Heya, please consider unblocking the following packages: unblock sane-backends/1.0.22-7.4 unblock openssh-blacklist/0.4.1+nmu1 unblock ghostscript/9.05~dfsg-6.1 The debdiffs are attached below. First two only change compression to xz, the last one (ghostscript) also includes a security fix. ================================================================================ --- sane-backends-1.0.22/debian/changelog 2012-07-15 21:08:06.000000000 +0000 +++ sane-backends-1.0.22/debian/changelog 2012-09-17 14:44:10.000000000 +0000 @@ -1,3 +1,10 @@ +sane-backends (1.0.22-7.4) unstable; urgency=low + + * Non-maintainer upload. + * Compress all binaries with xz to free up some space on CD#1. + + -- Cyril Brulebois <kibi@debian.org> Mon, 17 Sep 2012 16:44:07 +0200 + sane-backends (1.0.22-7.3) unstable; urgency=low * Non-maintainer upload. --- sane-backends-1.0.22/debian/rules 2011-07-20 17:38:10.000000000 +0000 +++ sane-backends-1.0.22/debian/rules 2012-09-17 14:43:45.000000000 +0000 @@ -182,7 +182,7 @@ dh_shlibdeps dh_gencontrol dh_md5sums - dh_builddeb + dh_builddeb -- -Zxz binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install autotools ================================================================================ --- openssh-blacklist-0.4.1/debian/changelog 2008-05-29 16:56:47.000000000 +0000 +++ openssh-blacklist-0.4.1+nmu1/debian/changelog 2012-09-22 00:35:22.000000000 +0000 @@ -1,3 +1,10 @@ +openssh-blacklist (0.4.1+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Compress all binaries with xz (Closes: #687267). + + -- Cyril Brulebois <kibi@debian.org> Sat, 22 Sep 2012 02:35:19 +0200 + openssh-blacklist (0.4.1) unstable; urgency=low * debian/openssh-blacklist{,-extra}.preinst: Correctly clean up old --- openssh-blacklist-0.4.1/debian/rules 2008-05-29 16:53:42.000000000 +0000 +++ openssh-blacklist-0.4.1+nmu1/debian/rules 2012-09-22 00:34:53.000000000 +0000 @@ -69,7 +69,7 @@ dh_shlibdeps dh_gencontrol dh_md5sums - dh_builddeb -- -Zbzip2 + dh_builddeb -- -Zxz binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure ================================================================================ --- ghostscript-9.05~dfsg/debian/changelog 2012-05-24 18:02:46.000000000 +0000 +++ ghostscript-9.05~dfsg/debian/changelog 2012-09-21 23:22:02.000000000 +0000 @@ -1,3 +1,13 @@ +ghostscript (9.05~dfsg-6.1) unstable; urgency=high + + * Non-maintainer upload. + * Apply security patch for CVE-2012-4405 (Closes: #687274): error out if + inputChan is strictly less than 1 in icmLut_read(), thanks to Nico + Golde for the pointers. + * Enable xz compression for all binaries (Closes: #687300). + + -- Cyril Brulebois <kibi@debian.org> Sat, 22 Sep 2012 01:18:12 +0200 + ghostscript (9.05~dfsg-6) unstable; urgency=low * Fix symlink to DroidSans. --- ghostscript-9.05~dfsg/debian/patches/CVE-2012-4405.patch 1970-01-01 00:00:00.000000000 +0000 +++ ghostscript-9.05~dfsg/debian/patches/CVE-2012-4405.patch 2012-09-21 23:17:58.000000000 +0000 @@ -0,0 +1,14 @@ +--- a/icclib/icc.c ++++ b/icclib/icc.c +@@ -4996,6 +4996,11 @@ static int icmLut_read( + p->clutPoints = read_UInt8Number(bp+10); + + /* Sanity check */ ++ if (p->inputChan < 1) { ++ sprintf(icp->err,"icmLut_read: No input channels!"); ++ return icp->errc = 1; ++ } ++ + if (p->inputChan > MAX_CHAN) { + sprintf(icp->err,"icmLut_read: Can't handle > %d input channels\n",MAX_CHAN); + return icp->errc = 1; --- ghostscript-9.05~dfsg/debian/patches/series 2012-05-24 16:57:49.000000000 +0000 +++ ghostscript-9.05~dfsg/debian/patches/series 2012-09-21 23:13:15.000000000 +0000 @@ -6,3 +6,4 @@ 2001_docdir_fix_for_debian.patch 2002_gs_man_fix_debian.patch 2003_support_multiarch.patch +CVE-2012-4405.patch --- ghostscript-9.05~dfsg/debian/rules 2012-05-24 18:02:46.000000000 +0000 +++ ghostscript-9.05~dfsg/debian/rules 2012-09-21 23:22:34.000000000 +0000 @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +# Use xz compression: +DEB_DH_BUILDDEB_ARGS ?= -u-Zxz + # This needs to run before cdbs auto-update debian/control:: debian/control.in DEB_PHONY_RULES += debian/control.in ================================================================================ Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature