On Fri 2023-03-03 21:01:58 +0100, Salvatore Bonaccorso wrote:
> DSA 5368-1 is released with your update. Thank you!
>
> On a related note: I saw the 4.10-1 upload, but wouldn't it have been
> better to make first 4.9-2 move to bookworm? Can you get in touch with
> the release team so that the fix
On Thu 2023-03-02 17:34:10 -0500, Daniel Kahn Gillmor wrote:
> yep, works for me, thanks. I'll do that later this evening or tomorrow
> morning.
This has been uploaded now, thanks for bearing with me.
--dkg
signature.asc
Description: PGP signature
On Thu 2023-03-02 19:51:17 +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Thu, Mar 02, 2023 at 08:54:04AM -0500, Daniel Kahn Gillmor wrote:
>> On Thu 2023-03-02 07:52:55 +0100, Salvatore Bonaccorso wrote:
>> >> I have rejected the current package so we can re-use the ve
On Wed 2023-01-25 17:05:53 +0100, Bastian Germann wrote:
> On Wed, 4 Nov 2020 17:04:48 -0700 Bobby de Vos wrote:
>> Package: wnpp
>> Version N/A; reported 2020-11-04
>> Severity: wishlist
>>
>> Greetings,
>>
>> My team at SIL-WSTech is about to released a font not in Debian,
>> Scheherazade New,
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: d...@fifthhorseman.net
* Package name: pysilfont
Version : 1.6.0
Upstream Contact: SIL International
* URL : https://github.com/silnrsi/pysilfont
* License : MIT
Programming Lang: Python
Description :
On Thu 2023-03-02 07:52:55 +0100, Salvatore Bonaccorso wrote:
>> I have rejected the current package so we can re-use the version later
>> one, when this is fixed.
>
> Cofnirmed it was renamed in v4.4 upstream. I have put a comment on
> upstream issue about backports to older versions.
Gah sorry
On Wed 2023-03-01 20:35:22 +0100, Salvatore Bonaccorso wrote:
> Looks good to me, please do upload.
uploaded, tagged in git, and pushed to salsa.
please let me know if you see anything else that needs doing.
--dkg
signature.asc
Description: PGP signature
y; urgency=high
+
+ * Fixes CVE-2023-23009 (Closes: #1031821)
+
+ -- Daniel Kahn Gillmor Wed, 01 Mar 2023 13:11:05 -0500
+
libreswan (4.3-1+deb11u1) bullseye-security; urgency=high
* Fixes CVE-2022-23094
diff --git libreswan-4.3/debian/patches/0004-Fix-CVE-2023-23009.patch libreswan-4.3/debi
On Thu 2023-02-23 15:03:21 +0100, Salvatore Bonaccorso wrote:
> Can you confirm on the following point: Is my understanding from the
> upstream issue discussion correct, that this requires an authenticated
> peer
I'm afraid i'm taking cagney's word for it there, i haven't followed the
C far
On Thu 2023-02-23 20:12:52 +0800, Shengjing Zhu wrote:
> https://elv.sh/ref/command.html#module-search-directories
> It now supports searching global modules in /usr/share/elvish/lib.
> However as the directory name shows, it's not meant for autocompletion
> scripts.
>
> After discussion with
Package: src:argparse-manpage
Version: 1.2.2
Severity: wishlist
Upstream has released version 4 of argparse-manpage. It would be great
to have this available in debian.
Note also that in upstream commit
eac5fcdd371708603b09c7270d8bfa0b19140ec0 (just after version 4) a
reproducibility fix was
On Sun 2021-10-24 10:51:55 +0200, Sylvestre Ledru wrote:
> Source: rust-sequoia-sqv
> Severity: important
>
> Dear Maintainer,
>
> This package currently FTBFS with:
>
> report:
> -
> package: sbuild-build-depends-main-dummy
> version: 0.invalid.0
> architecture: amd64
> status: broken
>
in unstable already.
I'll prepare an upload for bullseye if the security team is OK with
that. Please confirm!
Thanks,
--dkg
From: Daniel Kahn Gillmor
Date: Wed, 22 Feb 2023 14:57:02 -0500
Subject: Fix CVE-2023-23009
See https://github.com/libreswan/libreswan/issues/954
---
programs
I've now uploaded the patch below to debian's DELAYED/15 queue as nspr 4.35-1.1.
On Fri 2023-02-10 16:06:33 -0500, Daniel Kahn Gillmor wrote:
> Control: tags 854472 + patch
>
> On Thu 2017-02-02 12:02:59 +, Radovan Birdic wrote:
>>> In file included from /usr/include/n
Hi Enrico--
On Sun 2021-04-04 10:02:27 +0200, Enrico Zini wrote:
> The package contains a user-facing tool, and the package description
> contains mostly redundant technical details about how the package is
> generated.
>
> Could you please update the description so that it explains what the sq
>
On Fri 2021-01-29 12:47:53 +0800, Shengjing Zhu wrote:
> On Thu, Jan 28, 2021 at 05:35:20PM -0500, Daniel Kahn Gillmor wrote:
>> Package: src:elvish
>> Version: 0.15.0~rc3-1
>> Control: affects -1 src:rust-sequoia-sq src:rust-sequoia-sqv
>>
>> I'm packagin
On Sun 2023-02-19 19:45:58 +, Adam D. Barratt wrote:
> On Wed, 2023-01-11 at 11:07 -0500, Daniel Kahn Gillmor wrote:
>> Please consider an update to publicsuffix in debian bullseye.
>>
>> This package reflects the state of the network, and keeping it
>> c
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@fifthhorseman.net
Control: affects -1 src:publicsuffix
Please consider an update to publicsuffix in debian bullseye.
This package reflects the state of the
Package: yt-dlp
Version: 2023.01.06-1
Severity: minor
using yt-dlp to fetch a local copy of a youtube URL like so:
$ yt-dlp https://youtu.be/XXX
i see this warning:
-
[youtube] XXX: Downloading player 11e3a4ec
WARNING: [youtube] XXX: nsig extraction failed: You
5947
The attached patch was suggested by Giulio Benetti
, cc'ed here.
I've also made it as a merge request on salsa:
https://salsa.debian.org/mozilla-team/nspr/-/merge_requests/3
Please consider applying this so that libreswan can build on mipsel!
--dkg
From 4b5482f4e8ceb621367a49f7c937b3
On Thu 2023-01-26 21:50:30 +, Martin wrote:
> On 2023-01-12 10:06, Daniel Kahn Gillmor wrote:
>> There was also PyPDF2, which was active up until the end of 2022, but
>> its maintainer is now transitioning it to the python module name
>> "pypdf", which its
Package: src:pypdf2
Severity: wishlist
Control: affects -1 src:pypdf
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11
Control: reassign -2 bookletimposer
Control: reassign -3 kraft
Control: reassign -4 krop
Control: reassign -5 odoo-14
Control: reassign -6 orangeassassin
Control: reassign -7
Package: src:pycryptodome
Version: 3.11.0+dfsg1-4
Severity: wishlist
According to
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst,
version 3.16.0 of Cryptodome was released in November of 2022.
It would be good to have the new version in debian.
thanks for maintaining the
Package: lintian
Version: 2.116.0
Control: affects -1 + libreswan
Lintian, when reviewing libreswan 4.9-1, reports:
I: libreswan: bash-term-in-posix-shell 'function cool('
[usr/libexec/ipsec/_secretcensor:31]
But in fact the code in question is:
--
awk ' function cool(hot, q, cooled,
force
+PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously
+crafted PDF file is processed. (Thanks, Markus Koschany )
+Closes: #1009879
+
+ -- Daniel Kahn Gillmor Sun, 15 Jan 2023 16:22:04 -0500
+
pypdf2 (1.26.0-4) unstable; urgency=medium
* Remove Python 2 from
Hi László and debian security team--
I was looking into CVE-2022-24859 and pypdf2, and trying to figure out
whether the version in bullseye is still vulnerable, as it appears to be
according to the security tracker:
https://security-tracker.debian.org/tracker/CVE-2022-24859
It's not clear to
On Fri 2023-01-13 14:24:12 -0500, Daniel Kahn Gillmor wrote:
> Works for me. I'll change the repository description to remove the term
> "prospective" (it's currently "proposed packaging history for pypdf2 and
> its successor, pypdf")
This is now done, and i
hi László--
Sounds like we're roughly on the same page on this.
On Fri 2023-01-13 18:51:14 +0100, László Böszörményi (GCS) wrote:
> I'm not sure if we know each other, but I have the knowledge that you
> are a nice guy. Sure, I'm open to collaboration and Salsa is a good
> place to start.
On Thu 2023-01-12 13:18:24 -0500, Daniel Kahn Gillmor wrote:
> Debian should probably provide both PyPDF2 and pypdf for the next stable
> release, and then drop PyPDF2 afterward.
looks like PyPDF2 2.12.1 is the last version before a major
(backward-incompatible) change in 3.0.0. and PyPDF2
Package: src:pypdf2
Version: 2.11.2-1
the sample-files component of pypdf2 is provided in a distinct tarball,
sourced (afaict) from https://github.com/py-pdf/sample-files. that repo
has a LICENSE file that appears to be CC 4.0 BY-NC-ND (attribution
non-commercial no-derivatives). the NC and ND
Package: pgpainless-cli
Version: 1.3.15-2
If i upgrade pgpainless-cli to 1.3.15, it still reports 1.3.13, because
of older dependent packages:
```
0 dkg@alice:~$ dpkg -l *pgpainless*
Desired=Unknown/Install/Remove/Purge/Hold
|
Package: src:pypdf2
Version: 2.11.2-1
https://github.com/py-pdf/PyPDF2 now redirects to
https://github.com/py-pdf/pypdf. In that repository, it's clear that
PyPDF2 has been replaced by "pypdf", and version 3.0.0 is the end of the
line for PyPDF2.
Debian should probably provide both PyPDF2 and
On Mon 2022-08-29 15:07:35 +0200, Martin wrote:
> what is the state of affairs in respect to PyPDF4 (or PyPDF3)?
> I'm not sure, which one is "better" at the moment.
>
> Last commit PyPDF3: 2022-02-03 (of 484)
> Last commit PyPDF4: 2020-06-22 (of 585)
> Last release PyPDF3: 2022-02-03 (version
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@fifthhorseman.net
Control: affects -1 src:publicsuffix
Please consider an update to publicsuffix in debian bullseye.
This package reflects the state of the
Package: elpa-dpkg-dev-el
Version: 37.9
I'm using emacs 1:28.2+1-9 with the aforementioned elpa-dpkg-dev-el.
I see the following entries in my *Warnings* buffer when editing debian
packaging.
Warning (comp): debian-changelog-mode.el:495:13: Warning: Package cl is
deprecated Disable showing
Package: emacs-common
Version: 1:28.2+1-8
Upgrading emacs from 27.1 to 28.2 today on my debian testing system, i
ran into this problem with the upgrade:
Unpacking emacs-common (1:28.2+1-8) over (1:27.1+1-3.1) ...
dpkg: error processing archive
Re: 1025...@bugs.debian.org
I can add to the confirmations: With the following packages installed:
libegl-mesa0 libgbm1 libgl1-mesa-dri libglapi-mesa libglx-mesa0 -- all
at version 22.3.0-1 -- on an x86_64 qemu guest, using kvm
virtualization with both virtio-vga and qxl-vga, i get the same
Package: grub-pc
Version: 2.06-3~deb11u4
Thanks for pulling in fixes to image and font handling for grub in
2.06-3~deb11u4 -- that additional security is much appreciated.
On many machines, i've been running grub through a serial console for
years, which doesn't exercise any of the image or
Package: debcargo
Control: affects -1 + dh-cargo src:rust-document-features debhelper
as of dh-cargo 30, dh-cargo Provides: dh-sequence-cargo.
the next version of debcargo should explicitly make the generated
debian/control contain "Build-Depends: dh-sequence-cargo". If that's
done, then the
.org/rust-team/dh-cargo/-/merge_requests/8
the relevant changeset is included in the attachment below.
--dkg
From df414b1287e8faf8b46f596b7ee5def51fc98dbe Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor
Date: Wed, 23 Nov 2022 08:29:27 -0500
Subject: [PATCH] Avoid stripping Cargo.toml.
On Wed 2022-11-23 16:27:43 +0100, Andreas Metzler wrote:
> Unless kgpg maintainers/upstream has a strong opinion against using
> pkg-config the obvious choice would be to drop cmake/FindGpgme.cmake
> and simply use FindPkgConfig. - Attached patch seems to work for me,
> i.e. build including
On Wed 2022-11-23 13:20:51 +0100, Andreas Metzler wrote:
> On 2022-11-20 Andreas Metzler wrote:
>> https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gpgme-config-transition;users=pkg-gnupg-ma...@lists.alioth.debian.org
>> for progressing buglist.
> I have now run through all packages with b-d on
Hi Timo--
On Tue 2022-11-22 15:58:21 +0100, Timo Röhling wrote:
> I have built neomutt with your patch and can confirm that the GPGme
> integration works as expected.
Thanks for confirming! It'd be great to clear the decks for the gpgme
transition, so please let me know if you'd like me to NMU
s also on salsa at
https://salsa.debian.org/mutt-team/neomutt/-/merge_requests/8 if that's
useful.
Please let me know if you'd like me to NMU it.
--dkg
From a9d3c0fe8c8e678311ad7a4810df6db519abc798 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor
Date: Mon, 21 Nov 2022 19:10:20 -0500
Hi Niels--
Thanks for taking a look at this.
On Sat 2022-11-19 15:12:35 +0100, in #1023413, Niels Thykier wrote:
> On Thu, 03 Nov 2022 12:13:43 -0400 Daniel Kahn Gillmor
> wrote:
>> When packaging Rust crates, the rust-team typically packages from the
>> bundles published on
On Tue 2022-11-15 18:24:11 +0100, Andreas Metzler wrote:
> I had started trying to rebuild all packages build-depending on gpgme
> last weekend and out of the first 5 at least every other package failed
> or lost its gpgme linkage.
I believe you, but that's disappointing, because it suggests that
Control: affects 1023782 + src:pinentry
On Tue 2022-11-15 19:46:09 +0900, Olaf Meeuwissen wrote:
> Maybe pinentry-gui should be added as a pure virtual package? And in
> due course, pinentry-x11 removed? Anyway, that's not food for the
> webext-browserpass package.
yep, if someone has the
over on Bug #1023782 ("Add dependency on pinentry-x11") about
webext-browserpass,
Meeuwissen Olaf wrote:
> Please add a dependency on pinentry-x11. This is a pure virtual package that
> makes the user pick one. I think that is to be preferred over adding a list
> of
> alternatives directly
Control: severity 1023601 important
Control: reassign 1023601 src:libgpg-error 1.46-1
Control: affects 1023601 + src:gpgme1.0 src:rust-libgpg-error-sys
src:rust-libgpgme-sys
Thanks Vincent for identifying the confusing and misdirected
documentation upstream, and thanks Andreas for triaging this
Package: src:pgpainless
Version: 1.3.7-2
Severity: wishlist
Upstream just released pgpainless 1.3.11 today, with a lot of new tests
and many functional fixes. If we could get that update into debian, it
would be great!
