Bug#926817: unblock: publicsuffix/20190329.0756-1

To: submit@bugs.debian.org
Subject: Bug#926817: unblock: publicsuffix/20190329.0756-1
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 10 Apr 2019 15:31:07 -0400
Message-id: <[🔎] 87a7gxbqtg.fsf@fifthhorseman.net>
Reply-to: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 926817@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Control: affects -1 src:publicsuffix

Please unblock package publicsuffix

The publicsuffix package contains up-to-date descriptions of the network
environment.  In addition to capturing the most recent state of the
DNS's public cutpoints, this update marks the correct level of debian
policy compliance (4.3.0) and moves to debhelper compat level 12 (no
changes to the generated tarball resulted from this shift in dh compat
level).

Buster should start off with an accurate state of the public network.

The debdiff is attached.

unblock publicsuffix/20190329.0756-1

Thanks for your work on Buster!

        --dkg

diff --git publicsuffix-20190221.0923-1/debian/changelog publicsuffix-20190329.0756-1/debian/changelog
index 818926d..6a336fc 100644
--- publicsuffix-20190221.0923-1/debian/changelog
+++ publicsuffix-20190329.0756-1/debian/changelog
@@ -1,3 +1,9 @@
+publicsuffix (20190329.0756-1) unstable; urgency=medium
+
+  * new upstream version
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 03 Apr 2019 22:49:31 -0400
+
 publicsuffix (20190221.0923-1) unstable; urgency=medium
 
