Bug#915333: git-annex: Illegal Instruction on armel (Fujitsu Q700 like QNAP TS-21x/TS-22x)
On Sun, Apr 07, 2019 at 02:01:33PM +0200, Darshaka Pathirana wrote: > Hey, > > On Mon, 11 Mar 2019 12:05:55 +0200 Adrian Bunk wrote: > > On Thu, Jan 31, 2019 at 08:12:17PM +0100, Bernhard Übelacker wrote: > > > Hello Everyone, > > > I own a qnap ts-119pII with a similar cpu. > > > > > > See attached file with several debugging attempts. > > I took some time and wanted to reproduce and test this issue. >... What are you planning to do after reproducing it? Bernhard did debug it back in January, and I described what line the problem is. > Regards from the Debian BSP201904, Salzburg, > - Darsha cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused
> You're welcome :-) Does clearing the SSL_MODE_AUTO_RETRY context flag > (i.e., reverting the default from OpenSSL <1.1.1) solves this for you > too? If so, what do you think about my proposed paths forwards from Simply clearing SSL_MODE_AUTO_RETRY will cause problems with blocking connections in TLS 1.3. I've tried to work around the behavior change by clearing SSL_MODE_AUTO_RETRY for non-blocking and setting it again when doing blocking connections. Please check if https://github.com/noxxi/p5-io-socket-ssl/commit/09bc6a3203bc7bc89078317da42a3e96cdbf94fc fixes the problems you see. Regards, Steffen Ullrich, Maintainer IO::Socket::SSL.
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi Hugo, On Mon, Apr 08, 2019 at 10:20:29PM +0200, Hugo Lefeuvre wrote: > Hi Salvatore, > > > CVE-2016-10745 was assigned for this issue. > > Thanks for the information. > > I just noticed you added CVE-2016-10745 to the tracker. I am fairly > confused, do you know why this CVE was not referenced in the tracker? > Or did you just request it? It was not referenced, because there was not CVE yet. I was irritated that for the later issue apparently a CVE Was assigned, but not for the original first issue, so I requested a CVE for it. It would have showed up on next CVE list update, bug given I got the confirmation from MITRE on the assignment I then already added it to the tracker. So in short, yes I did rquest the CVE and was assigned yesterday. Regards, Salvatore
Processed: Re: [pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Processing control commands: > reassign -1 grub2-common Bug #926689 [cryptsetup] cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing Bug reassigned from package 'cryptsetup' to 'grub2-common'. No longer marked as found in versions cryptsetup/2:2.1.0-2. Ignoring request to alter fixed versions of bug #926689 to the same values previously set > merge-1 924151 Bug #926689 [grub2-common] cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing Bug #926689 [grub2-common] cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing Marked as found in versions grub2/2.02+dfsg1-11. Added tag(s) help. Bug #924151 [grub2-common] grub2-common: wrong grub.cfg for efi boot and fully encrypted disk Merged 924151 926689 -- 924151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924151 926689: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926689 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926689: [pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Control: reassign -1 grub2-common Control: merge-1 924151 Hi, On Mon, 08 Apr 2019 at 20:19:47 -0400, Gabriel Filion wrote: > Package: cryptsetup > Version: 2:2.1.0-2 > […] > I found out that some configuration lines are missing in all options that get > generated inside grub.cfg. > > Here's a diff between the grub configuration that was generated while in > rescue > mode (in a chroot inside the device that gets used for / ) vs. generated while > the system is running: > > -8<8<8<--- > $ diff -burN ~/grub.cfg /boot/grub/grub.cfg > --- /home/gabster/grub.cfg2019-04-08 19:20:24.000726392 -0400 > +++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400 /boot/grub/grub.cfg is not generated by src:cryptsetup. Reassigning accordingly, and merging with #924151. Cheers, -- Guilhem. signature.asc Description: PGP signature
Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Package: cryptsetup Version: 2:2.1.0-2 Severity: grave Justification: renders package unusable Hello, I've rebooted my computer this morning and the password prompt to unlock the crypto device would not appear before grub would search for the lvm device inside. This means that the system was not booting and I was getting dropped in the grub rescue prompt. The only way that I could bring the system back was by using the "Rescue mode" with the debian stretch installer. I have all files, including /boot, in one partition, and I use grub to unlock the crypto in order for it to find kernel and boot options. If this seems like a case that wouldn't affect most users, please don't hesitate to demote the severity. I found out that some configuration lines are missing in all options that get generated inside grub.cfg. Here's a diff between the grub configuration that was generated while in rescue mode (in a chroot inside the device that gets used for / ) vs. generated while the system is running: -8<8<8<--- $ diff -burN ~/grub.cfg /boot/grub/grub.cfg --- /home/gabster/grub.cfg 2019-04-08 19:20:24.000726392 -0400 +++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400 @@ -58,15 +58,8 @@ if [ x$feature_default_font_path = xy ] ; then font=unicode else -insmod part_msdos -insmod cryptodisk -insmod luks -insmod gcry_rijndael -insmod gcry_rijndael -insmod gcry_sha256 insmod lvm insmod ext2 -cryptomount -u f100e85eb832489a9e97f1a9661a0c45 set root='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' f8c6cb03-667e-46fc-b531-eb30a2558d74 @@ -81,7 +74,7 @@ load_video insmod gfxterm set locale_dir=$prefix/locale - set lang=C + set lang=en_CA insmod gettext fi terminal_output gfxterm ->8>8>8--- (I've abbreviated the diff since all the rest is just repetition of missing "insmod" and "cryptomount" lines for all options. for some reason those lines are not added when running the system after decrypting the disk properly, but they are present when the grub.conf file is generated in the chroot in rescue mode. since the same versions of software are used in both cases, I can only presume that something is different in the mounts currently available, or some other kernel setting that might differ.. Heres a listing of mounts (which are mostly things that come from the kernel -- you can also see the debian stretch usb key that saved me :P ) -8<8<8<--- $ mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=8053524k,nr_inodes=2013381,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=1614472k,mode=755) /dev/mapper/host-root on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=25,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12208) debugfs on /sys/kernel/debug type debugfs (rw,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
Processed: reassign 926687 to src:linux, severity of 926687 is important
Processing commands for cont...@bugs.debian.org: > reassign 926687 src:linux 4.19.28-2 Bug #926687 [linux] Debian does not start up after upgrade to linux image 4.19.0-4-amd64 Bug reassigned from package 'linux' to 'src:linux'. No longer marked as found in versions linux-image-4.19.0-4-amd64. Ignoring request to alter fixed versions of bug #926687 to the same values previously set Bug #926687 [src:linux] Debian does not start up after upgrade to linux image 4.19.0-4-amd64 Marked as found in versions linux/4.19.28-2. > severity 926687 important Bug #926687 [src:linux] Debian does not start up after upgrade to linux image 4.19.0-4-amd64 Severity set to 'important' from 'critical' > thanks Stopping processing here. Please contact me if you need assistance. -- 926687: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926687 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926103: Freeze-exception for pcsc-cyberjack 3.99.5final.sp09-2
Hi Release Team,
Frank and I would like to see RC bug #926103 fixed in Debian 10. Please approve
the attached debdiff, so that I can upload the fixed package to unstable.
Thank you for your consideration.
Best,
Reinhard
diff -Nru pcsc-cyberjack-3.99.5final.sp09/debian/changelog
pcsc-cyberjack-3.99.5final.sp09/debian/changelog
--- pcsc-cyberjack-3.99.5final.sp09/debian/changelog2017-05-29
14:33:13.0 -0400
+++ pcsc-cyberjack-3.99.5final.sp09/debian/changelog2019-04-08
17:58:31.0 -0400
@@ -1,3 +1,11 @@
+pcsc-cyberjack (3.99.5final.sp09-2) unstable; urgency=medium
+
+ * Acknoledge NMU.
+ * Bug fix: "driver breaks with pcsc-lite versions >= 1.8.21", thanks
+to Peter Wienemann (Closes: #926103).
+
+ -- Reinhard Tartler Mon, 08 Apr 2019 17:58:31 -0400
+
pcsc-cyberjack (3.99.5final.sp09-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru pcsc-cyberjack-3.99.5final.sp09/debian/patches/series
pcsc-cyberjack-3.99.5final.sp09/debian/patches/series
--- pcsc-cyberjack-3.99.5final.sp09/debian/patches/series 2017-05-29
14:33:11.0 -0400
+++ pcsc-cyberjack-3.99.5final.sp09/debian/patches/series 2019-04-08
17:58:31.0 -0400
@@ -1 +1,2 @@
enable_pinpad_ecom.patch
+work-with-newer-pcsc-lite.patch
diff -Nru
pcsc-cyberjack-3.99.5final.sp09/debian/patches/work-with-newer-pcsc-lite.patch
pcsc-cyberjack-3.99.5final.sp09/debian/patches/work-with-newer-pcsc-lite.patch
---
pcsc-cyberjack-3.99.5final.sp09/debian/patches/work-with-newer-pcsc-lite.patch
1969-12-31 19:00:00.0 -0500
+++
pcsc-cyberjack-3.99.5final.sp09/debian/patches/work-with-newer-pcsc-lite.patch
2019-04-08 17:58:31.0 -0400
@@ -0,0 +1,58 @@
+commit 8ab61acfa0a8efc3c65098d4c621d761b7e05da1
+Author: Frank Neuber
+Date: Fri Apr 27 11:09:24 2018 +0200
+
+correct the large buffer problem with newer versions of pcscd
+
+--- a/cjeca32/EC30Reader.cpp
b/cjeca32/EC30Reader.cpp
+@@ -162,21 +162,23 @@ CJ_RESULT CEC30Reader::CtApplicationData
+ {
+int Res;
+ uint32_t Len;
+- uint16_t wLenRsp=0;
+- uint16_t wLenErr=0;
++ uint32_t wLenRsp=0;
++ uint32_t wLenErr=0;
+ if(ResponseLen!=0)
+- wLenRsp=(uint16_t)*ResponseLen;
++ wLenRsp=*ResponseLen;
+ if(ApplicationErrorLength!=NULL)
+- wLenErr=(uint16_t)*ApplicationErrorLength;
+- if(m_nApplicationResponseLength<(uint32_t)wLenRsp+wLenErr+4)
++ wLenErr=*ApplicationErrorLength;
++ Len=4+wLenRsp+wLenErr;
++ if(m_nApplicationResponseLength0xFFFB) // overflow or bigger than 0x - 4
++ return CJ_ERR_WRONG_PARAMETER;
+
+
if((Res=Escape(ApplicationID,Function,InputData,InputLen,Result,m_pApplicationResponse,,Slot)))
+ {
+@@ -186,10 +188,14 @@ CJ_RESULT CEC30Reader::CtApplicationData
+ *ApplicationErrorLength=0;
+ return Res;
+ }
+- memcpy(,m_pApplicationResponse,sizeof(wLenRsp));
+- wLenRsp=ReaderToHostShort(wLenRsp);
+- memcpy(,m_pApplicationResponse+2,sizeof(wLenErr));
+- wLenErr=ReaderToHostShort(wLenErr);
++
++ uint16_t wLenRsp16 = 0;
++ uint16_t wLenErr16 = 0;
++ memcpy(,m_pApplicationResponse,sizeof(wLenRsp16));
++ wLenRsp=ReaderToHostShort(wLenRsp16);
++ memcpy(,m_pApplicationResponse+2,sizeof(wLenErr16));
++ wLenErr=ReaderToHostShort(wLenErr16);
++
+ if(ApplicationErrorLength)
+ {
+ if(wLenErr>*ApplicationErrorLength)
Bug#926103: marked as done (libifd-cyberjack6: driver breaks with pcsc-lite versions >= 1.8.21)
Your message dated Mon, 08 Apr 2019 22:04:44 + with message-id and subject line Bug#926103: fixed in pcsc-cyberjack 3.99.5final.sp13+dfsg-1 has caused the Debian Bug report #926103, regarding libifd-cyberjack6: driver breaks with pcsc-lite versions >= 1.8.21 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926103 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libifd-cyberjack6 Version: 3.99.5final.sp09-1.1 Severity: grave Justification: renders package unusable Dear Maintainer, trying to change the PIN of an eID card using a ReinerSCT cyberJack RFID komfort device, I get the following error: Mar 31 14:31:54 hostname pcscd[21065]: 00400142 ifdwrapper.c:364:IFDStatusICC() Card not transacted: 612 Mar 31 14:31:54 hostname pcscd[21065]: 0035 eventhandler.c:336:EHStatusHandlerThread() Error communicating to: REINER SCT cyberJack RFID komfort The underlying cause seems to be the issue described on https://github.com/LudovicRousseau/PCSC/issues/22 and (in German) https://forum.reiner-sct.com/index.php?/topic/3728-failed_to_transmit_control_command_to_the_terminal Both references point to a patch for this problem. Peter -- System Information: Debian Release: buster/sid Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 Versions of packages libifd-cyberjack6 depends on: ii libc6 2.28-8 ii libgcc1 1:8.3.0-2 ii libstdc++68.3.0-2 ii libusb-1.0-0 2:1.0.22-2 ii pcscd 1.8.24-1 libifd-cyberjack6 recommends no packages. Versions of packages libifd-cyberjack6 suggests: pn pcsc-tools --- End Message --- --- Begin Message --- Source: pcsc-cyberjack Source-Version: 3.99.5final.sp13+dfsg-1 We believe that the bug you reported is fixed in the latest version of pcsc-cyberjack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated pcsc-cyberjack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2019 17:39:58 -0400 Source: pcsc-cyberjack Architecture: source Version: 3.99.5final.sp13+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Frank Neuber Changed-By: Reinhard Tartler Closes: 850625 923588 926103 Changes: pcsc-cyberjack (3.99.5final.sp13+dfsg-1) experimental; urgency=medium . * New upstream release (Closes: #923588) - Bug fix: "driver breaks with pcsc-lite versions >= 1.8.21" (Closes: #926103) * No longer install cyberjack.8 manpage (Closes: #850625) Checksums-Sha1: 819bd613c7dfe93f3bcc964a895a761bde7a6005 2273 pcsc-cyberjack_3.99.5final.sp13+dfsg-1.dsc 4876e6b1d2e9af43d6d58bc6b6a4230a8250f37c 1032256 pcsc-cyberjack_3.99.5final.sp13+dfsg.orig.tar.xz 8391e5843d89ec9a809aeb883ac2f9e989194500 4408 pcsc-cyberjack_3.99.5final.sp13+dfsg-1.debian.tar.xz Checksums-Sha256: f87bf7a666deb02a4264e59e3aee8c28bc82f32687b078da0c9699fc77cfbf63 2273 pcsc-cyberjack_3.99.5final.sp13+dfsg-1.dsc 8a249d7785e0682d69fafa38186e897fca328f05ed8178e13e98f22d4a994085 1032256 pcsc-cyberjack_3.99.5final.sp13+dfsg.orig.tar.xz 3f56860e163642b79621a9b625470b56c8c502654535673315c6736ad1d592fd 4408 pcsc-cyberjack_3.99.5final.sp13+dfsg-1.debian.tar.xz Files: 666a7ca44d16f0e4c9eb945c2dfb0db8 2273 misc optional pcsc-cyberjack_3.99.5final.sp13+dfsg-1.dsc f152a8475e3ab8814ba967078569f1e0 1032256 misc optional pcsc-cyberjack_3.99.5final.sp13+dfsg.orig.tar.xz 4f21145f414278ee0b71291166c0dbe6 4408 misc optional pcsc-cyberjack_3.99.5final.sp13+dfsg-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAlyrwe0UHHNpcmV0YXJ0 QHRhdXdhcmUuZGUACgkQSadpd5QoJssaPRAAz0g2ltMYiHSk5SQX0EKOmwqOwyvk cwBJ5oSfVPa7k9STW68Mzm4V82B6dDRRCez1r8ozJID85/5kx4TFpVlf4Dv1eZzy M+V44yNB0rC0Mei+O/hCje9Lr/SS0icoWruhMkBTD/ygNE91ko3GoHM9mfmEyaWj xcFTXopYJHJgaG7CzWDEZT8tNCmUVVEuO4U+qoCwZ6Y1iJG27oYhwlVPkep+Fxzd RmkmURzFcbTW4DPruIgNsCbvYv2tUsBby3Tx/m3bh6rczS/ExKFvQ/hJQKSo/Mu5 EtFd5TyYJbZoOF/LCmTPPVq/VzKnKtpR9zxp/Gmt21W+fg+KruDa69ZmAA35DUsi
Processed: severity of 926603 is important
Processing commands for cont...@bugs.debian.org: > severity 926603 important Bug #926603 [systemd] Debian fails to start after installation into Virtualbox Severity set to 'important' from 'critical' > thanks Stopping processing here. Please contact me if you need assistance. -- 926603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926603 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926541: src:lexicon: Build-Depends on python-softlayer which will be removed
On Mon, 8 Apr 2019 16:50:31 +0100 ana wrote: > Thanks for the update on this. It would be a shame to drop the package > entirely from Debian. Have had a look at the packaging on salsa and I'm > happy to take over. I would need DM permissions on it to make uploads. Hi Ana! Happy to sponsor you for uploading on it if you'll take it over. Ping me on the original removal bug when you have the upload prepared that names you as a maintainer and closes the O. -Harlan
Bug#899128: kdepim: Limit CVE-2017-17689 (EFAIL) even more for kmail
Control: reassign -1 src:kdepim Hi Ivo, On Mon, Apr 08, 2019 at 11:36:10AM +0200, Ivo De Decker wrote: > Hi, > > On Sat, May 19, 2018 at 07:18:06PM +0200, Sandro Knauß wrote: > > I now created a debdiff for kdepim. The patch depdends on the new symbol > > that > > was added in new messageviewer (see #899127). > > Does this bug still affect buster/sid? From the bug log and the tracker for > CVE-2017-17689, it look like kmail in buster/sid is not affected, but it would > be good if someone could confirm that. I think the tracking problem was hiere that #899128 is associated with src:meta-kde, but it should be src:kdepim (#899128) and respectively kf5-messagelib was #899127. The issue was fixed in the kf5-messagelib in version 4:18.08.1-1. In stretch src:kdepim was a source package, whilst in buster kdepim is a binary package produced by kde-meta, but the issue lies there in src:kf5-messagelib. Regards, Salvatore
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi Salvatore, > CVE-2016-10745 was assigned for this issue. Thanks for the information. I just noticed you added CVE-2016-10745 to the tracker. I am fairly confused, do you know why this CVE was not referenced in the tracker? Or did you just request it? cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Processed: Re: kdepim: Limit CVE-2017-17689 (EFAIL) even more for kmail
Processing control commands: > reassign -1 src:kdepim Bug #899128 [kdepim] Limit CVE-2017-17689 (EFAIL) for kmail Bug reassigned from package 'kdepim' to 'src:kdepim'. Ignoring request to alter found versions of bug #899128 to the same values previously set Ignoring request to alter fixed versions of bug #899128 to the same values previously set -- 899128: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899128 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#917807: marked as done (libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549)
Your message dated Mon, 08 Apr 2019 20:48:51 + with message-id and subject line Bug#917807: fixed in libcaca 0.99.beta19-2.1 has caused the Debian Bug report #917807, regarding libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libcaca Version: 0.99.beta19-2 Severity: important Tags: security upstream fixed-upstream Hi, The following vulnerabilities were published for libcaca. CVE-2018-20544[0]: | There is floating point exception at caca/dither.c (function | caca_dither_bitmap) in libcaca 0.99.beta19. CVE-2018-20545[1]: | There is an illegal WRITE memory access at common-image.c (function | load_image) in libcaca 0.99.beta19 for 4bpp data. CVE-2018-20546[2]: | There is an illegal READ memory access at caca/dither.c (function | get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. CVE-2018-20547[3]: | There is an illegal READ memory access at caca/dither.c (function | get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. CVE-2018-20548[4]: | There is an illegal WRITE memory access at common-image.c (function | load_image) in libcaca 0.99.beta19 for 1bpp data. CVE-2018-20549[5]: | There is an illegal WRITE memory access at caca/file.c (function | caca_file_read) in libcaca 0.99.beta19. Note: obviously I realize given you are both upstream am Debian maintainer you have already fixed this upstream with the reports submitted and two of those issues are actually unimportant as the Debian build does not use the fallback. Reporting these issues still in the BTS for tracking purpose. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20544 [1] https://security-tracker.debian.org/tracker/CVE-2018-20545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545 [2] https://security-tracker.debian.org/tracker/CVE-2018-20546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546 [3] https://security-tracker.debian.org/tracker/CVE-2018-20547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547 [4] https://security-tracker.debian.org/tracker/CVE-2018-20548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20548 [5] https://security-tracker.debian.org/tracker/CVE-2018-20549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20549 Regards, Salvatore --- End Message --- --- Begin Message --- Source: libcaca Source-Version: 0.99.beta19-2.1 We believe that the bug you reported is fixed in the latest version of libcaca, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost (supplier of updated libcaca package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2019 22:18:41 +0200 Source: libcaca Architecture: source Version: 0.99.beta19-2.1 Distribution: unstable Urgency: medium Maintainer: Sam Hocevar Changed-By: Tobias Frost Closes: 917807 Changes: libcaca (0.99.beta19-2.1) unstable; urgency=medium . * Non-maintainer upload. * Cherry-Pick fixes from upstream git repository: - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and CVE-2018-20549 (Closes: #917807) Checksums-Sha1: 2e1614dd299b7b7c39425e48b2d31c63ca9f7754 2224 libcaca_0.99.beta19-2.1.dsc 2d1ec4d5c49f78ed4348484c5c32c9dc8c10dc3a 12624 libcaca_0.99.beta19-2.1.debian.tar.xz 25dd46f63e4c858645423de74a5c337694e82e6a 8416 libcaca_0.99.beta19-2.1_source.buildinfo Checksums-Sha256: 952f7ad2716b6c227597298ffc7d37b0ce199e18b58a5a810019473299e72b99 2224 libcaca_0.99.beta19-2.1.dsc 7e2e265972d56c9aeb46686378a25543c6a3d2810cc1649102884dbe9aaf947a 12624 libcaca_0.99.beta19-2.1.debian.tar.xz
Bug#924848: telegram-cli: FTBFS: build-dependency not installable: libwolfssl-dev
Hi Tobias, Thanks for tackling this. I'm a bit busy last week due to Linaro connect. And yes as you described, telegram-cli seems still needs the header of SSL to be compiled. I use wolfssl completely due to the license issue. I've also tried to backport the patch for wolfssl but it seems to me that it is not a trivial one. We might need to bump the version of wolfssl. But since we are in freeze, so bumping the version seems not good. So maybe we need to remove telegram-cli from testing. I mean exclude telegram-cli in buster release. And include it back in buster+1. Yours, Paul On Sat, Apr 6, 2019 at 3:42 AM Tobias Frost wrote: > On Wed, 3 Apr 2019 22:16:23 +0500 Andrey Rahmatullin > wrote: > > libwolfssl was removed from testing due to #918952. > > The shared lib was removed but this package was not, because it > doesn't > > depend on the lib. Maybe the B-D can be safely removed. > > Checked, will FTBFS when done… > It will likely build with openssl (not tried), but the source code is > GPL2.0 without an OpenSSL license exception... > I asked upstream to add such an exception in > https://github.com/vysheng/tg/issues/1591 > > > > -- > > WBR, wRAR >
Bug#926646: libdmtx: Incomplete debian/copyright?
Control: found 926646 0.7.5-2 On Mon, 08 Apr 2019 at 08:43:57 -0400, Chris Lamb wrote: > I just ACCEPTed libdmtx from NEW but the FTP team had noticed that the > copyright stanza for debian/ is labelled GPL-2+ but its content is > GPL-2. This is not a regression in my NMU (which didn't touch d/copyright) so I'm marking it as a bug that already existed in the version in testing. I am not a (significant) copyright holder on the packaging, so I can't fix this by NMUing. Roberto: if my changes to the libdmtx packaging are significant enough to be protected by copyright, you are welcome to treat them as GPL-2+, GPL-2, BSD-3-clause and/or BSD-2-clause, whichever is most convenient for you. smcv
Processed: Re: Bug#926646: libdmtx: Incomplete debian/copyright?
Processing control commands: > found 926646 0.7.5-2 Bug #926646 [src:libdmtx] libdmtx: Incomplete debian/copyright? Marked as found in versions libdmtx/0.7.5-2. -- 926646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926646 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926389: (no subject)
Any progress on fixing this in Jessie?
Bug#926584: marked as done (caffe-contrib: needs new upload for leveldb transition)
Your message dated Mon, 8 Apr 2019 22:07:04 +0200 with message-id <20190408200702.wynemt75hgpc6...@debian.org> and subject line Re: caffe-contrib: needs new upload for leveldb transition has caused the Debian Bug report #926584, regarding caffe-contrib: needs new upload for leveldb transition to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: caffe-contrib severity: serious version: 1.0.0+git20180821.99bd997-2 Hi, There is an ongoing transition of leveldb to fix #83. caffe-contrib needs an upload for this transition (it is not buildable on the buildd). Thanks, Ivo --- End Message --- --- Begin Message --- On Sun, Apr 07, 2019 at 01:41:59PM +0200, Ivo De Decker wrote: > There is an ongoing transition of leveldb to fix #83. caffe-contrib needs > an upload for this transition (it is not buildable on the buildd). Seems this was already done. Closing. Ivo--- End Message ---
Processed: buster
Processing commands for cont...@bugs.debian.org: > tags 926613 buster Bug #926613 [release-notes] openssh-server: Locked out of server after upgrading to buster. Bug #926653 [release-notes] openssh-server: Locked out of server after upgrading to buster. Added tag(s) buster. Added tag(s) buster. > severity 926613 normal Bug #926613 [release-notes] openssh-server: Locked out of server after upgrading to buster. Bug #926653 [release-notes] openssh-server: Locked out of server after upgrading to buster. Severity set to 'normal' from 'serious' Severity set to 'normal' from 'serious' > retitle 926613 openssh-server needs check and update of configuration Bug #926613 [release-notes] openssh-server: Locked out of server after upgrading to buster. Bug #926653 [release-notes] openssh-server: Locked out of server after upgrading to buster. Changed Bug title to 'openssh-server needs check and update of configuration' from 'openssh-server: Locked out of server after upgrading to buster.'. Changed Bug title to 'openssh-server needs check and update of configuration' from 'openssh-server: Locked out of server after upgrading to buster.'. > thanks Stopping processing here. Please contact me if you need assistance. -- 926613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926613 926653: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926653 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 926670
Processing commands for cont...@bugs.debian.org: > tags 926670 + upstream fixed-upstream Bug #926670 [src:node-xterm] CVE-2019-0542 Added tag(s) fixed-upstream and upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 926670: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926670 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926670: CVE-2019-0542
Source: node-xterm Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0542 Cheers, Moritz
Bug#925411: kernel-package: Not suitable for release
Hi, I'm another happy user of make-kpkg. ;-) I've just tested the "make bindeb- pkg" method. I see two drawback: - (minor) I didn't find the way to do the same thing as the "--revision" option. - I see a big advantage of using make-kpkg with dkms. I can keep the kernel sources in a directory (that I update with the incremental patches) and I don't have to install the generated header for dkms to find them as it can use the source directory. My 2 cents, Yannick -- Formatted to fit your screen.
Processed: tagging 924891
Processing commands for cont...@bugs.debian.org: > # bug is in stretch kernel, not in buster/sid > tags 924891 = stretch Bug #924891 [src:glibc] glibc: misc/tst-pkey fails due to cleared PKRU register after signal in amd64 32-bit compat mode Added tag(s) stretch; removed tag(s) sid and buster. > thanks Stopping processing here. Please contact me if you need assistance. -- 924891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924891 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926626: marked as done (libfm-qt6: Cannot copy dirs over smb)
Your message dated Mon, 08 Apr 2019 17:34:45 + with message-id and subject line Bug#926626: fixed in libfm-qt 0.14.1-4 has caused the Debian Bug report #926626, regarding libfm-qt6: Cannot copy dirs over smb to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926626: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926626 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libfm-qt6 Version: 0.14.1-3 Severity: grave Justification: renders package unusable Hi there, Note, first bug report so please advise on improvements. Recursive copying, (specifically directories) over a samba share does not work as expected, it fails with "operation not supported". I've attached a screenshot, which you can view here: imgur.com/5drZIUB - Mark -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libfm-qt6 depends on: ii libc6 2.28-8 ii libexif12 0.6.21-5.1 ii libglib2.0-0 2.58.3-1 ii libglib2.0-bin2.58.3-1 ii libmenu-cache31.1.1~2-g583c190-1 ii libqt5core5a [qtbase-abi-5-11-3] 5.11.3+dfsg1-1 ii libqt5gui55.11.3+dfsg1-1 ii libqt5widgets55.11.3+dfsg1-1 ii libqt5x11extras5 5.11.3-2 ii libstdc++68.3.0-4 ii libxcb1 1.13.1-2 ii shared-mime-info 1.10-1 Versions of packages libfm-qt6 recommends: ii libfm-qt-l10n 0.14.1-3 libfm-qt6 suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: libfm-qt Source-Version: 0.14.1-4 We believe that the bug you reported is fixed in the latest version of libfm-qt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alf Gaida (supplier of updated libfm-qt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2019 19:03:43 +0200 Source: libfm-qt Architecture: source Version: 0.14.1-4 Distribution: unstable Urgency: medium Maintainer: LXQt Packaging Team Changed-By: Alf Gaida Closes: 926626 Changes: libfm-qt (0.14.1-4) unstable; urgency=medium . * Fix recursive copy to smb shares (and possible other remote filesystems) (Closes: #926626) Checksums-Sha1: 5a65ac9d7d99b542db2330aa636ec93bd4cf0929 2243 libfm-qt_0.14.1-4.dsc 5021902a9943bbe1ace0c90b179447fcc038123c 21500 libfm-qt_0.14.1-4.debian.tar.xz 7d5704802498a7999ec9fc46f9ae0f0a71b6ab73 12341 libfm-qt_0.14.1-4_source.buildinfo Checksums-Sha256: 2d3475a39dea71ba993ca60ca98881858590d7f6c617668180276bcf09466a94 2243 libfm-qt_0.14.1-4.dsc fb5c438874643ab386817cdc0f4419b494644db182f8e748d0ad8145e3f1c9a7 21500 libfm-qt_0.14.1-4.debian.tar.xz d8d9c2b3acf0b913ef5eed62f3f53c2e13b327d54434831ed2d0863ea37a082a 12341 libfm-qt_0.14.1-4_source.buildinfo Files: c33221ea4981da8b1e2be2aed03b10b2 2243 x11 optional libfm-qt_0.14.1-4.dsc ca4ed31d937fc83f3ff7ea3fab32a773 21500 x11 optional libfm-qt_0.14.1-4.debian.tar.xz 2b5edfae931cb2af7b02e0e3bf7bd044 12341 x11 optional libfm-qt_0.14.1-4_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEvb/GiO+tuolan0ZLzSgKC01ygnwFAlyrf1EACgkQzSgKC01y gnwOWAgAlHFPrfUKBDmWxrNAjr7qHPnqWTEfF/qVvTIbdB4PnBrenEBbdbUdlyme 2GeZmhJTBaqWRjc4x6tRpl1v1KWpEVcEaeUBdDLKAp3E71QVeZJ8U2pqDq62k8d0 ULjq6C5jI1y6ddxY4SejYte334JSRMM3j7A8M666DOht1PWDTEM7W9ZukyjTW4ii PhMMB7DcY1Qz5QTECKoNUlPpCHihC/2K4ryDoltxt71qZ396LsYSFirkco1C499F +vQ2wJCIDmIFWn/qT5eoq2adYxOq2d+otvSOYRTbJBeti/gE/ieLQXGotcfmZtoY KIy3dmUFr15XkW7zfXdJ2iU56wP+Tw== =yN6g -END PGP SIGNATURE End Message ---
Processed: tagging 919296
Processing commands for cont...@bugs.debian.org: > tags 919296 + buster-ignore Bug #919296 [git-daemon-run] git-daemon-run: fails with 'warning: git-daemon: unable to open supervise/ok: file does not exist' Added tag(s) buster-ignore. > thanks Stopping processing here. Please contact me if you need assistance. -- 919296: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919296 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 864472, severity of 864472 is serious
Processing commands for cont...@bugs.debian.org: > tags 864472 + stretch buster sid Bug #864472 [zeroc-ice-manual] zeroc-ice-manual: outdated version Added tag(s) buster, sid, and stretch. > severity 864472 serious Bug #864472 [zeroc-ice-manual] zeroc-ice-manual: outdated version Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 864472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#854743: marked as done (golang-github-mailru-easyjson: FTBFS (32-bit): constant 4294967295 overflows int)
Your message dated Mon, 08 Apr 2019 16:35:31 + with message-id and subject line Bug#854743: fixed in golang-github-mailru-easyjson 0.0~git20161103.0.159cdb8-1.1 has caused the Debian Bug report #854743, regarding golang-github-mailru-easyjson: FTBFS (32-bit): constant 4294967295 overflows int to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 854743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: golang-github-mailru-easyjson Version: 0.0~git20161103.0.159cdb8-1 Severity: important Justification: fails to build from source Builds of golang-github-mailru-easyjson for 32-bit architectures such as i386 have been failing: # github.com/mailru/easyjson/tests src/github.com/mailru/easyjson/tests/data.go:91: constant 4294967295 overflows int src/github.com/mailru/easyjson/tests/data.go:94: constant 4294967295 overflows int src/github.com/mailru/easyjson/tests/data.go:103: constant 4294967295 overflows int src/github.com/mailru/easyjson/tests/data.go:106: constant 4294967295 overflows int src/github.com/mailru/easyjson/tests/data.go:194: constant 4294967295 overflows int src/github.com/mailru/easyjson/tests/data.go:197: constant 4294967295 overflows int Could you please take a look? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu --- End Message --- --- Begin Message --- Source: golang-github-mailru-easyjson Source-Version: 0.0~git20161103.0.159cdb8-1.1 We believe that the bug you reported is fixed in the latest version of golang-github-mailru-easyjson, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 854...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost (supplier of updated golang-github-mailru-easyjson package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2019 17:59:30 +0200 Source: golang-github-mailru-easyjson Architecture: source Version: 0.0~git20161103.0.159cdb8-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Tobias Frost Closes: 854743 Changes: golang-github-mailru-easyjson (0.0~git20161103.0.159cdb8-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix "FTBFS (32-bit): constant 4294967295 overflows int" with patch from BTS, thanks to Ritesh Raj Sarraf for providing it. (Closes: #854743) Checksums-Sha1: b90093df443a1a028c1d7c98913199b42afe1098 2432 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.dsc 3059f08915f94487301082b30c472065b832a7a1 3244 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.debian.tar.xz ae01e517699dea8b2d30c209edfc646a30ea9479 5847 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1_source.buildinfo Checksums-Sha256: ba12c0065cad63d2976933110bdde72434c9b32b775dba8c039426a7c0160eae 2432 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.dsc 15488ccb0c3feed73a96545b300ae2b14b0638427903cc884621b38c75bdde75 3244 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.debian.tar.xz 8eaf377b2bc66265c9b0a4d779ea5e9ae1c43c69a044419aa5b242ceb864be4b 5847 golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1_source.buildinfo Files: d972075af30457c0ec063b63754887b8 2432 devel extra golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.dsc 1db3d970cd93ae32b22973b7315403c5 3244 devel extra golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1.debian.tar.xz a1f00f18aa63af3ed170fb7b08e02f0d 5847 devel extra golang-github-mailru-easyjson_0.0~git20161103.0.159cdb8-1.1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAlyozO4ACgkQkWT6HRe9 XTaPnQ//ed0YDfp4A+Wb0Iqde/G/x+r6bjAvAxazQHn2N7+IOraJjUXTB1zFmjex liPQ9CNT7Q+qEiY7v4Jx80oavRhL3f1c3iLMT8qJiGwnZcCyq5m+B9jzdcFG56wb QGs2PFV4IKRH4iBt4I1a3RJY/0tFT70ELmVRsYFxFhwa/q2EcXsx2NfnZFqcPBmj geft7cywr4CTmqTV9fM15oQCkhnvZVxlakfUgAjMclbaoOxbvcPKcKeBcLRVVOFN l6pEFe6EFyKepAfJHBs523TQt3X3F8P3AeMVkN2Xpyb2eVXI9ZMJSKJCKa86lqmh
Bug#926541: src:lexicon: Build-Depends on python-softlayer which will be removed
Thanks for the update on this. It would be a shame to drop the package entirely from Debian. Have had a look at the packaging on salsa and I'm happy to take over. I would need DM permissions on it to make uploads. Cheers, Ana
Processed: severity of 924840 is serious
Processing commands for cont...@bugs.debian.org: > severity 924840 serious Bug #924840 [src:highwayhash] highwayhash: FTBFS: dh_makeshlibs: failing due to earlier errors Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 924840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924840 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#926653: openssh-server: Locked out of server after upgrading to buster.
Processing control commands: > reassign -1 release-notes Bug #926653 [openssh-server] openssh-server: Locked out of server after upgrading to buster. Bug reassigned from package 'openssh-server' to 'release-notes'. Ignoring request to alter found versions of bug #926653 to the same values previously set Ignoring request to alter fixed versions of bug #926653 to the same values previously set > merge 926613 -1 Bug #926613 [release-notes] openssh-server: Locked out of server after upgrading to buster. Bug #926653 [release-notes] openssh-server: Locked out of server after upgrading to buster. Merged 926613 926653 -- 926613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926613 926653: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926653 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926653: openssh-server: Locked out of server after upgrading to buster.
Control: reassign -1 release-notes Control: merge 926613 -1 On Mon, Apr 08, 2019 at 02:31:36PM +0100, Sam Bull wrote: > Due to a change in how some options are handled in sshd_config, upgrading to > buster can result in the user getting locked out of their system if the config > is not updated. You already filed this bug and I already responded to it, so I'm merging the duplicate. -- Colin Watson [cjwat...@debian.org]
Bug#926647: marked as done (leveldb-sharp: ABI change in libleveldb 1.20)
Your message dated Mon, 8 Apr 2019 15:58:07 +0200 with message-id <20190408135807.y7k4j3sx3gwto...@topinambour.cristau.org> and subject line Re: Bug#926647: leveldb-sharp: ABI change in libleveldb 1.20 has caused the Debian Bug report #926647, regarding leveldb-sharp: ABI change in libleveldb 1.20 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926647 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: leveldb-sharp Version: 1.9.1-1.1 Severity: serious Hi, as documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=83 libleveldb's ABI changed incompatibly in 1.20. The 1.20-2.1 NMU changed SONAME to reflect that, and leveldb-sharp 1.9.1-1.2 was patched to use the new SONAME. However, with no corresponding source change, I'm not convinced this is actually compatible; I'd have expected something in the C# binding to need an update for the new leveldb Options structure layout. I know nothing of C# / Mono though, so I might well be wrong. Cheers, Julien --- End Message --- --- Begin Message --- Version: 1.9.1-1.2 On Mon, Apr 8, 2019 at 15:41:39 +0200, Andreas Beckmann wrote: > There is this comment from Robert Bruce Park in the 1.9.1-1.1 changelog > entry: > "this package only uses the C ABI" > > Not sure if the ABI breakage is limited to the C++ part > (leveldb::Options is at least a C++ thing) > OK, that seems plausible enough. Thanks! Cheers, Julien--- End Message ---
Bug#926652: python-trustme: FTBFS on all
On Mon, Apr 08, 2019 at 01:38:04PM +, Ivo De Decker wrote: > The latest version of python-trustme in unstable fails on all: See also bug 925576. I haven't got round to looking at it yet. I hope to investigate and fix it soon; patches also welcome. signature.asc Description: PGP signature
Bug#926653: openssh-server: Locked out of server after upgrading to buster.
Package: openssh-server Severity: serious Justification: Policy 8.2 Dear Maintainer, Due to a change in how some options are handled in sshd_config, upgrading to buster can result in the user getting locked out of their system if the config is not updated. Probably the most likely cause (and what occurred to me) is if the PubkeyAcceptedKeyTypes includes ssh-rsa and the admin logs in with an RSA key. After upgrading, the user will no longer be able to connect to the server. The solution for this case is to replace ssh-rsa with rsa-sha2-256,rsa-sha2-512. At the very least this needs to be mentioned in the upgrade instructions in the release notes for buster. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-47-generic (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_GB:en (charmap=locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser3.118 ii debconf [debconf-2.0] 1.5.71 ii dpkg 1.19.6 ii libaudit1 1:2.8.4-2 ii libc6 2.28-8 ii libcom-err21.44.5-1 ii libgssapi-krb5-2 1.17-2 ii libkrb5-3 1.17-2 ii libpam-modules 1.3.1-5 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux12.8-1+b1 ii libssl1.1 1.1.1b-1 ii libsystemd0241-1 pn libwrap0 ii lsb-base 10.2019031300 ii openssh-client 1:7.9p1-9 pn openssh-sftp-server pn procps pn ucf ii zlib1g 1:1.2.11.dfsg-1 Versions of packages openssh-server recommends: ii libpam-systemd 241-1 pn ncurses-term ii xauth 1:1.0.10-1 Versions of packages openssh-server suggests: pn molly-guard pn monkeysphere pn rssh pn ssh-askpass pn ufw signature.asc Description: This is a digitally signed message part
Bug#926647: leveldb-sharp: ABI change in libleveldb 1.20
On 2019-04-08 14:50, Julien Cristau wrote: > as documented in > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=83 libleveldb's > ABI changed incompatibly in 1.20. The 1.20-2.1 NMU changed SONAME to > reflect that, and leveldb-sharp 1.9.1-1.2 was patched to use the new > SONAME. However, with no corresponding source change, I'm not convinced > this is actually compatible; I'd have expected something in the C# > binding to need an update for the new leveldb Options structure layout. I primarily did the same as in the NMU after the library rename three years ago. And I only touched it because I NMUed it in the past. I have no idea what the package is good for :-) > I know nothing of C# / Mono though, so I might well be wrong. I probably have as much clue about these as you :-) There is this comment from Robert Bruce Park in the 1.9.1-1.1 changelog entry: "this package only uses the C ABI" Not sure if the ABI breakage is limited to the C++ part (leveldb::Options is at least a C++ thing) Andreas
Bug#926652: python-trustme: FTBFS on all
package: src:python-trustme version: 0.4.0-2 severity: serious tags: ftbfs Hi, The latest version of python-trustme in unstable fails on all: https://buildd.debian.org/status/package.php?p=python-trustme Cheers, Ivo
Bug#925455: alsa volume never saved/restored
Looking a bit further it seems that /var/lib/alsa/asound.state doesn't exist. That means that we are facing a chicken-egg problem here, the file will never be created as the service is never started (and then never stopped). I don't know, if it helps, but I could manually create a working settings file with: alsactl -f /var/lib/alsa/asound.state init alsactl -f /var/lib/alsa/asound.state store In the shell: root@debian:/var/lib/alsa# alsactl -f /var/lib/alsa/asound.state init Found hardware: "ICH" "Analog Devices AD1881A" "AC97a:41445348" "0x1043" "0x11d4" Hardware is initialized using a generic method root@debian:/var/lib/alsa# ls -l insgesamt 0 root@debian:/var/lib/alsa# alsactl -f /var/lib/alsa/asound.state store root@debian:/var/lib/alsa# ls -l insgesamt 8 -rw-r--r-- 1 root root 5680 Apr 7 18:55 asound.state root@debian:/var/lib/alsa# Since then, the sound level was properly saved and restored on restart. /var/log/syslog on start: Apr 7 19:41:46 debian systemd[1]: Starting Save/Restore Sound Card State... Apr 7 19:41:46 debian systemd[1]: Started Save/Restore Sound Card State. Apr 7 19:41:46 debian systemd[1]: Reached target Sound Card. /var/log/syslog on shutdown: Apr 7 19:45:17 debian systemd[1]: Stopped target Sound Card. Apr 7 19:45:17 debian systemd[1]: Stopping Save/Restore Sound Card State... I doesn't say "Stopped Save/Restore Sound Card State.", though. So the last confirmation seems to be missing. But it still works, as far as I can tell... I think, I always needed to run "alsactl init" at least once since Debian 8 Jessie, and this is still mentioned in the Debian Wiki: Configure alsa by running the command 'alsactl init' as root. Then reboot and try to test your sound. -- https://wiki.debian.org/ALSA Regards, Hartmut Buhrmester
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi Hugo, On Mon, Apr 08, 2019 at 10:04:35AM +0200, Hugo Lefeuvre wrote: > > This should help confirming vulnerability in other suites. > > 2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and > 2.8-1 are affected by the previous str.format issue[0]. > > [0] https://palletsprojects.com/blog/jinja-281-released/ CVE-2016-10745 was assigned for this issue. Regards, Salvtore
Bug#924843: Ping bug
Hi Filippo, I realised that msxpertsuite is marked for removal from testing in 7 days while it is not yet marked for unblock. I'm just pinging this bug to avoid that it will be removed soon. Kind regards Andreas. -- http://fam-tille.de
Bug#924337: marked as done (Please reenable mqtt and varnish)
Your message dated Mon, 08 Apr 2019 13:03:44 + with message-id and subject line Bug#924337: fixed in collectd 5.8.1-1.3 has caused the Debian Bug report #924337, regarding Please reenable mqtt and varnish to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924337: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924337 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: collectd Version: 5.8.1-1.2 Severity: important The mqtt and varnish plugins are disabled because of dependency issues. The blocking bugs #911265, #911266, and #879471 are resolved. Please reenable the plugins. --- End Message --- --- Begin Message --- Source: collectd Source-Version: 5.8.1-1.3 We believe that the bug you reported is fixed in the latest version of collectd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Hofstaedtler (supplier of updated collectd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2019 12:21:09 + Source: collectd Architecture: source Version: 5.8.1-1.3 Distribution: unstable Urgency: medium Maintainer: Sebastian Harl Changed-By: Chris Hofstaedtler Closes: 924337 Changes: collectd (5.8.1-1.3) unstable; urgency=medium . * Non-maintainer upload. . [ Jonathan McDowell ] * Re-enable mqtt + varnish plugins. (Closes: #924337) . [ Chris Hofstaedtler ] * Apply Jonathan's patch and upload it. Checksums-Sha1: 7ca86265091916b11e9e005d074ffc99dafcccf2 4118 collectd_5.8.1-1.3.dsc 9150c0144aa397b0964c6bcceb1de81491d0f3d5 78076 collectd_5.8.1-1.3.debian.tar.xz 112912e5e64cf15620adb4d05512de5cdb528143 12531 collectd_5.8.1-1.3_source.buildinfo Checksums-Sha256: 608b63fd37603b85278d390af3fe4c4ed7cf2eedd6910dc583407bafdb92fa12 4118 collectd_5.8.1-1.3.dsc b67047ba27cf7bf7e6292a43da35a9b1b69743d4dfd4ec93d56cbd7be4b179e6 78076 collectd_5.8.1-1.3.debian.tar.xz cbc38a7853259ab9796cca9d7556d08f540f0d4341338de12bd7a9d3859b5255 12531 collectd_5.8.1-1.3_source.buildinfo Files: f487f6d7f9367d7e4b7cde55458cecee 4118 utils optional collectd_5.8.1-1.3.dsc 54ed87f0035620c052cff7d334fc2a67 78076 utils optional collectd_5.8.1-1.3.debian.tar.xz eadf243d91188d374e6060fea3d77d43 12531 utils optional collectd_5.8.1-1.3_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlyonP8ACgkQXBPW25MF LgNm1g//UZZiPdRHSp0kDgjY8Nuq8F+W4BFFMfUrstb5Ji+v6gMvORx64kF/fJPA HZveYW4jPKg8hDwTM72AGIscW/gsU7t++v2qgjmrS8yQsjHXGvJfWkzYZ3dnHmYN OJmj3Rf1/DehDF7xv18n3YPXnnvWl9tbEv7wwLdbYOYXAf9xEjOe1LBw/1gs0DnU 7cp3QGrb9ymxAFsI5l85gZMfPaqD4JGpHzox7HjF4TudyjYgGuo9p7YmhPjuCOtM KdS8ZUgamqyFyL5agQ+uc3JuGQ02nUAd4JdpiNdFqVcAVW3tnDBZAW/b2kHEUZed 0LD+Ncitt1hMRUeduciPMkQ7XKoTggsHOmdb5+obLqCDzDdl13NJZsnrTp1mWrkH 1XwpDGvRIySd34iE/wYPdN60JLFuN2RTxuM9tjxYV+RAGH4oA8hSyLRa5B+xpfEZ rZgmuZNVD73997Oa19S1S9G2sexrEB4NQVvbPAO4Hlu0UOAob72Y/2Zo99stHCCb TU/b6BvKds1uZV29dENWCnhkF+6m0sHA5tyd2VX7YAGQLhwq5Xu1H8Ym2W/O8UtH bNO7egLvHTYJmRGeGFTBbdpoV9R6S9JuEiqFkexPWf6PM3oAXRBThRdI64Sn2k9I 0VwbBKfqbPgIbyw1bTZpehpoxp6clL6sKI8oiijwe5D4Pq2HXQ0= =2hsC -END PGP SIGNATURE End Message ---
Bug#925420: marked as done (collectd: disabled mqtt in build breaks upgrades on configs with mqtt)
