Bug#1109422: unblock: bmake/20200710-17

2025-07-17 Thread Andrej Shadura
0dbec71fbc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +bmake (20200710-17) unstable; urgency=medium + + * Sanitise MAKEFLAGS before passing them to bmake which does not +support long options (Closes: #1109052). + + -- Andrej Shadura Sun, 13 Jul 2025 17:23:12 +0200 + bmake (

Bug#1109420: unblock: mtkbabel/0.8.4-0.3

2025-07-17 Thread Andrej Shadura
a XML (Closes: #1092254). + + -- Andrej Shadura Thu, 17 Jul 2025 13:46:06 +0200 + mtkbabel (0.8.4-0.2) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/patches/1000-appstream-metainfo.patch b/debian/patches/1000-appstream-metainfo.patch index b2f6bd6ea4c5..72ced5e5ca3f 100644 --

Bug#1100336: bookworm-pu: package nginx/1.22.1-9+deb12u2

2025-03-31 Thread Andrej Shadura
Hi, On Thu, 27 Mar 2025 10:47:03 + Jonathan Wiltshire wrote: Is this fixed in unstable yet? It's a bit hard to tell without any bug tracking. If so please go ahead and remove moreinfo from this request. Yes, it’s been fixed in unstable in one of the previous uploads. -- Cheers, Andrej

Bug#1100336: bookworm-pu: package nginx/1.22.1-9+deb12u2

2025-03-12 Thread Andrej Shadura
: reject unordered chunks in stsc atom + + -- Andrej Shadura Wed, 12 Mar 2025 18:55:08 +0100 + nginx (1.22.1-9+deb12u1) bookworm; urgency=medium * d/p/CVE-2025-23419.patch add, backport CVE-2025-23419 fix. diff -Nru nginx-1.22.1/debian/patches/CVE-2024-7347-1.patch nginx-1.22.1/debian/patches

Bug#1093238: bookworm-pu: package 389-ds-base/2.3.1+dfsg1-1+deb12u1

2025-01-19 Thread Andrej Shadura
Hello, On Sat, 18 Jan 2025, at 18:13, Salvatore Bonaccorso wrote: >> The following were cherry-picks with no other changes from the >> upstream’s Git repostitory, branch 2.4.6: >> >> - Security fix for CVE-2024-3657 >> - Security fix for CVE-2024-5953 >> - Security fix for CVE-2024-8445 >> -

Bug#1093238: bookworm-pu: package 389-ds-base/2.3.1+dfsg1-1+deb12u1

2025-01-17 Thread Andrej Shadura
Control: subscribe -1 t...@security.debian.org Adding the security team as their feedback is needed for this one. On Thu, 16 Jan 2025, at 21:31, Andrej Shadura wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: 389-ds-b...@packages.debian.org, T

Bug#1093238: bookworm-pu: package 389-ds-base/2.3.1+dfsg1-1+deb12u1

2025-01-16 Thread Andrej Shadura
89-ds-base/-/compare/debian%2Fbookworm-security...patch-queue%2Fdebian%2Fbookworm-security Thanks! -- Cheers, Andrej Shadura diff -Nru 389-ds-base-2.3.1+dfsg1/debian/changelog 389-ds-base-2.3.1+dfsg1/debian/changelog --- 389-ds-base-2.3.1+dfsg1/debian/changelog2023-01-24 12:21:19.

Bug#1036969: unblock: syncthing-gtk/0.9.4.4+ds+git20221205+12a9702d29ab-2

2023-05-31 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: syncthing-...@packages.debian.org Control: affects -1 + src:syncthing-gtk Please unblock package syncthing-gtk Syncthing-GTK has been hardcoding a non-PEP-440-compliant versio

Bug#1036710: unblock: reserialize/20220929-2

2023-05-24 Thread Andrej Shadura
:50.0 +0100 +++ reserialize-20220929/debian/changelog 2023-05-24 17:01:40.0 +0200 @@ -1,3 +1,10 @@ +reserialize (20220929-2) unstable; urgency=medium + + * Drop tomllib patch, it never properly worked +(Closes: #1036536, #1036537). + + -- Andrej Shadura Wed, 24 May 2023 17:01:40

Bug#1035345: unblock: libbssolv-perl/0.17-4

2023-05-02 Thread Andrej Shadura
Hi, On Tue, 2 May 2023, at 08:44, Sebastian Ramacher wrote: >> I have not uploaded yet. Are other changes acceptable? > > Ah, good. The Standards-Version bump is additional noise, but is > acceptable. Note though, that the change doesn't bump the version to > 4.6.2 whichi is the latest version. I

Bug#1035345: unblock: libbssolv-perl/0.17-4

2023-05-01 Thread Andrej Shadura
Hi, On Tue, 2 May 2023, at 07:51, Sebastian Ramacher wrote: >> + [ Debian Janitor ] >> + * Bump debhelper from old 12 to 13. > This change is no longer appropriate at this stage of the freeze. See > also https://release.debian.org/testing/FAQ.html. Please re-upload > without this change. I hav

Bug#1035354: unblock: fish/3.6.0-3.1

2023-05-01 Thread Andrej Shadura
/fish-shell/fish-shell/pull/9540 and #1000351. + + -- Andrej Shadura Mon, 01 May 2023 19:01:01 +0200 + fish (3.6.0-3) unstable; urgency=medium * Cherry-pick upstream fixes from the v3.6.1 branch. diff --git a/debian/patches/0003-workaround-for-Midnight-Commander.patch b/debian/patches

Bug#1035345: unblock: libbssolv-perl/0.17-4

2023-05-01 Thread Andrej Shadura
/changelog @@ -1,3 +1,15 @@ +libbssolv-perl (0.17-4) unstable; urgency=medium + + [ Debian Janitor ] + * Bump debhelper from old 12 to 13. + * Update standards version to 4.6.0, no changes needed. + + [ Andrej Shadura ] + * Add a patch proposed upstream to accept "0" as a valid e

Bug#1034788: unblock: git-crecord/20220324.0-2

2023-04-24 Thread Andrej Shadura
* Apply an upstream patch to fix a crash in the patch parsing code. + + -- Andrej Shadura Mon, 24 Apr 2023 15:19:32 +0200 + git-crecord (20230226.0-1) unstable; urgency=medium * New upstream release. diff --git a/debian/patches/0001-Fix-a-typo-in-a-variable-name.patch b/debian/patches/

Bug#1020799: Transition: pkg-config to pkgconf: 2022-11-11

2022-11-09 Thread Andrej Shadura
Hi, Just a small update: I’m now confident we’re ready to go ahead with the actual transition. I’m still rebuilding some heavy packages that failed to build because of lack of disk space or RAM, but most of the other failures are unrelated to pkgconf, while remaining issues can be resolved late

Bug#1020799: Transition: pkg-config to pkgconf: next steps

2022-10-20 Thread Andrej Shadura
Hi all, I’ve been rebuilding packages with pkgconf for the past couple of weeks, and it looks very good so far: http://pkgconf-migration.debian.net/ I have identified and resolved some issues, and most of the build failures I’ve seen were not related to pkgconf itself, but were caused by exter

Bug#1020799: transition: pkg-config

2022-10-05 Thread Andrej Shadura
Hi, On Wed, 5 Oct 2022, at 10:22, Sebastian Ramacher wrote: >> I’m currently running a rebuild of all packages using pkg-config [2] to >> determine if there are issues that need addressing during this >> transition. So far I found one issue [3] that affects a couple of >> packages, I’m going to di

Bug#1020799: transition: pkg-config

2022-09-26 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, As described in [1], I’d like to go ahead with a replacing the Freedesktop.org implementation of pkg-config with pkgconf. This will involve pkgconf taking over the binary package pkg

Bug#987400: [Pkg-tcltk-devel] Bug#987397: tcltls: build conflict with openssl requires removal of too many packages