--dkg
signature.asc
Description: PGP signature
Package: jinja2
Version: 3.0.3-2
Severity: wishlist
Control: affects -1 src:xml2rfc
it looks like jinja2 3.1.2 is available upstream. it'd be nice to have
that in debian, as it appears that the version of jinja2 might be
related to test failures in xml2rfc:
Package: dh-cargo
Version: 28
Control: affects -1 debhelper src:rust-document-features debcargo
When packaging Rust crates, the rust-team typically packages from the
bundles published on crates.io. Those are published with a modified
version of Cargo.toml, and the original upstream source for
On Wed 2022-10-26 18:17:11 +0200, Andreas Metzler wrote:
> On 2022-10-26 Andreas Metzler wrote:
> [...]
>> Which has been promptly fixed. Find attached debdiffs for a proposed
>> upload. - I can also massage this into a mergew-request or push
>> directly to https://salsa.debian.org/debian/gpgme
On Fri 2022-02-11 12:51:06 -0800, Felix Lechner wrote:
> I confirmed that Lintian's invocation produces that error for
> usr/lib/dxvk/wine64-development/d3d10.dll.a in dxvk, but how can we
> tell such archives apart from those that are legitimately broken?
This error is also mistakenly produced
Hi Andreas--
Thanks for this. I'm wrapping this up with a few other lintian fixes
and i should have a released version in unstable by later today or
tomorrow.
Thanks for helping out here!
--dkg
On Tue 2022-11-01 14:10:36 +0100, Andreas Metzler wrote:
> On 2022-10-23 Andreas Metzler
Control: retitle 630086 reportbug does not sign attachments, headers, or
pseudoheaders
Control: found 630086 11.5.1
On Fri 2011-06-10 10:16:12 -0700, Jameson Graef Rollins wrote:
> Package: reportbug
> Version: 5.1.1
> Severity: normal
>
> When using --gpg (or the "sign" config variable)
Control: reassign 1022783 librust-spin-dev 0.9.4-1
Control: affects 1022783 + librust-curl-dev
On Tue 2022-10-25 21:28:38 +0200, Jonas Smedegaard wrote:
> Package is impossible to install:
>
> # apt install librust-curl-dev
> Reading package lists... Done
> Building dependency tree... Done
>
Package: src:pam-u2f
Version: 1.1.0-1.1
Upstream has released version 1.2.1. There are also several pending
merge requests in salsa to update this package at least to 1.1.1, all
from the same user with the handle @adam_hax ("Adam Hacker"):
On Mon 2022-10-17 22:16:15 +0200, Salvatore Bonaccorso wrote:
> Thanks for the offer. Andreas did already handle the bullseye-security
> update (DSA was just released) and Markus will handle the LTS upload.
great, many thanks to Andreas and Markus for taking care of this, and to
you Salvatore for
On Thu 2022-09-15 18:57:59 -0400, Daniel Kahn Gillmor wrote:
> Control: affects 1010955 + src:gnupg2 src:pinentry
>
> On Sat 2022-05-14 07:55:36 +0200, Andreas Metzler wrote:
>> The latest gnutls tarballs have multiple signatures. I would like
>> to have uscan su
debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-gnutls-maint
diff -Nru libksba-1.5.0/debian/changelog libksba-1.5.0/debian/changelog
--- libksba-1.5.0/debian/changelog 2020-12-24 02:06:58.0 -0500
+++ libksba-1.5.0/debian/changelog 2022-10-17 14:15:08.0 -04
Control: forwarded 1014936 https://github.com/Kozea/WeasyPrint/issues/1741
On Wed 2022-10-12 16:57:29 -0400, Scott Kitterman wrote:
> On Thu, 14 Jul 2022 16:19:58 -0400 Daniel Kahn Gillmor
> wrote:
>> Hi there! I'm glad that there's a weasyprint(1) manpage, but the
>> cont
On Wed 2015-12-30 19:42:23 +0100, Raphaël Hertzog wrote:
> systemd-nspawn supports --template and/or --ephemeral (provided that you use
> btrfs)
> so that you can have throw-away chroots. It also supports various
> networking related options (--private-network notably) so that you can get
>
On Mon 2022-10-03 08:51:05 +, Debian Bug Tracking System wrote:
> linphone (5.0.37-6) unstable; urgency=medium
> .