Your message dated Mon, 08 Apr 2019 13:03:44 + with message-id and subject line Bug#924337: fixed in collectd 5.8.1-1.3 has caused the Debian Bug report #924337, regarding collectd: disabled mqtt in build breaks upgrades on configs with mqtt to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924337: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924337 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: collectd Version: 5.8.1-1 + Severity: important When upgrading collectd from 5.8.0-5.2, the package becomes unable to restart if the mqtt plugin is enabled in the configs leaving it unable to complete the collectd and collectd-core installations. Request to revert the disabled plugin as the referred to bugs have been resolved. >From the 5.8.1-1 changelog: - Disable mqtt plugin until #911265, #911266 get fixed. Also it appears the varnish plugin bug is also fixed from 5.8.0-5 - disable varnish plugin until #879471 gets fixed. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: collectd Source-Version: 5.8.1-1.3 We believe that the bug you reported is fixed in the latest version of collectd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Hofstaedtler (supplier of updated collectd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2019 12:21:09 + Source: collectd Architecture: source Version: 5.8.1-1.3 Distribution: unstable Urgency: medium Maintainer: Sebastian Harl Changed-By: Chris Hofstaedtler Closes: 924337 Changes: collectd (5.8.1-1.3) unstable; urgency=medium . * Non-maintainer upload. . [ Jonathan McDowell ] * Re-enable mqtt + varnish plugins. (Closes: #924337) . [ Chris Hofstaedtler ] * Apply Jonathan's patch and upload it. Checksums-Sha1: 7ca86265091916b11e9e005d074ffc99dafcccf2 4118 collectd_5.8.1-1.3.dsc 9150c0144aa397b0964c6bcceb1de81491d0f3d5 78076 collectd_5.8.1-1.3.debian.tar.xz 112912e5e64cf15620adb4d05512de5cdb528143 12531 collectd_5.8.1-1.3_source.buildinfo Checksums-Sha256: 608b63fd37603b85278d390af3fe4c4ed7cf2eedd6910dc583407bafdb92fa12 4118 collectd_5.8.1-1.3.dsc b67047ba27cf7bf7e6292a43da35a9b1b69743d4dfd4ec93d56cbd7be4b179e6 78076 collectd_5.8.1-1.3.debian.tar.xz cbc38a7853259ab9796cca9d7556d08f540f0d4341338de12bd7a9d3859b5255 12531 collectd_5.8.1-1.3_source.buildinfo Files: f487f6d7f9367d7e4b7cde55458cecee 4118 utils optional collectd_5.8.1-1.3.dsc 54ed87f0035620c052cff7d334fc2a67 78076 utils optional collectd_5.8.1-1.3.debian.tar.xz eadf243d91188d374e6060fea3d77d43 12531 utils optional collectd_5.8.1-1.3_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlyonP8ACgkQXBPW25MF LgNm1g//UZZiPdRHSp0kDgjY8Nuq8F+W4BFFMfUrstb5Ji+v6gMvORx64kF/fJPA HZveYW4jPKg8hDwTM72AGIscW/gsU7t++v2qgjmrS8yQsjHXGvJfWkzYZ3dnHmYN OJmj3Rf1/DehDF7xv18n3YPXnnvWl9tbEv7wwLdbYOYXAf9xEjOe1LBw/1gs0DnU 7cp3QGrb9ymxAFsI5l85gZMfPaqD4JGpHzox7HjF4TudyjYgGuo9p7YmhPjuCOtM KdS8ZUgamqyFyL5agQ+uc3JuGQ02nUAd4JdpiNdFqVcAVW3tnDBZAW/b2kHEUZed 0LD+Ncitt1hMRUeduciPMkQ7XKoTggsHOmdb5+obLqCDzDdl13NJZsnrTp1mWrkH 1XwpDGvRIySd34iE/wYPdN60JLFuN2RTxuM9tjxYV+RAGH4oA8hSyLRa5B+xpfEZ rZgmuZNVD73997Oa19S1S9G2sexrEB4NQVvbPAO4Hlu0UOAob72Y/2Zo99stHCCb TU/b6BvKds1uZV29dENWCnhkF+6m0sHA5tyd2VX7YAGQLhwq5Xu1H8Ym2W/O8UtH bNO7egLvHTYJmRGeGFTBbdpoV9R6S9JuEiqFkexPWf6PM3oAXRBThRdI64Sn2k9I 0VwbBKfqbPgIbyw1bTZpehpoxp6clL6sKI8oiijwe5D4Pq2HXQ0= =2hsC -END PGP SIGNATURE End Message ---
Bug#908815: marked as done ([libdmtx0a] Structs in dmtx.h have changed without new ABI number)
Your message dated Mon, 08 Apr 2019 13:00:10 + with message-id and subject line Bug#908815: fixed in libdmtx 0.7.5-2.1 has caused the Debian Bug report #908815, regarding [libdmtx0a] Structs in dmtx.h have changed without new ABI number to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libdmtx0a Version: 0.7.5-1 Severity: normal In header file dmtx.h the structs and enumeration in version 0.7.5 have changed to insert a new varible "fnc1" representing undefinded state. When loading older DMTX binary linked against new libdmtx.so the program will crash with SIGSEGV. Same happens when loading newly compiled binary with DMTX library version < 0.7.5. Both versions 0.7.4 and 0.7.5 are using the same ABI number for their library version: libdmtx.so -> libdmtx.so.0.0.0 I think it is a good idea to increase ABI number of DMTX version 0.7.5 to prevent loading wrong library version of libdmtx.so. --- System information. --- Architecture: Kernel: Linux 4.16.0-2-amd64 Debian Release: buster/sid 500 testing debian.tu-bs.de --- Package information. --- Depends (Version) | Installed ==-+-=== libc6(>= 2.14) | --- End Message --- --- Begin Message --- Source: libdmtx Source-Version: 0.7.5-2.1 We believe that the bug you reported is fixed in the latest version of libdmtx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie (supplier of updated libdmtx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 10 Mar 2019 17:13:33 + Source: libdmtx Binary: libdmtx0b libdmtx0b-dbgsym libdmtx-dev Architecture: amd64 source Version: 0.7.5-2.1 Distribution: experimental Urgency: medium Maintainer: Roberto Lumbreras Changed-By: Simon McVittie Closes: 908815 Description: libdmtx0b - Data Matrix barcodes (runtime library) libdmtx-dev - Data Matrix barcodes (development files and static libraries) Changes: libdmtx (0.7.5-2.1) experimental; urgency=medium . * Non-maintainer upload. * Rename shared library package to libdmtx0b, due to another ABI break without a corresponding SONAME update (in 0.7.5-1). Add Conflicts/Replaces on libdmtx0a, and add missing Replaces on libdmtx0 while I'm there. (Closes: #908815) * Release to experimental for now, to wait for NEW processing and stage the transition. Checksums-Sha1: 5371627bcde0ec24d856274dad5ccc2f90fb6694 1766 libdmtx_0.7.5-2.1.dsc f59dbd942ba8ed42f57b7945b6c1f730d9c7fada 9756 libdmtx_0.7.5-2.1.debian.tar.xz b0ce85ee3a494a54971a7b346007c7e4e3712c70 4966 libdmtx_0.7.5-2.1_source.buildinfo 648609798180a9c2d049c85a9e941a19c34e7429 48128 libdmtx-dev_0.7.5-2.1_amd64.deb d757f7a385c4618e3759f01fce0fa78e01b86bfc 101000 libdmtx0b-dbgsym_0.7.5-2.1_amd64.deb 228c57823b1d40339c3f0b2a2f2aa892e3c3654e 55884 libdmtx0b_0.7.5-2.1_amd64.deb c44252a81ce90e6ed848b4ab9c669169843a69bc 4639 libdmtx_0.7.5-2.1_amd64.buildinfo Checksums-Sha256: c3f7d4a516901d89027ea7370cea17c0927612c9da0beb6019e58d76cc88b5f9 1766 libdmtx_0.7.5-2.1.dsc ff693a04de643692d3cb10ba1fd3165f0f88c3f2e95516b7706abb29fffbb058 9756 libdmtx_0.7.5-2.1.debian.tar.xz d20397b44970f3ef3323a074d18200a2f729f2bd4656ac33ca0445872a64eb94 4966 libdmtx_0.7.5-2.1_source.buildinfo 2773ae1532313cdf921e84bdef12718dcb8b43591598b91f16632f812fe52970 48128 libdmtx-dev_0.7.5-2.1_amd64.deb 64e134cd356a8f2362c411f142b997ac785003d9c596a137925ed360abcb455c 101000 libdmtx0b-dbgsym_0.7.5-2.1_amd64.deb 215e0fc02bba18b79d1fd17229a1cd2f2e3ffe59a75f9f31a03214b5887989d8 55884 libdmtx0b_0.7.5-2.1_amd64.deb 80fbcda70c0c04e41b3570eb006e76298302f12e0ff00eb40f700342d0cd3598 4639 libdmtx_0.7.5-2.1_amd64.buildinfo Files: 70e12b4d392e236ada0555d4024d2199 1766 libs optional libdmtx_0.7.5-2.1.dsc 3dd45dc20d70a2cd4991b2e1a4395863 9756 libs optional libdmtx_0.7.5-2.1.debian.tar.xz b0d9deb2347d8fa0c14b5964bae8641b 4966 libs optional
Bug#926647: leveldb-sharp: ABI change in libleveldb 1.20
Source: leveldb-sharp Version: 1.9.1-1.1 Severity: serious Hi, as documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=83 libleveldb's ABI changed incompatibly in 1.20. The 1.20-2.1 NMU changed SONAME to reflect that, and leveldb-sharp 1.9.1-1.2 was patched to use the new SONAME. However, with no corresponding source change, I'm not convinced this is actually compatible; I'd have expected something in the C# binding to need an update for the new leveldb Options structure layout. I know nothing of C# / Mono though, so I might well be wrong. Cheers, Julien
Bug#926646: libdmtx: Incomplete debian/copyright?
Source: libdmtx Version: 0.7.5-2.1 Severity: serious Justication: Policy § 12.5 X-Debbugs-CC: Simon McVittie , ftpmas...@debian.org, spwhit...@debian.org Hi, I just ACCEPTed libdmtx from NEW but the FTP team had noticed that the copyright stanza for debian/ is labelled GPL-2+ but its content is GPL-2. This is in no way exhaustive so please check over the entire package carefully and address these on your next upload. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#922552: marked as done (diffutils: FTBFS in ppc64el (failing tests))
Your message dated Mon, 08 Apr 2019 12:33:38 + with message-id and subject line Bug#922552: fixed in diffutils 1:3.7-3 has caused the Debian Bug report #922552, regarding diffutils: FTBFS in ppc64el (failing tests) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 922552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922552 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:diffutils Version: 1:3.7-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/fetch.php?pkg=diffutils=ppc64el=1%3A3.7-1=1550448741=0 Have to look at this. --- End Message --- --- Begin Message --- Source: diffutils Source-Version: 1:3.7-3 We believe that the bug you reported is fixed in the latest version of diffutils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 922...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila (supplier of updated diffutils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 08 Apr 2019 14:04:00 +0200 Source: diffutils Binary: diffutils diffutils-doc Architecture: source Version: 1:3.7-3 Distribution: unstable Urgency: medium Maintainer: Santiago Vila Changed-By: Santiago Vila Description: diffutils - File comparison utilities diffutils-doc - Documentation for GNU diffutils in HTML format Closes: 922552 Changes: diffutils (1:3.7-3) unstable; urgency=medium . * Disable tests/colors completely for buster. Closes: #922552. Checksums-Sha1: dbd2869bbd13091992744e98e41ba9793ceae01e 1453 diffutils_3.7-3.dsc 02389d1db18a75645827b852b44506c68640b1ed 6 diffutils_3.7-3.debian.tar.xz ce44c24d68974294213763381ac6e4e512f099c2 5546 diffutils_3.7-3_source.buildinfo Checksums-Sha256: 99dee94cec05454a65a9cb542bea1720dbd4c511d13f9784c9e3741e76a9b9ba 1453 diffutils_3.7-3.dsc a455228f12283b5f3c0165db4ab9b12071adc37fb9dd50dcb5e1b8851c524f1f 6 diffutils_3.7-3.debian.tar.xz 770a7b7c73a838f748a4e398ea5f45aae649f73fa60ee579e30426ce7e2e4494 5546 diffutils_3.7-3_source.buildinfo Files: 84bb960d406cb54643014826f6b5efd1 1453 utils required diffutils_3.7-3.dsc 72e7df439fff4cd0da47883d112e46a4 6 utils required diffutils_3.7-3.debian.tar.xz b603dd094976949a93d3af2340ce1a8b 5546 utils required diffutils_3.7-3_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlyrON8ACgkQQc5/C58b izIXjgf+PvBwkTkJkdRY+xa59h+QZ/rVjZ2ZKkERWgL4njpX9+jNvjtUF72SDqlR XupT7UnUyGgAtFYSLY9jp/OJwHcrftpcRMcczxI/E96A/XDvXVW+JH5sXBVcZYJx H0r5zLnmLxnpOFsFXgDx/rMXi/igjRlr3qe0CRh9Z7ss5AcuJCZaRfIOMZKLiTRz 1ozPU0HNIF4vEW7M9ph52nDEDyngjWdvw/xyu9BTfD/sHIwF27uKGcT8d2Ie1AiA oGJW++g6DdqeovAJFOZ0e1CzpuvXIwSy7CwcKFOiabWqyx/knKTUHBVkjCt0szYQ Sk06fqJ4fzIC2mbJJV3dC/+J/kuqFg== =m5NV -END PGP SIGNATURE End Message ---
Processed: found
Processing commands for cont...@bugs.debian.org:
> found 922552 1:3.7-2
Bug #922552 {Done: Santiago Vila } [src:diffutils]
diffutils: FTBFS in ppc64el (failing tests)
Marked as found in versions diffutils/1:3.7-2; no longer marked as fixed in
versions diffutils/1:3.7-2 and reopened.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
922552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#922552: [fre...@debian.org: Re: diffutils test suite]
Based on this analysis by Frédéric Bonnard (thanks a lot!) I infer
that the "sleep 5" does not fix the problem at all, so I'm going
to disable the test completely for buster, as it's clearly buggy.
