 +0100, Ivo De Decker a écrit : > Hi Laurent and Julien, Hello > > I prepared an NMU that should fix both issues. The debdiff against > wheezy and the debdiff -w against sid are attached. I will try to get > this NMU uploaded soon. Looks good but (there is always a but :), /etc/init.d/nut is shipped in the nut package in squeeze, so I guess it should also be removed when upgrading that package. And in case of partial upgrade, I guess you also want to remove it when the nut-client package is installed as it will cause issue if both /etc/init.d/nut and /etc/init.d/nut-client are trying to start the same components. So I would say, remove it when upgrading nut, nut-client and nut-server (which is already the case). Am I correct here? Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121220201921.172cc...@soldur.bigon.be
Bug#698976: unblock: libssh/0.5.4-1 (Fix CVE, not uploaded yet)
make b/CPackConfig.cmake
index 23a9a01..1bbc708 100644
--- a/CPackConfig.cmake
+++ b/CPackConfig.cmake
@@ -13,7 +13,7 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING")
### versions
set(CPACK_PACKAGE_VERSION_MAJOR "0")
set(CPACK_PACKAGE_VERSION_MINOR "5")
-set(CPACK_PACKAGE_VERSION_PATCH "3")
+set(CPACK_PACKAGE_VERSION_PATCH "4")
set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
diff --git a/ChangeLog b/ChangeLog
index d513613..94603b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,11 @@
ChangeLog
==
+version 0.5.4 (released 2013-01-22)
+ * CVE-2013-0176 - NULL dereference leads to denial of service
+ * Fixed several NULL pointer dereferences in SSHv1.
+ * Fixed a free crash bug in options parsing.
+
version 0.5.3 (released 2012-11-20)
* CVE-2012-4559 Fixed multiple double free() flaws.
* CVE-2012-4560 Fixed multiple buffer overflow flaws.
diff --git a/SECFIX_0.5.2.tar.asc b/SECFIX_0.5.2.tar.asc
deleted file mode 100644
index 2a0db5e..000
diff --git a/SECFIX_0.5.2.tar.gz b/SECFIX_0.5.2.tar.gz
deleted file mode 100644
index 41c9ccd..000
Binary files a/SECFIX_0.5.2.tar.gz and /dev/null differ
diff --git a/SECFIX_0.5.tar.gz b/SECFIX_0.5.tar.gz
deleted file mode 100644
index 333771d..000
Binary files a/SECFIX_0.5.tar.gz and /dev/null differ
diff --git a/SECFIX_master.tar.gz b/SECFIX_master.tar.gz
deleted file mode 100644
index 9d0cebe..000
Binary files a/SECFIX_master.tar.gz and /dev/null differ
diff --git a/debian/changelog b/debian/changelog
index 1c536a7..88931d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libssh (0.5.4-1) UNRELEASED; urgency=low
+
+ * New upstream security release
+- Fix NULL dereference leads to denial of service
+ (Closes: #698963, CVE-2013-0176)
+
+ -- Laurent Bigonville Fri, 25 Jan 2013 21:08:57 +0100
+
libssh (0.5.3-1) unstable; urgency=high
* New upstream security release
diff --git a/doc/doxy.config.in.bak b/doc/doxy.config.in.bak
deleted file mode 100644
index 9810518..000
diff --git a/src/channels1.c b/src/channels1.c
index ca669a4..a9e3ab5 100644
--- a/src/channels1.c
+++ b/src/channels1.c
@@ -50,11 +50,17 @@
*/
int channel_open_session1(ssh_channel chan) {
+ ssh_session session;
+
+ if (chan == NULL) {
+return -1;
+ }
+ session = chan->session;
+
/*
* We guess we are requesting an *exec* channel. It can only have one exec
* channel. So we abort with an error if we need more than one.
