Steven Chamberlain | 31 Oct 12:43 2014

Final kfreebsd-10 upload before freeze?

Hi,

kfreebsd-10 migrated last night;  is there a chance another upload of
the kernel could go into sid and be aged in before the freeze starts?

> +kfreebsd-10 (10.1~svn273874-1) UNRELEASED; urgency=medium
> +
> +  * Upload to unstable
> +  * New upstream snapshot of 10.1-RC4

FreeBSD.org hasn't published an announcement for RC4 yet, which would
explain the changes in more detail, but there were only a few bugfixes
applied:
  - revert a GEOM optimisation that possibly caused data corruption in
some environments
  - fix ATA CF ERASE
  - something corrected in the HyperV drivers
  - unspecified bug fixed in Intel EPT and in VMM
(from
http://www.freshbsd.org/search?project=freebsd&q=file.name%3Areleng%2F10.1%2Fsys)

and also bring in the following changes, already in experimental:

>    * New upstream snapshot of 10.1-RC3+
>      - Fix memory leak in sandboxed namei lookup. [SA-14:22]
>        (CVE-2014-3711) (Closes: #766278)
>    * Symlink to drm2.ko as provider of drmn.ko dependency, for *kms
>      modules (Closes: #731182)
>    * NEWS: advise to reboot after upgrading kernel and userland tools
>      from wheezy (Closes: #765588)
(Continue reading)

Julien Cristau | 31 Oct 12:38 2014
Picon

Re: Freeze exception for haproxy

[restoring list cc, didn't mean to drop it in my first reply]

On Fri, Oct 31, 2014 at 12:26:44 +0100, Vincent Bernat wrote:

> I was asking before doing any work to know if I can package the new
> upstream version (because we are still early in the freeze) or start
> cherry-picking fixes.
> 
Then you can ask again after you have a tested package.

Thanks,
Julien
Sebastian Geiger | 31 Oct 11:43 2014
Picon
Picon

Bug#767476: transition: tilda

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertrags: transition

Dear Release Team,

please transition tilda 1.2.2-1 from unstable to testing. The current 
version in testing is 1.1.12-1 and the 1.2 release introduces a number 
of improvements that I would like to see in testing. Unfortunately with 
the 10 day transition time, the upload happend too late for the package 
to be automatically transitioned to testing.

Tilda is a small program which no other programs or libraries depend on 
and thus its transition should not have any impact on other programs.

If you need additional information, please let me know.

Thanks for your time.
Sebastian

Timo Aaltonen | 31 Oct 11:11 2014
Picon

Bug#767470: unblock: freeipa/4.0.4-2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package freeipa

So I forgot to check that the packages install on a fresh sid install,
added three missing python module deps.

Current default apache2 install enables mod_authz_user and mod_deflat,
but old installations might not have them, so enable them on postinst
but don't disable on prerm.

Also bump the libapache2-mod-nss dependency to match the version which
doesn't enable the module by default.

diff --git a/debian/changelog b/debian/changelog
index ac68a28..dabda80 100644
--- a/debian/changelog
+++ b/debian/changelog
 <at>  <at>  -1,3 +1,15  <at>  <at> 
+freeipa (4.0.4-2) unstable; urgency=medium
+
+  * control: Add python-qrcode, python-selinux, python-yubico
+    to freeipa-server dependencies. (Closes: #767427)
+  * freeipa-server.postinst: Enable mod_authz_user and mod_deflate too,
+    but since they should be part of the default apache2 install, don't
+    disable them on uninstall like the other modules. (Closes: #767425)
+  * control: Bump server dependency on -mod-nss to 1.0.10-2 which
(Continue reading)

Timo Aaltonen | 31 Oct 10:28 2014
Picon

Bug#767467: unblock: libapache2-mod-nss/1.0.10-2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package libapache2-mod-nss

This module should not be enabled by default, since it'd leave
port 8443 open. That also interferes with freeipa-server setup
script which tests that the port is available for certificate
authority, and will fail if it's not.

I simply forgot to push this change to sid before last weekend..

diff --git a/debian/changelog b/debian/changelog
index ccaf094..d027154 100644
--- a/debian/changelog
+++ b/debian/changelog
 <at>  <at>  -1,3 +1,9  <at>  <at> 
+libapache2-mod-nss (1.0.10-2) unstable; urgency=medium
+
+  * rules: Don't enable the module by default.
+
+ -- Timo Aaltonen <tjaalton <at> debian.org>  Tue, 28 Oct 2014 15:11:45 +0200
+
 libapache2-mod-nss (1.0.10-1) unstable; urgency=medium

   * mod_nss-conf.patch: Fix IfModule header so it'll actually load when
diff --git a/debian/rules b/debian/rules
index 7a0cdaf..7b44508 100755
(Continue reading)

Timo Aaltonen | 31 Oct 10:15 2014
Picon

Bug#767466: unblock: sssd/1.11.7-2

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package sssd

I've uploaded a new package yesterday, which reverts the daemon defaults
to what they were before 1.11.5-1. Upstream has fixed the bug that forced
the original change, especially for upstart.