   * new upstream version
diff --git publicsuffix-20190221.0923-1/debian/compat publicsuffix-20190329.0756-1/debian/compat
deleted file mode 100644
index b4de394..0000000
--- publicsuffix-20190221.0923-1/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git publicsuffix-20190221.0923-1/debian/control publicsuffix-20190329.0756-1/debian/control
index 683edff..f9f9dbe 100644
--- publicsuffix-20190221.0923-1/debian/control
+++ publicsuffix-20190329.0756-1/debian/control
@@ -3,10 +3,10 @@ Section: net
 Priority: optional
 Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Build-Depends:
- debhelper (>= 11~),
+ debhelper-compat (= 12),
  psl-make-dafsa,
  python3-minimal,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
 Homepage: https://publicsuffix.org
 Vcs-Browser: https://salsa.debian.org/debian/publicsuffix
 Vcs-Git: https://salsa.debian.org/debian/publicsuffix.git
diff --git publicsuffix-20190221.0923-1/debian/upstream-changes.txt publicsuffix-20190329.0756-1/debian/upstream-changes.txt
index f575c27..b85f949 100644
--- publicsuffix-20190221.0923-1/debian/upstream-changes.txt
+++ publicsuffix-20190329.0756-1/debian/upstream-changes.txt
@@ -1,3 +1,102 @@
+commit 826d762a078ae21cd8bb95fa8f38ae84bb3948e7
+Author: Rishabh <rishabh.nambiar@discourse.org>
+Date:   Fri Mar 29 00:56:08 2019 -0700
+
+    Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768)
+    
+    At Discourse (Civilized Discourse Construction Kit, Inc.), we host free
+    discussion forums for open source organizations under the `discourse.group` domain.
+    https://blog.discourse.org/2018/11/free-hosting-for-open-source-v2/
+    
+    Therefore, each subdomain of discourse.group should be treated as a distinct domain.
+    Website: https://www.discourse.org/
+    
+    As we host multiple forums under the discourse.group domain we'd like to add it to the PSL to:
+    
+    1. Ensure that each subdomain of discourse.group is treated as a distinct domain.
+    2. Adding cookie security.
+
+commit 1def5910a0c1db384691adf55f769de191b4f2b7
+Author: Vincent Fiduccia <vincent@rancher.com>
+Date:   Fri Mar 29 00:53:18 2019 -0700
+
+    Add on-rancher.cloud and on-rio.io (#779)
+    
+    We are adding a feature to automatically provide each user cluster with a <service name>.<random user-id>.on-rancher.cloud (and on-rio.io) DNS entry, so each user-id is a mutually untrusting third-party that should not be able to set cookies readable by each other. We also plan to provide Let's Encrypt wildcard certs for each user-id.
+
+commit 2b92a7f2c9c91f1141faea73d3ec2d429da18698
+Author: Boris Rybalkin <ribalkin@gmail.com>
+Date:   Fri Mar 29 07:49:12 2019 +0000
+
+    Syncloud dynamic dns service (#727)
+    
+    Syncloud DDNS server (syncloud.it) hosts user's DNS records and also has its own site at syncloud.it.
+    So In practice allthesebelong todifferent people:
+    user1.syncloud.it
+    user2.syncloud.it
+    www.syncloud.it
+    
+    Also any incorrectly set cookie sharing across all three is not safe as different users can run anything under *.[user].syncloud.it
+
+commit e2e4e03ff8cba26140f973a8b64a24891d1789b9
+Author: Jennifer Herting <jen@herting.cc>
+Date:   Thu Mar 28 13:38:33 2019 -0400
+
+    Add git-pages.rit.edu (#690)
+    
+    Proper handling of the namespace by browsers.
+    Prevention of cookie based attacks among others. Sites hosted under this namespace will be controlled by any number of students, staff, faculty, etc.
+
+commit a4ebab27463e90f80d3ab99220af90211299d7e1
+Author: Jake Riesterer <jRiest@users.noreply.github.com>
+Date:   Thu Mar 28 12:36:52 2019 -0500
+
+    Add workers.dev (#772)
+    
+    Cloudflare customers will given a subdomain of workers.dev to which they can deploy their serverless applications. Because subdomains are each controlled by different customers, they should be treated as separate domains for cookie purposes.
+
+commit f2f5143bc727d695f41195fe0300ff2133a79953
+Author: kyprizel <webregister@kyprizel.net>
+Date:   Thu Mar 28 20:34:53 2019 +0300
+
+    Update .AM (#756)
+    
+    Add AM NIC public suffixes for third level domains.
+
+commit 811931fbf3363385c5461569998729828b2f04ef
+Author: Sean O'Shaughnessy <seanosh@gmail.com>
+Date:   Thu Mar 28 13:31:17 2019 -0400
+
+    Add go-vip.net. (#793)
+    
+    We provide subdomains in go-vip.net to our users (e.g. demo-site1-com.go-vip.net), allowing them to upload custom WordPress plugins or themes so they can test their site before they are migrated to a self-hosted environment.
+    
+    As any subdomain can be operated by any user, we would like proper handling of the namespace by browsers (to ensure cookie isolation, highlighting the subdomain, SSL management). This will prevent super cookie violation on the main wpcomstaging.com and go-vip.net domain and isolate each subdomain from the others in the same namespace.
+
+commit 25e878d4f716992e9e9a22b2ea09076b8e8c5a48
+Author: Emil Stahl <emil@emilstahl.dk>
+Date:   Thu Mar 28 18:26:57 2019 +0100
+
+    Add site.builder.nu (#723)
+    
+    site.builder.nu is used for our site builder product. Each customer is assigned a subdomain on *.site.builder.nu -like [randomstring].site.builder.nu.
+    
+    Customer sites should not be able to share cookies and the URL should be displayed correctly in browsers, and for that reason site.builder.nu should be added to the list.
+
+commit 849ee0cc861054a48fdb9156b4c35276b6174468
+Author: t1st3 <contact@t1st3.com>
+Date:   Thu Mar 28 18:10:40 2019 +0100
+
+    Update .FR sectorial domains (#527)
+    
+    Fix outdated link for `.fr` sectorial domains
+    https://www.afnic.fr/fr/produits-et-services/le-fr/les-domaines-sectoriels-en-fr-11.html
+    
+    - Remove `assedic.fr` (No longer a sector-based registration, although subject to prior review)
+    - Remove `presse.fr` (not expressly reserved by the registry, although subject to prior review)
+    - Move `gouv.fr` into the Registrar-reserved section per the in-force naming policy
+    - Sort
+
 commit 0e2a405f597a3c1be456d704b42bdd5e0d4954bb
 Author: Simone Carletti <weppos@weppos.net>
 Date:   Thu Feb 21 10:23:55 2019 +0100
@@ -199,92 +298,3 @@ Date:   Tue Nov 6 13:25:08 2018 +0100
     under 'unicodedata.normalize'.
     
