Bug#1069997: nginx: NGX_MODULE_SIGNATURE has changed on 32-bit t64 architectures, but the ${nginx:abi} substvar has not
Thanks for the report, I am preparing nginx release 1.26.0, and the updated ABI version will be part of it. Jan
Bug#999957: sniproxy: diff for NMU version 0.6.1+git20240321-0.1
Control: tags -1 +patch +pending
Dear maintainer,
I've prepared an NMU for sniproxy (versioned as 0.6.1+git20240321-0.1)
and uploaded it to DELAYED/14. Please feel free to tell me if I
should delay it longer.
Regards.
diff -Nru sniproxy-0.6.0/ChangeLog sniproxy-0.6.1+git20240321/ChangeLog
--- sniproxy-0.6.0/ChangeLog 2018-12-05 23:14:58.0 -0500
+++ sniproxy-0.6.1+git20240321/ChangeLog 2024-03-21 01:16:44.0 -0400
@@ -1,3 +1,9 @@
+2023-03-16 Dustin Lundquist
+ 0.6.1 Release
+
+ * Fix buffer overflow in address module
+ * Fix tests
+
2018-12-05 Dustin Lundquist
0.6.0 Release
diff -Nru sniproxy-0.6.0/configure.ac sniproxy-0.6.1+git20240321/configure.ac
--- sniproxy-0.6.0/configure.ac 2018-12-05 23:14:58.0 -0500
+++ sniproxy-0.6.1+git20240321/configure.ac 2024-03-21 01:16:44.0 -0400
@@ -1,83 +1,33 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
-AC_PREREQ([2.60])
-AC_INIT([sniproxy], [0.6.0])
-AC_CONFIG_SRCDIR([src/sniproxy.c])
-AC_CONFIG_MACRO_DIR([m4])
+AC_PREREQ([2.71])
+AC_INIT([sniproxy],[0.6.1])
AM_INIT_AUTOMAKE([subdir-objects])
AM_SILENT_RULES([yes])
-AC_GNU_SOURCE
+AC_USE_SYSTEM_EXTENSIONS
# Checks for programs.
-AC_PROG_CC_C99
-# Required by automake < 1.14
+AC_PROG_CC
AM_PROG_CC_C_O
# Checks for libraries.
-PKG_CHECK_MODULES([LIBEV], [libev], HAVE_LIBEV=yes; AC_DEFINE(HAVE_LIBEV, 1),
-[AC_LIB_HAVE_LINKFLAGS(ev,, [#include ], [ev_run(0,0);])
- if test x$ac_cv_libev = xyes; then
- AC_SUBST([LIBEV_LIBS], [$LIBEV])
- else
- AC_MSG_ERROR([[***
-*** libev4 was not found.
-***]])
- fi
-])
-
-PKG_CHECK_MODULES([LIBPCRE], [libpcre], HAVE_LIBPCRE=yes; AC_DEFINE(HAVE_LIBPCRE, 1),
-[AC_LIB_HAVE_LINKFLAGS(pcre,, [#include ], [pcre_exec(0,0,0,0,0,0,0,0);])
- if test x$ac_cv_libpcre = xyes; then
- AC_SUBST([LIBPCRE_LIBS], [$LIBPCRE])
- else
- AC_MSG_ERROR([[***
-*** libpcre was not found.
-***]])
- fi
-])
+AC_CHECK_LIB([ev], [ev_run])
+AC_CHECK_LIB([pcre2-8], [pcre2_compile_8], [],
+ [AC_CHECK_LIB([pcre], [pcre_exec])])
AC_ARG_ENABLE([dns],
- [AS_HELP_STRING([--disable-dns], [Disable DNS resolution])],
- [dns="$withval"], [dns=yes])
+ [AS_HELP_STRING([--enable-dns], [Enable DNS resolution])])
-AM_CONDITIONAL([DNS_ENABLED], [test "x$dns" = "xyes"])
+AM_CONDITIONAL([DNS_ENABLED], [test "$enable_dns"])
-AS_IF([test "x$dns" = "xyes"],
- [PKG_CHECK_MODULES([LIBUDNS], [libudns], HAVE_LIBUDNS=yes; AC_DEFINE(HAVE_LIBUDNS, 1),
- [AC_LIB_HAVE_LINKFLAGS(udns,, [#include ], [dns_init(0, 0);])
- AS_IF([test x$ac_cv_libudns = xyes], [AC_SUBST([LIBUDNS_LIBS], [$LIBUDNS])])
- ])
-])
+AS_IF([test "$enable_dns"],
+ [AC_CHECK_LIB([udns], [dns_init])])
AC_ARG_ENABLE([rfc3339-timestamps],
[AS_HELP_STRING([--enable-rfc3339-timestamps], [Enable RFC3339 timestamps])],
- [rfc3339_timestamps=${enableval}], [rfc3339_timestamps=no])
-
-AS_IF([test "x$rfc3339_timestamps" = "xyes"],
-[AC_DEFINE([RFC3339_TIMESTAMP], 1, [RFC3339 timestamps enabled])])
-
-# Checks for header files.
-AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h strings.h sys/socket.h sys/time.h syslog.h unistd.h],,
-AC_MSG_ERROR([required header(s) not found]))
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_C_INLINE
-AC_TYPE_PID_T
-AC_TYPE_UID_T
-AC_TYPE_SIZE_T
-AC_TYPE_SSIZE_T
-AC_TYPE_UINT16_T
-AC_TYPE_UINT8_T
-
-# Checks for library functions.
-AC_FUNC_FORK
-AC_FUNC_MALLOC
-AC_FUNC_REALLOC
-AC_FUNC_STRTOD
-AC_CHECK_FUNCS([atexit daemon memset socket strcasecmp strchr strdup strerror strncasecmp strrchr strspn strtoul],,
-AC_MSG_ERROR([required functions(s) not found]))
+ [AC_DEFINE([RFC3339_TIMESTAMP], 1, [RFC3339 timestamps enabled])])
AC_CHECK_FUNCS([accept4])
diff -Nru sniproxy-0.6.0/debian/changelog sniproxy-0.6.1+git20240321/debian/changelog
--- sniproxy-0.6.0/debian/changelog 2023-04-29 13:03:02.0 -0400
+++ sniproxy-0.6.1+git20240321/debian/changelog 2024-04-30 19:59:09.0 -0400
@@ -1,3 +1,20 @@
+sniproxy (0.6.1+git20240321-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream snapshot.
++ Add libpcre2 support.
+ * debian/: Bump to debhelper compat v13.
+ * debian/control: Use libpcre2. (Closes: #57)
+ * debian/control: Add placeholder ${misc:Pre-Depends}.
+ * debian/control: Drop obsolete dependency lsb-base.
+ * debian/control: Use pkgconf and Standards-Version 4.7.0.
+ * debian/gbp.conf: Relax requirement and allow different branch names.
+ * debian/patches: Dropped, merged upstream.
+ * debian/sniproxy.service: Force the program to run in foreground if
+launched by systemd service. (Closes: #1032295)
+
+ -- Boyuan Yang Tue, 30 Apr 2024 19:59:09 -0400
+
sniproxy (0.6.0-2.1) unstable; urgency=medium
* Non-maintainer upload by the LTS Team.
diff -Nru sniproxy-0.6.0/debian/compat sniproxy-0.6.1+git20240321/debian/compat
---
Processed: sniproxy: diff for NMU version 0.6.1+git20240321-0.1
Processing control commands: > tags -1 +patch +pending Bug #57 [src:sniproxy] sniproxy: depends on obsolete pcre3 library Added tag(s) patch. Bug #57 [src:sniproxy] sniproxy: depends on obsolete pcre3 library Added tag(s) pending. -- 57: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=57 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1070130: marked as done (python3-pycurl: SSL path issues - upstream bug)
Your message dated Tue, 30 Apr 2024 18:49:28 -0400 (EDT) with message-id and subject line Re: Bug#1070130: python3-pycurl: SSL path issues - upstream bug has caused the Debian Bug report #1070130, regarding python3-pycurl: SSL path issues - upstream bug to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1070130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, Please consider https://github.com/pycurl/pycurl/issues/834 pycurl 7.45.3 wheel not working for https in debian/ubuntu systems I confirm that the debian package for 7.45.3 fails sometimes to handle SSL connections, meanwhile 7.45.2 works properly always. Mabye it can be manually patched, or skip version 7.45.3 for debian. Thanks, -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (650, 'stable-security'), (600, 'stable'), (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'unstable'), (250, 'oldstable-security'), (200, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-pycurl depends on: ii libc62.37-18 ii libcurl4t64 8.7.1-3 ii libssl3t64 3.2.1-3 ii python3 3.11.8-1 python3-pycurl recommends no packages. Versions of packages python3-pycurl suggests: pn libcurl4-openssl-dev pn python-pycurl-doc -- no debconf information --- End Message --- --- Begin Message --- On Tue, 30 Apr 2024, Scott Talbert wrote: On Tue, 30 Apr 2024, i...@fernandolucas.info wrote: Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, Please consider https://github.com/pycurl/pycurl/issues/834 pycurl 7.45.3 wheel not working for https in debian/ubuntu systems I confirm that the debian package for 7.45.3 fails sometimes to handle SSL connections, meanwhile 7.45.2 works properly always. Mabye it can be manually patched, or skip version 7.45.3 for debian. Are you having problems with the Debian packaged version of pycurl, or with the pycurl wheel from upstream? If the you're having problems with the packaged version of pycurl, can you please explain how to reproduce the problem? No evidence provided that this is a bug with the Debian package. Closing. Scott--- End Message ---
Bug#1070145: marked as done (python3-pycurl: SSL path issues - upstream bug)
Your message dated Tue, 30 Apr 2024 18:47:59 -0400 (EDT) with message-id <7b4481e7-7e27-63b-c778-ffa8ec7b3...@techie.net> and subject line Re: Bug#1070145: python3-pycurl: SSL path issues - upstream bug has caused the Debian Bug report #1070145, regarding python3-pycurl: SSL path issues - upstream bug to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1070145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, Please consider https://github.com/pycurl/pycurl/issues/834 pycurl 7.45.3 wheel not working for https in debian/ubuntu systems I confirm that the debian package for 7.45.3 fails sometimes to handle SSL connections, meanwhile 7.45.2 works properly always. Mabye it can be manually patched, or skip version 7.45.3 for debian. Thanks, -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (650, 'stable-security'), (600, 'stable'), (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'unstable'), (250, 'oldstable-security'), (200, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-pycurl depends on: ii libc62.37-18 ii libcurl4t64 8.7.1-3 ii libssl3t64 3.2.1-3 ii python3 3.11.8-1 python3-pycurl recommends no packages. Versions of packages python3-pycurl suggests: pn libcurl4-openssl-dev pn python-pycurl-doc -- no debconf information --- End Message --- --- Begin Message --- On Tue, 30 Apr 2024, i...@fernandolucas.info wrote: Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Duplicate of #1070130.--- End Message ---
Bug#1068750: moment-timezone.js: FTBFS everywhere
Hi Santiago, On 30/04/2024 14:01, Santiago Vila wrote: It fails to build if tzdata is updated, but it never stops working. It just needs to be updated as often as tzdata is. But if you have a suggestion to make this more automatic, I would love to hear it.. Sorry, I still don't get it. Why does the package build needs to fail if tzdata is updated? What happens if we allow the package to be built anyway? (as in the attached patch). Would the resulting package be broken in any way? It works, but then there is no way to embed the (effective) tzdata version into the moment-timezone.js version, so you could have identical source packages producing binaries with the same version and different contents, and no way to depend on it. Plus, it almost always fails to build anyway, because many of the tests need to be adjusted when tzdata changes. The (better) alternative would be to make it always use a fixed tzdata version, but then tzdata migrations will be blocked each time until I upload a new version. I have been doing this very repetitive maintenance for years! Well, I get that you have to make a new upload so that the package is current. What I don't get is that the package fails to build. At most, it would result in an improved package, not worse. Or maybe I'm missing anything. What I described above, but I am really open to suggestions on how to better handle this. -- Martina Ferrari
Bug#1008384: marked as done (gogglesmm: FTBFS: ld: src/GMImageView.o: undefined reference to symbol 'glEnable')
Your message dated Tue, 30 Apr 2024 21:35:22 + with message-id and subject line Bug#1008384: fixed in gogglesmm 1.2.5-1 has caused the Debian Bug report #1008384, regarding gogglesmm: FTBFS: ld: src/GMImageView.o: undefined reference to symbol 'glEnable' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1008384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008384 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gogglesmm Version: 0.12.7-3 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20220326 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[1]: Entering directory '/<>' > Creating Icon Resource Header > Creating Icon Resources > Compiling src/fxext.cpp ... > src/fxext.cpp: In function ‘void fillVerticalGradient(FX::FXDCWindow&, > FX::FXint, FX::FXint, FX::FXint, FX::FXint, FX::FXColor, FX::FXColor)’: > src/fxext.cpp:66:18: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:21: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:24: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > |^~ > src/fxext.cpp:66:27: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:30: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:33: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:36: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > |^~ > src/fxext.cpp:66:39: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:42: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:45: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:48: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > |^~ > src/fxext.cpp:66:51: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:54: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:57: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > | ^~ > src/fxext.cpp:66:60: warning: ISO C++17 does not allow ‘register’ storage > class specifier [-Wregister] >66 | register FXint rr,gg,bb,dr,dg,db,r1,g1,b1,r2,g2,b2,yl,yh,yy,dy,n,t; > |
Bug#1069538: zeroc-ice: FTBFS on armel: Gradle / Java heap space out-of-memory error
retitle 1069538 zeroc-ice: FTBFS on armel: Gradle / Java heap space out-of-memory-error tags 1069538 - moreinfo thanks I've done additional test builds of zeroc-ice-3.7.10-2.2 on armel on porter boxes amdahl and abel and the build fails with the same error which seems to be during a Java memory check. It is still unclear as to why this error is happening now but not previously. -- Chris -- Chris Knadle chris.kna...@coredump.us
Processed (with 1 error): zeroc-ice: FTBFS on armel: Gradle / Java heap space out-of-memory error
Processing commands for cont...@bugs.debian.org: > retitle 1069538 zeroc-ice: FTBFS on armel: Gradle / Java heap space Bug #1069538 [src:zeroc-ice] zeroc-ice: FTBFS on armel: make[3]: *** [Makefile:29: tests] Error 1 Changed Bug title to 'zeroc-ice: FTBFS on armel: Gradle / Java heap space' from 'zeroc-ice: FTBFS on armel: make[3]: *** [Makefile:29: tests] Error 1'. > out-of-memory-error Unknown command or malformed arguments to command. > tags 1069538 - moreinfo Bug #1069538 [src:zeroc-ice] zeroc-ice: FTBFS on armel: Gradle / Java heap space Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 1069538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069538 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1070016 marked as pending in game-data-packager
Processing control commands: > tag -1 pending Bug #1070016 [quake4] quake4: hard-coded dependencies on pre-t64 libraries Added tag(s) pending. -- 1070016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070016 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1070016: marked as pending in game-data-packager
Control: tag -1 pending Hello, Bug #1070016 in game-data-packager reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/games-team/game-data-packager/-/commit/07d91b93d1bcbc4fb6e08db04cdb668ab752d5c5 d/control: Switch quake4 dependency from libasound2 to libasound2t64 For the 64-bit time_t transition. quake4 is i386-only, so there has been no actual ABI break on this architecture. Closes: #1070016 Signed-off-by: Simon McVittie (this message was generated automatically) -- Greetings https://bugs.debian.org/1070016
Bug#1067077: marked as done (frr: FTBFS on armel: /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8')
Your message dated Tue, 30 Apr 2024 18:04:49 + with message-id and subject line Bug#1067077: fixed in frr 10.0-1 has caused the Debian Bug report #1067077, regarding frr: FTBFS on armel: /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067077 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: frr Version: 9.1-0.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=frr=armel=9.1-0.1=1710631814=0 libtool: link: gcc -fms-extensions -fno-omit-frame-pointer -funwind-tables -Wall -Wextra -Wformat-nonliteral -Wformat-security -Wswitch-enum -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wundef -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -g -o bgpd/.libs/bgpd bgpd/bgp_main.o yang/frr-bgp-types.yang.o yang/frr-bgp.yang.o yang/frr-bgp-common-structure.yang.o yang/frr-bgp-common.yang.o yang/frr-bgp-common-multiprotocol.yang.o yang/frr-bgp-neighbor.yang.o yang/frr-bgp-peer-group.yang.o yang/frr-bgp-bmp.yang.o yang/frr-bgp-rpki.yang.o yang/frr-deviations-bgp-datacenter.yang.o yang/frr-bgp-filter.yang.o yang/frr-bgp-route-map.yang.o -Wl,--export-dynamic bgpd/libbgp.a bgpd/rfp-example/librfp/librfp.a lib/.libs/libfrr.so -lyang -lcap -lm -ljson-c -lrt -Wl,-rpath -Wl,/usr/lib/arm-linux-gnueabi/frr /usr/bin/ld: /usr/bin/ld: bgpd/libbgp.a(bgp_vty.o): in function `bgp_show_peer': ./build/../bgpd/bgp_vty.c:13678:(.text+0x1d934): undefined reference to `__atomic_load_8' /usr/bin/ld: ./build/../bgpd/bgp_vty.c:13686:(.text+0x1d9bc): undefined reference to `__atomic_load_8' /usr/bin/ld: ./build/../bgpd/bgp_vty.c:13778:(.text+0x1ed90): undefined reference to `__atomic_load_8' bgpd/libbgp.a(bgp_vty.o): in function `bgp_show_peer': ./build/../bgpd/bgp_vty.c:13678:(.text+0x1d934): undefined reference to `__atomic_load_8' /usr/bin/ld: ./build/../bgpd/bgp_vty.c:13686:(.text+0x1d9bc): undefined reference to `__atomic_load_8' /usr/bin/ld: ./build/../bgpd/bgp_vty.c:13778:(.text+0x1ed90): undefined reference to `__atomic_load_8' /usr/bin/ld: bgpd/libbgp.a(bgp_packet.o): in function `bgp_update_receive': ./build/../bgpd/bgp_packet.c:2328:(.text+0x5fac): undefined reference to `__atomic_store_8' /usr/bin/ld: bgpd/libbgp.a(bgp_fsm.o): in function `bgp_stop': ./build/../bgpd/bgp_fsm.c:1549:(.text+0x7dc): undefined reference to `__atomic_store_8' /usr/bin/ld: bgpd/libbgp.a(bgp_fsm.o): in function `bgp_adjust_routeadv': ./build/../bgpd/bgp_fsm.c:984:(.text+0x3700): undefined reference to `__atomic_load_8' /usr/bin/ld: bgpd/libbgp.a(bgp_io.o): in function `bgp_write': ./build/../bgpd/bgp_io.c:471:(.text+0x3e8): undefined reference to `__atomic_store_8' /usr/bin/ld: ./build/../bgpd/bgp_io.c:471:(.text+0x4f4): undefined reference to `__atomic_store_8' /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8' /usr/bin/ld: bgpd/libbgp.a(bgp_packet.o): in function `bgp_update_receive': ./build/../bgpd/bgp_packet.c:2328:(.text+0x5fac): undefined reference to `__atomic_store_8' /usr/bin/ld: bgpd/libbgp.a(bgp_fsm.o): in function `bgp_stop': ./build/../bgpd/bgp_fsm.c:1549:(.text+0x7dc): undefined reference to `__atomic_store_8' /usr/bin/ld: bgpd/libbgp.a(bgp_fsm.o): in function `bgp_adjust_routeadv': ./build/../bgpd/bgp_fsm.c:984:(.text+0x3700): undefined reference to `__atomic_load_8' /usr/bin/ld: bgpd/libbgp.a(bgp_io.o): in function `bgp_write': ./build/../bgpd/bgp_io.c:471:(.text+0x3e8): undefined reference to `__atomic_store_8' /usr/bin/ld: ./build/../bgpd/bgp_io.c:471:(.text+0x4f4): undefined reference to `__atomic_store_8' /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8' collect2: error: ld returned 1 exit status make[3]: *** [Makefile:8013: bgpd/bgp_btoa] Error 1 Cheers -- Sebastian Ramacher --- End Message --- --- Begin Message --- Source: frr Source-Version: 10.0-1 Done: David Lamparter We believe that the bug you reported is fixed in the latest version of frr, which is due to be installed in the Debian FTP archive.
Processed: lower severity for bugs fixed in experimental but not fixed in unstable because of t64 transitions
Processing commands for cont...@bugs.debian.org:
> severity 1063498 important
Bug #1063498 {Done: Helmut Grohne } [src:rust-glib-sys]
rust-glib-sys FTBFS with the nocheck build profile: cp: cannot stat
'/usr/share/gir-1.0/GLib-2.0.gir': No such file or directory
Severity set to 'important' from 'serious'
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
1063498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063498
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1070130: python3-pycurl: SSL path issues - upstream bug
On Tue, 30 Apr 2024, i...@fernandolucas.info wrote: Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, Please consider https://github.com/pycurl/pycurl/issues/834 pycurl 7.45.3 wheel not working for https in debian/ubuntu systems I confirm that the debian package for 7.45.3 fails sometimes to handle SSL connections, meanwhile 7.45.2 works properly always. Mabye it can be manually patched, or skip version 7.45.3 for debian. Are you having problems with the Debian packaged version of pycurl, or with the pycurl wheel from upstream? If the you're having problems with the packaged version of pycurl, can you please explain how to reproduce the problem? Thanks, Scott
Processed (with 1 error): lower severity for bugs fixed in experimental but not fixed in unstable because of t64 transitions
Processing commands for cont...@bugs.debian.org:
> severity 1063499 important
Bug #1063499 {Done: Matthias Geiger }
[src:rust-gobject-sys] rust-gobject-sys FTBFS with nocheck build profile: cp:
cannot stat '/usr/share/gir-1.0/GObject-2.0.gir': No such file or directory
Severity set to 'important' from 'serious'
> severity 103498 important
Failed to set severity of Bug 103498 to important: Not altering archived bugs;
see unarchive.
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
1063499: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063499
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1059007: python-asyncssh: CVE-2023-48795
Hi!
On Tue, Dec 19, 2023 at 09:31:00AM +0100, Salvatore Bonaccorso wrote:
>Source: python-asyncssh
>Version: 2.10.1-2
>Severity: important
>Tags: security upstream
>X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
>Hi,
>
>The following vulnerability was published for python-asyncssh.
>
>CVE-2023-48795[0]:
>| The SSH transport protocol with certain OpenSSH extensions, found in
>| OpenSSH before 9.6 and other products, allows remote attackers to
>| bypass integrity checks such that some packets are omitted (from the
>| extension negotiation message), and a client and server may
>| consequently end up with a connection for which some security
>| features have been downgraded or disabled, aka a Terrapin attack.
