Bug#887549: libsvn-notify-perl depends on libemail-address-perl
On Tuesday 26 June 2018 19:44:27 gregor herrmann wrote: > On Tue, 26 Jun 2018 14:59:29 +0200, Pali Rohár wrote: > > > This problem was already fixed in upstream by pull requests: > > https://github.com/theory/svn-notify/pull/19 > > https://github.com/theory/svn-notify/pull/20 > > And if they had released it, we might have updated our package > already :) > > Anyway, when I apply the patch from PR 19, I get tons of > > Argument contains empty address at > /build/libsvn-notify-perl-2.86/blib/lib/SVN/Notify.pm line 1476. > > in the test suite (full build log attached. > This looks a bit fishy to me, to be honest. I have not tested that patch, just spotted that there are new pull requests in upstream project... Anyway, thanks for testing, seems that this problem is now solved in upstream repository. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
On Tue, 26 Jun 2018 14:59:29 +0200, Pali Rohár wrote: > This problem was already fixed in upstream by pull requests: > https://github.com/theory/svn-notify/pull/19 > https://github.com/theory/svn-notify/pull/20 And if they had released it, we might have updated our package already :) Anyway, when I apply the patch from PR 19, I get tons of Argument contains empty address at /build/libsvn-notify-perl-2.86/blib/lib/SVN/Notify.pm line 1476. in the test suite (full build log attached. This looks a bit fishy to me, to be honest. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- NP: Dire Straits: The Man's Too Strong dpkg-source: info: applying autopkgtests.patch dpkg-source: info: applying 0001-Change-from-Email-Address-which-is-marked-as-depreca.patch dh clean dh_clean dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: building libsvn-notify-perl using existing ./libsvn-notify-perl_2.86.orig.tar.gz dpkg-source: info: building libsvn-notify-perl in libsvn-notify-perl_2.86-2.debian.tar.xz dpkg-source: info: building libsvn-notify-perl in libsvn-notify-perl_2.86-2.dsc [0mI: Generated dsc will be overwritten by build result; not generating changes file[0m dpkg-source: info: unapplying 0001-Change-from-Email-Address-which-is-marked-as-depreca.patch dpkg-source: info: unapplying autopkgtests.patch ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored. ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored. [0mI: Copying COW directory[0m [0mI: forking: rm -rf /var/cache/pbuilder/build/cow.24997[0m [0mI: forking: cp -al /var/cache/pbuilder/base.cow /var/cache/pbuilder/build/cow.24997[0m [0mI: removed stale ilistfile /var/cache/pbuilder/build/cow.24997/.ilist[0m [0mI: forking: chroot /var/cache/pbuilder/build/cow.24997 cowdancer-ilistcreate /.ilist 'find . -xdev -path ./home -prune -o \( \( -type l -o -type f \) -a -links +1 -print0 \) | xargs -0 stat --format '%d %i ''[0m [0mI: Invoking pbuilder[0m [0mI: forking: pbuilder build --debbuildopts --debbuildopts --buildplace /var/cache/pbuilder/build/cow.24997 --buildresult /home/gregoa/src/git-pkg-perl/meta/packages/build-area --mirror http://ftp.ch.debian.org/debian --distribution sid --extrapackages ' eatmydata' --no-targz --internal-chrootexec 'chroot /var/cache/pbuilder/build/cow.24997 cow-shell' /home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.dsc[0m [0mI: Running in no-targz mode[0m [1;33mW: pbuilder: network will not be disabled during build![0m [0mI: Current time: Tue Jun 26 19:37:39 CEST 2018[0m [0mI: pbuilder-time-stamp: 1530034659[0m [0mI: copying local configuration[0m [1;33mW: --override-config is not set; not updating apt.conf Read the manpage for details.[0m [0mI: mounting /proc filesystem[0m [0mI: mounting /sys filesystem[0m [0mI: creating /{dev,run}/shm[0m [0mI: mounting /dev/pts filesystem[0m [0mI: redirecting /dev/ptmx to /dev/pts/ptmx[0m [0mI: Mounting /var/cache/pbuilder/ccache[0m [0mI: policy-rc.d already exists[0m [0mI: Obtaining the cached apt archive contents[0m [0mI: Setting up ccache[0m [0mI: Copying source file[0m [0mI: copying [/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.dsc][0m [0mI: copying [/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86.orig.tar.gz][0m [0mI: copying [/home/gregoa/src/git-pkg-perl/meta/packages/build-area/libsvn-notify-perl_2.86-2.debian.tar.xz][0m [0mI: Extracting source[0m dpkg-source: warning: extracting unsigned source package (libsvn-notify-perl_2.86-2.dsc) dpkg-source: info: extracting libsvn-notify-perl in libsvn-notify-perl-2.86 dpkg-source: info: unpacking libsvn-notify-perl_2.86.orig.tar.gz dpkg-source: info: unpacking libsvn-notify-perl_2.86-2.debian.tar.xz dpkg-source: info: applying autopkgtests.patch dpkg-source: info: applying 0001-Change-from-Email-Address-which-is-marked-as-depreca.patch [0mI: using fakeroot in build.[0m [0mI: Installing the build-deps[0m [0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D10-man-db starting[0m I: Preseed man-db/auto-update to false [0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D10-man-db finished[0m [0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D70build-area starting[0m I: Set APT=yes to run apt-get update. [0mI: user script /var/cache/pbuilder/build/cow.24997/tmp/hooks/D70build-area finished[0m -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture:
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
This problem was already fixed in upstream by pull requests: https://github.com/theory/svn-notify/pull/19 https://github.com/theory/svn-notify/pull/20 -- Pali Rohár pali.ro...@gmail.com
Bug#887549: libsvn-notify-perl depends on libemail-address-perl
Package: libsvn-notify-perl Version: 2.86-1 Severity: wishlist Hi! Package libsvn-notify-perl depends on libemail-address-perl which is vulnerable to CVE-2015-7686, see bug #868170. libemail-address-perl provides perl module Email::Address which is now unmaintained. There is a new perl module Email::Address::XS which is API compatible replacement for Email::Address and is available in libemail-address-xs-perl. Please port libsvn-notify-perl package to use libemail-address-xs-perl. If you need help with porting let me know. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature