Bug#937143: Bug:#937143: nipy: Python2 removal in sid/bullseye

[Stuart Prescott]

Dear maintainer,

I've prepared an upload of nipy (0.4.2-2.1) that provides a Python 3 module 
package along with a bit of additional polish to the package. I've uploaded it 
to experimental so that the package can pass through the NEW process.

A MR on salsa also brings in the changes, although I'm happy to push the 
changes and tag directly if you'd like to give me appropriate access.

https://salsa.debian.org/neurodebian-team/nipy/merge_requests/1

regards
Stuart

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

Processed: Re: Bug#948653: stretch-pu: package mod-gnutls/0.8.2-3+deb9u1

[Debian Bug Tracking System]

Processing control commands:

> block -1 by 950300
Bug #948653 [release.debian.org] stretch-pu: package mod-gnutls/0.8.2-3+deb9u1
948653 was not blocked by any bugs.
948653 was not blocking any bugs.
Added blocking bug(s) of 948653: 950300

-- 
948653: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948653
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950211: python-virustotal-api fails autopkg test

[Sascha Steinbiss]

Hi Matthias,

>>> Or you remove the autodep8 test from debian/control.
>> Indeed that is what I changed in 1.1.11-2 which should be in both sid
>> and bullseye by now -- I changed the autopkgtest definition and added
>> custom test scripts reflecting the situation.
>> 
>> All tests are green so far now [3]. Where did you get your log snippet from?
> 
> http://autopkgtest.ubuntu.com/packages/p/python-virustotal-api/focal/amd64

But version 1.1.11-2 (without the ubuntu1 patch) also passes its autopkgtest in 
the list on that page (row 3)?

> that's what I changed, it's still in the control file.
> 
> http://launchpadlibrarian.net/462719068/python-virustotal-api_1.1.11-2_1.1.11-2ubuntu1.diff.gz

This would also only cause the CI to run the regular autopkgtest in 
debian/tests, instead of the failing Python-specific ones that assume a 
particular mapping from import name to package name. My change in 1.1.11-2 does 
the same:

diff --git a/debian/control b/debian/control
index 83a6cfe..6032eda 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Build-Depends: debhelper-compat (= 12),
python3-setuptools,
python3-requests
 Standards-Version: 4.5.0
-Testsuite: autopkgtest-pkg-python
+Testsuite: autopkgtest
 Vcs-Git: https://salsa.debian.org/debian/python-virustotal-api.git
 Vcs-Browser: https://salsa.debian.org/debian/python-virustotal-api
 Homepage: https://github.com/blacktop/virustotal-api

Plus adding a separate, explicit test setup in d/tests, of course.

I do not see where removing the Testsuite line would change anything compared 
to 1.1.11-2, given that the autopkgtest for that’s version passes even on 
Ubuntu’s CI. Am I missing something?

Cheers
Sascha


signature.asc
Description: Message signed with OpenPGP

Bug#950300: mod-gnutls: apache CVE-2019-10092 fix causes FTBFS

[Adrian Bunk]

Source: mod-gnutls
Version: 0.8.2-3
Severity: serious
Tags: ftbfs

mod-gnutls appears to rely on the exact wording of apache
error messages, and these changed with CVE-2019-10092.

https://buildd.debian.org/status/package.php?p=mod-gnutls=stretch
https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/mod-gnutls.html

...
FAIL: test-18_client_verification_wrong_cert


TESTING: 18_client_verification_wrong_cert
Server version: Apache/2.4.38 (Debian)
Server built:   2019-10-15T19:53:42
Server's Module Magic Number: 20120211:84
Server loaded:  APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM: worker
  threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"
[Mon Jan 27 07:56:11.674982 2020] [gnutls:debug] [pid 45519:tid 
139910356628608] gnutls_cache.c(354): mgs_cache_inst_config: Socache 
'shmcb:cache/gnutls_cache_18_client_verification_wrong_cert(65536)' created.
AH00557: apache2: apr_sockaddr_info_get() failed for profitbricks-build11-amd64
AH00558: apache2: Could not reliably determine the server's fully qualified 
domain name, using 127.0.0.1. Set the 'ServerName' directive globally to 
suppress this message
flock: getting lock took 1.910177 seconds
flock: executing /usr/sbin/apache2
Processed 1 CA certificate(s).
Processed 1 client X.509 certificates...
Resolving 'localhost:9932'...
Connecting to '127.0.0.1:9932'...
- Successfully sent 1 certificate(s) to server.
- Server has requested a certificate.
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=localhost', issuer `CN=Testing Authority', serial 0x22fff0d9, 
RSA key 3072 bits, signed using RSA-SHA256, activated `2020-01-27 19:56:05 
UTC', expires `2021-01-26 19:56:05 UTC', 
pin-sha256="ShqMB70z9iMRONejdL+6v98HfExpZp/aWi6nXzD6vJE="
Public Key ID:
sha1:7bb678f9fe68cd7ed0fd1df39e9aebad4eee2b94

sha256:4a1a8c07bd33f6231138d7a374bfbabfdf077c4c69669fda5a2ea75f30fabc91
Public Key PIN:
pin-sha256:ShqMB70z9iMRONejdL+6v98HfExpZp/aWi6nXzD6vJE=

- Status: The certificate is trusted. 
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Options:
- Handshake was completed

- Simple Client Mode:

HTTP/1.1 403 Forbidden
Date: Mon, 27 Jan 2020 19:56:11 GMT
Server: Apache/2.4.38 (Debian) mod_gnutls/0.9.0 GnuTLS/3.6.7
Content-Length: 199
Connection: close
Content-Type: text/html; charset=iso-8859-1



403 Forbidden

Forbidden
You don't have permission to access this resource.

- Peer has closed the GnuTLS connection
  PID TTY  TIME CMD
45530 ?00:00:00 sleep
--- /build/mod-gnutls-0.9.0/test/tests/18_client_verification_wrong_cert/output 
2017-02-28 07:05:55.0 -1200
+++ /dev/fd/63  2020-01-27 07:56:11.809997988 -1200
@@ -1,7 +1,7 @@
+
+403 Forbidden
 
 Forbidden
-You don't have permission to access /test.txt
-on this server.
-
+You don't have permission to access this resource.
 
 - Peer has closed the GnuTLS connection
FAILURE: 18_client_verification_wrong_cert
[Mon Jan 27 07:56:11.869868 2020] [gnutls:debug] [pid 45630:tid 
139891390706816] gnutls_cache.c(354): mgs_cache_inst_config: Socache 
'shmcb:cache/gnutls_cache_18_client_verification_wrong_cert(65536)' created.
AH00557: apache2: apr_sockaddr_info_get() failed for profitbricks-build11-amd64
AH00558: apache2: Could not reliably determine the server's fully qualified 
domain name, using 127.0.0.1. Set the 'ServerName' directive globally to 
suppress this message

Apache error logs:
[Mon Jan 27 07:56:11.697229 2020] [mpm_worker:debug] [pid 45520:tid 
139910356628608] worker.c(1758): AH00294: Accept mutex: sysvsem (default: 
sysvsem)
[Mon Jan 27 07:56:11.697257 2020] [watchdog:debug] [pid 45523:tid 
139910356628608] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Mon Jan 27 07:56:11.697509 2020] [watchdog:debug] [pid 45525:tid 
139910356628608] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Mon Jan 27 07:56:11.710332 2020] [gnutls:debug] [pid 45523:tid 
139910314034944] gnutls_hooks.c(1072): [client 127.0.0.1:43624] early_sni_hook: 
Selected virtual host localhost from early SNI, connection server is localhost.
[Mon Jan 27 07:56:11.785399 2020] [gnutls:debug] [pid 45523:tid 
139910314034944] gnutls_io.c(535): [client 

Bug#950301: mod-gnutls FTBFS: ERROR: Cipher suites mismatching or missing!

[Adrian Bunk]

Source: mod-gnutls
Version: 0.9.0-1
Severity: serious
Tags: ftbfs bullseye sid

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mod-gnutls.html

...
ERROR: Cipher suites mismatching or missing!
Server: '(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)'
Client: '(TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)'
FAIL test-16_view-status.bash (exit status: 1)

Bug#947995: ncbi-entrez-direct: ncbi-entrez-direct FTBFS in testing/unstable

[Andreas Tille]

Hi Aaron,

I used routine-update[1] to update the packaging of ncbi-entrez-direct.
Since this includes a new upstream version I'm hesitating with uploading
and thus stopped working on this bug.

The build now fails with

...
dh_auto_build
install amino-acid-composition archive-pubmed between-two-genes 
entrez-phrase-search fetch-pubmed filter-stop-words index-pubmed 
intersect-uid-lists join-into-groups-of pm-* protein-neighbors reorder-columns 
sort-uniq-count* stream-pubmed word-at-a-time xy-plot debian/efetch 
debian/einfo bin/
mkdir -p 
/build/ncbi-entrez-direct-13.3.20200128+ds/obj-x86_64-linux-gnu/src/github.com/fiam
ln -s ../rainycape 
/build/ncbi-entrez-direct-13.3.20200128+ds/obj-x86_64-linux-gnu/src/github.com/fiam/gounidecode
go build -v -gccgoflags '-g -O2 
-fdebug-prefix-map=/build/ncbi-entrez-direct-13.3.20200128+ds=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro 
-Wl,-z,now -Wl,--as-needed' -o bin/xtract \
xtract.go common.go
failed to initialize build cache at /nonexistent/.cache/go-build: mkdir 
/nonexistent: permission denied
make[1]: *** [debian/rules:84: override_dh_auto_build] Error 1
...


I think that's just a matter of setting $HOME to something sensible and
is probably less than 10min work for you.  Could you please take over
from here?

Kind regards

  Andreas.


[1] 
https://salsa.debian.org/r-pkg-team/maintenance-utilities/blob/master/routine-update

-- 
http://fam-tille.de

Bug#937129: marked as done (netifaces: Python2 removal in sid/bullseye)

[Debian Bug Tracking System]

Your message dated Fri, 31 Jan 2020 06:06:22 +
with message-id 
and subject line Bug#937129: fixed in netifaces 0.10.9-0.2
has caused the Debian Bug report #937129,
regarding netifaces: Python2 removal in sid/bullseye
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
937129: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=937129
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:netifaces
Version: 0.10.4-1
Severity: normal
Tags: sid bullseye
User: debian-pyt...@lists.debian.org
Usertags: py2removal

Python2 becomes end-of-live upstream, and Debian aims to remove
Python2 from the distribution, as discussed in
https://lists.debian.org/debian-python/2019/07/msg00080.html

Your package either build-depends, depends on Python2, or uses Python2
in the autopkg tests.  Please stop using Python2, and fix this issue
by one of the following actions.

- Convert your Package to Python3. This is the preferred option.  In
  case you are providing a Python module foo, please consider dropping
  the python-foo package, and only build a python3-foo package.  Please
  don't drop Python2 modules, which still have reverse dependencies,
  just document them.
  
  This is the preferred option.

- If the package is dead upstream, cannot be converted or maintained
  in Debian, it should be removed from the distribution.  If the
  package still has reverse dependencies, raise the severity to
  "serious" and document the reverse dependencies with the BTS affects
  command.  If the package has no reverse dependencies, confirm that
  the package can be removed, reassign this issue to ftp.debian.org,
  make sure that the bug priority is set to normal and retitle the
  issue to "RM: PKG -- removal triggered by the Python2 removal".

- If the package has still many users (popcon >= 300), or is needed to
  build another package which cannot be removed, document that by
  adding the "py2keep" user tag (not replacing the py2remove tag),
  using the debian-pyt...@lists.debian.org user.  Also any
  dependencies on an unversioned python package (python, python-dev)
  must not be used, same with the python shebang.  These have to be
  replaced by python2/python2.7 dependencies and shebang.

  This is the least preferred option.

If the conversion or removal needs action on another package first,
please document the blocking by using the BTS affects command, like

  affects  + src:netifaces

If there is no py2removal bug for that reverse-dependency, please file
a bug on this package (similar to this bug report).

If there are questions, please refer to the wiki page for the removal:
https://wiki.debian.org/Python/2Removal, or ask for help on IRC
#debian-python, or the debian-pyt...@lists.debian.org mailing list.
--- End Message ---
--- Begin Message ---
Source: netifaces
Source-Version: 0.10.9-0.2

We believe that the bug you reported is fixed in the latest version of
netifaces, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 937...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi  (supplier of updated netifaces package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 31 Jan 2020 00:43:09 -0500
Source: netifaces
Architecture: source
Version: 0.10.9-0.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: Sandro Tosi 
Closes: 937129
Changes:
 netifaces (0.10.9-0.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Drop python2 support; Closes: #937129
Checksums-Sha1:
 a1b6a02213d6f80e93149d5878ee40d8505c6b99 2169 netifaces_0.10.9-0.2.dsc
 7109ba7eed9941da06b73eba04d8104717de2da7 8404 
netifaces_0.10.9-0.2.debian.tar.xz
 3e7e4d2174344a5a135bc2db8199b913e62599b9 6963 
netifaces_0.10.9-0.2_source.buildinfo
Checksums-Sha256:
 8977cc45414dd25e5795e2ce521fe4e7fd03dbc836dd431ad2ef2b5188c3906c 2169 
netifaces_0.10.9-0.2.dsc
 9557cc5d0e171cb04bf0a71b6fc31dd450e0d0891171f54126d7944a97ea811c 8404 
netifaces_0.10.9-0.2.debian.tar.xz
 fcea2e64ed0488d8ca46e99cf012bf375eedde3b8975c5f26c9a4a1fc1b29a29 6963 
netifaces_0.10.9-0.2_source.buildinfo
Files:
 

Processed: tagging 933832

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 933832 + fixed
Bug #933832 {Done: Daniel Kahn Gillmor } [enigmail] 
enigmail: please package new version 2.1.x
Added tag(s) fixed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
933832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#937129: netifaces: diff for NMU version 0.10.9-0.2

[Sandro Tosi]

Control: tags 937129 + patch


Dear maintainer,

I've prepared an NMU for netifaces (versioned as 0.10.9-0.2). The diff
is attached to this message.

Regards.

diff -Nru netifaces-0.10.9/debian/changelog netifaces-0.10.9/debian/changelog
--- netifaces-0.10.9/debian/changelog	2019-11-25 11:16:02.0 -0500
+++ netifaces-0.10.9/debian/changelog	2020-01-31 00:43:09.0 -0500
@@ -1,3 +1,10 @@
+netifaces (0.10.9-0.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop python2 support; Closes: #937129
+
+ -- Sandro Tosi   Fri, 31 Jan 2020 00:43:09 -0500
+
 netifaces (0.10.9-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru netifaces-0.10.9/debian/control netifaces-0.10.9/debian/control
--- netifaces-0.10.9/debian/control	2019-11-25 11:16:02.0 -0500
+++ netifaces-0.10.9/debian/control	2020-01-31 00:39:47.0 -0500
@@ -8,9 +8,6 @@
 Build-Depends:
  debhelper (>= 9),
  dh-python,
- python-all-dbg,
- python-all-dev,
- python-setuptools,
  python3-all-dbg,
  python3-all-dev,
  python3-setuptools,
@@ -19,39 +16,6 @@
 Vcs-Browser: https://salsa.debian.org/python-team/modules/netifaces
 Homepage: http://alastairs-place.net/projects/netifaces/
 
-Package: python-netifaces
-Architecture: any
-Depends:
- ${misc:Depends},
- ${python:Depends},
- ${shlibs:Depends},
-Provides:
- ${python:Provides},
-XB-Python-Version: ${python:Versions}
-Description: portable network interface information - Python 2.x
- netifaces provides a (hopefully portable-ish) way for Python programmers to
- get access to a list of the network interfaces on the local machine, and to
- obtain the addresses of those network interfaces.
- .
- This package contains the module for Python 2.x.
-
-Package: python-netifaces-dbg
-Section: debug
-Priority: extra
-Architecture: any
-Depends:
- python-dbg,
- python-netifaces (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends},
-XB-Python-Version: ${python:Versions}
-Description: portable network interface information - Python 2.x debug extension
- netifaces provides a (hopefully portable-ish) way for Python programmers to
- get access to a list of the network interfaces on the local machine, and to
- obtain the addresses of those network interfaces.
- .
- This package contains debug symbols of python-netifaces.
-
 Package: python3-netifaces
 Architecture: any
 Depends:
diff -Nru netifaces-0.10.9/debian/python-netifaces.install netifaces-0.10.9/debian/python-netifaces.install
--- netifaces-0.10.9/debian/python-netifaces.install	2018-04-02 16:08:38.0 -0400
+++ netifaces-0.10.9/debian/python-netifaces.install	1969-12-31 19:00:00.0 -0500
@@ -1,2 +0,0 @@
-usr/lib/python2.*/*/*.egg-info
-usr/lib/python2.*/*/netifaces.so
diff -Nru netifaces-0.10.9/debian/rules netifaces-0.10.9/debian/rules
--- netifaces-0.10.9/debian/rules	2019-11-25 11:16:02.0 -0500
+++ netifaces-0.10.9/debian/rules	2020-01-31 00:40:57.0 -0500
@@ -1,42 +1,33 @@
 #!/usr/bin/make -f
 
 
-PYVERS = $(shell pyversions -vr)
-PYVERSION = $(shell pyversions -vd)
+PY3VERSION = $(shell py3versions -vd)
 PY3VERS = $(shell py3versions -vr)
 
 
 %:
-	dh $@ --with=python2,python3
+	dh $@ --with=python3 --buildsystem=pybuild
 
 override_dh_auto_clean:
 	rm -rf $(CURDIR)/build
 	dh_auto_clean
 
-override_dh_auto_build:
-	set -ex && for pyvers in $(PYVERS) $(PY3VERS); do \
-		python$$pyvers setup.py build; \
-		python$$pyvers-dbg setup.py build; \
-	done
-
-override_dh_auto_install:
-	set -ex && for pyvers in $(PYVERS) $(PY3VERS); do \
-		python$$pyvers setup.py install --install-layout=deb --root $(CURDIR)/debian/tmp; \
-		python$$pyvers-dbg setup.py install --install-layout=deb --root $(CURDIR)/debian/tmp; \
-	done
+
+#override_dh_auto_install:
+#	set -ex && for pyvers in $(PYVERS) $(PY3VERS); do \
+#		python$$pyvers setup.py install --install-layout=deb --root $(CURDIR)/debian/tmp; \
+#		python$$pyvers-dbg setup.py install --install-layout=deb --root $(CURDIR)/debian/tmp; \
+#	done
 
 override_dh_installdocs:
 	dh_installdocs
-	rm -rf debian/python-netifaces-dbg/usr/share/doc/python-netifaces-dbg
-	ln -s python-netifaces debian/python-netifaces-dbg/usr/share/doc/python-netifaces-dbg
 
 	rm -rf debian/python3-netifaces-dbg/usr/share/doc/python3-netifaces-dbg
 	ln -s python3-netifaces debian/python3-netifaces-dbg/usr/share/doc/python3-netifaces-dbg
 
 
 override_dh_strip:
-	dh_strip -X"python3" --dbg-package=python-netifaces-dbg
-	dh_strip -X"python2" --dbg-package=python3-netifaces-dbg
+	dh_strip --dbg-package=python3-netifaces-dbg
 
 override_dh_python3:
 	find debian/python3-netifaces -name 'netifaces.cpython-*d*-$(DEB_HOST_MULTIARCH).so' | xargs -r rm -f

Processed: netifaces: diff for NMU version 0.10.9-0.2

[Debian Bug Tracking System]

Processing control commands:

> tags 937129 + patch
Bug #937129 [src:netifaces] netifaces: Python2 removal in sid/bullseye
Added tag(s) patch.

-- 
937129: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=937129
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#936975: marked as done (m2crypto: Python2 removal in sid/bullseye)

[Debian Bug Tracking System]

Your message dated Fri, 31 Jan 2020 05:34:42 +
with message-id 
and subject line Bug#936975: fixed in m2crypto 0.31.0-9
has caused the Debian Bug report #936975,
regarding m2crypto: Python2 removal in sid/bullseye
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
936975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:m2crypto
Version: 0.31.0-6
Severity: normal
Tags: sid bullseye
User: debian-pyt...@lists.debian.org
Usertags: py2removal

Python2 becomes end-of-live upstream, and Debian aims to remove
Python2 from the distribution, as discussed in
https://lists.debian.org/debian-python/2019/07/msg00080.html

Your package either build-depends, depends on Python2, or uses Python2
in the autopkg tests.  Please stop using Python2, and fix this issue
by one of the following actions.

- Convert your Package to Python3. This is the preferred option.  In
  case you are providing a Python module foo, please consider dropping
  the python-foo package, and only build a python3-foo package.  Please
  don't drop Python2 modules, which still have reverse dependencies,
  just document them.
  
  This is the preferred option.

- If the package is dead upstream, cannot be converted or maintained
  in Debian, it should be removed from the distribution.  If the
  package still has reverse dependencies, raise the severity to
  "serious" and document the reverse dependencies with the BTS affects
  command.  If the package has no reverse dependencies, confirm that
  the package can be removed, reassign this issue to ftp.debian.org,
  make sure that the bug priority is set to normal and retitle the
  issue to "RM: PKG -- removal triggered by the Python2 removal".

- If the package has still many users (popcon >= 300), or is needed to
  build another package which cannot be removed, document that by
  adding the "py2keep" user tag (not replacing the py2remove tag),
  using the debian-pyt...@lists.debian.org user.  Also any
  dependencies on an unversioned python package (python, python-dev)
  must not be used, same with the python shebang.  These have to be
  replaced by python2/python2.7 dependencies and shebang.

  This is the least preferred option.

If the conversion or removal needs action on another package first,
please document the blocking by using the BTS affects command, like

  affects  + src:m2crypto

If there is no py2removal bug for that reverse-dependency, please file
a bug on this package (similar to this bug report).

If there are questions, please refer to the wiki page for the removal:
https://wiki.debian.org/Python/2Removal, or ask for help on IRC
#debian-python, or the debian-pyt...@lists.debian.org mailing list.
--- End Message ---
--- Begin Message ---
Source: m2crypto
Source-Version: 0.31.0-9

We believe that the bug you reported is fixed in the latest version of
m2crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 936...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi  (supplier of updated m2crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 31 Jan 2020 00:17:53 -0500
Source: m2crypto
Architecture: source
Version: 0.31.0-9
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi 
Changed-By: Sandro Tosi 
Closes: 936975
Changes:
 m2crypto (0.31.0-9) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse.
 .
   [ Sandro Tosi ]
   * Drop python2 support; Closes: #936975
Checksums-Sha1:
 0ce7008302f0a41f416ef24807843e4daed57bd9 2291 m2crypto_0.31.0-9.dsc
 82585575b45d563c6785440ed501d905e5fa1a62 59852 m2crypto_0.31.0-9.debian.tar.xz
 cbfa38302b53bf381abd9c1f039e3267de4a64e3 8072 
m2crypto_0.31.0-9_source.buildinfo
Checksums-Sha256:
 175d11b8f6dd27d9becce42e7df1c110bbcab5b50c42447af9dcd09c5e4de973 2291 
m2crypto_0.31.0-9.dsc
 524d5543e136b93761377c1643d9ff116a53c57d60772031c2fd7ab94657e88c 59852 
m2crypto_0.31.0-9.debian.tar.xz
 dddb588e9421930f0e48d8da51a151707228048a458bf31a572a476eec9bb60b 8072 

Processed: bug 949518 is forwarded to https://bugzilla.netfilter.org/show_bug.cgi?id=1400

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 949518 https://bugzilla.netfilter.org/show_bug.cgi?id=1400
Bug #949518 [iptables] ufw: does not work with iptables-restore 1.8.4-2 (blank 
line in file)
Set Bug forwarded-to-address to 
'https://bugzilla.netfilter.org/show_bug.cgi?id=1400'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
949518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 936880 is forwarded to https://github.com/ianw/libiptcdata/commit/a08baa11692bc12089a3e03cc341508d8f65c5a8 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 936880 
> https://github.com/ianw/libiptcdata/commit/a08baa11692bc12089a3e03cc341508d8f65c5a8
Bug #936880 [src:libiptcdata] libiptcdata: Python2 removal in sid/bullseye
Set Bug forwarded-to-address to 
'https://github.com/ianw/libiptcdata/commit/a08baa11692bc12089a3e03cc341508d8f65c5a8'.
> tags 936880 + fixed-upstream
Bug #936880 [src:libiptcdata] libiptcdata: Python2 removal in sid/bullseye
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
936880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936880
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#936975: marked as pending in m2crypto

[Sandro Tosi]

Control: tag -1 pending

Hello,

Bug #936975 in m2crypto reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/modules/m2crypto/commit/6399f75ba2b028ba5feabcb4b9305dd309007529


Drop python2 support; Closes: #936975


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/936975

Processed: Bug#936975 marked as pending in m2crypto

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #936975 [src:m2crypto] m2crypto: Python2 removal in sid/bullseye
Added tag(s) pending.

-- 
936975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925824: marked as done (sgt-puzzles: ftbfs with GCC-9)

[Debian Bug Tracking System]

Your message dated Fri, 31 Jan 2020 03:54:35 +
with message-id 
and subject line Bug#925824: fixed in sgt-puzzles 20191231.79a5378-1
has caused the Debian Bug report #925824,
regarding sgt-puzzles: ftbfs with GCC-9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925824
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:sgt-puzzles
Version: 20170606.272beef-1
Severity: normal
Tags: sid bullseye
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-9

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-9/g++-9, but succeeds to build with gcc-8/g++-8. The
severity of this report will be raised before the bullseye release,
so nothing has to be done for the buster release.

The full build log can be found at:
http://people.debian.org/~doko/logs/gcc9-20190321/sgt-puzzles_20170606.272beef-1_unstable_gcc9.log
The last lines of the build log are at the end of this report.

To build with GCC 9, either set CC=gcc-9 CXX=g++-9 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-9/porting_to.html

GCC 9 also passes the linker option --as-needed by default; typical
build issues are passing libraries before object files to the linker,
or underlinking of convenience libraries built from the same source.

[...]
depbase=`echo icons/singles-icon.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DPACKAGE_NAME=\"puzzles\" -DPACKAGE_TARNAME=\"puzzles\" 
-DPACKAGE_VERSION=\"20170606.272beef\" -DPACKAGE_STRING=\"puzzles\ 
20170606.272beef\" -DPACKAGE_BUGREPORT=\"ana...@pobox.com\" -DPACKAGE_URL=\"\" 
-DPACKAGE=\"puzzles\" -DVERSION=\"20170606.272beef\" -I.  -I././ -I./icons/  
-Wdate-time -D_FORTIFY_SOURCE=2 -DDEBIAN_VERSION="\"20170606.272beef-1\"" 
-pthread -I/usr/include/gtk-3.0 -I/usr/include/at-spi2-atk/2.0 
-I/usr/include/at-spi-2.0 -I/usr/include/dbus-1.0 
-I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -I/usr/include/gtk-3.0 
-I/usr/include/gio-unix-2.0 -I/usr/include/cairo -I/usr/include/libdrm 
-I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 
-I/usr/include/fribidi -I/usr/include/atk-1.0 -I/usr/include/cairo 
-I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 
-I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libmount -I/usr/include/blkid 
-I/usr/include/uuid -I/usr/include/glib-2.0 
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DSHAREDIR
 ="\"/usr/share\""  -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-Wno-error=deprecated-declarations -Wall -Werror -std=c89 -MT 
icons/singles-icon.o -MD -MP -MF $depbase.Tpo -c -o icons/singles-icon.o 
icons/singles-icon.c &&\
mv -f $depbase.Tpo $depbase.Po
gcc -pthread -I/usr/include/gtk-3.0 -I/usr/include/at-spi2-atk/2.0 
-I/usr/include/at-spi-2.0 -I/usr/include/dbus-1.0 
-I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -I/usr/include/gtk-3.0 
-I/usr/include/gio-unix-2.0 -I/usr/include/cairo -I/usr/include/libdrm 
-I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 
-I/usr/include/fribidi -I/usr/include/atk-1.0 -I/usr/include/cairo 
-I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 
-I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libmount -I/usr/include/blkid 
-I/usr/include/uuid -I/usr/include/glib-2.0 
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DSHAREDIR="\"/usr/share\""  -g 
-O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wno-error=deprecated-declarations -Wall -Werror 
-std=c89  -Wl,-z,relro -o singles ./drawing.o ./dsf.o ./gtk.o ./latin.o 
./malloc.o ./maxflow.o ./midend.o ./misc.o ./printing.o ./ps.o ./random.o 
./singles.o ./tree234.o ./version.o i
 cons/singles-icon.o -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -latk-1.0 
-lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lm 
depbase=`echo sixteen.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DPACKAGE_NAME=\"puzzles\" -DPACKAGE_TARNAME=\"puzzles\" 

Processed: py2removal bugs severity updates - 2020-01-31 03:35:30.816300+00:00

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # This is an automated script, part of the effort for the removal of Python 2 
> from bullseye
> #  * https://wiki.debian.org/Python/2Removal
> #  * http://sandrotosi.me/debian/py2removal/index.html
> # See https://lists.debian.org/debian-devel-announce/2019/11/msg0.html
> # and https://lists.debian.org/debian-python/2019/12/msg00076.html
> # mail threads for more details on this severity update
> # python-m2crypto is a module and has 0 external rdeps or not in testing
> severity 936975 serious
Bug #936975 [src:m2crypto] m2crypto: Python2 removal in sid/bullseye
Severity set to 'serious' from 'normal'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
936975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#949385: cacti: Cacti fails under PHP-FPM

[Adam Thompson]

The reason we’re running php-7.4 is because I screwed up; I enabled the entire 
backports repo instead of selecting individual packages from it.
Given that this is the Nth time I’ve done this or seen it done, I suspect it’s 
a reasonably common scenario/mistake.
-Adam

Bug#936617: Updated on salsa; pending upload

[Philippe Mathieu-Daudé]

Hi Jelmer,

On Thu, Jan 30, 2020 at 3:27 PM Jelmer Vernooij  wrote:
>
> It looks like this package has been ported to Python 3, but has not
> yet been uploaded. The last changelog entry on salsa
> (https://salsa.debian.org/philmd-guest/git-publish.git) says:
>
> git-publish (1.5.1-1) UNRELEASED; urgency=medium
>
>   * Non-maintainer upload.
>   * Update to git-publish 1.5.1:
> - few bugfixes
> - added more options
> - use Python3
>
>  -- Philippe Mathieu-Daudé   Fri, 06 Dec 2019 15:53:10 +0100
>
> Philippe, would you like me to sponsor an upload of the package?

This is very kind of you!

I updated to git-publish 1.6.0 about a month ago, but then got
distracted when looking for a sponsor...
So your help is very much appreciated :)

I tested/pushed in this branch:
https://salsa.debian.org/philmd-guest/git-publish/tree/debian-v1.6.0
All the CI passed:
https://salsa.debian.org/philmd-guest/git-publish/pipelines/98389

>From here I'm not sure if this is correct (should I use another branch? 
>master?)
Is this enough for you to upload? Should I do something more?

Again, thanks a lot!

Phil.

>
> --
> Jelmer Vernooij 
> PGP Key: https://www.jelmer.uk/D729A457.asc

Bug#937484: Info received (Taking over)

[Jelmer Vernooij]

Oops - I should have read the earlier part of the this bug better. :-/

gpodder's mtp support appears to have been commented out for a long
time. FWIW, the MTP support in gvfs doesn't appear to work as an
alternative for me - get an error about the filesystem not being
local.

I do actually have a version of the package ported to Python 3, if
that would be useful.

-- 
Jelmer Vernooij 
PGP Key: https://www.jelmer.uk/D729A457.asc

Bug#936806: koji: Python2 removal in sid/bullseye

[Mike Miller]

On Thu, Jan 30, 2020 at 01:36:33 -0500, Sandro Tosi wrote:
> yep i came across all of them starting from python-lzma -- do you know
> what's the status of the "RedHat infrastructure" in debian? many (if
> not all) of those tools are relatively old, not maintained (or just in
> life support mode) and most of all, python2 with no port to python3
> available

Yeah. I was responsible for some of these, but put them up for adoption
about a year ago. You've about captured the status, all rpm-related
packages in Debian are old, unmaintained, Python 2 only. Updating to
Python 3 ports of mock and koji need dnf, yum is abandonware.

I've seen a couple threads about packaging dnf (likely not archived),
but so far no one has committed enough to file an ITP.

There _is_ an ITP for createrepo-c (#912338), a C-only reimplementation,
also a koji dependency, but looks like it may have stalled.

-- 
mike


signature.asc
Description: PGP signature

Bug#937484: Taking over

[Jelmer Vernooij]

Hi Hans-Christoph,

I'm interested in pymtp, since gpodder can optionally use it.  Thanks for 
packaging it!

I'll prepare an upload to migrate it to Python3, and will move it to
the Python team.

Cheers,

Jelmer

-- 
Jelmer Vernooij 
PGP Key: https://www.jelmer.uk/D729A457.asc

Bug#945961: xz-utils: FTBFS: cannot stat 'debian/tmp/usr/lib/x86_64-linux-gnu/liblzma.so.*'

[Vagrant Cascadian]

Noticed that I can successfully build arch:all OR arch:any, but not
arch:all AND arch:any when building with sbuild.

Fails, building both arch:all and arch:any in one pass (which I think is
the default for pbuilder?):

 sbuild -d UNRELEASED -c sid --no-source --arch-any --arch-all 
xz-utils_5.2.4-1.dsc

Succeeds, building arch:all only:

 sbuild -d UNRELEASED -c sid --no-source --no-arch-any --arch-all 
xz-utils_5.2.4-1.dsc

Succeeds, building arch:any only:

 sbuild -d UNRELEASED -c sid --no-source --arch-any --no-arch-all 
xz-utils_5.2.4-1.dsc


That would explain why it works on the buildd's but not with pbuilder or
with the reproducible builds infrastructure (which also uses pbuilder
with a all+any build, usually).


At some point, it would be nice to systematically test these types of
issues as part of the reproducible builds infrastructure, but that is
probably a ways off...


live well,
  vagrant


signature.asc
Description: PGP signature

Processed: tagging 950290

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 950290 + patch
Bug #950290 [bley] bley: Port to use publicsuffix2, missing depends
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950290: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950290
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950290: Acknowledgement (bley: Port to use publicsuffix2, missing depends)

[Scott Kitterman]

Patch attached for completeness.  I assume this won't be ported to python3, so 
this is irrelevant, but if it is, this needs to be done too.

Scott K

Note: Despite the NMU style debian/changelog, I do not intend to NMU this 
package.
diff -Nru bley-2.0.0/debian/changelog bley-2.0.0/debian/changelog
--- bley-2.0.0/debian/changelog	2015-01-09 02:11:09.0 -0500
+++ bley-2.0.0/debian/changelog	2020-01-30 19:57:12.0 -0500
@@ -1,3 +1,10 @@
+bley (2.0.0-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Port to use publicsuffix2 (Closes: #950290)
+
+ -- Scott Kitterman   Thu, 30 Jan 2020 19:57:12 -0500
+
 bley (2.0.0-2) unstable; urgency=medium
 
   * drop dnsbl.ahbl.org from the config, it was shut down and produces
diff -Nru bley-2.0.0/debian/patches/publicsuffix2_port.patch bley-2.0.0/debian/patches/publicsuffix2_port.patch
--- bley-2.0.0/debian/patches/publicsuffix2_port.patch	1969-12-31 19:00:00.0 -0500
+++ bley-2.0.0/debian/patches/publicsuffix2_port.patch	2020-01-30 19:57:12.0 -0500
@@ -0,0 +1,47 @@
+Description: Use publicsuffix2
+Author: Scott Kitterman 
+Bug-Debian: https://bugs.debian.org/950290
+Origin: vendor
+Forwarded: no
+Last-Update: 2020-01-31
+
+--- bley-2.0.0.orig/bleyhelpers.py
 bley-2.0.0/bleyhelpers.py
+@@ -29,9 +29,9 @@ import spf
+ import re
+ import ipaddr
+ try:
+-import publicsuffix
++import publicsuffix2
+ except ImportError:
+-publicsuffix = None
++publicsuffix2 = None
+ 
+ publicsuffixlist = None
+ 
+@@ -67,11 +67,11 @@ def domain_from_host(host):
+ @return: the extracted domain
+ '''
+ 
+-if publicsuffix:
++if publicsuffix2:
+ global publicsuffixlist
+ if publicsuffixlist is None:
+-publicsuffixlist = publicsuffix.PublicSuffixList()
+-domain = publicsuffixlist.get_public_suffix(host)
++publicsuffixlist = publicsuffix2.PublicSuffixList()
++domain = publicsuffixlist2.get_public_suffix(host)
+ else:
+ d = host.split('.')
+ if len(d) > 1:
+--- bley-2.0.0.orig/setup.py
 bley-2.0.0/setup.py
+@@ -34,7 +34,7 @@ setup(
+ extras_require={
+ 'PostgreSQL backend': ['psycopg2'],
+ 'MySQL backend': ['MySQL-python'],
+-'publicsuffix.org support': ['publicsuffix'],
++'publicsuffix.org support': ['publicsuffix2'],
+ },
+ data_files=[
+ ('/etc/bley', ['bley.conf.example',
diff -Nru bley-2.0.0/debian/patches/series bley-2.0.0/debian/patches/series
--- bley-2.0.0/debian/patches/series	2015-01-09 02:11:09.0 -0500
+++ bley-2.0.0/debian/patches/series	2020-01-30 19:57:12.0 -0500
@@ -1,2 +1,3 @@
 01-debian_config_and_paths.patch
 drop-dnsbl.ahbl.org-from-the-config.patch
+publicsuffix2_port.patch


signature.asc
Description: This is a digitally signed message part.

Bug#950290: bley: Port to use publicsuffix2, missing depends

[Scott Kitterman]

Package: bley
Severity: serious
Justification: Policy 3.5

The python-publicsuffix package was deprecated by upstream and has been
replaced in Debian by python-publicsuffix2.  If bley is ported to Python
3 so it can stay in Debian, it also needs to be ported to publicsuffix2.

Scott K

Versions of packages bley depends on:
ii  adduser3.118
pn  dbconfig-common
ii  debconf [debconf-2.0]  1.5.71
ii  init-system-helpers1.56+nmu1
ii  python 2.7.16-1
pn  python-dns 
pn  python-ipaddr  
ii  python-publicsuffix1.1.0-2
pn  python-spf 
pn  python-twisted-core
pn  python-twisted-names   

Versions of packages bley recommends:
ii  postfix 3.4.8-0+10debu1
pn  postgresql-client | mysql-client | sqlite3  
pn  python-psycopg2 | python-mysqldb

bley suggests no packages.

Processed: Issue resolved

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 938184 + pending
Bug #938184 [src:python-socksipychain] python-socksipychain: Python2 removal in 
sid/bullseye
Added tag(s) pending.
> tag 947812 + pending
Bug #947812 [python3-socksipychain] python3-socksipychain: missing 
Breaks+Replaces: python-socksipychain
Added tag(s) pending.
> tag 948930 + pending
Bug #948930 [src:python-socksipychain] python-socksipychain: autopkgtest 
regression: No module named sockschain
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
938184: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938184
947812: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947812
948930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948930
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#938184: Issue resolved

[Sunil Mohan Adapa]

tag 938184 + pending
tag 947812 + pending
tag 948930 + pending
thanks

I have pushed fixes for these issues into the package repository.
Requested an upload.

Thank you,

-- 
Sunil



signature.asc
Description: OpenPGP digital signature

Processed: found 948831 in 19.11.0-1, reassign 949149 to src:android-tools, fixed 949149 in 5.1.1.r38-1.1+rm

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 948831 19.11.0-1
Bug #948831 [src:pydoctor] git-buildpackage: FTBFS: ImportError: No module 
named cachecontrol
Marked as found in versions pydoctor/19.11.0-1.
> reassign 949149 src:android-tools 5.1.1.r38-1.1
Bug #949149 {Done: Debian FTP Masters } 
[src:android-tools, src:android-platform-system-core] android-tools, 
android-platform-system-core: both build android-tools-mkbootimg
Bug reassigned from package 'src:android-tools, 
src:android-platform-system-core' to 'src:android-tools'.
No longer marked as found in versions 
android-platform-system-core/1:8.1.0+r23-5 and android-tools/5.1.1.r38-1.1.
No longer marked as fixed in versions 5.1.1.r38-1.1+rm.
Bug #949149 {Done: Debian FTP Masters } 
[src:android-tools] android-tools, android-platform-system-core: both build 
android-tools-mkbootimg
Marked as found in versions android-tools/5.1.1.r38-1.1.
> fixed 949149 5.1.1.r38-1.1+rm
Bug #949149 {Done: Debian FTP Masters } 
[src:android-tools] android-tools, android-platform-system-core: both build 
android-tools-mkbootimg
The source 'android-tools' and version '5.1.1.r38-1.1+rm' do not appear to 
match any binary packages
Marked as fixed in versions android-tools/5.1.1.r38-1.1+rm.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
948831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948831
949149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#949219: marked as done (casacore-data-jplde FTBFS due to missing file)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:47:08 +
with message-id 
and subject line Bug#949219: fixed in casacore-data-jplde 
2007.07.05+ds.1-0+deb10u1
has caused the Debian Bug report #949219,
regarding casacore-data-jplde FTBFS due to missing file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: casacore-data-jplde
Version: 2007.07.05-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/casacore-data-jplde.html

...
Create data tables for Measures
---
measuresdata: Version 20110502wnb
The requested type is: DE405
The processed type[s]: DE405
The requested DE table range is 1960-2040
The data table directory: /build/casacore-data-jplde-2007.07.05/build
The input data file: /build/casacore-data-jplde-2007.07.05/build/ascp2040.405
The input data file is not readable
make[1]: *** [debian/rules:7: override_dh_auto_build] Error 1


build/ascp2040.405 is a dangling symlink.
--- End Message ---
--- Begin Message ---
Source: casacore-data-jplde
Source-Version: 2007.07.05+ds.1-0+deb10u1

We believe that the bug you reported is fixed in the latest version of
casacore-data-jplde, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated casacore-data-jplde package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 22:10:58 +0200
Source: casacore-data-jplde
Architecture: source
Version: 2007.07.05+ds.1-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Astro Team 
Changed-By: Adrian Bunk 
Closes: 949219
Changes:
 casacore-data-jplde (2007.07.05+ds.1-0+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload.
   * Include tables up to 2040 in the upstream tarball. Closes: #949219
Checksums-Sha1:
 345f6e2e284d6c6fcb6ffc6691c50f3cdbc6466f 2296 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.dsc
 9f9639129cf8aa7af90e817caece8043c9866cd9 2696 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 0790279e26e7f2ac1850cddffb0f38d17540df642b9e79b36e70f58fca9fcd3b 2296 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.dsc
 534445efa12daac7f00b64086377929b4ba7756c191bb12af96869513e8c2ed4 2696 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.debian.tar.xz
Files:
 4dd8193396a3ec153f9fed025a1ca0c7 2296 science optional 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.dsc
 4d793607f0231da039db36e1bb19929a 2696 science optional 
casacore-data-jplde_2007.07.05+ds.1-0+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4t9P0ACgkQiNJCh6LY
mLGtlw//elmpYWRNU3Mt2XcwZWw0wDxr0Z27ZQmbJUpAiCyOkxHzU8s30Pw+YFSQ
Ah2m/glFtayMGXhHLv3SdJQDnanNG2jTF3sVhUhN8k9qMAD5oZMIj0tIF4jWtkn+
RnFdiUh+hmbmtkp3Enelo7YjiD5sRCSJfMpSHrTKzI5vUHD8j7t1k6Hcdbq+7Skt
uGbFUiCZAFt3ckm01dy5g5Ok9mZY8zYQBROjC5P5wKAcUJX0DB38kEhUr//Ip2Yl
rDDngJItaHblNf9YcF7leLm41ombH8hTZqj3hNKPd9TUKM19D+m+AGTfY2JDyo4t
6Lfi5n8nBMkmhbYmzJdagZEaP8CcXVSvmNpLJhC1rT7YPEJvKLocD6CM1PfuSSaZ
BLxpc/tLUbxiZIiIHn5UdqNIw7BxBwtMVpSyZOlUBLBI4oE+dMHIh7If5eRZvxDL
318C34yLipLXsm1D9C3JuLdyloELbOkn1D9d9nV9Lb75SETSoiVR+2qMgL62QE3G
yCfDW5qhB9HlAOhGbrbd0hR8EMSUjxoAR3fy7dGoX5qh1J5rXfc9hJjHhqzWhq/r
OqoHCn1wztd5Kpao5f6eAYpz2GO31ENVAY5euUXHkNsnqVHpSLZf0ilHRaLR94v9
zP9VksSTCSbfgfdGkzOEufR1zFCtnadOIxCzEyqqhW6qGkhKADs=
=jINS
-END PGP SIGNATURE End Message ---

Bug#948668: marked as done (libole-storage-lite-perl: y2k20 problem)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:33 +
with message-id 
and subject line Bug#948668: fixed in libole-storage-lite-perl 0.19-1+deb9u1
has caused the Debian Bug report #948668,
regarding libole-storage-lite-perl: y2k20 problem
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948668
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libole-storage-lite-perl
Version: 0.19-1
Severity: serious
Tags: ftbfs
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=124513
Control: close -1  0.20-1

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libole-storage-lite-perl.html

...

#   Failed test '   LocalDate2OLE: Thu Jan  1 00:00:00 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '0040352757CF0D02'
# expected: '00803ED5DEB19D01'

#   Failed test '   LocalDate2OLE: Thu Jan  1 00:00:01 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80D6CD2757CF0D02'
# expected: '8016D7D5DEB19D01'

#   Failed test '   LocalDate2OLE: Mon Feb 16 06:28:15 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80A91C03B3F30D02'
# expected: '80E925B13AD69D01'

#   Failed test '   LocalDate2OLE: Fri Dec 11 08:49:03 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80A99C0DF2DD0E02'
# expected: '80E9A5BB79C09E01'
# Looks like you failed 4 tests of 198.
t/01_date_conversion.t .. 
...


libole-storage-lite-perl (0.20-1) unstable; urgency=medium

  * Import upstream version 0.20.
Fixes y2k20 problem, as seen also on ci.debian.net.
...
 -- gregor herrmann   Thu, 02 Jan 2020 17:26:42 +0100
--- End Message ---
--- Begin Message ---
Source: libole-storage-lite-perl
Source-Version: 0.19-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
libole-storage-lite-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libole-storage-lite-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 23:07:24 +0200
Source: libole-storage-lite-perl
Binary: libole-storage-lite-perl
Architecture: source
Version: 0.19-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Description:
 libole-storage-lite-perl - simple class for OLE document interface
Closes: 948668
Changes:
 libole-storage-lite-perl (0.19-1+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Backport upstream fix for years >= 2020 being misinterpreted.
 (Closes: #948668)
Checksums-Sha1:
 f3e35f1da3a6b883a8da6a05bb6b8b5a49428516 2227 
libole-storage-lite-perl_0.19-1+deb9u1.dsc
 87fb5caa524f8652f809cf297fb02de5efe981ed 3324 
libole-storage-lite-perl_0.19-1+deb9u1.diff.gz
Checksums-Sha256:
 0ebfc7c9e1e425b57ff2648e7e8af9789109f369f56fe57e2a3d74d717da1d54 2227 
libole-storage-lite-perl_0.19-1+deb9u1.dsc
 56e8673e6f03ef537d1e76eccf79af472233a22df221a9669e507ae99309299f 3324 
libole-storage-lite-perl_0.19-1+deb9u1.diff.gz
Files:
 85ca6fe20159e3f1df722f48464bd430 2227 perl optional 
libole-storage-lite-perl_0.19-1+deb9u1.dsc
 8269bfb91320b6a3b4e203457642fa97 3324 perl optional 
libole-storage-lite-perl_0.19-1+deb9u1.diff.gz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4t//gACgkQiNJCh6LY
mLEbHBAAr4DoCWWsMxmfSG6p67f8Muc4Gd344UHtyMnGZcjYSc7YVehUercan5Eq
eJFPJHeYds8xmhmCKvtKEnDsZib00VZ2uT/OJgydNL9W5Eljb8Qf4zn/Xk/prCYA
ow/dXUMFhUunfAODMzAeAyjKPzserb1pYVbVCswI4NdzH7LHGYqPjHI+rzdKsxwQ
tUKIoobrkcd1IkvEBvNKIr+ohCCScvTrCkTKMl7vOhg86nIsTyHU6oqs+8RoJlzs
Qs+AUV1Cg6GsuwQWZ5CBbFIJmxea6cBU9gbxXxnnnU0FoyTLO4ewC937H9VqJNxG
5QSLl9bLpI/EzwszamTKqD31iKQPy26W179pTyQrA4KFercvAR69Yb9BHyDLNrb2
ZGDjNSTc/tMP2MyZtAQ0w6SA2QvajLV5SxL7Wy+Y7qLS7lNUgGT+xEdhbJi8TI8q
SC9IWTdGNiR0UboMVj8F0wqiVpsgjEj2niqm6HO1BIx6gLXcJ8Tr51NGq/idHExX
o2SudDrg7k0D2HTUiRi+x//Ra59x5ZYfF8RRWs/xmDdijVoUo0wSgGznBgAxpKNU
JkAW5fUMuFcw7W+t7wqdZQzYCDrqGZNTZ8KSoXiAKqVhvqCexM1pY9j4wnA7O30/
emQ0FFLqaz5/7/wU7aen2nn4M/UDZoe/q/tvdauD46af51sAwxA=
=XI21

Bug#907008: marked as done (mod-gnutls FTBFS: FAIL: test-16_view-status.bash)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:35 +
with message-id 
and subject line Bug#907008: fixed in mod-gnutls 0.8.2-3+deb9u1
has caused the Debian Bug report #907008,
regarding mod-gnutls FTBFS: FAIL: test-16_view-status.bash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
907008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907008
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mod-gnutls
Version: 0.8.4-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mod-gnutls.html

...
FAIL: test-16_view-status.bash
...
===
test/logs/16_view-status.error.log
[Wed Aug 22 10:57:04.566902 2018] [gnutls:debug] [pid 51559:tid 
140369585579072] gnutls_hooks.c(532): set_default_dh_param: Setting DH params 
for security level 'Medium'.
[Wed Aug 22 10:57:04.567788 2018] [gnutls:debug] [pid 51559:tid 
140369585579072] gnutls_hooks.c(532): set_default_dh_param: Setting DH params 
for security level 'High'.
[Wed Aug 22 10:57:04.613420 2018] [gnutls:debug] [pid 51573:tid 
140369585579072] gnutls_hooks.c(532): set_default_dh_param: Setting DH params 
for security level 'Medium'.
[Wed Aug 22 10:57:04.614289 2018] [gnutls:debug] [pid 51573:tid 
140369585579072] gnutls_hooks.c(532): set_default_dh_param: Setting DH params 
for security level 'High'.
[Wed Aug 22 10:57:04.614349 2018] [watchdog:debug] [pid 51573:tid 
140369585579072] mod_watchdog.c(454): AH010033: Watchdog: Running with 
WatchdogInterval 1000ms
[Wed Aug 22 10:57:04.614357 2018] [watchdog:debug] [pid 51573:tid 
140369585579072] mod_watchdog.c(462): AH02974: Watchdog: found parent providers.
[Wed Aug 22 10:57:04.614362 2018] [watchdog:debug] [pid 51573:tid 
140369585579072] mod_watchdog.c(508): AH02977: Watchdog: found child providers.
[Wed Aug 22 10:57:04.614366 2018] [watchdog:debug] [pid 51573:tid 
140369585579072] mod_watchdog.c(516): AH02978: Watchdog: Looking for child 
(_singleton_).
[Wed Aug 22 10:57:04.614370 2018] [watchdog:debug] [pid 51573:tid 
140369585579072] mod_watchdog.c(516): AH02978: Watchdog: Looking for child 
(_default_).
[Wed Aug 22 10:57:04.617438 2018] [mpm_worker:notice] [pid 51573:tid 
140369585579072] AH00292: Apache/2.4.34 (Debian) mod_gnutls/0.8.4 GnuTLS/3.5.19 
configured -- resuming normal operations
[Wed Aug 22 10:57:04.617471 2018] [mpm_worker:info] [pid 51573:tid 
140369585579072] AH00293: Server built: 2018-07-27T19:37:37
[Wed Aug 22 10:57:04.617487 2018] [core:notice] [pid 51573:tid 140369585579072] 
AH00094: Command line: '/usr/sbin/apache2 -f 
/build/1st/mod-gnutls-0.8.4/test/tests/16_view-status/apache.conf'
[Wed Aug 22 10:57:04.617495 2018] [core:debug] [pid 51573:tid 140369585579072] 
log.c(1571): AH02639: Using SO_REUSEPORT: yes (1)
[Wed Aug 22 10:57:04.617531 2018] [mpm_worker:debug] [pid 51573:tid 
140369585579072] worker.c(1728): AH00294: Accept mutex: sysvsem (default: 
sysvsem)
[Wed Aug 22 10:57:04.617976 2018] [watchdog:debug] [pid 51575:tid 
140369585579072] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Aug 22 10:57:04.626623 2018] [watchdog:debug] [pid 51576:tid 
140369585579072] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Aug 22 10:57:04.626625 2018] [watchdog:debug] [pid 51577:tid 
140369585579072] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Aug 22 10:57:04.659114 2018] [gnutls:info] [pid 51575:tid 140369245165312] 
[client ::1:55042] GnuTLS: Handshake Failed (-21) 'Could not negotiate a 
supported cipher suite.'
[Wed Aug 22 10:57:04.659259 2018] [gnutls:debug] [pid 51575:tid 
140369245165312] gnutls_io.c(571): [client ::1:55042] mgs_filter_input : 
ap_get_brigade
[Wed Aug 22 10:57:04.659287 2018] [gnutls:debug] [pid 51575:tid 
140369245165312] gnutls_io.c(571): [client ::1:55042] mgs_filter_input : 
ap_get_brigade
[Wed Aug 22 10:57:04.666300 2018] [gnutls:debug] [pid 51575:tid 
140369245165312] gnutls_io.c(571): [client ::1:55042] mgs_filter_input : 
ap_get_brigade
[Wed Aug 22 10:57:04.878313 2018] [core:info] [pid 51573:tid 140369585579072] 
AH00096: removed PID file /build/1st/mod-gnutls-0.8.4/test/apache2.pid 
(pid=51573)
[Wed Aug 22 10:57:04.878343 2018] [mpm_worker:notice] [pid 51573:tid 
140369585579072] AH00295: caught SIGTERM, shutting down
===
...


The start of the FTBFS would match when gnutls 3.5.19-1
entered unstable, this might be related to the cipher changes:
https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008583.html
--- End Message ---
--- Begin Message ---
Source: mod-gnutls
Source-Version: 0.8.2-3+deb9u1

We believe that the bug you 

Bug#947428: marked as done (tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:47 +
with message-id 
and subject line Bug#947428: fixed in tigervnc 1.7.0+dfsg-7+deb9u1
has caused the Debian Bug report #947428,
regarding tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 
CVE-2019-15695
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
947428: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tigervnc
Version: 1.9.0+dfsg-4
Severity: grave
Tags: security upstream
Control: found -1 1.9.0+dfsg-3

Hi,

The following vulnerabilities were published for tigervnc.

CVE-2019-15691[0]:
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-
| return, which occurs due to incorrect usage of stack memory in
| ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder
| may try to access stack variable, which has been already freed during
| the process of stack unwinding. Exploitation of this vulnerability
| could potentially result into remote code execution. This attack
| appear to be exploitable via network connectivity.


CVE-2019-15692[1]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow. Vulnerability could be triggered from CopyRectDecoder due to
| incorrect value checks. Exploitation of this vulnerability could
| potentially result into remote code execution. This attack appear to
| be exploitable via network connectivity.


CVE-2019-15693[2]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow, which occurs in TightDecoder::FilterGradient. Exploitation
| of this vulnerability could potentially result into remote code
| execution. This attack appear to be exploitable via network
| connectivity.


CVE-2019-15694[3]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow, which could be triggered from DecodeManager::decodeRect.
| Vulnerability occurs due to the signdness error in processing
| MemOutStream. Exploitation of this vulnerability could potentially
| result into remote code execution. This attack appear to be
| exploitable via network connectivity.


CVE-2019-15695[4]:
| TigerVNC version prior to 1.10.1 is vulnerable to stack buffer
| overflow, which could be triggered from CMsgReader::readSetCursor.
| This vulnerability occurs due to insufficient sanitization of
| PixelFormat. Since remote attacker can choose offset from start of the
| buffer to start writing his values, exploitation of this vulnerability
| could potentially result into remote code execution. This attack
| appear to be exploitable via network connectivity.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-15691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15691
[1] https://security-tracker.debian.org/tracker/CVE-2019-15692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15692
[2] https://security-tracker.debian.org/tracker/CVE-2019-15693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15693
[3] https://security-tracker.debian.org/tracker/CVE-2019-15694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15694
[4] https://security-tracker.debian.org/tracker/CVE-2019-15695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15695

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-3-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: tigervnc
Source-Version: 1.7.0+dfsg-7+deb9u1

We believe that the bug you reported is fixed in the latest version of
tigervnc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joachim Falk  (supplier of updated tigervnc package)

(This message was generated automatically 

Bug#948669: marked as done (libtest-mocktime-perl: test fails in 2020)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:34 +
with message-id 
and subject line Bug#948669: fixed in libtest-mocktime-perl 0.17-0+deb9u1
has caused the Debian Bug report #948669,
regarding libtest-mocktime-perl: test fails in 2020
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libtest-mocktime-perl
Version: 0.15-1
Severity: serious
Tags: ftbfs
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=124508
Control: close -1 0.16-1

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libtest-mocktime-perl.html

...
#   Failed test 'localtime seems ok'
#   at t/test.t line 43.
# Looks like you failed 1 test of 11.
t/test.t . 
...
--- End Message ---
--- Begin Message ---
Source: libtest-mocktime-perl
Source-Version: 0.17-0+deb9u1

We believe that the bug you reported is fixed in the latest version of
libtest-mocktime-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libtest-mocktime-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jan 2020 18:12:33 +0200
Source: libtest-mocktime-perl
Binary: libtest-mocktime-perl
Architecture: source
Version: 0.17-0+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Description:
 libtest-mocktime-perl - module to simulate time in tests
Closes: 948669
Changes:
 libtest-mocktime-perl (0.17-0+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
 - Only change is a fix for a build failure in the year 2020
   and later. (Closes: #948669)
Checksums-Sha1:
 7fc4cb256c113ad5817660262c39b4aba6444830 2204 
libtest-mocktime-perl_0.17-0+deb9u1.dsc
 6e5114af38a1c3908b1a585e7b59c97d0f44ecf4 2340 
libtest-mocktime-perl_0.17-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 1e9ddb08733e6d0bfa37568c35f6cbbfc082e5f9ce257cc9843abd867d936588 2204 
libtest-mocktime-perl_0.17-0+deb9u1.dsc
 58bfb2e0c5ade0f5f3d549ab9db0be541dd10de339d24b845562ea827731efbe 2340 
libtest-mocktime-perl_0.17-0+deb9u1.debian.tar.xz
Files:
 9c95759836734beca8084499275de5ac 2204 perl optional 
libtest-mocktime-perl_0.17-0+deb9u1.dsc
 709d0c2a5a3b804425b55d151edc6e99 2340 perl optional 
libtest-mocktime-perl_0.17-0+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4bTQEACgkQiNJCh6LY
mLHu9RAAkMdRs9GF0QrjgvgjIOpDNaMme14Tvy1o2vTVD6V29deGCOh2XUwHICb2
+66/GbY5bdGqy88pn/a487pIOWhDSTNcAC67vRBbkvkRfT/t+xluX7q787rkkDhF
7vq8dABHeYG/H1xO79pSLVlWzaWrERZRX9KS/+aApRlpps4tH+rKJT8eyzbh/7sH
rLXWtcvAL03ibW2HgNZ4Kc4mzE/f1c5oRnXw7KFlgj5bNwGcJch4gvk0aWts91h4
ae+/rI+npLivZZs14ITS80mvcZ7M78NT28em0s6Y/dDZZmKv1PCNuXJpoXtUeofa
aCumgGAuL2crW6oBTxX72YvjUgC08t77j/ChldnlCWHI1seBIp4Enp9gPAH6Hz4c
fhLz01Dej9DzhvKUXE79O6KJ0NckXcooPPFYLD/kFGPzY4O6Z3VxKfg0oV0hYggY
DT32evk+rAoARbTXSkVhwG1WfwP6PaElP8UaLmEZsE/7IPPnbV5Yf+QITlI1N3Ca
YbFfzvTjl6ThpezAF5gBTNpw7XtF8mn1CJ3ZPT/kPM3sDteG9o9TzcDgoBHtPEPb
I2FOZDZhlmA1Fs6UfaXlOfYTTOuD5dzNCBTletUZuH8s0SCDDO+TL/33VqvCUIC+
b905WNL9/nj2NFfNyvQXn12gL78MCor7z26xHkiH60nIcXGsgyc=
=qa8L
-END PGP SIGNATURE End Message ---

Bug#934032: marked as done (libjaxen-java: FTBFS in stretch (failing tests, IllegalArgumentException))

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:32 +
with message-id 
and subject line Bug#909216: fixed in libjaxen-java 1.1.6-1+deb9u1
has caused the Debian Bug report #909216,
regarding libjaxen-java: FTBFS in stretch (failing tests, 
IllegalArgumentException)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
909216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909216
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:libjaxen-java
Version: 1.1.6-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in stretch but it failed:


[...]
 debian/rules build-indep
test -x debian/rules
mkdir -p "."
/usr/share/maven-debian-helper/copy-repo.sh /<>/debian
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compiler/*/*.jar': No 
such file or directory
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-compilers/*/*.jar': No 
such file or directory
find: '/usr/share/maven-repo/org/codehaus/plexus/plexus-containers/*/*.jar': No 
such file or directory
mh_patchpoms -plibjaxen-java --debian-build --keep-pom-version 
--maven-repo=/<>/debian/maven-repo 
touch debian/stamp-poms-patched
# before-build target may be used to unpatch the pom files, so we need to check 
if
# patching the pom files is needed here, normally not
if [ ! -f pom.xml.save ]; then \
/usr/bin/make -f debian/rules patch-poms; \
fi
cd . && /usr/lib/jvm/default-java/bin/java -noverify -cp 
/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar
  -Dclassworlds.conf=/etc/maven/m2-debian.conf -Dmaven.home=/usr/share/maven 
-Dmaven.multiModuleProjectDirectory=/<> 
org.codehaus.plexus.classworlds.launcher.Launcher 
-s/etc/maven/settings-debian.xml 
-Dmaven.repo.local=/<>/debian/maven-repo  package -DskipTests
[INFO] Scanning for projects...
[INFO] 
[INFO] 
[INFO] Building jaxen 1.1.6
[INFO] 
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ jaxen ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /<>/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.2:compile (default-compile) @ jaxen ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 197 source files to /<>/target/classes
[WARNING] bootstrap class path not set in conjunction with -source 1.3
[WARNING] source value 1.3 is obsolete and will be removed in a future release
[WARNING] target value 1.2 is obsolete and will be removed in a future release
[WARNING] To suppress warnings about obsolete options, use -Xlint:-options.
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[57,22] 
org.jaxen.expr.DefaultAllNodeStep in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[58,22] 
org.jaxen.expr.DefaultCommentNodeStep in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[59,22] 
org.jaxen.expr.DefaultFilterExpr in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[60,22] 
org.jaxen.expr.DefaultNameStep in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[61,22] 
org.jaxen.expr.DefaultProcessingInstructionNodeStep in org.jaxen.expr has been 
deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[62,22] 
org.jaxen.expr.DefaultStep in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/pattern/PatternParser.java:[63,22] 
org.jaxen.expr.DefaultTextNodeStep in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/expr/DefaultBinaryExpr.java:[52,42] 
org.jaxen.expr.DefaultExpr in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/expr/DefaultLocationPath.java:[60,44] 
org.jaxen.expr.DefaultExpr in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/expr/DefaultUnaryExpr.java:[56,32] 
org.jaxen.expr.DefaultExpr in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/expr/DefaultVariableReferenceExpr.java:[53,44]
 org.jaxen.expr.DefaultExpr in org.jaxen.expr has been deprecated
[WARNING] 
/<>/src/java/main/org/jaxen/expr/DefaultNumberExpr.java:[55,33] 

Processed (with 2 errors): Re: Bug#950219: ruby-gnome: please Build-Depend on libgirepository1.0-dev (>= 1.62.0-4~) and libffi-dev (>= 3.3)

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #950219 [src:ruby-gnome] ruby-gnome: please Build-Depend on 
libgirepository1.0-dev (>= 1.62.0-4~) and libffi-dev (>= 3.3)
Severity set to 'serious' from 'normal'
> block 949185 by -1
Bug #949185 [release.debian.org] transition: libffi
949185 was blocked by: 948789 949288 949290 950015 941218
949185 was not blocking any bugs.
Added blocking bug(s) of 949185: 950219
> user debian...@lists.debian.org
Unknown command or malformed arguments to command.

> usertags -1 + regression
Unknown command or malformed arguments to command.


-- 
949185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949185
950219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#909216: marked as done (libjaxen-java FTBFS: java.lang.IllegalArgumentException: Illegal character in local name: 'pre:foo')

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:32 +
with message-id 
and subject line Bug#909216: fixed in libjaxen-java 1.1.6-1+deb9u1
has caused the Debian Bug report #909216,
regarding libjaxen-java FTBFS: java.lang.IllegalArgumentException: Illegal 
character in local name: 'pre:foo'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
909216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909216
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libjaxen-java
Version: 1.1.6-3
Severity: serious
Tags: ftbfs

Some recent change in unstable makes libjaxen-java FTBFS:

https://tests.reproducible-builds.org/debian/history/libjaxen-java.html
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libjaxen-java.html

...
[ERROR] Tests run: 7, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 0.03 s 
<<< FAILURE! - in org.jaxen.test.DOM4JXPathTest
[ERROR] testJaxen20AttributeNamespaceNodes(org.jaxen.test.DOM4JXPathTest)  Time 
elapsed: 0.002 s  <<< ERROR!
java.lang.IllegalArgumentException: Illegal character in local name: 'pre:foo'.
at org.dom4j.QName.validateNCName(QName.java:346)
at org.dom4j.QName.(QName.java:153)
at org.dom4j.tree.QNameCache.createQName(QNameCache.java:245)
at org.dom4j.tree.QNameCache.get(QNameCache.java:115)
at org.dom4j.DocumentFactory.createQName(DocumentFactory.java:191)
at org.dom4j.tree.FlyweightAttribute.(FlyweightAttribute.java:69)
at org.dom4j.tree.DefaultAttribute.(DefaultAttribute.java:65)
at 
org.jaxen.test.DOM4JXPathTest.testJaxen20AttributeNamespaceNodes(DOM4JXPathTest.java:130)

[ERROR] testNamespaceNodesAreInherited(org.jaxen.test.DOM4JXPathTest)  Time 
elapsed: 0.001 s  <<< ERROR!
java.lang.IllegalArgumentException: Illegal character in local name: 'pre:foo'.
at org.dom4j.QName.validateNCName(QName.java:346)
at org.dom4j.QName.(QName.java:153)
at org.dom4j.tree.QNameCache.createQName(QNameCache.java:245)
at org.dom4j.tree.QNameCache.get(QNameCache.java:115)
at org.dom4j.DocumentFactory.createQName(DocumentFactory.java:191)
at org.dom4j.tree.FlyweightAttribute.(FlyweightAttribute.java:69)
at org.dom4j.tree.DefaultAttribute.(DefaultAttribute.java:65)
at 
org.jaxen.test.DOM4JXPathTest.testNamespaceNodesAreInherited(DOM4JXPathTest.java:159)

[INFO] Running org.jaxen.test.DefaultNamestepTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in 
org.jaxen.test.DefaultNamestepTest
[INFO] Running org.jaxen.test.NameTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.025 s 
- in org.jaxen.test.NameTest
[INFO] Running org.jaxen.test.FunctionCallExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in 
org.jaxen.test.FunctionCallExceptionTest
[INFO] Running org.jaxen.test.CountTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.034 s 
- in org.jaxen.test.CountTest
[INFO] Running org.jaxen.test.RoundTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.01 s - 
in org.jaxen.test.RoundTest
[INFO] Running org.jaxen.test.AxisTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s 
- in org.jaxen.test.AxisTest
[INFO] Running org.jaxen.test.PriorityTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s 
- in org.jaxen.test.PriorityTest
[INFO] 
[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   org.jaxen.test.DOM4JXPathTest#testJaxen20AttributeNamespaceNodes 
IllegalArgumentException
[ERROR]   org.jaxen.test.DOM4JXPathTest#testNamespaceNodesAreInherited 
IllegalArgumentException
[INFO] 
[ERROR] Tests run: 716, Failures: 0, Errors: 2, Skipped: 0
[INFO] 
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 24.739 s
[INFO] Finished at: 2019-10-22T13:34:45-12:00
[INFO] 
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-surefire-plugin:2.21.0:test (default-test) on 
project jaxen: There are test failures.
[ERROR] 
[ERROR] Please refer to /build/1st/libjaxen-java-1.1.6/target/surefire-reports 
for the individual test results.
[ERROR] Please refer to dump files (if any exist) [date]-jvmRun[N].dump, 
[date].dumpstream and [date]-jvmRun[N].dumpstream.
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of 

Bug#948666: marked as done (libperl4-corelibs-perl: Y2K20 problem in t/timelocal.t)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:33 +
with message-id 
and subject line Bug#948666: fixed in libperl4-corelibs-perl 0.003-2+deb9u1
has caused the Debian Bug report #948666,
regarding libperl4-corelibs-perl: Y2K20 problem in t/timelocal.t
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948666
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libperl4-corelibs-perl
Version: 0.003-2
Severity: serious
Tags: ftbfs
Control: close -1 0.004-2

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libperl4-corelibs-perl.html

...
#   Failed test 'timelocal year for 1970 1 2 0 0 0'
#   at t/timelocal.t line 36.
#  got: '170'
# expected: '70'

#   Failed test 'timegm year for 1970 1 2 0 0 0'
#   at t/timelocal.t line 49.
#  got: '170'
# expected: '70'
# Looks like you failed 2 tests of 135.
t/timelocal.t ... 
...


libperl4-corelibs-perl (0.004-2) unstable; urgency=medium
...
  * Add t/timelocal.t to fix Y2K20 problem in t/timelocal.t.
...
 -- gregor herrmann   Fri, 03 Jan 2020 05:09:21 +0100
--- End Message ---
--- Begin Message ---
Source: libperl4-corelibs-perl
Source-Version: 0.003-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libperl4-corelibs-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libperl4-corelibs-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 22:37:58 +0200
Source: libperl4-corelibs-perl
Binary: libperl4-corelibs-perl
Architecture: source
Version: 0.003-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Description:
 libperl4-corelibs-perl - libraries historically supplied with Perl 4
Closes: 948666
Changes:
 libperl4-corelibs-perl (0.003-2+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Add t/timelocal.t fix for Y2K20 problem in t/timelocal.t.
 (Closes: #948666)
Checksums-Sha1:
 ba56d42306ae7f864547d93cfda7f7e1f52e4456 2144 
libperl4-corelibs-perl_0.003-2+deb9u1.dsc
 4e248201a6c23cb689d86c5fdf2472432e82b80e 2508 
libperl4-corelibs-perl_0.003-2+deb9u1.debian.tar.xz
Checksums-Sha256:
 10aea711e580b6510e2eb8a1794089c226f4d7b1d9d464edf52fa72691616864 2144 
libperl4-corelibs-perl_0.003-2+deb9u1.dsc
 1136dc3da0a452e47014cfa49b7f701ec8eb7d65b554afaa596afab8f6a5780c 2508 
libperl4-corelibs-perl_0.003-2+deb9u1.debian.tar.xz
Files:
 a198ade9b09661a0099d832d8a659f22 2144 perl optional 
libperl4-corelibs-perl_0.003-2+deb9u1.dsc
 2acfbf0151330c257f76d46920a9eff1 2508 perl optional 
libperl4-corelibs-perl_0.003-2+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4t+S8ACgkQiNJCh6LY
mLEOyRAAsxSInq6vCOks3xB3OdcxH+Q4elwZ3U4AGATYl0HyitIAbvROOqRHPCXo
1hO+KAVP7up9N1ecQBNTc6GEZSeg/GYrsBKLtwExhiAGBJEmNvhxUQOVEp6myfIh
VALp9Fb94DobaMn3hCRcOQ9fJZp3feO1m+xMD/q/PxLGTUJ3qqd0pnGuzQ9XykIQ
Q1/6Zoz1TzeIQQyIy98CFZHe90cpQXBknVejZrVRJxp88Bje1sBpnkgesFian4Nj
x2bbcNEoW0j4BZ5pKjpheLCZaSeQ3aUmGM+MJUDo357HHzqOOUWdo2Z8gdUUVDhD
sEki7saEeL0mxINJSu+OYVRvA1Xi5An8SXN/M/toaL1R9C/iFCk8dmicFyfwsR4p
9dA4QobgbzbSOabgCu3lmrRmWaGvs69UV9Okg4jcY70i2cOSTU86wq29NN9H7JKi
gpJw2clEpRcdT0RJbFg5e7ldsQ2hg7OHqprA7MklrNC56KyWPsHHGLeIivzNkR+W
cK0TDAl50ACjiyGI7kc4MIQMRIvi+v05tv5auKAUfLqo/aBCnf8R+IJpgXhmGQfh
IsQxO6A9nWlPx+R1tEPbb0n0sD8nh4HPjRub1YGJONKrNB3+VacB8ab0Q7loInE1
zk1G/CeZ2et6sMNIHsVnnEn8zZqPyoc3qKSros1YrbOLBJMCyGY=
=rUYK
-END PGP SIGNATURE End Message ---

Bug#915209: marked as done (perl: FTBFS in the year 2020: cpan/Time-Local/t/Local.t failure)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:46 +
with message-id 
and subject line Bug#915209: fixed in perl 5.24.1-3+deb9u6
has caused the Debian Bug report #915209,
regarding perl: FTBFS in the year 2020: cpan/Time-Local/t/Local.t failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
915209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915209
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: perl
Version: 5.24.1-3
Severity: serious
Tags: patch fixed-upstream stretch
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=124787
User: reproducible-bui...@lists.alioth.debian.org
Usertags: environment

Control: found -1 5.28.0-4 
Control: found -1 5.28.1-1

As noticed by the reproducible-builds project, this package fails
to build in the year 2020 and later.

Severity set to 'serious' as we can't release buster with this issue
even though it works at the moment.

It looks like stretch is also affected, and as it will still be supported
in 2020 it should be fixed as well.

  % faketime 'Fri Feb 3 02:29:50 2020' prove cpan/Time-Local/t/Local.t
  cpan/Time-Local/t/Local.t .. 1/? 
  #   Failed test 'timelocal year for 1970 1 2 0 0 0'
  #   at cpan/Time-Local/t/Local.t line 109.
  #  got: '170'
  # expected: '70'
  
  #   Failed test 'timegm year for 1970 1 2 0 0 0'
  #   at cpan/Time-Local/t/Local.t line 124.
  #  got: '170'
  # expected: '70'
  # Looks like you failed 2 tests of 187.
  
This is [rt.cpan.org #124787] and was fixed upstream with

 
https://github.com/houseabsolute/Time-Local/commit/63265fd81c7f6177bf28dfe0d1ada9cb897de566

-- 
Niko Tyni   nt...@debian.org
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.24.1-3+deb9u6

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 915...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni  (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 25 Jan 2020 19:54:54 +0200
Source: perl
Architecture: source
Version: 5.24.1-3+deb9u6
Distribution: stretch
Urgency: medium
Maintainer: Niko Tyni 
Changed-By: Niko Tyni 
Closes: 915209
Changes:
 perl (5.24.1-3+deb9u6) stretch; urgency=medium
 .
   * Add backported Time-Local patch by Bernhard M. Wiedemann fixing test
 failures from the year 2020 onwards. Thanks to Dean Hamstead.
 (Closes: #915209)
Checksums-Sha1:
 e22e446358fe4ede4c650454e129c9098d5324d9 2397 perl_5.24.1-3+deb9u6.dsc
 9ff5c7f5c12e916364676b5783af9d9c8a343229 186028 
perl_5.24.1-3+deb9u6.debian.tar.xz
 addac731c382e921570a309ee4ad4f03ea63b2e5 4812 
perl_5.24.1-3+deb9u6_source.buildinfo
Checksums-Sha256:
 5c61985fb955a4b756f7d5502977f6f28178f477a21e4b0a42f265fbda76d412 2397 
perl_5.24.1-3+deb9u6.dsc
 55452dc45712a3a80dd16f796278bf1748582f28e9754131aea282a4719aebbd 186028 
perl_5.24.1-3+deb9u6.debian.tar.xz
 2668f08dbfb30fbe71f4e290162f03b631f80840280868a346939b171b692cac 4812 
perl_5.24.1-3+deb9u6_source.buildinfo
Files:
 d8307843ea23ad58e7868a8027b05e7e 2397 perl standard perl_5.24.1-3+deb9u6.dsc
 79c91343273ca691b2b495c1c9e26fc5 186028 perl standard 
perl_5.24.1-3+deb9u6.debian.tar.xz
 5a4c1fefa17a390f92a444f627853765 4812 perl standard 
perl_5.24.1-3+deb9u6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEEdqKOQsmBHZHoj7peLsD/s7cwGx8FAl4sgi4RHG50eW5pQGRl
Ymlhbi5vcmcACgkQLsD/s7cwGx/ALRAAvJXH/fAYXn6qPUqGldi/85yBNFJAbGC+
RbggFQmLE14zr5b+R5i4vSfLiX4aD7XYJGnYxPEPu/v63Dp47UIxhea4g42thP1T
p9x2Fo1DLzRd54BXBaKteolgDv1C35mZyKbnF5P3y+amzOSMVzjF+m1K17VXiJ0y
mPeXT/9mMhexeshpYfoXG2M1Mpqts/X33ijZwDsw5GayxtQmmD6a1w/9ebxPAOHa
suuUWZ9FqU+4CopbEB8hM//GD1CagiffdDSNNVugZR4+OydUZJmrf6m+ZvRU3sy/
LJfMIDSmi+sCP6vMjdhBpmnQs+Irt4kV6zavPVdWE6ByilL5AfhSVZB/WNENElqO
T4mUaw2aR7zBCgGxksupsxRHyN1iJNJ/nmBJcJxRbBQhTiQdVHksfkTZVEG0aiUq
iDF/pOj+hpP8zuiEagG2Z4jlZMj3KuGMaBu3XTsWG/bAWHJdQ30Ao5EF4OhctDXM
Bzfd1ERN5YwA5yHK0yHphuVO0o78sB9hxoZaiW5KBYT8cGcjIM0TUhoja63YsHkh
rBoq7p8zW+IlmVtUDD48K8dp3CCqdUJufoWSmUCiyjXlGMH2V0DKb2Iv1eks+57e

Bug#950121: marked as done (opensmtpd: Major vulnerabilities in opensmtpd resulting in RCE and DOS)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:37 +
with message-id 
and subject line Bug#950121: fixed in opensmtpd 6.0.2p1-2+deb9u1
has caused the Debian Bug report #950121,
regarding opensmtpd: Major vulnerabilities in opensmtpd resulting in RCE and DOS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
950121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: opensmtpd
Version: 6.6.1p1-5~bpo10+1
Severity: critical
Tags: security upstream
Justification: root security hole

Dear Maintainer,

Opensmtpd 6.6.1 has 2 critical vulnerabilities, including one that results in a 
remote root arbitray code execution

see https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages opensmtpd depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  ed 1.15-1
ii  init-system-helpers1.56+nmu1
ii  libasr01.0.2-2
ii  libc6  2.28-10
ii  libdb5.3   5.3.28+dfsg1-0.5
ii  libevent-2.1-6 2.1.8-stable-4
ii  libpam0g   1.3.1-5
ii  libssl1.1  1.1.1d-0+deb10u2
ii  lsb-base   10.2019051400
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages opensmtpd recommends:
ii  opensmtpd-extras  6.6.0-1~bpo10+1

Versions of packages opensmtpd suggests:
ii  ca-certificates  20190110

-- Configuration Files:
/etc/smtpd.conf changed [not included]

-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: opensmtpd
Source-Version: 6.0.2p1-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
opensmtpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 950...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh  (supplier of updated opensmtpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jan 2020 20:28:49 -0500
Source: opensmtpd
Architecture: source
Version: 6.0.2p1-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Ryan Kavanagh 
Changed-By: Ryan Kavanagh 
Closes: 950121
Changes:
 opensmtpd (6.0.2p1-2+deb9u1) stretch-security; urgency=high
 .
   * Fix privilege escalation vulnerability, 019_smtpd_exec.patch.sig. An
 incorrect check allows an attacker to trick mbox delivery into executing
 arbitrary commands as root and lmtp delivery into executing arbitrary
 commands as an unprivileged user. (Closes: #950121) (CVE-2020-7247)
Checksums-Sha1:
 51f527617839cab9c8882ba7b86777091205a8f7 3096 opensmtpd_6.0.2p1-2+deb9u1.dsc
 386e1115c5cbe91f67ce0854594197846b4bb5d9 695513 opensmtpd_6.0.2p1.orig.tar.gz
 0e4c9798a3da01a4bec189103f75a76ab65f3c18 25616 
opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
 dfb59917a7c2e2a0e9d4c48a8b72815346f934bf 8435 
opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo
Checksums-Sha256:
 7447c82a4e136507629b3f526aa527085960a724153c531250d71c89e4b0623f 3096 
opensmtpd_6.0.2p1-2+deb9u1.dsc
 2af9b6d08784c7e546bf124bb61e311a6aa0c9835507710a76f5c242383190ac 695513 
opensmtpd_6.0.2p1.orig.tar.gz
 e490075d01dedeb555f11ade5b3a2edd89e214fdc8853112974fabb1d61c0f9d 25616 
opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
 b59882a41cce18c212f8f9eb1b2525a87edd52d0a2530ba8cff070336de2aedb 8435 
opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo
Files:
 5fcebb440cf89d61e978bacf9b302371 3096 mail extra opensmtpd_6.0.2p1-2+deb9u1.dsc
 1ebc232624f2e2e31010c810ea0a3b88 695513 mail extra 
opensmtpd_6.0.2p1.orig.tar.gz
 80b7cca0a098437f602dbeed6f1109f9 25616 mail extra 
opensmtpd_6.0.2p1-2+deb9u1.debian.tar.xz
 d84cb7719750d2e9bcc56408811ba030 8435 mail extra 
opensmtpd_6.0.2p1-2+deb9u1_source.buildinfo

-BEGIN PGP 

Bug#948682: marked as done (libparse-win32registry-perl FTBFS in the year 2020)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:33 +
with message-id 
and subject line Bug#948682: fixed in libparse-win32registry-perl 1.0-2+deb9u1
has caused the Debian Bug report #948682,
regarding libparse-win32registry-perl FTBFS in the year 2020
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948682
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libparse-win32registry-perl
Version: 1.0-2
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libparse-win32registry-perl.html

...
Test Summary Report
---
t/entry.t   (Wstat: 6144 Tests: 536 Failed: 24)
  Failed tests:  120, 132, 144, 162, 168, 174, 252, 258
264, 270, 276, 282, 331, 343, 355, 373
379, 385, 463, 469, 475, 481, 487, 493
  Non-zero exit status: 24
t/file.t(Wstat: 512 Tests: 16 Failed: 2)
  Failed tests:  14-15
  Non-zero exit status: 2
t/key.t (Wstat: 18432 Tests: 613 Failed: 72)
  Failed tests:  314-315, 317, 322, 331-332, 334, 339, 348-349
351, 356, 365-366, 368, 373, 382-383, 385
390, 399-400, 402, 407, 416-417, 419, 424
433-434, 436, 441, 450-451, 453, 458, 467-468
470, 475, 484-485, 487, 492, 501-502, 504
509, 518-519, 521, 526, 535-536, 538, 543
552-553, 555, 560, 569-570, 572, 577, 586-587
589, 594, 603-604, 606, 611
  Non-zero exit status: 72
t/misc.t(Wstat: 14592 Tests: 217 Failed: 57)
  Failed tests:  65-66, 68-70, 72-74, 76-78, 80-82, 84-86
88-90, 92-94, 96-98, 100-102, 104-106, 108-110
112-114, 116-118, 120-122, 124-126, 128-130
132-134, 136-138, 140
  Non-zero exit status: 57
Files=13, Tests=4079,  3 wallclock secs ( 0.58 usr  0.04 sys +  1.90 cusr  0.26 
csys =  2.78 CPU)
Result: FAIL
Failed 4/13 test programs. 155/4079 subtests failed.
Makefile:1000: recipe for target 'test_dynamic' failed
make[1]: *** [test_dynamic] Error 255
--- End Message ---
--- Begin Message ---
Source: libparse-win32registry-perl
Source-Version: 1.0-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libparse-win32registry-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libparse-win32registry-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 23:27:04 +0200
Source: libparse-win32registry-perl
Binary: libparse-win32registry-perl
Architecture: source
Version: 1.0-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Description:
 libparse-win32registry-perl - Perl module for parsing Windows registry files
Closes: 948682
Changes:
 libparse-win32registry-perl (1.0-2+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Add patch to fix Y2K20 problem.
 (Closes: #948682)
Checksums-Sha1:
 d785f5e480532bb2bcd34a16a7d67ba34de19b73 2200 
libparse-win32registry-perl_1.0-2+deb9u1.dsc
 cc832e3e46372fba0d850545c1e98424d6ffa06f 2752 
libparse-win32registry-perl_1.0-2+deb9u1.debian.tar.xz
Checksums-Sha256:
 1dba4fcfdf564c3305ec7cdcf0b48108a687a474c608a1af6d804038844e637b 2200 
libparse-win32registry-perl_1.0-2+deb9u1.dsc
 66f2df7eb38f78fba6663bfec9982a0521440d29c0e368e1be63fb20ab5f394f 2752 
libparse-win32registry-perl_1.0-2+deb9u1.debian.tar.xz
Files:
 32ddb95728dac337791c95286c8f004a 2200 perl optional 
libparse-win32registry-perl_1.0-2+deb9u1.dsc
 befe1c8ac67d1c15a753c54eb8d695b4 2752 perl optional 
libparse-win32registry-perl_1.0-2+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4uBu0ACgkQiNJCh6LY
mLFNaRAAsGzk1JfRClaO7QW6k9N1xLIWoRU74hKFkatY/rPRQFS3UoWy4ty+lObO
J6NTMYsdolpv5bhWLaZTIYUWh2VvNUfbZ1sBBhHauBVPCvAGtlA8X4wKoEJy+33a
xOBUXnKsaXG5PF+loXw7slsS5JbZCYfw4HHCm6Ewrj5vn/sSGfpJJtO4d0M6IVvD
r44J4G9SERzGt/YH1+FMBklAmIdmpXHRwd4WPfygRqDhAU0O+NItF8UNpxy8zEIJ

Bug#948680: marked as done (libtimedate-perl FTBFS in the year 2020)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 21:17:34 +
with message-id 
and subject line Bug#948680: fixed in libtimedate-perl 2.3000-2+deb9u1
has caused the Debian Bug report #948680,
regarding libtimedate-perl FTBFS in the year 2020
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948680
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libtimedate-perl
Version: 2.3000-2
Severity: serious
Tags: ftbfs patch
Forwarded: https://github.com/gbarr/perl-TimeDate/pull/19

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libtimedate-perl.html

...
t/getdate.t .. 
1..146
# offset = 315576
--
FAIL 1
1995-01-24
Diff:-315576
Expect: 3946665600.00 Sun Jan 23 12:00:00 2095
Got:790905600.00 Mon Jan 23 12:00:00 1995
--
...
Test Summary Report
---
t/getdate.t (Wstat: 0 Tests: 0 Failed: 0)
  Parse errors: Bad plan.  You planned 146 tests but ran 0.
Files=5, Tests=362,  1 wallclock secs ( 0.13 usr  0.02 sys +  0.27 cusr  0.04 
csys =  0.46 CPU)
Result: FAIL
Failed 1/5 test programs. 0/362 subtests failed.
Makefile:942: recipe for target 'test_dynamic' failed
make[1]: *** [test_dynamic] Error 255
--- End Message ---
--- Begin Message ---
Source: libtimedate-perl
Source-Version: 2.3000-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libtimedate-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libtimedate-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 23:13:06 +0200
Source: libtimedate-perl
Binary: libtimedate-perl
Architecture: source
Version: 2.3000-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Description:
 libtimedate-perl - collection of modules to manipulate date/time information
Closes: 948680
Changes:
 libtimedate-perl (2.3000-2+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Add patch from upstream pull request to fix Y2K20 test failure.
 (Closes: #948680)
Checksums-Sha1:
 99fd75320b7ea068e466419232d821cfe0f96ae1 2183 
libtimedate-perl_2.3000-2+deb9u1.dsc
 23a3db034a057d377a891841e20215f8976618ee 5000 
libtimedate-perl_2.3000-2+deb9u1.debian.tar.xz
Checksums-Sha256:
 1d489e06f17c30d94058a466a6809ad3ddd5966619690c42498d97c02eca2649 2183 
libtimedate-perl_2.3000-2+deb9u1.dsc
 92bd2a9a6fad972bda0588a749fb05ea873882f78fde38ca0d2fd126487a206c 5000 
libtimedate-perl_2.3000-2+deb9u1.debian.tar.xz
Files:
 d76c7a0de7394b6a0d04dcc99f940387 2183 perl optional 
libtimedate-perl_2.3000-2+deb9u1.dsc
 c7e514d99d9fe22633db5c64e9b1bd6d 5000 perl optional 
libtimedate-perl_2.3000-2+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4uAjQACgkQiNJCh6LY
mLGLUhAApVc+0ACpy13g96ZURga8L6O569ydfXK+kSu/O9R7CRY4Mi1kC+xSphI3
4kAYmxDJd6X2Hmlnf9JtFKzFX5XarhEszd2ce7W66wWw2EK9LGyW+7vmpxSjgO0A
2TOLbrGHGcggWRLFdMHQjocnzLNtkIB2E3OPQ+IDQrT2DpjvVcVYxBx15sB0zqkz
oQNucRWve3pxIOfhZs5xOgRlw6X6yAskwyhIH2FFeTF562B/A2yydPfOls9oSIbL
DqsQetdrQucTIGXtFkVrmkmyfPAAx5LDaWIaw2GzAjJ596gztyLJN6xZI6e8DseN
Ql7QISGGC8CXLcGnFv118lBfDzWkRSjdj4Vanxd9KhTKEyBsWU3PwBIlh3MIC5dv
xccQQZ08g0KObnT85JOxLY+QnCJVSpTQRNDse1fYzwLHvzLu6KirllR7ymsvuxyO
V65ScTcDx1ue6bkYOP0v1i6io0GO9osbH/1EgxT335L+xBS5yXv/Q/5iKc8btDFr
1j8serozAl6yZzc8FWx5vRxC9ZL+ODzDgRCLeid32kR1PjTe0vrCYIOGKQG3oAiU
M22xOq+Or0a43BHcttvqWD0OdJwpDdZIG/8U4A7MaeFdLymYOqOnFUjJ6g7pV0rZ
QV40e+5bP7QjKH6d/i4/mi9eCGkfudlO438woSLe6YngevPMEXU=
=YTkM
-END PGP SIGNATURE End Message ---

Processed: severity of 938470 is serious

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 938470 serious
Bug #938470 [src:setuptools-scm] setuptools-scm: Python2 removal in sid/bullseye
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
938470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938470
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#936630: Re: Bug#936630: gnumed-client: upstream has (unreleased) py3 support

[Andreas Tille]

On Thu, Jan 30, 2020 at 09:14:35PM +0100, Karsten Hilbert wrote:
> It's done, there's even a release 1.8.rc3.
> 
> I need to convince myself to release 1.8.0 proper :-)

Please convince yourself and I'll upload.

