Mathieu Parent | 28 Jan 21:43 2015
Picon

Bug#776510: pre-unblock: ctdb/2.5.4+debian0-4

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

I just want to make sure I could upload a new CTDB to sid...

I prepared (see attached patch and [git]) a new ctdb version, which fixes an
important bug: Before the patch, systemd was not be aware of the ctdb.service
file after upgrade from wheezy (#774328).

The patch ensure that ctdb.service is copied before dh_systemd_enable.

Summary: the bug is not critical (it can be workarounded by running
"systemctl daemon-reload"), but the patch is simple.

It will be:
unblock ctdb/2.5.4+debian0-4

[git]: commits since -3 at http://anonscm.debian.org/cgit/pkg-samba/ctdb.git/log/

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
(Continue reading)

Victor Seva | 28 Jan 21:38 2015

Bug#776508: (preapproval) unblock: kamailio/4.2.0-2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock security

Please unblock package kamailio

A security bugreport was reported #775681 [0] by Helmut Grohne <helmut <at> subdivi.de>
regarding two issues:

>  * kamcmd defaults to connecting to unixs:/tmp/kamailio_ctl.

- added default_ctl.patch.
  ctl defaults to /var/run/kamailio/kamailio_ctl.
  add ctl binrpc module parameter to etc/kamailio/kamailio*cfg
  to point this change.

>  * The kamailio build definitely is vulnerable as can be seen in
>    utils/kamctl/Makefile.

- kamctl_build.patch.
  use basedir instead of /tmp
  Patch already accepted by upstream [1]

There is an ongoing discussion with upstream about default configs at [2].

So this version will fix those issues. Notice that this version will include
fixes pushed by Anibal Monsalve Salazar <anibal <at> debian.org> as Non-maintainer upload
4.2.0-1.1 regarding FTBFS on mipsel and mips #767500

(Continue reading)

Anton Gladky | 28 Jan 21:01 2015
Picon

Bug#776507: (pre-approval) unblock: gnuplot/4.6.6-2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Dear release team,

please consider an approving an upload of a package gnuplot.

Though it fixes an important bug #776434,  I think it should
be fixed in Jessie. There was a mistake in update-alternatives
handling. After installing gnuplot and gnuplot5, the help
for gnuplot disappeared.

Gnuplot has a very large popcon value (>71k). I think it is
important to have a working help for this package.

Proposed diff is attached.

unblock gnuplot/4.6.6-2

Thank you

Anton
Attachment (diff): text/x-diff, 3381 bytes
Roland Rosenfeld | 28 Jan 20:02 2015
Picon

Bug#776504: unblock: privoxy/3.0.21-7

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package privoxy/3.0.21-7

I just uploaded privoxy 3.0.21-7, which should fix CVE-2015-1380,
CVE-2015-1381 and CVE-2015-1381, which are reported in #776490.

A debdiff between 3.0.21-5 and 3.0.21-7 is attached.
(I jumped over 3.0.21-6 since I mixed up the CVE number of the last
patch in there).

It contains 3 quilt patches, which are extracted from upstream 3.0.23.

Greetings

        Roland
Attachment (3.0.21-7.diff): text/x-diff, 8 KiB
Patrick Matthäi | 28 Jan 19:22 2015
Picon

Bug#776408: unblock: geoip-database/20141027-2

Am 27.01.2015 um 19:54 schrieb Niels Thykier:
> On 2015-01-27 19:31, Patrick Matthäi wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian.org <at> packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package geoip-database
>>
>> It fixes the RC bug #775638
>>
>> [...]
>>
> 
> Unblocked, thanks.
> 
> ~Niels
> 
> 

Much thanks for your unblocks.

Is there still a chance - like last release - to upload and unblock a
new database version? Surely after this release entered jessie and after
that with 10day-aging.

This is meant as "pre-approval" request :)

--

-- 
/*
(Continue reading)

Emmanuel Bourg | 28 Jan 16:47 2015
Picon

Bug#776486: unblock: guacamole-client/0.8.3-1.1

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package guacamole-client. This update replaces the dependency
on tomcat6 which is going away with tomcat8.

Thank you

unblock guacamole-client/0.8.3-1.1

diff -Nru guacamole-client-0.8.3/debian/changelog guacamole-client-0.8.3/debian/changelog
--- guacamole-client-0.8.3/debian/changelog     2013-09-20 23:34:37.000000000 +0200
+++ guacamole-client-0.8.3/debian/changelog     2015-01-28 15:57:12.000000000 +0100
 <at>  <at>  -1,3 +1,10  <at>  <at> 
+guacamole-client (0.8.3-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Depend on tomcat8 instead of tomcat6 (Closes: #759621)
+
+ -- Emmanuel Bourg <ebourg <at> apache.org>  Wed, 28 Jan 2015 14:49:45 +0100
+
 guacamole-client (0.8.3-1) unstable; urgency=low

   * Merge changes from 0.8.3
diff -Nru guacamole-client-0.8.3/debian/control guacamole-client-0.8.3/debian/control
--- guacamole-client-0.8.3/debian/control       2013-09-20 20:27:51.000000000 +0200
+++ guacamole-client-0.8.3/debian/control       2015-01-28 15:45:46.000000000 +0100
 <at>  <at>  -13,7 +13,7  <at>  <at> 
(Continue reading)

Thomas Goirand | 28 Jan 14:01 2015
Picon

Bug#776475: unblock: openstack-debian-images/1.2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Dear release team,

Here's the list of changes I would like to see in Jessie:
- By default, the script was using a 1GB HDD, but this is no longer enough to
build a Jessie image (it crashes during the initrd creation), even if after
cleaning /var/cache/apt, the final image is less than 500 MB. So I have
increased the default HDD size to 2GB. Note that under a normal use, the HDD
is automatically resized to whatever is the size of the instance HDD, so the
minimum HDD sice in the image is just the right thing to do.

- Because the script traps errors, it was exiting with zero even in case of
errors. This last upload fixes that (this is a trivial 2 lines patch inside
the cleanup() function).

- I added stretch and buster as allowed release names when building an image.

- I added (as documentation) the hook script used by Steve McIntyre to generate
the official Debian images on cdimage.debian.org [1]

All of these changes, taken individually, are very small and I believe easy to
review, but it's IMO important to have them as the script is now used during
the generation of ISO images at cdimage.d.o. So I don't think it's a problem
to ask for an unblock.

Please unblock unblock openstack-debian-images/1.2. Debdiff attached.
(Continue reading)

Luigi Gangitano | 28 Jan 13:24 2015
Picon

Bug#776472: unblock: squid3/3.4.8-6

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package squid3

Version 3.4.8-6 includes upstream fixes for 4 critical bugs (two high CPU/memory usage and two minor
security issues) and a major usability issue in squidclient on default installation with localhost
linked to both IPv4 and IPv6 addresses.

Debdiff follows.

diff -Nru squid3-3.4.8/debian/changelog squid3-3.4.8/debian/changelog
--- squid3-3.4.8/debian/changelog	2014-12-16 14:33:14.000000000 +0100
+++ squid3-3.4.8/debian/changelog	2015-01-28 12:59:07.000000000 +0100
 <at>  <at>  -1,3 +1,27  <at>  <at> 
+squid3 (3.4.8-6) unstable; urgency=medium
+
+  [ Luigi Gangitano <luigi <at> debian.org> ]
+  * debian/patches/31-squid-3.4-13199.patch
+    - Added upstream patch fixing excessive CPU usage (Closes: #776461)
+
+  * debian/patches/32-squid-3.4-13210.patch
+    - Added upstream patch fixing excessive CPU and memory usage in 
+      NTLM and Negotiate authentication helpers (Closes: #776463) 
+
+  * debian/patches/33-squid-3.4-13211.patch
+    - Added upstream patch fixing a possible replay vulnerability on Digest
+      authentication (Closes: #776464)
(Continue reading)

Debian Bug Tracking System | 28 Jan 11:36 2015
Picon

Processed: retitle 776204 to unblock: python-django/1.7.1-1.1

Processing commands for control <at> bugs.debian.org:

> # Revert bug title to original correct version
> retitle 776204 unblock: python-django/1.7.1-1.1
Bug #776204 [release.debian.org] unblock: python-django/1.7.1-1.1 (multiple CVE fixes)
Changed Bug title to 'unblock: python-django/1.7.1-1.1' from 'unblock: python-django/1.7.1-1.1
(multiple CVE fixes)'
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
776204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776204
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Raphael Hertzog | 28 Jan 09:50 2015
Picon

Bug#776458: unblock: dolibarr/3.5.5+dfsg1-1

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package dolibarr

Version 3.5.5+dfsg1-1 fixes a security issue: CVE-2014-7137 (Closes: #770313)

That version contains changes unrelated to the above security fix but
all the changes are only bugfixes. This version has been in sid since
early december and no new problems have been reported.

I believe it's safe to unblock it.

unblock dolibarr/3.5.5+dfsg1-1

I attach the debdiff anyway.

-- System Information:
Debian Release: 8.0
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
(Continue reading)

Salvatore Bonaccorso | 28 Jan 06:46 2015
Picon

Bug#776453: unblock: jasper/1.900.1-debian1-2.4

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Hi Release Team,

Could you please unblock the package jasper, the changelog reads as

> jasper (1.900.1-debian1-2.4) unstable; urgency=high
> 
>   * Non-maintainer upload.
>   * Add 07-CVE-2014-8157.patch patch.
>     CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot().
>     (Closes: #775970)
>   * Add 08-CVE-2014-8158.patch patch.
>     CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
> 
>  -- Salvatore Bonaccorso <carnil <at> debian.org>  Thu, 22 Jan 2015 17:09:24 +0100

and fixes two CVEs which were already addressed in DSA-3138-1:

 https://www.debian.org/security/2015/dsa-3138

unblock jasper/1.900.1-debian1-2.4

Attached is also the full debdiff for the version in unstable.

Thanks in advance!

(Continue reading)


Gmane