Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: libmath-tamuanova-perl

libmath-tamuanova-perl (1.0.2-2ubuntu8) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:33:05 +0000 libmath-tamuanova-perl (1.0.2-2ubuntu7) disco; urgency=medium * No-change rebuild for the perl 5.28 transition. -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:11:59 -0600 libmath-tamuanova-perl (1.0.2-2ubuntu6) artful; urgency=medium * No-change rebuild for perl 5.26.0. -- Matthias Klose <doko@ubuntu.com> Wed, 26 Jul 2017 20:07:45 +0000 libmath-tamuanova-perl (1.0.2-2ubuntu5) zesty; urgency=medium * No-change rebuild for perl 5.24 transition -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:24:01 +0100 libmath-tamuanova-perl (1.0.2-2ubuntu4) xenial; urgency=medium * Rebuild for Perl 5.22.1. -- Colin Watson <cjwatson@ubuntu.com> Thu, 17 Dec 2015 15:50:25 +0000 libmath-tamuanova-perl (1.0.2-2ubuntu3) utopic; urgency=medium * Rebuild for Perl 5.20.0. -- Colin Watson <cjwatson@ubuntu.com> Wed, 20 Aug 2014 12:33:26 +0100 libmath-tamuanova-perl (1.0.2-2ubuntu2) trusty; urgency=low * Rebuild for Perl 5.18. -- Colin Watson <cjwatson@ubuntu.com> Mon, 21 Oct 2013 10:23:18 +0100 libmath-tamuanova-perl (1.0.2-2ubuntu1) raring; urgency=low * Merge from Debian unstable. (LP: #1077296) Remaining changes: - Build with -Wl,--no-as-needed because libgsl is underlinked. -- Vibhav Pant <vibhavp@gmail.com> Sat, 10 Nov 2012 10:24:41 +0530

Modifications :
  1. Download patch debian/rules

    --- 1.0.2-2/debian/rules 2012-08-08 13:26:21.000000000 +0000 +++ 1.0.2-2ubuntu8/debian/rules 2012-11-12 09:22:09.000000000 +0000 @@ -1,6 +1,7 @@ #!/usr/bin/make -f # -*- mode: makefile; coding: utf-8 -*- +export LDFLAGS += -Wl,--no-as-needed %: dh $@
  2. Download patch debian/control

    --- 1.0.2-2/debian/control 2012-08-08 13:26:21.000000000 +0000 +++ 1.0.2-2ubuntu8/debian/control 2012-11-12 09:22:09.000000000 +0000 @@ -6,7 +6,8 @@ Build-Depends: debhelper (>= 9.20120312) libtamuanova-dev, libtest-deep-perl, perl -Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Uploaders: Vincent Danjean <vdanjean@debian.org>, Nathan Handler <nhandler@ubuntu.com> Standards-Version: 3.9.3

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: mercurial

mercurial (4.8.2-1ubuntu4) eoan; urgency=medium * SECURITY UPDATE: Write to arbitrary files outside a repository by using symlinks in subrepositories - debian/patches/CVE-2019-3902-1.patch: subrepo: extend path auditing test to include more weird patterns (SEC) - debian/patches/CVE-2019-3902-2.patch: subrepo: prohibit variable expansion on creation of hg subrepo (SEC) - debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe subrepo paths (BC) (SEC) - CVE-2019-3902 -- Mike Salvatore <mike.salvatore@canonical.com> Tue, 30 Jul 2019 15:42:49 -0400 mercurial (4.8.2-1ubuntu3) disco; urgency=medium * Drop test dependency on monotone (Closes: #919924) -- Graham Inggs <ginggs@ubuntu.com> Tue, 05 Mar 2019 06:33:36 +0000 mercurial (4.8.2-1ubuntu2) disco; urgency=medium * Use --jobs 4 in autopkgtest to speed it up * Fix Breaks to mercurial-git (<< 0.8.12-1~) as intended in the previous upload. Thanks to Graham Inggs. -- Balint Reczey <rbalint@ubuntu.com> Wed, 16 Jan 2019 15:42:22 +0700 mercurial (4.8.2-1ubuntu1) disco; urgency=medium * Blacklist tests failing on Ubuntu LXC autopkgtest runners * Bump versioned Breaks on mercurial-git (<< 0.8.12-1~) -- Graham Inggs <ginggs@ubuntu.com> Fri, 11 Jan 2019 16:51:02 +0000

Modifications :
  1. Download patch debian/patches/CVE-2019-3902-1.patch
  2. Download patch debian/tests/control