Kind regards

  Andreas.

PS: It would be helpful if you refresh the packaging
relevant changes - preferably here in this public place
and not in private mail.

-- 
http://fam-tille.de

Processed: Re: block "RM: sgmltools-lite" by "RM: aboot"

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unblock 947027 by 949955
Bug #947027 [ftp.debian.org] RM: sgmltools-lite -- RoQA, py2, duperseeded by 
docbook-utils
947027 was blocked by: 949955
947027 was blocking: 937695
Removed blocking bug(s) of 947027: 949955
> block 947027 by 949711
Bug #947027 [ftp.debian.org] RM: sgmltools-lite -- RoQA, py2, duperseeded by 
docbook-utils
947027 was not blocked by any bugs.
947027 was blocking: 937695
Added blocking bug(s) of 947027: 949711
> stop
Stopping processing here.

Please contact me if you need assistance.
-- 
947027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947027
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950121: marked as done (opensmtpd: Major vulnerabilities in opensmtpd resulting in RCE and DOS)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:47 +
with message-id 
and subject line Bug#950121: fixed in opensmtpd 6.0.3p1-5+deb10u3
has caused the Debian Bug report #950121,
regarding opensmtpd: Major vulnerabilities in opensmtpd resulting in RCE and DOS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
950121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: opensmtpd
Version: 6.6.1p1-5~bpo10+1
Severity: critical
Tags: security upstream
Justification: root security hole

Dear Maintainer,

Opensmtpd 6.6.1 has 2 critical vulnerabilities, including one that results in a 
remote root arbitray code execution

see https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages opensmtpd depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  ed 1.15-1
ii  init-system-helpers1.56+nmu1
ii  libasr01.0.2-2
ii  libc6  2.28-10
ii  libdb5.3   5.3.28+dfsg1-0.5
ii  libevent-2.1-6 2.1.8-stable-4
ii  libpam0g   1.3.1-5
ii  libssl1.1  1.1.1d-0+deb10u2
ii  lsb-base   10.2019051400
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages opensmtpd recommends:
ii  opensmtpd-extras  6.6.0-1~bpo10+1

Versions of packages opensmtpd suggests:
ii  ca-certificates  20190110

-- Configuration Files:
/etc/smtpd.conf changed [not included]

-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: opensmtpd
Source-Version: 6.0.3p1-5+deb10u3

We believe that the bug you reported is fixed in the latest version of
opensmtpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 950...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh  (supplier of updated opensmtpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jan 2020 19:44:11 -0500
Source: opensmtpd
Architecture: source
Version: 6.0.3p1-5+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Ryan Kavanagh 
Changed-By: Ryan Kavanagh 
Closes: 950121
Changes:
 opensmtpd (6.0.3p1-5+deb10u3) buster-security; urgency=high
 .
   * Fix two major security bugs (Closes: #950121) (CVE-2020-7247)
 1. smtpd can crash on opportunistic TLS downgrade, causing a denial of
service. OpenBSD 6.6 errata 018:

https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig
 2. Fix privilege escalation vulnerability: An incorrect check allows an
attacker to trick mbox delivery into executing arbitrary commands as
root and lmtp delivery into executing arbitrary commands as an
unprivileged user. OpenBSD 6.6 errata 019:

https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig
Checksums-Sha1:
 b6499b0c2fc8520c135e08c9a6ffa79ff26b4e00 3082 opensmtpd_6.0.3p1-5+deb10u3.dsc
 9aa89eeed7462902903f2e7304173899557aee65 699702 opensmtpd_6.0.3p1.orig.tar.gz
 27936365726edbc06a3b7ba1afa9895f82f10425 30488 
opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz
 4bda6919e9114f73e347e95ee1da7fc27cd80bc7 8465 
opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo
Checksums-Sha256:
 3f87713b1a762df4695bde879b651074a48cd5a8caa5df561543c901eb9e5688 3082 
opensmtpd_6.0.3p1-5+deb10u3.dsc
 291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81 699702 
opensmtpd_6.0.3p1.orig.tar.gz
 001686a5713417570335e78e38d34b6e48c5775cb1efdaa77b68dafa9d9fb188 30488 
opensmtpd_6.0.3p1-5+deb10u3.debian.tar.xz
 4a59567fc92d9b33a3fa9d4eced7337f13ddfc765607ee591bcce0edf3518b6d 8465 
opensmtpd_6.0.3p1-5+deb10u3_source.buildinfo
Files:
 

Bug#948668: marked as done (libole-storage-lite-perl: y2k20 problem)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:38 +
with message-id 
and subject line Bug#948668: fixed in libole-storage-lite-perl 0.19-2+deb10u1
has caused the Debian Bug report #948668,
regarding libole-storage-lite-perl: y2k20 problem
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948668
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libole-storage-lite-perl
Version: 0.19-1
Severity: serious
Tags: ftbfs
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=124513
Control: close -1  0.20-1

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libole-storage-lite-perl.html

...

#   Failed test '   LocalDate2OLE: Thu Jan  1 00:00:00 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '0040352757CF0D02'
# expected: '00803ED5DEB19D01'

#   Failed test '   LocalDate2OLE: Thu Jan  1 00:00:01 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80D6CD2757CF0D02'
# expected: '8016D7D5DEB19D01'

#   Failed test '   LocalDate2OLE: Mon Feb 16 06:28:15 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80A91C03B3F30D02'
# expected: '80E925B13AD69D01'

#   Failed test '   LocalDate2OLE: Fri Dec 11 08:49:03 1970
'
#   at t/01_date_conversion.t line 40.
#  got: '80A99C0DF2DD0E02'
# expected: '80E9A5BB79C09E01'
# Looks like you failed 4 tests of 198.
t/01_date_conversion.t .. 
...


libole-storage-lite-perl (0.20-1) unstable; urgency=medium

  * Import upstream version 0.20.
Fixes y2k20 problem, as seen also on ci.debian.net.
...
 -- gregor herrmann   Thu, 02 Jan 2020 17:26:42 +0100
--- End Message ---
--- Begin Message ---
Source: libole-storage-lite-perl
Source-Version: 0.19-2+deb10u1

We believe that the bug you reported is fixed in the latest version of
libole-storage-lite-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libole-storage-lite-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 22:52:58 +0200
Source: libole-storage-lite-perl
Architecture: source
Version: 0.19-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Closes: 948668
Changes:
 libole-storage-lite-perl (0.19-2+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload.
   * Backport upstream fix for years >= 2020 being misinterpreted.
 (Closes: #948668)
Checksums-Sha1:
 054ad694cf61ee968ee3c74e14e6daa71eac9184 2252 
libole-storage-lite-perl_0.19-2+deb10u1.dsc
 4440e3cfdca18808dc06e2e9980fb46ed319fc85 4240 
libole-storage-lite-perl_0.19-2+deb10u1.debian.tar.xz
Checksums-Sha256:
 8320b55d3ff90d214c607d658eb16324d82e58707fad0bd051fefa74544f09d5 2252 
libole-storage-lite-perl_0.19-2+deb10u1.dsc
 752fa222598c285be054e3717e4d97497b401666d90ed2c99f33ec5156b1cad6 4240 
libole-storage-lite-perl_0.19-2+deb10u1.debian.tar.xz
Files:
 af355402ed9638e19468a261d2121927 2252 perl optional 
libole-storage-lite-perl_0.19-2+deb10u1.dsc
 62277410757b1558879682d6b517b46f 4240 perl optional 
libole-storage-lite-perl_0.19-2+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4t/pAACgkQiNJCh6LY
mLHE9w/+MLUk0kVVyz5vac0ZANBq3PjKa2+zFJGTpbIfpamKbI82pcchyxgAROzU
oRloeoEzbz33QxqNNz34+NyHUQgxUMeHZRhQlpJtujq5shajZCgWZ5OeV5lRK9iV
OskBVbIMhtntS8ehCxri+zJ+0iQDn0Y0fuUYeaQuFAlqh3jR0Qt8E0+gpUQuWBbs
jqp1S0nhfD2zv+Q9McnqvfoOxBvSxae7BqVBs82KhO2ZPUHW0WKwasfTHsLhw6Ov
go/ck+6EUn3E0YMzF7+G0mwjyKWG3hHw4MFG4eT5xyH47DBsfSoz1yw0Ie2oW4nb
M9sl1A1Lm+EhDqZmClXMMIgfRWokUv90jvSl3pR9Kc/jbfjGCSI1yxopCrABrKSK
Ipm7V5GqOZQTegsecGgLvk84l77ViJy/2B0+XN6r99GsCoIifhkYtomtefrtlIrM
hdDfnCFm8E/gv9WNh7ZlvUuWR3G4Grv2CbNjnNoFp/Awh7XOIbZKlADgAeAhrAsw
DcJ7kmvC+Jk2CRO0aNtRlDOni+e+02XoZltyvSqW+PIOJfxog10BK4Cq+RGKL2Sv
ZMmKcVbuc0Hl6ad8RoA1yNkx1N4sBCb2YaTlouvpNH8/AxiAgl8Jx4mkhyaynEvL
9Uivk3yZUdkO6HmkWwMoVNj/Q/VI7BbMO5zAYIXeZliatfAnu08=
=RZpW
-END PGP SIGNATURE End Message ---

Bug#948666: marked as done (libperl4-corelibs-perl: Y2K20 problem in t/timelocal.t)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:39 +
with message-id 
and subject line Bug#948666: fixed in libperl4-corelibs-perl 0.004-1+deb10u1
has caused the Debian Bug report #948666,
regarding libperl4-corelibs-perl: Y2K20 problem in t/timelocal.t
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948666
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libperl4-corelibs-perl
Version: 0.003-2
Severity: serious
Tags: ftbfs
Control: close -1 0.004-2

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libperl4-corelibs-perl.html

...
#   Failed test 'timelocal year for 1970 1 2 0 0 0'
#   at t/timelocal.t line 36.
#  got: '170'
# expected: '70'

#   Failed test 'timegm year for 1970 1 2 0 0 0'
#   at t/timelocal.t line 49.
#  got: '170'
# expected: '70'
# Looks like you failed 2 tests of 135.
t/timelocal.t ... 
...


libperl4-corelibs-perl (0.004-2) unstable; urgency=medium
...
  * Add t/timelocal.t to fix Y2K20 problem in t/timelocal.t.
...
 -- gregor herrmann   Fri, 03 Jan 2020 05:09:21 +0100
--- End Message ---
--- Begin Message ---
Source: libperl4-corelibs-perl
Source-Version: 0.004-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
libperl4-corelibs-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libperl4-corelibs-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 22:31:16 +0200
Source: libperl4-corelibs-perl
Architecture: source
Version: 0.004-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Closes: 948666
Changes:
 libperl4-corelibs-perl (0.004-1+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload.
   * Add t/timelocal.t fix for Y2K20 problem in t/timelocal.t.
 (Closes: #948666)
Checksums-Sha1:
 c2d7e54b17ed874e6d02916ad6d20a3acb934160 2181 
libperl4-corelibs-perl_0.004-1+deb10u1.dsc
 8a8718320d44c348d9e6fd2867ec31dab09c3cd6 3184 
libperl4-corelibs-perl_0.004-1+deb10u1.debian.tar.xz
Checksums-Sha256:
 aa8ac9ed89be78bad122cff5cd3cd1568aee235b6d3210717cff4601d8f651eb 2181 
libperl4-corelibs-perl_0.004-1+deb10u1.dsc
 c8ebdd8135bcd86c9ef5719a88eae2b2a7b6b21b2668d78e8c7c35587ddd94f9 3184 
libperl4-corelibs-perl_0.004-1+deb10u1.debian.tar.xz
Files:
 0bde2c2204f005a953762cdd041d7653 2181 perl optional 
libperl4-corelibs-perl_0.004-1+deb10u1.dsc
 f3f52d773d82e0a16a4f4074bb29068e 3184 perl optional 
libperl4-corelibs-perl_0.004-1+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4t+B0ACgkQiNJCh6LY
mLHzmg/8DE/9KaZDXl5CKLFVo11rf1hoyFxsoQZ1+1YySUx6I6ptCB0rt8JA4Qk5
gS/rYzh/KjOPBWhcnuou73zB1JUcOwNM1wGomlc8kdXvB4yuIr6dNqUtAmbnbLtg
aXqsnhazxXDpqrXAUYG83Xka0ZZLbKHHfSqf7E+3jEWKy7+x4sjwBACeMFhJYxix
lLzVj/Yoc602M86lV3W32EwMl1VZ1UNCUh3jcKJUuKBRlsoSCsFYbdHCSCCIl9VG
enGGTKYf2Oeytx+t4rQPDPTE3pQUsnFCDoLkXz4lPjHKvCJEQakriP9uT1s3Ss2B
a+Y4gsLpDcm0UEviFZTNrIMUkAqRIvJm5ywXG/CdSkGfyk/gznJxIc2oWISnFlKA
YOSExCaiEXfofFkuIEUllRESKoAGIoY9lMbO+IF+BH6dVRzvCXhiZ5pYWKWzJHy6
5a1H2VFHD+z8heNapbSlRkyZea6puiK1w06YyDOPsP08WWpuEiYS6zlcsgXjDuVf
6onJQh2hEM8dF/OY5zqkT2+EaXnmwbH1yI8eWC47SUSCnRgwnq8T10+pzHrLUMSh
rTA5tKPu19KSPJ7wqvM8pp9hQifnRYiXLCyXh8axdtIo7vJjtA5aWS3z4qucY4/a
oQBTSX/sKmITpN7FwWdBVwMtVk2evdGd3YjHoKZHY3FIX5KYL0U=
=Tkq1
-END PGP SIGNATURE End Message ---

Bug#948682: marked as done (libparse-win32registry-perl FTBFS in the year 2020)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:38 +
with message-id 
and subject line Bug#948682: fixed in libparse-win32registry-perl 1.0-2+deb10u1
has caused the Debian Bug report #948682,
regarding libparse-win32registry-perl FTBFS in the year 2020
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948682
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libparse-win32registry-perl
Version: 1.0-2
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libparse-win32registry-perl.html

...
Test Summary Report
---
t/entry.t   (Wstat: 6144 Tests: 536 Failed: 24)
  Failed tests:  120, 132, 144, 162, 168, 174, 252, 258
264, 270, 276, 282, 331, 343, 355, 373
379, 385, 463, 469, 475, 481, 487, 493
  Non-zero exit status: 24
t/file.t(Wstat: 512 Tests: 16 Failed: 2)
  Failed tests:  14-15
  Non-zero exit status: 2
t/key.t (Wstat: 18432 Tests: 613 Failed: 72)
  Failed tests:  314-315, 317, 322, 331-332, 334, 339, 348-349
351, 356, 365-366, 368, 373, 382-383, 385
390, 399-400, 402, 407, 416-417, 419, 424
433-434, 436, 441, 450-451, 453, 458, 467-468
470, 475, 484-485, 487, 492, 501-502, 504
509, 518-519, 521, 526, 535-536, 538, 543
552-553, 555, 560, 569-570, 572, 577, 586-587
589, 594, 603-604, 606, 611
  Non-zero exit status: 72
t/misc.t(Wstat: 14592 Tests: 217 Failed: 57)
  Failed tests:  65-66, 68-70, 72-74, 76-78, 80-82, 84-86
88-90, 92-94, 96-98, 100-102, 104-106, 108-110
112-114, 116-118, 120-122, 124-126, 128-130
132-134, 136-138, 140
  Non-zero exit status: 57
Files=13, Tests=4079,  3 wallclock secs ( 0.58 usr  0.04 sys +  1.90 cusr  0.26 
csys =  2.78 CPU)
Result: FAIL
Failed 4/13 test programs. 155/4079 subtests failed.
Makefile:1000: recipe for target 'test_dynamic' failed
make[1]: *** [test_dynamic] Error 255
--- End Message ---
--- Begin Message ---
Source: libparse-win32registry-perl
Source-Version: 1.0-2+deb10u1

We believe that the bug you reported is fixed in the latest version of
libparse-win32registry-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libparse-win32registry-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 23:27:04 +0200
Source: libparse-win32registry-perl
Architecture: source
Version: 1.0-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Closes: 948682
Changes:
 libparse-win32registry-perl (1.0-2+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload.
   * Add patch to fix Y2K20 problem.
 (Closes: #948682)
Checksums-Sha1:
 1bfaded23e26d0b671348911d988bb93e70be7b2 2204 
libparse-win32registry-perl_1.0-2+deb10u1.dsc
 4bdc68a4749060c699371b1741eca4711f9788ca 2756 
libparse-win32registry-perl_1.0-2+deb10u1.debian.tar.xz
Checksums-Sha256:
 4b61c32bee34eceaeaaca3c1d0d8b6b9962601d8d62d82a9d3d3e2a0a791db98 2204 
libparse-win32registry-perl_1.0-2+deb10u1.dsc
 53957bac5966ee644d503b6d473de6587de872d4bf8ca19ae68305aea862ffa5 2756 
libparse-win32registry-perl_1.0-2+deb10u1.debian.tar.xz
Files:
 2281c2d1049926187649b482b055bb53 2204 perl optional 
libparse-win32registry-perl_1.0-2+deb10u1.dsc
 b573b9c1f5abba037920f3329ab5405e 2756 perl optional 
libparse-win32registry-perl_1.0-2+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4uBiEACgkQiNJCh6LY
mLHP1A/9H4ArjwE12F3f8n+v68Bu0iNlPUY5ySuhGEaKGhlwtH/+VVB7t/cMFSa2
fExBdN6O2ISqrnZ9U62vOZOfEniFZOdT6Alqho6JLR59pmPszC6hog/UEBGpr+Fh
lLsqQVnetXZhIe7U2R3AYJ2k+oIL9LGehPp9lGkArDrN+j9fpDx+Eu26ukONWXft
T674aXoyQ4oER1Du3pY2vox8J952RQzrpLgdATtnIjQxpcV5Qi1QDiqgzMdVPB9p
6TlazmbspGsEKHjd8dBW19Ca+DnKozZwIpzj9EfQeL9z4HUgrtuharHU9q94MYom

Bug#948680: marked as done (libtimedate-perl FTBFS in the year 2020)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:40 +
with message-id 
and subject line Bug#948680: fixed in libtimedate-perl 2.3000-2+deb10u1
has caused the Debian Bug report #948680,
regarding libtimedate-perl FTBFS in the year 2020
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948680
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libtimedate-perl
Version: 2.3000-2
Severity: serious
Tags: ftbfs patch
Forwarded: https://github.com/gbarr/perl-TimeDate/pull/19

https://tests.reproducible-builds.org/debian/rb-pkg/stretch/amd64/libtimedate-perl.html

...
t/getdate.t .. 
1..146
# offset = 315576
--
FAIL 1
1995-01-24
Diff:-315576
Expect: 3946665600.00 Sun Jan 23 12:00:00 2095
Got:790905600.00 Mon Jan 23 12:00:00 1995
--
...
Test Summary Report
---
t/getdate.t (Wstat: 0 Tests: 0 Failed: 0)
  Parse errors: Bad plan.  You planned 146 tests but ran 0.
Files=5, Tests=362,  1 wallclock secs ( 0.13 usr  0.02 sys +  0.27 cusr  0.04 
csys =  0.46 CPU)
Result: FAIL
Failed 1/5 test programs. 0/362 subtests failed.
Makefile:942: recipe for target 'test_dynamic' failed
make[1]: *** [test_dynamic] Error 255
--- End Message ---
--- Begin Message ---
Source: libtimedate-perl
Source-Version: 2.3000-2+deb10u1

We believe that the bug you reported is fixed in the latest version of
libtimedate-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk  (supplier of updated libtimedate-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2020 23:13:06 +0200
Source: libtimedate-perl
Architecture: source
Version: 2.3000-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: Adrian Bunk 
Closes: 948680
Changes:
 libtimedate-perl (2.3000-2+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload.
   * Add patch from upstream pull request to fix Y2K20 test failure.
 (Closes: #948680)
Checksums-Sha1:
 58548ba08d5db0184b30166551cf3fc68b28eec6 2187 
libtimedate-perl_2.3000-2+deb10u1.dsc
 cbce31e1657e2aaca743e32d1892456eba949208 5000 
libtimedate-perl_2.3000-2+deb10u1.debian.tar.xz
Checksums-Sha256:
 d0ea5cbd3a5e4bf31ce1fd0a3a7080e5c3b7ceb9307946cc6a5bfd00aca7 2187 
libtimedate-perl_2.3000-2+deb10u1.dsc
 4518d3eced445b275d8bef39e7c1942a2af6447343edaec217893eb013812606 5000 
libtimedate-perl_2.3000-2+deb10u1.debian.tar.xz
Files:
 1e30976c49a7ae23ee85d30d9bb746dd 2187 perl optional 
libtimedate-perl_2.3000-2+deb10u1.dsc
 180c1aece8dcf7e70af85b8b488e 5000 perl optional 
libtimedate-perl_2.3000-2+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl4uAYwACgkQiNJCh6LY
mLEzGg//ZsjWnQSasLXLCN1oWtz9CD9G3fXEewGYoI+j6QxKVy0Y6hyd9RnkXzM0
Ols1YN1u7WR8oq4S25iDpeObLOzNfk2h3uLr+NC/EvjzUXbWAi41vNxzravH4CQf
9FDI1ykR5ex0GWb0veXbtBJSgW8ED3MWcnJFdvGELIyoMpxrouZeooNadFPPs6jj
p5FynEOvxYTFKQevAXb8F04BF4EoIaNHO4/RmZj7GthK3xBqOBBNS2vlcwjLhktK
p7OjbKybYJm1LD25PacRulmziN6p7Uo6I3j2aY4Y4LWw+tL9strn8Al+BATWiOyq
dF5I53VOPX5k7/N9Nng5xnDI7rJ9QhZPJY41iVr14zuH3LeR+cTBhozriwN1twLc
IQ1/vmfOO7VZEc3yfqvwmp6/rsjbxIeloCsNFlZwm8rZVqMOhtpRoQUUg7RwnBil
9cuJWKSL3Rg5xs2RzRrRuVbVGQg/K1kp6SWwC0dXKZo9OA9PhTNAQugAFJb0uMMd
jf1x5HeF6sjQEU22nOnv4v+MW1zRR3E3erck84wpkbDJIlWesLrENboDCk8o4nBw
FVa/rCkgVB7flKYuwtO9ezoAHjCBuO+dtlNSKU0VOWrN1Qw6BfvN40I3OMe+0ek+
KN9bhctCC/9Fn6wKZc48WLOhEAy9otpuYt4dkr54ZUw4dUeMSOw=
=eQP1
-END PGP SIGNATURE End Message ---

Bug#947428: marked as done (tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:55 +
with message-id 
and subject line Bug#947428: fixed in tigervnc 1.9.0+dfsg-3+deb10u1
has caused the Debian Bug report #947428,
regarding tigervnc: CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 
CVE-2019-15695
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
947428: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tigervnc
Version: 1.9.0+dfsg-4
Severity: grave
Tags: security upstream
Control: found -1 1.9.0+dfsg-3

Hi,

The following vulnerabilities were published for tigervnc.

CVE-2019-15691[0]:
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-
| return, which occurs due to incorrect usage of stack memory in
| ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder
| may try to access stack variable, which has been already freed during
| the process of stack unwinding. Exploitation of this vulnerability
| could potentially result into remote code execution. This attack
| appear to be exploitable via network connectivity.


CVE-2019-15692[1]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow. Vulnerability could be triggered from CopyRectDecoder due to
| incorrect value checks. Exploitation of this vulnerability could
| potentially result into remote code execution. This attack appear to
| be exploitable via network connectivity.


CVE-2019-15693[2]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow, which occurs in TightDecoder::FilterGradient. Exploitation
| of this vulnerability could potentially result into remote code
| execution. This attack appear to be exploitable via network
| connectivity.


CVE-2019-15694[3]:
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer
| overflow, which could be triggered from DecodeManager::decodeRect.
| Vulnerability occurs due to the signdness error in processing
| MemOutStream. Exploitation of this vulnerability could potentially
| result into remote code execution. This attack appear to be
| exploitable via network connectivity.


CVE-2019-15695[4]:
| TigerVNC version prior to 1.10.1 is vulnerable to stack buffer
| overflow, which could be triggered from CMsgReader::readSetCursor.
| This vulnerability occurs due to insufficient sanitization of
| PixelFormat. Since remote attacker can choose offset from start of the
| buffer to start writing his values, exploitation of this vulnerability
| could potentially result into remote code execution. This attack
| appear to be exploitable via network connectivity.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-15691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15691
[1] https://security-tracker.debian.org/tracker/CVE-2019-15692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15692
[2] https://security-tracker.debian.org/tracker/CVE-2019-15693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15693
[3] https://security-tracker.debian.org/tracker/CVE-2019-15694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15694
[4] https://security-tracker.debian.org/tracker/CVE-2019-15695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15695

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-3-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: tigervnc
Source-Version: 1.9.0+dfsg-3+deb10u1

We believe that the bug you reported is fixed in the latest version of
tigervnc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joachim Falk  (supplier of updated tigervnc package)

(This message was generated automatically 

Bug#948824: marked as done (opensmtpd: Installation fails with "post-installation script subprocess returned error exit status 1")

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:47 +
with message-id 
and subject line Bug#948824: fixed in opensmtpd 6.0.3p1-5+deb10u2
has caused the Debian Bug report #948824,
regarding opensmtpd: Installation fails with "post-installation script 
subprocess returned error exit status 1"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948824
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: opensmtpd
Version: 6.0.3p1-5
Severity: grave
Justification: renders package unusable

Dear Maintainer,

I installed opensmtpd but its installation failed. I found an archived
bug report that matches my error exactly:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770939

DEBCONF_DEBUG=developer dpkg --configure --pending
Setting up opensmtpd (6.0.3p1-5) ...
debconf (developer): frontend started
debconf (developer): frontend running, package name is opensmtpd
debconf (developer): starting /var/lib/dpkg/info/opensmtpd.config
configure 
debconf (developer): <-- FGET opensmtpd/mailname seen
debconf (developer): --> 0 false
dpkg: error processing package opensmtpd (--configure):
 installed opensmtpd package post-installation script subprocess
 returned error exit status 1
 Errors were encountered while processing:
  opensmtpd

Regards,
Jernej

-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: mipsel (mips)

Kernel: Linux 5.4.6+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opensmtpd depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  ed 1.15-1
ii  libasr01.0.2-2
ii  libc6  2.28-10
ii  libdb5.3   5.3.28+dfsg1-0.5
ii  libevent-2.1-6 2.1.8-stable-4
ii  libpam0g   1.3.1-5
ii  libssl1.1  1.1.1d-0+deb10u2
ii  lsb-base   10.2019051400
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages opensmtpd recommends:
pn  opensmtpd-extras  

Versions of packages opensmtpd suggests:
ii  ca-certificates  20190110

-- debconf information:
  opensmtpd/root_address:
  opensmtpd/mailname:
--- End Message ---
--- Begin Message ---
Source: opensmtpd
Source-Version: 6.0.3p1-5+deb10u2

We believe that the bug you reported is fixed in the latest version of
opensmtpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh  (supplier of updated opensmtpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 23 Jan 2020 16:36:09 -0500
Source: opensmtpd
Architecture: source
Version: 6.0.3p1-5+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Ryan Kavanagh 
Changed-By: Ryan Kavanagh 
Closes: 948824
Changes:
 opensmtpd (6.0.3p1-5+deb10u2) buster; urgency=medium
 .
   * Handle non-zero exit code from hostname during config phase
 (Closes: #948824)
Checksums-Sha1:
 2ecd1a93782b2d78078465d633693c0ad2f4 3082 opensmtpd_6.0.3p1-5+deb10u2.dsc
 349e05b9bd2b45aa4de2b4ef30ca125d7e7cb10c 29452 
opensmtpd_6.0.3p1-5+deb10u2.debian.tar.xz
 23c2ca820e5cf5724dd2e5d29801a204b82c4ae6 8465 
opensmtpd_6.0.3p1-5+deb10u2_source.buildinfo
Checksums-Sha256:
 066a102d914af618e0433e07250db9fdfb4e0e61d286be629a846c90ef12f835 3082 
opensmtpd_6.0.3p1-5+deb10u2.dsc
 bda66af668dbc4b18324030e2c31d62ca3a2741d2fb3f5c555242b5ec8935f0a 29452 
opensmtpd_6.0.3p1-5+deb10u2.debian.tar.xz
 23715212e2275260299da787e21c1c5a2b411ef7dfbaef3786dd0e952904b109 8465 
opensmtpd_6.0.3p1-5+deb10u2_source.buildinfo
Files:
 f7774b9494a7f984560578cf3b7d6bf4 3082 mail optional 
opensmtpd_6.0.3p1-5+deb10u2.dsc
 6f8624e529c2accd8e3e695c9e21f096 29452 mail optional 
opensmtpd_6.0.3p1-5+deb10u2.debian.tar.xz
 8521f199110836a16b30ed5c62afe5da 8465 mail optional 
opensmtpd_6.0.3p1-5+deb10u2_source.buildinfo

-BEGIN PGP SIGNATURE-

Bug#931255: marked as done (regexps used seems to be incompatible with libpcre2 10.32)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 20:36:52 +
with message-id 
and subject line Bug#931255: fixed in php-horde-text-filter 2.3.5-3+deb10u1
has caused the Debian Bug report #931255,
regarding regexps used seems to be incompatible with libpcre2 10.32
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931255
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: php-horde-text-filter
Version: 2.3.5-3
Severity: grave
Tags: patch

On buster with PHP 7.3 the tabs used on the horde settings webpage are empty 
instead of the usual General/Database etc.
With PHP 7.2 from packages.surey.org they work fine. They are linked against 
libpcre3 2:8.42

Log says:

WARN: HORDE [horde] PHP ERROR: preg_replace_callback(): Compilation failed: 
invalid range in character class at offset 68 [pid 21655 on line 99 of 
"/usr/share/php/Horde/Text/Filter.php"]

Problem seems to be that it doestn't like anymore ranges like [\w-+]. The 
hyphen needs to be first

Attached patch fixes it for me.

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php-horde-text-filter depends on:
ii  php-common   2:69
ii  php-horde-exception  2.0.8-4
ii  php-horde-idna   1.1.1-3
ii  php-horde-util   2.5.8-3

Versions of packages php-horde-text-filter recommends:
pn  php-horde-test 
ii  php-horde-text-flowed  2.0.3-5
ii  php-horde-translation  2.2.2-3
pn  php-tidy   

Versions of packages php-horde-text-filter suggests:
pn  php-horde-text-filter-jsmin  

-- no debconf information
diff --git a/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Emails.php 
b/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Emails.php
index ad760b9..929d829 100644
--- a/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Emails.php
+++ b/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Emails.php
@@ -61,7 +61,7 @@ class Horde_Text_Filter_Emails extends Horde_Text_Filter_Base
 ((?(1)\s*\]))
 |
 # Version 2 Pattern 9 and 10: simple email addresses.
-(^|\s||<|\[)([\w-+.=]+@[-A-Z0-9.]*[A-Z0-9])
+(^|\s||<|\[)([-\w+.=]+@[-A-Z0-9.]*[A-Z0-9])
 # Pattern 11 to 13: Optional parameters
 ((\?)([^\s"<]*[\w+#?\/&=]))?
 # Pattern 14: Optional closing bracket
diff --git a/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Linkurls.php 
b/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Linkurls.php
index a88dc12..72e19ec 100644
--- a/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Linkurls.php
+++ b/Horde_Text_Filter-2.3.5/lib/Horde/Text/Filter/Linkurls.php
@@ -86,7 +86,7 @@ class Horde_Text_Filter_Linkurls extends 
Horde_Text_Filter_Base
 (?:\b|^)
 (  # Capture 1: entire matched URL
   (
-   (?:[a-z][\w-+]{0,19})?:/{1,3}  # URL protocol and colon followed by 1-3
+   (?:[a-z][-\w+]{0,19})?:/{1,3}  # URL protocol and colon followed by 1-3
   # slashes, or just colon and slashes (://)
 | #  - or -
 (?--- End Message ---
--- Begin Message ---
Source: php-horde-text-filter
Source-Version: 2.3.5-3+deb10u1

We believe that the bug you reported is fixed in the latest version of
php-horde-text-filter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 931...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU)  (supplier of updated 
php-horde-text-filter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 28 Jan 2020 10:41:46 +0100
Source: php-horde-text-filter
Architecture: source
Version: 2.3.5-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Horde Maintainers 
Changed-By: IOhannes m zmölnig (Debian/GNU) 
Closes: 931255 935816
Changes:
 php-horde-text-filter (2.3.5-3+deb10u1) buster; urgency=medium
 .
  

Bug#936630: Aw: Bug#936630: gnumed-client: upstream has (unreleased) py3 support

[Karsten Hilbert]

It's done, there's even a release 1.8.rc3.

I need to convince myself to release 1.8.0 proper :-)

Karsten

> Gesendet: Donnerstag, 30. Januar 2020 um 17:25 Uhr
> Von: "Scott Talbert" 
> An: "Moritz Mühlenhoff" 
> Cc: "Karsten Hilbert" , "Debian Bug Tracking System" 
> <936...@bugs.debian.org>
> Betreff: Bug#936630: gnumed-client: upstream has (unreleased) py3 support
>
> On Tue, 17 Dec 2019, Moritz Mühlenhoff wrote:
> 
> >> Package: gnumed-client
> >> Version: 1.7.6+dfsg-1
> >> Followup-For: Bug #936630
> >>
> >> Has been ported to py3 upstream but not released yet because:
> >>
> >> Would like to be able to get bugfix-only 1.7.x py2 packages
> >> into the deb package pool until very late before bullseye
> >> so people running 1.7/py2/stable/testing can get bug fixes
> >> from the pool.
> >
> > That's unfortunately not possible:
> > The Python 2 removal operates a very complex of packages which
> > many inter dependencies, so it's not possible to keep some
> > packages around until late in the freeze cycle.
> >
> > In fact, the bug for gnumed-client got already bumped to release-critical
> > state because of reverse depencies (which triggered it's removal
> > from testing), so that's not possible.
> 
> Hi Karsten,
> 
> How is the Python 3 port of gnumed-client coming?
> 
> Scott

Bug#950090: gcc-mingw-w64: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE

[Stephen Kitt]

Hi Andreas,

Thanks for your vigilance!

On Tue, 28 Jan 2020 22:31:51 +0100, Andreas Beckmann  wrote:
> Note that dpkg-maintscript-helper symlink_to_dir etc. don't work
> reliably if the architecture changes between any and all.

This is the case here, I switched a number of packages from arch:any to
arch:all, and they lost their documentation link to the base arch:any link. Do
you have a pointer to further details about the issues with symlink_to_dir
problems in this type of migration?

Regards,

Stephen


pgpHtYoDuZfUr.pgp
Description: OpenPGP digital signature

Processed: found 950258 in 3.4.2-1~deb9u2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 950258 3.4.2-1~deb9u2
Bug #950258 [src:spamassassin] src:spamassassin: arbitrary code execution when 
processing rules files
Marked as found in versions spamassassin/3.4.2-1~deb9u2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 950258 in 3.4.3~rc6-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 950258 3.4.3~rc6-1
Bug #950258 [src:spamassassin] src:spamassassin: arbitrary code execution when 
processing rules files
Marked as found in versions spamassassin/3.4.3~rc6-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: fixed 950258 in 3.4.4~rc1-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 950258 3.4.4~rc1-1
Bug #950258 [src:spamassassin] src:spamassassin: arbitrary code execution when 
processing rules files
Marked as fixed in versions spamassassin/3.4.4~rc1-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#937455: pygts: Python2 removal in sid/bullseye

[Anton Gladky]

Hi Stuart,

Yes, I think it can be removed and reintroduced if the python3-version
appears.

Regards

Anton

Am Mi., 29. Jan. 2020 um 02:18 Uhr schrieb Stuart Prescott :
>
> pygts is dead upstream and the C parts of the code will need a bit of work to
> port them to Python 3. This package does have a reasonable popcon (281) but
> it's hard to see the porting work happening.
>
> The package needs to go through NEW either with an added python3-gts binary
> package or if removed and then re-added later after porting.
>
> Is it time to remove pygts from Debian?
>
> --
> Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
> Debian Developer   http://www.debian.org/ stu...@debian.org
> GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
>
> --
> debian-science-maintainers mailing list
> debian-science-maintain...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Bug#950174: [Pkg-utopia-maintainers] Bug#950174: Bug#950174: udisks2: when I start some application, like gedit, I wait 30 seconds, to open.

[Michael Biebl]

On Wed, 29 Jan 2020 23:53:48 +0100 Pipes  wrote:
> Il giorno mer 29 gen 2020 alle ore 23:34 Michael Biebl 
> ha scritto:
> 
> > Controls: reassign -1 gvfs-daemons 1.42.2-1
> > Control: retitle -1 missing schema files makes udisks monitor crash
> > Control: severity -1 serious
> >
> > Am 29.01.20 um 23:27 schrieb Michael Biebl:
> > > Am 29.01.20 um 23:26 schrieb Michael Biebl:
> > >> What about gsettings-desktop-schema?
> > >
> > >
> > > gsettings-desktop-schemas (not the missing 's')
> > >
> >
> > It appears gvfs-daemons (more specifically gvfsudisks2volumemonitor) is
> > requiring the schema files from gsettings-desktop-schemas:
> >
> > > $ grep g_settings -R
> > > monitor/udisks2/gvfsudisks2volumemonitor.c:  monitor->readonly_lockdown
> > = g_settings_get_boolean (settings,
> > > monitor/udisks2/gvfsudisks2volumemonitor.c:  monitor->lockdown_settings
> > = g_settings_new ("org.gnome.desktop.lockdown");
> 
> 
> Hi
> Ok, thanks. I missing 's' only in the mail ;)
> 
> $ apt info gsettings-desktop-schemas
> Package: gsettings-desktop-schemas
> Version: 3.34.0-2

So you do have gsettings-desktop-schemas installed?
Then I'm out of ideas why you get the crash.
Maybe /usr/share/glib-2.0/schemas/gschemas.compiled is corrupt or not
up-to-date. Dunno.




signature.asc
Description: OpenPGP digital signature

Processed: unmerging 950173, severity of 950173 is normal, closing 950173

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unmerge 950173
Bug #950173 [udisks2] missing schema files makes udisks monitor crash
Bug #950174 [udisks2] missing schema files makes udisks monitor crash
Disconnected #950173 from all other report(s).
> severity 950173 normal
Bug #950173 [udisks2] missing schema files makes udisks monitor crash
Severity set to 'normal' from 'serious'
> close 950173
Bug #950173 [udisks2] missing schema files makes udisks monitor crash
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950173: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950173
950174: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950174
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950107: marked as done (ruby-kramdown no longer ships its gemspec file (makes other packages FTBFS))

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 18:11:27 +
with message-id 
and subject line Bug#950107: fixed in ruby-kramdown 1.17.0-4
has caused the Debian Bug report #950107,
regarding ruby-kramdown no longer ships its gemspec file (makes other packages 
FTBFS)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
950107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby-kramdown
Version: 1.17.0-3
Severity: serious

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The package no longer ships the kramdown-1.17.0.gemspec file. Thus packages
using e.g. gem2deb-test-runner --check-dependencies will fail here. For example
jekyll's dependencies cannot longer be fulfilled, because the gem cannot be
found:

https://ci.debian.net/data/autopkgtest/unstable/amd64/r/ruby-jekyll-redirect-from/4086760/log.gz

This is very probably related to the recent split of ruby-kramdown.

Regards, Daniel


- -- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ruby-kramdown depends on:
ii  libjs-jquery  3.3.1~dfsg-3
ii  ruby-coderay  1.1.2-2
ii  ruby-prawn2.2.0+dfsg-1
ii  ruby-prawn-table  0.2.2-1
ii  ruby-rouge3.15.0-1
ii  ruby-stringex 2.8.4-1

ruby-kramdown recommends no packages.

Versions of packages ruby-kramdown suggests:
pn  libjs-mathjax  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl4wtMsACgkQS80FZ8KW
0F3X6g//Y+W4Ivmn076MJDLjVyJBSRAvz9NRjBzzlmb1TOToHX//IO9RGQa32sjG
4o0wVXU9gMppPZsTXy/XedjQLJ5yJ7XSOovQYWF7aGvayywRz5W5HAqGxxUQ1lNL
LM95fzse9qICPjRqQggLIl5puzRvkTaxh5RW8iKz59NF+BnSRMlG32Yvb0VPDvAA
4lP/SD03Jf0MPBduN00urhP5GZRQeIQHdz4hR8JE29WzWJK/9Op3GsDh4K94Z9F8
ULld1NQLBLXmixnH5dQ2C8m5J9ZhesctWIdYTuN1Mgq+UdXRn0oSsSE1YHrNGRmv
Pd6/wCl6ogIE3V4ZowHYXt2qo+tqStLQDu9BjnyHmT+z+0iKyeGSat1pfZZ2Dl/2
68j6giCDq4CcrmBAHHQdiJrnWsdb8W2m8p1wVZWYIvvEaK+oRJHP4xpTEr9vSdyX
9o39KB+fXUUk+yczNxxw64yFXGXY7mBG30VEOLDLhF56Pq6i21OdkxRNvhz0OFXO
k67GF77Qt0F7dtjujVaRtaFf2ZQbY8aUDQKppBGvg4ww6sbAdJYvtfCRDPn9mxHh
Fbuh3aebym4nZ0dTaKgO4V5kh2S8ABc/aIn0/bbtprYPcyWRBSRJHKYw+xwIYwQR
qqQjlDDVEqXHfeylO4xOK1Qatt5ofVEZ9Dj2Q/r7Vh4iPoA5+J8=
=P3st
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: ruby-kramdown
Source-Version: 1.17.0-4

We believe that the bug you reported is fixed in the latest version of
ruby-kramdown, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 950...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Hofstaedtler  (supplier of updated ruby-kramdown package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 30 Jan 2020 17:34:20 +
Source: ruby-kramdown
Architecture: source
Version: 1.17.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Chris Hofstaedtler 
Closes: 950107
Changes:
 ruby-kramdown (1.17.0-4) unstable; urgency=medium
 .
   * Team upload.
   * Ship gemspec once again (Closes: #950107)
Checksums-Sha1:
 1b4d6ee1c3ad9077dbabcc8c30b9b0aeabef1142 2285 ruby-kramdown_1.17.0-4.dsc
 8b966484adb6384893566043867f6fc83f95e0e7 5320 
ruby-kramdown_1.17.0-4.debian.tar.xz
 82b9bca50ee9bfe8c0fdc64382c7e79bc35e42c2 10474 
ruby-kramdown_1.17.0-4_source.buildinfo
Checksums-Sha256:
 2d7e1f5da5029b03b14cfc8cdb5f0bbdca681cef7735b87f2479b9514bb62914 2285 
ruby-kramdown_1.17.0-4.dsc
 33daa922055bd3cd7ade94bc104f9ad2de7d10e7f8b72f808d70f6d8f692a32f 5320 
ruby-kramdown_1.17.0-4.debian.tar.xz
 d43c4f71a351bcd3648bb286478b6fa9139efcb5179a9901aa96245b978788b4 10474 
ruby-kramdown_1.17.0-4_source.buildinfo
Files:
 a3644fa2bdbd9f08088045fea259c31e 2285 ruby optional ruby-kramdown_1.17.0-4.dsc
 7539ed33658667b4a116853a881e90a3 5320 ruby optional 

Bug#950262: version not update in autopkg test dependencies

[Matthias Klose]

Package: src:python-cryptography
Version: 2.8-1
Severity: serious
Tags: sid bullseye patch

The cryptography version was not updated in the autopkg test dependencies,
causing the package not being installable.

patch at
http://launchpadlibrarian.net/462789938/python-cryptography_2.8-1ubuntu1_2.8-1ubuntu2.diff.gz

Please could you also build-depend on python-all-dev instead of python-dev (the
latter is already gone in Ubuntu).

Processed: Bug#950107 marked as pending in ruby-kramdown

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #950107 [ruby-kramdown] ruby-kramdown no longer ships its gemspec file 
(makes other packages FTBFS)
Ignoring request to alter tags of bug #950107 to the same tags previously set

-- 
950107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950107: marked as pending in ruby-kramdown

[Christian Hofstaedtler]

Control: tag -1 pending

Hello,

Bug #950107 in ruby-kramdown reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/ruby-kramdown/commit/289b0678a10741995ca54bef6ea152b1058e02ff


Ship gemspec once again

Closes: #950107


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/950107

Processed: tagging 950107

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 950107 + confirmed pending
Bug #950107 [ruby-kramdown] ruby-kramdown no longer ships its gemspec file 
(makes other packages FTBFS)
Added tag(s) confirmed and pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package mutter

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package mutter
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #942418 (http://bugs.debian.org/942418)
> # Bug title: libmutter-5-0: Blank screen after upgrading to bullseye, caused 
> by failing wayland
> #  * https://gitlab.gnome.org/GNOME/mutter/issues/635
> #  * remote status changed: opened -> closed
> #  * closed upstream
> tags 942418 + fixed-upstream
Bug #942418 [libmutter-5-0] libmutter-5-0: Blank screen after upgrading to 
bullseye, caused by failing wayland
Added tag(s) fixed-upstream.
> usertags 942418 - status-opened
Usertags were: status-opened.
Usertags are now: .
> usertags 942418 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
942418: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942418
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#947709: marked as done (rust-clang-sys: autopkgtest failure: all tests fail)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 17:05:41 +
with message-id 
and subject line Bug#947709: fixed in rust-clang-sys 0.28.1-6
has caused the Debian Bug report #947709,
regarding rust-clang-sys: autopkgtest failure: all tests fail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
947709: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rust-clang-sys
Version: 0.28.1-3
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainers,

With a recent upload of rust-clang-sys you added an autopkgtest to
rust-clang-sys, great. However, it fails. I copied some of the output at
the bottom of this report. It seems to me that this package is not the
only package in the rust ecosystem that is failing its new autopktest,
so probably there is something to fix in the generating code. I am not
familiar with the rust ecosystem, hence I'm filing against the failing
package.

Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=rust-clang-sys

https://ci.debian.net/data/autopkgtest/testing/amd64/r/rust-clang-sys/3801037/log.gz

autopkgtest [08:12:03]: test command1:
/usr/share/cargo/bin/cargo-auto-test clang-sys 0.28.1 --all-targets
--all-features
autopkgtest [08:12:03]: test command1: [---
debian cargo wrapper: options, profiles, parallel: ['parallel=2'] [] ['-j2']
debian cargo wrapper: rust_type, gnu_type: x86_64-unknown-linux-gnu,
x86_64-linux-gnu
debian cargo wrapper: linking /usr/share/cargo/registry/* into
/tmp/tmp.BSvGuVoPuG/registry/
debian cargo wrapper: options, profiles, parallel: ['parallel=2'] [] ['-j2']
debian cargo wrapper: rust_type, gnu_type: x86_64-unknown-linux-gnu,
x86_64-linux-gnu
debian cargo wrapper: running subprocess (['env', 'RUST_BACKTRACE=1',
'/usr/bin/cargo', '-Zavoid-dev-deps', 'test', '--verbose', '--verbose',
'-j2', '--target', 'x86_64-unknown-linux-gnu', '--all-targets',
'--all-features'],) {}
   Compiling cc v1.0.37
   Compiling libc v0.2.62
 Running `CARGO_PKG_VERSION=1.0.37
CARGO_PKG_HOMEPAGE='https://github.com/alexcrichton/cc-rs'
CARGO_PKG_VERSION_MINOR=0
LD_LIBRARY_PATH='/tmp/tmp.BSvGuVoPuG/target/debug/deps:/usr/lib'
CARGO=/usr/bin/cargo
CARGO_MANIFEST_DIR=/tmp/tmp.BSvGuVoPuG/registry/cc-1.0.37
CARGO_PKG_VERSION_PRE= CARGO_PKG_NAME=cc CARGO_PKG_DESCRIPTION='A
build-time dependency for Cargo build scripts to assist in invoking the
native
C compiler to compile native C code into a static archive to be linked
into Rust
code.
' CARGO_PKG_REPOSITORY='https://github.com/alexcrichton/cc-rs'
CARGO_PKG_AUTHORS='Alex Crichton '
CARGO_PKG_VERSION_PATCH=37 CARGO_PKG_VERSION_MAJOR=1 rustc --crate-name
cc /tmp/tmp.BSvGuVoPuG/registry/cc-1.0.37/src/lib.rs --color never
--crate-type lib --emit=dep-info,metadata,link -C debuginfo=2 -C
metadata=055b36e8d34bc9b1 -C extra-filename=-055b36e8d34bc9b1 --out-dir
/tmp/tmp.BSvGuVoPuG/target/debug/deps -L
dependency=/tmp/tmp.BSvGuVoPuG/target/debug/deps --cap-lints warn`
 Running `CARGO_PKG_VERSION=0.2.62
CARGO_PKG_HOMEPAGE='https://github.com/rust-lang/libc'
CARGO_PKG_VERSION_MINOR=2
LD_LIBRARY_PATH='/tmp/tmp.BSvGuVoPuG/target/debug/deps:/usr/lib'
CARGO=/usr/bin/cargo
CARGO_MANIFEST_DIR=/tmp/tmp.BSvGuVoPuG/registry/libc-0.2.62
CARGO_PKG_VERSION_PRE= CARGO_PKG_NAME=libc CARGO_PKG_DESCRIPTION='Raw
FFI bindings to platform libraries like libc.
' CARGO_PKG_REPOSITORY='https://github.com/rust-lang/libc'
CARGO_PKG_AUTHORS='The Rust Project Developers'
CARGO_PKG_VERSION_PATCH=62 CARGO_PKG_VERSION_MAJOR=0 rustc --crate-name
build_script_build /tmp/tmp.BSvGuVoPuG/registry/libc-0.2.62/build.rs
--color never --crate-type bin --emit=dep-info,link -C debuginfo=2 -C
metadata=7f6a065a46d56068 -C extra-filename=-7f6a065a46d56068 --out-dir
/tmp/tmp.BSvGuVoPuG/target/debug/build/libc-7f6a065a46d56068 -L
dependency=/tmp/tmp.BSvGuVoPuG/target/debug/deps --cap-lints warn`
   Compiling glob v0.3.0
 Running `CARGO_PKG_VERSION=0.3.0
CARGO_PKG_HOMEPAGE='https://github.com/rust-lang/glob'
CARGO_PKG_VERSION_MINOR=3
LD_LIBRARY_PATH='/tmp/tmp.BSvGuVoPuG/target/debug/deps:/usr/lib'
CARGO=/usr/bin/cargo
CARGO_MANIFEST_DIR=/tmp/tmp.BSvGuVoPuG/registry/glob-0.3.0
CARGO_PKG_VERSION_PRE= CARGO_PKG_NAME=glob
CARGO_PKG_DESCRIPTION='Support for 

Bug#950258: src:spamassassin: arbitrary code execution when processing rules files

[Noah Meyerhans]

Package: src:spamassassin
Version: 3.4.2-1+deb10u1
Severity: grave
Tags: security

CVE-2020-1930:
Apache SpamAssassin 3.4.4 was recently released, and fixes an issue
of security note where nefarious rule configuration (.cf) files can be
configured to run system commands similar to CVE-2018-11805.  With this
bug unpatched, exploits can be injected in a number of scenarios
including the same privileges as spamd is run which may be elevated
though doing so remotely is difficult.  In addition to upgrading to SA
3.4.4, we again recommend that users should only use update channels or
3rd party .cf files from trusted places.  If you cannot upgrade, do not
use 3rd party rulesets, do not use sa-compile and do not run spamd as an
account with elevated privileges.

CVE-2020-1931:
Apache SpamAssassin 3.4.4 was recently released, and fixes an issue
of security note where nefarious rule configuration (.cf) files can be
configured to run system commands similar to CVE-2018-11805.  This issue
is less stealthy and attempts to exploit the issue will throw warnings.
Thanks to Damian Lukowski at credativ for reporting the issue
ethically.  With this bug unpatched, exploits can be injected in a
number of scenarios though doing so remotely is difficult.  In addition
to upgrading to SA 3.4.4, we again recommend that users should only use
update channels or 3rd party .cf files from trusted places.

sid and bullseye are not affected as 3.4.4-rc1 contains the fixes

Bug#949926: marked as done (FTBFS with bitstring 3.1.1)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 16:34:49 +
with message-id 
and subject line Bug#949926: fixed in mlpost 0.8.2-2
has caused the Debian Bug report #949926,
regarding FTBFS with bitstring 3.1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:mlpost
Version: 0.8.2-1
Severity: serious
Tags: ftbfs

Dear Maintainer,

mlpost FTBFS with latest ocaml-bitstring (3.1.1):

  https://buildd.debian.org/status/package.php?p=mlpost=unstable


Cheers,

-- 
Stéphane

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: mlpost
Source-Version: 0.8.2-2

We believe that the bug you reported is fixed in the latest version of
mlpost, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stéphane Glondu  (supplier of updated mlpost package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 30 Jan 2020 17:21:50 +0100
Source: mlpost
Architecture: source
Version: 0.8.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OCaml Maintainers 
Changed-By: Stéphane Glondu 
Closes: 949926
Changes:
 mlpost (0.8.2-2) unstable; urgency=medium
 .
   * Fix compilation with bitstring 3.1.1 (Closes: #949926)
   * Bump debhelper compat level to 12
   * Bump Standards-Version to 4.5.0
   * Add Rules-Requires-Root: no
Checksums-Sha1:
 a1039bf0971116373dd1c2d382f940bb5356d879 2047 mlpost_0.8.2-2.dsc
 aae2145eabd6ed808f9577118d40d0ec47b95893 10708 mlpost_0.8.2-2.debian.tar.xz
Checksums-Sha256:
 081c83e88e6869795eccf8575be8a8c027c15e96ea93df84f44719afcf14bf75 2047 
mlpost_0.8.2-2.dsc
 db7ae840b7dc90b6e825e13f74c6aa05c690a27fbaf4a0fa00bd8583863adeca 10708 
mlpost_0.8.2-2.debian.tar.xz
Files:
 59d61d71f6853189e594a306dab40c08 2047 tex optional mlpost_0.8.2-2.dsc
 9ad852883670bc5c17a8499c0aa582f5 10708 tex optional 
mlpost_0.8.2-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEbeJOl+yohsxW5iUOIbju8bGJMIEFAl4zAuIACgkQIbju8bGJ
MIGCaAgAgkL/MmTwx8GinAwGrKwGEY1iNOY23pU3T7oNOHe1Z76RGH3fxTKcv1Vn
ppikeuEpt5mIcZ2swbdit+Ws7t/rb73DHJDvXkQON/sTysVVWC7LZ/Wyfl40rZWs
DkFHPaZXewhlk2dXJzXZyWS/+hywcHmH1ZpRU4tk/5Wvi6CKA7NUapUkquHcscWy
V+p+atitLzAXtbSMOF+VAzVdY82Q8/9mvhkJ+LkCgTkPx7r8JN24G1jUXSX1PLDa
szcXJz8BYUbjuCwHkQEqAJcSogwov4CTP7tS8/s3vlwDYvd+7h2C1/Z/alQ68Zb9
z7Ybf2sdRn44XNo5zaxDB0id45tKUg==
=T3an
-END PGP SIGNATURE End Message ---

Bug#936630: gnumed-client: upstream has (unreleased) py3 support

[Scott Talbert]

On Tue, 17 Dec 2019, Moritz Mühlenhoff wrote:


Package: gnumed-client
Version: 1.7.6+dfsg-1
Followup-For: Bug #936630

Has been ported to py3 upstream but not released yet because:

Would like to be able to get bugfix-only 1.7.x py2 packages
into the deb package pool until very late before bullseye
so people running 1.7/py2/stable/testing can get bug fixes
from the pool.


That's unfortunately not possible:
The Python 2 removal operates a very complex of packages which
many inter dependencies, so it's not possible to keep some
packages around until late in the freeze cycle.

In fact, the bug for gnumed-client got already bumped to release-critical
state because of reverse depencies (which triggered it's removal
from testing), so that's not possible.


Hi Karsten,

How is the Python 3 port of gnumed-client coming?

Scott

Bug#938608: svn-workbench: Python2 removal in sid/bullseye

[Scott Talbert]

On Fri, 30 Aug 2019, Matthias Klose wrote:


Package: src:svn-workbench
Version: 1.8.2-3
Severity: normal
Tags: sid bullseye
User: debian-pyt...@lists.debian.org
Usertags: py2removal

Python2 becomes end-of-live upstream, and Debian aims to remove
Python2 from the distribution, as discussed in
https://lists.debian.org/debian-python/2019/07/msg00080.html


Hello,

Any objections to RM'ing this package?

Regards,
Scott

Processed: py2removal bugs severity updates - 2020-01-30 15:35:15.449307+00:00

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # This is an automated script, part of the effort for the removal of Python 2 
> from bullseye
> #  * https://wiki.debian.org/Python/2Removal
> #  * http://sandrotosi.me/debian/py2removal/index.html
> # See https://lists.debian.org/debian-devel-announce/2019/11/msg0.html
> # and https://lists.debian.org/debian-python/2019/12/msg00076.html
> # mail threads for more details on this severity update
> # not all bin pkgs are leaf for src:python-keyring, lower severity
> severity 937870 normal
Bug #937870 [src:python-keyring] python-keyring: Python2 removal in sid/bullseye
Severity set to 'normal' from 'serious'
> # not all bin pkgs are leaf for src:wheel, lower severity
> severity 938819 normal
Bug #938819 [src:wheel] wheel: Python2 removal in sid/bullseye
Severity set to 'normal' from 'serious'
> # mgltools-gle is an application, has low popcon (37 < 300), and has 0 
> external rdeps or not in testing
> severity 937024 serious
Bug #937024 [src:mgltools-gle] mgltools-gle: Python2 removal in sid/bullseye
Severity set to 'serious' from 'normal'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
937024: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=937024
937870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=937870
938819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938819
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950249: pagekite: autopkgtest failure: times out

[Paul Gevers]

Source: pagekite
Version: 1.5.0.191126-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression timeout

Dear maintainers,

With a recent upload of pagekite the autopkgtest of pagekite started to
fail due to it reaching the time out limit of 1 seconds.

I copied some of the output at the bottom of this report.

Currently this is blocking the migration to testing [1]. Can you please
investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=pagekite

https://ci.debian.net/data/autopkgtest/testing/amd64/p/pagekite/3864404/log.gz

autopkgtest [05:11:27]: test test-tunnel: [---
starting frontend
ts=5e101e7f; t=2020-01-04T05:11:27; ll=0; started=/usr/bin/pagekite;
version=1.5.0.191126; platform=linux; argv=--isfrontend --ports=8080
--protos=http --domain=http:autopkgtest-testing-amd64:foo;
ca_certs=/usr/bin/pagekite
ts=5e101e7f; t=2020-01-04T05:11:27; ll=1; listen=:8080; id=s0
starting backend
ts=5e101e80; t=2020-01-04T05:11:28; ll=0; started=/usr/bin/pagekite;
version=1.5.0.191126; platform=linux;
argv=--frontend=autopkgtest-testing-amd64:8080
--service_on=http:autopkgtest-testing-amd64:localhost:113:foo;
ca_certs=/usr/bin/pagekite
trying to connect to ident server via pagekite
ts=5e1020d8; t=2020-01-04T05:21:28; ll=2; main_loop=550
ts=5e1020d8; t=2020-01-04T05:21:28; ll=1; main_loop=545
ts=5e102330; t=2020-01-04T05:31:28; ll=2; main_loop=1090
ts=5e102330; t=2020-01-04T05:31:28; ll=3; main_loop=1100
ts=5e102588; t=2020-01-04T05:41:28; ll=3; main_loop=1635
ts=5e102589; t=2020-01-04T05:41:29; ll=4; main_loop=1650
ts=5e1027e0; t=2020-01-04T05:51:28; ll=4; main_loop=2180
ts=5e1027e2; t=2020-01-04T05:51:30; ll=5; main_loop=2200
ts=5e102a39; t=2020-01-04T06:01:29; ll=5; main_loop=2725
ts=5e102a3a; t=2020-01-04T06:01:30; ll=6; main_loop=2750
ts=5e102c91; t=2020-01-04T06:11:29; ll=6; main_loop=3270
ts=5e102c93; t=2020-01-04T06:11:31; ll=7; main_loop=3300
ts=5e102ee9; t=2020-01-04T06:21:29; ll=7; main_loop=3815
ts=5e102eec; t=2020-01-04T06:21:32; ll=8; main_loop=3850
ts=5e103141; t=2020-01-04T06:31:29; ll=8; main_loop=4360
ts=5e103144; t=2020-01-04T06:31:32; ll=9; main_loop=4400
ts=5e103399; t=2020-01-04T06:41:29; ll=9; main_loop=4905
ts=5e10339d; t=2020-01-04T06:41:33; ll=a; main_loop=4950
ts=5e1035f1; t=2020-01-04T06:51:29; ll=a; main_loop=5450
ts=5e1035f6; t=2020-01-04T06:51:34; ll=b; main_loop=5500
ts=5e10384a; t=2020-01-04T07:01:30; ll=b; main_loop=5995
ts=5e10384e; t=2020-01-04T07:01:34; ll=c; main_loop=6050
ts=5e103aa2; t=2020-01-04T07:11:30; ll=c; main_loop=6540
ts=5e103aa7; t=2020-01-04T07:11:35; ll=d; main_loop=6600
ts=5e103cfa; t=2020-01-04T07:21:30; ll=d; main_loop=7085
ts=5e103d00; t=2020-01-04T07:21:36; ll=e; main_loop=7150
ts=5e103f52; t=2020-01-04T07:31:30; ll=e; main_loop=7630
ts=5e103f58; t=2020-01-04T07:31:36; ll=f; main_loop=7700
ts=5e1041aa; t=2020-01-04T07:41:30; ll=f; main_loop=8175
ts=5e1041b1; t=2020-01-04T07:41:37; ll=10; main_loop=8250
ts=5e104403; t=2020-01-04T07:51:31; ll=10; main_loop=8720
ts=5e10440a; t=2020-01-04T07:51:38; ll=11; main_loop=8800
autopkgtest [07:58:07]: ERROR: timed out on command "su -s /bin/bash
root -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null 2>&1 ||
true;  . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest-lxc.pi8vpxne/downtmp/build.TQq/src"; mkdir
-p -m 1777 --
"/tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-artifacts"; export
AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-artifacts";
export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755
"/tmp/autopkgtest-lxc.pi8vpxne/downtmp/autopkgtest_tmp"; export
AUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.pi8vpxne/downtmp/autopkgtest_tmp";
export ADTTMP="$AUTOPKGTEST_TMP"; export DEBIAN_FRONTEND=noninteractive;
export LANG=C.UTF-8; export DEB_BUILD_OPTIONS=parallel=2; unset LANGUAGE
LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE   LC_MONETARY LC_MESSAGES
LC_PAPER LC_NAME LC_ADDRESS   LC_TELEPHONE LC_MEASUREMENT
LC_IDENTIFICATION LC_ALL;rm -f /tmp/autopkgtest_script_pid; set -C; echo
$$ > /tmp/autopkgtest_script_pid; set +C; trap "rm -f
/tmp/autopkgtest_script_pid" EXIT INT QUIT PIPE; cd "$buildtree"; export
AUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x
/tmp/autopkgtest-lxc.pi8vpxne/downtmp/build.TQq/src/debian/tests/test-tunnel;
touch /tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-stdout
/tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-stderr;
/tmp/autopkgtest-lxc.pi8vpxne/downtmp/build.TQq/src/debian/tests/test-tunnel
2> >(tee -a /tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-stderr
>&2) > >(tee -a
/tmp/autopkgtest-lxc.pi8vpxne/downtmp/test-tunnel-stdout);" (kind: test)
autopkgtest [07:58:07]: test test-tunnel: ---]




signature.asc
Description: OpenPGP digital 

Bug#936806: koji: Python2 removal in sid/bullseye

[Holger Levsen]

On Thu, Jan 30, 2020 at 09:55:58AM -0500, Sandro Tosi wrote:
> i was mostly querying the status of it, i cant even find an ITP for dnf.

exactly.

> i was talking about removing koji entirely from debian, an RM to
> ftp.d.o; is that not what you mean?

right, this is also in order.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C



signature.asc
Description: PGP signature

Bug#936806: koji: Python2 removal in sid/bullseye

[Sandro Tosi]

On Thu, Jan 30, 2020 at 4:12 AM Holger Levsen  wrote:
>
> On Thu, Jan 30, 2020 at 01:36:33AM -0500, Sandro Tosi wrote:
> > yep i came across all of them starting from python-lzma -- do you know
> > what's the status of the "RedHat infrastructure" in debian? many (if
> > not all) of those tools are relatively old, not maintained (or just in
> > life support mode) and most of all, python2 with no port to python3
> > available
>
> as said: dnf needs to be packaged first and foremost. (dnf is the yum
> replacement.)

i was mostly querying the status of it, i cant even find an ITP for dnf.

> > Allright then, i'll just wait a week for allowing people to comment
> > and then i'll file for koji removal.
>
> RM bugs to remove koji from stable and oldstable have already been
> filed, and it's not in bullseye.

i was talking about removing koji entirely from debian, an RM to
ftp.d.o; is that not what you mean?

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Bug#936617: Updated on salsa; pending upload

[Jelmer Vernooij]

It looks like this package has been ported to Python 3, but has not
yet been uploaded. The last changelog entry on salsa
(https://salsa.debian.org/philmd-guest/git-publish.git) says:

git-publish (1.5.1-1) UNRELEASED; urgency=medium

  * Non-maintainer upload.
  * Update to git-publish 1.5.1:
- few bugfixes
- added more options
- use Python3

 -- Philippe Mathieu-Daudé   Fri, 06 Dec 2019 15:53:10 +0100

Philippe, would you like me to sponsor an upload of the package?

-- 
Jelmer Vernooij 
PGP Key: https://www.jelmer.uk/D729A457.asc


signature.asc
Description: PGP signature

Bug#950234: don't hard-code an upper limit on the python version

[Matthias Klose]

Package: src:freezegun
Version: 0.3.12-2
Severity: serious
Tags: sid bullseye
User: debian-pyt...@lists.debian.org
Usertags: python3.8

Please don't hard-code an upper limit on the python version, all those packages
will just require sourceful uploads, and become uninstallable when the default
changes to 3.8.

Also package the new upstream, which has a fix for 3.8.

Processed: [git-buildpackage/master] d/tests/control: Add xsltproc to the autopkg test dependencies

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 950216 pending
Bug #950216 [src:git-buildpackage] missing xsltproc autopkg test dependency
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950216
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950216: [git-buildpackage/master] d/tests/control: Add xsltproc to the autopkg test dependencies

[Matthias Klose]

tag 950216 pending
thanks

Date:   Thu Jan 30 12:26:59 2020 +0100
Author: Matthias Klose 
Commit ID: b80027c3eae4b553601cd2eaab587c349755fb90
Commit URL: 
https://git.sigxcpu.org/cgit/git-buildpackage//commit/?id=b80027c3eae4b553601cd2eaab587c349755fb90
Patch URL: 
https://git.sigxcpu.org/cgit/git-buildpackage//patch/?id=b80027c3eae4b553601cd2eaab587c349755fb90

d/tests/control: Add xsltproc to the autopkg test dependencies

Closes: #950216

  

Processed: gitlab-shell: autopkgtest needs update for new version of gem2deb

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gem2deb
Bug #950230 [src:gitlab-shell] gitlab-shell: autopkgtest needs update for new 
version of gem2deb
Added indication that 950230 affects src:gem2deb

-- 
950230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950230
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950230: gitlab-shell: autopkgtest needs update for new version of gem2deb

[Paul Gevers]

Source: gitlab-shell
Version: 10.3.0+debian-3
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org, gem2...@packages.debian.org
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:gem2deb

Dear maintainers,

With a recent upload of gem2deb the autopkgtest of gitlab-shell fails in
testing when that autopkgtest is run with the binary packages of gem2deb
from unstable. It passes when run with only packages from testing. In
tabular form:
   passfail
gem2debfrom testing1.0.3
gitlab-shell   from testing10.3.0+debian-3
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cause of
this is that gem2deb started to exit with code 77 to indicate that there
is no test to run. This is meant to be used in conjunction with the
skippable restriction, to avoid giving the wrong information to the
migration software. Please add the skippable restriction to your
package, or better, add a real test.

Currently this regression is blocking the migration of gem2deb to
testing [1]. Of course, gem2deb shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
gem2deb was intended and your package needs to update to the new situation.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gem2deb

https://ci.debian.net/data/autopkgtest/testing/amd64/g/gitlab-shell/4145589/log.gz

autopkgtest [08:10:08]: test command1: gem2deb-test-runner --autopkgtest
2>&1
autopkgtest [08:10:08]: test command1: [---

┌──┐
│ Run tests for ruby2.5: no test suite!
  │
└──┘

autopkgtest [08:10:09]: test command1: ---]
autopkgtest [08:10:09]: test command1:  - - - - - - - - - - results - -
- - - - - - - -
command1 FAIL non-zero exit status 77



signature.asc
Description: OpenPGP digital signature

Processed: ruby-flipper: autopkgtest needs update for new version of gem2deb

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gem2deb
Bug #950229 [src:ruby-flipper] ruby-flipper: autopkgtest needs update for new 
version of gem2deb
Added indication that 950229 affects src:gem2deb

-- 
950229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950229
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950229: ruby-flipper: autopkgtest needs update for new version of gem2deb

[Paul Gevers]

Source: ruby-flipper
Version: 0.17.1-4
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org, gem2...@packages.debian.org
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:gem2deb

Dear maintainers,

With a recent upload of gem2deb the autopkgtest of ruby-flipper fails in
testing when that autopkgtest is run with the binary packages of gem2deb
from unstable. It passes when run with only packages from testing. In
tabular form:
   passfail
gem2debfrom testing1.0.3
ruby-flipper   from testing0.17.1-4
all others from testingfrom testing

I copied some of the output at the bottom of this report.  The cause of
this is that gem2deb started to exit with code 77 to indicate that there
is no test to run. This is meant to be used in conjunction with the
skippable restriction, to avoid giving the wrong information to the
migration software. Please add the skippable restriction to your
package, or better, add a real test.

Currently this regression is blocking the migration of gem2deb to
testing [1]. Of course, gem2deb shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
gem2deb was intended and your package needs to update to the new situation.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gem2deb

https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-flipper/4144032/log.gz

autopkgtest [03:10:21]: test command1: ln -s ../flipper.gemspec
debian/gemspec && gem2deb-test-runner --autopkgtest --check-dependencies
2>&1
autopkgtest [03:10:21]: test command1: [---

┌──┐
│ Checking Rubygems dependency resolution on ruby2.5
  │
└──┘

GEM_PATH= ruby2.5 -e gem\ \"flipper\"

┌──┐
│ Run tests for ruby2.5: no test suite!
  │
└──┘

autopkgtest [03:10:21]: test command1: ---]
autopkgtest [03:10:22]: test command1:  - - - - - - - - - - results - -
- - - - - - - -
command1 FAIL non-zero exit status 77



signature.asc
Description: OpenPGP digital signature

Bug#950228: ruby-kaminari: autopkgtest needs update for new version of gem2deb

[Paul Gevers]

Source: ruby-kaminari
Version: 1.0.1-4
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org, gem2...@packages.debian.org
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:gem2deb

Dear maintainers,

With a recent upload of gem2deb the autopkgtest of ruby-kaminari fails
in testing when that autopkgtest is run with the binary packages of
gem2deb from unstable. It passes when run with only packages from
testing. In tabular form:
   passfail
gem2debfrom testing1.0.3
ruby-kaminari  from testing1.0.1-4
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cause of
this is that gem2deb started to exit with code 77 to indicate that there
is no test to run. This is meant to be used in conjunction with the
skippable restriction, to avoid giving the wrong information to the
migration software. Please add the skippable restriction to your
package, or better, add a real test. Your second test also doesn't seem
to test the package to any substantial amount, please consider tagging
it as superficial.

Currently this regression is blocking the migration of gem2deb to
testing [1]. Of course, gem2deb shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
gem2deb was intended and your package needs to update to the new situation.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gem2deb

https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-kaminari/4144033/log.gz

autopkgtest [03:10:52]: test command1: gem2deb-test-runner --autopkgtest
2>&1
autopkgtest [03:10:52]: test command1: [---

┌──┐
│ Run tests for ruby2.5: no test suite!
  │
└──┘

autopkgtest [03:10:53]: test command1: ---]
autopkgtest [03:10:53]: test command1:  - - - - - - - - - - results - -
- - - - - - - -
command1 FAIL non-zero exit status 77



signature.asc
Description: OpenPGP digital signature

Processed: ruby-kaminari: autopkgtest needs update for new version of gem2deb

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gem2deb
Bug #950228 [src:ruby-kaminari] ruby-kaminari: autopkgtest needs update for new 
version of gem2deb
Added indication that 950228 affects src:gem2deb

-- 
950228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950228
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950227: ruby-mime-types: autopkgtest needs update for new version of gem2deb

[Paul Gevers]

Source: ruby-mime-types
Version: 3.2.2-1
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org, gem2...@packages.debian.org
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:gem2deb

Dear maintainers,

With a recent upload of gem2deb the autopkgtest of ruby-mime-types fails
in testing when that autopkgtest is run with the binary packages of
gem2deb from unstable. It passes when run with only packages from
testing. In tabular form:
   passfail
gem2debfrom testing1.0.3
ruby-mime-types from testing3.2.2-1
versioned deps [0] from testingfrom unstable
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cause of
this is that gem2deb started to exit with code 77 to indicate that there
is no test to run. This is meant to be used in conjunction with the
skippable restriction, to avoid giving the wrong information to the
migration software. Please add the skippable restriction to your
test. Depending on how much the smoke-test actually tests the package,
you may consider marking that as superficial as well.

Currently this regression is blocking the migration of gem2deb to
testing [1]. Of course, gem2deb shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
gem2deb was intended and your package needs to update to the new situation.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gem2deb

https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-mime-types/4144034/log.gz


autopkgtest [03:10:42]: test command1: gem2deb-test-runner --autopkgtest
--check-dependencies 2>&1
autopkgtest [03:10:42]: test command1: [---

┌──┐
│ Checking Rubygems dependency resolution on ruby2.5
  │
└──┘

GEM_PATH= ruby2.5 -e gem\ \"mime-types\"

┌──┐
│ Run tests for ruby2.5: no test suite!
  │
└──┘

autopkgtest [03:10:43]: test command1: ---]
autopkgtest [03:10:43]: test command1:  - - - - - - - - - - results - -
- - - - - - - -
command1 FAIL non-zero exit status 77



signature.asc
Description: OpenPGP digital signature

Processed: ruby-mime-types: autopkgtest needs update for new version of gem2deb

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gem2deb
Bug #950227 [src:ruby-mime-types] ruby-mime-types: autopkgtest needs update for 
new version of gem2deb
Added indication that 950227 affects src:gem2deb

-- 
950227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950227
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950226: ruby-rails-timeago: autopkgtest needs update for new version of gem2deb

[Paul Gevers]

Source: ruby-rails-timeago
Version: 2.17.1-1
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org, gem2...@packages.debian.org
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:gem2deb

Dear maintainers,

With a recent upload of gem2deb the autopkgtest of ruby-rails-timeago
fails in testing when that autopkgtest is run with the binary packages
of gem2deb from unstable. It passes when run with only packages from
testing. In tabular form:
   passfail
gem2debfrom testing1.0.3
ruby-rails-timeago from testing2.17.1-1
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cause of
this is that gem2deb started to exit with code 77 to indicate that there
is no test to run. This is meant to be used in conjunction with the
skippable restriction, to avoid giving the wrong information to the
migration software. Please add the skippable restriction to your
failing test, or better, add a real test as it looks to me that also
test 2 isn't really doing much. If that is the case, please mark the
test as superficial.

Currently this regression is blocking the migration of gem2deb to
testing [1]. Of course, gem2deb shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
gem2deb was intended and your package needs to update to the new situation.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gem2deb

https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-rails-timeago/4144035/log.gz

autopkgtest [03:10:27]: test command1: gem2deb-test-runner --autopkgtest
2>&1
autopkgtest [03:10:27]: test command1: [---

┌──┐
│ Run tests for ruby2.5: no test suite!
  │
└──┘

autopkgtest [03:10:27]: test command1: ---]
autopkgtest [03:10:28]: test command1:  - - - - - - - - - - results - -
- - - - - - - -
command1 FAIL non-zero exit status 77



signature.asc
Description: OpenPGP digital signature

Processed: ruby-rails-timeago: autopkgtest needs update for new version of gem2deb

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:gem2deb
Bug #950226 [src:ruby-rails-timeago] ruby-rails-timeago: autopkgtest needs 
update for new version of gem2deb
Added indication that 950226 affects src:gem2deb

-- 
950226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950226
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950211: python-virustotal-api fails autopkg test

[Matthias Klose]

On 1/30/20 11:05 AM, Sascha Steinbiss wrote:
> 
> Hi Matthias,
> 
>> the autodep8 test fails, because the package is wrongly named.  The package 
>> name
>> should be python-virustotal-apis? 
> 
> I wanted to be in line with the name of the package on PyPi [1] as that
> how I would look for this package if I wanted to use it.
> 'virustotal-api' is also the module name according to upstream's
> setup.py [2]
> 
> Looks like upstream themselves seem to use diverging names by using
> virus_total_apis as the module to import :/
> 
>> Or you remove the autodep8 test from debian/control.
> Indeed that is what I changed in 1.1.11-2 which should be in both sid
> and bullseye by now -- I changed the autopkgtest definition and added
> custom test scripts reflecting the situation.
> 
> All tests are green so far now [3]. Where did you get your log snippet from?

http://autopkgtest.ubuntu.com/packages/p/python-virustotal-api/focal/amd64

that's what I changed, it's still in the control file.

http://launchpadlibrarian.net/462719068/python-virustotal-api_1.1.11-2_1.1.11-2ubuntu1.diff.gz

Bug#948831: git-buildpackage: FTBFS: ImportError: No module named cachecontrol

[Matthias Klose]

Control: reassign -1 src:pydoctor

This is pydoctor missing the dependency, which was already removed from the 
archive.

Processed: Re: git-buildpackage: FTBFS: ImportError: No module named cachecontrol

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 src:pydoctor
Bug #948831 [src:git-buildpackage] git-buildpackage: FTBFS: ImportError: No 
module named cachecontrol
Bug reassigned from package 'src:git-buildpackage' to 'src:pydoctor'.
No longer marked as found in versions git-buildpackage/0.9.17.
Ignoring request to alter fixed versions of bug #948831 to the same values 
previously set

-- 
948831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948831
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): relations

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 949185 by 941218
Bug #949185 [release.debian.org] transition: libffi
949185 was blocked by: 949290 949288
949185 was not blocking any bugs.
Added blocking bug(s) of 949185: 941218
> block 949185 by 948789
Bug #949185 [release.debian.org] transition: libffi
949185 was blocked by: 949288 949290 941218
949185 was not blocking any bugs.
Added blocking bug(s) of 949185: 948789
> block 949185 by 950015
Bug #949185 [release.debian.org] transition: libffi
949185 was blocked by: 949288 949290 948789 941218
949185 was not blocking any bugs.
Added blocking bug(s) of 949185: 950015
> block 944396 by 950170
Bug #944396 [release.debian.org] transition: exiv2
944396 was not blocked by any bugs.
944396 was not blocking any bugs.
Added blocking bug(s) of 944396: 950170
> block 944396 by 950172
Bug #944396 [release.debian.org] transition: exiv2
944396 was blocked by: 950170
944396 was not blocking any bugs.
Added blocking bug(s) of 944396: 950172
> block 944396 by 950171
Bug #944396 [release.debian.org] transition: exiv2
944396 was blocked by: 950172 950170
944396 was not blocking any bugs.
Added blocking bug(s) of 944396: 950171
> block 944396 by 950169
Bug #944396 [release.debian.org] transition: exiv2
944396 was blocked by: 950170 950171 950172
944396 was not blocking any bugs.
Added blocking bug(s) of 944396: 950169
> tags 949326 pending
Bug #949326 [release.debian.org] transition: libgwenhywfar
Added tag(s) pending.
> # this is just waiting for fixing/autoremoval of pythonmagick and not a
> # real transition at that; move it out of the way
> tags 948477
Unknown command or malformed arguments to command.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
944396: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944396
949185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949185
949326: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949326
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950211: python-virustotal-api fails autopkg test

[Sascha Steinbiss]

Hi Matthias,

> the autodep8 test fails, because the package is wrongly named.  The package 
> name
> should be python-virustotal-apis? 

I wanted to be in line with the name of the package on PyPi [1] as that
how I would look for this package if I wanted to use it.
'virustotal-api' is also the module name according to upstream's
setup.py [2]

Looks like upstream themselves seem to use diverging names by using
virus_total_apis as the module to import :/

> Or you remove the autodep8 test from debian/control.
Indeed that is what I changed in 1.1.11-2 which should be in both sid
and bullseye by now -- I changed the autopkgtest definition and added
custom test scripts reflecting the situation.

All tests are green so far now [3]. Where did you get your log snippet from?

Best regards
Sascha

[1] https://pypi.org/project/virustotal-api/
[2] https://github.com/blacktop/virustotal-api/blob/master/setup.py#L25
[3] https://ci.debian.net/packages/p/python-virustotal-api/



signature.asc
Description: OpenPGP digital signature

Bug#923473: marked as done (exiv2: CVE-2019-9144)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 09:21:18 +
with message-id 
and subject line Bug#923473: fixed in exiv2 0.27.2-8
has caused the Debian Bug report #923473,
regarding exiv2: CVE-2019-9144
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
923473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923473
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: exiv2
Version: 0.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Exiv2/exiv2/issues/712

Hi,

The following vulnerability was published for exiv2.

CVE-2019-9144[0]:
| An issue was discovered in Exiv2 0.27. There is infinite recursion at
| BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be
| triggered by a crafted file. It allows an attacker to cause Denial of
| Service (Segmentation fault) or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9144
[1] https://github.com/Exiv2/exiv2/issues/712

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.27.2-8

We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 923...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pino Toscano  (supplier of updated exiv2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 30 Jan 2020 09:39:44 +0100
Source: exiv2
Architecture: source
Version: 0.27.2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team 
Changed-By: Pino Toscano 
Closes: 923472 923473 936496 950183
Changes:
 exiv2 (0.27.2-8) unstable; urgency=medium
 .
   * Team upload.
   * Update symbols file from the logs of buildds.
   * Merge useful changes from 0.25-4:
 - add Maximiliano Curia as Uploader
 - adjust version of dbgsym migration
   * Drop the python:native build dependency, as it is not used.
 (Closes: #936496)
   * Sort install files.
   * Move the static libexiv2-xmp.a from libexiv2-27 to libexiv2-dev, as it is
 needed only for development
 - add proper breaks/replaces
   * The current way to build the API documentation is suboptimal: even in
 -indep builds a an -arch build is forced; also the separate doc build
 requires a custom patch, Instead:
 - move the common arguments for cmake to a variable to avoid duplication
 - pass -DEXIV2_BUILD_DOC=ON to enable the documentation build, unless on
   -arch builds
 - pass -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/exiv2/html to cmake to change
   the installation directory of the documentation (mostly for the "html"
   part), and change libexiv2-doc.docs to pick it from that location
 - call the "doc" target in -indep builds
 - drop patch 0001-doc-only-build-target.patch, no more needed now
   * Remove patch numbers from patch files.
   * Backport upstream commits 4c28673b641d7eacb50baafb5c286f6900ce2002, and
 d4d4d766e9ade2376115eb41cc478eb195df1b39 to fix CVE-2019-9143 and
 CVE-2019-9144; patches Fix-issue-712.patch, and
 Add-comment-to-explain-choice-of-cut-off-value.patch.
 (Closes: #923472, #923473)
   * Backport upstream commit 1b917c3f7dd86336a9f6fda4456422c419dfe88c to fix
 CVE-2019-20421; patch Fix-1011-fix_1011_jp2_readmetadata_loop.patch.
 (Closes: #950183)
   * Add debian/source/include-binaries for the patches Fix-issue-712.patch, and
 Fix-1011-fix_1011_jp2_readmetadata_loop.patch, as they contain the binary
 testcases for the fixes.
Checksums-Sha1:
 0157d3a6857e9717705a7efaf54dacc4fca9948a 2254 exiv2_0.27.2-8.dsc
 0ecfa62436e4f5019a710c824a99dd59f4852479 27656 exiv2_0.27.2-8.debian.tar.xz
 55726d48528cb216e0e09b0f84af46d76641e74b 7232 exiv2_0.27.2-8_source.buildinfo
Checksums-Sha256:
 aebebbe6355fb4edb2de3f29e61d0df52ef50ff2b8ae9cd44bd564d99d105402 2254 

Bug#923472: marked as done (exiv2: CVE-2019-9143)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jan 2020 09:21:18 +
with message-id 
and subject line Bug#923472: fixed in exiv2 0.27.2-8
has caused the Debian Bug report #923472,
regarding exiv2: CVE-2019-9143
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
923472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923472
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: exiv2
Version: 0.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Exiv2/exiv2/issues/711

Hi,

The following vulnerability was published for exiv2.

CVE-2019-9143[0]:
| An issue was discovered in Exiv2 0.27. There is infinite recursion at
| Exiv2::Image::printTiffStructure in the file image.cpp. This can be
| triggered by a crafted file. It allows an attacker to cause Denial of
| Service (Segmentation fault) or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9143
[1] https://github.com/Exiv2/exiv2/issues/711

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.27.2-8

We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 923...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pino Toscano  (supplier of updated exiv2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 30 Jan 2020 09:39:44 +0100
Source: exiv2
Architecture: source
Version: 0.27.2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team 
Changed-By: Pino Toscano 
Closes: 923472 923473 936496 950183
Changes:
 exiv2 (0.27.2-8) unstable; urgency=medium
 .
   * Team upload.
   * Update symbols file from the logs of buildds.
   * Merge useful changes from 0.25-4:
 - add Maximiliano Curia as Uploader
 - adjust version of dbgsym migration
   * Drop the python:native build dependency, as it is not used.
 (Closes: #936496)
   * Sort install files.
   * Move the static libexiv2-xmp.a from libexiv2-27 to libexiv2-dev, as it is
 needed only for development
 - add proper breaks/replaces
   * The current way to build the API documentation is suboptimal: even in
 -indep builds a an -arch build is forced; also the separate doc build
 requires a custom patch, Instead:
 - move the common arguments for cmake to a variable to avoid duplication
 - pass -DEXIV2_BUILD_DOC=ON to enable the documentation build, unless on
   -arch builds
 - pass -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/exiv2/html to cmake to change
   the installation directory of the documentation (mostly for the "html"
   part), and change libexiv2-doc.docs to pick it from that location
 - call the "doc" target in -indep builds
 - drop patch 0001-doc-only-build-target.patch, no more needed now
   * Remove patch numbers from patch files.
   * Backport upstream commits 4c28673b641d7eacb50baafb5c286f6900ce2002, and
 d4d4d766e9ade2376115eb41cc478eb195df1b39 to fix CVE-2019-9143 and
 CVE-2019-9144; patches Fix-issue-712.patch, and
 Add-comment-to-explain-choice-of-cut-off-value.patch.
 (Closes: #923472, #923473)
   * Backport upstream commit 1b917c3f7dd86336a9f6fda4456422c419dfe88c to fix
 CVE-2019-20421; patch Fix-1011-fix_1011_jp2_readmetadata_loop.patch.
 (Closes: #950183)
   * Add debian/source/include-binaries for the patches Fix-issue-712.patch, and
 Fix-1011-fix_1011_jp2_readmetadata_loop.patch, as they contain the binary
 testcases for the fixes.
Checksums-Sha1:
 0157d3a6857e9717705a7efaf54dacc4fca9948a 2254 exiv2_0.27.2-8.dsc
 0ecfa62436e4f5019a710c824a99dd59f4852479 27656 exiv2_0.27.2-8.debian.tar.xz
 55726d48528cb216e0e09b0f84af46d76641e74b 7232 exiv2_0.27.2-8_source.buildinfo
Checksums-Sha256:
 

Processed: Re: Bug#947296: mercurial-keyring: Python2 removal in sid/bullseye

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #947296 [src:mercurial-keyring] mercurial-keyring: Python2 removal in 
sid/bullseye
Severity set to 'serious' from 'normal'

-- 
947296: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947296
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#950221: natsort 6.0 doesn't support Python 3.8

[Matthias Klose]

Package: src:natsort
Version: 6.0.0-1.2
Severity: serious
Tags: sid bullseye
User: debian-pyt...@lists.debian.org
Usertags: python3.8

natsort 6.0 doesn't support Python 3.8, 6.2 is the first version supporting it.
There's also a 7.0 release.

Bug#937049: mini-buildd: Python2 removal in sid/bullseye

[Dmitry Shachnev]

On Fri, Aug 30, 2019 at 07:26:40AM +, Matthias Klose wrote:
> Package: src:mini-buildd
> Version: 1.0.41
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lists.debian.org/debian-python/2019/07/msg00080.html
>
> Your package either build-depends, depends on Python2, or uses Python2
> in the autopkg tests.  Please stop using Python2, and fix this issue
> by one of the following actions.

setuptools-scm has removed Python 2 support (see #938470), so python-keyring
build-dependencies are no longer satisfiable.

Thus I am going to remove Python 2 support from python-keyring. That support
will be removed in 10 days from now, on some day after 2020-02-09.

--
Dmitry Shachnev


signature.asc
Description: PGP signature