Processed: retitle 926764 to spip: CVE-2019-11071: arbitrary code execution by any identified visitor
Processing commands for cont...@bugs.debian.org: > retitle 926764 spip: CVE-2019-11071: arbitrary code execution by any > identified visitor Bug #926764 [src:spip] spip: arbitrary code execution by any identified visitor Changed Bug title to 'spip: CVE-2019-11071: arbitrary code execution by any identified visitor' from 'spip: arbitrary code execution by any identified visitor'. > thanks Stopping processing here. Please contact me if you need assistance. -- 926764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926825: faudio: FTBFS (Missing build-dependency on cmake)
This also prevents i386 version from being built, which in turn blocks using newer 32-bit Wine which now depends on faudio. Please re-upload the package with build-depends for cmake, and you can as well use the newest version: 19.04. Regards, Hillel Lubman.
Bug#818366: Synaptic on Buster/SID
I see that Synaptic cannot be opened. I believe the correct way is synaptic-pkexec Regards
Bug#926826: ruby-guard: FTBFS (failing tests)
Package: src:ruby-guard Version: 2.15.0-2 Severity: serious Tags: ftbfs Dear maintainer: I tried to build this package in buster but it failed: [...] debian/rules build-indep dh build-indep --buildsystem=ruby --with ruby dh_update_autotools_config -i -O--buildsystem=ruby dh_autoreconf -i -O--buildsystem=ruby dh_auto_configure -i -O--buildsystem=ruby dh_ruby --configure dh_auto_build -i -O--buildsystem=ruby dh_ruby --build dh_ruby --build dh_auto_test -i -O--buildsystem=ruby dh_ruby --test create-stamp debian/debhelper-build-stamp fakeroot debian/rules binary-indep dh binary-indep --buildsystem=ruby --with ruby [... snipped ...] returns multiple plugin scopes returns a group scope Guard::Deprecated::Watcher .match_guardfile? matches against current guardfile displays a deprecation warning to the user Guard::Guardfile::Generator has a valid Guardfile template #initialize_template with an installed Guard implementation initializes the Guard with a user defined template copies the Guardfile template and initializes the Guard when the passed guard can't be found notifies the user about the problem #initialize_all_templates calls Guard.initialize_template on all installed plugins #create_guardfile with an existing Guardfile aborts displays an error message does not display information does not copy the Guardfile template or notify the user without an existing Guardfile copies the Guardfile template and notifies the user does not display any kind of error or abort Guard::CLI #show stub me: ENV[GEM_REQUIREMENT_IO-CONSOLE]! Finished in 9.46 seconds (files took 1.48 seconds to load) 217 examples, 0 failures Randomized with seed 39874 /usr/bin/ruby2.5 /usr/bin/rspec --pattern spec/\*\*\{,/\*/\*\*\}/\*_spec.rb -I spec -r spec_helper --no-fail-fast failed ERROR: Test "ruby2.5" failed. Exiting. dh_auto_install: dh_ruby --install /<>/debian/ruby-guard returned exit code 1 make[1]: *** [debian/rules:9: override_dh_auto_install] Error 1 make[1]: Leaving directory '/<>' make: *** [debian/rules:6: binary-indep] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary-indep subprocess returned exit status 2 (The above is just how the build ends and not necessarily the most relevant part) The build was made in my autobuilder with "dpkg-buildpackage -A" and it also fails here: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ruby-guard.html where you can get a full build log if you need it. If this is really a bug in one of the build-depends, please use reassign and affects, so that this is still visible in the BTS web page for this package. Thanks.
Bug#926827: ruby-vcr: FTBFS (failing tests)
Package: src:ruby-vcr Version: 4.0.0-1 Severity: serious Tags: ftbfs Dear maintainer: I tried to build this package in buster but it failed: [...] debian/rules binary-indep dh binary-indep --buildsystem=ruby --with ruby dh_update_autotools_config -i -O--buildsystem=ruby dh_autoreconf -i -O--buildsystem=ruby dh_auto_configure -i -O--buildsystem=ruby dh_ruby --configure dh_auto_build -i -O--buildsystem=ruby dh_ruby --build dh_ruby --build dh_auto_test -i -O--buildsystem=ruby dh_ruby --test create-stamp debian/debhelper-build-stamp dh_testroot -i -O--buildsystem=ruby dh_prep -i -O--buildsystem=ruby [... snipped ...] # An HTTP request has been made that VCR does not know how to handle: # GET http://localhost:34979/search?q=thread # # VCR are currently using the following cassettes: # - /<>/tmp/cassette_library_dir/search.yml # - :record => :once # - :match_requests_on => [:method, :uri] # - /<>/tmp/cassette_library_dir/foo.yml # - :record => :once # - :match_requests_on => [:method, :uri] # # Under the current configuration VCR can not find a suitable HTTP interaction # to replay and is prevented from recording new requests. There are a few ways # you can deal with this: # # * If you're surprised VCR is raising this error # and want insight about how VCR attempted to handle the request, # you can use the debug_logger configuration option to log more details [1]. # * You can use the :new_episodes record mode to allow VCR to # record this new request to the existing cassette [2]. # * If you want VCR to ignore this request (and others like it), you can # set an `ignore_request` callback [3]. # * The current record mode (:once) does not allow new requests to be recorded # to a previously recorded cassette. You can delete the cassette file and re-run # your tests to allow the cassette to be recorded with this request [4]. # # [1] https://www.relishapp.com/vcr/vcr/v/4-0-0/docs/configuration/debug-logging # [2] https://www.relishapp.com/vcr/vcr/v/4-0-0/docs/record-modes/new-episodes # [3] https://www.relishapp.com/vcr/vcr/v/4-0-0/docs/configuration/ignore-request # [4] https://www.relishapp.com/vcr/vcr/v/4-0-0/docs/record-modes/once # # ./lib/vcr/request_handler.rb:97:in `on_unhandled_request' Finished in 26.5 seconds (files took 2.79 seconds to load) 1725 examples, 1 failure Failed examples: rspec ./spec/acceptance/concurrency_spec.rb:15 # VCR when used in a multithreaded environment with an around_http_request can use a cassette in an #around_http_request hook /usr/bin/ruby2.5 /usr/bin/rspec --pattern ./spec/\*\*/\*_spec.rb --format documentation failed ERROR: Test "ruby2.5" failed. Exiting. dh_auto_install: dh_ruby --install /<>/debian/ruby-vcr returned exit code 1 make: *** [debian/rules:6: binary-indep] Error 1 dpkg-buildpackage: error: debian/rules binary-indep subprocess returned exit status 2 (The above is just how the build ends and not necessarily the most relevant part) The build was made in my autobuilder with "dpkg-buildpackage -A" and it also fails here at least in the arm64 architecture: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ruby-vcr.html where you can get a full build log if you need it. If this is really a bug in one of the build-depends, please use reassign and affects, so that this is still visible in the BTS web page for this package. Thanks.
Bug#926825: faudio: FTBFS (Missing build-dependency on cmake)
Package: src:faudio Version: 19.02-1 Severity: serious Tags: ftbfs Dear maintainer: I tried to build this package in sid but it failed: [...] debian/rules binary-arch dh binary-arch dh_update_autotools_config -a dh_autoreconf -a dh_auto_configure -a install -d obj-x86_64-linux-gnu cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run "-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu .. Can't exec "cmake": No such file or directory at /usr/share/perl5/Debian/Debhelper/Dh_Lib.pm line 475. dh_auto_configure: cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run "-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu .. failed to execute: No child processes dh_auto_configure: cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run "-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu .. returned exit code 2 make: *** [debian/rules:13: binary-arch] Error 2 dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit status 2 Seems like a missing build-depends on cmake. Thanks.
Bug#857208: Bug #857208 in socklog marked as pending
Control: tag -1 pending Hello, Bug #857208 in socklog reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/socklog/commit/25bef266c2f9c7645337b575854e3c62a880 Convert the package to debhelper (Closes: #857208) Convert and modernise the original package. Quite a few things moved in the past 11 years. Comply with Debian standards version 4.3.0. (this message was generated automatically) -- Greetings https://bugs.debian.org/857208
Bug#834089: Bug #834089 in socklog marked as pending
Control: tag -1 pending Hello, Bug #834089 in socklog reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/socklog/commit/b3309738a98f5c456798a756b169e74e0acfcad4 socklog-run: migrate to dh-runit (Closes: #668718, #834089) (this message was generated automatically) -- Greetings https://bugs.debian.org/834089
Processed: Bug #857208 in socklog marked as pending
Processing control commands: > tag -1 pending Bug #857208 [src:socklog] socklog: building with -A doesn't put the changelog in usr/share/doc/socklog-run/changelog.Debian.gz Ignoring request to alter tags of bug #857208 to the same tags previously set -- 857208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857208 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug #834089 in socklog marked as pending
Processing control commands: > tag -1 pending Bug #834089 [socklog-run] runit: breaks users of runit: ln: failed to create symbolic link '/etc/service/bcron-sched': No such file or directory Ignoring request to alter tags of bug #834089 to the same tags previously set -- 834089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834089 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926801: marked as done (src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa)
Your message dated Wed, 10 Apr 2019 21:20:31 + with message-id and subject line Bug#926801: fixed in wpa 2:2.7+git20190128+0c1e29f-4 has caused the Debian Bug report #926801, regarding src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926801: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:wpa Severity: grave Tags: security Justification: user security hole Hi, multiple vulnerabilities were discovered in wpa: CVE-2019-9494 [cache attack against SAE] CVE-2019-9495 [cache attack against EAP-pwd] CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP] CVE-2019-9497 [EAP-pwd server not checking for reflection attack] CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element] CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element] When you fix them, please include references to those CVE in the changelog. Regards, -- Yves-Alexis -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: wpa Source-Version: 2:2.7+git20190128+0c1e29f-4 We believe that the bug you reported is fixed in the latest version of wpa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrej Shadura (supplier of updated wpa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 10 Apr 2019 19:00:22 +0200 Source: wpa Architecture: source Version: 2:2.7+git20190128+0c1e29f-4 Distribution: unstable Urgency: high Maintainer: Debian wpasupplicant Maintainers Changed-By: Andrej Shadura Closes: 926801 Changes: wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high . * Apply security fixes (Closes: #926801): - CVE-2019-9494: SAE cache attack against ECC groups (VU#871675) - CVE-2019-9495: EAP-pwd cache attack against ECC groups - CVE-2019-9496: SAE confirm missing state validation - CVE-2019-9497: EAP-pwd server not checking for reflection attack - CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element - CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element . For more details, see: - https://w1.fi/security/2019-1/ - https://w1.fi/security/2019-2/ - https://w1.fi/security/2019-3/ - https://w1.fi/security/2019-4/ Checksums-Sha1: 5456c87d021d278ecb99e0b88affc7447e7a8ed1 2312 wpa_2.7+git20190128+0c1e29f-4.dsc 9cea2cc5f76eb412b524f4d06a6756c46793a4a6 100748 wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz Checksums-Sha256: 8c7cc1abf2945f85dd2935fff8b6cfdb7d3058f2e116e18af2a24d22215a921e 2312 wpa_2.7+git20190128+0c1e29f-4.dsc d431bd4f6ed9cb68a63699af3686720e3adb64bb3d3ba0a1ada1fd5cb2853ad5 100748 wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz Files: 0d0dd16b3e1311464fa95d3e688b5585 2312 net optional wpa_2.7+git20190128+0c1e29f-4.dsc 63cbebc195dab44adc6ee03a8e362085 100748 net optional wpa_2.7+git20190128+0c1e29f-4.debian.tar.xz -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyuW+cACgkQXkCM2RzY OdLicQf/cxl4bbBWwCxrrxFazCLkGUird3nfnrOr7wrUHtaVtjkueGtoKWFSPwgQ pmJG/ZTUjR87s6p0aouKZZydSPZLUvygRDM76XsxhZYxr8y9/db4WVjcutlP9yOz uz0iwsfQsMIxhOy6l8mTsVfK/kV6HOf6gBi6iGbk2eT8Jo2ckvEIboLhLlCrdQ7Y Zz+XeW628Ekmj79ZnGnOaK1Ua4GZEktZHUXQhlUhw5divwWglgiShgxvY9Mos51K Ul+vk4IBpUCV349uJ8tiN0xJRJy0bCnUIOi5qRQAwODOGPdCiBtRs4fVlom6f/QB CUJfi+Ry/JrZORMcN1T6DCTX5YpXyg== =kIaN -END PGP SIGNATURE End Message ---
Processed: found 926801 in 2:2.7+git20190128+0c1e29f-3
Processing commands for cont...@bugs.debian.org: > found 926801 2:2.7+git20190128+0c1e29f-3 Bug #926801 [src:wpa] src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa Marked as found in versions wpa/2:2.7+git20190128+0c1e29f-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 926801: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 926801
Processing commands for cont...@bugs.debian.org: > tags 926801 + upstream Bug #926801 [src:wpa] src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 926801: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#921969: marked as done (CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763)
Your message dated Wed, 10 Apr 2019 18:00:11 + with message-id and subject line Bug#921969: fixed in gpac 0.7.1+dfsg1-2 has caused the Debian Bug report #921969, regarding CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 921969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921969 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gpac Severity: grave Tags: security CVE-2018-20760: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d https://github.com/gpac/gpac/issues/1177 CVE-2018-20761: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 https://github.com/gpac/gpac/issues/1186 CVE-2018-20762: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 https://github.com/gpac/gpac/issues/1187 CVE-2018-20763: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd https://github.com/gpac/gpac/issues/1188 Cheers, Moritz --- End Message --- --- Begin Message --- Source: gpac Source-Version: 0.7.1+dfsg1-2 We believe that the bug you reported is fixed in the latest version of gpac, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 921...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated gpac package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 07 Apr 2019 12:19:28 -0400 Binary: gpac gpac-dbgsym gpac-modules-base gpac-modules-base-dbgsym libgpac7 libgpac7-dbgsym libgpac-dev Source: gpac Architecture: amd64 source Version: 0.7.1+dfsg1-2 Distribution: experimental Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Reinhard Tartler Closes: 817194 892526 902782 921969 Description: gpac - GPAC Project on Advanced Content - utilities gpac-modules-base - GPAC Project on Advanced Content - modules libgpac7 - GPAC Project on Advanced Content - shared libraries libgpac-dev - GPAC Project on Advanced Content - development files Changes: gpac (0.7.1+dfsg1-2) experimental; urgency=medium . * Upload to experimental and mark the previous upload as UNRELEASED. It was deemed unappropriate for this stage of the Debian Release cycle. . gpac (0.7.1+dfsg1-1) UNRELEASED; urgency=medium . [ Balint Reczey ] * Remove myself from Uploaders . [ Reinhard Tartler ] * Update exclude lists * New upstream version 0.7.1+dfsg1 (Closes: #817194) * Add bugfix for CVE-2018-7752 (Closes: #892526) * Add patch for CVE-2018-20760, CVE-2018-20762, CVE-2018-20763 (CVE-2018-20761 does not need addressing) (Closes: #921969) * add patch for CVE-2018-13005, CVE-2018-13006 (Closes: #902782) Checksums-Sha1: e65e96e8e2426ba46cb2851726c207435f87dc93 2691 gpac_0.7.1+dfsg1-2.dsc ca581b816ea4025db5e3ed9e75580ac540ab794b 43900 gpac_0.7.1+dfsg1-2.debian.tar.xz f49e6bfbb57a297cdb24202d0185382d6d16b542 498936 gpac-dbgsym_0.7.1+dfsg1-2_amd64.deb 31ec99eb1a589c4414e55a8ed93edb229a6ac705 1248996 gpac-modules-base-dbgsym_0.7.1+dfsg1-2_amd64.deb 13d6340ce139e151a543f72ba77c37527cf449de 253524 gpac-modules-base_0.7.1+dfsg1-2_amd64.deb ca81efea5c2861f69e87d56e5791f8e989f2a4d4 15759 gpac_0.7.1+dfsg1-2_amd64.buildinfo 6c6467a9bb85180daa8b4b20ed7f498a3a60ef9d 240136 gpac_0.7.1+dfsg1-2_amd64.deb a102df1ab3e9367dfcae31c89fba22bc3e480141 2185596 libgpac-dev_0.7.1+dfsg1-2_amd64.deb 6e5f81e26802c6c00dcf914d7844a5879ac301a6 7027680 libgpac7-dbgsym_0.7.1+dfsg1-2_amd64.deb 010c35400b83b449c3af99dc17e0c7f7436815b0 1677884 libgpac7_0.7.1+dfsg1-2_amd64.deb Checksums-Sha256: 14bbd5732b45338544301b280ae81afdae0572cdfae9ef2ec673d8af4b6e19c4 2691 gpac_0.7.1+dfsg1-2.dsc e22b8157646aee1c33fcfaa0aeca653c38d216f78535c700a0012c842d358f56 43900 gpac_0.7.1+dfsg1-2.debian.tar.xz 46fa2a4e80b61ad615e34923973aa97238960b80f2164597faf9ea271a07df2a 498936 gpac-dbgsym_0.7.1+dfsg1-2_amd64.deb 4aa494796500030aba065cbee1631eae5a8362f11a25328f28d0027eb19209d7 1248996 gpac-modules-base-dbgsym_0.7.1+dfsg1-2_amd64.deb 4209097136859edf0a9bc5ee749cc01d52f6a0f8e8e730a447810c3d88845fdf 25
Bug#892526: marked as done (gpac: CVE-2018-7752: Stack buffer overflow in av_parsers.c)
Your message dated Wed, 10 Apr 2019 18:00:11 + with message-id and subject line Bug#892526: fixed in gpac 0.7.1+dfsg1-2 has caused the Debian Bug report #892526, regarding gpac: CVE-2018-7752: Stack buffer overflow in av_parsers.c to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 892526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gpac Version: 0.5.2-426-gc5ad4e4+dfsg5-3 Severity: important Tags: patch security upstream Forwarded: https://github.com/gpac/gpac/issues/997 Hi, the following vulnerability was published for gpac. CVE-2018-7752[0]: | GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps | function in media_tools/av_parsers.c, a different vulnerability than | CVE-2018-1000100. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7752 [1] https://github.com/gpac/gpac/issues/997 [2] https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: gpac Source-Version: 0.7.1+dfsg1-2 We believe that the bug you reported is fixed in the latest version of gpac, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 892...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated gpac package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 07 Apr 2019 12:19:28 -0400 Binary: gpac gpac-dbgsym gpac-modules-base gpac-modules-base-dbgsym libgpac7 libgpac7-dbgsym libgpac-dev Source: gpac Architecture: amd64 source Version: 0.7.1+dfsg1-2 Distribution: experimental Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Reinhard Tartler Closes: 817194 892526 902782 921969 Description: gpac - GPAC Project on Advanced Content - utilities gpac-modules-base - GPAC Project on Advanced Content - modules libgpac7 - GPAC Project on Advanced Content - shared libraries libgpac-dev - GPAC Project on Advanced Content - development files Changes: gpac (0.7.1+dfsg1-2) experimental; urgency=medium . * Upload to experimental and mark the previous upload as UNRELEASED. It was deemed unappropriate for this stage of the Debian Release cycle. . gpac (0.7.1+dfsg1-1) UNRELEASED; urgency=medium . [ Balint Reczey ] * Remove myself from Uploaders . [ Reinhard Tartler ] * Update exclude lists * New upstream version 0.7.1+dfsg1 (Closes: #817194) * Add bugfix for CVE-2018-7752 (Closes: #892526) * Add patch for CVE-2018-20760, CVE-2018-20762, CVE-2018-20763 (CVE-2018-20761 does not need addressing) (Closes: #921969) * add patch for CVE-2018-13005, CVE-2018-13006 (Closes: #902782) Checksums-Sha1: e65e96e8e2426ba46cb2851726c207435f87dc93 2691 gpac_0.7.1+dfsg1-2.dsc ca581b816ea4025db5e3ed9e75580ac540ab794b 43900 gpac_0.7.1+dfsg1-2.debian.tar.xz f49e6bfbb57a297cdb24202d0185382d6d16b542 498936 gpac-dbgsym_0.7.1+dfsg1-2_amd64.deb 31ec99eb1a589c4414e55a8ed93edb229a6ac705 1248996 gpac-modules-base-dbgsym_0.7.1+dfsg1-2_amd64.deb 13d6340ce139e151a543f72ba77c37527cf449de 253524 gpac-modules-base_0.7.1+dfsg1-2_amd64.deb ca81efea5c2861f69e87d56e5791f8e989f2a4d4 15759 gpac_0.7.1+dfsg1-2_amd64.buildinfo 6c6467a9bb85180daa8b4b20ed7f498a3a60ef9d 240136 gpac_0.7.1+dfsg1-2_amd64.deb a102df1ab3e9367dfcae31c89fba22bc3e480141 2185596 libgpac-dev_0.7.1+dfsg1-2_amd64.deb 6e5f81e26802c6c00dcf914d7844a5879ac301a6 7027680 libgpac7-dbgsym_0.7.1+dfsg1-2_amd64.deb 010c35400b83b449c3af99dc17e0c7f7436815b0 1677884 libgpac7_0.7.1+dfsg1-2_amd64.deb Checksums-Sha256: 14bbd5732b45338544301b280ae81afdae0572cdfae9ef2ec673d8af4b6e19c4 2691 gpac_0.7.1+dfsg1-2.dsc e22b8157646aee1c33fcfaa0aeca653c38d216f78535c700a0012c842d358f56 43900 gpac_0.7.1+dfsg1-2.debian.tar.xz 46fa2a4e80b61ad615e349
Processed: Re: Bug#926795: di-netboot-assistant: Unable to install Debian Buster amd64 from d-i n-a at 2019-04-10 generated boot-file
Processing control commands: > reassign -1 debian-installer Bug #926795 [di-netboot-assistant] di-netboot-assistant: Unable to install Debian Buster amd64 from d-i n-a at 2019-04-10 generated boot-file Bug reassigned from package 'di-netboot-assistant' to 'debian-installer'. No longer marked as found in versions di-netboot-assistant/0.60. Ignoring request to alter fixed versions of bug #926795 to the same values previously set > forcemerge 749991 -1 Bug #749991 [debian-installer] debian-installer: Wrong kernel in debian-installer package Bug #926795 [debian-installer] di-netboot-assistant: Unable to install Debian Buster amd64 from d-i n-a at 2019-04-10 generated boot-file Severity set to 'grave' from 'normal' There is no source info for the package 'debian-installer' at version 'testing' with architecture '' Unable to make a source version for version 'testing' Marked as found in versions testing. Added tag(s) d-i, stretch-ignore, and buster-ignore. Merged 749991 926795 -- 749991: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749991 926795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924291: marked as done (netrek-client-cow: build can loop indefinitely on failure)
Your message dated Wed, 10 Apr 2019 16:37:30 + with message-id and subject line Bug#924291: fixed in netrek-client-cow 3.3.1-4 has caused the Debian Bug report #924291, regarding netrek-client-cow: build can loop indefinitely on failure to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924291 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: netrek-client-cow Version: 3.3.1-1 Severity: serious Justification: breaks build infrastructure When mkkey fails to run, netrek-client-cow has a very bad failure mode. It loops until mkkey succeeds: | until ./mkkey key.cow.linux "Client Of Win" "automatic packaged key" "qu...@us.netrek.org" "netrek.org/files/COW/" "inl,standard2"; do sleep 1; done When mkkey fails reliably and produces output, this causes the build to run indefinitely as sbuild only abort a build that has no output for a prologned time. This behaviour can make buildds and QA infrastructure hang. I suggest using a bounded loop and failing hard after a number of attempts. That's a very simple solution to the problem at hand. For instance: | attempts=32; until ./mkkey ...; do attempts=$((attempts - 1)); test $attempts -le 0 && exit 1; sleep 1; done Furthermore I question why a key should be created at build time and then be distributed to consumers of the package. That seems to run counter to the concept of a "key". If the key is to protect anything, it must not be public. Maybe the best course of action would be not creating this key at all during build. Helmut --- End Message --- --- Begin Message --- Source: netrek-client-cow Source-Version: 3.3.1-4 We believe that the bug you reported is fixed in the latest version of netrek-client-cow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Kitt (supplier of updated netrek-client-cow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Apr 2019 17:34:14 +0200 Source: netrek-client-cow Binary: netrek-client-cow Architecture: source Version: 3.3.1-4 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Stephen Kitt Description: netrek-client-cow - client for netrek online game Closes: 924291 Changes: netrek-client-cow (3.3.1-4) unstable; urgency=medium . * Team upload. * Build mkkey using the build CC when cross-compiling. Closes: #924291. Checksums-Sha1: 0246fde0be09b4c84eaebd7f977c3fc51f2fed0f 2112 netrek-client-cow_3.3.1-4.dsc bfc53e8661c3e0ae3737ce1d55c6b7a70827ed44 7496 netrek-client-cow_3.3.1-4.debian.tar.xz 6963be60c860de472db14218f3c90ca84bce0d92 11747 netrek-client-cow_3.3.1-4_source.buildinfo Checksums-Sha256: 4372e86724f21646c755d30775e8686b3906ef841833a8b3cac3ad4d6ad95971 2112 netrek-client-cow_3.3.1-4.dsc 41a96e0763e8fb4699bfdcd04ff8ebfdc0e70bda3c172c68b9585b45d0a30f54 7496 netrek-client-cow_3.3.1-4.debian.tar.xz 88769fcfcdba0b6be3012aa0461256a625a5e2068654158f7d85d027404aabec 11747 netrek-client-cow_3.3.1-4_source.buildinfo Files: d0777f5a18e44c019e0d5c071e9fb6f6 2112 games optional netrek-client-cow_3.3.1-4.dsc ecdda3be547b41cc362fe327509383db 7496 games optional netrek-client-cow_3.3.1-4.debian.tar.xz 976680f4352e312c5b55068a26bd3227 11747 games optional netrek-client-cow_3.3.1-4_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAlyuFMEACgkQgNMC9Yht g5yDJA//a7YRxpW6CAVrrsaD0yq6MJiUA+dkhkaoR9mRntKtaus9T6Y4ceyj+859 qgh7DMfs/5BHOgnhII9Liosm91MObjBGndLD4fmIj5bN4Rw+xYMkHsIgBVV2Aq4a lScUfMyr0Rj6NbYVXk98pfFin719FFwsPfSCYDSUtaq5rO6la+fxw/LqHzjotyC+ wMP3/b4Qz+dA8Nr19CmQzeGCgvR6F1AjaQVrQ4mC699DG9VrLFwuvxvz00w0Eu/s Xv3uR8wkL1hcyNfddoE/U6cyoBs87jrkbNls5hWucgScj1bAWBPY6w2w+oIxjuO0 2eZdH1hBSt/KPuP601+55vvfCFNTYngS8YE6ObAbcJigjPHuelqHzgguS9Cigagc HSxG7Ocq+jm4qmoyJKqmTCSGHJfc8uZ7YXNB/oGXKp2STuMAuUoVd9NZfQUdPoNU THOCrTLnqtxQCrAEpFmOhYAK+4tgpYXg22XiYZ0A2OjsYmIlcR9SqrRLhX2IhVjE /94/Dh4J4yidpm+2fybGFsEaEqEBHyB/zt+qhO8UTHv5vCWwZ9hLjFBh+epVLJuP 4tamNUFuivxXvzIOUshgZD1zogSpZIX8x4+UNLlHzPjIqN/hgcYNU2OcQv449xYI aFqaGn