>| This occurs because the SSH Binary Packet Protocol (BPP),
>| implemented by these extensions, mishandles the handshake phase and
>| mishandles use of sequence numbers. For example, there is an
>| effective attack against SSH's use of ChaCha20-Poly1305 (and CBC
>| with Encrypt-then-MAC). The bypass occurs in
>| chacha20-poly1...@openssh.com and (if CBC is used) the
>| -e...@openssh.com MAC algorithms. This also affects Maverick Synergy
>| Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh
>| before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before
>| 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and
>| libssh2 through 1.11.0; and there could be effects on Bitvise SSH
>| through 9.31.
We wanted this fixed in Pexip, so I've taken a look at this bug.
The upstream bugfix just needs a small rework so it applies cleanly to
the version in bookworm. Here's a debdiff for that that in case it's
useful.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Into the distance, a ribbon of black
Stretched to the point of no turning back
diff -Nru python-asyncssh-2.10.1/debian/changelog
python-asyncssh-2.10.1/debian/changelog
--- python-asyncssh-2.10.1/debian/changelog 2022-12-22 03:54:16.0
+
+++ python-asyncssh-2.10.1/debian/changelog 2024-04-29 11:45:47.0
+0100
@@ -1,3 +1,11 @@
+python-asyncssh (2.10.1-2+deb12u1) bookworm; urgency=medium
+
+ * Apply and tweak upstream security fix for CVE-2023-48795
+Implement "strict kex" support to harden AsyncSSH against Terrapin
+Attack. Closes: #1059007
+
+ -- Steve McIntyre Mon, 29 Apr 2024 11:45:47 +0100
+
python-asyncssh (2.10.1-2) unstable; urgency=medium
* Team Upload.
diff -Nru python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch
python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch
--- python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch 1970-01-01
01:00:00.0 +0100
+++ python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch 2024-04-29
11:45:47.0 +0100
@@ -0,0 +1,382 @@
+commit 0bc73254f41acb140187e0c89606311f88de5b7b
+Author: Ron Frederick
+Date: Mon Dec 18 07:41:57 2023 -0800
+
+Implement "strict kex" support to harden AsyncSSH against Terrapin Attack
+
+This commit implements "strict kex" support and other countermeasures to
+protect against the Terrapin Attack described in CVE-2023-48795. Thanks
+once again go to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for
+identifying and reporting this vulnerability and providing detailed
+analysis and suggestions about proposed fixes.
+
+Index: b/asyncssh/connection.py
+===
+--- a/asyncssh/connection.py
b/asyncssh/connection.py
+@@ -810,6 +810,7 @@ class SSHConnection(SSHPacketHandler, as
+ self._kexinit_sent = False
+ self._kex_complete = False
+ self._ignore_first_kex = False
++self._strict_kex = False
+
+ self._gss: Optional[GSSBase] = None
+ self._gss_kex = False
+@@ -1343,10 +1344,13 @@ class SSHConnection(SSHPacketHandler, as
+ (alg_type, b','.join(local_algs).decode('ascii'),
+ b','.join(remote_algs).decode('ascii')))
+
+-def _get_ext_info_kex_alg(self) -> List[bytes]:
+-"""Return the kex alg to add if any to request extension info"""
++def _get_extra_kex_algs(self) -> List[bytes]:
++"""Return the extra kex algs to add"""
+
+-return [b'ext-info-c' if self.is_client() else b'ext-info-s']
++if self.is_client():
++return [b'ext-info-c', b'kex-strict-c-...@openssh.com']
++else:
++return [b'ext-info-s', b'kex-strict-s-...@openssh.com']
+
+ def _send(self, data: bytes) -> None:
+ """Send data to the SSH connection"""
+@@ -1487,6 +1491,11 @@ class SSHConnection(SSHPacketHandler, as
+ self._ignore_first_kex = False
+ else:
+ handler = self._kex
++elif self._strict_kex and not self._recv_encryption and \
++MSG_IGNORE <= pkttype <= MSG_DEBUG:
++skip_reason = 'strict kex violation'
++exc_reason = 'Strict key
Bug#1070019: marked as done (udisks2: autopkgtest failure: fsconfig system call failed: /dev/sr1: Can't open blockdev)
Your message dated Tue, 30 Apr 2024 17:04:40 +
with message-id
and subject line Bug#1070019: fixed in udisks2 2.10.1-7
has caused the Debian Bug report #1070019,
regarding udisks2: autopkgtest failure: fsconfig system call failed: /dev/sr1:
Can't open blockdev
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1070019: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070019
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: udisks2
Version: 2.10.1-6
Severity: serious
Hi,
udisks2's autopkgtest fails when tried together with util-linux 2.40. An
example can be seen here:
https://ci.debian.net/packages/u/udisks2/testing/amd64/46012968/
537s ==
537s FAIL: test_ext4 (__main__.FS.test_ext4)
537s fs: ext4
537s --
537s Traceback (most recent call last):
537s File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test",
line 1107, in _do_udisks_check
537s cd_fs.call_mount_sync(ro_options, None)
537s gi.repository.GLib.GError: udisks-error-quark:
GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error mounting /dev/sr1 at
/media/root/41b1acb1-744c-422a-9071-2dba5368a683: fsconfig system call failed:
/dev/sr1: Can't open blockdev (0)
537s
537s During handling of the above exception, another exception occurred:
537s
537s Traceback (most recent call last):
537s File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test",
line 725, in test_ext4
537s self._do_fs_check('ext4')
537s File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test",
line 894, in _do_fs_check
537s self._do_udisks_check(fs_type)
537s File "/tmp/autopkgtest.btnhgm/build.cz4/src/src/tests/integration-test",
line 1112, in _do_udisks_check
537s self.fail('Mounting read-only device with \'rw\' option failed'
537s AssertionError: Mounting read-only device with 'rw' option failedwith an
unexpected error.
537s Got: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.Failed:
Error mounting /dev/sr1 at /media/root/41b1acb1-744c-422a-9071-2dba5368a683:
fsconfig system call failed: /dev/sr1: Can't open blockdev (0)
537s Expected: 'is write-protected but explicit read-write mode requested' or
'is write-protected but `rw' option given'
I do not understand what this error means, or what the underlying problem is.
Please investigate.
Chris
--- End Message ---
--- Begin Message ---
Source: udisks2
Source-Version: 2.10.1-7
Done: Michael Biebl
We believe that the bug you reported is fixed in the latest version of
udisks2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1070...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl (supplier of updated udisks2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 30 Apr 2024 17:27:36 +0200
Source: udisks2
Architecture: source
Version: 2.10.1-7
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
Changed-By: Michael Biebl
Closes: 1070019
Changes:
udisks2 (2.10.1-7) unstable; urgency=medium
.
* integration-test: Adapt to the new libmount context error messages
(Closes: #1070019)
Checksums-Sha1:
5dfb094d55b117fde3eb58ee07e3571544fd28cc 3439 udisks2_2.10.1-7.dsc
80abca55ddd18b4d30d40a4b45963d1cd660ec1c 20936 udisks2_2.10.1-7.debian.tar.xz
701b79d77d52ff5a35104f68e6ac2639ac9a990b 14106
udisks2_2.10.1-7_source.buildinfo
Checksums-Sha256:
5367faf37251acf418635e59afdd6ce528bf3a959b78cb6a6e775f6302c4f7e0 3439
udisks2_2.10.1-7.dsc
4fb846798e991784fc874fe461db558b43c1d8e9518f8b331645f30e93c972b9 20936
udisks2_2.10.1-7.debian.tar.xz
37e28ef5e91b1fa3c5b3bf3b66a922d6cc493843a2d5a47ebc71c4b202fb589e 14106
udisks2_2.10.1-7_source.buildinfo
Files:
2dc1e699e0eeb59ef6bc388a444f3161 3439 admin optional udisks2_2.10.1-7.dsc
11a45f169a5985ea3c4cdacc612d8457 20936 admin optional
udisks2_2.10.1-7.debian.tar.xz
bfdf2963a9809ef5534ba5381495de57 14106 admin optional
udisks2_2.10.1-7_source.buildinfo
-BEGIN PGP SIGNATURE-
Bug#1068415: nghttp2: CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
Hi Tomasz, On Fri, 5 Apr 2024 at 01:11:41 +0200, Tomasz Buchert wrote: > Looking into older versions and appropriately patching them will take > more time. I'm preparing an update for this issue for Buster LTS and can hand tested debdiffs over to the Security Team for newer suites if you'd like. (AFAICT the fix is the same but pending feedback I haven't tested it thoroughly yet.) Cheers, -- Guilhem. signature.asc Description: PGP signature
Processed: tagging 1070116
Processing commands for cont...@bugs.debian.org: > tags 1070116 + sid trixie Bug #1070116 [src:python-zeep] python-zeep: Build-depends on NBS libraries libxmlsec1 and libxmlsec1-openssl Added tag(s) sid and trixie. > thanks Stopping processing here. Please contact me if you need assistance. -- 1070116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1067077: frr: FTBFS on armel: /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8'
Hi David, On 4/30/24 18:21, David Lamparter wrote: flipped libatomic to be linked unconditionally. it's not harmful to do so on architectures that don't need it, but imho its cleaner to only be linked on affected architectures (armel m68k powerpc sh4). https://github.com/FRRouting/frr/commits/debian/master/ nice, thanks! Do you want to do anything else with it or should I go mark it as -1? my last attempt from yesterday didn't work (after a long time it took to build on the armel porterbox), so -1 looks good like that. Regards, Daniel
Bug#1070130: python3-pycurl: SSL path issues - upstream bug
Package: python3-pycurl Version: 7.45.3-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, Please consider https://github.com/pycurl/pycurl/issues/834 pycurl 7.45.3 wheel not working for https in debian/ubuntu systems I confirm that the debian package for 7.45.3 fails sometimes to handle SSL connections, meanwhile 7.45.2 works properly always. Mabye it can be manually patched, or skip version 7.45.3 for debian. Thanks, -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (650, 'stable-security'), (600, 'stable'), (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'unstable'), (250, 'oldstable-security'), (200, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-pycurl depends on: ii libc62.37-18 ii libcurl4t64 8.7.1-3 ii libssl3t64 3.2.1-3 ii python3 3.11.8-1 python3-pycurl recommends no packages. Versions of packages python3-pycurl suggests: pn libcurl4-openssl-dev pn python-pycurl-doc -- no debconf information
Bug#1067077: frr: FTBFS on armel: /usr/bin/ld: ./build/../bgpd/bgp_io.c:476:(.text+0x51c): undefined reference to `__atomic_store_8'
On Mon, Apr 29, 2024 at 06:05:08PM +0200, Daniel Baumann wrote: > my initial attempt in 10.0-0.2 to link with libatomic didn't work, I've > fixed that locally but a build to confirming on an armel porterbox is > runnning before uploading 10.0-0.3 in some minutes.. I've synced in (all of) your changes, merged debian/ changes from upstream (used to build CI packages), and then flipped libatomic to be linked unconditionally. I was able to reproduce the linking problem with "sbuild --host=armel --build=amd64", it wasn't working before and is working now. (And linking libatomic didn't break amd64, i686 or arm64.) => https://github.com/FRRouting/frr/commits/debian/master/ Do you want to do anything else with it or should I go mark it as -1? Cheers, -equi
Processed: Re: freerdp2: CVE-2024-32039 CVE-2024-32040 CVE-2024-32041 CVE-2024-32458 CVE-2024-32459 CVE-2024-32460
Processing commands for cont...@bugs.debian.org: > found 1069728 2.11.2+dfsg1-1 Bug #1069728 [src:freerdp2] freerdp2: CVE-2024-32039 CVE-2024-32040 CVE-2024-32041 CVE-2024-32458 CVE-2024-32459 CVE-2024-32460 Marked as found in versions freerdp2/2.11.2+dfsg1-1. > End of message, stopping processing here. Please contact me if you need assistance. -- 1069728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069728 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1070069: fossil: CVE-2024-24795 unreleated breakage