The other changes are fixes to allow it to build against current automake
and samba. Git diff follows:

diff --git a/debian/changelog b/debian/changelog
index 6d91713..18d8788 100644
--- a/debian/changelog
+++ b/debian/changelog
 <at>  <at>  -1,3 +1,14  <at>  <at> 
+sssd (1.11.7-2) unstable; urgency=medium
+
+  * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the
+    workaround to run the daemon in the foreground. (Closes: #760353)
+  * fix-automake-compat.diff: Added an upstream commit to fix configure
+    with new automake.
+  * fix-catchchild.diff: Fix build failure with samba 4.1.13, bump
+    samba-dev build-dependency to match.
+
+ -- Timo Aaltonen <tjaalton <at> debian.org>  Thu, 30 Oct 2014 14:49:05 +0200
+
(Continue reading)

Vincent Bernat | 31 Oct 10:34 2014
Picon

Freeze exception for haproxy

Hi!

HAProxy is currently at version 1.5.6 in testing. There are two major
bugs fixed in 1.5.7 and 1.5.8 along with more minor bugs as well as a
security-related feature to allow the user to globally chose to
enable/disable some SSL options (for example, disable SSLv3).

If uploading now in unstable, the freeze will happen before the package
is able to migrate to testing. Since the upstream changes are only bug
fixes and one TLS-related feature to help people disable SSLv3, would it
be OK to get a freeze exception once the package is ready to migrate to
testing?

List of changes:

e31de8336dff BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped
764d6f762a22 BUG/BUILD: revert accidental change in the makefile from latest SSL fix
0539ba3c354a [RELEASE] Released version 1.5.7
8068b0346705 BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
42a3e202504a MINOR: ssl: add statement to force some ssl options in global.
b3cc425b486c MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs
fab22300fee8 BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
4785570d3233 BUG/MEDIUM: regex: fix pcre_study error handling
a94af2cebb4e BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
17f7707c87f2 BUG/MINOR: log: fix request flags when keep-alive is enabled
e309ab7a18a4 BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
8767b135d6fb BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR

http://git.haproxy.org/?p=haproxy-1.5.git

(Continue reading)

أحمد المحمودي | 31 Oct 08:09 2014
Picon
Picon

Bug#767454: unblock: fribidi/0.19.6-3

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package fribidi

Reason:
  * Passed --enable-malloc to configure to avoid crashes when using fribidi in
    multiple libraries concurrently.
    (LP: #1376331)

Debdiff attached.

unblock fribidi/0.19.6-3

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--

-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
(Continue reading)

Debian Bug Tracking System | 31 Oct 04:57 2014
Picon

Processed: tagging 767398

Processing commands for control <at> bugs.debian.org:

> tags 767398 - moreinfo
Bug #767398 [release.debian.org] unblock: itools/1.0-4
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
767398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767398
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Debian Bug Tracking System | 31 Oct 04:48 2014
Picon

Processed: tagging 767340

Processing commands for control <at> bugs.debian.org:

> tags 767340 - moreinfo
Bug #767340 [release.debian.org] unblock: harfbuzz/0.9.35-2
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
--

-- 
767340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767340
Debian Bug Tracking System
Contact owner <at> bugs.debian.org with problems

Scott Kitterman | 31 Oct 02:31 2014

Bug#767436: unblock: postfix/2.11.3-1

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

Please unblock package postfix

Postfix 2.11.2 introduced a Sendmail milter compatibility change that proved
to be less than ideal.  2.11.3 was released shortly after with a more
complete/correct approach.  Except for an OS X build system compatibility fix
that is irrelevant to Debian there are no other changes.  

I've coordinated this request with Lamont Jones (the maintainer) and am
submitting this at his request.  We believe this is an important change to
get into Jessie.  It resolves a number of integration/compatibility problems
that have been prominently discussed in the postfix community recently.

The attached diff is the upstream 2.11.2 -> 2.11.3 diff since Lamont is
handling the packaging and I don't have the full debdiff.  The final diff
will be the attached plus a debian/changelog entry.

unblock postfix/2.11.3-1

Gmane