Bug#931669: ephoto doesn't even start up
Package: ephoto Version: 1.5-2 Severity: grave Justification: renders package unusable Dear Maintainer, I've just installed ephoto to try it out. I didn't get very far. It doesn't even start up. If I try to start it up on the console, that's what it tells me: ERR<26189>:ecore_evas lib/elementary/efl_ui_win.c:5300 _elm_win_finalize_internal() Cannot create window. ## Copy & Paste the below (until EOF) into a terminal, then hit Enter eina_btlog << EOF /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dcc0c 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dd901 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71decd3 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b84c6a 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b870c1 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d127a7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b8750c 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d127a7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d0f8e4 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b8742b 0x7f5ce690 /usr/bin/ephoto 0x563c68457604 0x563c6843b000 /usr/bin/ephoto 0x563c68444b7f 0x563c6843b000 /usr/bin/ephoto 0x563c684448dc 0x563c6843b000 /lib/x86_64-linux-gnu/libc.so.6 0x7f5ce641e09b 0x7f5ce63fa000 /usr/bin/ephoto 0x563c6844491a 0x563c6843b000 EOF ERR<26189>:eo lib/eo/eo.c:993 _efl_add_internal_end() Object of class 'Efl.Ui.Win_Legacy' - Not all of the object constructors have been executed. ## Copy & Paste the below (until EOF) into a terminal, then hit Enter eina_btlog << EOF /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dcc0c 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dd901 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71decd3 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d0f9bc 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b8742b 0x7f5ce690 /usr/bin/ephoto 0x563c68457604 0x563c6843b000 /usr/bin/ephoto 0x563c68444b7f 0x563c6843b000 /usr/bin/ephoto 0x563c684448dc 0x563c6843b000 /lib/x86_64-linux-gnu/libc.so.6 0x7f5ce641e09b 0x7f5ce63fa000 /usr/bin/ephoto 0x563c6844491a 0x563c6843b000 EOF ERR<26189>:evas_main lib/evas/canvas/evas_object_smart.c:718 _efl_canvas_group_efl_object_destructor() efl_canvas_group_del() was not called on this object: 0x40007457 (Efl.Ui.Win_Legacy) ## Copy & Paste the below (until EOF) into a terminal, then hit Enter eina_btlog << EOF /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dcc0c 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71dd901 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f5ce71decd3 0x7f5ce71b3000 /usr/lib/x86_64-linux-gnu/libevas.so.1 0x7f5ce6f9c2c8 0x7f5ce6f02000 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d126c7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d126c7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b7025c 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d126c7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6be29a4 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d126c7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b82d9b 0x7f5ce690 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d126c7 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libeo.so.1 0x7f5ce6d0fcec 0x7f5ce6d01000 /usr/lib/x86_64-linux-gnu/libelementary.so.1 0x7f5ce6b8742b 0x7f5ce690 /usr/bin/ephoto 0x563c68457604 0x563c6843b000 /usr/bin/ephoto 0x563c68444b7f 0x563c6843b000 /usr/bin/ephoto 0x563c684448dc 0x563c6843b000 /lib/x86_64-linux-gnu/libc.so.6 0x7f5ce641e09b 0x7f5ce63fa000 /usr/bin/ephoto 0x563c6844491a 0x563c6843b000 EOF 1 rmm@RMMbook ~ % ERR<26198>:efreet_desktop lib/efreet/efreet_desktop.c:986 efreet_desktop_generic_fields_parse() no Name or _Name fields in file '/home/rmm/.local/share/applications/_home_rmm_local_eclipse_jee-2018-12_eclipse_.desktop' ## Copy & Paste the below (until EOF) into a terminal, then hit Enter eina_btlog << EOF /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f1dabe73c0c 0x7f1dabe4a000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f1dabe74901 0x7f1dabe4a000 /usr/lib/x86_64-linux-gnu/libeina.so.1 0x7f1dabe75cd3 0x7f1dabe4a000 /usr/lib/x86_64-linux-gnu/libefreet.so.1 0x7f1dabe0f1ab 0x7f1dabe01000 /usr/lib/x86_64-linux-gnu/efreet/v-1.21/efreet_desktop_cache_create 0x55c6a298ee5f 0x55c6a298b000 /usr/lib/x86_64-linux-gnu/efreet/v-1.21/efreet_desktop_cache_create 0x55c6a298dba0 0x55c6a298b000 /lib/x86_64-linux-gnu/libc.so.6 0x7f1dabc6209b 0x7f1dabc3e000 /usr/lib/x86_64-linux-gnu/efreet/v-1.21/efreet_desktop_cache_create 0x55c6a298e95a 0x55c6a298b000 EOF -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (900, 'stable'), (600, 'unstable') Architecture: amd64 (x86_64)
Processed: severity of 931639 is important
Processing commands for cont...@bugs.debian.org: > severity 931639 important Bug #931639 [src:linux] linux-image-4.19.0-5-amd64: Does not boot - stuck at "Loading initial ramdisk" Severity set to 'important' from 'critical' > thanks Stopping processing here. Please contact me if you need assistance. -- 931639: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931639 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931529: gnome : session freezed when I've tried to lock it
Hi, Today when I've tried to lock my session, my system has totaly freeze. I've needed to halt system from power button. Best regards, Charles signature.asc Description: OpenPGP digital signature
Processed: severity of 931654 is grave
Processing commands for cont...@bugs.debian.org: > severity 931654 grave Bug #931654 [node-json3] node-json3: json3 is no more maintained Severity set to 'grave' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 931654: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931654 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 931222 is serious
Processing commands for cont...@bugs.debian.org: > # as they will be fixed in stable and raising to avoid regression to > unstable/testing > severity 931222 serious Bug #931222 [src:dosbox] dosbox: CVE-2019-7165 CVE-2019-12594 Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 931222: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931222 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#922027: marked as done (CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format())
Your message dated Mon, 08 Jul 2019 19:54:53 +
with message-id
and subject line Bug#922027: fixed in python-django 1:1.10.7-2+deb9u5
has caused the Debian Bug report #922027,
regarding CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
922027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-django
Version: Django 2.2, 1.11
Severity: normal
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() -- used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters -- received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
Thanks Sjoerd Job Postmus for reporting this issue.
Affected supported versions
Django master branch
Django 2.2 (which will be released in a separate blog post later today)
Django 2.1
Django 2.0
Django 1.11
Per our supported versions policy, Django 1.10 and older are no longer
supported.
https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
Regards,
Herbert
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1:1.10.7-2+deb9u5
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 922...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 02 Jul 2019 23:07:21 -0300
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1:1.10.7-2+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Debian Python Modules Team
Changed-By: Chris Lamb
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 922027 929927 931316
Changes:
python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high
.
* CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format.
(Closes: #922027)
* CVE-2019-12308: Prevent a XSS vulnerability in the Django admin via the
AdminURLFieldWidget. (Closes: #929927)
* CVE-2019-12781: Prevent incorrect HTTPS detection with reverse-proxies
connecting via HTTPS. (Closes: #931316)
Checksums-Sha1:
9cf46ff6b53e327287a635d7947504bab66f5e5b 2804 python-django_1.10.7-2+deb9u5.dsc
4b9acc86beb3e79ac0fcfc3339fb7cad9cb7b286 39828
python-django_1.10.7-2+deb9u5.debian.tar.xz
1383e694395bc1db1985a303a387592011dcb2d8 1513850
python-django-common_1.10.7-2+deb9u5_all.deb
fbe06f7c2ed9995875601de4fbf915219332b420 2535508
python-django-doc_1.10.7-2+deb9u5_all.deb
0783192722e7846642837d8000e4ee0ea5e99034 904054
python-django_1.10.7-2+deb9u5_all.deb
e3f0210d8f6f2158f63b8a3ef46b7ab19792334e 9329
python-django_1.10.7-2+deb9u5_amd64.buildinfo
40303e6ec9bc24c3a99cee145f1297d8d2373097 885816
python3-django_1.10.7-2+deb9u5_all.deb
Checksums-Sha256:
5634a1d5ce9a9426076abb87945d7af24b9eab0115f6db039646f6f20437b2b8 2804
python-django_1.10.7-2+deb9u5.dsc
f794310b8048bf962425ea1c23ad447cda236d04bba02f518cabab027b988cff 39828
python-django_1.10.7-2+deb9u5.debian.tar.xz
5bc2c68ac9797eba7b2fa3beeae7ee5fa08954ce9fa2b078d2fc6c93fd44207b 1513850
python-django-common_1.10.7-2+deb9u5_all.deb
e2cc407ab765e5e0068509471880f0b53c2776d1bb76a847ad33bf56d831dc30 2535508
python-django-doc_1.10.7-2+deb9u5_all.deb
c62e37da6e5fe58bfff7fbdb7547a59fd8456ac0825777d86ecc84eafc2b8004 904054
python-django_1.10.7-2+deb9u5_all.deb
25f8ec5325f48dba98
Bug#931316: marked as done (python-django: CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS)
Your message dated Mon, 08 Jul 2019 19:54:53 + with message-id and subject line Bug#931316: fixed in python-django 1:1.10.7-2+deb9u5 has caused the Debian Bug report #931316, regarding python-django: CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 931316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: python-django Version: 1:1.11.21-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 2:2.2.1-1 Control: found -1 1:1.10.7-2+deb9u4 Control: found -1 1:1.10.7-1 Hi, The following vulnerability was published for python-django. CVE-2019-12308[0]: | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before | 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed | by the AdminURLFieldWidget displays the provided value without | validating it as a safe URL. Thus, an unvalidated value stored in the | database, or a value provided as a URL query parameter payload, could | result in an clickable JavaScript link. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308 [1] https://www.djangoproject.com/weblog/2019/jul/01/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: python-django Source-Version: 1:1.10.7-2+deb9u5 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 931...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 02 Jul 2019 23:07:21 -0300 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 922027 929927 931316 Changes: python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high . * CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format. (Closes: #922027) * CVE-2019-12308: Prevent a XSS vulnerability in the Django admin via the AdminURLFieldWidget. (Closes: #929927) * CVE-2019-12781: Prevent incorrect HTTPS detection with reverse-proxies connecting via HTTPS. (Closes: #931316) Checksums-Sha1: 9cf46ff6b53e327287a635d7947504bab66f5e5b 2804 python-django_1.10.7-2+deb9u5.dsc 4b9acc86beb3e79ac0fcfc3339fb7cad9cb7b286 39828 python-django_1.10.7-2+deb9u5.debian.tar.xz 1383e694395bc1db1985a303a387592011dcb2d8 1513850 python-django-common_1.10.7-2+deb9u5_all.deb fbe06f7c2ed9995875601de4fbf915219332b420 2535508 python-django-doc_1.10.7-2+deb9u5_all.deb 0783192722e7846642837d8000e4ee0ea5e99034 904054 python-django_1.10.7-2+deb9u5_all.deb e3f0210d8f6f2158f63b8a3ef46b7ab19792334e 9329 python-django_1.10.7-2+deb9u5_amd64.buildinfo 40303e6ec9bc24c3a99cee145f1297d8d2373097 885816 python3-django_1.10.7-2+deb9u5_all.deb Checksums-Sha256: 5634a1d5ce9a9426076abb87945d7af24b9eab0115f6db039646f6f20437b2b8 2804 python-django_1.10.7-2+deb9u5.dsc f794310b8048bf962425ea1c23ad447cda236d04bba02f518cabab027b988cff 39828 python-django_1.10.7-2+deb9u5.debian.tar.xz 5bc2c68ac9797eba7b2fa3beeae7ee5fa08954ce9fa2b078d2fc6c93fd44207b 1513850 python-django-common_1.10.7-2+deb9u5_all.deb e2cc407ab765e5e0068
Bug#931639: linux-image-4.19.0-5-amd64: Does not boot - stuck at "Loading initial ramdisk"
This is proberly linked to this Bug, also coreboot used as firmware on the affected system: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930029 So its possible that this only apears in the combination linux 4.19 + coreboot. With earlyprintk= VALUE as bootparameter you can get more output ouput the kernel panic / hang Am 08.07.19 um 17:44 schrieb QWERTY man: > Package: src:linux > Version: 4.19.37-5 > Severity: critical > Justification: breaks the whole system > > > Dear Maintainer, > > >* What led up to the situation? > > Upgraded from a very stable and largely vanilla Debian Stretch to Debian > Buster. > > >* What exactly did you do (or not do) that was effective (or > ineffective)? >* What was the outcome of this action? > > Rebooted, and it entered a loop of the following messages: > > Loading Linux 4.19.0-5-amd64... > Loading initial ramdisk > > INFO: task swapper/0:1 blocked for more than 120 secs > Not tainted 4.19.0-5-amd64 #1 Debian 4.19.37-5 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secds" disables this message > > INFO: task cpuhp/0:14 blocked for more than 120 secs > Not tainted 4.19.0-5-amd64 #1 Debian 4.19.37-5 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secds" disables this message > > I then booted the system with the 4.9.0-9-amd64 kernel, and everything worked > as > before. > > Note that same issue occurs on another system with the same motherboard and > processor - D945GCLF2B - but different hard drive and PSU: it hangs at boot. > > >* What outcome did you expect instead? > > I imagined Debian stable was uber stable based on past experience. > > > > -- Package-specific info: > ** Kernel log: boot messages should be attached > > ** Model information > sys_vendor: Intel > product_name: D945GCLF <-- It is actually D945GCLF2B > product_version: 1.0 > chassis_vendor: Intel > chassis_version: > bios_vendor: coreboot > bios_version: 382892c > board_vendor: Intel > board_name: D945GCLF<-- Above > board_version: 1.0 > > ** PCI devices: > 00:00.0 Host bridge [0600]: Intel Corporation 82945G/GZ/P/PL Memory > Controller Hub [8086:2770] (rev 02) > Subsystem: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub > [8086:464c] > Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- > Stepping- SERR- FastB2B- DisINTx- > Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR-Latency: 0 > Capabilities: > > 00:02.0 VGA compatible controller [0300]: Intel Corporation 82945G/GZ > Integrated Graphics Controller [8086:2772] (rev 02) (prog-if 00 [VGA > controller]) > Subsystem: Intel Corporation 82945G/GZ Integrated Graphics Controller > [8086:464c] > Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- > Stepping- SERR- FastB2B- DisINTx- > Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR-Latency: 0 > Interrupt: pin A routed to IRQ 16 > Region 0: Memory at e020 (32-bit, non-prefetchable) [size=512K] > Region 1: I/O ports at 2080 [size=8] > Region 2: Memory at c000 (32-bit, prefetchable) [size=512M] > Region 3: Memory at e028 (32-bit, non-prefetchable) [size=512K] > [virtual] Expansion ROM at 000c [disabled] [size=128K] > Capabilities: > Kernel driver in use: i915 > Kernel modules: i915 > > 00:1b.0 Audio device [0403]: Intel Corporation NM10/ICH7 Family High > Definition Audio Controller [8086:27d8] (rev 01) > Subsystem: Intel Corporation NM10/ICH7 Family High Definition Audio > Controller [8086:464c] > Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- > Stepping- SERR+ FastB2B- DisINTx+ > Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR-Latency: 0, Cache Line Size: 64 bytes > Interrupt: pin A routed to IRQ 27 > Region 0: Memory at e030 (64-bit, non-prefetchable) [size=16K] > Capabilities: > Kernel driver in use: snd_hda_intel > Kernel modules: snd_hda_intel > > 00:1c.0 PCI bridge [0604]: Intel Corporation NM10/ICH7 Family PCI Express > Port 1 [8086:27d0] (rev 01) (prog-if 00 [Normal decode]) > Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- > Stepping- SERR+ FastB2B- DisINTx+ > Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR-Latency: 0, Cache Line Size: 64 bytes > Interrupt: pin A routed to IRQ 24 > Bus: primary=00, secondary=01, subordinate=01, sec-latency=0 > I/O behind bridge: 1000-1fff > Memory behind bridge: e010-e01f > Prefetchable memory behind bridge: e000-e00f > Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- BridgeCtl: Parity- SERR+ NoISA+ VGA- MAbort- >Reset- FastB2B- > PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- > Capabilities: > Kerne
Bug#931639: linux-image-4.19.0-5-amd64: Does not boot - stuck at "Loading initial ramdisk"
Package: src:linux Version: 4.19.37-5 Severity: critical Justification: breaks the whole system Dear Maintainer, * What led up to the situation? Upgraded from a very stable and largely vanilla Debian Stretch to Debian Buster. * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? Rebooted, and it entered a loop of the following messages: Loading Linux 4.19.0-5-amd64... Loading initial ramdisk INFO: task swapper/0:1 blocked for more than 120 secs Not tainted 4.19.0-5-amd64 #1 Debian 4.19.37-5 "echo 0 > /proc/sys/kernel/hung_task_timeout_secds" disables this message INFO: task cpuhp/0:14 blocked for more than 120 secs Not tainted 4.19.0-5-amd64 #1 Debian 4.19.37-5 "echo 0 > /proc/sys/kernel/hung_task_timeout_secds" disables this message I then booted the system with the 4.9.0-9-amd64 kernel, and everything worked as before. Note that same issue occurs on another system with the same motherboard and processor - D945GCLF2B - but different hard drive and PSU: it hangs at boot. * What outcome did you expect instead? I imagined Debian stable was uber stable based on past experience. -- Package-specific info: ** Kernel log: boot messages should be attached ** Model information sys_vendor: Intel product_name: D945GCLF <-- It is actually D945GCLF2B product_version: 1.0 chassis_vendor: Intel chassis_version: bios_vendor: coreboot bios_version: 382892c board_vendor: Intel board_name: D945GCLF<-- Above board_version: 1.0 ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub [8086:2770] (rev 02) Subsystem: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub [8086:464c] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 00:02.0 VGA compatible controller [0300]: Intel Corporation 82945G/GZ Integrated Graphics Controller [8086:2772] (rev 02) (prog-if 00 [VGA controller]) Subsystem: Intel Corporation 82945G/GZ Integrated Graphics Controller [8086:464c] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- Kernel driver in use: i915 Kernel modules: i915 00:1b.0 Audio device [0403]: Intel Corporation NM10/ICH7 Family High Definition Audio Controller [8086:27d8] (rev 01) Subsystem: Intel Corporation NM10/ICH7 Family High Definition Audio Controller [8086:464c] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Kernel driver in use: snd_hda_intel Kernel modules: snd_hda_intel 00:1c.0 PCI bridge [0604]: Intel Corporation NM10/ICH7 Family PCI Express Port 1 [8086:27d0] (rev 01) (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: Kernel driver in use: pcieport Kernel modules: shpchp 00:1c.2 PCI bridge [0604]: Intel Corporation NM10/ICH7 Family PCI Express Port 3 [8086:27d4] (rev 01) (prog-if 00 [Normal decode]) Control: I/O- Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: Kernel driver in use: pcieport Kernel modules: shpchp 00:1c.3 PCI bridge [0604]: Intel Corporation NM10/ICH7 Family PCI Express Port 4 [8086:27d6] (rev 01) (prog-if 00 [Normal decode]) Control: I/O- Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: Kernel driver in use: pcieport Kernel modules: shpchp 00:1d.0 USB controller [0c03]: Intel Corporation NM10/ICH7 Family USB UHCI Controller #1 [8086:27c8] (rev 01) (prog-if 00 [UHCI]) Subsystem: Intel Corporation NM10/ICH7 Family USB UHCI Controller [8086:464c] Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- Kernel driver in use: ehci-pci Kernel modules: ehci_pci