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit : > I've uploaded a package with this fixed to unstable, 1:2.24-5, and > it's been autobuilt and pushed out. Seems to work okay, and can be > co-installed with apache2/sid. > > Just uploaded 1:2.24-6 that adds Breaks: apach2-bin per your recent message. > > Honestly, I'm not confident in my ability to properly back-port > security-related patches to old versions of fossil. It's a big > network-facing program with a large number of moving parts and a > substantial attack surface, all written in C. It uses its own sqlite3 > copy when the shared library in Debian isn't a high enough version or > doesn't have the right options enabled (currently Debian sqlite3 is > compiled without SQLITE_ENABLE_JSON1 so the internal version is used.) > All this means it would be super easy for me to miss some issue and > introduce a vulnerability if I try to back-port a security patch, > > particularly without myself deeply understanding the security issue. > > Stable has 1:2.21-1. > > I just made a debian-bookworm-proposed-updates branch rooted there and > tried to cherry-pick the fix, > https://fossil-scm.org/home/info/f4ffefe708793b03 but it does not > apply cleanly. Obviously I can do it manually though, however there > have been changes in the neighborhood. > > Also, are you *sure* I shouldn't also be applying > https://fossil-scm.org/home/info/71919ad1b542832c to the fixed > versions? Because I'm not! I'd be most comfortable if upstream simply > made a proper release with this fixed (which I bet they'd do upon > request), and I uploaded that with the appropriate "Breaks: > apache2-bin (<<...)", and did the (trivial) backport of that package > to bookworm and bullseye, with the "breaks:" modified to the > appropriate version. I agree with you, may be a fullbackport is better for bookworm see changes here (line with * are interesting commit to backport) Yadd do you have a piece of advice ? Bastien 2024-04-22 *16:29 cgi.md: be less specific about the Apache version in which the Content-Length change happened because a new forum post reports that it happens at least as far back as 2.4.41. ... 2024-04-21 18:51 Merge the update to zLib-1.3.1. ... 18:46 Improvements to comments in graph.c. No changes to actual code. ... *16:20 Fix parsing of the argument to the "Connection:" header of HTTP reply messages to deal with unusual arguments added by Apache mod_cgi. See forum thread ca6fc85c80f4704f. ... *15:37 Simplify parsing of the Connection: header in HTTP replies. ... *06:15 Only accept commas as separators for multiple values in "Connection:" HTTP headers, and ignore any white space surrounding (but not embedded into) values. The previous method would fall for (fictional) HTTP header values containing spaces, like "Connection: don't close", and recognize a value of "close". ... 2024-04-20 21:58 In /chat preview mode, apply the click handlers to pikchrs in the preview. ... *14:42 Fix parsing of "Connection:" HTTP headers with multiple values. ... 2024-04-19 16:08 Fix a minor problem in graph layout for timelines that made use of the offset-merge-riser enhancement. Problem originally seen on the bottom node of /timeline?p=6da255034b30b4b4=47362306a7dd7c6f. ... *13:11 More change-log enhancements: More details about the work-around for the Apache mod_cgi breakage, and put that work-around first on the change log since it seems to be important to people. ... 12:59 Formatting enhancements to the change log for the upcoming 2.24 release. ... 2024-04-18 17:14 Update the built-in SQLite to the latest pre-release of version 3.46.0, including the bug fix for the use of VALUES-as-coroutine with an OUTER JOIN. ... 17:00 Typo fix and add specific Apache version number to the notes about the Content-Length change. ... 2024-04-17 17:59 Change log updates. ... *15:30 • Edit [18d76fff]: Edit check-in comment. ... *14:02 Output a warning if a client sync or clone gets back a keep-alive HTTP reply that lacks a content-length header. ... *13:27 Only process HTTP replies that lack a Content-Length header if the connection is set to be closed. Suggested by https://bz.apache.org/bugzilla/show_bug.cgi?id=68905. ... *13:21 Update the change log in order to mention the Apache mod_cgi/Content-Length fix. ... *13:14 Update Apache mod_cgi/Content-Length documentation. ... *12:58 Fix the HTTP-reply parser so that it is able to deal with replies that lack a Content-Length header field. This resolves the issue reported by forum post 12ac403fd29cfc89. Also in this merge: (1) Add the --xverbose option to "fossil clone". (2) Improved error messages when web
Bug#1070069: fossil: CVE-2024-24795 unreleated breakage
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit : > currently Debian sqlite3 is > compiled without SQLITE_ENABLE_JSON1 so the internal version is used.) On this proble could you cross check ? >SQLITE_ENABLE_JSON1 > >This compile-time option is a no-op. Prior to SQLite version 3.38.0 > (2022-02-22), it was necessary to compile with this option in order to > include the JSON SQL functions in the build. However, beginning with SQLite > version 3.38.0, those functions are included by default. Use the > -DSQLITE_OMIT_JSON option to omit them. If so you could drop for bookworm (if release team is ok) and sid this embeded code copy BTW I have just opened a bug and add some comment on embded code copy Bastien signature.asc Description: This is a digitally signed message part.
