Bug#926935: marked as done (arpack: FTBFS (does not honor parallel=n in DEB_BUILD_OPTIONS))
Your message dated Fri, 26 Apr 2019 05:33:21 + with message-id and subject line Bug#926935: fixed in arpack 3.7.0-2 has caused the Debian Bug report #926935, regarding arpack: FTBFS (does not honor parallel=n in DEB_BUILD_OPTIONS) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:arpack Version: 3.7.0-1 Severity: serious Tags: ftbfs patch Dear maintainer: I tried to build this package in buster but it failed: [...] debian/rules build-arch dh build-arch dh_update_autotools_config -a dh_autoreconf -a libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'. libtoolize: copying file 'build-aux/ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'. libtoolize: copying file 'm4/libtool.m4' libtoolize: copying file 'm4/ltoptions.m4' libtoolize: copying file 'm4/ltsugar.m4' libtoolize: copying file 'm4/ltversion.m4' libtoolize: copying file 'm4/lt~obsolete.m4' configure.ac:12: installing 'build-aux/compile' configure.ac:17: installing 'build-aux/config.guess' [... snipped ...] make[4]: Leaving directory '/<>/PARPACK/SRC/MPI' Making check in . make[4]: Entering directory '/<>/PARPACK' make[4]: Nothing to be done for 'check-am'. make[4]: Leaving directory '/<>/PARPACK' Making check in TESTS/MPI make[4]: Entering directory '/<>/PARPACK/TESTS/MPI' make issue46 make[5]: Entering directory '/<>/PARPACK/TESTS/MPI' mpif77 -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -c -o issue46.o issue46.f /bin/bash ../../../libtool --tag=F77 --mode=link mpif77 -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wl,-z,relro -o issue46 issue46.o ../../../PARPACK/SRC/MPI/libparpack.la -llapack -lblas libtool: link: mpif77 -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wl,-z -Wl,relro -o .libs/issue46 issue46.o ../../../PARPACK/SRC/MPI/.libs/libparpack.so -llapack -lblas make[5]: Leaving directory '/<>/PARPACK/TESTS/MPI' make check-TESTS make[5]: Entering directory '/<>/PARPACK/TESTS/MPI' make[6]: Entering directory '/<>/PARPACK/TESTS/MPI' FAIL: issue46 Testsuite summary for ARPACK-NG 3.7.0 # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See PARPACK/TESTS/MPI/test-suite.log Please report to https://github.com/opencollab/arpack-ng/issues/ make[6]: *** [Makefile:830: test-suite.log] Error 1 make[6]: Leaving directory '/<>/PARPACK/TESTS/MPI' make[5]: *** [Makefile:938: check-TESTS] Error 2 make[5]: Leaving directory '/<>/PARPACK/TESTS/MPI' make[4]: *** [Makefile:1026: check-am] Error 2 make[4]: Leaving directory '/<>/PARPACK/TESTS/MPI' make[3]: *** [Makefile:387: check-recursive] Error 1 make[3]: Leaving directory '/<>/PARPACK' make[2]: *** [Makefile:509: check-recursive] Error 1 make[2]: Leaving directory '/<>' make[1]: *** [debian/rules:15: override_dh_auto_test] Error 2 make[1]: Leaving directory '/<>' make: *** [debian/rules:7: build-arch] Error 2 dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit status 2 This used to work ok in all my autobuilders in version 3.5.0+real-2, but it started to fail in some of them in version 3.6.3-1. I've put a bunch of build logs here: https://people.debian.org/~sanvila/build-logs/arpack/ The problem seems to be that the Makefiles wrongly assume that the system has at least 2 CPUs, which may or may not be the case. A simple solution that seems to work is to set 'LOG_FLAGS = -n 1' in both PARPACK/EXAMPLES/MPI/Makefile.am and PARPACK/TESTS/MPI/Makefile.am, but it would be even better to honor parallel=n setting in DEB_BUILD_OPTIONS when there is one, as in the patch below. I did not find a simple way to reproduce this in any system. The usual recipe is to try "taskset -c 0 dpkg-buildpackage" but this does not seem to work here, so if you need a test machine to reproduce the failure please contact me privately and I will gladly provide one. Thanks. --- a/PARPACK/EXAMPLES/MPI/Makefile.am +++ b/PARPACK/EXAMPLES/MPI/Makefile.am @@ -12,7 +12,7 @@
Processed: your mail
Processing commands for cont...@bugs.debian.org: > severity 926500 important Bug #926500 [freecad] freecad: FreeCad crashes when attemting to edit a existing sketch Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 926500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927991: amarok: FTBFS: mysql_config --libmysqld-libs unrecognized
Source: amarok Version: 2.9.0-1 Severity: serious Tags: upstream ftbfs Justification: fails to build from source (but built successfully in the past) Builds of amarok against current unstable (including in particular rebuilds for library transitions) have been failing lately with the error src/core-impl/storage/sql/mysqlestorage/CMakeFiles/amarok_storage-mysqlestorage.dir/build.make:133: *** target pattern contains no '%'. Stop. The relevant line reads lib/amarok_storage-mysqlestorage.so: /usr/bin/mysql_config:\ unrecognized\ option\ '--libmysqld-libs'\ -lpthread ... presumably stemming from obsolete usage in cmake/modules/FindMySQLAmarok.cmake. Could you please take a look? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
Bug#925457: python-jwcrypto: FTBFS ('module' object has no attribute 'decode_rfc6979_signature')
I can confirm that the bug is solved in the last version of the package. But we are jumping from 0.4.2 to 0.6.0 CC to Santiago signature.asc Description: OpenPGP digital signature
Processed: Bug#927450: fixed in debian-security-support 2019.04.25
Processing control commands:
> reopen -1
Bug #927450 {Done: Holger Levsen } [debian-security-support]
debian-security-support should know that the next stable is Debian 10
Bug #927459 {Done: Holger Levsen } [debian-security-support]
The package "debian-security-support" prevents the update, installation or
uninstall of other packages.
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions debian-security-support/2019.04.25.
No longer marked as fixed in versions debian-security-support/2019.04.25.
--
927450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927450
927459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927459
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#927450: fixed in debian-security-support 2019.04.25
Control: reopen -1 As if I wouldn't have written it before... o.O Now all that was done is changing the value from 9 to 10 and it will break again in xx months when the next-stable arrives an no one will remember by then that this must be adapted... Can't you just set a Conflicts/Breaks against base-files >10 ... and people won't again fall into that trap in the future? Cheers,, Chris.
Bug#927862: youtube-dl: please update to 2019.04.24
Package: youtube-dl Version: 2019.01.17-1 Followup-For: Bug #927862 Control: severity -1 grave Control: retitle -1 youtube-dl: needs upstream version update to continue working It now doesn’t work at all any more, however, the upstream version does: $ youtube-dl -f 18 U2n5aGqou9E [youtube] U2n5aGqou9E: Downloading webpage ERROR: U2n5aGqou9E: "token" parameter not in video info for unknown reason; please report this issue on https://yt-dl.org/bug . Make sure you are using the latest version; see https://yt-dl.org/update on how to update. Be sure to call youtube-dl with the --verbose flag and include its complete output. 1|tglase@tglase:~ $ Youtube-dl -f 18 U2n5aGqou9E [youtube] U2n5aGqou9E: Downloading webpage [download] Destination: U2n5aGqou9E.mp4 [download] 100% of 29.43MiB in 00:08 tglase@tglase:~ $ dpkg -l youtube-dl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---= ii youtube-dl 2019.01.17-1 all downloader of videos from YouTube and other sites tglase@tglase:~ $ Youtube-dl --version 2019.04.24 I’m sure you have a procedure in place to get freeze exceptions, too. -- System Information: Debian Release: 10.0 APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages youtube-dl depends on: ii python33.7.3-1 ii python3-pkg-resources 40.8.0-1 Versions of packages youtube-dl recommends: ii ca-bundle [ca-certificates] 20181220tarent1 ii curl 7.64.0-2 ii ffmpeg 7:4.1.1-1 ii mplayer 2:1.3.0-8+b3 pn phantomjs pn python3-pyxattr pn rtmpdump ii wget 1.20.1-1.1 youtube-dl suggests no packages. -- no debconf information
Bug#927944: [Pkg-javascript-devel] Bug#927944: node-unicode-data: FTBFS with unicode-data >= 12.0.0
Hi, On 25/04/2019 10:55, Alastair McKinstry wrote: > Source: node-unicode-data > Version: 0~20181101+gitaddfb440-1 > Severity: serious > Justification: Policy 4.2 > > node-unicode-data FTBFS with unicode-data 12.0.0 and needs to be updated. > There is a newer version in NEW which is supposed to fix this. Perhaps you can check from the git repo? Thanks, JP
Processed: Re: youtube-dl: please update to 2019.04.24
Processing control commands: > severity -1 grave Bug #927862 [youtube-dl] youtube-dl: please update to 2019.04.24 Severity set to 'grave' from 'serious' > retitle -1 youtube-dl: needs upstream version update to continue working Bug #927862 [youtube-dl] youtube-dl: please update to 2019.04.24 Changed Bug title to 'youtube-dl: needs upstream version update to continue working' from 'youtube-dl: please update to 2019.04.24'. -- 927862: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fixed 927978 in 1.15.90-1
Processing commands for cont...@bugs.debian.org: > # fixed in experimental already > fixed 927978 1.15.90-1 Bug #927978 [src:gst-plugins-base1.0] gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing Marked as fixed in versions gst-plugins-base1.0/1.15.90-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 927978: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927978: gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing
Source: gst-plugins-base1.0 Version: 1.14.4-1 Severity: grave Tags: security upstream Forwarded: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157 Hi, The following vulnerability was published for gst-plugins-base1.0. CVE-2019-9928[0]: | GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP | connection parser via a crafted response from a server, potentially | allowing remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928 [1] https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157 [2] https://gstreamer.freedesktop.org/security/sa-2019-0001.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Processed: found 927674 in 4.0-1+deb9u1, found 927674 in 4.0-1
Processing commands for cont...@bugs.debian.org:
> found 927674 4.0-1+deb9u1
Bug #927674 {Done: Salvatore Bonaccorso } [src:mercurial]
CVE-2019-3902
Marked as found in versions mercurial/4.0-1+deb9u1.
> found 927674 4.0-1
Bug #927674 {Done: Salvatore Bonaccorso } [src:mercurial]
CVE-2019-3902
Marked as found in versions mercurial/4.0-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
927674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#927825: arm: mvneta driver used on Armada XP GP boards does not receive packets (regression from 4.9)
On 2019-04-25 14:50, Aurelien Jarno wrote: > On 2019-04-23 22:16, Aurelien Jarno wrote: > > Source: linux > > Version: 4.19.28-2 > > Severity: important > > > > After upgrading hartmann.debian.org (an armhf buildd using an Armada XP > > GP board) from buster to stretch, the ethernet device is not working > > More precisely the board is a "Marvell Armada XP Development Board > DB-MV784MP-GP" > > > anymore. Using tcpdump on both the buildd and a remote host, it appears > > that the packets correctly leave the board and that the reception side > > fails. > > > > The module used for the ethernet device is mvneta. The corresponding DT > > compatible entry is "marvell,armada-xp-neta". > > > > I have started a "bisection" with the kernels from snapshot. This is > what I have found so far: > > This one works: > - linux-image-4.19.0-rc6-armmp-lpae_4.19~rc6-1~exp1_armhf.deb > > The following ones don't: > - linux-image-4.19.0-rc7-armmp-lpae_4.19~rc7-1~exp1_armhf.deb > - linux-image-5.0.0-trunk-armmp_5.0.2-1~exp1_armhf.deb > > My guess (I don't have time to try more now) is that the issue is caused > by the following change: > > | [ Uwe Kleine-König ] > | * [armhf] enable MVNETA_BM_ENABLE and CAN_FLEXCAN as a module > I confirm this is the issue. Disabling MVNETA_BM_ENABLE on kernel 4.19.28-2 fixes the issue. Note that it breaks the ABI. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#927862: youtube-dl: please update to 2019.04.24
> I have to add that not only playlists but playing some individual videos > also doesn't work. +1 none of the youtube videos are working with current unstable version > Maybe this bug should be marked as "serious". +1 its a broken package as of now. Regards, Pavi
Processed: Re: Bug#927862: youtube-dl: please update to 2019.04.24
Processing control commands: > severity -1 serious Bug #927862 [youtube-dl] youtube-dl: please update to 2019.04.24 Severity set to 'serious' from 'normal' -- 927862: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926857: mesa-vdpau-drivers: broken symlink: /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_gallium.so -> libvdpau_gallium.so.1.0.0
See https://bugs.freedesktop.org/show_bug.cgi?id=110356
Bug#919849: marked as done (salt-doc: broken symlinks: /usr/share/doc/salt/html/_static/*/bootstrap* -> ../../../../../twitter-bootstrap/files/*/bootstrap*)
Your message dated Thu, 25 Apr 2019 15:51:14 + with message-id and subject line Bug#919849: fixed in salt 2018.3.4+dfsg1-3 has caused the Debian Bug report #919849, regarding salt-doc: broken symlinks: /usr/share/doc/salt/html/_static/*/bootstrap* -> ../../../../../twitter-bootstrap/files/*/bootstrap* to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 919849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: salt-doc Version: 2018.3.3+dfsg1-2 Severity: normal User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package ships (or creates) a broken symlink. >From the attached log (scroll to the bottom...): 0m29.8s ERROR: FAIL: Broken symlinks: /usr/share/doc/salt/html/_static/js/vendor/bootstrap.min.js -> ../../../../../../twitter-bootstrap/files/js/bootstrap.min.js (salt-doc) /usr/share/doc/salt/html/_static/js/vendor/bootstrap.js -> ../../../../../../twitter-bootstrap/files/js/bootstrap.js (salt-doc) /usr/share/doc/salt/html/_static/css/bootstrap.min.css -> ../../../../../twitter-bootstrap/files/css/bootstrap.min.css (salt-doc) /usr/share/doc/salt/html/_static/css/bootstrap-responsive.min.css -> ../../../../../twitter-bootstrap/files/css/bootstrap-responsive.min.css (salt-doc) Is salt-doc missing a Depends/Recommends/Suggests: libjs-twitter-bootstrap ? cheers, Andreas salt-doc_2018.3.3+dfsg1-2.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: salt Source-Version: 2018.3.4+dfsg1-3 We believe that the bug you reported is fixed in the latest version of salt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 919...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung (supplier of updated salt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 25 Apr 2019 13:39:10 +0200 Source: salt Architecture: source Version: 2018.3.4+dfsg1-3 Distribution: unstable Urgency: medium Maintainer: Debian Salt Team Changed-By: Benjamin Drung Closes: 919849 Changes: salt (2018.3.4+dfsg1-3) unstable; urgency=medium . [ Benjamin Drung ] * tests: Drop copying missing templates directory * salt-doc: Install favicon in document root and do not compress it * salt-doc: Fix JavaScript symlinks to bootstrap (Closes: #919849) * doc: Set script type explicitly to text/javascript * Use jquery.js from sphinx * Symlink vendor JavaScript files before building * Use dh_sphinxdoc . [ Steffen Kockel ] * doc: Fix logo link to point to contents.html * doc: Ensure searchtools.js gets included (to fix the search) Checksums-Sha1: e499d2e3a87405e3fd744c7ed397af9122fd0a1f 4060 salt_2018.3.4+dfsg1-3.dsc 383616b0255ee57713a469a9a0dda4d61d7932e4 100504 salt_2018.3.4+dfsg1-3.debian.tar.xz 7c69c0e95da76fa932a9cb1c0d02670e04cc799b 13075 salt_2018.3.4+dfsg1-3_source.buildinfo Checksums-Sha256: 4f91aa3f188c701a23c0b467460bec5ce8fa197eb9fea8b81c57afd04481d11a 4060 salt_2018.3.4+dfsg1-3.dsc cd3f9cd55397b29514931e759e916e38b7617b2301a00d21b740c42172415fab 100504 salt_2018.3.4+dfsg1-3.debian.tar.xz 6d88c9d313a4e16f3d520a487b8ff91384739f83bece8ac6555429172e6fa62e 13075 salt_2018.3.4+dfsg1-3_source.buildinfo Files: 0f7ea34159aaa7fc052a1d38645b4a5a 4060 admin optional salt_2018.3.4+dfsg1-3.dsc 26b30aa5e18689839bb98c7556f7c992 100504 admin optional salt_2018.3.4+dfsg1-3.debian.tar.xz 5dbb37f691d5973861a058dd20fb6165 13075 admin optional salt_2018.3.4+dfsg1-3_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE5/q3CzlQJ15towl13YzVpd6MfnoFAlzB0j0ACgkQ3YzVpd6M fnq/2Q/8DNzyxOGmRl6Y7JGNec2kk+ojm1kBCXNlHMVygWKKIWVT8NN6jp9IwfXF JblR7sTxGD4PoC7Mb2gb1cgfekJtnIjdXQEbGSwl0a97WV2xxbwjp85YPeFSZjxL h0tqeHfgfLR8S6ENXuXAZErB0AVL47wH8n5mYqnbR1nMTeIOwcrAXSziW0/UQNnp ygbnck3eQ5Ml/tieVe9j+41FFVXg9m6/8v4LsaswwfsrRKBVfVgOwIEDw2kn7bhy H2E+xtFl7udhXDCd5O0/e0rhZ1f5L+0tpsZMFwo7rmgsGQLIDwec7a3PaOUusRfO +CsFEbFNt07OYMPqRRVJM6NmgzwXI+ahLn9w9luAUPCFVjJRYPoVAio/kKP428bI LoecRj9EcmmFeLIjONGnU/A5GmnNCz7+HBcdNpzSAYaWFn9BGDP1Xz8MBzRbQay4
Processed: Bug #919849 in salt marked as pending
Processing control commands: > tag -1 pending Bug #919849 [salt-doc] salt-doc: broken symlinks: /usr/share/doc/salt/html/_static/*/bootstrap* -> ../../../../../twitter-bootstrap/files/*/bootstrap* Ignoring request to alter tags of bug #919849 to the same tags previously set -- 919849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#919849: Bug #919849 in salt marked as pending
Control: tag -1 pending Hello, Bug #919849 in salt reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/salt-team/salt/commit/a4240d262eff75eaf8fb2a594ba7c9e2e76f4783 salt-doc: Fix JavaScript symlinks to bootstrap The bootstrap JavaScript file from libjs-bootstrap is placed in /usr/share/javascript/bootstrap, not /usr/share/twitter-bootstrap. Closes: #919849 Signed-off-by: Benjamin Drung (this message was generated automatically) -- Greetings https://bugs.debian.org/919849
Bug#927946: marked as done (python-audit: SWIG-related type errors render module unusable)
Your message dated Thu, 25 Apr 2019 15:18:44 + with message-id and subject line Bug#927946: fixed in audit 1:2.8.4-3 has caused the Debian Bug report #927946, regarding python-audit: SWIG-related type errors render module unusable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927946 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python-audit Version: 1:2.8.4-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, The following operations fail due to a SWIG-related type error: ``` % sudo python Python 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import audit >>> fd = audit.audit_open() >>> audit.audit_set_enabled(fd, 1) Traceback (most recent call last): File "", line 1, in TypeError: in method 'audit_set_enabled', argument 2 of type 'uint32_t' >>> ``` Relevant discussion: http://swig.10945.n7.nabble.com/SWIG-vs-uint32-t-td15045.html Best regards, Michael -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-audit depends on: ii libaudit11:2.8.4-2 ii libauparse0 1:2.8.4-2 ii libc62.28-8 ii python 2.7.16-1 python-audit recommends no packages. python-audit suggests no packages. -- no debconf information signature.asc Description: Digital signature --- End Message --- --- Begin Message --- Source: audit Source-Version: 1:2.8.4-3 We believe that the bug you reported is fixed in the latest version of audit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville (supplier of updated audit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 16:47:32 +0200 Source: audit Binary: audispd-plugins audispd-plugins-dbgsym auditd auditd-dbgsym golang-redhat-audit-dev libaudit-common libaudit-dev libaudit1 libaudit1-dbgsym libauparse-dev libauparse0 libauparse0-dbgsym python-audit python-audit-dbgsym python3-audit python3-audit-dbgsym Architecture: source amd64 all Version: 1:2.8.4-3 Distribution: unstable Urgency: medium Maintainer: Laurent Bigonville Changed-By: Laurent Bigonville Description: audispd-plugins - Plugins for the audit event dispatcher auditd - User space tools for security auditing golang-redhat-audit-dev - Go client bindings for the libaudit library libaudit-common - Dynamic library for security auditing - common files libaudit-dev - Header files and static library for security auditing libaudit1 - Dynamic library for security auditing libauparse-dev - Header files and static library for the libauparse0 library libauparse0 - Dynamic library for parsing security auditing python-audit - Python bindings for security auditing python3-audit - Python3 bindings for security auditing Closes: 909967 927946 Changes: audit (1:2.8.4-3) unstable; urgency=medium . [ Ondřej Nový ] * d/copyright: Use https protocol in Format field . [ Andrej Shadura ] * Port auditd.init and augenrules to the POSIX shell . [ Laurent Bigonville ] * d/p/06-do_not_hardcode_stdint_path.patch: Do not hardcode the path to stdint.h (Closes: #927946, #909967) Checksums-Sha1: c42f870919c8cc79725aa10b7b11889063c532e8 2483 audit_2.8.4-3.dsc 8d300675549adba418c84e6900d108b7ad156849 16712 audit_2.8.4-3.debian.tar.xz c2033c7097b36dc7c48c89518070066f65275f21 133224 audispd-plugins-dbgsym_2.8.4-3_amd64.deb 566a494fa1a6aafdf0864d38dafc604d1e887dc6 73140 audispd-plugins_2.8.4-3_amd64.deb c9012343ea797585befdc6b66f13badfe5c53dd5 12630 audit_2.8.4-3_amd64.buildinfo
Processed: bug 927946 is forwarded to https://github.com/linux-audit/audit-userspace/issues/96
Processing commands for cont...@bugs.debian.org: > forwarded 927946 https://github.com/linux-audit/audit-userspace/issues/96 Bug #927946 [python-audit] python-audit: SWIG-related type errors render module unusable Set Bug forwarded-to-address to 'https://github.com/linux-audit/audit-userspace/issues/96'. > thanks Stopping processing here. Please contact me if you need assistance. -- 927946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927946 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 1 error): forcibly merging 927946 909967
Processing commands for cont...@bugs.debian.org: > forcemerge 927946 909967 Bug #927946 [python-audit] python-audit: SWIG-related type errors render module unusable Unable to merge bugs because: package of #909967 is 'src:audit' not 'python-audit' Failed to forcibly merge 927946: Did not alter merged bugs. > thanks Stopping processing here. Please contact me if you need assistance. -- 909967: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909967 927946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927946 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927825: arm: mvneta driver used on Armada XP GP boards does not receive packets (regression from 4.9)
On 2019-04-23 22:16, Aurelien Jarno wrote: > Source: linux > Version: 4.19.28-2 > Severity: important > > After upgrading hartmann.debian.org (an armhf buildd using an Armada XP > GP board) from buster to stretch, the ethernet device is not working More precisely the board is a "Marvell Armada XP Development Board DB-MV784MP-GP" > anymore. Using tcpdump on both the buildd and a remote host, it appears > that the packets correctly leave the board and that the reception side > fails. > > The module used for the ethernet device is mvneta. The corresponding DT > compatible entry is "marvell,armada-xp-neta". > I have started a "bisection" with the kernels from snapshot. This is what I have found so far: This one works: - linux-image-4.19.0-rc6-armmp-lpae_4.19~rc6-1~exp1_armhf.deb The following ones don't: - linux-image-4.19.0-rc7-armmp-lpae_4.19~rc7-1~exp1_armhf.deb - linux-image-5.0.0-trunk-armmp_5.0.2-1~exp1_armhf.deb My guess (I don't have time to try more now) is that the issue is caused by the following change: | [ Uwe Kleine-König ] | * [armhf] enable MVNETA_BM_ENABLE and CAN_FLEXCAN as a module Add Uwe as Cc: so that he can comment on the change. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Processed: tags 694323 - pending
Processing commands for cont...@bugs.debian.org: > tags 694323 - pending Bug #694323 [lmodern] [gsfonts] Fonts include copyrighted adobe fragment all right reserved Removed tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 694323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694323 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#919058: itstool maintainer's help needed
Control: clone -1 -2 Control: reassign -2 src:mate-utils Control: retitle -2 gsearchtool: flawed msgstr in help/pt.po Control: severity -2 grave Hi, On Thu, 25 Apr 2019 02:03:01 +0200 Lars Skovlund wrote: > Hi Mike, > > I've just noticed this bug report: > > https://github.com/mate-desktop/mate-applets/issues/388 > > It's been closed, so apparently the problem can be worked around by > manipulating the XML. Of course, itstool still needs to be fixed. > > So far, there is no response on either the RedHat bug or on the > respective GitHub issues. There is a new itstool version available, > but it only includes the fixes that we've had available as long as this > bug has been open. > > Best regards, > > Lars I could isolated the buggy msgstr in gsearchtool/help/pt.po and will upload an amended mate-utils. Mike
Processed (with 4 errors): Re: Bug#919058: itstool maintainer's help needed
Processing control commands:
> clone -1 -2
Bug #919058 [itstool] its-tools: crashes when freeing xmlDocs
Bug #920408 [itstool] its-tools: crashes when freeing xmlDocs
Failed to clone 919058: Bug is marked as being merged with others. Use an
existing clone.
> reassign -2 src:mate-utils
Failed to clear fixed versions and reopen on -2: The 'bug' parameter ("-2") to
Debbugs::Control::set_package did not pass regex check
.
> retitle -2 gsearchtool: flawed msgstr in help/pt.po
Failed to set the title of -2: The 'bug' parameter ("-2") to
Debbugs::Control::set_title did not pass regex check
.
> severity -2 grave
Failed to set severity of Bug -2 to grave: The 'bug' parameter ("-2") to
Debbugs::Control::set_severity did not pass regex check
.
--
919058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: Bug #919849 in salt marked as pending
Processing control commands: > tag -1 pending Bug #919849 [salt-doc] salt-doc: broken symlinks: /usr/share/doc/salt/html/_static/*/bootstrap* -> ../../../../../twitter-bootstrap/files/*/bootstrap* Added tag(s) pending. -- 919849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#919849: Bug #919849 in salt marked as pending
Control: tag -1 pending Hello, Bug #919849 in salt reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/salt-team/salt/commit/a4240d262eff75eaf8fb2a594ba7c9e2e76f4783 salt-doc: Fix JavaScript symlinks to bootstrap The bootstrap JavaScript file from libjs-bootstrap is placed in /usr/share/javascript/bootstrap, not /usr/share/twitter-bootstrap. Closes: #919849 Signed-off-by: Benjamin Drung (this message was generated automatically) -- Greetings https://bugs.debian.org/919849
Processed: bug 924616 is forwarded to https://gitlab.gnome.org/GNOME/evolution/issues/120
Processing commands for cont...@bugs.debian.org: > forwarded 924616 https://gitlab.gnome.org/GNOME/evolution/issues/120 Bug #924616 [src:evolution] CVE-2018-15587: Signature Spoofing in PGP encrypted email Changed Bug forwarded-to-address to 'https://gitlab.gnome.org/GNOME/evolution/issues/120' from 'https://bugzilla.gnome.org/show_bug.cgi?id=796424'. > thanks Stopping processing here. Please contact me if you need assistance. -- 924616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924616: RFT and RFC: Updates for evolution{,-data-server}
Hi Jonas
[Adding security team alias, as debian-lts is not followed
automatically]
On Wed, Apr 24, 2019 at 11:08:44AM +0200, Jonas Meurer wrote:
> Hello,
>
> The last days, I spent quite some hours on backporting and debugging
> patches for CVE-2018-15587 (Signature Spoofing in PGP encrypted email)
> to evolution and evolution-data-server packages for Jessie LTS.
>
> One problem is that the scope of CVE-2018-15587 is a bit blurry. While
> the CVE description speaks specifically about the possibility to craft
> emails in a way that they spuriously appear to be *signed* - a
> vulnerability that got revealed in the aftermath of SigSpoof - the
> corresponding bugreports link to several related OpenPGP weaknesses in
> evolution{-data-server}.
[...]
You are right that the CVE is specifically for the signature spoofing
issue. It's still not fully clear, but I think it is best to stick to
that. This is the reason I yesterday reverted my previous f6f251cff480
("Track evolution-data-server under CVE-2018-15587 and add upstream
references")[1] following the reasoning, in 34c907a0fb48[2] ("Do not
track evolution-data-server under CVE-2018-15587").
[1]
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6f251cff4801a452acddc3256bbb77e8e4050b8
[2]
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8
If at all, but I expect not at the moment, the issues related to
emails to appear to be encrypted issue, will recieve a CVE we can
start track those in the tracker. As well for the other source
packages if they arise.
OTOH at least some other distros seem to relate the CVE to the
secondary issues as well. But I think the strict interpetation of the
CVE assignment is as you outlined.
Regards,
Salvatore
Bug#927722: Correct fix for this bug
On 4/25/19 12:49 PM, Thomas Goirand wrote: > Hi, > > Please fine attached to this message the *CORRECT* debdiff to fix it. > I've uploaded it to DELAYED/7 (after dcuting the wrong package...). Let > me know if you think it's still wrong and I should still dcut it... > LGTM
Bug#927722: Correct fix for this bug
Hi, Please fine attached to this message the *CORRECT* debdiff to fix it. I've uploaded it to DELAYED/7 (after dcuting the wrong package...). Let me know if you think it's still wrong and I should still dcut it... Cheers, Thomas Goirand (zigo) diff -Nru ipset-6.38/debian/changelog ipset-6.38/debian/changelog --- ipset-6.38/debian/changelog 2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/changelog 2019-04-25 11:37:45.0 +0200 @@ -1,3 +1,11 @@ +ipset (6.38-1.1) unstable; urgency=medium + + * Non maintainer upload. + * use dpkg-maintscript-helper rm_conffile to clean up old bash-completion +file in /etc (Closes: #927722). + + -- Cyril de Bourgues Thu, 25 Apr 2019 11:37:45 +0200 + ipset (6.38-1) unstable; urgency=medium * [b80dcfb] New upstream version 6.38 (Closes: #898851) diff -Nru ipset-6.38/debian/ipset.postinst ipset-6.38/debian/ipset.postinst --- ipset-6.38/debian/ipset.postinst2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/ipset.postinst2019-04-25 11:37:45.0 +0200 @@ -3,9 +3,7 @@ set -e # Cleanup obsoleted bash completion configuration file -if [ -f /etc/bash_completion.d/ipset ]; then - rm -f /etc/bash_completion.d/ipset -fi +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" #DEBHELPER# diff -Nru ipset-6.38/debian/ipset.postrm ipset-6.38/debian/ipset.postrm --- ipset-6.38/debian/ipset.postrm 1970-01-01 01:00:00.0 +0100 +++ ipset-6.38/debian/ipset.postrm 2019-04-25 11:37:45.0 +0200 @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru ipset-6.38/debian/ipset.preinst ipset-6.38/debian/ipset.preinst --- ipset-6.38/debian/ipset.preinst 1970-01-01 01:00:00.0 +0100 +++ ipset-6.38/debian/ipset.preinst 2019-04-25 11:37:45.0 +0200 @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" + +#DEBHELPER# + +exit 0
Bug#927722: Fixing the changelog entry
Woops, I'm fixing the bad changelog entry (ie: dcut, rebuild and reupload). Sorry for this. Cheers, Thomas Goirand (zigo)
Bug#927459: marked as done (The package "debian-security-support" prevents the update, installation or uninstall of other packages.)
Your message dated Thu, 25 Apr 2019 09:48:17 + with message-id and subject line Bug#927450: fixed in debian-security-support 2019.04.25 has caused the Debian Bug report #927450, regarding The package "debian-security-support" prevents the update, installation or uninstall of other packages. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927450 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: debian-security-support Version: 2019.02.02 Severity: important Dear Maintainer, I can no longer update my system, install, or uninstall packages. * What led up to the situation? I want to update my system, install packages, or uninstall packages. The commands used are: System update apt update && apt full-upgrade Package installation apt update && apt install Uninstalling packages apt purge && apt autoremove --purge * What exactly did you do (or not do) that was effective (or ineffective)? I have carried out the commands listed above. * What was the outcome of this action? The installation causes the following error. dpkg: error: error executing hook 'if [ -x /usr/share/debian-security-support/check-support-status.hook ] ; then /usr/share/debian-security-support/check-support-status.hook ; fi', exit code 256 E: Sub-process /usr/bin/dpkg returned an error code (2) * What outcome did you expect instead? The trouble-free updating of my system, the error-free installation or uninstallation of packages. What other information is required to resolve this issue? -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (600, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-security-support depends on: ii adduser3.118 ii debconf [debconf-2.0] 1.5.71 ii gettext-base 0.19.8.1-9 debian-security-support recommends no packages. debian-security-support suggests no packages. -- debconf information: debian-security-support/earlyend: * debian-security-support/limited: debian-security-support/ended: Kind regards pgpl1GceLp5ZS.pgp Description: Digitale Signatur von OpenPGP --- End Message --- --- Begin Message --- Source: debian-security-support Source-Version: 2019.04.25 We believe that the bug you reported is fixed in the latest version of debian-security-support, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen (supplier of updated debian-security-support package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 25 Apr 2019 11:36:54 +0200 Source: debian-security-support Architecture: source Version: 2019.04.25 Distribution: unstable Urgency: medium Maintainer: Christoph Biedl Changed-By: Holger Levsen Closes: 927450 Changes: debian-security-support (2019.04.25) unstable; urgency=medium . * Team upload. . [ Moritz Muehlenhoff ] * Remove mozjs17 from security-support-limited, long gone, add mozjs52 and mozjs60 instead. * Remove webkitgtk from security-support-limited, covered by security support now. * Remove xulrunner from security-support-limited, long gone. * Mark binutils as not covered by security support. . [ Holger Levsen ] * check-support-status.in: set latest supported version to Debian 10 / Buster. Closes: #927450. * Add empty security-support-ended.deb10 file. * Drop security-support-ended.deb6 as we don't support Squeeze anymore. Checksums-Sha1: 5c7933141eaecd2c7f379dbe519ab4edd93e4fe2 1872 debian-security-support_2019.04.25.dsc b1607fbc49a92572a43d457a7a7306787b361d6e 28212 debian-security-support_2019.04.25.tar.xz 2255fe20c82004c0017a17bbca688a21460df4ba 6078
Bug#927722: [pkg-netfilter-team] Bug#927722: Uploaded to delayed/7
On 4/25/19 11:44 AM, Thomas Goirand wrote: > Hi, > > I've uploaded the fix to DELAYED/7. Debdiff attached. > Let me know if I should dcut rm the upload. > > Cheers, > LGTM
Bug#927450: marked as done (debian-security-support should know that the next stable is Debian 10)
Your message dated Thu, 25 Apr 2019 09:48:17 + with message-id and subject line Bug#927450: fixed in debian-security-support 2019.04.25 has caused the Debian Bug report #927450, regarding debian-security-support should know that the next stable is Debian 10 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927450 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: base-files Version: 10.2 Severity: critical Justification: breaks unrelated software Hi. While the bug is likely in debian-security-support, as soon as upgrading to 10.2 (downgrading to 10.1 fixes the problem) a debian-security-support hook will fail at basically every installed/upgrade package: # aptitude Performing actions... Retrieving bug reports... Done Parsing Found/Fixed information... Done Reading changelogs... Done apt-listchanges: Do you want to continue? [Y/n] apt-listchanges: Mailing root: apt-listchanges: changelogs for kronecker Extracting templates from packages: 100% Preconfiguring packages ... (Reading database ... 150402 files and directories currently installed.) Preparing to unpack .../base-files_10.2_amd64.deb ... Unpacking base-files (10.2) over (10.1) ... Setting up base-files (10.2) ... Installing new version of config file /etc/debian_version ... Installing new version of config file /etc/issue ... Installing new version of config file /etc/issue.net ... => here it was upgrade dpkg: error: error executing hook 'if [ -x /usr/share/debian-security-support/check-support-status.hook ] ; then /usr/share/debian-security-support/check-support-status.hook ; fi', exit code 256 => here the hook already fails [ Rootkit Hunter version 1.4.6 ] File updated: searched for 181 files, found 156 Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. E: Sub-process /usr/bin/dpkg returned an error code (2) Processing triggers for install-info (6.5.0.dfsg.1-5) ... Processing triggers for man-db (2.8.5-2) ... dpkg: error: error executing hook 'if [ -x /usr/share/debian-security-support/check-support-status.hook ] ; then /usr/share/debian-security-support/check-support-status.hook ; fi', exit code 256 => aptitude's second try Press Return to continue, 'q' followed by Return to quit. => I then moved on with upgrading all (remaining) packages Performing actions... Retrieving bug reports... Done Parsing Found/Fixed information... Done Reading changelogs... Done Extracting templates from packages: 100% Preconfiguring packages ... (Reading database ... 150402 files and directories currently installed.) Preparing to unpack .../archives/bash_5.0-4_amd64.deb ... Unpacking bash (5.0-4) over (5.0-3) ... => fails again after the first package dpkg: error: error executing hook 'if [ -x /usr/share/debian-security-support/check-support-status.hook ] ; then /usr/share/debian-security-support/check-support-status.hook ; fi', exit code 256 [ Rootkit Hunter version 1.4.6 ] File updated: searched for 181 files, found 156 Scanning processes... Scanning candidates... Scanning linux images... Running kernel seems to be up-to-date. Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. User sessions running outdated binaries: root @ session #2526: sshd[21698] E: Sub-process /usr/bin/dpkg returned an error code (2) Setting up bash (5.0-4) ... update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz
Bug#927215: marked as done (kopano-search: AppArmor profile does not account for usrmerge)
Your message dated Thu, 25 Apr 2019 09:48:28 +
with message-id
and subject line Bug#927215: fixed in kopanocore 8.7.0-3
has caused the Debian Bug report #927215,
regarding kopano-search: AppArmor profile does not account for usrmerge
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
927215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927215
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kopanocore
Version: 8.7.0-2
Severity: serious
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu disco ubuntu-patch
In Ubuntu, the attached patch was applied to achieve the following:
* kopano-search apparmor profile: Account for usrmerge
This was breaking autopkgtest for kopano-search --help with magic import errors;
and will have the same effect on real usrmerged systems.
Thanks for considering the patch.
diff -Nru kopanocore-8.7.0/debian/apparmor/usr.sbin.kopano-search
kopanocore-8.7.0/debian/apparmor/usr.sbin.kopano-search
--- kopanocore-8.7.0/debian/apparmor/usr.sbin.kopano-search 2019-02-19
18:58:02.0 +0100
+++ kopanocore-8.7.0/debian/apparmor/usr.sbin.kopano-search 2019-04-16
11:59:16.0 +0200
@@ -21,8 +21,8 @@
deny /usr/lib/python{3,2.?}/dist-packages/kopano_search/*.pyc w,
- /bin/dash Pix,
- /bin/rm Pix,
+ {,/usr}/bin/dash Pix,
+ {,/usr}/bin/rm Pix,
# FIXME: it would be nice if search would use search- like pa
/dev/shm/* rwl,
@@ -38,7 +38,7 @@
/lib/@{multiarch}/ld-*.so mr,
- /sbin/ldconfig Pix,
+ {,/usr}/sbin/ldconfig Pix,
/run/kopano/search.pid rw,
/run/kopano/search.pid.lock lrw,
-- System Information:
Debian Release: buster/sid
APT prefers disco
APT policy: (991, 'disco'), (500, 'disco'), (500, 'cosmic-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.0.0-8-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
--- End Message ---
--- Begin Message ---
Source: kopanocore
Source-Version: 8.7.0-3
We believe that the bug you reported is fixed in the latest version of
kopanocore, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Schoenert (supplier of updated kopanocore
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 25 Apr 2019 08:51:01 +0200
Source: kopanocore
Architecture: source
Version: 8.7.0-3
Distribution: unstable
Urgency: medium
Maintainer: Giraffe Maintainers
Changed-By: Carsten Schoenert
Closes: 927215
Changes:
kopanocore (8.7.0-3) unstable; urgency=medium
.
[ Julian Andres Klode ]
* [0a74ec0] kopano-search apparmor profile: Account for usrmerge
Adjust the AA profile for kopano-search so it does also work on systems
with a merged /usr folder.
(Closes: #927215)
.
[ Carsten Schoenert ]
* [bf56cb6] d/control: switch Simon as Uploader with Mark
* [8acc590] kopano-libs.symbols: update symbols to 8.7.0(-3)
Checksums-Sha1:
8d3a00fc3aed6b7367f64908c2e38eaf9f2459c7 3863 kopanocore_8.7.0-3.dsc
526cbd022fe6126bd07bf11d1cf3e90bd44583f7 45188 kopanocore_8.7.0-3.debian.tar.xz
be3378b54e972e6495f8c8bfc51d60b8acd192da 18294
kopanocore_8.7.0-3_amd64.buildinfo
Checksums-Sha256:
ddc0328566a4bbe3ce0163cc53249549b3e89ac6f743687f2391959060adaba2 3863
kopanocore_8.7.0-3.dsc
14cc3009f3eba94d2ea0a4093c38460deaa05dcf3750102cf6b9b67b15abd1df 45188
kopanocore_8.7.0-3.debian.tar.xz
7c480a36bd1fd5a839afb075e841b8e45bafd2af29e3b72e9278d9153e923508 18294
kopanocore_8.7.0-3_amd64.buildinfo
Files:
fa7e3019ade68fb58e5c3bfd67f081a0 3863 mail optional kopanocore_8.7.0-3.dsc
14b9264a781c3845f34920bc71171203 45188 mail optional
kopanocore_8.7.0-3.debian.tar.xz
Bug#927946: python-audit: SWIG-related type errors render module unusable
Dear Maintainer, the following patch fixes the problem for me, tested locally. Please consider applying it. Cheers, Chris --- audit-2.8.4.orig/bindings/swig/src/auditswig.i +++ audit-2.8.4/bindings/swig/src/auditswig.i @@ -41,6 +41,6 @@ typedef unsigned __u32; typedef unsigned uid_t; %include "/usr/include/linux/audit.h" #define __extension__ /*nothing*/ -%include "/usr/include/stdint.h" +%include %include "../lib/libaudit.h"
Bug#927722: Uploaded to delayed/7
Hi, I've uploaded the fix to DELAYED/7. Debdiff attached. Let me know if I should dcut rm the upload. Cheers, Thomas Goirand (zigo) diff -Nru ipset-6.38/debian/changelog ipset-6.38/debian/changelog --- ipset-6.38/debian/changelog 2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/changelog 2019-04-25 11:37:45.0 +0200 @@ -1,3 +1,11 @@ +ipset (6.38-1.1) unstable; urgency=medium + + * Non maintainer upload. + * use dpkg-maintscript-helper rm_conffile to clean up old bash-completion +file in /etc (Closes: #927722). + + -- Cyril de Bourgues Thu, 25 Apr 2019 11:37:45 +0200 + ipset (6.38-1) unstable; urgency=medium * [b80dcfb] New upstream version 6.38 (Closes: #898851) @@ -17,7 +25,7 @@ * Add patch to fix ipset bash completion on bash (>= 4.4.18) Thanks to Martin Großhauser for the patch - -- Neutron Soutmun Sun, 02 Sep 2018 00:28:18 +0700 + -- Thomas Goirand Thu, 25 Apr 2019 11:37:01 +0200 ipset (6.34-1) unstable; urgency=medium diff -Nru ipset-6.38/debian/ipset.postinst ipset-6.38/debian/ipset.postinst --- ipset-6.38/debian/ipset.postinst2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/ipset.postinst2019-04-25 11:35:11.0 +0200 @@ -4,7 +4,7 @@ # Cleanup obsoleted bash completion configuration file if [ -f /etc/bash_completion.d/ipset ]; then - rm -f /etc/bash_completion.d/ipset + dpkg-maintscript-helper rm_conffile conffile 6.25.1-1~ ipset -- "$@" fi #DEBHELPER#
Bug#924897: marked as done (openjdk-12-jre-headless: fails to install: breaks configuration of ca-certificates-java)
Your message dated Thu, 25 Apr 2019 09:37:21 + with message-id and subject line Bug#924897: fixed in openjdk-12 12.0.1+12-2 has caused the Debian Bug report #924897, regarding openjdk-12-jre-headless: fails to install: breaks configuration of ca-certificates-java to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openjdk-12-jre-headless Version: 12~33-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus the severity. >From the attached log (scroll to the bottom...): Setting up ca-certificates-java (20190214) ... head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory /var/lib/dpkg/info/ca-certificates-java.postinst: line 89: java: command not found dpkg: error processing package ca-certificates-java (--configure): installed ca-certificates-java package post-installation script subprocess returned error exit status 127 dpkg: dependency problems prevent configuration of openjdk-12-jre-headless:amd64: openjdk-12-jre-headless:amd64 depends on ca-certificates-java; however: Package ca-certificates-java is not configured yet. dpkg: error processing package openjdk-12-jre-headless:amd64 (--configure): dependency problems - leaving unconfigured Processing triggers for libc-bin (2.28-8) ... Processing triggers for ca-certificates (20190110) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... /etc/ca-certificates/update.d/jks-keystore: 82: /etc/ca-certificates/update.d/jks-keystore: java: not found E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. done. Errors were encountered while processing: ca-certificates-java openjdk-12-jre-headless:amd64 cheers, Andreas openjdk-12-jre-headless_12~33-1.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: openjdk-12 Source-Version: 12.0.1+12-2 We believe that the bug you reported is fixed in the latest version of openjdk-12, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose (supplier of updated openjdk-12 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 11:08:34 +0200 Source: openjdk-12 Architecture: source Version: 12.0.1+12-2 Distribution: unstable Urgency: medium Maintainer: OpenJDK Team Changed-By: Matthias Klose Closes: 916302 924897 925071 Changes: openjdk-12 (12.0.1+12-2) unstable; urgency=medium . * Add breaks to the openjdk-12-jre-headless package: - For unattended upgrades: jetty9, netbeans, tomcat8, visualvm. - For eclipse 3.8 removal: eclipse-platform. Closes: #925071. - For configuration with vendor flag: libreoffice-core. * Class data sharing is enabled during the build where available. Just use the shipped classes.jsa files. Closes: #916302. * Tighten dependency on ca-certificates-java. Closes: #924897. Checksums-Sha1: c289e3e9e1465106a118754d58f385e5ea16c1d2 4699 openjdk-12_12.0.1+12-2.dsc 7a92ada393de923e1e116ee3189d5d9e7d812120 170992 openjdk-12_12.0.1+12-2.debian.tar.xz dd9d7d9545f63423f3cd5d0f0730ab8c4cce50ac 17327 openjdk-12_12.0.1+12-2_source.buildinfo Checksums-Sha256: a33d8f4e3069f4458985ea92d6e9e7a124f849747a44269bc641e789e38f562c 4699 openjdk-12_12.0.1+12-2.dsc 07147f2d2fe76c1ae78172d7ca9dcfd88cb7d5cf6b1db4b916cdd58268876be5 170992 openjdk-12_12.0.1+12-2.debian.tar.xz 3af35ca5012c0507587b1b466843a85311be9abfa4fa6b7fc873bf2e54a6db5c 17327 openjdk-12_12.0.1+12-2_source.buildinfo Files: 4ff55660653233a70d794975b9d07800 4699 java optional openjdk-12_12.0.1+12-2.dsc 219b39e13cecb50290258d79473f697e 170992 java optional openjdk-12_12.0.1+12-2.debian.tar.xz 80dbb3cf7a55776750bb66f23b9249a6
Bug#925071: marked as done (openjdk-11-jre: please add Breaks: eclipse-platform (<< 3.8.1-11))
Your message dated Thu, 25 Apr 2019 09:37:21 +
with message-id
and subject line Bug#925071: fixed in openjdk-12 12.0.1+12-2
has caused the Debian Bug report #925071,
regarding openjdk-11-jre: please add Breaks: eclipse-platform (<< 3.8.1-11)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
925071: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925071
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openjdk-11-jre
Version: 11.0.3+1-1
Severity: important
Tags: patch
Hi,
while analyzing piuparts stretch -> buster distupgrade tests, I found
some cases where packages from stretch were not upgraded to the new
version in buster, but the old version was kept installed instead.
This is usually caused by some obsolete packages not getting removed,
because they are part of a package group with a rather high score.
One such problematic group is the old eclipse stack from stretch that
prevents some java packages from being upgraded to buster if it does not
get removed.
I successfully tested that adding
Breaks: eclipse-platform (<< 3.8.1-11)
to openjdk-11-jre fixes these upgrade paths. The old eclipse packages
get removed and everything else gets upgraded as expected.
Andreas
diff -Nru openjdk-11-11.0.3+1/debian/changelog
openjdk-11-11.0.3+1/debian/changelog
--- openjdk-11-11.0.3+1/debian/changelog2019-02-27 15:44:14.0
+0100
+++ openjdk-11-11.0.3+1/debian/changelog2019-03-18 15:01:43.0
+0100
@@ -1,3 +1,10 @@
+openjdk-11 (11.0.3+1-2) UNRELEASED; urgency=medium
+
+ * openjdk-11-jre: Add Breaks: eclipse-platform (<< 3.8.1-11) to smoothen
+upgrades from stretch. (Closes: #xx)
+
+ -- Andreas Beckmann Mon, 18 Mar 2019 15:01:43 +0100
+
openjdk-11 (11.0.3+1-1) unstable; urgency=medium
* OpenJDK 11.0.3+1 build.
diff -Nru openjdk-11-11.0.3+1/debian/control openjdk-11-11.0.3+1/debian/control
--- openjdk-11-11.0.3+1/debian/control 2019-02-10 10:18:49.0 +0100
+++ openjdk-11-11.0.3+1/debian/control 2019-03-18 15:01:43.0 +0100
@@ -92,6 +92,8 @@
${shlibs:Depends}, ${misc:Depends}
Recommends: ${dlopenjre:Recommends}, ${bridge:Recommends}, fonts-dejavu-extra
Suggests: ${pkg:pulseaudio}
+Breaks:
+ eclipse-platform (<< 3.8.1-11),
Provides: java-runtime, java2-runtime,
java5-runtime, java6-runtime,
java7-runtime, java8-runtime,
diff -Nru openjdk-11-11.0.3+1/debian/control.in
openjdk-11-11.0.3+1/debian/control.in
--- openjdk-11-11.0.3+1/debian/control.in 2019-02-10 10:18:46.0
+0100
+++ openjdk-11-11.0.3+1/debian/control.in 2019-03-18 15:01:43.0
+0100
@@ -92,6 +92,8 @@
${shlibs:Depends}, ${misc:Depends}
Recommends: ${dlopenjre:Recommends}, ${bridge:Recommends}, @core_fonts@
Suggests: ${pkg:pulseaudio}
+Breaks:
+ eclipse-platform (<< 3.8.1-11),
Provides: java-runtime, java2-runtime,
java5-runtime, java6-runtime,
java7-runtime, java8-runtime,
eclipse-wtp_None.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: openjdk-12
Source-Version: 12.0.1+12-2
We believe that the bug you reported is fixed in the latest version of
openjdk-12, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose (supplier of updated openjdk-12 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 25 Apr 2019 11:08:34 +0200
Source: openjdk-12
Architecture: source
Version: 12.0.1+12-2
Distribution: unstable
Urgency: medium
Maintainer: OpenJDK Team
Changed-By: Matthias Klose
Closes: 916302 924897 925071
Changes:
openjdk-12 (12.0.1+12-2) unstable; urgency=medium
.
* Add breaks to the openjdk-12-jre-headless package:
- For unattended upgrades: jetty9, netbeans, tomcat8, visualvm.
- For eclipse 3.8 removal: eclipse-platform. Closes: #925071.
- For configuration with vendor flag: libreoffice-core.
* Class data sharing is enabled during the build where available.
Just use the shipped classes.jsa files. Closes: #916302.
* Tighten dependency on ca-certificates-java. Closes: #924897.
Bug#916302: marked as done (openjdk-12-jre-headless: modifies shipped file: /usr/lib/jvm/java-12-openjdk-amd64/lib/server/classes.jsa)
Your message dated Thu, 25 Apr 2019 09:37:21 + with message-id and subject line Bug#916302: fixed in openjdk-12 12.0.1+12-2 has caused the Debian Bug report #916302, regarding openjdk-12-jre-headless: modifies shipped file: /usr/lib/jvm/java-12-openjdk-amd64/lib/server/classes.jsa to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 916302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916302 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openjdk-12-jre-headless Version: 12~23-3 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package modifies files from this or another package in /usr. This is so wrong, I'm not even bothered to look up the part of policy this violates ;-P >From the attached log (scroll to the bottom...): 0m34.2s ERROR: FAIL: debsums reports modifications inside the chroot: /usr/lib/jvm/java-12-openjdk-amd64/lib/server/classes.jsa cheers, Andreas openjdk-12-jre-headless_12~23-3.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: openjdk-12 Source-Version: 12.0.1+12-2 We believe that the bug you reported is fixed in the latest version of openjdk-12, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 916...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose (supplier of updated openjdk-12 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 11:08:34 +0200 Source: openjdk-12 Architecture: source Version: 12.0.1+12-2 Distribution: unstable Urgency: medium Maintainer: OpenJDK Team Changed-By: Matthias Klose Closes: 916302 924897 925071 Changes: openjdk-12 (12.0.1+12-2) unstable; urgency=medium . * Add breaks to the openjdk-12-jre-headless package: - For unattended upgrades: jetty9, netbeans, tomcat8, visualvm. - For eclipse 3.8 removal: eclipse-platform. Closes: #925071. - For configuration with vendor flag: libreoffice-core. * Class data sharing is enabled during the build where available. Just use the shipped classes.jsa files. Closes: #916302. * Tighten dependency on ca-certificates-java. Closes: #924897. Checksums-Sha1: c289e3e9e1465106a118754d58f385e5ea16c1d2 4699 openjdk-12_12.0.1+12-2.dsc 7a92ada393de923e1e116ee3189d5d9e7d812120 170992 openjdk-12_12.0.1+12-2.debian.tar.xz dd9d7d9545f63423f3cd5d0f0730ab8c4cce50ac 17327 openjdk-12_12.0.1+12-2_source.buildinfo Checksums-Sha256: a33d8f4e3069f4458985ea92d6e9e7a124f849747a44269bc641e789e38f562c 4699 openjdk-12_12.0.1+12-2.dsc 07147f2d2fe76c1ae78172d7ca9dcfd88cb7d5cf6b1db4b916cdd58268876be5 170992 openjdk-12_12.0.1+12-2.debian.tar.xz 3af35ca5012c0507587b1b466843a85311be9abfa4fa6b7fc873bf2e54a6db5c 17327 openjdk-12_12.0.1+12-2_source.buildinfo Files: 4ff55660653233a70d794975b9d07800 4699 java optional openjdk-12_12.0.1+12-2.dsc 219b39e13cecb50290258d79473f697e 170992 java optional openjdk-12_12.0.1+12-2.debian.tar.xz 80dbb3cf7a55776750bb66f23b9249a6 17327 java optional openjdk-12_12.0.1+12-2_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlzBeWYQHGRva29AdWJ1 bnR1LmNvbQAKCRC9fqpgd4+m9SusEADLgQqXVVyY/m0X+P+PB3ROA2tgMZZR971f VioTRC4cWZOvEMra58C7DIOORxaBMw1Z8wNGPjxFkVbaiKQO2wJ3qY3AsoFYG4zU z78HG0m9ylG9OxELSdqeji14Aor4thincsAHFyFzq9zZy5Mdhn61CbspbvrXeCMS Nx5QMXgTzbtG+rIK1fvDKv9PNCkSxAd5Tg9lxGIAI5kJTuzDuzfjNGvp9A9DcPTn orD8BWebpAGkAe6MEt630OduzGxGLwYTUtQkkNuNP5YX5yUPUZ76WJ4WfxPLhsEl gkWHS4RsVLWt5l97SYVt0OF5PwqCP0RufWCSf1wuk4XF9XEFEZP2jczx/l1rqJNH EnLgGNdUmELBE3vp0+PTZiHQDLfxl3Pco+ws49U6xcr5Uu0vTIfb1VDND/6oF1Vl b/jaAOkwdSckEFVyqkKh7+gf7DgNrLPqkUYHLYjJZ+6qx4oj0I2GiveZlzrgFaIu CKJXKkQV/BWrugzrA0PSZUwFtftRXdaDu4232kR1qRl4shD3FoT/V1asQldayBc8 G3WsVttoWiqf+d1sIbvHx7pYJ2JxGWQ6rUJVT3CPaI5gUfIWKNpUE05I3w5L3cJB AmQArIwj9sAw7+jLE4nICTYHVKwi8opQ5O9WDE3wSD9cKuBgo0ujhOjoDzYQj3SP txvdE8nGDQ== =O8A0 -END PGP SIGNATURE End Message ---
Bug#927441: marked as done (openjdk-13-jre-headless: modifies shipped file: /usr/lib/jvm/java-13-openjdk-amd64/lib/server/classes.jsa)
Your message dated Thu, 25 Apr 2019 09:23:36 + with message-id and subject line Bug#927441: fixed in openjdk-13 13~18-1 has caused the Debian Bug report #927441, regarding openjdk-13-jre-headless: modifies shipped file: /usr/lib/jvm/java-13-openjdk-amd64/lib/server/classes.jsa to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openjdk-12-jre-headless Version: 12~23-3 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package modifies files from this or another package in /usr. This is so wrong, I'm not even bothered to look up the part of policy this violates ;-P >From the attached log (scroll to the bottom...): 0m34.2s ERROR: FAIL: debsums reports modifications inside the chroot: /usr/lib/jvm/java-12-openjdk-amd64/lib/server/classes.jsa cheers, Andreas openjdk-12-jre-headless_12~23-3.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: openjdk-13 Source-Version: 13~18-1 We believe that the bug you reported is fixed in the latest version of openjdk-13, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose (supplier of updated openjdk-13 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 10:56:56 +0200 Source: openjdk-13 Architecture: source Version: 13~18-1 Distribution: experimental Urgency: medium Maintainer: OpenJDK Team Changed-By: Matthias Klose Closes: 927441 927745 Changes: openjdk-13 (13~18-1) experimental; urgency=medium . * OpenJDK 13 snapshot, build 18. * Add breaks to the openjdk-13-jre-headless package: - For unattended upgrades: jetty9, netbeans, tomcat8, visualvm. - For eclipse 3.8 removal: eclipse-platform. Addresses: #925071. - For configuration with vendor flag: libreoffice-core. * Add more -dbg package conflicts. Closes: #927745. * Class data sharing is enabled during the build where available. Just use the shipped classes.jsa files. Closes: #927441. Checksums-Sha1: 9b1264b210884af693fd767013071b5f7e4195a7 4638 openjdk-13_13~18-1.dsc 82f2ac306c1a90870807477f15eb93d0402761df 68611940 openjdk-13_13~18.orig.tar.xz cb5955f86e4d9580873195ee0c40327b85d79033 165244 openjdk-13_13~18-1.debian.tar.xz 71f84d8867cbb4bf334d65daf85a997de25d7664 17312 openjdk-13_13~18-1_source.buildinfo Checksums-Sha256: cc7d05276004110a544aa4cd019a57e0acb3468a3133e4de7926e498f3179094 4638 openjdk-13_13~18-1.dsc 47aecfad4889e09ce24761b6b4c9e531186d354c9e704422a28caf9d55b0ede8 68611940 openjdk-13_13~18.orig.tar.xz ddbac4753364dca9cc43065944b7e20e45a5c26b20336d39669462206c7029bb 165244 openjdk-13_13~18-1.debian.tar.xz 9014029019d0f5182efb81bd5df5d4ddf1e31c2ab8ad83750ee3a0950775b202 17312 openjdk-13_13~18-1_source.buildinfo Files: bb6ca7736fd61711698fe9bbe740741e 4638 java optional openjdk-13_13~18-1.dsc a1cf0d3b70164293127cdcdece00c8cb 68611940 java optional openjdk-13_13~18.orig.tar.xz 46792176141342c91d6af4326706ce6c 165244 java optional openjdk-13_13~18-1.debian.tar.xz 23ac49a8c70550300e275e58def19ef0 17312 java optional openjdk-13_13~18-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlzBd0sQHGRva29AdWJ1 bnR1LmNvbQAKCRC9fqpgd4+m9ft0D/4hj3bCckvG5mSc+Cyu8nrJsqo8dlt1r6hf SRRan/JSg4nUKwhfctBIfD4l8L+ajlTpHc6/PMVUCgFiyv+IrdLHxog7GKfjcPzo nimAGmYZlbH2+mAmwOPJOWgnhnXg9X6XTOYc4qg/n8JUOupZsXebyKEtPuQM+Yb+ DpYuOhUB3keByN+xJJv9j+tGu3WpZSkB+jEqxaxz2HM5tQTIuUwTvzp75+9RcBrZ MNUMRwP06GE5ozfm2DHSrxvgSr0AOKUOUqojyLDhjB8S3+Xrqerd8BIDdUd6H5qd AFpAa0KYZynpDeALOVFG3S/5TYkqRVG2v7AvZPD0f9mQG40K+JJzu9W0dzARI81z bWn/V/ElhgWusbt8CHAAQt9t0tmpXzIcFBTYeMBQOrUH6grB3x/uZQbHsQIYJ3kA 7izAannZZbZ6um0tloOpMinGFsais7R60hcBumbOhaPrL/TQwGNIge9djKWID3Fh 54Iz72U80WWHgMKezgz/S/mEImgEDfqS4VlaKjbYcDcTWazSFVqUwGCNyGHWS4cW 0cD/EnUBCMTemrMwvrkfBFe3l8Bk3rja4t2RlMIGBAJLljMOshtzDOwJ9oQ3FKXf
Processed: Bug #927450 in debian-security-support marked as pending
Processing control commands: > tag -1 pending Bug #927450 [debian-security-support] debian-security-support should know that the next stable is Debian 10 Bug #927459 [debian-security-support] The package "debian-security-support" prevents the update, installation or uninstall of other packages. Added tag(s) pending. Added tag(s) pending. -- 927450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927450 927459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927459 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927745: marked as done (openjdk-13-dbg: file conflict with openjdk-12-dbg)
Your message dated Thu, 25 Apr 2019 09:23:36 + with message-id and subject line Bug#927745: fixed in openjdk-13 13~18-1 has caused the Debian Bug report #927745, regarding openjdk-13-dbg: file conflict with openjdk-12-dbg to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927745 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openjdk-13-dbg Version: 13~17-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files. >From the attached log (scroll to the bottom...): Preparing to unpack .../openjdk-13-dbg_13~17-2_amd64.deb ... Unpacking openjdk-13-dbg:amd64 (13~17-2) ... dpkg: error processing archive /var/cache/apt/archives/openjdk-13-dbg_13~17-2_amd64.deb (--unpack): trying to overwrite '/usr/lib/debug/.build-id/0d/3930b740ed08f36bb7fe9187f3bfe5328e87bf.debug', which is also in package openjdk-12-dbg:amd64 12.0.1+12-1 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/openjdk-13-dbg_13~17-2_amd64.deb cheers, Andreas openjdk-12-dbg=12.0.1+12-1_openjdk-13-dbg=13~17-2.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: openjdk-13 Source-Version: 13~18-1 We believe that the bug you reported is fixed in the latest version of openjdk-13, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose (supplier of updated openjdk-13 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 10:56:56 +0200 Source: openjdk-13 Architecture: source Version: 13~18-1 Distribution: experimental Urgency: medium Maintainer: OpenJDK Team Changed-By: Matthias Klose Closes: 927441 927745 Changes: openjdk-13 (13~18-1) experimental; urgency=medium . * OpenJDK 13 snapshot, build 18. * Add breaks to the openjdk-13-jre-headless package: - For unattended upgrades: jetty9, netbeans, tomcat8, visualvm. - For eclipse 3.8 removal: eclipse-platform. Addresses: #925071. - For configuration with vendor flag: libreoffice-core. * Add more -dbg package conflicts. Closes: #927745. * Class data sharing is enabled during the build where available. Just use the shipped classes.jsa files. Closes: #927441. Checksums-Sha1: 9b1264b210884af693fd767013071b5f7e4195a7 4638 openjdk-13_13~18-1.dsc 82f2ac306c1a90870807477f15eb93d0402761df 68611940 openjdk-13_13~18.orig.tar.xz cb5955f86e4d9580873195ee0c40327b85d79033 165244 openjdk-13_13~18-1.debian.tar.xz 71f84d8867cbb4bf334d65daf85a997de25d7664 17312 openjdk-13_13~18-1_source.buildinfo Checksums-Sha256: cc7d05276004110a544aa4cd019a57e0acb3468a3133e4de7926e498f3179094 4638 openjdk-13_13~18-1.dsc 47aecfad4889e09ce24761b6b4c9e531186d354c9e704422a28caf9d55b0ede8 68611940 openjdk-13_13~18.orig.tar.xz ddbac4753364dca9cc43065944b7e20e45a5c26b20336d39669462206c7029bb 165244 openjdk-13_13~18-1.debian.tar.xz 9014029019d0f5182efb81bd5df5d4ddf1e31c2ab8ad83750ee3a0950775b202 17312 openjdk-13_13~18-1_source.buildinfo Files: bb6ca7736fd61711698fe9bbe740741e 4638 java optional openjdk-13_13~18-1.dsc a1cf0d3b70164293127cdcdece00c8cb 68611940 java optional openjdk-13_13~18.orig.tar.xz 46792176141342c91d6af4326706ce6c 165244 java optional openjdk-13_13~18-1.debian.tar.xz 23ac49a8c70550300e275e58def19ef0 17312 java optional openjdk-13_13~18-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlzBd0sQHGRva29AdWJ1 bnR1LmNvbQAKCRC9fqpgd4+m9ft0D/4hj3bCckvG5mSc+Cyu8nrJsqo8dlt1r6hf SRRan/JSg4nUKwhfctBIfD4l8L+ajlTpHc6/PMVUCgFiyv+IrdLHxog7GKfjcPzo nimAGmYZlbH2+mAmwOPJOWgnhnXg9X6XTOYc4qg/n8JUOupZsXebyKEtPuQM+Yb+ DpYuOhUB3keByN+xJJv9j+tGu3WpZSkB+jEqxaxz2HM5tQTIuUwTvzp75+9RcBrZ MNUMRwP06GE5ozfm2DHSrxvgSr0AOKUOUqojyLDhjB8S3+Xrqerd8BIDdUd6H5qd AFpAa0KYZynpDeALOVFG3S/5TYkqRVG2v7AvZPD0f9mQG40K+JJzu9W0dzARI81z
Bug#927450: Bug #927450 in debian-security-support marked as pending
Control: tag -1 pending Hello, Bug #927450 in debian-security-support reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/debian-security-support/commit/124366712eb7a10e86983facb2b2b9d96cd53221 check-support-status.in: set latest supported version to Debian 10 / Buster. Closes: #927450. Signed-off-by: Holger Levsen (this message was generated automatically) -- Greetings https://bugs.debian.org/927450
Bug#927946: python-audit: SWIG-related type errors render module unusable
Package: python-audit Version: 1:2.8.4-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, The following operations fail due to a SWIG-related type error: ``` % sudo python Python 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import audit >>> fd = audit.audit_open() >>> audit.audit_set_enabled(fd, 1) Traceback (most recent call last): File "", line 1, in TypeError: in method 'audit_set_enabled', argument 2 of type 'uint32_t' >>> ``` Relevant discussion: http://swig.10945.n7.nabble.com/SWIG-vs-uint32-t-td15045.html Best regards, Michael -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-audit depends on: ii libaudit11:2.8.4-2 ii libauparse0 1:2.8.4-2 ii libc62.28-8 ii python 2.7.16-1 python-audit recommends no packages. python-audit suggests no packages. -- no debconf information signature.asc Description: Digital signature
Bug#927943: libxmlada: FTBFS with unicode-data >= 12.0.0
Source: libxmlada Version: 18-3 Severity: serious Justification: Policy 4.2 unicode-data 12.0.0 is now in unstable/testing (Buster). libxmlada FTBFS with this: raised SYSTEM.ASSERTIONS.ASSERT_FAILURE : file name too long: Egyptian_Hieroglyph_Format_Controls make[1]: *** [debian/rules:83: unicode/unicode-names-basic_latin.ads] Error 1 make[1]: Leaving directory '/tmp/libxmlada-18' regards Alastair McKinstry -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927944: node-unicode-data: FTBFS with unicode-data >= 12.0.0
Source: node-unicode-data Version: 0~20181101+gitaddfb440-1 Severity: serious Justification: Policy 4.2 node-unicode-data FTBFS with unicode-data 12.0.0 and needs to be updated. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927942: gucharmap: FTBFS with unicode-data >= 12
Source: gucharmap
Version: 1:11.0.3-2
Severity: serious
Justification: Policy 4.2
unicode-data 12.0.0 is now in unstable/testing (Buster).
gucharmap FTBFS with this;
In file included from gucharmap-unicode-info.c:33:
unicode-versions.h:331:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_0’ undeclared
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_11_0’?
331 | { 0x0C77, 0x0C77, GUCHARMAP_UNICODE_VERSION_12_0 },
| ^~
| GUCHARMAP_UNICODE_VERSION_11_0
unicode-versions.h:863:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_1’ undeclared
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_2_1’?
863 | { 0x32FF, 0x32FF, GUCHARMAP_UNICODE_VERSION_12_1 },
| ^~
| GUCHARMAP_UNICODE_VERSION_2_1
regards
Alastair McKinstry
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to
en_IE.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Bug#903635: This is RC; breaks unrelated software
On Wed, Apr 24, 2019 at 08:04:43PM +0100, Jonathan Dowland wrote: Installing docker.io changed my FORWARD chain policy to DROP, breaking networking for unrelated virsh-based VMs that I had installed on the machine at the time. This matches exactly the text for severity: serious. Sorry that should obviously have read "severity: critical". -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄
Bug#927941: utf8proc: FTBFS with unicode-data >= 12.0.0
Source: utf8proc Version: 2.2.0-1 Severity: serious Justification: Policy 4.2 unicode-data 12.0.0 is now in unstable/testing (Buster). utf8proc 2.2.0-1 FTBFS with this; it needs updating to 2.3.0. It is expected that unicoode-data will be updated to 12.1.* (probably 12.1.0~pre1-1) for Buster to include 'Reiwa' for Japanese era handling. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Processed: found 927932 in 1:9.11.5.P4+dfsg-3, found 927932 in 1:9.11.6+dfsg-1 ..., merging 927932 927934
Processing commands for cont...@bugs.debian.org: > found 927932 1:9.11.5.P4+dfsg-3 Bug #927932 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.11.5.P4+dfsg-3. > found 927932 1:9.11.6+dfsg-1 Bug #927932 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.11.6+dfsg-1. > found 927932 1:9.10.3.dfsg.P4-12.3+deb9u4 Bug #927932 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.10.3.dfsg.P4-12.3+deb9u4. > found 927932 1:9.10.3.dfsg.P4-12.3 Bug #927932 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.10.3.dfsg.P4-12.3. > merge 927932 927934 Bug #927932 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Bug #927934 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Merged 927932 927934 > thanks Stopping processing here. Please contact me if you need assistance. -- 927932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 927934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927934 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927934: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
Source: bind9 Version: 1:9.11.5.P4+dfsg-3 Severity: grave Tags: security upstream Justification: user security hole Control: clone -1 -2 Control: reassign -2 src:bind 1:9.13.3-1 Control: retitle -2 bind: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Control: found -1 1:9.11.6+dfsg-1 Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u4 Control: found -1 1:9.10.3.dfsg.P4-12.3 Hi, The following vulnerability was published for bind9. CVE-2018-5743[0]: Limiting simultaneous TCP clients is ineffective If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 [1] https://kb.isc.org/docs/cve-2018-5743 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#927932: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
I’ll have a patch for platforms without atomic support for you. -- Ondřej Surý > On 25 Apr 2019, at 08:49, Bernhard Schmidt wrote: > > Package: src:bind9 > Severity: grave > Tags: security, upstream > > CVE: CVE-2018-5743 > Document version:2.0 > Posting date:24 April 2019 > Program impacted:BIND > Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, > 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview > Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. > Versions 9.13.0 -> 9.13.7 of the 9.13 development branch > are also affected. Versions prior to BIND 9.9.0 have not > been evaluated for vulnerability to CVE-2018-5743. > Severity:High > Exploitable: Remotely > > Description: > > By design, BIND is intended to limit the number of TCP clients > that can be connected at any given time. The number of allowed > connections is a tunable parameter which, if unset, defaults to > a conservative value for most servers. Unfortunately, the code > which was intended to limit the number of simultaneous connections > contains an error which can be exploited to grow the number of > simultaneous connections beyond this limit. > > Impact: > > By exploiting the failure to limit simultaneous TCP connections, > an attacker can deliberately exhaust the pool of file descriptors > available to named, potentially affecting network connections > and the management of files such as log files or zone journal > files. > > In cases where the named process is not limited by OS-enforced > per-process limits, this could additionally potentially lead to > exhaustion of all available free file descriptors on that system. > > CVSS Score: 7.5 > CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > > For more information on the Common Vulnerability Scoring System and > to obtain your specific environmental score please visit: > https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. > > Workarounds: > > None. > > Active exploits: > > No known deliberate exploits, but the situation may occur > accidentally on busy servers. > > It is possible for operators to mistakenly believe that their > configured (or default) limit is sufficient for their typical > operations, when in fact it is not. Following an upgrade to a > version that effectively applies limits, named may deny connections > which were previously improperly permitted. Operators can monitor > their logs for rejected connections, keep an eye on "rndc status" > reports of simultaneous connections, or use other tools to monitor > whether the now-effective limits are causing problems for > legitimate clients. Should this be the case, increasing the value > of the tcp-clients setting in named.conf to an appropriate value > would be recommended. > > Solution: > > Upgrade to a version of BIND containing a fix for the ineffective > limits. > > - BIND 9.11.6-P1 > - BIND 9.12.4-P1 > - BIND 9.14.1 > > BIND Supported Preview Edition is a special feature preview > branch of BIND provided to eligible ISC support customers. > > - BIND 9.11.5-S6 > - BIND 9.11.6-S1 > > Acknowledgements: > > ISC would like to thank AT for helping us to discover this > issue. > > Document revision history: > > 1.0 Advance Notification, 16 January 2019 > 1.1 Recall due to error in original fix, 17 January 2019 > 1.3 Replacement fix delivered to Advance Notification customers, 15 > April 2019 > 1.4 Corrected Versions affected and Solution, 16 April 2019 > 1.5 Added reference to BIND 9.11.6-S1 > 2.0 Public disclosure, 24 April 2019 > > Related documents: > > See our BIND 9 Security Vulnerability Matrix for a complete > listing of security vulnerabilities and versions affected. > > Do you still have questions? Questions regarding this advisory > should go to security-offi...@isc.org. To report a new issue, please > encrypt your message using security-offi...@isc.org's PGP key which > can be found here: > https://www.isc.org/downloads/software-support-policy/openpgp-key > If you are unable to use encrypted email, you may also report new > issues at: https://www.isc.org/community/report-bug/. > > Note: > > ISC patches only currently supported versions. When possible we > indicate EOL versions affected. (For current information on which > versions are actively supported, please see > https://www.isc.org/downloads/.) > > ISC Security Vulnerability Disclosure Policy: > > Details of our current security advisory policy and practice can > be found in the ISC Software Defect and Security Vulnerability > Disclosure Policy. > > Legal Disclaimer: > > Internet Systems Consortium (ISC) is providing this notice on > an "AS IS" basis. No warranty or guarantee of any kind is
Processed: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
Processing control commands: > clone -1 -2 Bug #927934 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Bug 927934 cloned as bug 927935 > reassign -2 src:bind 1:9.13.3-1 Bug #927935 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Bug reassigned from package 'src:bind9' to 'src:bind'. No longer marked as found in versions bind9/1:9.11.5.P4+dfsg-3. Ignoring request to alter fixed versions of bug #927935 to the same values previously set Bug #927935 [src:bind] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind/1:9.13.3-1. > retitle -2 bind: CVE-2018-5743: Limiting simultaneous TCP clients is > ineffective Bug #927935 [src:bind] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Changed Bug title to 'bind: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective' from 'bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective'. > found -1 1:9.11.6+dfsg-1 Bug #927934 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.11.6+dfsg-1. > found -1 1:9.10.3.dfsg.P4-12.3+deb9u4 Bug #927934 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.10.3.dfsg.P4-12.3+deb9u4. > found -1 1:9.10.3.dfsg.P4-12.3 Bug #927934 [src:bind9] bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Marked as found in versions bind9/1:9.10.3.dfsg.P4-12.3. -- 927934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927934 927935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927808: gmsh: FTBFS in buster (c++: error: unrecognized command line option '-Wint-to-void-pointer-cast')
This could all be fixed in master (where we have Gmsh 4.3.0). Should
perhaps be uploaded soon.
On Wed, Apr 24, 2019 at 8:33 PM Juhani Numminen
wrote:
>
> Control: retitle -1 gmsh: FTBFS in buster
> ("/usr/include/occt/Standard_Version.hxx" cannot be read)
>
>
> Hi,
>
> I believe the relevant error message is actually this:
>
> CMake Error at CMakeLists.txt:1161 (file):
> file STRINGS file "/usr/include/occt/Standard_Version.hxx" cannot be read.
>
> It seems that /usr/include/occt was changed to /usr/include/opencascade.
> https://salsa.debian.org/science-team/opencascade/commit/05357f551748a6842bf2788e2bbc604daa0dfc16
>
> Kurt, will you be able to make gmsh 4.1.3+ds1-1 buildable in ‘testing’?
>
> Regards,
> Juhani
>
Bug#927932: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
Package: src:bind9 Severity: grave Tags: security, upstream CVE: CVE-2018-5743 Document version:2.0 Posting date:24 April 2019 Program impacted:BIND Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. Severity:High Exploitable: Remotely Description: By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections beyond this limit. Impact: By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. CVSS Score: 7.5 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Workarounds: None. Active exploits: No known deliberate exploits, but the situation may occur accidentally on busy servers. It is possible for operators to mistakenly believe that their configured (or default) limit is sufficient for their typical operations, when in fact it is not. Following an upgrade to a version that effectively applies limits, named may deny connections which were previously improperly permitted. Operators can monitor their logs for rejected connections, keep an eye on "rndc status" reports of simultaneous connections, or use other tools to monitor whether the now-effective limits are causing problems for legitimate clients. Should this be the case, increasing the value of the tcp-clients setting in named.conf to an appropriate value would be recommended. Solution: Upgrade to a version of BIND containing a fix for the ineffective limits. - BIND 9.11.6-P1 - BIND 9.12.4-P1 - BIND 9.14.1 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. - BIND 9.11.5-S6 - BIND 9.11.6-S1 Acknowledgements: ISC would like to thank AT for helping us to discover this issue. Document revision history: 1.0 Advance Notification, 16 January 2019 1.1 Recall due to error in original fix, 17 January 2019 1.3 Replacement fix delivered to Advance Notification customers, 15 April 2019 1.4 Corrected Versions affected and Solution, 16 April 2019 1.5 Added reference to BIND 9.11.6-S1 2.0 Public disclosure, 24 April 2019 Related documents: See our BIND 9 Security Vulnerability Matrix for a complete listing of security vulnerabilities and versions affected. Do you still have questions? Questions regarding this advisory should go to security-offi...@isc.org. To report a new issue, please encrypt your message using security-offi...@isc.org's PGP key which can be found here: https://www.isc.org/downloads/software-support-policy/openpgp-key If you are unable to use encrypted email, you may also report new issues at: https://www.isc.org/community/report-bug/. Note: ISC patches only currently supported versions. When possible we indicate EOL versions affected. (For current information on which versions are actively supported, please see https://www.isc.org/downloads/.) ISC Security Vulnerability Disclosure Policy: Details of our current security advisory policy and practice can be found in the ISC Software Defect and Security Vulnerability Disclosure Policy. Legal Disclaimer: Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or
Bug#927931: bind: CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
Source: bind Version: 1:9.13.3-1 Severity: grave Tags: security upstream Justification: user security hole Hi See https://kb.isc.org/docs/cve-2019-6467 (only affecting bind versions in experimental). Regards, Salvatore
Bug#924838: marked as done (scoop: FTBFS: Could not import extension sphinx.ext.pngmath (exception: No module named pngmath))
Your message dated Thu, 25 Apr 2019 06:18:18 + with message-id and subject line Bug#924838: fixed in scoop 0.7.1.1-3 has caused the Debian Bug report #924838, regarding scoop: FTBFS: Could not import extension sphinx.ext.pngmath (exception: No module named pngmath) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924838 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: scoop Version: 0.7.1.1-2 Severity: serious Tags: buster sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20190315 qa-ftbfs Justification: FTBFS in buster on amd64 Hi, During a rebuild of all packages in buster (in a buster chroot, not a sid chroot), your package failed to build on amd64. Relevant part (hopefully): > make[1]: Entering directory '/<>' > dh_auto_install > I: pybuild base:217: /usr/bin/python setup.py install --root > /<>/debian/python-scoop > running install > running build > running build_py > running install_lib > creating /<>/debian/python-scoop/usr > creating /<>/debian/python-scoop/usr/lib > creating /<>/debian/python-scoop/usr/lib/python2.7 > creating /<>/debian/python-scoop/usr/lib/python2.7/dist-packages > creating > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/encapsulation.pyc -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/__init__.pyc > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/encapsulation.py -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > creating > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/scoopexceptions.pyc > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/scoopzmq.py -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/__init__.pyc > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/scoopzmq.pyc > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/scoopexceptions.py > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/__init__.py -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_comm/scooptcp.py -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/_comm > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/shared.pyc > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > creating > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/launch > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/launch/__init__.py > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/launch > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/launch/brokerLaunch.py > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/launch > copying > /<>/.pybuild/cpython2_2.7_scoop/build/scoop/launch/workerLaunch.py > -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop/launch > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/_control.pyc > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/__init__.py > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/__main__.py > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/launcher.py > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/utils.py -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/fallbacks.py > -> /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/utils.pyc -> > /<>/debian/python-scoop/usr/lib/python2.7/dist-packages/scoop > copying /<>/.pybuild/cpython2_2.7_scoop/build/scoop/futures.pyc > ->
Processed: Re: Bug#927456: irrlicht makefile does not honor CFLAGS (was: irrlicht makefiles does not honors CFLAGS and CXXFLAGS, so neither hardening)
Processing control commands: > retitle -1 irrlicht makefile does not honor CFLAGS Bug #927456 [libirrlicht-dev] irrlicht makefiles does not honors CFLAGS and CXXFLAGS, so neither hardening Changed Bug title to 'irrlicht makefile does not honor CFLAGS' from 'irrlicht makefiles does not honors CFLAGS and CXXFLAGS, so neither hardening'. > severity -1 minor Bug #927456 [libirrlicht-dev] irrlicht makefile does not honor CFLAGS Severity set to 'minor' from 'serious' -- 927456: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927456 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927456: irrlicht makefile does not honor CFLAGS (was: irrlicht makefiles does not honors CFLAGS and CXXFLAGS, so neither hardening)
Control: retitle -1 irrlicht makefile does not honor CFLAGS Control: severity -1 minor On Fri, 19 Apr 2019 23:33:53 -0400 PICCORO McKAY Lenz wrote: > in Makefile line 84 we have a non override CFLAG set as: > > irrlicht-1.8.4.0/source/Irrlicht/Makefile > > CFLAGS := -O3 -fexpensive-optimizations -DPNG_THREAD_UNSAFE_OK > -DPNG_NO_MMX_CODE -DPNG_NO_MNG_FEATUR > ES > > so i set to serious due irrlicht on Debian uses system PNG and JPEG > libraries.. so here we can see more that just only not honor the CFLAGS.. > take a shot to the "NO_MMX_CODE" After looking at the build logs[1], I think this is not as serious as it first seems. You are correct that CFLAGS is overridden, but I can't see any C code being compiled. The Makefile honors the CXXFLAGS, CPPFLAGS and LDFLAGS and so the compiled library is indeed hardened. [1] https://buildd.debian.org/status/package.php?p=irrlicht Regards, Juhani