- Forwarded message from Frédéric Bonnard -
Date: Wed, 27 Feb 2019 16:48:38 +0100
From: Frédéric Bonnard
To: Breno Leitao , Santiago Vila ,
ppc6...@buildd.debian.org
Subject: Re: diffutils test suite
Hi,
February 18, 2019 7:04 PM, "Breno Leitao" wrote:
> hi Santiago,
>
> On 2/18/19 2:46 PM, Santiago Vila wrote:
>
>> Hello.
>>
>> I have a problem with diffutils testsuite.
>>
>> There is a test called "colors" which fails in ppc64el.
>>
>> The first time this happened I added a "sleep 1" to the test
>> to avoid what it seemed to be a race condition. Now I have increased
>> the time to 5 seconds, but it still fails on powerpc and ppc64.
>>
>> Are those architectures so slow that they need more than 5 seconds for
>> a fifo to work?
>
> I do not think so. In fact, ppc64el seems to be the fastest builder at debian
> today.
To summarize the context, the failing test is :
--
mkfifo fifo
printf '%100s-a' > a
printf '%100s-b' > b
head -c 10 < fifo > /dev/null &
sleep 5
diff --color=always ---presume-output-tty a b > fifo
test $? = 141 || fail=1
--
The expected behaviour of diff is that is should catch the SIGPIPE when
head has read its 10bytes from the fifo given the big a and b file, and
return 141 (141 = 128 + SIGPIPE)
Quite often 141 is returned.
I straced a case where diff returns 2 (EXIT_TROUBLE) (that is our failing case)
:
--
24846 write(1, ""..., 4096) = 4096
24846 write(1, ""..., 4096) = -1 EPIPE (Broken
pipe)
24846 --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=24846,
si_uid=1000} ---
24846 rt_sigreturn({mask=[]}) = -1 EPIPE (Broken pipe)
24846 munmap(0x7fffa0cf, 262144)= 0
24846 munmap(0x7fffa0fa, 262144)= 0
24846 munmap(0x7fffa0cb, 262144)= 0
24846 munmap(0x7fffa0f6, 262144)= 0
24846 munmap(0x7fffa10e, 1048576) = 0
24846 munmap(0x7fffa0fe, 1048576) = 0
24846 close(3) = 0
24846 close(4) = 0
24846 write(1, "\33[0m\n\\ No newline at end of file"..., 33) = -1 EPIPE
(Broken pipe)
24846 --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=24846,
si_uid=1000} ---
24846 rt_sigreturn({mask=[]}) = -1 EPIPE (Broken pipe)
24846 write(2, "/build/diffutils-nPN2r4/diffutil"..., 48) = 48
24846 write(2, "standard output", 15) = 15
24846 write(2, ": Broken pipe", 13) = 13
24846 write(2, "\n", 1) = 1
24846 exit_group(2) = ?
24846 +++ exited with 2 +++
24845 <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 2}], 0, NULL) =
24846
24845 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24846,
si_uid=1000, si_status=2, si_utime=0, si_stime=0} ---
24845 rt_sigreturn({mask=[]}) = 24846
24845 dup2(10, 1) = 1
24845 close(10) = 0
24845 exit_group(2) = ?
24845 +++ exited with 2 +++
--
We can see that diff reports "Broken pipe" with the standard output.
and here is the working case :
---
24987 write(1, ""..., 4096) = 4096
24987 write(1, ""..., 4096) = -1 EPIPE (Broken
pipe)
24987 --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=24987,
si_uid=1000} ---
24987 rt_sigreturn({mask=[]}) = -1 EPIPE (Broken pipe)
24987 write(1, "\33[0m\n\\ No newline at end of file"..., 56) = -1 EPIPE
(Broken pipe)
24987 --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=24987,
si_uid=1000} ---
24987 rt_sigreturn({mask=[]}) = -1 EPIPE (Broken pipe)
24987 rt_sigprocmask(SIG_BLOCK, [HUP INT QUIT PIPE ALRM TERM TSTP XCPU XFSZ
VTALRM PROF IO], [], 8) = 0
24987 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[PIPE],
sa_flags=SA_RESTART}, {sa_handler=0x12ff80780, sa_mask=[HUP INT QUIT PIPE ALRM
TERM TSTP XCPU XFSZ VTALRM PROF IO], sa_flags=SA_RESTART}, 8) = 0
24987 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [HUP INT QUIT PIPE ALRM TERM
TSTP XCPU XFSZ VTALRM PROF IO], 8) = 0
24987 getpid() = 24987
24987 gettid() = 24987
24987 tgkill(24987, 24987, SIGPIPE) = 0
24987 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT PIPE ALRM TERM TSTP XCPU XFSZ
VTALRM PROF IO], NULL, 8) = 0
24987 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
24987 --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_TKILL, si_pid=24987,
si_uid=1000} ---
24987 +++ killed by SIGPIPE +++
24986 <... wait4 resumed> [{WIFSIGNALED(s) && WTERMSIG(s) == SIGPIPE}], 0,
NULL) = 24987
24986 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=24987,
si_uid=1000, si_status=SIGPIPE, si_utime=0, si_stime=0} ---
24986 rt_sigreturn({mask=[]}) = 24987
24986 dup2(10, 1) = 1
24986 close(10)
Processed: unarchive
Processing commands for cont...@bugs.debian.org:
> unarchive 922552
Bug #922552 {Done: Santiago Vila } [src:diffutils]
diffutils: FTBFS in ppc64el (failing tests)
Unarchived Bug 922552
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
922552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#910902: Please test again: resolveip and Akonadi for a freash installation
Hello! > What I see, you do not run autopkgtest within the pipelines. In my > understanding, this test should go to a autopkgtest. I'll add it to my TODO > list, to write such an test for mariadb, when I'm writing autopkgtest for > akonadi. We do run: see https://salsa.debian.org/mariadb-team/mariadb-10.3/pipelines/42591 --> https://salsa.debian.org/mariadb-team/mariadb-10.3/-/jobs/154829
Bug#925066: marked as done (lirc: prompting due to modified conffiles which were not modified by the user: /etc/lirc/lirc_options.conf)
Your message dated Mon, 08 Apr 2019 10:19:49 +
with message-id
and subject line Bug#925066: fixed in lirc 0.10.1-5.2
has caused the Debian Bug report #925066,
regarding lirc: prompting due to modified conffiles which were not modified by
the user: /etc/lirc/lirc_options.conf
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lirc
Version: 0.10.1-5.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed the piuparts
upgrade test because dpkg detected a conffile as being modified and then
prompted the user for an action. As there is no user input, this fails.
But this is not the real problem, the real problem is that this prompt
shows up in the first place, as there was nobody modifying this conffile
at all, the package has just been installed and upgraded...
This is a violation of policy 10.7.3, see
https://www.debian.org/doc/debian-policy/ch-files.html#behavior,
which says "[These scripts handling conffiles] must not ask unnecessary
questions (particularly during upgrades), and must otherwise be good
citizens."
https://wiki.debian.org/DpkgConffileHandling should help with figuring
out how to do this properly.
In https://lists.debian.org/debian-devel/2009/08/msg00675.html and
followups it has been agreed that these bugs are to be filed with
severity serious.
>From the attached log (scroll to the bottom...):
Setting up lirc (0.10.1-5.1) ...
Configuration file '/etc/lirc/lirc_options.conf'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** lirc_options.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing
package lirc (--configure):
end of file on stdin at conffile prompt
Setting up python3-distutils (3.7.3~rc1-1) ...
Setting up dh-python (3.20190308) ...
Processing triggers for libc-bin (2.28-8) ...
Errors were encountered while processing:
lirc
This was observed on an upgrade from stretch to sid.
cheers,
Andreas
lirc_0.10.1-5.1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: lirc
Source-Version: 0.10.1-5.2
We believe that the bug you reported is fixed in the latest version of
lirc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost (supplier of updated lirc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 06 Apr 2019 15:12:52 +0200
Source: lirc
Architecture: source
Version: 0.10.1-5.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Lirc Team
Changed-By: Tobias Frost
Closes: 925066 925477
Changes:
lirc (0.10.1-5.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Revert removal of liblircclient{0,-dev} (Closes: #925477)
* Revert "Do not install conffiles in a dummy location" (Closes: #925066)
Checksums-Sha1:
7626db2ea8c24a7cc1f1f659e2267a3f2dd3ed84 2663 lirc_0.10.1-5.2.dsc
e930a028201f4e026a490fc96e3c094ff811c6cd 35876 lirc_0.10.1-5.2.debian.tar.xz
599c95061ac76936790888f7a1b59509161a2d7c 7930 lirc_0.10.1-5.2_source.buildinfo
Checksums-Sha256:
4452146d09caa7ea18c2cde432b01d21d92c5b14e36deaafab1a64bfb0e785e1 2663
lirc_0.10.1-5.2.dsc
ef2dcc608e63baf20fe5df9ebe82ee98ea0526730e5001916dfb112fc399387a 35876
lirc_0.10.1-5.2.debian.tar.xz
67ff05b37b7b9f2da273496e12142b91503c90d737d0407b35957ea9fae95878 7930
lirc_0.10.1-5.2_source.buildinfo
Files:
680f5f24e4d3e648ea67fb2a787e3250 2663 utils optional lirc_0.10.1-5.2.dsc
5c33ee654207b8b938967652720479e2 35876 utils optional
lirc_0.10.1-5.2.debian.tar.xz
Bug#925477: marked as done (src:lirc: Uncoordinated removal of transitional packages during freeze breaks other packages)
Your message dated Mon, 08 Apr 2019 10:19:49 +
with message-id
and subject line Bug#925477: fixed in lirc 0.10.1-5.2
has caused the Debian Bug report #925477,
regarding src:lirc: Uncoordinated removal of transitional packages during
freeze breaks other packages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925477: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925477
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:lirc
Version: 0.10.1-5.1
Severity: grave
Justification: renders package unusable
Removal of the obselete packages dropped in the most recent upload is
blocked by:
- broken Build-Depends:
audacious-plugins: liblircclient-dev
bino: liblircclient-dev
geeqie: liblircclient-dev
gkrellm-radio: liblircclient-dev
gmpc-plugins: liblircclient-dev
kradio4: liblircclient-dev
lcdproc: liblircclient-dev
libirman: liblircclient-dev (>= 0.9.4)
lxmms2: liblircclient-dev
ncmpc: liblircclient-dev
pulseaudio: liblircclient-dev
pylirc: liblircclient-dev
rhythmbox: liblircclient-dev
rosegarden: liblircclient-dev
squeezelite: liblircclient-dev
totem: liblircclient-dev (>= 0.6.6)
xawtv: liblircclient-dev
xine-lib-1.2: liblircclient-dev
xine-ui: liblircclient-dev
zapping: liblircclient-dev
Breaking 20 other packages during freeze does not seem to be the best
approach. I would suggest putting the transitional packages back until
Buster is released and then remove them again, after coordination with the
maintainers of the affected packages.
Scott K
--- End Message ---
--- Begin Message ---
Source: lirc
Source-Version: 0.10.1-5.2
We believe that the bug you reported is fixed in the latest version of
lirc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost (supplier of updated lirc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 06 Apr 2019 15:12:52 +0200
Source: lirc
Architecture: source
Version: 0.10.1-5.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Lirc Team
Changed-By: Tobias Frost
Closes: 925066 925477
Changes:
lirc (0.10.1-5.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Revert removal of liblircclient{0,-dev} (Closes: #925477)
* Revert "Do not install conffiles in a dummy location" (Closes: #925066)
Checksums-Sha1:
7626db2ea8c24a7cc1f1f659e2267a3f2dd3ed84 2663 lirc_0.10.1-5.2.dsc
e930a028201f4e026a490fc96e3c094ff811c6cd 35876 lirc_0.10.1-5.2.debian.tar.xz
599c95061ac76936790888f7a1b59509161a2d7c 7930 lirc_0.10.1-5.2_source.buildinfo
Checksums-Sha256:
4452146d09caa7ea18c2cde432b01d21d92c5b14e36deaafab1a64bfb0e785e1 2663
lirc_0.10.1-5.2.dsc
ef2dcc608e63baf20fe5df9ebe82ee98ea0526730e5001916dfb112fc399387a 35876
lirc_0.10.1-5.2.debian.tar.xz
67ff05b37b7b9f2da273496e12142b91503c90d737d0407b35957ea9fae95878 7930
lirc_0.10.1-5.2_source.buildinfo
Files:
680f5f24e4d3e648ea67fb2a787e3250 2663 utils optional lirc_0.10.1-5.2.dsc
5c33ee654207b8b938967652720479e2 35876 utils optional
lirc_0.10.1-5.2.debian.tar.xz
b1bb1124dac7490ee052e77bd213b631 7930 utils optional
lirc_0.10.1-5.2_source.buildinfo
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAlyophAACgkQkWT6HRe9
XTbXLxAAgHKFc1dTnf4HjAAadNFXiNoXHy+zorgGcJjTKGvovydjCF0U5P9aYLmw
EFn9y7n0u0b9DfoaMegKwlziy9drVPP+nB1WK8J1TRgOMz5pnV6vfZqq7PeXaREF
y6Y2anvcn7WqsWCjDcqzAUT/VTds50C0ceIiCBfq+ojQObb7/1/KDXPOZnNiMPHw
XP9xuNcffEJ3Cpz6m2QTkhUe6WdIzXY0TrbPZG/klkhhpNA/KPlF+lgIt4SD9SZT
yVcCWHcrVABzGAoSqQOIxhg2DLIFpeDJq97dfBjkh7KolqswfaBLgznEINJ2yALL
9w9R5E+NSms3/+EJpsLsEt6uDR6wmQptxwbAdJQBPuY8j76GdJh0x+IZ2PJy6rP2
ScHTXffmTJlb9OgS1qXOAKD+dTuIX1FLsHQNbFUE2uAHU3CEssQNgGPnN8zlWg2t
MtOYbyuu2IhlvEKVOjmWqpo5dGAJ0w4dhz+ItvAbkhPMlfedKbNM40ZbEd/7ar72
MHY7ESpVu8+jbtdySOWRPM7cxsQ93V4s0kp1o9KGnlTf9Pt4S78vIJ8P+tvhUZzt
oNkLyhTjqeUhSCec11O8y9QYGqKcglDj8PmO7jFNfMhh4Y9yU/GjW67vun6HZ8kL
IjsWq15FPL4GpknzsxAdsXfSP5nUJwEfC7XeBJq40xwr9SRuaGk=
=xz4H
-END PGP SIGNATURE End Message ---
Processed: Re: Bug#926591: libelogind0: does not ship SONAME link /lib//libelogind.so.0 -> libsystemd.so.0.25.0
Processing control commands: > tags -1 pending Bug #926591 [libelogind0] libelogind0: does not ship SONAME link /lib//libelogind.so.0 -> libsystemd.so.0.25.0 Added tag(s) pending. -- 926591: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926591 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926591: libelogind0: does not ship SONAME link /lib//libelogind.so.0 -> libsystemd.so.0.25.0
control: tags -1 pending On Sun, Apr 07, 2019 at 02:12:54PM +0200, Andreas Beckmann wrote: > I think the symlink setup is overly complicated by using both > /lib and /usr/lib. You should either move everything to /lib > (if that is really required for compatibility with libsystemd0) > or just restrict to /usr/lib (as done in my patch). > I also think you don't need libsystemd.so.0.25.0 symlinks at all, > a libsystemd.so.0 -> libelogind.so.0 symlink should be sufficient. Thanks for this. I have queued your patch for upload. > This produces some noise in piuparts tests and therefore I'd like > to see it fixed for buster. Version 241.1-1 isn't in buster and I am not sure if it will make it in as there is no sign of movement in the unblock request (#925489). But I am happy to fix it in unstable. Thanks Mark
Processed: Re: Bug#926613: openssh-server: Locked out of server after upgrading to buster.
Processing control commands: > reassign -1 release-notes Bug #926613 [openssh-server] openssh-server: Locked out of server after upgrading to buster. Bug reassigned from package 'openssh-server' to 'release-notes'. Ignoring request to alter found versions of bug #926613 to the same values previously set Ignoring request to alter fixed versions of bug #926613 to the same values previously set -- 926613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926613 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926613: openssh-server: Locked out of server after upgrading to buster.
Control: reassign -1 release-notes On Sun, Apr 07, 2019 at 08:36:11PM +, Sam Bull wrote: > Package: openssh-server > Severity: serious > Justification: Policy 8.2 Policy 8.2 is "Shared library support files", which seems to have nothing to do with this. > Due to a change in how some options are handled in sshd_config, upgrading to > buster can result in the user getting locked out of their system if the > config is not updated. > > Probably the most likely cause (and what occurred to me) is if the > PubkeyAcceptedKeyTypes includes ssh-rsa and the admin logs in with an RSA > key. After upgrading, the user will no longer be able to connect to the > server. > The solution for this case is to replace ssh-rsa with > rsa-sha2-256,rsa-sha2-512. > > At the very least this needs to be mentioned in the upgrade instructions in > the release notes for buster. This is already documented in openssh's NEWS.Debian file, presented before upgrade if you use apt-listchanges. It says: * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar HostbasedAcceptedKeyTypes options have changed. These now specify signature algorithms that are accepted for their respective authentication mechanism, where previously they specified accepted key types. This distinction matters when using the RSA/SHA2 signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate counterparts. Configurations that override these options but omit these algorithm names may cause unexpected authentication failures (no action is required for configurations that accept the default for these options). I don't think I consider it safe to try to mangle this automatically in people's sshd_config files in this case; the cure could easily be worse than the disease, and any time I try to do that sort of thing it generates a flurry of RC bug reports about configuration file modifications which are always really hard to get right in a policy-friendly way. Other than that, for people who don't see or don't fully read the NEWS.Debian file I already provided, the best I can do is reassign this to the release notes to lift some of these warnings up to there. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#899128: kdepim: Limit CVE-2017-17689 (EFAIL) even more for kmail
Hi, On Sat, May 19, 2018 at 07:18:06PM +0200, Sandro Knauß wrote: > I now created a debdiff for kdepim. The patch depdends on the new symbol that > was added in new messageviewer (see #899127). Does this bug still affect buster/sid? From the bug log and the tracker for CVE-2017-17689, it look like kmail in buster/sid is not affected, but it would be good if someone could confirm that. Thanks, Ivo
Bug#926247: marked as done (ruby-hangouts-chat: access network during build?)
Your message dated Mon, 08 Apr 2019 09:03:51 + with message-id and subject line Bug#926247: fixed in ruby-hangouts-chat 0.0.5-2 has caused the Debian Bug report #926247, regarding ruby-hangouts-chat: access network during build? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ruby-hangouts-chat Version: 0.0.5-1 Severity: serious Hello, look like the client is trying to reach googleapis.com during build, see the build log: ┌──┐ │ Run tests for ruby2.5 from debian/ruby-tests.rake│ └──┘ RUBYLIB=/<>/debian/ruby-hangouts-chat/usr/lib/ruby/vendor_ruby:. GEM_PATH=debian/ruby-hangouts-chat/usr/share/rubygems-integration/all:/var/lib/gems/2.5.0:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.5.0:/usr/share/rubygems-integration/2.5.0:/usr/share/rubygems-integration/all ruby2.5 -S rake -f debian/ruby-tests.rake /usr/bin/ruby2.5 -w -I"test" "/usr/lib/ruby/vendor_ruby/rake/rake_test_loader.rb" "test/hangouts_chat/http_test.rb" "test/hangouts_chat_test.rb" "test/test_helper.rb" -v /usr/lib/ruby/vendor_ruby/addressable/idna/pure.rb:154: warning: assigned but unused variable - startercc /usr/lib/ruby/vendor_ruby/httpclient/ssl_config.rb:370: warning: assigned but unused variable - pathlen /usr/lib/ruby/vendor_ruby/httpclient/ssl_config.rb:51: warning: method redefined; discarding old initialize /usr/lib/ruby/vendor_ruby/httpclient/ssl_config.rb:58: warning: method redefined; discarding old add_cert /usr/lib/ruby/vendor_ruby/httpclient/ssl_config.rb:58: warning: method redefined; discarding old add_file /usr/lib/ruby/vendor_ruby/httpclient/ssl_config.rb:58: warning: method redefined; discarding old add_path /usr/lib/ruby/vendor_ruby/em-socksify/errors.rb:5: warning: parentheses after method name is interpreted as an argument list, not a decomposed argument /usr/lib/ruby/vendor_ruby/ffi/library.rb:333: warning: assigned but unused variable - s Run options: -v --seed 65467 # Running: HTTPTest#test_initialized_with_valid_post_request = 0.00 s = . HTTPTest#test_initialized_with_valid_uri = 0.00 s = . HTTPTest#test_post_request = 0.01 s = E HangoutsChatTest#test_api_error_exception_message = 0.00 s = F HangoutsChatTest#test_card_message_request = 0.00 s = E HangoutsChatTest#test_simple_message_request = 0.00 s = E HangoutsChatTest#test_initialized_with_valid_variables = 0.00 s = . Finished in 0.018256s, 383.4282 runs/s, 383.4282 assertions/s. 1) Error: HTTPTest#test_post_request: SocketError: Failed to open TCP connection to example.com:443 (getaddrinfo: Name or service not known) /usr/lib/ruby/2.5.0/net/http.rb:939:in `rescue in block in connect' /usr/lib/ruby/2.5.0/net/http.rb:936:in `block in connect' /usr/lib/ruby/2.5.0/timeout.rb:93:in `block in timeout' /usr/lib/ruby/2.5.0/timeout.rb:103:in `timeout' /usr/lib/ruby/2.5.0/net/http.rb:935:in `connect' /usr/lib/ruby/2.5.0/net/http.rb:920:in `do_start' /usr/lib/ruby/2.5.0/net/http.rb:909:in `start' /usr/lib/ruby/vendor_ruby/webmock/http_lib_adapters/net_http.rb:148:in `start' /usr/lib/ruby/2.5.0/net/http.rb:609:in `start' /<>/debian/ruby-hangouts-chat/usr/lib/ruby/vendor_ruby/hangouts_chat/http.rb:25:in `post' /<>/test/hangouts_chat/http_test.rb:25:in `test_post_request' /usr/lib/ruby/vendor_ruby/minitest/test.rb:98:in `block (3 levels) in run' /usr/lib/ruby/vendor_ruby/minitest/test.rb:195:in `capture_exceptions' /usr/lib/ruby/vendor_ruby/minitest/test.rb:95:in `block (2 levels) in run' /usr/lib/ruby/vendor_ruby/minitest.rb:265:in `time_it' /usr/lib/ruby/vendor_ruby/minitest/test.rb:94:in `block in run' /usr/lib/ruby/vendor_ruby/minitest.rb:360:in `on_signal' /usr/lib/ruby/vendor_ruby/minitest/test.rb:211:in `with_info_handler' /usr/lib/ruby/vendor_ruby/minitest/test.rb:93:in `run' /usr/lib/ruby/vendor_ruby/minitest.rb:960:in `run_one_method' /usr/lib/ruby/vendor_ruby/minitest.rb:334:in `run_one_method' /usr/lib/ruby/vendor_ruby/minitest.rb:321:in `block (2 levels) in run' /usr/lib/ruby/vendor_ruby/minitest.rb:320:in `each' /usr/lib/ruby/vendor_ruby/minitest.rb:320:in `block in run' /usr/lib/ruby/vendor_ruby/minitest.rb:360:in `on_signal' /usr/lib/ruby/vendor_ruby/minitest.rb:347:in `with_info_handler'
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
> This should help confirming vulnerability in other suites. 2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and 2.8-1 are affected by the previous str.format issue[0]. [0] https://palletsprojects.com/blog/jinja-281-released/ -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#917501: meson: FTBFS (failing tests): Another attempt at reproducing
usertag 917501 bsp-2019-04-se-gothenburg thank you On Sat, 30 Mar 2019 19:35:37 +0100 Giovanni Mascellani wrote: > I tried to work on this bug for a few hours, but I am quite puzzled: > first of all, the issue I am experiencing right now is different from > what is already described in the bug log. If I build meson with sbuild > it fails because the test "test_generate_gir_with_address_sanitizer" in > run_unittests.py fails (if I comment out that test, the package builds > correctly). I also have tried reproducing this in various configurations. The meson builds completely fine in the following configurations: * pbuilder/cowbuilder buster/amd64 * pbuilder/cowbuilder sid/amd64 * manually running dpkg-buildpackage with varying values of LC_ALL in a fresh buster/amd64 schroot environment I saw the failure of test_generate_gir_with_address_sanitizer that Giovanni saw in the following configurations: * sbuild buster/amd64 * reprotest I strongly suggest that we deal with the Giovanni's issue with test_generate_gir_with_address_sanitizer in a separate bug. I will create one at the end of the week if no-one else has done by then and I have done some further triaging to understand that one. I have yet to comment out the test to see if the rest passes in the sbuild and reprotest configurations. I have also printed out the environment by adding env in debian/rules, but, so far, I am none the wiser. > I have tried in many ways to replicate the failure, for example by > checking thoroughly passed options and environment variables, but I > could not find the core point. So I am leaving this issue for the moment.
