Matteo F. Vescovi | 27 May 14:24 2015
Picon

Bug#786982: jessie-pu: package libraw/0.16.0-9+deb8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org <at> packages.debian.org
Usertags: pu

Dear Release Team,

I'd like to upload a new version of libraw to stable/jessie.

LibRaw package in jessie is 0.16.0-9 at the moment and it's affected by
the security issue stated in CVE-2015-3885[1], as reported in #786788
(also affecting wheezy and I'll prepare a wheezy pu for that too).

Upstream already fixed the problem in 0.16.1 version and released it on
May 11th; after that, another minor release has been made (namely,
0.16.2 released on May 16th) and I've used the latter to fix the
security hole in unstable and testing, eventually.

Debian Security Team marked the issue as "no-DSA"[3], so no need to go
through the Debian Security procedures but a simple proposed-update via
the Debian Release Team.

Cherry-picking and adapting the fixing git commit[2], I've prepared a
new libraw 0.16.0-9+deb8u1 package bundling the new patch.

Attached, you'll find a debdiff for it.

Thanks for considering.

(Continue reading)

Dominic Hargreaves | 27 May 12:03 2015
Picon

auto-perl transition

Hi,

Thanks for setting up this automatic perl transition tracker:

https://release.debian.org/transitions/html/auto-perl.html

However, it's not quite correct at the moment; it has picked up the
new perl-modules-5.22 package as being relevant, which it isn't
(packages other than perl and libperl5.22 shouldn't depend on it).
The correct patterns for tracking this transition are:

Affected: .depends ~ /libperl5\.22|perlapi\-5\.22|libperl5\.20|perlapi\-5\.20/
Good: .depends ~ /libperl5\.22|perlapi\-5\.22/
Bad: .depends ~ /libperl5\.20|perlapi\-5\.20/

Cheers,
Dominic.

Debian FTP Masters | 27 May 09:47 2015
Picon

NEW changes in stable-new

Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_allonly.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_amd64.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_arm64.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_armel.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_armhf.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_i386.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_mips.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_mipsel.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_powerpc.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_ppc64el.changes
  ACCEPT
Processing changes file: ntfs-3g_2014.2.15AR.2-1+deb8u2_s390x.changes
  ACCEPT
Processing changes file: usemod-wiki_1.0.5-3+deb8u1_amd64.changes
  ACCEPT

Debian Bug Tracking System | 27 May 09:54 2015
Picon

Processed: Re: Bug#786919: wheezy-pu: package exactimage/0.8.5-5+deb7u4

Processing commands for control <at> bugs.debian.org:

> tags 786919 - pending
Bug #786919 [release.debian.org] wheezy-pu: package exactimage/0.8.5-5+deb7u4
Ignoring request to alter tags of bug #786919 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
786919: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786919
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian Bug Tracking System | 27 May 09:48 2015
Picon

Processed: tagging 786919

Processing commands for control <at> bugs.debian.org:

> tags 786919 - pending
Bug #786919 [release.debian.org] wheezy-pu: package exactimage/0.8.5-5+deb7u4
Removed tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
786919: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786919
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian FTP Masters | 27 May 09:32 2015
Picon

NEW changes in oldstable-new

Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_amd64.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_armel.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_armhf.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_i386.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_ia64.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_kfreebsd-amd64.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_kfreebsd-i386.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_mips.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_mipsel.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_powerpc.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_s390.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_s390x.changes
  ACCEPT
Processing changes file: ntfs-3g_2012.1.15AR.5-2.1+deb7u2_sparc.changes
  ACCEPT
Processing changes file: tiff_4.0.2-6+deb7u4_amd64.changes
  ACCEPT
Processing changes file: tiff_4.0.2-6+deb7u4_armel.changes
  ACCEPT
(Continue reading)

Debian FTP Masters | 27 May 01:32 2015
Picon

NEW changes in stable-new

Processing changes file: linux_3.16.7-ckt11-1_mipsel.changes
  ACCEPT

Troy Heber | 26 May 21:59 2015
Picon

Bug#786924: jessie-pu: package lastpass-cli

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org <at> packages.debian.org
Usertags: pu

The ssl certificate for lastpass.com was updated with a new SHA-256
certificate in April 2015 and the old SHA-1 certificate was removed.

https://blog.lastpass.com/2015/04/update-to-ssl-certificate-migrating-from-sha-1-to-sha-256.html/

The version 0.3.0 version of lastpass-cli in Jessie has the old
certificate which prevents the application from communicating with the
lastpass.com servers and keeps the application from functioning.

Bug #786862

The required patch simply updates the CA certificate.

diff --git a/thawte.pem b/thawte.pem
index 51285e3..998460f 100644
--- a/thawte.pem
+++ b/thawte.pem
 <at>  <at>  -1,19 +1,25  <at>  <at> 
 -----BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
(Continue reading)

Debian Bug Tracking System | 26 May 22:03 2015
Picon

Processed: retitle 786922 to jessie-pu: package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1

Processing commands for control <at> bugs.debian.org:

> retitle 786922 jessie-pu: package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1
Bug #786922 [release.debian.org] package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1
Changed Bug title to 'jessie-pu: package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1' from
'package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1'
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
786922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786922
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian Bug Tracking System | 26 May 21:57 2015
Picon

Processed: retitle 786922 to package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1

Processing commands for control <at> bugs.debian.org:

> retitle 786922 package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1
Bug #786922 [release.debian.org] jessie-pu: package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+debu8u1
Changed Bug title to 'package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+deb8u1' from 'jessie-pu:
package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+debu8u1'
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
786922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786922
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Ruben Undheim | 26 May 21:31 2015
Picon

Bug#786922: jessie-pu: package berkeley-abc/1.01+20140822hg4d547a5+dfsg-1+debu8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org <at> packages.debian.org
Usertags: pu

Hi,

I'd like to upload a fixed version of berkeley-abc. It fixes three
bugs. One of them is a fix for reproducibility. The other two are related
to malfunction on different architectures. All of them have been fixed in sid.

Let me know if it's ok to include the fixes for all the three bugs.

The full debdiff is below:

diff -Nru berkeley-abc-1.01+20140822hg4d547a5+dfsg/debian/changelog berkeley-abc-1.01+20140822hg4d547a5+dfsg/debian/changelog
--- berkeley-abc-1.01+20140822hg4d547a5+dfsg/debian/changelog   2014-09-19 16:21:45.000000000 +0200
+++ berkeley-abc-1.01+20140822hg4d547a5+dfsg/debian/changelog   2015-05-26 21:13:47.000000000 +0200
 <at>  <at>  -1,3 +1,14  <at>  <at> 
+berkeley-abc (1.01+20140822hg4d547a5+dfsg-1+debu8u1) stable-proposed-updates; urgency=medium
+
+  * Fixed "Broken on big-endian architectures" (Closes: #782027)
+    - (debian/patches/abc-bugfix-20150403.diff)
+  * Fixed memory alignment problem (Closes: #786916)
+    - (debian/patches/04_memory_alignment_fix.patch)
+  * Fixed FTBFS during reproducibility tests (Closes: 780449)
+    - (debian/patches/reproducibility.patch)
+
+ -- Ruben Undheim <ruben.undheim <at> gmail.com>  Tue, 26 May 2015 20:42:16 +0200
(Continue reading)


Gmane