Processed: Change severity and add's tags
Processing commands for cont...@bugs.debian.org: > tag 905247 + unreproducible moreinfo Bug #905247 [nload] nload broken when executed via SSH Added tag(s) moreinfo and unreproducible. > severity 905247 important Bug #905247 [nload] nload broken when executed via SSH Severity set to 'important' from 'grave' > End of message, stopping processing here. Please contact me if you need assistance. -- 905247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#905247: nload broken when executed via SSH
Hello, I need the more info. I tried to reproduce the bug, but I don't see this problem. I run nload over ssh from Debian 10(Gnome desktop) to other Debian 10 without problem. I've changed severity to important because this problem does not make the package unusable.[1] Please give me more information. What's your desktop system, what's the server system? [1] https://www.debian.org/Bugs/Developer#severities tag 905247 + unreproducible moreinfo severity 905247 important
Bug#931635: marked as pending in postgresql-common
Control: tag -1 pending Hello, Bug #931635 in postgresql-common reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/postgresql/postgresql-common/commit/063eb4b33cc1548b3b843c4259a570b84aaece0a Remove bogus data_directory from postgresql.auto.conf. (Closes: #931635) * PgCommon.pm: Ignore data_directory when set in postgresql.auto.conf. * pg_upgradecluster: Delete data_directory from postgresql.auto.conf in new cluster. (this message was generated automatically) -- Greetings https://bugs.debian.org/931635
Processed: Bug#931635 marked as pending in postgresql-common
Processing control commands: > tag -1 pending Bug #931635 [postgresql-common] pg_upgradecluster writes data_directory to postgresql.auto.conf, and gets confused by it on the next upgrade [DATA LOSS] Added tag(s) pending. -- 931635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931635 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#905022: marked as done (gcc-doc-defaults: FTBFS, needs update for gcc-8 being default)
Your message dated Mon, 08 Jul 2019 14:52:32 + with message-id and subject line Bug#905022: fixed in gcc-doc-defaults 5:18 has caused the Debian Bug report #905022, regarding gcc-doc-defaults: FTBFS, needs update for gcc-8 being default to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 905022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905022 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gcc-doc-defaults Version: 5:17.1 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, gcc-doc-defaults FTBFS in sid. It probably needs some updates now that gcc-8 has become the default gcc. [...] debian/rules override_dh_gencontrol-arch make[1]: Entering directory '/build/gcc-doc-defaults-17.1' # call dh_gencontrol one at a time for *-doc packages dh_gencontrol -p cpp-doc -- -v5:; dh_gencontrol -p gcc-doc -- -v5:; dh_gencontrol -p gfortran-doc -- -v5:; dh_gencontrol -p gnat-doc -- -v5:7.2.0-2; dh_gencontrol -p gcj-doc -- -v5:; dh_gencontrol -p gccgo-doc -- -v5:; dh_gencontrol: Requested unknown package gcj-doc via -p/--package, expected one of: gcc-doc cpp-doc gfortran-doc gnat-doc gccgo-doc gcc-doc-base dh_gencontrol: unknown option or error during option parsing; aborting dh_gencontrol -a --remaining-packages dh_gencontrol: No packages to build. Architecture mismatch: amd64, want: all alpha amd64 arm64 armel armhf i386 ia64 mips mips64 mips64el mipsel powerpc powerpcspe ppc64 ppc64el s390 s390x sparc sparc64 x32 any make[1]: Leaving directory '/build/gcc-doc-defaults-17.1' debian/rules override_dh_gencontrol-indep make[1]: Entering directory '/build/gcc-doc-defaults-17.1' dh_gencontrol -pgcc-doc-base -- -v7.2.0-2 dh_gencontrol -i --remaining-packages dh_gencontrol: No packages to build. Architecture mismatch: amd64, want: all alpha amd64 arm64 armel armhf i386 ia64 mips mips64 mips64el mipsel powerpc powerpcspe ppc64 ppc64el s390 s390x sparc sparc64 x32 any make[1]: Leaving directory '/build/gcc-doc-defaults-17.1' dh_md5sums dh_builddeb dpkg-deb: error: parsing file 'debian/gcc-doc/DEBIAN/control' near line 3 package 'gcc-doc': error in 'Version' field string '5:': nothing after colon in version number dh_builddeb: dpkg-deb --build debian/gcc-doc .. returned exit code 2 dpkg-deb: error: parsing file 'debian/gccgo-doc/DEBIAN/control' near line 3 package 'gccgo-doc': error in 'Version' field string '5:': nothing after colon in version number dpkg-deb: error: parsing file 'debian/gfortran-doc/DEBIAN/control' near line 3 package 'gfortran-doc': error in 'Version' field string '5:': nothing after colon in version number dh_builddeb: dpkg-deb --build debian/gfortran-doc .. returned exit code 2 dh_builddeb: dpkg-deb --build debian/gccgo-doc .. returned exit code 2 dh_builddeb: Aborting due to earlier error make: *** [debian/rules:111: binary] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit status 2 Andreas gcc-doc-defaults_5%17.1.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: gcc-doc-defaults Source-Version: 5:18 We believe that the bug you reported is fixed in the latest version of gcc-doc-defaults, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 905...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Eremin-Solenikov (supplier of updated gcc-doc-defaults package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Jul 2019 17:12:20 +0300 Source: gcc-doc-defaults Architecture: source Version: 5:18 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Dmitry Eremin-Solenikov Closes: 905022 Changes: gcc-doc-defaults (5:18) unstable; urgency=medium . * New uploader. * Thanks to Guo Yixuan for his work on this package. * Support proper NMU package versioning. * Build gcc-8 docs (Closes: #905022) * Bumped standard version to 4.3.0, no changes needed. * Point VCS-* tags to salsa.d.o Checksums-Sha1: fec056717543399b4794d8a8419fb4635821110b 2280 gcc-doc-defaults_18.dsc b843d4b
Bug#931635: pg_upgradecluster writes data_directory to postgresql.auto.conf, and gets confused by it on the next upgrade [DATA LOSS]