*/
- ssh_session session = chan->session;
if (session->exec_channel_opened) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"SSH1 supports only one execution channel. "
@@ -85,8 +91,14 @@ int channel_open_session1(ssh_channel chan) {
int channel_request_pty_size1(ssh_channel channel, const char *terminal, int col,
int row) {
- ssh_session session = channel->session;
+ ssh_session session;
ssh_string str = NULL;
+
+ if (channel == NULL) {
+return SSH_ERROR;
+ }
+ session = channel->session;
+
if(channel->request_state != SSH_CHANNEL_REQ_STATE_NONE){
ssh_set_error(session,SSH_REQUEST_DENIED,"Wrong request state");
return SSH_ERROR;
@@ -139,7 +151,13 @@ int channel_request_pty_size1(ssh_channel channel, const char *terminal, int col
}
int channel_change_pty_size1(ssh_channel channel, int cols, int rows) {
- ssh_session session = channel->session;
+ ssh_session session;
+
+ if (channel == NULL) {
+return SSH_ERROR;
+ }
+ session = channel->session;
+
if(channel->request_state != SSH_CHANNEL_REQ_STATE_NONE){
ssh_set_error(session,SSH_REQUEST_DENIED,"Wrong request state");
return SSH_ERROR;
@@ -182,7 +200,12 @@ int channel_change_pty_size1(ssh_channel channel, int cols, int rows) {
}
int channel_request_shell1(ssh_channel channel) {
- ssh_session session = channel->session;
+ ssh_session session;
+
+ if (channel == NULL) {
+return -1;
+ }
+ session = channel->session;
if (buffer_add_u8(session->out_buffer,SSH_CMSG_EXEC_SHELL) < 0) {
return -1;
@@ -198,9 +221,14 @@ int channel_request_shell1(ssh_channel channel) {
}
int channel_request_exec1(ssh_channel channel, const char *cmd) {
- ssh_session session = channel->session;
+ ssh_session session;
ssh_string command = NULL;
+ if (channel == NULL) {
+return -1;
+ }
+ session = channel->session;
+
command = ssh_string_from_char(cmd);
if (command == NULL) {
return -1;
@@ -227,6 +255,11 @@ SSH_PACKET_CALLBACK(ssh_packet_data1){
ssh_string str = NULL;
int is_stderr=(type==SSH_SMSG_STDOUT_DATA ? 0 : 1);
(void)user;
+
+if (channel == NULL) {
+ return SSH_PACKET_NOT_USED;
+}
+
str = buffer_get_ssh_string(packet);
if (str == NULL) {
ssh_log(session, SSH_LOG_FUNCTIONS, &
Bug#698976: unblock: libssh/0.5.4-1 (Fix CVE, not uploaded yet)
Le Sat, 26 Jan 2013 00:59:16 +, Jonathan Wiltshire a écrit : > I am happy with your changes in principle although: > > On Fri, Jan 25, 2013 at 11:54:03PM +0100, Laurent Bigonville wrote: > > + ssh_set_error(session, > > +SSH_FATAL, > > +"Could determine the specified hostkey"); > > Should this be in the negative form? > > You are correct here, it's missing a "not". I can patch this if you want. Cheers Laurent Bigonville signature.asc Description: PGP signature
Bug#698976: unblock: libssh/0.5.4-1
retitle 698976 unblock: libssh/0.5.4-1 thanks Hello, I've uploaded the package into unstable. Cheers Laurent Bigonville signature.asc Description: PGP signature
Bug#700392: unblock: gnome-shell/3.4.2-7
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package gnome-shell
This version is fixing the network status icon for people that have unmanaged
device.
It also disable the folks integration. Folks might delay the startup and cause
some DBus call to timeout for people that have a lot of contacts in empathy
and/or EDS. The only missing feature will be the ability to search contacts
directly from the shell dash. The proper fix for this requires architectural
changes.
gnome-shell (3.4.2-7) unstable; urgency=low
[ Michael Biebl ]
* 40-force-online.patch: Use correct icon name "network-wired" when the
global online state is set to connected.
[ Laurent Bigonville ]
* debian/patches/50-remove-folks-integration.patch: Remove folks integration,
it might cause some slow startup time and cause Dbus call to timeout
(Closes: #693155)
-- Laurent Bigonville Sat, 09 Feb 2013 14:20:45 +0100
changelog | 13 +
patches/40-force-online.patch |2 +-
patches/50-remove-folks-integration.patch | 27 +++
patches/series|1 +
4 files changed, 42 insertions(+), 1 deletion(-)
unblock gnome-shell/3.4.2-7
Cheers
Laurent Bigonville
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru gnome-shell-3.4.2/debian/changelog gnome-shell-3.4.2/debian/changelog
--- gnome-shell-3.4.2/debian/changelog 2013-01-17 10:43:33.0 +0100
+++ gnome-shell-3.4.2/debian/changelog 2013-02-09 14:21:07.0 +0100
@@ -1,3 +1,16 @@
+gnome-shell (3.4.2-7) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * 40-force-online.patch: Use correct icon name "network-wired" when the
+global online state is set to connected.
+
+ [ Laurent Bigonville ]
+ * debian/patches/50-remove-folks-integration.patch: Remove folks integration,
+it might cause some slow startup time and cause Dbus call to timeout
+(Closes: #693155)
+
+ -- Laurent Bigonville Sat, 09 Feb 2013 14:20:45 +0100
+
gnome-shell (3.4.2-6) unstable; urgency=low
[ Josselin Mouette ]
diff -Nru gnome-shell-3.4.2/debian/patches/40-force-online.patch gnome-shell-3.4.2/debian/patches/40-force-online.patch
--- gnome-shell-3.4.2/debian/patches/40-force-online.patch 2013-01-16 11:38:24.0 +0100
+++ gnome-shell-3.4.2/debian/patches/40-force-online.patch 2013-02-09 14:05:46.0 +0100
@@ -17,7 +17,7 @@
if (!mc) {
-this.setIcon('network-offline');
+if (state == NetworkManager.State.CONNECTED_GLOBAL) {
-+this.setIcon('network-wired-connected');
++this.setIcon('network-wired');
+} else {
+this.setIcon('network-offline');
+}
diff -Nru gnome-shell-3.4.2/debian/patches/50-remove-folks-integration.patch gnome-shell-3.4.2/debian/patches/50-remove-folks-integration.patch
--- gnome-shell-3.4.2/debian/patches/50-remove-folks-integration.patch 1970-01-01 01:00:00.0 +0100
+++ gnome-shell-3.4.2/debian/patches/50-remove-folks-integration.patch 2013-02-09 14:05:46.0 +0100
@@ -0,0 +1,27 @@
+Subject: Disable folks integration
+ In some conditions this could really impact the performances and cause Dbus
+ calls timeout
+From: Laurent Bigonville
+Forwarded: not-needed
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693155
+
+--- a/js/ui/overview.js
b/js/ui/overview.js
+@@ -11,7 +11,7 @@ const Shell = imports.gi.Shell;
+ const Gdk = imports.gi.Gdk;
+
+ const AppDisplay = imports.ui.appDisplay;
+-const ContactDisplay = imports.ui.contactDisplay;
++//const ContactDisplay = imports.ui.contactDisplay;
+ const Dash = imports.ui.dash;
+ const DND = imports.ui.dnd;
+ const Lightbox = imports.ui.lightbox;
+@@ -210,7 +210,7 @@ const Overview = new Lang.Class({
+ this.addSearchProvider(new AppDisplay.AppSearchProvider());
+ this.addSearchProvider(new AppDisplay.SettingsSearchProvider());
+ this.addSearchProvider(new PlaceDisplay.PlaceSearchProvider());
+-this.addSearchProvider(new ContactDisplay.ContactSearchProvider());
++//this.addSearchProvider(new ContactDisplay.ContactSearchProvider());
+
+ // Load remote search providers provided by applications
+ RemoteSearch.loadRemoteSearchProviders(Lang.bind(this, this.addSearchProvider));
diff -Nru gnome-shell-3.4.2/debian/patches/series gnome-shell-3.4.2/debian/patches/series
--- gnome-shell-3.4.2/debian/patches/series 2013-01-15 16:53:43.0 +0100
+++ gnome-shell-3.4.2/debian
Bug#700488: unblock: evolution/3.4.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock package evolution This upload fix a crasher when trying to open the 'Address book map' window. The patch has been extracted from a bigger patch from the evolution-3.6 branch. evolution (3.4.4-2) unstable; urgency=low * debian/control: Add myself to Uploaders * d/p/05_fix_addressbook_map_crash.patch: Fix crash when trying to open the "Address Book Map" window (Closes: #699850) -- Laurent Bigonville Sat, 09 Feb 2013 17:16:12 +0100 changelog |8 control|3 ++- patches/05_fix_addressbook_map_crash.patch | 25 + patches/series |1 + 4 files changed, 36 insertions(+), 1 deletion(-) unblock evolution/3.4.4-2 Cheers Laurent Bigonville -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru evolution-3.4.4/debian/changelog