>* Import upstream fix for crashes on PUBLISH messages without
> SIP-Etags (Closes: #1021043).
Dennis, thanks for this prompt fix!
To confirm: I've upgraded to
Hi Dennis--
Thank you very much for the prompt response!
On Sat 2022-10-01 09:15:39 +0200, Dennis Filder wrote:
> It would help a lot to know the exact time when those crashes started.
> Can you try narrowing it down, e.g. by looking at the ctime of
> files/directories you created in reaction to
Package: linphone-desktop
Version: 4.3.2-2
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: d...@fifthhorseman.net
I've used linphone for years. Recently (i think with the upgrade to
4.3.2-2) it no longer works for me, crashing with a range of errors.
Working with my
Control: affects 1010955 + src:gnupg2 src:pinentry
On Sat 2022-05-14 07:55:36 +0200, Andreas Metzler wrote:
> The latest gnutls tarballs have multiple signatures. I would like
> to have uscan succeed if at least one of signatories is listed in
> debian/upstream/signing-key.asc. Uscan currently
On Mon 2022-09-12 13:52:50 +, Clint Adams wrote:
> On Sun, Sep 11, 2022 at 01:02:33PM -0400, Daniel Kahn Gillmor wrote:
>> I think what it's trying to say is "hokey lint only works on OpenPGP
>> certificates, not secret keys". But this is a
Package: hopenpgp-tools
Version: 0.23.7-1
When i send an OpenPGP secret key to "hokey lint", i see this warning:
hokey: Codec/Encryption/OpenPGP/Serialize.hs:(986,1)-(1015,77): Non-exhaustive
patterns in function getSecretKey
I think what it's trying to say is "hokey lint only works on OpenPGP
On Wed 2022-08-24 20:02:41 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2022-08-24 at 13:45 -0400, Daniel Kahn Gillmor wrote:
>> Please consider an update to publicsuffix in debian buster.
>>
>> This package reflects the state of the network
On Wed 2022-08-24 20:04:00 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2022-08-24 at 11:44 -0400, Daniel Kahn Gillmor wrote:
>> Please consider an update to publicsuffix in debian bullseye.
>>
>> This package reflects the state
Package: src:rust-libsqlite3-sys
Version: 0.28.0-3
Control: forwarded -1 https://github.com/rusqlite/rusqlite/issues/1216
Control: affects -1 + src:rust-rusqlite
Several of the rusqlite features fail when supplied without including
the "modern_sqlite" feature, because they fall back to using
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@fifthhorseman.net
Control: affects -1 src:publicsuffix
Please consider an update to publicsuffix in debian buster.
This package reflects the state of the
On Fri 2022-08-05 20:36:24 +0100, Adam D. Barratt wrote:
> On Mon, 2021-11-29 at 20:45 +, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On Wed, 2021-11-10 at 16:31 -0500, Daniel Kahn Gillmor wrote:
>> > Please consider an update to
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@fifthhorseman.net
Control: affects -1 src:publicsuffix
Please consider an update to publicsuffix in debian bullseye.
This package reflects the state of the
Hi Carsten--
Thanks for this prompt and thoughtful response!
On Fri 2022-08-19 07:30:14 +0200, Carsten Schoenert wrote:
> there isn't only the mach Python script, there are a lot of various
> peaces that act together (I haven't looked into that rabbit hole yet).