Package: postgresql-common Version: 200 Severity: critical Tags: buster sid In postgresql-common 200, pg_upgradecluster learned how to copy the contents of postgresql.auto.conf (where ALTER SYSTEM stores its data; #810615). Internally, adapt_conffiles() gets invoked twice, once for postgresql.conf and once for postgresql.auto.conf. This function is also responsible for setting data_directory in the new cluster. Unfortunately, it does this both for postgresql.conf (correct) and postgresql.auto.conf (where ALTER SYSTEM itself refuses to set data_directory, but having a file with it is syntactically ok). At this point, both clusters operate normally, and no harm is done because postgresql.auto.conf contains the correct data_directory setting. However, if this cluster gets upgraded *again*, this extra postgresql.auto.conf setting will confuse the "update config file" logic in postgresql-common's PgCommon.pm. The effect is that on the second upgrade, the new data_directory setting for the 3rd cluster will be written to the postgresql.auto.conf file of the *2nd* cluster. (And the 3rd cluster has a verbatim copy of the old postgresql.auto.conf from the 2nd cluster.) At this point, all three clusters still operate normally because pg_ctlcluster/pg_ctl can still launch the clusters, despite the bad data_directory settings in postgresql.auto.conf. Symptoms of the problem at this point are: * `pg_lsclusters` shows the wrong Data directory for the 2nd and 3rd cluster Ver Cluster Port Status OwnerData directory Log file 9.5 main5433 down postgres /var/lib/postgresql/9.6/main /var/log/postgresql/postgresql-9.5-main.log 9.6 main5432 online postgres /var/lib/postgresql/9.5/main /var/log/postgresql/postgresql-9.6-main.log * `ps` shows the wrong data directory on the postgres command line: /usr/lib/postgresql/9.6/bin/postgres -D /var/lib/postgresql/9.5/main -c config_file=/etc/postgresql/9.6/main/postgresql.conf The really bad problem now using `pg_dropcluster` will wipe the data directory OF THE WRONG CLUSTER. Oops. (And sorry.) I have a patch ready, including testsuite coverage. I'll also upload a 200+deb10u2 package to buster-proposed-updates. Christoph
Bug#928130: marked as done (octave-control: FTBFS in experimental: some tests failed)
Your message dated Mon, 08 Jul 2019 13:34:35 + with message-id and subject line Bug#928130: fixed in octave-control 3.2.0-2 has caused the Debian Bug report #928130, regarding octave-control: FTBFS in experimental: some tests failed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: octave-control Version: 3.2.0-1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) Hi, octave-control/experimental FTBFS due to some failing tests: https://buildd.debian.org/status/package.php?p=octave-control&suite=experimental This is from i386: Summary: 365 tests, 343 passed, 0 known failures, 10 skipped I can also reproduce this om am64. Andreas --- End Message --- --- Begin Message --- Source: octave-control Source-Version: 3.2.0-2 We believe that the bug you reported is fixed in the latest version of octave-control, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sébastien Villemot (supplier of updated octave-control package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Jul 2019 15:17:44 +0200 Source: octave-control Architecture: source Version: 3.2.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Octave Group Changed-By: Sébastien Villemot Closes: 928130 Changes: octave-control (3.2.0-2) unstable; urgency=medium . [ Rafael Laboissiere ] * d/copyright: Reflect upstream changes . [ Sébastien Villemot ] * comment-out-failing-unit-tests.patch: add more tests from ltimodels.m (Closes: #928130) * Bump to S-V 4.4.0 Checksums-Sha1: 0aa33b83cccbe633a4e592d0986f37564f7052e2 2129 octave-control_3.2.0-2.dsc bb54e02291337bc9f488eef5f9c67f0f61a71116 5552 octave-control_3.2.0-2.debian.tar.xz 6d66a51c9e16d36a68570015caadf477a7bfa88a 15821 octave-control_3.2.0-2_amd64.buildinfo Checksums-Sha256: 6bfde39ad9145d1e810cac6557343f38ce686ca6bd8aae5a90171afad5e5cc43 2129 octave-control_3.2.0-2.dsc 006fd7b7f016fb7afad95ecd4db7b3289736efb868521bd779a29b1016b65a2e 5552 octave-control_3.2.0-2.debian.tar.xz 01c0e82775193ce14a6f1a6930e86362dc2869cd664b6aed068b22ad54458d0a 15821 octave-control_3.2.0-2_amd64.buildinfo Files: 1dbcdb723b3f046338f5379019c10188 2129 math optional octave-control_3.2.0-2.dsc 699bf336005fe506ba17f3898b8df0ca 5552 math optional octave-control_3.2.0-2.debian.tar.xz b4592312bedadaddef198f5b30106662 15821 math optional octave-control_3.2.0-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAl0jQ6cACgkQLOzpNQ7O vkpt2g//SLYXpbiKh/pB1vaF76OeO40/kkWW3z/2o4QXlQt5wHc4NFktG4v6oNaZ 5ii3dC/i2hnbt7ReqvARgOWbxTqexO+cBzZRvjaA2PO0PR70d/NptGucGe3PYTt6 CQdSJ/HRasV1acwFqGF65TEfIl9mkU1vpl1Kt8Xh/QLtRFbkp1XFl2Nsus8ukgHo CTPTyFwMmdpVYfZ33gAWDAEjkVCadnuksozPZWW+ghfFXHjhx8omuu1NaLJLZ8Fn RIPqaEHglqezX2JyezNYgEVK1fKRHTE3y626FFNo0Q2ryLoJu3q/FsodLNDD9j2u dYN2oX/ih8IXL9MzOYI/T7pLVsSIW9mWSIKAJ4UYAf1AhmjnZS5Jw2UBlxQuFafW 63Y58sNpzfsoH6oX7LUtCIwZbhyermzGmCLEhaufchI803jv1O/1V+nKYYPD1bhT eVn5f5rWdOoxcuj8P9Yt/KNwgPw46nE5dlDDxCTzUq4/caH/2psTnx5+XVS4ds01 kZa2I7Zp6686q9j8hob5T7KR+A1ssFTyALf5rnqU4ZNSatvxbQqyh0I5kpkadZKO mzApX2+6bgmUiO+zleNEMMNHoZwRz9U88WOkeEv6X1ourhHkIMJm8CMWNnbjJR0u Bok16ljI7yIvNRLwsg5oUXp9vNwc7RxpBAfe+VSZPavYLuL6GQI= =phGf -END PGP SIGNATURE End Message ---
Processed: Bug#928130 marked as pending in octave-control
Processing control commands: > tag -1 pending Bug #928130 [src:octave-control] octave-control: FTBFS in experimental: some tests failed Added tag(s) pending. -- 928130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928130: marked as pending in octave-control
Control: tag -1 pending Hello, Bug #928130 in octave-control reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-octave-team/octave-control/commit/d67e86413e8dde4aab1ddea44bc5dc16be286501 comment-out-failing-unit-tests.patch: add more tests from ltimodels.m Closes: #928130 (this message was generated automatically) -- Greetings https://bugs.debian.org/928130
Processed: found 931625 in 3:3.2.6-3+deb9u2, found 931625 in 3:3.2.6-3, found 931625 in 5:5.0.3-4 ...
Processing commands for cont...@bugs.debian.org: > found 931625 3:3.2.6-3+deb9u2 Bug #931625 [redis] redis: CVE-2019-10192 CVE-2019-10193 There is no source info for the package 'redis' at version '3:3.2.6-3+deb9u2' with architecture '' Unable to make a source version for version '3:3.2.6-3+deb9u2' Marked as found in versions 3:3.2.6-3+deb9u2. > found 931625 3:3.2.6-3 Bug #931625 [redis] redis: CVE-2019-10192 CVE-2019-10193 There is no source info for the package 'redis' at version '3:3.2.6-3' with architecture '' Unable to make a source version for version '3:3.2.6-3' Marked as found in versions 3:3.2.6-3. > found 931625 5:5.0.3-4 Bug #931625 [redis] redis: CVE-2019-10192 CVE-2019-10193 Marked as found in versions redis/5:5.0.3-4. > fixed 931625 5:5.0.4-1 Bug #931625 [redis] redis: CVE-2019-10192 CVE-2019-10193 Marked as fixed in versions redis/5:5.0.4-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 931625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931625: redis: CVE-2019-10192 CVE-2019-10193
Package: redis Version: 2:2.8.17-1+deb8u6 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for redis. CVE-2019-10192[0]: Heap buffer overflow CVE-2019-10193[1]: Stack buffer overflow If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10192 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10192 [1] https://security-tracker.debian.org/tracker/CVE-2019-10193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10193 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#931060: marked as done (ionit.service creates a systemd dependency loop)
Your message dated Mon, 08 Jul 2019 11:07:55 + with message-id and subject line Bug#931060: fixed in ionit 0.3.3-1 has caused the Debian Bug report #931060, regarding ionit.service creates a systemd dependency loop to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 931060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ionit Version: 0.3.2+really0.2.1-1 Severity: serious Tags: patch upstream Letting ionit.service run before systemd-udev-trigger.service (fix for Deiban bug #919690) introduces a dependency loop: systemd[1]: systemd-udev-trigger.service: Found ordering cycle on ionit.service/start systemd[1]: systemd-udev-trigger.service: Found dependency on local-fs.target/start systemd[1]: systemd-udev-trigger.service: Found dependency on local-fs-pre.target/start systemd[1]: systemd-udev-trigger.service: Found dependency on multipathd.service/start systemd will break the loop where the dependency is required for correct booting. -- Benjamin Drung System Developer Debian & Ubuntu Developer 1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de Head Office: Berlin, Germany District Court Berlin Charlottenburg, Registration number: HRB 125506 B Executive Management: Christoph Steffens, Matthias Steinberg, Achim Weiss Member of United Internet --- End Message --- --- Begin Message --- Source: ionit Source-Version: 0.3.3-1 We believe that the bug you reported is fixed in the latest version of ionit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 931...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung (supplier of updated ionit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Jul 2019 12:44:10 +0200 Source: ionit Architecture: source Version: 0.3.3-1 Distribution: unstable Urgency: medium Maintainer: Benjamin Drung Changed-By: Benjamin Drung Closes: 931060 Changes: ionit (0.3.3-1) unstable; urgency=medium . * New upstream release. - Drop After=local-fs.target from ionit.service to break dependency loop (Closes: #931060) Checksums-Sha1: 81196f07690dd8fa66f777aa37ca3d359336cc4e 2209 ionit_0.3.3-1.dsc 5896c9f8fd4060632e815003fe24243db386b208 12640 ionit_0.3.3.orig.tar.xz d053f2e890b76d67f6a0c605949cb85852e7 833 ionit_0.3.3.orig.tar.xz.asc 2e19014760ca71e01f8ca6c3d0baf7f76cdbd1e1 9412 ionit_0.3.3-1.debian.tar.xz 3ee664809130f668aebd2a49f7a4587eecde4cda 7065 ionit_0.3.3-1_source.buildinfo Checksums-Sha256: 2e3e3e48ba835cb1834121ac11727902e4d574e47f2646603ce66d295f8bb0e8 2209 ionit_0.3.3-1.dsc d84d6e5fa5b305a78905cb41e017b91701c384b0b900fe6e75ed71ae82e8666c 12640 ionit_0.3.3.orig.tar.xz 979747cf4ad7f57032437304cfe507fe7c1414804502140d4b5f751d85c91ca3 833 ionit_0.3.3.orig.tar.xz.asc 6399300672a554d15f1c5d30388597a2f709cc99c6c1845b5b8e6b7921be8a1a 9412 ionit_0.3.3-1.debian.tar.xz fc3de31814507ee962f90a04a3d15403e69129ea98c4f89382b5557af6a3fb4a 7065 ionit_0.3.3-1_source.buildinfo Files: fca916b1fcd14ce4d68c5762f15bd39a 2209 utils optional ionit_0.3.3-1.dsc 757dbc498f945e5386d88236ba5b66b1 12640 utils optional ionit_0.3.3.orig.tar.xz 5873706c262f286c6a7813c64c1b4a2b 833 utils optional ionit_0.3.3.orig.tar.xz.asc 77d7ffef01942967025a8c3b8295bc0e 9412 utils optional ionit_0.3.3-1.debian.tar.xz 6537cf03ee5abd82c561bd90d7215c67 7065 utils optional ionit_0.3.3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE5/q3CzlQJ15towl13YzVpd6MfnoFAl0jHwIACgkQ3YzVpd6M fnotlRAAi+TdSUDsgkjZqNiu3MCTI05HR8ycSHbGy1TlrhtVSOlS0OnDs7bqS42D y+vkurwYM1eBss4PUnWiljrs3tBH/muLEe9Y4d0/uq5iPWJSP27W/GiltWEOfAAT vieCJ5RjOinC7lMMXFEEaIyx91wwWXLylvlXGKXchsEFtHkpReDg3MG/buM+j6T6 eIOCPGscZMg/ckYJ3ge4CKkUf60a/jbWSMoMqOX6sKtxm/0f17vDkxAeI6tTBwcm MtfXY4Gz+bggITR22LKQxMwqZ1A/ungLMhBsCSD3CcCftsUMxGB1bQCYApiMfp+H UeelnR9dhh6GvyNDquhO17Yijqh2Agjp2waegSVyUjMODTd9EP/q5R8u6v6FAyL5 BESdevIjXI9fjUzlkh9OqkaGOvFRNOfSFozZUsS3qC/u+biIzABDoPsvzq+LbNry 0dYmQhIU5jpgpP2pMtlXs6M2SgeUPLpr53LZiVnCXozg87nqfe8ifJ4tAgt4+li4 I5ZcmzcvVhch
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
On Mon, Jul 08, 2019 at 11:50:49AM +0200, Julien Cristau wrote: > On Mon, Jul 8, 2019 at 11:41:55 +0200, Julian Andres Klode wrote: > > > On Mon, Jul 08, 2019 at 10:17:27AM +0200, Julien Cristau wrote: > > > Control: severity -1 serious > > > > > > On Mon, Jul 08, 2019 at 09:11:48AM +0200, Christoph Berg wrote: > > > > Control: tags -1 buster sid > > > > > > > > Re: To Debian Bug Tracking System 2019-07-07 > > > > <20190707183910.ga22...@msg.df7cb.de> > > > > > Please consider setting Acquire::AllowReleaseInfoChange::Suite "true"; > > > > > > > > Fwiw, I think this needs fixing in buster, not just in unstable. > > > > > > > Agree. The user experience from this is horrible. > > > > We'll figure out what to do. That said, let's not rush things, > > we've got until the next release to figure out what to do and > > fix it (a fix does not help anyone affected by the change right > > now anyway). > > > > We likely do not want to allow arbitrary changes of Suite. One > > option is to introduce a new field that specifies that the Suite > > field will change to something else soon, and a field to indicate > > release notes for that change. > > > > These are important security and safety features we don't just want > > to kill because they are inconvenient. (The big reason this was > > introduced is that if you allow this to change, you can just serve > > someone an "old" oldstable repository (that still says stable) instead > > of stable, and thus starve the clients from updates). > > > How does the current behaviour fix that? If you replay an old repo the > user is still starved from updates (how could they not be, anyway). But > in addition now users using a legitimate repo are *also* starved from > updates, so everyone loses? Well, I guess I was off a bit, you replay a current oldstable - you can't roll back to older Date values (also, Valid-Until). Without the AllowReleaseInfo changes, all the user woudl get is a warning that there's a mismatch, but no breakage and non-interactive systems would thus silently not get updates. Now they'll have a failing systemd timer, which I guess is better. Sure, yes, in practice this means Codename changed as well. I'm not sure there really are many repositories where only Suite can change in a way that's security-relevant. Though, in any case, you might still end up with broken pinning, thus it seems like a good idea to try to prevent this as long as we don't mess up things. Anyway, this was not my thing so I might be misrepresenting or missing things :) -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
On Mon, Jul 8, 2019 at 11:41:55 +0200, Julian Andres Klode wrote: > On Mon, Jul 08, 2019 at 10:17:27AM +0200, Julien Cristau wrote: > > Control: severity -1 serious > > > > On Mon, Jul 08, 2019 at 09:11:48AM +0200, Christoph Berg wrote: > > > Control: tags -1 buster sid > > > > > > Re: To Debian Bug Tracking System 2019-07-07 > > > <20190707183910.ga22...@msg.df7cb.de> > > > > Please consider setting Acquire::AllowReleaseInfoChange::Suite "true"; > > > > > > Fwiw, I think this needs fixing in buster, not just in unstable. > > > > > Agree. The user experience from this is horrible. > > We'll figure out what to do. That said, let's not rush things, > we've got until the next release to figure out what to do and > fix it (a fix does not help anyone affected by the change right > now anyway). > > We likely do not want to allow arbitrary changes of Suite. One > option is to introduce a new field that specifies that the Suite > field will change to something else soon, and a field to indicate > release notes for that change. > > These are important security and safety features we don't just want > to kill because they are inconvenient. (The big reason this was > introduced is that if you allow this to change, you can just serve > someone an "old" oldstable repository (that still says stable) instead > of stable, and thus starve the clients from updates). > How does the current behaviour fix that? If you replay an old repo the user is still starved from updates (how could they not be, anyway). But in addition now users using a legitimate repo are *also* starved from updates, so everyone loses? Cheers, Julien
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
Re: Julian Andres Klode 2019-07-08 <20190708113658.ga10...@debian.org> > We likely do not want to allow arbitrary changes of Suite. One > option is to introduce a new field that specifies that the Suite > field will change to something else soon, and a field to indicate > release notes for that change. If you plan to add anything that relies on "notifications" in the Release file, please keep in mind that the mechanism still needs to work in setups that are supposed to run unattended. Build chroots in my case, and probably most machines in any data center where there is no admin typing "apt(-get) update" every other day. Please don't over-engineer it. Christoph
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
On Mon, Jul 08, 2019 at 10:17:27AM +0200, Julien Cristau wrote: > Control: severity -1 serious > > On Mon, Jul 08, 2019 at 09:11:48AM +0200, Christoph Berg wrote: > > Control: tags -1 buster sid > > > > Re: To Debian Bug Tracking System 2019-07-07 > > <20190707183910.ga22...@msg.df7cb.de> > > > Please consider setting Acquire::AllowReleaseInfoChange::Suite "true"; > > > > Fwiw, I think this needs fixing in buster, not just in unstable. > > > Agree. The user experience from this is horrible. We'll figure out what to do. That said, let's not rush things, we've got until the next release to figure out what to do and fix it (a fix does not help anyone affected by the change right now anyway). We likely do not want to allow arbitrary changes of Suite. One option is to introduce a new field that specifies that the Suite field will change to something else soon, and a field to indicate release notes for that change. These are important security and safety features we don't just want to kill because they are inconvenient. (The big reason this was introduced is that if you allow this to change, you can just serve someone an "old" oldstable repository (that still says stable) instead of stable, and thus starve the clients from updates). -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
On Mon, Jul 08, 2019 at 11:19:28AM +0200, Andreas Beckmann wrote: > Followup-For: Bug #931566 > Control: tag -1 experimental > > IMHO, the intention behind this change is good. > The implementation was completely untested. Well, it's kind of hard to > properly test such a change. > The documentation is not really helpful. > > I initially thought this was caused by my rather complicated setup. > Until I experienced it on a machine installed with buster two weeks ago > and not yet "customized" by me. > > Multiple errors like this: > E: Repository 'http://security-cdn.debian.org stretch/updates InRelease' > changed its 'Suite' value from 'stable' to 'oldstable' > N: This must be accepted explicitly before updates for this repository > can be applied. See apt-secure(8) manpage for details. > > apt-secure(8) says: > > INFORMATION CHANGES >A Release file contains beside the checksums for the files in the >repository also general information about the repository like the >origin, codename or version number of the release. > >This information is shown in various places so a repository owner >should always ensure correctness. Further more user configuration >like apt_preferences(5) can depend and make use of this >information. >Since version 1.5 the user must therefore explicitly confirm >changes to signal that the user is sufficiently prepared e.g. for >the new major release of the distribution shipped in the >repository (as e.g. indicated by the codename). > > OK, and what do I do now? How do I confirm that? > > It took me some time to discover --allow-releaseinfo-change in > apt-get(8). Please let's not discuss the manpage here. Bug#879786 has been filed for that back in Oct 2017. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