2021-04-24 Thread Andrej Shadura
Hi, On Sat, 24 Apr 2021, at 12:38, Graham Inggs wrote: > On Fri, 23 Apr 2021 at 13:12, Andrej Shadura wrote: > > I finally came back from lunch, the latest debdiff and the diffoscope > > output are attached. > > The diffoscope output of a no-change rebuild of 1.7.22-1

Bug#987400: [Pkg-tcltk-devel] Bug#987397: tcltls: build conflict with openssl requires removal of too many packages

2021-04-23 Thread Andrej Shadura
Hi, On Fri, 23 Apr 2021, at 12:25, Sergei Golovan wrote: > It's not necessary. I've just pushed the fix to Salsa. Can you ask the > release team for the freeze exception? Why are you so quick? :) Anyway, I guess you can post the updated debdiff this time around, the difference between yours and

Bug#987400: [Pkg-tcltk-devel] Bug#987397: tcltls: build conflict with openssl requires removal of too many packages

2021-04-23 Thread Andrej Shadura
Hi again, On Fri, 23 Apr 2021, at 12:16, Andrej Shadura wrote: > On Fri, 23 Apr 2021, at 12:13, Sergei Golovan wrote: > > No, it wouldn't. The point is that there's no need of any patch. An > > extra option in debian/rules should be sufficient. I'll try it today >

Bug#987400: [Pkg-tcltk-devel] Bug#987397: tcltls: build conflict with openssl requires removal of too many packages

2021-04-23 Thread Andrej Shadura
Hi, On Fri, 23 Apr 2021, at 12:13, Sergei Golovan wrote: > On Fri, Apr 23, 2021 at 1:07 PM Andrej Shadura wrote: > > > Currently, tcltls conflicts with openssl because it tries to generate > > > DH pair on the fly, > > > which sometimes fails due to lack of

Bug#986411: unblock: pristine-lfs/20210404.0-2

2021-04-06 Thread Andrej Shadura
On Mon, 05 Apr 2021 15:26:04 +0200 Andrej Shadura wrote: > retitle 986411 unblock: pristine-lfs/20210404.0-2 > thanks > > Chris has reported a bug (#986446): test results XML file was > shipped with the package; I have now fixed that bug with an extra upload. Please find attac

Bug#986411: unblock: pristine-lfs/20210404.0-1

2021-04-05 Thread Andrej Shadura
/pristine-lfs Author: Andrej Shadura diff --git a/debian/changelog b/debian/changelog index 9804ad5..1afd619 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pristine-lfs (20210404.0-1) unstable; urgency=medium + + * New upstream release. + + -- Andrej Shadura Sun, 04 Apr 2021

Bug#959661: buster-pu: package borgbackup/1.1.9-2+deb10u1

2020-07-16 Thread Andrej Shadura
Hi, On Thu, 16 Jul 2020, at 01:27, Cyril Brulebois wrote: > Hi Andrej, > > Andrej Shadura (2020-05-03): > > I’m proposing to upload an upstream patch fixing an index corruption > > in borgbackup leading to a data loss, see #953615. > > I know stretch is about

Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

2020-07-11 Thread Andrej Shadura
Hi, On Fri, 10 Jul 2020, at 19:13, Moritz Mühlenhoff wrote: > Let's remove it for the upcoming 10.5 update, then? Sure. -- Cheers, Andrej

Bug#949367: stretch-pu: package wpa/2:2.4-1+deb9u5

2020-07-07 Thread Andrej Shadura
Control: retitle -1 stretch-pu: package wpa/2:2.4-1+deb9u6 Hi, On Sun, 5 Jul 2020, at 18:08, Cyril Brulebois wrote: > Andrej Shadura (2020-05-03): > > Oh, I somehow forgot about it. Please see attached debdiff; I have > > also added the same minor fix I wanted to push into

Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

2020-05-04 Thread Andrej Shadura
On Mon, May 04, 2020 at 06:33:26PM +0200, Julien Cristau wrote: > > I think in this case it’s okay because of this NEWS entry: > > > > https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/ > I'm not sure how that makes it any better? NEWS is shown on upgrade at > best, so anyone in

Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

2020-05-04 Thread Andrej Shadura
On Mon, May 04, 2020 at 03:35:25PM +0200, Julien Cristau wrote: > On Mon, May 04, 2020 at 03:30:53PM +0200, Andrej Shadura wrote: > > Synapse 0.99 was never meant to be a properly usable release in buster, > > and it was only included as some sort of a plug to make upgrades a tiny

Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

2020-05-04 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Synapse 0.99 was never meant to be a properly usable release in buster, and it was only included as some sort of a plug to make upgrades a ti

Bug#959661: buster-pu: package borgbackup/1.1.9-2+deb10u1

2020-05-03 Thread Andrej Shadura
/debian/changelog b/debian/changelog index 8e7373a9..db6133f9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +borgbackup (1.1.9-2+deb10u1) buster; urgency=medium + + * Fix index corruption bug leading to data loss (Closes: #953615). + + -- Andrej Shadura Sun, 03 May 2020 17:20

Bug#949367: stretch-pu: package wpa/2:2.4-1+deb9u5

2020-05-03 Thread Andrej Shadura
0080 (CVE-2019-16275) + * Add an upstream patch to fix the MAC randomisation issue with some cards +(LP: #1867908, Closes: #954457) + + -- Andrej Shadura Sun, 03 May 2020 15:40:34 +0200 + wpa (2:2.4-1+deb9u4) stretch-security; urgency=high * SECURITY UPDATE (2019-5): diff --git a/debian/patches/

Bug#954838: buster-pu: package wpa/2:2.7+git20190128+0c1e29f-6+deb10u2

2020-03-24 Thread Andrej Shadura
On Tue, 24 Mar 2020 11:33:57 +0100 Andrej Shadura wrote: Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I’m proposing to upload a couple of upstream patches improving Wi

Bug#954838: buster-pu: package wpa/2:2.7+git20190128+0c1e29f-6+deb10u2

2020-03-24 Thread Andrej Shadura
randomisation issue with some cards. + LP: #1867908. + + -- Andrej Shadura Tue, 24 Mar 2020 11:26:58 +0100 + wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium * SECURITY UPDATE: diff --git a/debian/patches/series b/debian/patches/series index 8056df6..6e716ec 100644 --- a

Bug#949367: stretch-pu: package wpa/2:2.4-1+deb9u5

2020-01-20 Thread Andrej Shadura
/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +wpa (2:2.4-1+deb9u5) stretch; urgency=medium + + * SECURITY UPDATE: +- AP mode PMF disconnection protection bypass. + More details: + + https://w1.fi/security/2019-7/ + Closes: #940080 (CVE-2019-16275) + + -- Andrej Shadura Mon, 13

Bug#929519: unblock: matrix-synapse/0.99.5.1-2

2019-06-09 Thread Andrej Shadura
Hi again, On Wed, 29 May 2019 at 23:48, Andrej Shadura wrote: > On Wed, 29 May 2019 at 23:43, Paul Gevers wrote: > > You're not going to like it. > > > > 381 files changed, 20100 insertions(+), 16629 deletions(-) > > > > This isn't re-viewable a

Bug#929519: unblock: matrix-synapse/0.99.5.1-2

2019-05-29 Thread Andrej Shadura
Hi, On Wed, 29 May 2019 at 23:43, Paul Gevers wrote: > You're not going to like it. > > On Sat, 25 May 2019 12:46:12 +0100 Andrej Shadura > wrote: > > I’m attaching a git diff between patches-applied trees of 0.99.2-5 > > currently in buster and 0.99.5.1-1 c

Bug#929519: unblock: matrix-synapse/0.99.5.1-2

2019-05-25 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package matrix-synapse. Originally, 0.99 was meant to be the last version before 1.0, but due to a bunch of issues discovered since then, some of them security-related, new i

Bug#928608: unblock: matrix-synapse/0.99.2-5

2019-05-07 Thread Andrej Shadura
0.0.0.0 and :: by default for URL previews + + -- Andrej Shadura Fri, 03 May 2019 22:26:41 +0200 + matrix-synapse (0.99.2-4) unstable; urgency=medium [ Antoine Beaupré ] diff --git a/debian/patches/blacklist-localhost-by-default-for-URL-previews.patch b/debian/patches/blacklist-localhost-by