    --- 4.8.2-1/debian/tests/control 2019-01-08 11:09:47.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/tests/control 2019-03-05 06:33:32.000000000 +0000 @@ -1,3 +1,3 @@ Tests: testsuite -Depends: @, zip, unzip, netbase, python-subversion, monotone, cvs, bzr, tla, gcc, python2.7-dev, less +Depends: @, zip, unzip, netbase, python-subversion, cvs, bzr, tla, gcc, python2.7-dev, less Restrictions: allow-stderr
  3. Download patch debian/patches/CVE-2019-3902-2.patch
  4. Download patch debian/patches/CVE-2019-3902-3.patch

    --- 4.8.2-1/debian/patches/CVE-2019-3902-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/patches/CVE-2019-3902-3.patch 2019-07-30 19:42:49.000000000 +0000 @@ -0,0 +1,90 @@ +# HG changeset patch +# User Yuya Nishihara <yuya@tcha.org> +# Date 1546953576 -32400 +# Tue Jan 08 22:19:36 2019 +0900 +# Branch stable +# Node ID 83377b4b4ae0e9a6b8e579f7b0a693b8cf5c3b10 +# Parent 6c10eba6b9cddab020de49fd4fabcb2cadcd85d0 +subrepo: reject potentially unsafe subrepo paths (BC) (SEC) + +In addition to the previous patch, this prohibits '~', '$nonexistent', etc. +for any subrepo types. I think this is safer, and real-world subrepos wouldn't +use such (local) paths. + +diff -r 6c10eba6b9cd -r 83377b4b4ae0 mercurial/subrepo.py +--- a/mercurial/subrepo.py Tue Jan 08 22:07:45 2019 +0900 ++++ b/mercurial/subrepo.py Tue Jan 08 22:19:36 2019 +0900 +@@ -115,6 +115,10 @@ + vfs.unlink(vfs.reljoin(dirname, f)) + + def _auditsubrepopath(repo, path): ++ # sanity check for potentially unsafe paths such as '~' and '$FOO' ++ if path.startswith('~') or '$' in path or util.expandpath(path) != path: ++ raise error.Abort(_('subrepo path contains illegal component: %s') ++ % path) + # auditor doesn't check if the path itself is a symlink + pathutil.pathauditor(repo.root)(path) + if repo.wvfs.islink(path): +diff -r 6c10eba6b9cd -r 83377b4b4ae0 tests/test-audit-subrepo.t +--- a/tests/test-audit-subrepo.t Tue Jan 08 22:07:45 2019 +0900 ++++ b/tests/test-audit-subrepo.t Tue Jan 08 22:19:36 2019 +0900 +@@ -279,8 +279,9 @@ + on clone (and update) with various substitutions: + + $ hg clone -q main main2 ++ abort: subrepo path contains illegal component: $SUB ++ [255] + $ ls main2 +- $SUB + + $ SUB=sub1 hg clone -q main main3 + abort: subrepo path contains illegal component: $SUB +@@ -363,8 +364,9 @@ + Test tilde + ---------- + +-The leading tilde may be expanded to $HOME, but it's a valid subrepo path. +-However, we might want to prohibit it as it seems potentially unsafe. ++The leading tilde may be expanded to $HOME, but it can be a valid subrepo ++path in theory. However, we want to prohibit it as there might be unsafe ++handling of such paths. + + on commit: + +@@ -373,15 +375,32 @@ + $ hg init './~' + $ echo '~ = ~' >> .hgsub + $ hg ci -qAm 'add subrepo "~"' +- $ ls +- ~ ++ abort: subrepo path contains illegal component: ~ ++ [255] ++ ++prepare tampered repo (including the commit above): ++ ++ $ hg import --bypass -qm 'add subrepo "~"' - <<'EOF' ++ > diff --git a/.hgsub b/.hgsub ++ > new file mode 100644 ++ > --- /dev/null ++ > +++ b/.hgsub ++ > @@ -0,0 +1,1 @@ ++ > +~ = ~ ++ > diff --git a/.hgsubstate b/.hgsubstate ++ > new file mode 100644 ++ > --- /dev/null ++ > +++ b/.hgsubstate ++ > @@ -0,0 +1,1 @@ ++ > +0000000000000000000000000000000000000000 ~ ++ > EOF + $ cd .. + + on clone (and update): + + $ hg clone -q tilde tilde2 +- $ ls tilde2 +- ~ ++ abort: subrepo path contains illegal component: ~ ++ [255] + + Test direct symlink traversal + -----------------------------
  5. Download patch debian/control

    --- 4.8.2-1/debian/control 2019-01-08 11:09:47.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/control 2019-01-16 08:42:22.000000000 +0000 @@ -1,7 +1,8 @@ Source: mercurial Section: vcs Priority: optional -Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Uploaders: Vincent Danjean <vdanjean@debian.org>, Javi Merino <vicho@debian.org>, @@ -53,7 +54,7 @@ Breaks: hgsubversion (<< 1.8.7+1517-b3e41b0d50a2-1), hgview-common (<< 1.8.1), mercurial-crecord (<= 0.20140626-1), - mercurial-git (<= 0.8.3-1), + mercurial-git (<< 0.8.12-1~), qct (<< 1.7-2~), Description: easy-to-use, scalable distributed version control system Mercurial is a fast, lightweight Source Control Management system designed
  6. Download patch debian/mercurial.autopkgtest_blacklist

    --- 4.8.2-1/debian/mercurial.autopkgtest_blacklist 1970-01-01 00:00:00.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/mercurial.autopkgtest_blacklist 2019-01-11 16:51:02.000000000 +0000 @@ -0,0 +1,35 @@ +# test-clonebundles.t fails in the reproducible-builds setup due to no +# name resolution: +# --- /build/mercurial-3.7.2/tests/test-clonebundles.t +# +++ /build/mercurial-3.7.2/tests/test-clonebundles.t.err +# @@ -52,7 +52,7 @@ +# $ echo 'http://does.not.exist/bundle.hg' > server/.hg/clonebundles.manifest +# $ hg clone http://localhost:$HGPORT 404-url +# applying clone bundle from http://does.not.exist/bundle.hg +# - error fetching bundle: (.* not known|getaddrinfo failed) (re) +# + error fetching bundle: Temporary failure in name resolution +# abort: error applying bundle +# (if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false") +# [255] +# +# ERROR: test-clonebundles.t output changed +test-clonebundles.t + +# upstream don't run this test and it only fails when pyflakes is installed +test-check-pyflakes.t + +# This test tries to test combinations of configurations involving TLS 1.0/1.1, +# but these are disabled by default in unstable now, so none of the test +# scenarios are possible to correctly construct. +test-https.t + +# These tests are flaky, still need to investigate why: +test-commandserver.t +test-largefiles.t +test-wireproto-exchangev2.t + +# The following lines are appended to a copy of debian/mercurial.test_blacklist + +# These tests fail on Ubuntu LXC autopkgtest runners +test-merge-tools.t +test-http-bad-server.t
  7. Download patch debian/tests/testsuite

    --- 4.8.2-1/debian/tests/testsuite 2019-01-08 11:09:47.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/tests/testsuite 2019-01-16 08:42:08.000000000 +0000 @@ -2,4 +2,4 @@ set -ex -exec make tests TESTFLAGS="--verbose --timeout 1440 --with-hg=/usr/bin/hg --blacklist=$(pwd)/debian/mercurial.test_blacklist" +exec make tests TESTFLAGS="--verbose --timeout 1440 --jobs 4 --with-hg=/usr/bin/hg --blacklist=$(pwd)/debian/mercurial.autopkgtest_blacklist"
  8. Download patch debian/patches/series

    --- 4.8.2-1/debian/patches/series 2019-01-08 11:17:29.000000000 +0000 +++ 4.8.2-1ubuntu4/debian/patches/series 2019-07-30 19:42:49.000000000 +0000 @@ -5,3 +5,6 @@ proposed_upstream__correct-zeroconf-doc deb_specific__disable_libdir_replacement.patch for_upstream__dont_rm_usr_bin_python_when_running_testsuite.patch deb_specific__fix_fhs_paths.patch +CVE-2019-3902-1.patch +CVE-2019-3902-2.patch +CVE-2019-3902-3.patch

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: ocl-icd

ocl-icd (2.2.11-1ubuntu1) zesty; urgency=medium * control: Drop libpoclu-dev to Suggests. -- Timo Aaltonen <tjaalton@debian.org> Wed, 05 Apr 2017 12:07:37 +0300

Modifications :
  1. Download patch debian/control

    --- 2.2.11-1/debian/control 2017-01-20 06:01:03.000000000 +0000 +++ 2.2.11-1ubuntu1/debian/control 2017-04-05 09:06:49.000000000 +0000 @@ -55,7 +55,7 @@ Depends: ${shlibs:Depends}, opencl-c-headers | opencl-headers, ocl-icd-libopencl1 (= ${binary:Version}) Recommends: libgl1-mesa-dev | libgl-dev, - libpoclu-dev +Suggests: libpoclu-dev Pre-Depends: ${misc:Pre-Depends} Breaks: ocl-icd-libopencl1 (<< 2.1.3-5~), nvidia-libopencl1 (<< 305~),
  1. libmath-tamuanova-perl
  2. mercurial
  3. ocl-icd