     See https://github.com/publicsuffix/list/issues/715#issuecomment-436214064
-
-commit 77ef9519165d6fae04da5e4d468c09db42c74e90
-Author: Tim Rühsen <tim.ruehsen@gmx.de>
-Date:   Mon Nov 5 21:12:19 2018 +0100
-
-    Convert list data from NFKD to NFKC (#720)
-    
-    Fixes #715
-    
-    As described in #715, decomposed characters break certain configurations of libpsl.
-    Decomposed characters will result in wrong punycodes if not composed before.
-
-commit a32731ba500c6b57c3efd9d6011b98037613a8c9
-Author: Guy Halse <ghalse@users.noreply.github.com>
-Date:   Thu Nov 1 19:54:50 2018 +0200
-
-    Update LS (#718)
-
-commit 7f2ae66b0cd6ca54769ce65bdc43fa725c4951e0
-Author: dkg <dkg@fifthhorseman.net>
-Date:   Tue Oct 30 06:07:30 2018 -0400
-
-    Add readthedocs.io (#722)
-    
-    $SUBDOMAIN.readthedocs.io is used to host documentation for projects
-    that use readthedocs.org to host their content.
-    
-    This inclusion in the PSL was discussed with the upstream readthedocs folks here:
-    
-    https://github.com/rtfd/readthedocs.org/issues/2233
-
-commit 0bff2ef25cdf729f6c3a993cc2f48fec31dca089
-Author: Tim Rühsen <tim.ruehsen@gmx.de>
-Date:   Sun Oct 28 20:38:50 2018 +0100
-
-    Remove trailing whitespace from L11948 (#721)
-
-commit c57186147b36019ff116135e3240a9da875dfb91
-Author: imalisz <ireneusz.maliszewski@lubman.pl>
-Date:   Sat Oct 27 14:25:44 2018 +0200
-
-    Add krasnik.pl, leczna.pl, lubartow.pl, lublin.pl, poniatowa.pl and swidnik.pl domains to the Public Suffix List (#670)
-    
-    LubMAN UMCS sp. z o.o. is a hosting provider that provides to our customers website services, DNS and SSL certificates with LetsEncrypt within following domains: krasnik.pl, leczna.pl, lubartow.pl, lublin.pl, poniatowa.pl and swidnik.pl.
-    All these are regional domains in which local companies register their individual private subdomains.
-    For cookie isolation, SSL management, Direct URL translation, and the inevitable developments in security, it would be great to get added to the public suffix list.
-
-commit fd4f2fd5cf11fe274f008c8a5ce24b8caead176a
-Author: Alexander Schulze <alexanderschulze@users.noreply.github.com>
-Date:   Sat Oct 27 14:22:24 2018 +0200
-
-    Add instantcloud.cn by Redstar Consultants (#696)
-    
-    Redstar Consultants provides various services to companies starting in or expanding their business to China. Domains within this suffix are used to provide clients our services of internally validating their business project on Chinese cloud hosting providers usually before being hosted on their own domain and/or being made publicly accessible.
-    
-    Being added to the public suffix list is required
-    - to properly handle namespaces by browser
-    - to prevent cookie based attacks across client pages
-    - to avoid letsencrypt limitations
-    - to aim for a clear separation between multiple client projects.
-
-commit 30d8d777cecbc52a90148788ea19de33220649fe
-Author: arnout <arnout@mind.be>
-Date:   Sat Oct 27 14:20:31 2018 +0200
-
-    Add Fermax and mydobiss.com domain (#706)
-    
-    Dobiss is a home automation system produced by Fermax. Individual users
-    can get cloud access to their home system through an automatically
-    registered <user>.mydobiss.com domain. User foo.mydobiss.com should not
-    share cookies or other data by bar.mydobiss.com.
-    
-    In principle a user should not get direct access to his own
-    <user>.mydobiss.com domain, but as a defense-in-depth measure it is
-    better not to propagate this trust.
-
-commit 2feb8d617a91d7398990911ad25968f6acb3ea1c
-Author: atsadawat <44362717+atsadawat@users.noreply.github.com>
-Date:   Sat Oct 27 19:17:57 2018 +0700
-
-    Add shop.th & online.th (#716)
-
-commit 886d13ac8d6e120e3cb0f1842e6d48409d8b29a0
-Author: Skylar Challand <skylar@oakmade.com>
-Date:   Sat Oct 27 07:37:28 2018 -0400
-
-    Add siteleaf.net (#655)
-    
-    Our users can create their own websites on subdomains (e.g. foo.siteleaf.net) and we would like to benefit from cookie isolation for security reasons.
diff --git publicsuffix-20190221.0923-1/public_suffix_list.dat publicsuffix-20190329.0756-1/public_suffix_list.dat
index efab0e6..e461d10 100644
--- publicsuffix-20190221.0923-1/public_suffix_list.dat
+++ publicsuffix-20190329.0756-1/public_suffix_list.dat
@@ -155,8 +155,13 @@ mil.al
 net.al
 org.al
 
-// am : https://en.wikipedia.org/wiki/.am
+// am : https://www.amnic.net/policy/en/Policy_EN.pdf
 am
+co.am
+com.am
+commune.am
+net.am
+org.am
 
 // ao : https://en.wikipedia.org/wiki/.ao
 // http://www.dns.ao/REGISTR.DOC
@@ -984,17 +989,16 @@ fm
 fo
 