Bug#923866: marked as done (aptly: unable to delete local repositories)
Your message dated Wed, 10 Apr 2019 16:03:44 + with message-id and subject line Bug#923866: fixed in aptly 1.3.0+ds1-2.1 has caused the Debian Bug report #923866, regarding aptly: unable to delete local repositories to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 923866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923866 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: aptly Version: 1.3.0+ds1-2+b10 Severity: grave Justification: renders package unusable Dear Maintainer, the aptly package in Buster seems to be broken. It is possible to create local repositories but unfortunately removing the previously created local repositories is impossible. The problem could be caused by the uuid patch. The precompiled version from the website works properly Thank you Torsten -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/6 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages aptly depends on: ii bzip2 1.0.6-8.1 ii gnupg 2.1.18-8~deb9u4 ii gpgv 2.1.18-8~deb9u4 ii libc6 2.24-11+deb9u4 ii xz-utils 5.2.2-1.2+b1 aptly recommends no packages. Versions of packages aptly suggests: pn graphviz --- End Message --- --- Begin Message --- Source: aptly Source-Version: 1.3.0+ds1-2.1 We believe that the bug you reported is fixed in the latest version of aptly, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 923...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost (supplier of updated aptly package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 05 Apr 2019 17:19:14 +0200 Source: aptly Architecture: source Version: 1.3.0+ds1-2.1 Distribution: unstable Urgency: medium Maintainer: Sebastien Delafond Changed-By: Tobias Frost Closes: 923866 Changes: aptly (1.3.0+ds1-2.1) unstable; urgency=medium . [ Shengjing Zhu ] * Non-maintainer upload. * Add patch to fix UUID struct field not encoded in msgpack (Closes: #923866) . [ Tobias Frost ] * Prepare upload. Checksums-Sha1: 2d0641910157673e58e41c63b174c5f721266ead 2858 aptly_1.3.0+ds1-2.1.dsc b42f457f50c89d96a30a21e57d934b62ae0d21ac 7400 aptly_1.3.0+ds1-2.1.debian.tar.xz ab0e501750df841c1b248ba2c592685f72ab8be6 5683 aptly_1.3.0+ds1-2.1_source.buildinfo Checksums-Sha256: eaf3baafeb9dec469105e88fe3dcf8e5dd28a67cc10dd77c5f8d0466f2a346a3 2858 aptly_1.3.0+ds1-2.1.dsc 0fe29b4ae3f1bcdaf63e666453b94464de5256387de05740daaece8395ad5f01 7400 aptly_1.3.0+ds1-2.1.debian.tar.xz ef7978ba614604b703cfce3e7a755ea6abd92c5e5aa780f2924bb6458fd23609 5683 aptly_1.3.0+ds1-2.1_source.buildinfo Files: acfa375cdd801166c024a637988c7104 2858 utils optional aptly_1.3.0+ds1-2.1.dsc 76b8a2b6054023afe8cc1291492562fa 7400 utils optional aptly_1.3.0+ds1-2.1.debian.tar.xz 146b83063eb82acf2fe19f8b2d2dfb90 5683 utils optional aptly_1.3.0+ds1-2.1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAlyncrYACgkQkWT6HRe9 XTYzuw//T5Y0+XZmiZZ0tZRc4zmmGwsEXlWjwuxofClWLqfaZkzsYh1BWPIWb9nh 8FQK/aOzBMm7EGIWAxBK7W6R9O84Wvxwxb36iF+p1qN24il0kPZEwzOnmyOu55oD mAzrme+G9/cz9qx8PiUeSg2QQcLRmKd/ClH+cGkh7jZywKNj8lqgabOdbxiv0QGf QsYNRc/jXrVTzSkT91aTGBmZ44aybf6CnLVDWZqE1EYl2YGswczhIjujKW/u0aXS p49M9uH6zBuIKYG5c4KnaGQR3GR9PsAOkNLgE5VUBaawYXbcCR+cAzclCRFzjUtr QH1tTvRiIdCd6laepqM0KGkrsbpYm5jYuGP2iTbZWExRfq3QsuBK6h+Ob+IiaQW0 mJu0ysEupq+zE6lUW4shbC+eAGBFSlj27dh3BlUbQ4MU56Q52xRV/gIa5cfI8rM/ sU6IS0zJ7XAI7BBnMts8/WBkbw34itfDiMfkM8X9P1VTxtwfFUFdNFpmYACpiwb4 MXcoQ9HY9lZH8nGvPdRXQZWw3PUm+/O7bmoJmO90CE6tXhZdgAnKXY21oMeISRab glexH9E9vxYhb8i7RLT4m0evhh76Rg2+GAB1g4Z0MQeCkGxD8c8rhffy55xk7/Tg iw7htFK57eYlq4TEgBH+sS497qZUg21SjLvak0yjy+f95uXsyC8= =DaHB -END PGP SIGNATURE End Message ---
Bug#926802: ipywidgets: FTBFS (TypeError: path.scope.getBindings(...).hasOwnProperty is not a function)
Package: src:ipywidgets Version: 6.0.0-3 Severity: serious Tags: ftbfs Dear maintainer: I tried to build this package in buster but it failed: [...] debian/rules build-indep dh build-indep --with python2,python3,sphinxdoc --buildsystem=pybuild dh_update_autotools_config -i -O--buildsystem=pybuild dh_autoreconf -i -O--buildsystem=pybuild debian/rules override_dh_auto_configure make[1]: Entering directory '/<>' dh_auto_configure I: pybuild base:217: python2.7 setup.py config running config I: pybuild base:217: python3.7 setup.py config running config dh_auto_configure -- -d ./widgetsnbextension I: pybuild base:217: python2.7 setup.py config INFO:root:setup.py entered INFO:root:$PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games running config I: pybuild base:217: python3.7 setup.py config INFO:root:setup.py entered INFO:root:$PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games running config make[1]: Leaving directory '/<>' debian/rules override_dh_auto_build make[1]: Entering directory '/<>' /usr/bin/make -C debian -f fakewebpack.mk all make[2]: Entering directory '/<>/debian' /usr/bin/make -f "fakewebpack-prep-unpacked.mk" all make[3]: Entering directory '/<>/debian' cd "fakewebpack-unpacked/phosphor/" && tsc --moduleResolution Classic --project src mkdir -p "fakewebpack-unpacked/phosphor/styles/" && NODE_PATH=../.. fakewebpack-helpers/css-loader-pack.py < "fakewebpack-unpacked/phosphor/styles/base.css.real" > "fakewebpack-unpacked/phosphor/styles/base.css" mkdir -p "fakewebpack-unpacked/phosphor/styles/" && m4 -DNODE_PATH=../.. -DCSS_INPUT=./base.css "fakewebpack-helpers/style-loader.js.m4" > "fakewebpack-unpacked/phosphor/styles/base.css?f74d" printf "module.exports = $(cat "fakewebpack-unpacked/jupyter-js-widgets/package.json.real");" > "fakewebpack-unpacked/jupyter-js-widgets/package.json" cd "fakewebpack-unpacked/jupyter-js-widgets/" && tsc --moduleResolution Classic --project src mkdir -p "fakewebpack-unpacked/jupyter-js-widgets/css/" cd ../jupyter-js-widgets/css && cat widgets.css | \ sed -e '/@import ".\/labvariables.css"/{r ./labvariables.css'"${NLD}"'}' \ -e '/@import ".\/widgets-base.css"/{r ./widgets-base.css'"${NLD}"'}' | \ sed -e '/@import ".\/materialcolors.css"/{r ./materialcolors.css'"${NLD}"'}' > /<>/debian/"fakewebpack-unpacked/jupyter-js-widgets/css/widgets.css.real" mkdir -p "fakewebpack-unpacked/jupyter-js-widgets/css/" && NODE_PATH=../.. fakewebpack-helpers/css-loader-pack.py < "fakewebpack-unpacked/jupyter-js-widgets/css/widgets.css.real" > "fakewebpack-unpacked/jupyter-js-widgets/css/widgets.css" mkdir -p "fakewebpack-unpacked/jupyter-js-widgets/css/" && m4 -DNODE_PATH=../.. -DCSS_INPUT=./widgets.css "fakewebpack-helpers/style-loader.js.m4" > "fakewebpack-unpacked/jupyter-js-widgets/css/widgets.css?7dc3" mkdir -p "fakewebpack-unpacked/widgetsnbextension/webpack/ ./" && m4 -DWEBPACK_PUBLIC_PATH= "fakewebpack-helpers/webpack-bootstrap.js.m4" > "fakewebpack-unpacked/widgetsnbextension/webpack/bootstrap e65abc6196a7e23c9fcf" mkdir -p "fakewebpack-unpacked/widgetsnbextension/css/" && NODE_PATH=../node_modules fakewebpack-helpers/css-loader-pack.py < "fakewebpack-unpacked/widgetsnbextension/css/outputarea.css.real" > "fakewebpack-unpacked/widgetsnbextension/css/outputarea.css" mkdir -p "fakewebpack-unpacked/widgetsnbextension/css/" && m4 -DNODE_PATH=../node_modules -DCSS_INPUT=./outputarea.css "fakewebpack-helpers/style-loader.js.m4" > "fakewebpack-unpacked/widgetsnbextension/css/outputarea.css?73c5" printf "module.exports = $(cat "fakewebpack-unpacked/widgetsnbextension/package.json.real");" > "fakewebpack-unpacked/widgetsnbextension/package.json" mkdir -p fakewebpack touch "fakewebpack/prep.stamp" make[3]: Leaving directory '/<>/debian' touch fakewebpack/widgetsnbextension-unpacked.stamp rm -rf "fakewebpack/widgetsnbextension" && mkdir -p "fakewebpack/widgetsnbextension" && ./fakewebpack-generate.py fakewebpack-meta/widgetsnbextension.files fakewebpack-meta/widgetsnbextension.modules fakewebpack-unpacked/widgetsnbextension/ True > "fakewebpack/widgetsnbextension/extension.js" && touch "fakewebpack/widgetsnbextension.stamp" /<>/debian/fakewebpack-postprocess.js:130 if (!path.scope.getBindings().hasOwnProperty(path.node.name)) { ^ TypeError: path.scope.getBindings(...).hasOwnProperty is not a function at Context.visitIdentifier (/<>/debian/fakewebpack-postprocess.js:130:47) at Context.invokeVisitorMethod (/usr/lib/nodejs/ast-types/lib/path-visitor.js:344:49) at Visitor.PVp.visitWithoutReset (/usr/lib/nodejs/ast-types/lib/path-visitor.js:196:32) at visitChildren (/usr/lib/nodejs/ast-types/lib/path-visitor.js:246:25) at Visitor.PVp.visitWithoutReset (/usr/lib/nodejs/ast-types/lib/path-visitor.js:204:20) at visitChild
Bug#926801: src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa
Package: src:wpa Severity: grave Tags: security Justification: user security hole Hi, multiple vulnerabilities were discovered in wpa: CVE-2019-9494 [cache attack against SAE] CVE-2019-9495 [cache attack against EAP-pwd] CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP] CVE-2019-9497 [EAP-pwd server not checking for reflection attack] CVE-2019-9498 [EAP-pwd server missing commit validation for scalar/element] CVE-2019-9499 [EAP-pwd peer missing commit validation for scalar/element] When you fix them, please include references to those CVE in the changelog. Regards, -- Yves-Alexis -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#884128: libical: don't release with buster
Hey, > That's basically kdepimlibs, as cyrus-imapd is not in testing and kmymoney is already fixed in experimental and just needs an upload to sid. > kdepimlibs may not be easy though as disabling libical will probably disable some libs that may be used by rdeps. Someone needs to look at that. I have just opened a bug for it and made it block this one. kdepimlibs has migrated to Buster the Transitions' view looks like nothing is blocking us anymore from removing libical: https://release.debian.org/transitions/html/libical.html hefee signature.asc Description: This is a digitally signed message part.
Bug#924291: closed by Markus Koschany (Bug#924291: fixed in netrek-client-cow 3.3.1-3)
Hi Stephen, I looked into why it runs mkkey and couldn't figure out much. Let me write down what I know: * It generates an RSA public/private key pair. * The public key is installed to /usr/share/doc. * The private key is used in some other way during the build (the comments talk about obfuscation). Thus I think that removing the public key should be possible, but it doesn't help, because the private key gets embedded elsewhere and I don't understand what it is being used for. On Wed, Apr 10, 2019 at 04:03:14PM +0200, Stephen Kitt wrote: > I have a patch which builds mkkey using the build CC, which makes the build > fail earlier because we don't have libgmp, so that would fix the endless > build ;-). Helmut, do we have any way of specifying native build-deps? IIRC > we don't yet, is that still the case? Thank you for working on this. Indeed making it fail earlier would help a lot. This is the only package that breaks the crossqa.d.n infrastructure. The annotation you are looking for is :native. It can only be used in Build-* relations and never in binary package relations. In this case, you likely want to depend on libgmp-dev twice, because other parts need it for the host architecture: Build-Depends: libgmp-dev, libgmp-dev:native This might look odd, but it actually works (as libgmp-dev is Multi-Arch: same) and for native builds these dependencies are identical. I'd appreciate if you could go ahead with your changes (with or without libgmp-dev:native, just make it fail reliably rather than loop). Helmut
Bug#924291: closed by Markus Koschany (Bug#924291: fixed in netrek-client-cow 3.3.1-3)
Hi Helmut, Le 10/04/2019 13:59, Markus Koschany a écrit : Am 10.04.19 um 06:33 schrieb Helmut Grohne: On Sun, Mar 24, 2019 at 01:09:06PM +, Debian Bug Tracking System wrote: * Fix infinite loop patch. Really (Closes: #924291) As much as I hate to say this, it still loops. You can see failing (cross) builds at http://crossqa.debian.net/src/netrek-client-cow. All of them were terminated by manual intervention. Remember: I'm not asking for netrek-client-cow to cross build. I'm asking for it to fail sanely. The current version loops like this: | /bin/sh: 1: ./mkkey: Exec format error | /bin/sh: 1: attempts: not found | /bin/sh: 1: test: -le: unexpected operator I don't know why this happens now and on what system but I thought the last update of the possible-infinite-loop.patch was correct. The problem is that the execution fails too early, effectively, so the countdown of attempts never works. I have a patch which builds mkkey using the build CC, which makes the build fail earlier because we don't have libgmp, so that would fix the endless build ;-). Helmut, do we have any way of specifying native build-deps? IIRC we don't yet, is that still the case? Regards, Stephen
Bug#923711:
Please take into account that upstream is completely against applying that patch: https://github.com/plougher/squashfs-tools/issues/60
Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused
On Tue, 09 Apr 2019 at 23:39:31 +0200, Guilhem Moulin wrote: > AFAICT this worked this time because the socket was *only* marked as > ready for writing after the first select() call. Only during the second > call was there some data to be read: > >> select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 1 (out [3], left >> {tv_sec=179, tv_usec=96}) >> select(8, [3], NULL, NULL, {tv_sec=180, tv_usec=0}) = 1 (in [3], left >> {tv_sec=179, tv_usec=977469}) > > I'm unable to reproduce this with v1.3, probably due to race conditions. Forgot to add this, sorry: perhaps the reproducibility of this issue is improved when one connects to the loopback interface rather than to a remote TLS termination proxy? (Even though I suppose it doesn't completely eliminate the race.) In a clean sid chroot, after `apt install --no-install-recommends strace liblwp-protocol-https-perl libio-socket-ssl-perl libnet-ssleay-perl`: ## Start a loopback-bound TLS (v1.3 only) server in a terminal $ openssl req -x509 -keyout /tmp/key.pem -out /tmp/cert.pem -subj /CN=127.0.0.1 -nodes $ openssl s_server -accept 127.0.0.1:4433 -key /tmp/key.pem -cert /tmp/cert.pem -tls1_3 ## Connect to it from another terminal and send an HTTP POST request $ patch -p2 new(ssl_opts => {SSL_ca_file => "/tmp/cert.pem"})-> post("https://127.0.0.1:4433";, {data => "foo"})' […] select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], left {tv_sec=179, tv_usec=98}) read(3, "…", 5) = 5 read(3, "…", 234) = 234 read(3, "…", 5) = 5 read(3, "…", 250) = 250 read(3, This does hang *anyway* but it should hang *after* sending the request out to the server (ie when waiting for the HTTP reply), not *before* any application data was sent, unlike the above. AFAICT the local server never receives “POST / HTTP/1.1\r\n” when select(2) marks the socket as ready both for reads and writes client-side, whether the patch is applied or not. Not setting the SSL_MODE_AUTO_RETRY flag back after removing O_NONBLOCK (ie commenting out `Net::SSLeay::set_mode($ssl, $mode_auto_retry);` in the patch) solves the problem with blocking I/O and select/poll, but breaks programs expecting SSL_read() to block until application data comes in. (That is, programs not conforming to SSL_read()'s documented behavior — hence which would break on renegotiation with TLS <1.3; or programs relying on SSL_MODE_AUTO_RETRY being set, as in OpenSSL ≥1.1.1's default context flags.) -- Guilhem. signature.asc Description: PGP signature
Bug#885884: bashburn: does not work: it passes incorrect options to wodim, so no CD can ever be burnt
would it work with the latest upstream version? if you care to test... http://phd-sid.ethz.ch/debian/bashburn/ 3.1.0
Bug#896580: non-alsa users
non-alsa users (for example debian gnu/kfreebsd) might be happy to have it anyways. but i agree, it should work with both.
Bug#924291: closed by Markus Koschany (Bug#924291: fixed in netrek-client-cow 3.3.1-3)
Hello Helmut, Am 10.04.19 um 06:33 schrieb Helmut Grohne: > Control: reopen -1 > > Hi Markus, > > On Sun, Mar 24, 2019 at 01:09:06PM +, Debian Bug Tracking System wrote: >>* Fix infinite loop patch. Really (Closes: #924291) > > As much as I hate to say this, it still loops. You can see failing > (cross) builds at http://crossqa.debian.net/src/netrek-client-cow. All > of them were terminated by manual intervention. > > Remember: I'm not asking for netrek-client-cow to cross build. I'm > asking for it to fail sanely. > > The current version loops like this: > > | /bin/sh: 1: ./mkkey: Exec format error > | /bin/sh: 1: attempts: not found > | /bin/sh: 1: test: -le: unexpected operator I don't know why this happens now and on what system but I thought the last update of the possible-infinite-loop.patch was correct. > My initial report asked for what this key is being used for. It still > seems strange to me to generate a key at build time and the distribute > it to many users. Could you provide an initial answer on the purpose of > this thing? The answer is I'm not sure and I don't think it is important. I am not the sole maintainer and just someone who didn't want to have the game removed because of this bug. This game is more than 20 years old and the package used to work in the past. The upstream servers are still online. It can be reasonably rebuilt and modified and at the moment it even builds on all Debian architectures. Hence for me this is a very minor issue and not worth the time exploring. I understand that you work on a part in Debian where such issues are taken more seriously and I appreciate the work you're doing in this field but I wished you guys would sometimes take a step back to see the bigger picture and understand what is important for other developers and users. 1. Can I rebuild the game and make modifications on my system? Yes. 2. Can it be rebuilt on official Debian infrastructure? Yes. These are all factors worth considering before I raise the severity to release-critical and route more developer time to this problem. > It feels a little strange to invest a longer thread into something that > should not be there (in my book). Would it be ok to pursue that question > first? If you come to the conclusion that the key is not important and not really needed at all and the game keeps working as before, you always can, especially as a member of the Games team, upload a new revision of the package. It's not like we are against fixing bugs, when others lend us a helping hand. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#926628: I suggest to add libmariadb3 to the list
Hi Ivo, On Wed, Apr 10, 2019 at 2:35 PM Ivo De Decker wrote: > > Hi, > > On Wed, Apr 10, 2019 at 10:24:25AM +0300, Sergei Golovan wrote: > > The problem with the package is that it doesn't link to a specific > > mysql or mariadb client library, but searches for it in runtime by > > name and loads it dynamically. So we can't use the shlibdeps mechanism > > to construct the dependencies list as usual. > > Is there a specific reason why this isn't done? Wouldn't it be better to just > link to the client library the way other packages do? Obviously, such a change > would be for after the buster release. That's the way the upstream code is written. It uses Tcl_LoadFile() to load the library dynamically at the runtime. I'm afraid that to make it work with pre-linked library would mean rewriting a portion of the code. Cheers! -- Sergei Golovan
Bug#926389: (no subject)
On Wed, Apr 10, 2019 at 01:35:42PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Mon, Apr 08, 2019 at 03:56:18PM -0400, John Brooks wrote: > > Any progress on fixing this in Jessie? > > See: https://bugs.debian.org/926389#33 > > The Non-maintainer upload is pending in the delayed queue so it still > could be overriden by a maintainer upload and will reach otherwise > unstable in the upcoming day. Sorry I have misread the question. The question was about jessie. I think Thorsten from the the LTS team is already working on an update according to https://salsa.debian.org/security-tracker-team/security-tracker/blob/master/data/dla-needed.txt#L113 Regards, Salvatore
Bug#926389: (no subject)
Hi, On Mon, Apr 08, 2019 at 03:56:18PM -0400, John Brooks wrote: > Any progress on fixing this in Jessie? See: https://bugs.debian.org/926389#33 The Non-maintainer upload is pending in the delayed queue so it still could be overriden by a maintainer upload and will reach otherwise unstable in the upcoming day. Regards, Salvatore
Bug#926628: I suggest to add libmariadb3 to the list
Hi, On Wed, Apr 10, 2019 at 10:24:25AM +0300, Sergei Golovan wrote: > The problem with the package is that it doesn't link to a specific > mysql or mariadb client library, but searches for it in runtime by > name and loads it dynamically. So we can't use the shlibdeps mechanism > to construct the dependencies list as usual. Is there a specific reason why this isn't done? Wouldn't it be better to just link to the client library the way other packages do? Obviously, such a change would be for after the buster release. > I'd suggest to add another alternative libmariadb3 (with a patch which > adds libmariadb.so.3 to the library search list). We'll upload the > fixed version shortly. OK, thanks! Ivo
Bug#926788: gauche-c-wrapper: FTBFS randomly (autobuilder hangs)
Package: src:gauche-c-wrapper Version: 0.6.1-10 Severity: serious Tags: ftbfs patch Dear maintainer: I tried to build this package in buster but it failed: [...] debian/rules build-arch dh build-arch dh_update_autotools_config -a dh_autoreconf -a debian/rules override_dh_auto_configure make[1]: Entering directory '/<>' ./configure --prefix=/usr --includedir=/usr/include \ --mandir=/usr/share/man --infodir=/usr/share/info \ --sysconfdir=/etc --localstatedir=/var \ --libdir=/usr/lib --libexecdir=/usr/lib checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu checking for gosh... /usr/bin/gosh checking for gauche-config... /usr/bin/gauche-config checking for gauche-package... /usr/bin/gauche-package checking for gauche-install... /usr/bin/gauche-install checking for gauche-cesconv... /usr/bin/gauche-cesconv checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for bison... no checking for byacc... no checking for makeinfo... makeinfo checking for gzip... gzip checking for sed... sed checking for ldconfig... /sbin/ldconfig sed: can't read s/-f[a-z]*-prefix-map=[^ ]* //: No such file or directory configure: creating c-wrapper.gpd configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating lib/Makefile config.status: creating objc/Makefile config.status: creating testsuite/Makefile config.status: creating src/cwcompile config.status: creating lib/c-wrapper/config.scm config.status: creating lib/c-wrapper/stubgen.scm config.status: creating doc/Makefile make[1]: Leaving directory '/<>' dh_auto_build -a make -j1 make[1]: Entering directory '/<>' cd src; make all make[2]: Entering directory '/<>/src' /usr/bin/gauche-package compile --cppflags="-DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE" --ldflags="-Wl,-z,relro " --libs="/usr/lib/x86_64-linux-gnu/libffi_pic.a " --verbose c-ffi c-ffi.c c-ffilib.stub closure_alloc.c gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauche-0.9/site/include' -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -o 'c-ffi.o' 'c-ffi.c' gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauche-0.9/site/include' -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -o 'c-ffilib.o' 'c-ffilib.c' gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauche-0.9/site/include' -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -o 'closure_alloc.o' 'closure_alloc.c' gcc -Wl,-z,relro '-L/usr/lib/gauche-0.9/0.9.6/x86_64-pc-linux-gnu' '-L/usr/lib/gauche-0.9/site/x86_64-pc-linux-gnu' -shared -o c-ffi.so 'c-ffi.o' 'c-ffilib.o' 'closure_alloc.o' -lgauche-0.9 -ldl -lcrypt -lrt -lm -lpthread /usr/lib/x86_64-linux-gnu/libffi_pic.a /usr/bin/gauche-package compile --cppflags="-DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE" --ldflags="-Wl,-z,relro " --libs="/usr/lib/x86_64-linux-gnu/libffi_pic.a " --verbose c-lex c-lex.c c-lexlib.stub gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauche-0.9/site/include' -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -o 'c-lex.o' 'c-lex.c' gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauche-0.9/site/include' -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -o 'c-lexlib.o' 'c-lexlib.c' gcc -Wl,-z,relro '-L/usr/lib/gauche-0.9/0.9.6/x86_64-pc-linux-gnu' '-L/usr/lib/gauche-0.9/site/x86_64-pc-linux-gnu' -shared -o c-lex.so 'c-lex.o' 'c-lexlib.o' -lgauche-0.9 -ldl -lcrypt -lrt -lm -lpthread /usr/lib/x86_64-linux-gnu/libffi_pic.a /usr/bin/gauche-package compile --cppflags="-DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE" --ldflags="-Wl,-z,relro " --libs="/usr/lib/x86_64-linux-gnu/libffi_pic.a " --verbose c-parser c-parser.c c-parserlib.stub gcc -c -DGAUCHE_API_0_8_8 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE '-I/usr/lib/gauche-0.9/0.9.6/include' '-I/usr/lib/gauc
Bug#926698: tar: messes with /usr/sbin/rmt in --merged-usr environment
Hi, My mail about the issue in tar should have gone to 926722, not 926698. Ivo On Wed, Apr 10, 2019 at 12:10:16PM +0200, Ivo De Decker wrote: > Hi, > > On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote: > > On 2019-04-09 11:44, Andreas Beckmann wrote: > > > 0m17.9s ERROR: WARN: Broken symlinks: > > > /etc/rmt -> /usr/sbin/rmt (tar) > > > > > > 0m22.0s ERROR: FAIL: After purging files have disappeared: > > > /usr/sbin/rmt -> /etc/alternatives/rmt not owned > > [...] > > > Cloning the bug to tar, since its prerm contains a similar construct. > > (And I don't mean the update-alternatives call ...) > > > > remove|deconfigure) > > update-alternatives --remove rmt /usr/sbin/rmt-tar > > if test -L /sbin/rmt && test /sbin/rmt -ef /usr/sbin/rmt; then > > rm -f /sbin/rmt > > fi > > ;; > > > > Probable use > > > > if ! test -L /sbin && test -L /sbin/rmt && ... > > > > I think the code trying to remove the /sbin/rmt symlink should just be > removed. tar stopped creating it in 1.15.1-1 (2005). > > Thanks, > > Ivo > >
Bug#926698: cpio: messes with /usr/sbin/rmt in --merged-usr environment
Hi, On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote: > On 2019-04-09 11:44, Andreas Beckmann wrote: > > 0m17.9s ERROR: WARN: Broken symlinks: > > /etc/rmt -> /usr/sbin/rmt (tar) > > > > 0m22.0s ERROR: FAIL: After purging files have disappeared: > > /usr/sbin/rmt -> /etc/alternatives/rmt not owned [...] > Cloning the bug to tar, since its prerm contains a similar construct. > (And I don't mean the update-alternatives call ...) > > remove|deconfigure) > update-alternatives --remove rmt /usr/sbin/rmt-tar > if test -L /sbin/rmt && test /sbin/rmt -ef /usr/sbin/rmt; then > rm -f /sbin/rmt > fi > ;; > > Probable use > > if ! test -L /sbin && test -L /sbin/rmt && ... > I think the code trying to remove the /sbin/rmt symlink should just be removed. tar stopped creating it in 1.15.1-1 (2005). Thanks, Ivo
Processed: Re: cpio: messes with /usr/sbin/rmt in --merged-usr environment
Processing control commands: > tags -1 patch Bug #926698 [cpio] cpio: prerm deletes /usr/sbin/rmt in --merged-usr environment Added tag(s) patch. -- 926698: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926698 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926698: cpio: messes with /usr/sbin/rmt in --merged-usr environment
Control: tags -1 patch On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote: > On 2019-04-09 11:44, Andreas Beckmann wrote: > > 0m17.9s ERROR: WARN: Broken symlinks: > > /etc/rmt -> /usr/sbin/rmt (tar) > > > > 0m22.0s ERROR: FAIL: After purging files have disappeared: > > /usr/sbin/rmt -> /etc/alternatives/rmt not owned > > This is caused by the prerm script which contains this not merged-usr > aware code: > > if [ "$1" = remove ]; then > update-alternatives --remove mt /bin/mt-gnu > if test -L /sbin/rmt && test /sbin/rmt -ef /usr/sbin/rmt; then > rm -f /sbin/rmt > fi > fi > > Cloning the bug to tar, since its prerm contains a similar construct. > (And I don't mean the update-alternatives call ...) > > remove|deconfigure) > update-alternatives --remove rmt /usr/sbin/rmt-tar > if test -L /sbin/rmt && test /sbin/rmt -ef /usr/sbin/rmt; then > rm -f /sbin/rmt > fi > ;; > > Probable use > > if ! test -L /sbin && test -L /sbin/rmt && ... The code dealing with rmt should just be removed from cpio. rmt was removed from cpio in 2.4.2-39 (2001) and moved to tar, so cpio shouldn't change anything related to rmt. I'm tagging this bug patch, because I believe it can be fixed by removing those 3 lines from the prerm script: > if test -L /sbin/rmt && test /sbin/rmt -ef /usr/sbin/rmt; then > rm -f /sbin/rmt > fi Thanks, Ivo
Bug#926381: ruby-fakeweb: FTBFS (failing tests)
Hi Lucas, On Wed, Apr 10, 2019 at 09:06:48AM +0200, Lucas Nussbaum wrote: > My understanding: > - ruby-fakeweb is a key package because ruby-thor build-depends on it > - ruby-fakeweb is unmaintained upstream > - ruby-thor doesn't actually need fakeweb > + newer upstream releases use webmock instead: > > https://github.com/erikhuda/thor/commit/3241f2fbf1172b6182723b073fd4b390200660e9 > + ruby-fakeweb is only used for the test suite of ruby-thor, and > ruby-thor does not include a test suite anymore (we should probably > download from github rather than from rubygems.org, but that's > another issue). > > A solution that would work to make that bug disappear from the buster RC > bugs list is: > 1) modify ruby-thor to drop the useless build-dependency on ruby-fakeweb > 2) get it to migrate to testing > 3) remove ruby-fakeweb from testing There are a number of build-dependencies, so that probably won't work: Checking reverse dependencies... # Broken Build-Depends: ruby-fastimage: ruby-fakeweb ruby-httparty: ruby-fakeweb ruby-messagebus-api: ruby-fakeweb ruby-open-uri-redirections: ruby-fakeweb ruby-thor: ruby-fakeweb Dependency problem found. It seems this is the line causing the issue: https://sources.debian.org/src/ruby-fakeweb/1.3.0+git20170806+dfsg1-1/test/test_helper.rb/#L123 Disabling this line seems to make the build succeed. I haven't prepared a patch, because something in the testsuite seems to be changing that file, and I don't really understand what's going on. Alternatively, the entire testsuite for ruby-fakeweb could be disabled. Cheers, Ivo
Bug#926279: mininet: switch from cgroup-bin to cgroup-tools
Control: tag -1 pending On Tue, 02 Apr 2019 22:22:29 +0200 Andreas Beckmann wrote: > Package: mininet > Version: 2.2.2-4 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package is no longer > installable in sid. > > The transitional package cgroup-bin (which is superseded by > cgroup-tools at least since jessie) is no longer built in sid. > Please switch the dependency to cgroup-tools. > > > Cheers, > > Andreas > > Hi there, I've just pushed the change to salsa. I have made a simple ping test between two emulated hosts without issues. Cheers, -- Santiago signature.asc Description: PGP signature
Processed: Re: mininet: switch from cgroup-bin to cgroup-tools
Processing control commands: > tag -1 pending Bug #926279 [mininet] mininet: switch from cgroup-bin to cgroup-tools Added tag(s) pending. -- 926279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926279 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 926538 to installation-reports, tagging 926647, tagging 926103
Processing commands for cont...@bugs.debian.org: > reassign 926538 installation-reports Bug #926538 [installation-reports installer] Package: installation-reports Warning: Unknown package 'installer' Bug reassigned from package 'installation-reports installer' to 'installation-reports'. Ignoring request to alter found versions of bug #926538 to the same values previously set Ignoring request to alter fixed versions of bug #926538 to the same values previously set > tags 926647 + sid buster Bug #926647 {Done: Julien Cristau } [src:leveldb-sharp] leveldb-sharp: ABI change in libleveldb 1.20 Added tag(s) buster and sid. > tags 926103 + experimental Bug #926103 {Done: Reinhard Tartler } [libifd-cyberjack6] libifd-cyberjack6: driver breaks with pcsc-lite versions >= 1.8.21 Added tag(s) experimental. > thanks Stopping processing here. Please contact me if you need assistance. -- 926103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926103 926538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926538 926647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926647 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926772: underlinked clang libraries on armel cause build failures
On 10.04.19 10:29, Adrian Bunk wrote: > On Wed, Apr 10, 2019 at 10:11:29AM +0200, Matthias Klose wrote: >> Package: src:llvm-toolchain-7 >> Version: 1:7.0.1-8 >> Severity: serious >> Tags: sid buster >> >> underlinked clang libraries on armel cause build failures, > > Static libraries are not linked. ouch >> as seen at >> https://buildd.debian.org/status/package.php?p=creduce >> >> /usr/bin/ld: >> /usr/lib/llvm-7/lib/libclangFrontend.a(SerializedDiagnosticReader.cpp.o): >> undefined reference to symbol '__atomic_load_4@@LIBATOMIC_1.0' >> /usr/bin/ld: //usr/lib/arm-linux-gnueabi/libatomic.so.1: error adding >> symbols: >> DSO missing from command line >> collect2: error: ld returned 1 exit status >> make[4]: *** [Makefile:868: clang_delta] Error 1 >> ... > > How does creduce get dependencies for these static libraries from LLVM? these are hard coded in clang_delta/Makefile.am. Is there a better way? Would llvm-config --system-libs be a better way to include -latomic on armel?