> But yes, the script in
Package: thunderbird
Version: 1:102.1.2-1
Severity: wishlist
Control: affects -1 + libsequoia-octopus-librnp librnp0
In packaging libsequoia-octopus-librnp, i realize that i want to be able
to run some tests on it.
upstream, that project uses something like this to test whether it is
working as
Package: debcargo
Version: 2.5.0-3+b4
currently, if debian/foo.debcargo.hint exists, debcargo will leave
debian/foo alone, as long as what it wanted to put in debian/foo matches
debian/foo.debcargo.hint exactly.
However, in some circumstances a developer might want to entirely omit a
file
Package: wnpp
Severity: wishlist
Owner: Daniel Kahn Gillmor
X-Debbugs-Cc: debian-de...@lists.debian.org, d...@fifthhorseman.net
Control: affects -1 + thunderbird librnp0
* Package name: rust-sequoia-octopus-librnp
Version : 1.4.1
Upstream Author : Sequoia Project
* URL
Package: dh-cargo
Version: 28
Control: affects -1 + src:rust-sequoia-octopus-librnp
Control: clone -1 -2
Control: reassign -2 debcargo 2.5.0-3+b4
I'm trying to build a version of the Sequoia project's "octopus", which
creates a shared object (dynamic library) that can replace librnp.so.0
for all
Control: affects 1017577 + src:rust-libsqlite3-sys librust-libsqlite3-sys-dev
The old version of sqlcipher in debian means that building from the
packaged versions of the rust libsqlite3-dev crate with
"buildtime_bindgen" and "sqlcipher" features active will fail.
--dkg
Source: sqlcipher
Version: 3.4.1-2
Severity: normal
X-Debbugs-Cc: d...@fifthhorseman.net
sqlcipher upstream offers version 4.5.2. debian is pretty far out of
date. I ran into this when packaging and experimenting with the rust
bindings for sqlite3 (package: rust-rusqlite), which include
On Wed 2022-07-20 19:54:00 +0200, Martin Dosch wrote:
> Ok, I just pushed my current progress to salsa:
> https://salsa.debian.org/go-team/packages/gosop
Thanks for this work, Martin!
I've taken a look at it, and it looks reasonable to me. (i confess here
that i am basically entirely a novice
Version: 0.25.0-1
On Wed 2021-03-10 10:43:38 +0100, Andreas Beckmann wrote:
> the binary packages built from src:rust-libsqlite3-sys depend on several no
> longer available packages, e.g.
>
> The following packages have unmet dependencies:
>librust-libsqlite3-sys+bindgen-dev : Depends:
>
I
> don't see it and I don't see also in NEW queue (
> https://ftp-master.debian.org/new.html ).
>
> I suppose was not uploaded and Daniel Kahn Gillmor still waiting replies
> about the approch want to do related to postfix and ca-certificate, is
> right?