evolution-3.4.4/debian/changelog --- evolution-3.4.4/debian/changelog 2012-10-21 17:28:49.0 +0200 +++ evolution-3.4.4/debian/changelog 2013-02-09 17:16:13.0 +0100 @@ -1,3 +1,11 @@ +evolution (3.4.4-2) unstable; urgency=low + + * debian/control: Add myself to Uploaders + * d/p/05_fix_addressbook_map_crash.patch: Fix crash when trying to open the +"Address Book Map" window (Closes: #699850) + + -- Laurent Bigonville Sat, 09 Feb 2013 17:16:12 +0100 + evolution (3.4.4-1) unstable; urgency=low * New upstream bugfix release (closes: #685586). diff -Nru evolution-3.4.4/debian/control evolution-3.4.4/debian/control --- evolution-3.4.4/debian/control 2012-10-21 17:28:25.0 +0200 +++ evolution-3.4.4/debian/control 2013-02-09 17:09:51.0 +0100 @@ -9,7 +9,8 @@ Oystein Gisnas , Pedro Fragoso , Yves-Alexis Perez , - Josselin Mouette + Josselin Mouette , + Laurent Bigonville Standards-Version: 3.9.3 Dm-Upload-Allowed: yes Homepage: http://projects.gnome.org/evolution/ diff -Nru evolution-3.4.4/debian/patches/05_fix_addressbook_map_crash.patch evolution-3.4.4/debian/patches/05_fix_addressbook_map_crash.patch --- evolution-3.4.4/debian/patches/05_fix_addressbook_map_crash.patch 1970-01-01 01:00:00.0 +0100 +++ evolution-3.4.4/debian/patches/05_fix_addressbook_map_crash.patch 2013-02-09 17:09:51.0 +0100 @@ -0,0 +1,25 @@ +From 6bd1c6833a2c51898ac45865767dd01ba66a95c5 Mon Sep 17 00:00:00 2001 +From: Dan Vrátil +Date: Wed, 28 Mar 2012 16:37:35 + +Subject: WebKit port - port widgets + +--- +(limited to 'widgets/misc/e-contact-map-window.c') + +diff --git a/widgets/misc/e-contact-map-window.c b/widgets/misc/e-contact-map-window.c +index d80aa17..38fe56c 100644 +--- a/widgets/misc/e-contact-map-window.c b/widgets/misc/e-contact-map-window.c +@@ -40,8 +40,8 @@ + #include + + #define E_CONTACT_MAP_WINDOW_GET_PRIVATE(obj) \ +- (G_TYPE_INSTANCE_GET_PRIVATE \ +- ((obj), E_TYPE_CONTACT_MAP, EContactMapWindowPrivate)) ++(G_TYPE_INSTANCE_GET_PRIVATE \ ++((obj), E_TYPE_CONTACT_MAP_WINDOW, EContactMapWindowPrivate)) + + G_DEFINE_TYPE (EContactMapWindow, e_contact_map_window, GTK_TYPE_WINDOW) + +-- +cgit v0.9.0.2 diff -Nru evolution-3.4.4/debian/patches/series evolution-3.4.4/debian/patches/series --- evolution-3.4.4/debian/patches/series 2012-06-21 17:41:41.0 +0200 +++ evolution-3.4.4/debian/patches/series 2013-02-09 17:09:51.0 +0100 @@ -1,3 +1,4 @@ 02_nss_paths.patch 04_gettext_intltool.patch +05_fix_addressbook_map_crash.patch 10_revert_libevolution_avoid-version.patch
Bug#698976: unblock: libssh/0.5.4-1
Le Mon, 18 Feb 2013 18:37:22 +, Jonathan Wiltshire a écrit : Hi, > On Wed, Feb 06, 2013 at 04:24:24PM +0100, Laurent Bigonville wrote: > > retitle 698976 unblock: libssh/0.5.4-1 > > thanks > > > > Hello, > > > > I've uploaded the package into unstable. > > Sorry for the delay. The error in the error message is still present, > was that intentional? I've added that patch http://patch-tracker.debian.org/patch/series/view/libssh/0.5.4-1/0003-fix-typo.patch so that should be OK I guess? Cheers Laurent Bigonville signature.asc Description: PGP signature
Bug#702548: pu: package libssh/0.4.5-3+squeeze2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I'm planning to upload a fix for bug #698963 (CVE-2013-0176) in
stable-proposed-updates.
CVE-2013-0176 is about a DOS in the server code that can be triggered
in some situations.
