Bug#887549: libsvn-notify-perl depends on libemail-address-perl
On Tuesday 26 June 2018 19:44:27 gregor herrmann wrote: > On Tue, 26 Jun 2018 14:59:29 +0200, Pali Rohár wrote: > > > This problem was already fixed in upstream by pull requests: > > https://github.com/theory/svn-notify/pull/19 > > https://github.com/theory/svn-notify/pull/20 > > And if they had released it, we might have updated our package > already :) > > Anyway, when I apply the patch from PR 19, I get tons of > > Argument contains empty address at > /build/libsvn-notify-perl-2.86/blib/lib/SVN/Notify.pm line 1476. > > in the test suite (full build log attached. > This looks a bit fishy to me, to be honest. I have not tested that patch, just spotted that there are new pull requests in upstream project... Anyway, thanks for testing, seems that this problem is now solved in upstream repository. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
On Tue, 26 Jun 2018 14:59:29 +0200, Pali Rohár wrote:
> This problem was already fixed in upstream by pull requests:
> https://github.com/theory/svn-notify/pull/19
> https://github.com/theory/svn-notify/pull/20
And if they had released it, we might have updated our package
already :)
Anyway, when I apply the patch from PR 19, I get tons of
Argument contains empty address at
/build/libsvn-notify-perl-2.86/blib/lib/SVN/Notify.pm line 1476.
in the test suite (full build log attached.
This looks a bit fishy to me, to be honest.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Dire Straits: The Man's Too Strong
dpkg-source: info: applying autopkgtests.patch
dpkg-source: info: applying
0001-Change-from-Email-Address-which-is-marked-as-depreca.patch
dh clean
dh_clean
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building libsvn-notify-perl using existing
./libsvn-notify-perl_2.86.orig.tar.gz
dpkg-source: info: building libsvn-notify-perl in
libsvn-notify-perl_2.86-2.debian.tar.xz
dpkg-source: info: building libsvn-notify-perl in libsvn-notify-perl_2.86-2.dsc
[0mI: Generated dsc will be overwritten by build result; not generating
changes file[0m
dpkg-source: info: unapplying
0001-Change-from-Email-Address-which-is-marked-as-depreca.patch
dpkg-source: info: unapplying autopkgtests.patch
ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded
(cannot open shared object file): ignored.
ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded
(cannot open shared object file): ignored.
[0mI: Copying COW directory[0m
[0mI: forking: rm -rf /var/cache/pbuilder/build/cow.24997[0m
[0mI: forking: cp -al /var/cache/pbuilder/base.cow
/var/cache/pbuilder/build/cow.24997[0m
[0mI: removed stale ilistfile /var/cache/pbuilder/build/cow.24997/.ilist[0m
[0mI: forking: chroot /var/cache/pbuilder/build/cow.24997
cowdancer-ilistcreate /.ilist 'find . -xdev -path ./home -prune -o \( \( -type
l -o -type f \) -a -links +1 -print0 \) | xargs -0 stat --format '%d %i ''[0m
[0mI: Invoking pbuilder[0m
[0mI: forking: pbuilder build --debbuildopts --debbuildopts --buildplace
/var/cache/pbuilder/build/cow.24997 --buildresult
/home/gregoa/src/git-pkg-perl/meta/packages/build-area --mirror
http://ftp.ch.debian.org/debian --distribution sid --extrapackages ' eatmydata'
--no-targz --internal-chrootexec 'chroot /var/cache/pbuilder/build/cow.24997
cow-shell'
/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.dsc[0m
[0mI: Running in no-targz mode[0m
[1;33mW: pbuilder: network will not be disabled during build![0m
[0mI: Current time: Tue Jun 26 19:37:39 CEST 2018[0m
[0mI: pbuilder-time-stamp: 1530034659[0m
[0mI: copying local configuration[0m
[1;33mW: --override-config is not set; not updating apt.conf Read the manpage
for details.[0m
[0mI: mounting /proc filesystem[0m
[0mI: mounting /sys filesystem[0m
[0mI: creating /{dev,run}/shm[0m
[0mI: mounting /dev/pts filesystem[0m
[0mI: redirecting /dev/ptmx to /dev/pts/ptmx[0m
[0mI: Mounting /var/cache/pbuilder/ccache[0m
[0mI: policy-rc.d already exists[0m
[0mI: Obtaining the cached apt archive contents[0m
[0mI: Setting up ccache[0m
[0mI: Copying source file[0m
[0mI: copying
[/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.dsc][0m
[0mI: copying
[/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86.orig.tar.gz][0m
[0mI: copying
[/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.debian.tar.xz][0m
[0mI: Extracting source[0m
dpkg-source: warning: extracting unsigned source package
(libsvn-notify-perl_2.86-2.dsc)
dpkg-source: info: extracting libsvn-notify-perl in libsvn-notify-perl-2.86
dpkg-source: info: unpacking libsvn-notify-perl_2.86.orig.tar.gz
dpkg-source: info: unpacking libsvn-notify-perl_2.86-2.debian.tar.xz
dpkg-source: info: applying autopkgtests.patch
dpkg-source: info: applying
0001-Change-from-Email-Address-which-is-marked-as-depreca.patch
[0mI: using fakeroot in build.[0m
[0mI: Installing the build-deps[0m
[0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D10-man-db
starting[0m
I: Preseed man-db/auto-update to false
[0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D10-man-db
finished[0m
[0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D70build-area
starting[0m
I: Set APT=yes to run apt-get update.
[0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D70build-area
finished[0m
-> Attempting to satisfy build-dependencies
-> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture:
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
This problem was already fixed in upstream by pull requests: https://github.com/theory/svn-notify/pull/19 https://github.com/theory/svn-notify/pull/20 -- Pali Rohár pali.ro...@gmail.com
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
Package: libsvn-notify-perl Version: 2.86-1 Severity: wishlist Hi! Package libsvn-notify-perl depends on libemail-address-perl which is vulnerable to CVE-2015-7686, see bug #868170. libemail-address-perl provides perl module Email::Address which is now unmaintained. There is a new perl module Email::Address::XS which is API compatible replacement for Email::Address and is available in libemail-address-xs-perl. Please port libsvn-notify-perl package to use libemail-address-xs-perl. If you need help with porting let me know. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature
