Bug#1010493: marked as done (ltrace: FTBFS on mipsel: directive argument is null)
Your message dated Sun, 08 May 2022 00:49:01 + with message-id and subject line Bug#1010493: fixed in ltrace 0.7.3-6.3 has caused the Debian Bug report #1010493, regarding ltrace: FTBFS on mipsel: directive argument is null to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ltrace Version: 0.7.3-6.1 Severity: serious Tags: ftbfs Justification: FTBFS X-Debbugs-Cc: Guilherme de Paula Xavier Segundo , Joao Eriberto Mota Filho Dear all, Thanks for fixing RC bugs in your package. However, the last upload of ltrace failed to build from source on mipsel, while it built there successfully in the past. Can you please have a look? Paul https://buildd.debian.org/status/fetch.php?pkg=ltrace&arch=mipsel&ver=0.7.3-6.2&stamp=1649617481&raw=0 Making all in mips make[5]: Entering directory '/<>/sysdeps/linux-gnu/mips' /bin/bash ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c -o plt.lo plt.c /bin/bash ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c -o regs.lo regs.c /bin/bash ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c -o trace.lo trace.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c plt.c -fPIC -DPIC -o .libs/plt.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c regs.c -fPIC -DPIC -o .libs/regs.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c trace.c -fPIC -DPIC -o .libs/trace.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c regs.c -o regs.o >/dev/null 2>&1 In file included from /usr/include/stdio.h:866, from ../../../common.h:30, from plt.c:30: In function ‘fprintf’, inlined from ‘arch_elf_add_plt_entry’ at plt.c:359:3: /usr/include/mipsel-linux-gnu/bits/stdio2.h:105:10: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 105 | return __fprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, | ^~~~ 106 | __va_arg_pack ()); | ~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../sysdeps/linux-gnu/mips -I../../../sysdeps/linux-gnu -I../../../sysdeps -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wsign-compare -Wfloat-equal -Wformat-security -Werror -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c trace.c -o t
Bug#929983: bug 929983: ipxe-qemu: virtio booting no longer works after upgrade to buster
Paul Gevers dixit: > On 07-05-2022 10:53, Michael Tokarev wrote: Huh, didn't get that message. >> In this bugreport, I see it is/was broken with -machine pc-1.1. >> There's no indication if it is broken with other machine types. As >> of qemu 5.2 (bullseye) machine types below pc-1.3 are deprecated, and >> in 7.0 (current bookworm) they're removed. This is rather bad, this will break existing VMs on upgrade with almost certainly zero clues why. > Do you agree with this assessment of the bug you reported? If so, > let's tag this bug with buster and bullseye as indeed I conclude it's > not a bug in bookworm then. I'd rather consider this a second RC bug in bookworm, if so. I'm currently in a really bad situation to look at anything in detail (waiting for my brain to remember the luks password of my work laptop), please excuse brevity. bye, //mirabilos -- Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~ (as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)
Bug#1010698: stunnel4: debci testsuite fails after openssl version update.
On 2022-05-07 20:52:41 [+0200], Paul Gevers wrote: > Hi Sebastian, Hi Paul, > On 07-05-2022 18:22, Sebastian Andrzej Siewior wrote: > > Usertags: flaky > > Why do you conclude that? Normally we call something flaky if it has a > reasonable amount of failures in pure testing environments (so no migration > runs). I'm not seeing that for tunnel4 on amd64, nor arm64. Maybe I missunderstood. According to the tracking page, it failed everywhere: | autopkgtest for stunnel4/3:5.63-1: | amd64: Regression ♻ (reference ♻), | arm64: Regression ♻ (reference ♻), | armhf: Regression ♻ (reference ♻), | i386: Regression ♻ (reference ♻), | ppc64el: Regression ♻ (reference ♻), | s390x: Regression ♻ (reference ♻) Does this mean flaky or is this something in case it fails _always_ and not just randomly swi-prolog/8.4.2+dfsg-2 on i386 while it passed on other arches. > > that the error is that it was compiled against one version (1.1.1n) > > and then tested against another version (1.1.1o)? > > stunnel4 -version reports: > > | Compiled with OpenSSL 1.1.1n 15 Mar 2022 > > | Running with OpenSSL 1.1.1o 3 May 2022 > > > > and it is fine, the ABI is stable. > > If your claim is true (and I trust it is), I do agree that it seems that the > test (and I guess this comes from a runtime check) is too strict. Retitling > accordingly. Oki, thanks. > Paul Sebastian
Bug#1010698: stunnel4: debci testsuite fails after openssl version update.
Control: stunnel4: runtime check on openssl too tight Hi Sebastian, On 07-05-2022 18:22, Sebastian Andrzej Siewior wrote: Usertags: flaky Why do you conclude that? Normally we call something flaky if it has a reasonable amount of failures in pure testing environments (so no migration runs). I'm not seeing that for tunnel4 on amd64, nor arm64. The debci testsuite failed for all architectures after the recent openssl upload https://ci.debian.net/data/autopkgtest/testing/amd64/s/stunnel4/21436404/log.gz Am I right to assume as per | logs/results.log:DEBUG: 2022-05-07 04:07:41,445: [get_version] Trying to obtain the version of /tmp/autopkgtest-lxc.algiqp59/downtmp/build.oOV/src/tests/../src/stunnel | logs/results.log:DEBUG: 2022-05-07 04:07:41,446: [get_version] Started `/tmp/autopkgtest-lxc.algiqp59/downtmp/build.oOV/src/tests/../src/stunnel -version` as process 1544 | logs/results.log:CRITICAL: 2022-05-07 04:07:41,449: [main] Something went wrong: Stunnel was compiled and run with various OpenSSL versions … | autopkgtest [04:07:41]: test upstream: ---] | upstream FAIL non-zero exit status 1 | autopkgtest [04:07:41]: test upstream: - - - - - - - - - - results - - - - - - - - - - | autopkgtest [04:07:41]: summary | debian-pythonPASS | upstream FAIL non-zero exit status 1 that the error is that it was compiled against one version (1.1.1n) and then tested against another version (1.1.1o)? stunnel4 -version reports: | Compiled with OpenSSL 1.1.1n 15 Mar 2022 | Running with OpenSSL 1.1.1o 3 May 2022 and it is fine, the ABI is stable. If your claim is true (and I trust it is), I do agree that it seems that the test (and I guess this comes from a runtime check) is too strict. Retitling accordingly. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1003568: marked as done (python3-flasgger: Depends on python3-mistune 0.8.4 which is deprecated)
Your message dated Sat, 07 May 2022 18:19:33 + with message-id and subject line Bug#1003568: fixed in python-flasgger 0.9.5+dfsg.2-2 has caused the Debian Bug report #1003568, regarding python3-flasgger: Depends on python3-mistune 0.8.4 which is deprecated to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003568: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003568 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python3-flasgger Severity: wishlist Dear maintainer, Your package python3-flasgger depends on python3-mistune 0.8.4 which is no longer maintained and deprecated in favour of version 2.0.0. As python3-mistune 2.0.0 is not backward compatible, I reverted the upload of it that I did in unstable and python3-mistune 0.8.4 will stay around a bit longer. In the meantime, please try to see if upstream of python3-flasgger either released a version that is compatible with python3-mistune 2.0.0 or if python3-flasgger can easily be fixed to support such a version. As soon as you're ready to upload your package please update this bug report and we'll try to coordinate so that I release python3-mistune at a time that is fit for you to also release python3-flasgger. I intend to upload src:mistune 2.0.0 to unstable between March the 15th and April the 15th (depending on the progress of its reverse-dependencies). I'll raise the severity of this bug approximately a month before making such an upload. Please don't hesitate to contact me if you have any suggestion or if I missed something. In particular this is my first mass-bug filling, so I may have done some things wrong. Apologies if I did so. Thanks a log for your work on python3-flasgger. -- Pierre-Elliott Bécue --- End Message --- --- Begin Message --- Source: python-flasgger Source-Version: 0.9.5+dfsg.2-2 Done: Marcos Fouces We believe that the bug you reported is fixed in the latest version of python-flasgger, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marcos Fouces (supplier of updated python-flasgger package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 07 May 2022 14:27:28 +0200 Source: python-flasgger Architecture: source Version: 0.9.5+dfsg.2-2 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Marcos Fouces Closes: 1003568 Changes: python-flasgger (0.9.5+dfsg.2-2) unstable; urgency=medium . * Set Depends and Build-Depends from pyhton3-mistune to python3-mistune0. (Closes: #1003568). * Remove ununsed Lintian overrides. * Fix target for Lintian override in source package. * Bump to Standards-Version 4.6.0 (no changes required). * Update copyright years. Checksums-Sha1: 80cf768814cc9e6476568fd80fefc91aaafa029d 2196 python-flasgger_0.9.5+dfsg.2-2.dsc fcdba65247d044187ced4cb517290d5f2a775df7 3076988 python-flasgger_0.9.5+dfsg.2-2.debian.tar.xz 85491bdd68557427eb20a0a603cbdfed8c53ba3b 7478 python-flasgger_0.9.5+dfsg.2-2_source.buildinfo Checksums-Sha256: c19ff836e938d0a635bf7ca7e6c37d3f6ff6cee516085e60600d920de1630366 2196 python-flasgger_0.9.5+dfsg.2-2.dsc fb5a6f102d25ce01e77f2bf70795692add3ff885cfc33a13471dfa2a7a96de5f 3076988 python-flasgger_0.9.5+dfsg.2-2.debian.tar.xz ceaacf1e6afefec9f7146d315ee32af1ed187db3a8264e7b90ae27ba85386f70 7478 python-flasgger_0.9.5+dfsg.2-2_source.buildinfo Files: ca547a6e10d83a8b822e216f8ae9d03e 2196 python optional python-flasgger_0.9.5+dfsg.2-2.dsc 3dd6cb07d4a4fc7f0a9d274179ce87a6 3076988 python optional python-flasgger_0.9.5+dfsg.2-2.debian.tar.xz e6d686d7ef9168497940145cba5ba635 7478 python optional python-flasgger_0.9.5+dfsg.2-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfLiv/VYDL+NaNH0uasy9D6O3RHwFAmJ2tJAACgkQasy9D6O3 RHx3bw/+L3zHvI55z7dJgLPRjwlfStgJ8RRrO9lc+vvzSvqb8HlUwXr9qyeTb9oa 5tGluz3v96hI9h1vS/NgFp7ULdCVn6xCsceQ7eGzwf4yL3wUyr0XHaXeCuCdAcTW r4OfBOCPN+JULZnFcqDEYZLjO1YXqrQ4GlZz0Rc1+tUp+zHknHmZomOPPJlhQmTD /Ak6SQiWY5ZDvjYLHygM8Uk7EFKIWK2+vl5GnapwVvHH800lJF1vq1a0A7oFDhIf 1GHUH51tfpmB/mxTaZGXRk4cAqRXailWtY4jl1fU/VWBaxtCxx7Qt
Bug#1010703: haskell-hashable: FTBFS on i386: unrecognized 'configure' option `-D_FILE_OFFSET_BITS=64'
Source: haskell-hashable Version: 1.3.0.0-2 Severity: serious >From my build log (in an i386 container, and haskell-devscripts version was 0.16.14): ... debian/rules binary-arch test -x debian/rules dh_testroot dh_prep dh_installdirs -A mkdir -p "." CDBS WARNING:DEB_DH_STRIP_ARGS is deprecated since 0.4.85 CDBS WARNING:DEB_COMPRESS_EXCLUDE is deprecated since 0.4.85 Adding cdbs dependencies to debian/libghc-hashable-dev.substvars dh_installdirs -plibghc-hashable-dev \ perl -d:Confess -MDebian::Debhelper::Buildsystem::Haskell::Recipes=/.*/ \ -E 'make_setup_recipe' Running ghc --make Setup.hs -o debian/hlibrary.setup [1 of 1] Compiling Main ( Setup.hs, Setup.o ) Linking debian/hlibrary.setup ... perl -d:Confess -MDebian::Debhelper::Buildsystem::Haskell::Recipes=/.*/ \ -E 'configure_recipe; build_recipe; haddock_recipe; check_recipe' Running find . ! -newer /tmp/V8FdEAcJVW -exec touch -d "1998-01-01 UTC" {} ; Running dh_listpackages libghc-hashable-dev libghc-hashable-prof libghc-hashable-doc Running dh_listpackages libghc-hashable-dev libghc-hashable-prof libghc-hashable-doc Running dpkg-buildflags --get LDFLAGS -Wl,-z,relro Running debian/hlibrary.setup configure --ghc -v2 --package-db=/var/lib/ghc/package.conf.d --prefix=/usr --libdir=/usr/lib/haskell-packages/ghc/lib --libexecdir=/usr/lib --builddir=dist-ghc --ghc-option=-optl-Wl,-z,relro --haddockdir=/u sr/lib/ghc-doc/haddock/hashable-1.3.0.0/ --datasubdir=hashable --htmldir=/usr/share/doc/libghc-hashable-doc/html/ --enable-library-profiling --hsc2hs-options=-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 --gcc-options=-D_LARGEFILE_SOURCE - D_FILE_OFFSET_BITS=64 --ghc-options=-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -optc -D_LARGEFILE_SOURCE -optc -D_FILE_OFFSET_BITS=64 Non-zero exit code 1. unrecognized 'configure' option `-D_FILE_OFFSET_BITS=64' unrecognized 'configure' option `-D_FILE_OFFSET_BITS=64' unrecognized 'configure' option `-D_FILE_OFFSET_BITS=64' unrecognized 'configure' option `-optc' unrecognized 'configure' option `-D_LARGEFILE_SOURCE' unrecognized 'configure' option `-optc' unrecognized 'configure' option `-D_FILE_OFFSET_BITS=64' at /usr/share/perl5/Debian/Debhelper/Buildsystem/Haskell/Recipes.pm line 106. Debian::Debhelper::Buildsystem::Haskell::Recipes::run_quiet("debian/hlibrary.setup", "configure", "--ghc", "-v2", "--package-db=/var/lib/ghc/package.conf.d", "--prefix=/usr", "--libdir=/usr/lib/haskell-packages/ghc/lib", "--libe xecdir=/usr/lib", ...) called at /usr/share/perl5/Debian/Debhelper/Buildsystem/Haskell/Recipes.pm line 130 Debian::Debhelper::Buildsystem::Haskell::Recipes::run("debian/hlibrary.setup", "configure", "--ghc", "-v2", "--package-db=/var/lib/ghc/package.conf.d", "--prefix=/usr", "--libdir=/usr/lib/haskell-packages/ghc/lib", "--libexecdir =/usr/lib", ...) called at /usr/share/perl5/Debian/Debhelper/Buildsystem/Haskell/Recipes.pm line 629 Debian::Debhelper::Buildsystem::Haskell::Recipes::configure_recipe() called at -e line 1 make: *** [/usr/share/cdbs/1/class/hlibrary.mk:153: build-ghc-stamp] Error 25 dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit status 2 -- Daniel Schepler
Bug#1009387: fbset: FTBFS: modes.tab.c:132:3: error: expected identifier at end of input
Hi Lucas, On Tue, Apr 12, 2022 at 07:45:35PM +0200, Lucas Nussbaum wrote: > Source: fbset > Version: 2.1-32 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20220412 ftbfs-bookworm > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. Can you please recheck this one. I was looking at this one today and did not see any build failure with sbuild. >From my build: +--+ | Summary | +--+ Autopkgtest: no tests Build Architecture: amd64 Build Type: full Build-Space: 2692 Build-Time: 3 Distribution: unstable Host Architecture: amd64 Install-Time: 21 Job: /home/sudip/debian/fbset/fbset_2.1-33.dsc Lintian: warn Machine Architecture: amd64 Package: fbset Package-Time: 28 Source-Version: 2.1-33 Space: 2692 Status: successful Version: 2.1-33 Finished at 2022-05-07T17:09:11Z Build needed 00:00:28, 2692k disk space -- Regards Sudip
Bug#1010698: stunnel4: debci testsuite fails after openssl version update.
Package: stunnel4 Version: 3:5.63-1 Severity: serious User: debian...@lists.debian.org Usertags: flaky The debci testsuite failed for all architectures after the recent openssl upload https://ci.debian.net/data/autopkgtest/testing/amd64/s/stunnel4/21436404/log.gz Am I right to assume as per | logs/results.log:DEBUG: 2022-05-07 04:07:41,445: [get_version] Trying to obtain the version of /tmp/autopkgtest-lxc.algiqp59/downtmp/build.oOV/src/tests/../src/stunnel | logs/results.log:DEBUG: 2022-05-07 04:07:41,446: [get_version] Started `/tmp/autopkgtest-lxc.algiqp59/downtmp/build.oOV/src/tests/../src/stunnel -version` as process 1544 | logs/results.log:CRITICAL: 2022-05-07 04:07:41,449: [main] Something went wrong: Stunnel was compiled and run with various OpenSSL versions … | autopkgtest [04:07:41]: test upstream: ---] | upstream FAIL non-zero exit status 1 | autopkgtest [04:07:41]: test upstream: - - - - - - - - - - results - - - - - - - - - - | autopkgtest [04:07:41]: summary | debian-pythonPASS | upstream FAIL non-zero exit status 1 that the error is that it was compiled against one version (1.1.1n) and then tested against another version (1.1.1o)? stunnel4 -version reports: | Compiled with OpenSSL 1.1.1n 15 Mar 2022 | Running with OpenSSL 1.1.1o 3 May 2022 and it is fine, the ABI is stable. Sebastian
Bug#1010697: hydrapaper: Fails to launch (no module named 'PIL')
Package: hydrapaper Version: 2.0.2-1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: clay.kim...@gmail.com Dear Maintainer, hydrapaper fails to launch. It fails silently when launched from GNOME but gives the following error message when launched from the terminal: Traceback (most recent call last): File "/usr/bin/hydrapaper", line 69, in from hydrapaper import __main__ File "/usr/lib/python3/dist-packages/hydrapaper/__main__.py", line 6, in from .app_window import HydraPaperAppWindow File "/usr/lib/python3/dist-packages/hydrapaper/app_window.py", line 3, in from .main_stack import HydraPapaerMainStack File "/usr/lib/python3/dist-packages/hydrapaper/main_stack.py", line 3, in from .wallpapers_flowbox import HydraPaperWallpapersFlowbox File "/usr/lib/python3/dist-packages/hydrapaper/wallpapers_flowbox.py", line 4, in from .wallpaper_flowbox_item import WallpaperBox File "/usr/lib/python3/dist-packages/hydrapaper/wallpaper_flowbox_item.py", line 5, in from PIL import Image ModuleNotFoundError: No module named 'PIL' Installing python3-pil solves the issue. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.17.0-1-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages hydrapaper depends on: ii dconf-gsettings-backend [gsettings-backend] 0.40.0-3 ii gir1.2-handy-1 1.6.2-1 ii libhandy-1-0 1.6.2-1 ii python3 3.10.4-1+b1 ii python3-gi 3.42.1-1 hydrapaper recommends no packages. hydrapaper suggests no packages. -- no debconf information
Bug#1010215: closed by Georges Khaznadar (The new NMUed release is uploaded ...)
Hello Paul, I think that I found the clue: Python3.10 interprets the following lines -8<--- file src/einsteinpy.egg-info/requires.txt [:implementation_name == "cpython"] numba!=0.49.0,>=0.46 -8<-- no exactly as Python3.9 did, and the result of ${python3:Depends} includes python3-numba as a consequence. So I shall test another modification: wiring the Python3 dependencies, and declaring python3-numba as a recommendation. Best regards, Georges. Paul Gevers a écrit : > Hi, > > [Why not in the bug report? Feel free to quote me.] > > On 07-05-2022 15:44, Georges Khaznadar wrote: > > Paul Gevers a écrit : > > > Where are you seeing this? I only see failures: > > > https://ci.debian.net/packages/e/einsteinpy/ > > > > The tests are still failing for Salsa/CI; however the bug 1010215 was > > different: it was genuinely due to the wrong usage of the symbol np > > (defined after "import numpy as np"), instead of the string "numpy". > > This parameter finishes by reaching sympy.lamdify, and the current > > version of sympy does no longer tolerate this wrong usage. > > > > Please take a look at the begin of Bug#1010215's report for more > > information. > > > > I took the freedom to patch einsteinpy's test syntax because sympy was > > marked for AUTORM if nothing was done for a few weeks. > > > > Besides, you are true: now, the failed tests report a broken dependency > > on python-numba3, which is not yet compiled with/for Python3.10. > > Your NMU einsteinpy grew a *new* dependency on python3-numba, which has RC > bug 1000336 for a while already, so don't expect it to migrate. Hence, your > fix can't migrate to testing as-is. > > Paul -- Georges KHAZNADAR et Jocelyne FOURNIER 22 rue des mouettes, 59240 Dunkerque France. Téléphone +33 (0)3 28 29 17 70 signature.asc Description: PGP signature
Bug#1010215: closed by Georges Khaznadar (The new NMUed release is uploaded ...)
Hello Paul, Paul Gevers a écrit : > Hi, > > [Why not in the bug report? Feel free to quote me.] Fixed: This e-mail is Cc-ed to 1010...@bugs.debian.org; I did not pay attention to the Reply-To: field in the previous e-mail which was missing 1010...@bugs.debian.org > > On 07-05-2022 15:44, Georges Khaznadar wrote: > > Paul Gevers a écrit : > > > Where are you seeing this? I only see failures: > > > https://ci.debian.net/packages/e/einsteinpy/ > > > > The tests are still failing for Salsa/CI; however the bug 1010215 was > > different: it was genuinely due to the wrong usage of the symbol np > > (defined after "import numpy as np"), instead of the string "numpy". > > This parameter finishes by reaching sympy.lamdify, and the current > > version of sympy does no longer tolerate this wrong usage. > > > > Please take a look at the begin of Bug#1010215's report for more > > information. > > > > I took the freedom to patch einsteinpy's test syntax because sympy was > > marked for AUTORM if nothing was done for a few weeks. > > > > Besides, you are true: now, the failed tests report a broken dependency > > on python-numba3, which is not yet compiled with/for Python3.10. > > Your NMU einsteinpy grew a *new* dependency on python3-numba, which has RC > bug 1000336 for a while already, so don't expect it to migrate. Hence, your > fix can't migrate to testing as-is. Please accept my apologies: I accidentally modified the file src/einsteinpy.egg-info/requires.txt, and did not check thouroughly the patch's content. Now I reversed the modification, and I shall wait for the feedback of salsa/CI to decide whether my changes can be accepted. -- Georges KHAZNADAR et Jocelyne FOURNIER 22 rue des mouettes, 59240 Dunkerque France. Téléphone +33 (0)3 28 29 17 70 signature.asc Description: PGP signature
Processed: src:golang-github-sylabs-sif: fails to migrate to testing for too long: autopkgtest regression
Processing control commands: > close -1 2.3.1-3 Bug #1010691 [src:golang-github-sylabs-sif] src:golang-github-sylabs-sif: fails to migrate to testing for too long: autopkgtest regression Marked as fixed in versions golang-github-sylabs-sif/2.3.1-3. Bug #1010691 [src:golang-github-sylabs-sif] src:golang-github-sylabs-sif: fails to migrate to testing for too long: autopkgtest regression Marked Bug as done -- 1010691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010691 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1010691: src:golang-github-sylabs-sif: fails to migrate to testing for too long: autopkgtest regression
Source: golang-github-sylabs-sif Version: 1.0.9-2.1 Severity: serious Control: close -1 2.3.1-3 Tags: sid bookworm User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 60 days as having a Release Critical bug in testing [1]. Your package src:golang-github-sylabs-sif has been trying to migrate for 61 days [2]. Hence, I am filing this bug. Your package has an autopkgtest, but it started to fail with one of the recent uploads. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and bookworm, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html [2] https://qa.debian.org/excuses.php?package=golang-github-sylabs-sif OpenPGP_signature Description: OpenPGP digital signature
Bug#1010619: rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog server (receiver) components
Hi Michael, [looping in the sec-team for completeness] On Thu, May 05, 2022 at 10:19:38PM +0200, Michael Biebl wrote: > Am 05.05.22 um 17:10 schrieb Salvatore Bonaccorso: > > Source: rsyslog > > Version: 8.2204.0-1 > > Severity: grave > > Tags: security upstream > > Justification: user security hole > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > > > > Hi, > > > > The following vulnerability was published for rsyslog. Filling for now > > as grave, but we might downgrade. Probably affected configurations are > > not that common if I understood correctly, the advisory has some > > comments about it as well[1]. > > Yeah, I think this feature is obscure enough (and not enabled by default) > that non-RC severity is fine. Thinking a bit more on it I see two aspects: * Usually following recommendations one should not expose recievers to public, which makes the risk considerably lower. * Though still reciervers enable octed-framing by default. So I think to leave the severity actually as it is, and consider it RC and at earliest point possible for you either do a cherry-picked upload on top of 8.2204.0-1 or just upload 8.2204.1 to unstable, I htink I would prefer the later. Secondly, about releasing a DSA, still slight borderline, but I think we would be safer to release one. I can help rpepare updates for bullseye and buster here if needed and wanted. I the git repository I see 8.2102.0-2+deb11u1 as released for bullseye but this change actually never landed to bullseye and was not acked by SRM? Regards, Salvatore
Processed: Re: Bug#1010215 closed by Georges Khaznadar (The new NMUed release is uploaded ...)
Processing commands for cont...@bugs.debian.org: > reassign 1010215 src:einsteinpy 0.3.0-2 Bug #1010215 {Done: Georges Khaznadar } [src:sympy, src:einsteinpy] sympy breaks einsteinpy autopkgtest: name 'numpy' is not defined Bug reassigned from package 'src:sympy, src:einsteinpy' to 'src:einsteinpy'. No longer marked as found in versions einsteinpy/0.3.0-2 and sympy/1.10.1-1. Ignoring request to alter fixed versions of bug #1010215 to the same values previously set Bug #1010215 {Done: Georges Khaznadar } [src:einsteinpy] sympy breaks einsteinpy autopkgtest: name 'numpy' is not defined Marked as found in versions einsteinpy/0.3.0-2. > fixed 1010215 0.3.0-2.2 Bug #1010215 {Done: Georges Khaznadar } [src:einsteinpy] sympy breaks einsteinpy autopkgtest: name 'numpy' is not defined Marked as fixed in versions einsteinpy/0.3.0-2.2. > affects 1010215 src:sympy Bug #1010215 {Done: Georges Khaznadar } [src:einsteinpy] sympy breaks einsteinpy autopkgtest: name 'numpy' is not defined Added indication that 1010215 affects src:sympy > thanks Stopping processing here. Please contact me if you need assistance. -- 1010215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1010215: closed by Georges Khaznadar (The new NMUed release is uploaded ...)
Dear Georges, On 06-05-2022 18:03, Debian Bug Tracking System wrote: From: Georges Khaznadar Date: 06-05-2022 17:59 To: 1010215-d...@bugs.debian.org and sucessfully passes the tests. Where are you seeing this? I only see failures: https://ci.debian.net/packages/e/einsteinpy/ I'm guessing you mean that we need einsteinpy and sympy together from unstable in testing. It seems that the test of einsteinpy broke in testing when testing with unstable because of a broken python-numba (but that's for another bug). Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#929983: bug 929983: ipxe-qemu: virtio booting no longer works after upgrade to buster
Dear Thorsten, On 07-05-2022 10:53, Michael Tokarev wrote: 06.05.2022 19:49, Mike Gabriel wrote: .. at least the bugtitle is far to unprecise. Here, I test Debian Edu bullseye really heavily and integrate FAI in Debian Edu. The FAI installer and also the diskless machines I very often boot via iPXE/QEMU. In Debian 11 (and probably beyond), PXE booting in QEMU works, for BIOS legacy VMs as well as for UEFI based VMs. In this bugreport, I see it is/was broken with -machine pc-1.1. There's no indication if it is broken with other machine types. As of qemu 5.2 (bullseye) machine types below pc-1.3 are deprecated, and in 7.0 (current bookworm) they're removed. Do you agree with this assessment of the bug you reported? If so, let's tag this bug with buster and bullseye as indeed I conclude it's not a bug in bookworm then. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#929983: bug 929983: ipxe-qemu: virtio booting no longer works after upgrade to buster
06.05.2022 19:49, Mike Gabriel wrote: .. at least the bugtitle is far to unprecise. Here, I test Debian Edu bullseye really heavily and integrate FAI in Debian Edu. The FAI installer and also the diskless machines I very often boot via iPXE/QEMU. In Debian 11 (and probably beyond), PXE booting in QEMU works, for BIOS legacy VMs as well as for UEFI based VMs. In this bugreport, I see it is/was broken with -machine pc-1.1. There's no indication if it is broken with other machine types. As of qemu 5.2 (bullseye) machine types below pc-1.3 are deprecated, and in 7.0 (current bookworm) they're removed. /mjt
Bug#1010634: marked as done (slurm-wlm: CVE-2022-29500)
Your message dated Sat, 07 May 2022 07:19:05 + with message-id and subject line Bug#1010634: fixed in slurm-wlm 21.08.8.2-1 has caused the Debian Bug report #1010634, regarding slurm-wlm: CVE-2022-29500 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010634 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: slurm-wlm Version: 21.08.7-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 20.11.7+really20.11.4-2 Hi, The following vulnerability was published for slurm-wlm. CVE-2022-29500[0]: | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control | that leads to Information Disclosure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-29500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29500 [1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html [2] https://github.com/SchedMD/slurm/commit/500787548cf3da22cc69ca2111ce51f77543849b Regards, Salvatore --- End Message --- --- Begin Message --- Source: slurm-wlm Source-Version: 21.08.8.2-1 Done: Gennaro Oliva We believe that the bug you reported is fixed in the latest version of slurm-wlm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gennaro Oliva (supplier of updated slurm-wlm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 06 May 2022 21:14:09 +0200 Source: slurm-wlm Architecture: source Version: 21.08.8.2-1 Distribution: unstable Urgency: medium Maintainer: Debian HPC Team Changed-By: Gennaro Oliva Closes: 1010632 1010633 1010634 Changes: slurm-wlm (21.08.8.2-1) unstable; urgency=medium . * New upstream release fixes CVE-2022-29500, CVE-2022-29501 and CVE-2022-29502 (Closes: #1010632, #1010633, #1010634) * Update libslurm symbols file Checksums-Sha1: 257db3912e4e6ac9fd49637806c454e49fe9505d 3752 slurm-wlm_21.08.8.2-1.dsc f7687c11f024fbbe5399b93906d1179adc5c3fb6 9181981 slurm-wlm_21.08.8.2.orig.tar.gz 87b22595ec0da6f0fbf31f6461bad9da932f356e 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz d940c44bc07fd7039b5ff4f6c0895c9bc972a60c 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Checksums-Sha256: 38cab66ebf395ff38574e4d920856e4447663179a5c69b8dbf9eeab6c94be921 3752 slurm-wlm_21.08.8.2-1.dsc 876d7dfa716990d7e579cfb9c6ffc123258e03a1450e993ade596d2ee90afcdd 9181981 slurm-wlm_21.08.8.2.orig.tar.gz e4a14ddf0a848e5df55b3880f64d09518f205ddbc60fbde7d5353e5116a6dd6f 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz 85e54c44bac7288ec3df8ddd6eae48aecc0a55ea7490b4f16fae358cd805ee5e 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Files: ae169dff579e404a2f6066a538b43782 3752 admin optional slurm-wlm_21.08.8.2-1.dsc 14e7e5b80188b8b8829f3637110d4391 9181981 admin optional slurm-wlm_21.08.8.2.orig.tar.gz 6894085a03d275302d4cd5448a235461 131948 admin optional slurm-wlm_21.08.8.2-1.debian.tar.xz a9f15ddfdd04a433f9d5d994b57706d3 21992 admin optional slurm-wlm_21.08.8.2-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAmJ1eA8XHG9saXZhLmdA bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhddyyxAAoAF5AEn34cc5ApEGVgpbBdFj Jmd/lwG51wVL3z5qxIock+yfo8BE1rkM1YEIs6tAT2ZGcu1+kKNtgTz9MSOD/9Qj X2BpENXrzP3Vi3Jls5aAB1NcNrjQMNZAJazSPMyEgeZ51Fceq/Z3LvxvXJ/nEPrO HJlxM2oUNizRocy10Bt1duVBNvTiYIhmdGO/AMgJ7Wngb9zTHIwJ1YGJQGICIlVp ipqTZokD7uqQJ8ngH5H6qtqD2Eg+UfhfYH8fGsy4p45G8rxUdRZSa/TK476jjYoP obujlRR1vjMtYzu6bQVQzeURIcueZKowXZA807CSwli6dcKGX01jBUjnXZ/OICQl DvY2gtCUgXC7EXeUEkJheJ3kYRJEioxLbLuuHrJXlqeVR5ZNT22sxgnLv1yUTCAH PRDj5BlxCXOPw+2R58eEM8HiXQfrOI275FyIv65eMb5l6H2dMXxTJW7fjnd/zFyq WiBwoeUnEYZt5BScKk2CrNwVXBtBZor1O/7Ku1BcRk29rvHuSqlE5RiSroDTML1j 0u9vTkiJzbq1x0VnpZMphaqH6GbU8q4t04hSmN1n1x/XRk+Nfh6xZKpZ8OZlI9wu q/JdEi6bA4uQ3UGMPVnX+5xgDmp0cTWy1tnc7VmBw3QFS2miDGjJhEsA0e7XCmvN mpldlKLE790ss80enO
Bug#1010633: marked as done (slurm-wlm: CVE-2022-29501)
Your message dated Sat, 07 May 2022 07:19:05 + with message-id and subject line Bug#1010633: fixed in slurm-wlm 21.08.8.2-1 has caused the Debian Bug report #1010633, regarding slurm-wlm: CVE-2022-29501 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: slurm-wlm Version: 21.08.7-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 20.11.7+really20.11.4-2 Hi, The following vulnerability was published for slurm-wlm. CVE-2022-29501[0]: | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control | that leads to Escalation of Privileges and code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-29501 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29501 [1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html [2] https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12 Regards, Salvatore --- End Message --- --- Begin Message --- Source: slurm-wlm Source-Version: 21.08.8.2-1 Done: Gennaro Oliva We believe that the bug you reported is fixed in the latest version of slurm-wlm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gennaro Oliva (supplier of updated slurm-wlm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 06 May 2022 21:14:09 +0200 Source: slurm-wlm Architecture: source Version: 21.08.8.2-1 Distribution: unstable Urgency: medium Maintainer: Debian HPC Team Changed-By: Gennaro Oliva Closes: 1010632 1010633 1010634 Changes: slurm-wlm (21.08.8.2-1) unstable; urgency=medium . * New upstream release fixes CVE-2022-29500, CVE-2022-29501 and CVE-2022-29502 (Closes: #1010632, #1010633, #1010634) * Update libslurm symbols file Checksums-Sha1: 257db3912e4e6ac9fd49637806c454e49fe9505d 3752 slurm-wlm_21.08.8.2-1.dsc f7687c11f024fbbe5399b93906d1179adc5c3fb6 9181981 slurm-wlm_21.08.8.2.orig.tar.gz 87b22595ec0da6f0fbf31f6461bad9da932f356e 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz d940c44bc07fd7039b5ff4f6c0895c9bc972a60c 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Checksums-Sha256: 38cab66ebf395ff38574e4d920856e4447663179a5c69b8dbf9eeab6c94be921 3752 slurm-wlm_21.08.8.2-1.dsc 876d7dfa716990d7e579cfb9c6ffc123258e03a1450e993ade596d2ee90afcdd 9181981 slurm-wlm_21.08.8.2.orig.tar.gz e4a14ddf0a848e5df55b3880f64d09518f205ddbc60fbde7d5353e5116a6dd6f 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz 85e54c44bac7288ec3df8ddd6eae48aecc0a55ea7490b4f16fae358cd805ee5e 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Files: ae169dff579e404a2f6066a538b43782 3752 admin optional slurm-wlm_21.08.8.2-1.dsc 14e7e5b80188b8b8829f3637110d4391 9181981 admin optional slurm-wlm_21.08.8.2.orig.tar.gz 6894085a03d275302d4cd5448a235461 131948 admin optional slurm-wlm_21.08.8.2-1.debian.tar.xz a9f15ddfdd04a433f9d5d994b57706d3 21992 admin optional slurm-wlm_21.08.8.2-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAmJ1eA8XHG9saXZhLmdA bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhddyyxAAoAF5AEn34cc5ApEGVgpbBdFj Jmd/lwG51wVL3z5qxIock+yfo8BE1rkM1YEIs6tAT2ZGcu1+kKNtgTz9MSOD/9Qj X2BpENXrzP3Vi3Jls5aAB1NcNrjQMNZAJazSPMyEgeZ51Fceq/Z3LvxvXJ/nEPrO HJlxM2oUNizRocy10Bt1duVBNvTiYIhmdGO/AMgJ7Wngb9zTHIwJ1YGJQGICIlVp ipqTZokD7uqQJ8ngH5H6qtqD2Eg+UfhfYH8fGsy4p45G8rxUdRZSa/TK476jjYoP obujlRR1vjMtYzu6bQVQzeURIcueZKowXZA807CSwli6dcKGX01jBUjnXZ/OICQl DvY2gtCUgXC7EXeUEkJheJ3kYRJEioxLbLuuHrJXlqeVR5ZNT22sxgnLv1yUTCAH PRDj5BlxCXOPw+2R58eEM8HiXQfrOI275FyIv65eMb5l6H2dMXxTJW7fjnd/zFyq WiBwoeUnEYZt5BScKk2CrNwVXBtBZor1O/7Ku1BcRk29rvHuSqlE5RiSroDTML1j 0u9vTkiJzbq1x0VnpZMphaqH6GbU8q4t04hSmN1n1x/XRk+Nfh6xZKpZ8OZlI9wu q/JdEi6bA4uQ3UGMPVnX+5xgDmp0cTWy1tnc7VmBw3QFS2miDGjJhEsA0e7XCmvN
Bug#1010632: marked as done (slurm-wlm: CVE-2022-29502)
Your message dated Sat, 07 May 2022 07:19:04 + with message-id and subject line Bug#1010632: fixed in slurm-wlm 21.08.8.2-1 has caused the Debian Bug report #1010632, regarding slurm-wlm: CVE-2022-29502 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010632 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: slurm-wlm Version: 21.08.7-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for slurm-wlm. CVE-2022-29502[0]: | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control | that leads to Escalation of Privileges. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-29502 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29502 [1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html [2] https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e Regards, Salvatore --- End Message --- --- Begin Message --- Source: slurm-wlm Source-Version: 21.08.8.2-1 Done: Gennaro Oliva We believe that the bug you reported is fixed in the latest version of slurm-wlm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gennaro Oliva (supplier of updated slurm-wlm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 06 May 2022 21:14:09 +0200 Source: slurm-wlm Architecture: source Version: 21.08.8.2-1 Distribution: unstable Urgency: medium Maintainer: Debian HPC Team Changed-By: Gennaro Oliva Closes: 1010632 1010633 1010634 Changes: slurm-wlm (21.08.8.2-1) unstable; urgency=medium . * New upstream release fixes CVE-2022-29500, CVE-2022-29501 and CVE-2022-29502 (Closes: #1010632, #1010633, #1010634) * Update libslurm symbols file Checksums-Sha1: 257db3912e4e6ac9fd49637806c454e49fe9505d 3752 slurm-wlm_21.08.8.2-1.dsc f7687c11f024fbbe5399b93906d1179adc5c3fb6 9181981 slurm-wlm_21.08.8.2.orig.tar.gz 87b22595ec0da6f0fbf31f6461bad9da932f356e 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz d940c44bc07fd7039b5ff4f6c0895c9bc972a60c 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Checksums-Sha256: 38cab66ebf395ff38574e4d920856e4447663179a5c69b8dbf9eeab6c94be921 3752 slurm-wlm_21.08.8.2-1.dsc 876d7dfa716990d7e579cfb9c6ffc123258e03a1450e993ade596d2ee90afcdd 9181981 slurm-wlm_21.08.8.2.orig.tar.gz e4a14ddf0a848e5df55b3880f64d09518f205ddbc60fbde7d5353e5116a6dd6f 131948 slurm-wlm_21.08.8.2-1.debian.tar.xz 85e54c44bac7288ec3df8ddd6eae48aecc0a55ea7490b4f16fae358cd805ee5e 21992 slurm-wlm_21.08.8.2-1_amd64.buildinfo Files: ae169dff579e404a2f6066a538b43782 3752 admin optional slurm-wlm_21.08.8.2-1.dsc 14e7e5b80188b8b8829f3637110d4391 9181981 admin optional slurm-wlm_21.08.8.2.orig.tar.gz 6894085a03d275302d4cd5448a235461 131948 admin optional slurm-wlm_21.08.8.2-1.debian.tar.xz a9f15ddfdd04a433f9d5d994b57706d3 21992 admin optional slurm-wlm_21.08.8.2-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJLBAEBCgA1FiEE6zNF9WRBuLgad5h2ffpBrZYZhdcFAmJ1eA8XHG9saXZhLmdA bmEuaWNhci5jbnIuaXQACgkQffpBrZYZhddyyxAAoAF5AEn34cc5ApEGVgpbBdFj Jmd/lwG51wVL3z5qxIock+yfo8BE1rkM1YEIs6tAT2ZGcu1+kKNtgTz9MSOD/9Qj X2BpENXrzP3Vi3Jls5aAB1NcNrjQMNZAJazSPMyEgeZ51Fceq/Z3LvxvXJ/nEPrO HJlxM2oUNizRocy10Bt1duVBNvTiYIhmdGO/AMgJ7Wngb9zTHIwJ1YGJQGICIlVp ipqTZokD7uqQJ8ngH5H6qtqD2Eg+UfhfYH8fGsy4p45G8rxUdRZSa/TK476jjYoP obujlRR1vjMtYzu6bQVQzeURIcueZKowXZA807CSwli6dcKGX01jBUjnXZ/OICQl DvY2gtCUgXC7EXeUEkJheJ3kYRJEioxLbLuuHrJXlqeVR5ZNT22sxgnLv1yUTCAH PRDj5BlxCXOPw+2R58eEM8HiXQfrOI275FyIv65eMb5l6H2dMXxTJW7fjnd/zFyq WiBwoeUnEYZt5BScKk2CrNwVXBtBZor1O/7Ku1BcRk29rvHuSqlE5RiSroDTML1j 0u9vTkiJzbq1x0VnpZMphaqH6GbU8q4t04hSmN1n1x/XRk+Nfh6xZKpZ8OZlI9wu q/JdEi6bA4uQ3UGMPVnX+5xgDmp0cTWy1tnc7VmBw3QFS2miDGjJhEsA0e7XCmvN mpldlKLE790ss80enO4= =tYYO -END PGP SIGNATURE En