Thanks for the nudge! u
Version: 0.4.49-2
On Mon 2022-07-18 16:49:07 +0200, Fabian Grünbichler wrote:
> On July 18, 2022 4:22 pm, Daniel Kahn Gillmor wrote:
>> On Mon 2022-07-18 14:50:50 +0200, Fabian Grünbichler wrote:
>>> but, we also patch out the println[1]. seems like that fixed version
>
Package: debcargo
Version: 2.5.0-3+b3
Control: affects -1 src:rust-serde-json
when rust-serde-json moved from 1.0.80 to 1.0.81, Cargo.toml changed in
the following two ways:
commit 6c3dfe948a1d088198cfa82f777858502bdb39c2
Author: David Tolnay
Date: Tue May 3 12:18:24 2022 -0700
Package: weasyprint
Version: 54.1-3
Severity: wishlist
Version 56.0 of weasyprint is available upstream:
https://github.com/Kozea/WeasyPrint/tags
It would be nice to have this update in debian. Among other things, it
appears to support reproducible PDF generation when SOURCE_DATE_EPOCH is
Hi Martin--
On Thu 2022-07-14 20:11:23 +0200, Martin Dosch wrote:
> I had a look at gosop and it just builds fine, but has some lintian
> warnings:
>
> lintian -v --pedantic ../gosop_0.0\~git20220512.966ec01-1_amd64.changes
> W: gosop: hardening-no-pie [usr/bin/gosop]
> W: gosop:
Package: src:pypdf2
Version: 2.4.2-1
Control: reassign 1010821 pypdf2 2.4.2-1
pypdf2 just released version 2.6.0 upstream, with some fixes to upstream
bugs that cause breakage in the test suite for xml2rfc:
https://github.com/py-pdf/PyPDF2/pull/1118
Please update pypdf2 to 2.6.0 when you get
Hi Fabian--
On Mon 2022-07-18 14:50:50 +0200, Fabian Grünbichler wrote:
> note that the rerun line upstream refers to the vendored copy of the
> curl library which is contained as a git submodule (and directory, in
> the published .crate file) - to pick up any changes made to the
> submodule
--
[package]
name = "curl-cycles"
version = "0.0.1"
authors = [
"Daniel Kahn Gillmor ",
]
license = "MIT/Apache-2.0"
description = "Testing Curl Cycles."
edition = "2021"
[dependencies]
curl = "0.4.39"
--
an
Control: reassign 1010821 pypdf2/2.4.2-1
Control: forwarded 1010821 https://github.com/py-pdf/PyPDF2/issues/
Control: retitle 1010821 PyPDF2 fails to read a PDF file with a beginbfchar
entry with an empty second element
Control: affects 1010821 + src:xml2rfc src:weasyprint
On Tue 2022-05-10
Package: weasyprint
Version: 54.1-3
Severity: minor
Hi there! I'm glad that there's a weasyprint(1) manpage, but the
contents of the manual page contain way too much info.
The manpage in section 1 should make it clear how to use the command
line utility.
the current manpage contains:
-
Control: tags 959726 + patch
On Thu 2020-11-05 20:26:30 -0800, Dmitry Borodaenko wrote:
> If you can safely assume that /etc/ssh/sshd_config.d exists you can simply add
> it to the list of files scanned for HostKey.
>
> ---
> debian/openssh-server.postinst | 2 +-
> 1 file changed, 1
Package: debcargo
Version: 2.5.0-3+b3
Severity: wishlist
I'd like to be able to specify declaratively in debcargo.toml that a
specific feature of the crate i'm packaging should be ignored.
i currently do this on a few different crates, because there are
features that either aren't relevant for
Package: docbook-xml
Version: 4.5-12
Control: affects -1 src:libreswan xmlto
Control: clone -1 -2
Control: reassign docbook-xsl 1.79.2+dfsg-2
I have a debian/unstable system on amd64.
I installed a pile of software on it, including docbook-xml and
docbook-xsl. Part of the software installation
Package: gnupg
Version: 2.2.25-2
Control: tag -1 + security patch
Control: forward -1 https://dev.gnupg.org/T6027
Control: affects -1 libgpgme11
Control: found 2.2.27-2+deb11u1
over in https://www.openwall.com/lists/oss-security/2022/06/30/1 Demi
Marie Obenour reports a failed buffer overflow
Package: lintian
Version: 2.115.2
Severity: minior
Control: affects -1 src:gnupg2
lintian 2.115.2 complains (in --pedantic) in the following way about
these non-text files in the gnupg2 sources:
P: gnupg2 source: very-long-line-length-in-source-file 1008 > 512 [po/eo.gmo:7]
P: gnupg2 source:
Package: src:npth
Version: 1.6-3
Severity: minor
"npth-config --version" says:
1.6-version
This is because the build is a bit confused about what to put in that
part of the version string, because upstream's autogen.sh wants to
inspect the local git configuration to put information in the
101 - 200 of 4323 matches
Mail list logo