Followup-For: Bug #931566 Control: tag -1 experimental IMHO, the intention behind this change is good. The implementation was completely untested. Well, it's kind of hard to properly test such a change. The documentation is not really helpful. I initially thought this was caused by my rather complicated setup. Until I experienced it on a machine installed with buster two weeks ago and not yet "customized" by me. Multiple errors like this: E: Repository 'http://security-cdn.debian.org stretch/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable' N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details. apt-secure(8) says: INFORMATION CHANGES A Release file contains beside the checksums for the files in the repository also general information about the repository like the origin, codename or version number of the release. This information is shown in various places so a repository owner should always ensure correctness. Further more user configuration like apt_preferences(5) can depend and make use of this information. Since version 1.5 the user must therefore explicitly confirm changes to signal that the user is sufficiently prepared e.g. for the new major release of the distribution shipped in the repository (as e.g. indicated by the codename). OK, and what do I do now? How do I confirm that? It took me some time to discover --allow-releaseinfo-change in apt-get(8). Andreas PS: my apt pinning is exactly setup to prevent unwanted release changes even if sources.list contains everything from wheezy to experimental ;-)
Processed: Re: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
Processing control commands: > tag -1 experimental Bug #931566 [apt] Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true") Added tag(s) experimental. -- 931566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931529: gnome : session lost after hibernation
Hi, When battery level is very low, my laptop goes into hibernation. When I resuming after hibernation, my session is lost. I enter my password and I'm on a new session, my opened applications are closed. Best regards, Charles signature.asc Description: OpenPGP digital signature
Bug#931547: marked as done (r-base: missing dependency on libpcre3-dev)
Your message dated Mon, 08 Jul 2019 08:49:03 +
with message-id
and subject line Bug#931547: fixed in r-base 3.6.1-2
has caused the Debian Bug report #931547,
regarding r-base: missing dependency on libpcre3-dev
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
931547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: r-base
Version: 3.6.1-1
Severity: serious
Hello, after libselinux has been uploaded in unstable, lots of
reverse-dependencies of r-base
will start to FTBFS because of missing libpcre3-dev dependency (that was
dragged in by selinux)
One solution that worked in Ubuntu has been to depend (build and runtime) on
both pcre2 and pcre3 development packages
this is the changelog I added in Ubuntu
r-base (3.6.0-2ubuntu2) eoan; urgency=medium
* Require both libpcr{2,3}-dev packages at runtime, so each reverse
dependency finds them.
This is needed because currently the package pulls libpcr2-dev via
libselinux, and libpcr3-dev via glib2.0 development package.
The easy way to avoid reverse-dependencies (like littler) to fail to build
is to force them both being available on the system, while the longer term
plan is to have glib2.0 use libpcr2-dev too.
This is already tracked at https://gitlab.gnome.org/GNOME/glib/issues/1085
and launchpad bug: 1792544
and the diff
(I'm not tagging it as patch, because this is more an hack rather than a patch)
http://launchpadlibrarian.net/431996696/r-base_3.6.1-1_3.6.1-1ubuntu1.diff.gz
cheers,
Gianfranco
--- End Message ---
--- Begin Message ---
Source: r-base
Source-Version: 3.6.1-2
We believe that the bug you reported is fixed in the latest version of
r-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 931...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dirk Eddelbuettel (supplier of updated r-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 08 Jul 2019 03:04:25 -0500
Source: r-base
Binary: r-base r-base-core r-base-core-dbg r-base-dev r-base-html r-doc-html
r-doc-info r-doc-pdf r-mathlib r-recommended
Architecture: source amd64 all
Version: 3.6.1-2
Distribution: unstable
Urgency: medium
Maintainer: Dirk Eddelbuettel
Changed-By: Dirk Eddelbuettel
Description:
r-base - GNU R statistical computation and graphics system
r-base-core - GNU R core of statistical computation and graphics system
r-base-core-dbg - GNU R debug symbols for statistical comp. language and
environmen
r-base-dev - GNU R installation of auxiliary GNU R packages
r-base-html - GNU R html docs for statistical computing system functions
r-doc-html - GNU R html manuals for statistical computing system
r-doc-info - GNU R info manuals statistical computing system
r-doc-pdf - GNU R pdf manuals for statistical computing system
r-mathlib - GNU R standalone mathematics library
r-recommended - GNU R collection of recommended packages [metapackage]
Closes: 931547
Changes:
r-base (3.6.1-2) unstable; urgency=medium
.
* debian/control: Add (Build-)Depends on libprce2-dev to accommodate
selinux (with thanks to Gianfranco Costamagna) (closes: #931547)
Checksums-Sha1:
238433a7e5f3692d6650439ddaccd53d396fb214 3022 r-base_3.6.1-2.dsc
59e06c936d4643e6c6d33454a95ca5967631127f 95596 r-base_3.6.1-2.debian.tar.xz
60fd246bbe9f48e1f4e4e184396be76f0659b59f 6710176
r-base-core-dbg_3.6.1-2_amd64.deb
79c8e8bfd04abb9998a1823a298bdd3aa1e902b6 24642336 r-base-core_3.6.1-2_amd64.deb
7f80ab15bd67465a87e2b162852a8d1a8a52f351 4480 r-base-dev_3.6.1-2_all.deb
3b8b2d0dd2e8f51c1d723e475ed6103d4a13ff39 89320 r-base-html_3.6.1-2_all.deb
c1e71cd49cb8cdb515b50418d52ef88438d8eace 42660 r-base_3.6.1-2_all.deb
f9c5dadc034ff86a23897982cfb84c456da5dbd3 16052 r-base_3.6.1-2_amd64.buildinfo
7d18d479ec53b66b1278c959a5f38bd626b33865 564548 r-doc-html_3.6.1-2_all.deb
bc2ad00d6f585ed3b867e44333a2573d127e96da 627996 r-doc-info_3.6.1-2_all.deb
5766db920cfd570059a6b2a2370ece793443fe8c 9525708 r-doc-pdf_3.6.1-2_all.deb
a4b69f6f5e32e2d8b8b660269a8922e39f690d7d 1987340 r-mathlib_3.6.1
Processed: Re: Bug#931566: Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")
Processing control commands: > severity -1 serious Bug #931566 [apt] Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true") Severity set to 'serious' from 'important' -- 931566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929151: netdata-core: version in stretch-backports newer than version in buster
With the release of Buster this weekend, Netdata seems to have moved away from stretch-backports without any warning. The tracker [1] still reference the 1.12.1-2~bpo9+1 version. Do you planned to add another version to stretch-backports ? Thank you for your work ;) [1]: https://tracker.debian.org/pkg/netdata signature.asc Description: OpenPGP digital signature