Bug#926746: marked as done (libbluray: ftbfs during arch:all only build)
Your message dated Wed, 10 Apr 2019 08:49:14 + with message-id and subject line Bug#926746: fixed in libbluray 1:1.1.1-2 has caused the Debian Bug report #926746, regarding libbluray: ftbfs during arch:all only build to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926746 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libbluray Version: 1:1.1.1-1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) libbluray/experimental FTBFS during the arch:all only build: https://buildd.debian.org/status/fetch.php?pkg=libbluray&arch=all&ver=1%3A1.1.1-1&stamp=1554567686&raw=0 fakeroot debian/rules binary-indep dh binary-indep --with javahelper dh_testroot -i dh_prep -i dh_install -i dh_install: Cannot find (any matches for) "usr/share/java" (tried in ., debian/tmp) dh_install: libbluray-bdj missing files: usr/share/java dh_install: missing files, aborting make: *** [debian/rules:21: binary-indep] Error 25 dpkg-buildpackage: error: fakeroot debian/rules binary-indep subprocess returned exit status 2 Andreas --- End Message --- --- Begin Message --- Source: libbluray Source-Version: 1:1.1.1-2 We believe that the bug you reported is fixed in the latest version of libbluray, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher (supplier of updated libbluray package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Apr 2019 09:41:40 +0200 Source: libbluray Architecture: source Version: 1:1.1.1-2 Distribution: experimental Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Sebastian Ramacher Closes: 926746 Changes: libbluray (1:1.1.1-2) experimental; urgency=medium . * debian/libbluray-bdj.install: Revert "install files from usr/share/java". (Closes: #926746) Checksums-Sha1: b7a132aec19d06e5b1b47e36c32bd742bee7f7b4 2421 libbluray_1.1.1-2.dsc ccc0478a66271ea387153ff899d0204400abe028 17308 libbluray_1.1.1-2.debian.tar.xz Checksums-Sha256: e03c8f724c1bc0288e36695a2801c92083819a476c5d13763ebf5ac5b6298e78 2421 libbluray_1.1.1-2.dsc 2046dcc0f5d488dfe7bbaabfaaad64cea4be2847b54532cddc15d6bb4f4f38b2 17308 libbluray_1.1.1-2.debian.tar.xz Files: 5413034273e2d27717576ef2f854ed4a 2421 libs optional libbluray_1.1.1-2.dsc 34d695a8f6c9b8a2624a84a752ed527e 17308 libs optional libbluray_1.1.1-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlytntoACgkQafL8UW6n GZNoxhAAwXUupPRjbsJbbXHkW98M+s8qE9rqrS1abyYnBlmbHTLyZ1r38TKnxmCe 2Gq9DOb/qpMf8vJJC/aOjROYqVaB4pN1pbsvCqF6HIklgcu8Q2YIq36Tp6IKiXwo B81fINHcoggJu/zy2t5yAe6XoU4FVF52vH4A62itUhywqeuSXPnrrV/1plrq2wfN 19gcK4FsZISuGu/UMfIi1zHnrmxuowafmju0z1322IkeGrmyN3vIRNQPguzbwged GSgrkfJW+W+lHG6XqyW4B1yYjVs889TmV3bs+JiQvf9cD5myndgm/hhDEt04X0Fa p5de2A7XxVmhRiD2TnPWWaa5T0oIPGD/gUValBBfuNDujBW9RfA6BBP1XhRcPKRM dy0UDAjuJbPqbAaXqmVqMvKEbQ8symceRGtkcy876tyDBxDlAJseRqhAGdIwiwur ra8msn1IdczVDHDcTgwBWq2MuyxP4oE74IOaYVFE2IOf7HLp+2DDIBM2fZu/JxGR 1U5eOJfu21SarVMeqNbwjo3oNNOIroPudgDMsLjVDZCn/n/Ad1EnV7x6PdNfnQon m1trjWiMulw0834eJMBceLc+FvJX476P6KEcoznEKnBC9rtM5Nq9634e3wALLt30 iXph0+h0V9n4Ss7TBuvLO1WM87lqoXcDu0maRGiAP7tNxYEZ1Us= =p/i7 -END PGP SIGNATURE End Message ---
Bug#926772: underlinked clang libraries on armel cause build failures
On Wed, Apr 10, 2019 at 10:11:29AM +0200, Matthias Klose wrote: > Package: src:llvm-toolchain-7 > Version: 1:7.0.1-8 > Severity: serious > Tags: sid buster > > underlinked clang libraries on armel cause build failures, Static libraries are not linked. > as seen at > https://buildd.debian.org/status/package.php?p=creduce > > /usr/bin/ld: > /usr/lib/llvm-7/lib/libclangFrontend.a(SerializedDiagnosticReader.cpp.o): > undefined reference to symbol '__atomic_load_4@@LIBATOMIC_1.0' > /usr/bin/ld: //usr/lib/arm-linux-gnueabi/libatomic.so.1: error adding symbols: > DSO missing from command line > collect2: error: ld returned 1 exit status > make[4]: *** [Makefile:868: clang_delta] Error 1 >... How does creduce get dependencies for these static libraries from LLVM? cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#926720: [Pkg-javascript-devel] Bug#926720: node-miller-rabin: FTBFS randomly (uses a non-prime to test the test)
Le 09/04/2019 à 22:14, Santiago Vila a écrit : > On Tue, Apr 09, 2019 at 09:31:07PM +0200, Xavier wrote: > >>> NB, it's been already reported upstream that the number of iterations >>> this implementation chooses in not adequate: >>> https://github.com/indutny/miller-rabin/issues/9 >> >> I think we could keep this patch for now to avoid FTBFS and reopened >> this bug with a lower severity (normal) to wait for upstream patch, do >> you agree ? > > I would keep the current bug unchanged (at least until the current > package propagates to testing) and file another (different) bug saying > "please fix the code and enable the test suite" (i.e. what Jakub asked). > > Thanks. Done (#926763), thanks!
Bug#926772: underlinked clang libraries on armel cause build failures
Package: src:llvm-toolchain-7 Version: 1:7.0.1-8 Severity: serious Tags: sid buster underlinked clang libraries on armel cause build failures, as seen at https://buildd.debian.org/status/package.php?p=creduce /usr/bin/ld: /usr/lib/llvm-7/lib/libclangFrontend.a(SerializedDiagnosticReader.cpp.o): undefined reference to symbol '__atomic_load_4@@LIBATOMIC_1.0' /usr/bin/ld: //usr/lib/arm-linux-gnueabi/libatomic.so.1: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status make[4]: *** [Makefile:868: clang_delta] Error 1 this prevents migration of creduce to testing/buster.
Processed: limit source to spip, tagging 926764
Processing commands for cont...@bugs.debian.org: > limit source spip Limiting to bugs with field 'source' containing at least one of 'spip' Limit currently set to 'source':'spip' > tags 926764 + pending Bug #926764 [src:spip] spip: arbitrary code execution by any identified visitor Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 926764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926628: I suggest to add libmariadb3 to the list
Hi! The problem with the package is that it doesn't link to a specific mysql or mariadb client library, but searches for it in runtime by name and loads it dynamically. So we can't use the shlibdeps mechanism to construct the dependencies list as usual. I'd suggest to add another alternative libmariadb3 (with a patch which adds libmariadb.so.3 to the library search list). We'll upload the fixed version shortly. Cheers! -- Sergei Golovan
Bug#926770: arctica-greeter-theme-debian-futureprototype: unsatisfiable dependency desktop-base (>= 10~) in stretch-backports
Package: arctica-greeter-theme-debian-futureprototype Version: 0.99.1.3-1~bpo9+1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is not installable in stretch-backports: The following packages have unmet dependencies: arctica-greeter-theme-debian-futureprototype : Depends: desktop-base (>= 10~) but it is not going to be installed It's also not in backports-new. Cheers, Andreas
Bug#926381: ruby-fakeweb: FTBFS (failing tests)
My understanding: - ruby-fakeweb is a key package because ruby-thor build-depends on it - ruby-fakeweb is unmaintained upstream - ruby-thor doesn't actually need fakeweb + newer upstream releases use webmock instead: https://github.com/erikhuda/thor/commit/3241f2fbf1172b6182723b073fd4b390200660e9 + ruby-fakeweb is only used for the test suite of ruby-thor, and ruby-thor does not include a test suite anymore (we should probably download from github rather than from rubygems.org, but that's another issue). A solution that would work to make that bug disappear from the buster RC bugs list is: 1) modify ruby-thor to drop the useless build-dependency on ruby-fakeweb 2) get it to migrate to testing 3) remove ruby-fakeweb from testing Lucas