Cheers
Laurent Bigonville
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Naur libssh-0.4.5.orig/debian/patches/CVE-2013-0176.patch libssh-0.4.5/debian/patches/CVE-2013-0176.patch
--- libssh-0.4.5.orig/debian/patches/CVE-2013-0176.patch 1970-01-01 01:00:00.0 +0100
+++ libssh-0.4.5/debian/patches/CVE-2013-0176.patch 2013-03-01 10:55:34.655791206 +0100
@@ -0,0 +1,34 @@
+Fix CVE-2013-0176
+
+Original patch: http://git.libssh.org/projects/libssh.git/patch/?id=55b09f426417406bb25c0b9c474fbab1398b0dc8
+
+Patch based on backport from Marc Deslauriers
+
+diff -aur libssh-0.4.5.orig/libssh/server.c libssh-0.4.5/libssh/server.c
+--- libssh-0.4.5.orig/libssh/server.c 2010-07-13 10:15:57.0 +0200
libssh-0.4.5/libssh/server.c 2013-03-01 10:30:39.751718858 +0100
+@@ -402,7 +402,11 @@
+ prv = session->rsa_key;
+ break;
+ default:
+- prv = NULL;
++ ssh_set_error(session,
++SSH_FATAL,
++"Could not determine the specified hostkey");
++ string_free(f);
++ return -1;
+ }
+
+ pub = publickey_from_privatekey(prv);
+@@ -530,7 +534,9 @@
+ }
+
+ ssh_list_kex(session, &session->client_kex);
+- crypt_set_algorithms_server(session);
++ if (crypt_set_algorithms_server(session) == SSH_ERROR) {
++return -1;
++ }
+
+ if (dh_handshake_server(session) < 0) {
+ return -1;
+
diff -Naur libssh-0.4.5.orig/debian/patches/series libssh-0.4.5/debian/patches/series
--- libssh-0.4.5.orig/debian/patches/series 2012-11-28 01:03:23.0 +0100
+++ libssh-0.4.5/debian/patches/series 2013-03-01 10:55:42.455791585 +0100
@@ -3,3 +3,4 @@
CVE-2012-4559.patch
CVE-2012-4561.patch
CVE-2012-4562.patch
+CVE-2013-0176.patch
Bug#684732: unblock: nut/2.6.4-2
Le Sat, 29 Sep 2012 20:56:11 +0200, Julien Cristau a écrit : > > why is the last bit needed? > > +if [ -d /var/run/nut ] ; then > +chown root:nut /var/run/nut > +chmod 770 /var/run/nut > +fi > > why does the nut user need write access there? And why is this > created in postinst instead of an init script? nut should be able to create sockets in that directory. This is probably a bit redundant as this is also done in the initscript. Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120929211209.0e59b...@fornost.bigon.be
Bug#689358: unblock: libcanberra/0.28-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, Please unblock package libcanberra * debian/watch: Switch to .xz tarballs All the GNOME releated packages are generating .xz tarballs, update the URL to watch them. * Move canberra-gtk-play manpage from libcanberra-gtk0 to gnome-session-canberra to follow the executable (Closes: #684676) Move the manpage so it follows the exec and also prevent future issues incase of soname bump. * Fix libcanberra-gstreamer-dbg long description (Closes: #675693) Fix a c/p error. * debian/rules: Drop update-patch-series target, this was when the package was maintained in git. This target was not working anymore and never used anyway. * Call dh_autoreconf during build to update m4/libtool.m4 and prevent hurd-i386 to be built with rpath (Closes: #677343) This issue was due to an out of date autofoo file, call autoreconf instead of patching the files. * debian/patches/undefined_reference.diff: Also link the GTK2 flavour against libX11 and the modules against libgmodule-2.0 Be sure there is no undefined symbols, also for the gtk2 favour of the library. changelog| 15 control |7 +++-- control.in |7 +++-- gnome-session-canberra.manpages |1 libcanberra-gtk0.manpages|1 patches/undefined_reference.diff | 47 +-- rules|8 -- watch|2 - 8 files changed, 62 insertions(+), 26 deletions(-) unblock libcanberra/0.28-5 Laurent Bigonville -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash libcanberra.patch.gz Description: GNU Zip compressed data
Bug#684732: unblock: nut/2.6.4-2
Le Sun, 11 Nov 2012 19:06:52 +0100, Julien Cristau a écrit : > One more question... > > On Mon, Aug 13, 2012 at 15:36:14 +0200, Laurent Bigonville wrote: > > > +for file in nut.conf upsmon.conf upssched.conf ; do > > +if [ -f /etc/nut/$file ] ; then > > +chown root:nut /etc/nut/$file > > +chmod 640 /etc/nut/$file > > +fi > > +done > > why is this is done unconditionally on postinst configure, instead of > just on first install? These files could contains passwords, I guess that this is done to be really sure the files are not world readable? Arnaud? Laurent Bigonville signature.asc Description: PGP signature
Bug#684732: unblock: nut/2.6.4-2
Le Sun, 11 Nov 2012 19:07:46 +0100, Julien Cristau a écrit : > On Sat, Sep 29, 2012 at 21:12:09 +0200, Laurent Bigonville wrote: > > > Le Sat, 29 Sep 2012 20:56:11 +0200, > > Julien Cristau a écrit : > > > > > > > > why is the last bit needed? > > > > > I didn't get a reply to the above (why you need adduser nut nut). See #493159 This is to fix a situation were the user nut was not created without being added to the group. Is that correct Arnaud? > > > > +if [ -d /var/run/nut ] ; then > > > +chown root:nut /var/run/nut > > > +chmod 770 /var/run/nut > > > +fi > > > > > > why does the nut user need write access there? And why is this > > > created in postinst instead of an init script? > > > > nut should be able to create sockets in that directory. > > > > This is probably a bit redundant as this is also done in the > > initscript. > > > Then I'd prefer to not have it in postinst. Well this was a copy/paste of the nut-server postinstall script, so this should also be removed from that file too. Do you want me to do that for wheezy? The maintainer scripts should probably reworked a bit, but that will be for later I guess. Laurent Bigonville signature.asc Description: PGP signature
Bug#693882: unblock: libssh/0.5.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Please unblock package libssh This version fixes 4 CVE and several other bugs version 0.5.3 (released 2012-11-20) * CVE-2012-4559 Fixed multiple double free() flaws. * CVE-2012-4560 Fixed multiple buffer overflow flaws. * CVE-2012-4561 Fixed multiple invalid free() flaws. * BUG #84 - Fix bug in sftp_mkdir not returning on error. * BUG #85 - Fixed a possible channel infinite loop if the connection dropped. * BUG #88 - Added missing channel request_state and set it to accepted. * BUG #89 - Reset error state to no error on successful SSHv1 authentiction. * Fixed a possible use after free in ssh_free(). * Fixed multiple possible NULL pointer dereferences. * Fixed multiple memory leaks in error paths. * Fixed timeout handling. * Fixed regression in pre-connected socket setting. * Handle all unknown global messages. Diffstat: $ debdiff --exclude '*.bak' --exclude '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat CMakeLists.txt |4 - CPackConfig.cmake|2 ChangeLog| 15 ++ README | 113 +-- SECFIX_0.5.2.tar.asc |7 ++ debian/changelog |8 +++ doc/mainpage.dox | 113 +-- doc/threading.dox| 18 +++ include/libssh/bind.h|7 -- include/libssh/misc.h|1 include/libssh/priv.h| 12 +++- include/libssh/session.h | 13 +++-- include/libssh/socket.h |1 src/agent.c |3 + src/auth.c |1 src/auth1.c |1 src/bind.c |6 +- src/buffer.c | 34 ++ src/callbacks.c |2 src/channels.c | 21 +++- src/channels1.c |1 src/client.c |7 +- src/connect.c|2 src/crypt.c |1 src/dh.c |5 ++ src/error.c |9 ++- src/getpass.c|1 src/keyfiles.c | 36 +++--- src/keys.c |5 ++ src/known_hosts.c|1 src/log.c| 64 ++ src/messages.c | 14 +++-- src/misc.c | 54 -- src/options.c| 16 +++--- src/packet.c |1 src/server.c |4 - src/session.c| 69 src/sftp.c | 41 - src/sftpserver.c |1 src/socket.c | 27 --- src/string.c | 26 +++--- 41 files changed, 558 insertions(+), 209 deletions(-) unblock libssh/0.5.3-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash libssh.diff.gz Description: GNU Zip compressed data
Bug#693882: unblock: libssh/0.5.3-1
Le Wed, 21 Nov 2012 20:24:50 +0100, Julien Cristau a écrit : > On Wed, Nov 21, 2012 at 14:16:14 +0100, Laurent Bigonville wrote: > > > $ debdiff --exclude '*.bak' --exclude > > '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat > > Why are these patch files included in the tarball? Are they used at > all, or just cruft? The patches are the one that fix the CVE, I'm not sure why they are present there, maybe for reference but they are not used at all. The other .bak file is just leftover. Cheers, Laurent Bigonville signature.asc Description: PGP signature