Processed: found 926602 in 2.8-1
Processing commands for cont...@bugs.debian.org: > found 926602 2.8-1 Bug #926602 [src:jinja2] jinja2: CVE-2019-10906 Marked as found in versions jinja2/2.8-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 926602: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: close 924188
Processing commands for cont...@bugs.debian.org: > close 924188 Bug #924188 [knxd-dev] knxd-dev: missing dependency on library package - and a separate library package in the first place Marked Bug as done > quit Stopping processing here. Please contact me if you need assistance. -- 924188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924188 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 926602 in 2.7.3-1
Processing commands for cont...@bugs.debian.org: > found 926602 2.7.3-1 Bug #926602 [src:jinja2] jinja2: CVE-2019-10906 Marked as found in versions jinja2/2.7.3-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 926602: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926628: tdbcmysql: hard-coded (build-)dependency on libmariadbclient18
package: tdbcmysql version: 1.1.0-1 severity: serious Hi, tdbcmysql has a hard-coded (build-)dependency on "libmariadbclient18 | libmysqlclient18 | libmysqlclient20". This is clearly wrong. This now blocks the migration of mariadb-10.3 to testing, because libmariadbclient18 is no longer built. Cheers, Ivo
Bug#910902: Please test again: resolveip and Akonadi for a freash installation
Hey, > Can you please test again with the latest version in Debian unstable > and verify this is fixed now? I tested the 41873 build and now akonadi-server is able to start a fresh installation with only madiadb-server-core. So 1:10.3.13-3 will finally make it possible to switch back to madiadb-server-core ;D Thanks a lot! > MariaDB 10.3 in Debian has a rather extensive testing suite at > https://salsa.debian.org/mariadb-team/mariadb-10.3/pipelines/41873 > If you would like to contribute and write a new section to our > gitlab-ci.yml file that automatically does Akonadi things and runs > mysql_install_db if would ensure regressions like these don't creep in > unnoticed in the future. What I see, you do not run autopkgtest within the pipelines. In my understanding, this test should go to a autopkgtest. I'll add it to my TODO list, to write such an test for mariadb, when I'm writing autopkgtest for akonadi. hefee signature.asc Description: This is a digitally signed message part.
Bug#925909: unblock: pbgenomicconsensus/2.3.2-5
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package pbgenomicconsensus
Hi,
since this package went through several iterations until the autopkgtest
was finally fixed I'm hereby refreshing the metadata of the unblock
request. Unfortunately a bit longish debdiff to version in testing is
attached.
Kind regards
Andreas.
unblock pbgenomicconsensus/2.3.2-5
diff -Nru pbgenomicconsensus-2.3.2/debian/changelog pbgenomicconsensus-2.3.2/debian/changelog
--- pbgenomicconsensus-2.3.2/debian/changelog 2019-01-11 21:19:28.0 +0100
+++ pbgenomicconsensus-2.3.2/debian/changelog 2019-04-07 13:58:37.0 +0200
@@ -1,3 +1,42 @@
+pbgenomicconsensus (2.3.2-5) unstable; urgency=medium
+
+ * Team upload.
+ * Fix autopkgtest dependencies
+Closes: #925909
+
+ -- Liubov Chuprikova Sun, 07 Apr 2019 13:58:37 +0200
+
+pbgenomicconsensus (2.3.2-4) unstable; urgency=medium
+
+ * Fix dependencies
+Closes: #925909
+ * unset GZIP in autopkgtest
+
+ -- Andreas Tille Sat, 06 Apr 2019 11:16:49 +0200
+
+pbgenomicconsensus (2.3.2-3) unstable; urgency=medium
+
+ * Really fix autopkgtest
+
+ -- Andreas Tille Tue, 02 Apr 2019 21:29:59 +0200
+
+pbgenomicconsensus (2.3.2-2) unstable; urgency=medium
+
+ [ Afif Elghraoui ]
+ * Remove myself from Uploaders
+
+ [ Andreas Tille ]
+ * Add myself to Uploaders
+ * python-pbgenomicconsensus Depends: python-pbconsensuscore
+ * Test Depends: poa
+ * Ignore some warnings which are breaking test results, remove
+tests that are based on non-existing input data
+ * Move exclusion of tests to upstream Makefile via patch rather than
+in d/rules. This is needed to run autopkgtest successfully
+Closes: #925909
+
+ -- Andreas Tille Tue, 02 Apr 2019 11:02:18 +0200
+
pbgenomicconsensus (2.3.2-1) unstable; urgency=medium
* Team upload
diff -Nru pbgenomicconsensus-2.3.2/debian/control pbgenomicconsensus-2.3.2/debian/control
--- pbgenomicconsensus-2.3.2/debian/control 2019-01-11 21:19:28.0 +0100
+++ pbgenomicconsensus-2.3.2/debian/control 2019-04-07 13:58:37.0 +0200
@@ -1,6 +1,6 @@
Source: pbgenomicconsensus
Maintainer: Debian Med Packaging Team
-Uploaders: Afif Elghraoui
+Uploaders: Andreas Tille
Section: science
Priority: optional
Build-Depends: debhelper (>= 12~),
@@ -49,7 +49,10 @@
Architecture: all
Section: python
Depends: ${misc:Depends},
- ${python:Depends}
+ ${python:Depends},
+ python-pbconsensuscore,
+ python-h5py,
+ python-numpy
Suggests: python-consensuscore2
Description: Pacific Biosciences variant and consensus caller (Python 2)
The GenomicConsensus package provides Quiver, Pacific Biosciences'
diff -Nru pbgenomicconsensus-2.3.2/debian/patches/ignore_test_requiring_pbtestdata.patch pbgenomicconsensus-2.3.2/debian/patches/ignore_test_requiring_pbtestdata.patch
--- pbgenomicconsensus-2.3.2/debian/patches/ignore_test_requiring_pbtestdata.patch 1970-01-01 01:00:00.0 +0100
+++ pbgenomicconsensus-2.3.2/debian/patches/ignore_test_requiring_pbtestdata.patch 2019-04-07 13:58:37.0 +0200
@@ -0,0 +1,23 @@
+Description: Test requires https://github.com/PacificBiosciences/PacBioTestData which is not packaged
+Bug-Debian: https://bugs.debian.org/925909
+Author: Andreas Tille
+Last-Update: Thu, 28 Mar 2019 13:40:21 +0100
+
+--- a/Makefile
b/Makefile
+@@ -8,7 +8,14 @@ tests: unit-tests basic-tests
+
+ unit-tests:
+ # Unit tests
+- py.test --junit-xml=nosetests.xml tests/unit
++ # ignore tests requiring https://github.com/PacificBiosciences/PacBioTestData which is not packaged
++ set -e ; \
++ TMPDIR=$$(mktemp -d /tmp/test_ignore_XX) ; \
++ mv tests/unit/test_tool_contract.py $${TMPDIR} ; \
++ py.test --junit-xml=nosetests.xml tests/unit ; \
++ rm -rf tests/unit/__pycache__ ; \
++ mv $${TMPDIR}/* tests/unit ; \
++ rmdir $${TMPDIR}
+
+ # Note: We need at least cram/0.7 for '--xunit-file'
+ # Note: The cram tests often need h5py.
diff -Nru pbgenomicconsensus-2.3.2/debian/patches/ignore_test_using_local_data.patch pbgenomicconsensus-2.3.2/debian/patches/ignore_test_using_local_data.patch
--- pbgenomicconsensus-2.3.2/debian/patches/ignore_test_using_local_data.patch 1970-01-01 01:00:00.0 +0100
+++ pbgenomicconsensus-2.3.2/debian/patches/ignore_test_using_local_data.patch 2019-04-07 13:58:37.0 +0200
@@ -0,0 +1,29 @@
+Description: Ignore tests that are based on non-existing input data that probably reside on upstreams local host
+Bug-Debian: https://bugs.debian.org/925909
+Author: Andreas Tille
+Last-Update: Thu, 28 Mar 2019 13:40:21 +0100
+
+--- a/Makefile
b/Makefile
+@@ -22,8 +22,19 @@ unit-tests:
+
+ basic-tests:
+ # End-to-end tests
+- # One of these now needs mummer and exonerate.
+- PATH=`pwd`:$(PATH) cram --verbose --xunit-file=gc-cram.xml `ls tests/cram/*.t | grep -v -e arrow -e bad_input`
++ # some tests require a input files on a local mount of
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi,
I'm working on a potential jinja2 Debian LTS security update. Here is a
proof of concept which allows to easily reproduce the issue. This should
help confirming vulnerability in other suites.
>>> from jinja2.sandbox import SandboxedEnvironment
>>> env = SandboxedEnvironment()
>>> config = {'SECRET_KEY': '12345'}
>>> class User(object):
... def __init__(self, name):
... self.name = name
...
>>> t = env.from_string('{{
>>> "{x.__class__.__init__.__globals__[config]}".format_map(dic) }}')
>>> t.render(dic={"x": User('joe')})
"{'SECRET_KEY': '12345'}"
Expected behaviour would be jinja2.exceptions.SecurityError.
Adapted from[0].
regards,
Hugo
[0] https://palletsprojects.com/blog/jinja-281-released/
--
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
Bug#926215: dune-pdelab: FTBFS with gcc 8.3
Control: reassign -1 src:dune-istl 2.6.0-2 Control: affects -1 src:dune-pdelab Santiago Vila writes: > /usr/include/dune/istl/paamg/transfer.hh:97:5: error: no declaration matches > 'void Dune::Amg::Transfer Dune::Amg::SequentialInformation>::prolongateVector(const > Dune::Amg::AggregatesMap&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, T, const > Dune::Amg::SequentialInformation&, const Redist&)' > Transfer::prolongateVector(const > AggregatesMap& aggregates, > ^~~~ > /usr/include/dune/istl/paamg/transfer.hh:62:19: note: candidates are: > 'template template static void > Dune::Amg::Transfer Dune::Amg::SequentialInformation>::prolongateVector(const > Dune::Amg::AggregatesMap&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, T1, const > Dune::Amg::SequentialInformation&)' >static void prolongateVector(const AggregatesMap& aggregates, > Vector& coarse, Vector& fine, >^~~~ > /usr/include/dune/istl/paamg/transfer.hh:57:19: note: > 'template template static void > Dune::Amg::Transfer Dune::Amg::SequentialInformation>::prolongateVector(const > Dune::Amg::AggregatesMap&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, Dune::Amg::Transfer Dune::Amg::SequentialInformation>::Vector&, T1, const > Dune::Amg::SequentialInformation&, const Redist&)' >static void prolongateVector(const AggregatesMap& aggregates, > Vector& coarse, Vector& fine, >^~~~ > /usr/include/dune/istl/paamg/transfer.hh:50:11: note: 'class > Dune::Amg::Transfer' defined here > class Transfer >^ This is a bug in dune-istl, though I'm not quite sure I understand what is exactly wrong. Renaming the template argument from `T` to `T1` in the definition of `prolongateVector` makes the problem go away, but the name of template arguments shouldn't really matter? There is also a template argument `T` in the generic version of the `Transfer` class... Maybe that results in the confusion in some way? Ansgar
Processed: Re: Bug#926215: dune-pdelab: FTBFS with gcc 8.3
Processing control commands: > reassign -1 src:dune-istl 2.6.0-2 Bug #926215 [src:dune-pdelab] dune-pdelab: FTBFS with gcc 8.3 Bug reassigned from package 'src:dune-pdelab' to 'src:dune-istl'. No longer marked as found in versions dune-pdelab/2.6~20180302-1. Ignoring request to alter fixed versions of bug #926215 to the same values previously set Bug #926215 [src:dune-istl] dune-pdelab: FTBFS with gcc 8.3 Marked as found in versions dune-istl/2.6.0-2. > affects -1 src:dune-pdelab Bug #926215 [src:dune-istl] dune-pdelab: FTBFS with gcc 8.3 Added indication that 926215 affects src:dune-pdelab -- 926215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926626: libfm-qt6: Cannot copy dirs over smb
Package: libfm-qt6 Version: 0.14.1-3 Severity: grave Justification: renders package unusable Hi there, Note, first bug report so please advise on improvements. Recursive copying, (specifically directories) over a samba share does not work as expected, it fails with "operation not supported". I've attached a screenshot, which you can view here: imgur.com/5drZIUB - Mark -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libfm-qt6 depends on: ii libc6 2.28-8 ii libexif12 0.6.21-5.1 ii libglib2.0-0 2.58.3-1 ii libglib2.0-bin2.58.3-1 ii libmenu-cache31.1.1~2-g583c190-1 ii libqt5core5a [qtbase-abi-5-11-3] 5.11.3+dfsg1-1 ii libqt5gui55.11.3+dfsg1-1 ii libqt5widgets55.11.3+dfsg1-1 ii libqt5x11extras5 5.11.3-2 ii libstdc++68.3.0-4 ii libxcb1 1.13.1-2 ii shared-mime-info 1.10-1 Versions of packages libfm-qt6 recommends: ii libfm-qt-l10n 0.14.1-3 libfm-qt6 suggests no packages. -- no debconf information