 // fr : http://www.afnic.fr/
-// domaines descriptifs : http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-descriptifs
+// domaines descriptifs : https://www.afnic.fr/medias/documents/Cadre_legal/Afnic_Naming_Policy_12122016_VEN.pdf
 fr
-com.fr
 asso.fr
+com.fr
+gouv.fr
 nom.fr
 prd.fr
-presse.fr
 tm.fr
-// domaines sectoriels : http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-sectoriels
+// domaines sectoriels : https://www.afnic.fr/en/products-and-services/the-fr-tld/sector-based-fr-domains-4.html
 aeroport.fr
-assedic.fr
 avocat.fr
 avoues.fr
 cci.fr
@@ -1002,7 +1006,6 @@ chambagri.fr
 chirurgiens-dentistes.fr
 experts-comptables.fr
 geometre-expert.fr
-gouv.fr
 greta.fr
 huissier-justice.fr
 medecin.fr
@@ -10825,6 +10828,7 @@ myasustor.com
 // Automattic Inc. : https://automattic.com/
 // Submitted by Alex Concha <alex.concha@automattic.com>
 go-vip.co
+go-vip.net
 wpcomstaging.com
 
 // AVM : https://avm.de
@@ -10943,6 +10947,10 @@ certmgr.org
 // Submitted by Alex Stoddard <alex.stoddard@citrix.com>
 xenapponazure.com
 
+// Civilized Discourse Construction Kit, Inc. : https://www.discourse.org/
+// Submitted by Rishabh Nambiar <rishabh.nambiar@discourse.org>
+discourse.group
+
 // ClearVox : http://www.clearvox.nl/
 // Submitted by Leon Rowland <leon@clearvox.nl>
 virtueeldomein.nl
@@ -10969,6 +10977,10 @@ cloudaccess.net
 cloudcontrolled.com
 cloudcontrolapp.com
 
+// Cloudflare, Inc. : https://www.cloudflare.com/
+// Submitted by Jake Riesterer <publicsuffixlist@cloudflare.com>
+workers.dev
+
 // co.ca : http://registry.co.ca/
 co.ca
 
@@ -12405,6 +12417,11 @@ vaporcloud.io
 rackmaze.com
 rackmaze.net
 
+// Rancher Labs, Inc : https://rancher.com
+// Submitted by Vincent Fiduccia <domains@rancher.com>
+*.on-rancher.cloud
+*.on-rio.io
+
 // Read The Docs, Inc : https://www.readthedocs.org
 // Submitted by David Fischer <team@readthedocs.org>
 readthedocs.io
@@ -12428,6 +12445,10 @@ wellbeingzone.eu
 ptplus.fit
 wellbeingzone.co.uk
 
+// Rochester Institute of Technology : http://www.rit.edu/
+// Submitted by Jennifer Herting <jchits@rit.edu>
+git-pages.rit.edu
+
 // Sandstorm Development Group, Inc. : https://sandcats.io/
 // Submitted by Asheesh Laroia <asheesh@sandstorm.io>
 sandcats.io
@@ -12535,6 +12556,10 @@ temp-dns.com
 applicationcloud.io
 scapp.io
 
+// Syncloud : https://syncloud.org
+// Submitted by Boris Rybalkin <syncloud@syncloud.it>
+syncloud.it
+
 // Synology, Inc. : https://www.synology.com/
 // Submitted by Rony Weng <ronyweng@synology.com>
 diskstation.me
@@ -12732,6 +12757,10 @@ now.sh
 // Submitted by Martin Angelov <martin@zine.bg>
 bss.design
 
+// Zitcom A/S : https://www.zitcom.dk
+// Submitted by Emil Stahl <esp@zitcom.dk>
+site.builder.nu
+
 // Zone.id : https://zone.id/
 // Submitted by Su Hendro <admin@zone.id>
 zone.id

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: unblock: publicsuffix/20190329.0756-1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#926817: unblock: publicsuffix/20190329.0756-1
  - From: Ivo De Decker <ivodd@debian.org>
- Processed: Re: unblock: publicsuffix/20190329.0756-1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Re: unblock: publicsuffix/20190329.0756-1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#926817: marked as done (unblock: publicsuffix/20190415.1030-1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: publicsuffix/20190329.0756-1
Next by Date: Bug#925934: RM: golang-gopkg-data-dog-go-sqlmock.v1/1.3.0-1
Previous by thread: Processed: Re: unblock: [pre-approval] qutebrowser/1.6.1-1 or qutebrowser/1.6.0-2?
Next by thread: Processed: unblock: publicsuffix/20190329.0756-1
Index(es):
- Date
- Thread