Bug#928081: unblock: matrix-synapse/0.99.2-3.1

2019-04-27 Thread Andrej Shadura
On Sat, 27 Apr 2019 12:30:03 -0400 Antoine Beaupre wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package matrix-synapse > > The package currently in buster generates gigabytes of logs which can > easi

Bug#927111: unblock: wpa/2:2.7+git20190128+0c1e29f-4

2019-04-15 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the package wpa. This upload fixes a security vulnerability in WPA3-Personal and EAP (#926801): - CVE-2019-9494: SAE cache attack against ECC groups (VU#871675) - CVE-2019

Bug#927110: unblock: python-darkslide/4.0.1-2

2019-04-15 Thread Andrej Shadura
hangelog b/debian/changelog index 6f748d7..7f718d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +python-darkslide (4.0.1-2) unstable; urgency=medium + + * Support python-markdown >= 3 (Closes: #923977). + * Bump the python3-markdown build dependency. + + -- Andrej Shadura

Bug#924732: unblock: matrix-synapse/0.99.2-3

2019-03-24 Thread Andrej Shadura
Control: reopen -1 Control: retitle -1 unblock: matrix-synapse/0.99.2-2 On Sun, 17 Mar 2019 at 08:51, Niels Thykier wrote: > > Andrej Shadura: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags:

Bug#924732: unblock: matrix-synapse/0.99.2-2

2019-03-16 Thread Andrej Shadura
by the user running synapse +(Closes: #923573). + * No longer enable webclient by default (Closes: #923574). + * Print a warning when the server name has not been set (Closes: #923586). + * Update NEWS with a note on .well-known vs SRV. + + -- Andrej Shadura Sat, 16 Mar 2019 16:48:56 +0100

Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3

2019-03-15 Thread Andrej Shadura
OpenSSL 1.1+ (Closes: #924632). + + -- Andrej Shadura Fri, 15 Mar 2019 17:44:51 +0100 + wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium * Apply an RFC patch to work around big endian keyidx. diff --git a/debian/hostapd.init b/debian/hostapd.init index 6151f22..0d2e970 100644 --- a

Re: Processed: retitle 924157 to RM: openhft-chronicle-threads/1.1.6-1

2019-03-15 Thread Andrej Shadura
Hi, On Sun, 10 Mar 2019 at 00:27, Debian Bug Tracking System wrote: > > retitle 924157 RM: openhft-chronicle-threads/1.1.6-1 Apparently, this can now be closed since Tony Mancill has fixed the RC bug in openhft-chronicle-threads. -- Cheers, Andrej

Bug#924112: RM: node-xterm/2.7.0+ds1-1

2019-03-09 Thread Andrej Shadura
Control: tag -1 buster Hi, The pending jupyter-notebook 5.7.4-2 upload will have removed the build dependency on node-xterm, at which point node-xterm can be temoved from testing. -- Cheers, Andrej

Bug#924089: RM: openhft-chronicle-threads/1.1.6-1

2019-03-09 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This package fails to build from source (#917738), and unlike with some other openhft packages, I am not able to get it fixed. I’ve spent days fix

Bug#924084: RM: jasperreports/6.3.1-2

2019-03-09 Thread Andrej Shadura
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Current jasperreports in Debian fails to build from source with all Java versions starting from 9 due to the Java modules issue (see #912467), and

Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2

2018-08-09 Thread Andrej Shadura
Hi, On 9 August 2018 at 09:31, Andrej Shadura wrote: > I would like to fix CVE-2018-14526 (#905739) in stable: [snip] > This is a low priority security issue, and doesn't require a DSA. > > [0] https://security-tracker.debian.org/tracker/CVE-2018-14526 I forgot to mention I d

Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2

2018-08-09 Thread Andrej Shadura
=high + + * SECURITY UPDATE: +- CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data + (Closes: #905739) + + -- Andrej Shadura Thu, 09 Aug 2018 09:23:49 +0200 + wpa (2:2.4-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru wp