Bug#1069999: marked as done (rust-unix-socket FTBFS on 32bit with 64bit time_t)
Your message dated Tue, 30 Apr 2024 16:40:54 +0100 with message-id and subject line rust-unix-socket FTBFS on 32bit with 64bit time_t has caused the Debian Bug report #106, regarding rust-unix-socket FTBFS on 32bit with 64bit time_t to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=106 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: rust-unix-socket Version: 0.5.0-2 Severity: serious Tags: ftbfs trixie sid https://buildd.debian.org/status/fetch.php?pkg=rust-unix-socket=armhf=0.5.0-2%2Bb1=1714298139=0 ... error[E0308]: mismatched types --> src/lib.rs:122:30 | 122 | tv_usec: usecs, | ^ expected `i64`, found `i32` For more information about this error, try `rustc --explain E0308`. warning: `unix_socket` (lib) generated 31 warnings error: could not compile `unix_socket` due to previous error; 31 warnings emitted ... --- End Message --- --- Begin Message --- Version: 0.5.0-3 rust-unix-socket now builds succesfully on all release architectures.--- End Message ---
Bug#1070069: fossil: CVE-2024-24795 unreleated breakage
I've uploaded a package with this fixed to unstable, 1:2.24-5, and it's been autobuilt and pushed out. Seems to work okay, and can be co-installed with apache2/sid. Just uploaded 1:2.24-6 that adds Breaks: apach2-bin per your recent message. Honestly, I'm not confident in my ability to properly back-port security-related patches to old versions of fossil. It's a big network-facing program with a large number of moving parts and a substantial attack surface, all written in C. It uses its own sqlite3 copy when the shared library in Debian isn't a high enough version or doesn't have the right options enabled (currently Debian sqlite3 is compiled without SQLITE_ENABLE_JSON1 so the internal version is used.) All this means it would be super easy for me to miss some issue and introduce a vulnerability if I try to back-port a security patch, particularly without myself deeply understanding the security issue. Stable has 1:2.21-1. I just made a debian-bookworm-proposed-updates branch rooted there and tried to cherry-pick the fix, https://fossil-scm.org/home/info/f4ffefe708793b03 but it does not apply cleanly. Obviously I can do it manually though, however there have been changes in the neighborhood. Also, are you *sure* I shouldn't also be applying https://fossil-scm.org/home/info/71919ad1b542832c to the fixed versions? Because I'm not! I'd be most comfortable if upstream simply made a proper release with this fixed (which I bet they'd do upon request), and I uploaded that with the appropriate "Breaks: apache2-bin (<<...)", and did the (trivial) backport of that package to bookworm and bullseye, with the "breaks:" modified to the appropriate version.
Bug#1070077: [Pkg-privacy-maintainers] Bug#1070077: ships files directly in /usr/onionprobe
On 2024-04-30 08:25:55, Georg Faerber wrote: > On 24-04-29 16:19:21, Antoine Beaupre wrote: >> Package: onionprobe >> Version: 1.0.0+ds-2.1+deb12u1 >> Severity: serious >> >> The Debian package shipped in bookworm right now changed the path to >> the examples/ directory. It used to be: >> >> /usr/lib/python3/dist-packages/onionprobe/examples/tpo.py >> >> and now seems to be: >> >> /usr/onionprobe/examples/tpo.py >> >> Apart from the gratuitous change, this seems to be a violation of the >> FHS policy, packages shouldn't ship their own stuff directly under >> /usr like this... > > Indeed -- I wasn't aware, or probably forgot, that bookworm is affected. > Given the severity, this might warrant a bookworm-pu, I guess? Honestly, I'm not sure. It's relatively minor because it's just the examples files, and the rest of the package is functional. I've patched our puppet manifests to workaround the issue over here... >> I haven't checked in unstable to see if this is fixed. > > This was reported via #1025508 and fixed in unstable via 1.1.2+ds-1. Oh, I didn't realize that, good job! :) -- It is capitalism and government which stand for disorder and violence. Anarchism is the very reverse of it; it means order without government and peace without violence. - Alexander Berkman
Processed: Re: libgweather4: FTBFS on arm64: Location 'Greenland' has invalid timezone 'America/Godthab'
Processing commands for cont...@bugs.debian.org: > found 1069361 4.4.0-1 Bug #1069361 [src:libgweather4] libgweather4: FTBFS on arm64: Location 'Greenland' has invalid timezone 'America/Godthab' Marked as found in versions libgweather4/4.4.0-1. > End of message, stopping processing here. Please contact me if you need assistance. -- 1069361: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069361 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069724: marked as done (slurm-wlm: autopkgtest regression on !amd64: trying to overwrite '/usr/lib/-linux-gnu/slurm-wlm/accounting_storage_mysql.so')
Your message dated Tue, 30 Apr 2024 13:51:19 +
with message-id
and subject line Bug#1069724: fixed in slurm-wlm 23.11.4-2
has caused the Debian Bug report #1069724,
regarding slurm-wlm: autopkgtest regression on !amd64: trying to overwrite
'/usr/lib/-linux-gnu/slurm-wlm/accounting_storage_mysql.so'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: slurm-wlm
Version: 23.11.4-1.4
X-Debbugs-CC: bdr...@debian.org, vor...@debian.org, mckins...@debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression
Dear maintainer(s),
With a recent upload of slurm-wlm the autopkgtest of slurm-wlm fails in
testing when that autopkgtest is run with the binary packages of
slurm-wlm from unstable. It passes when run with only packages from
testing. In tabular form:
passfail
slurm-wlm from testing23.11.4-1.4
all others from testingfrom testing
I copied some of the output at the bottom of this report.
Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?
More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
Paul
[1] https://qa.debian.org/excuses.php?package=3Dslurm-wlm
https://ci.debian.net/data/autopkgtest/testing/arm64/s/slurm-wlm/45786802/log.gz
96s Unpacking slurm-wlm-mysql-plugin (23.11.4-1.4) ...
96s dpkg: error processing archive
/tmp/apt-dpkg-install-zn5wp3/17-slurm-wlm-mysql-plugin_23.11.4-1.4_arm64.deb
(--unpack):
96s trying to overwrite
'/usr/lib/aarch64-linux-gnu/slurm-wlm/accounting_storage_mysql.so',
which is also in package slurm-wlm-basic-plugins 23.11.4-1.4
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: slurm-wlm
Source-Version: 23.11.4-2
Done: Michael R. Crusoe
We believe that the bug you reported is fixed in the latest version of
slurm-wlm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael R. Crusoe (supplier of updated slurm-wlm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 30 Apr 2024 15:35:55 +0200
Source: slurm-wlm
Architecture: source
Version: 23.11.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HPC Team
Changed-By: Michael R. Crusoe
Closes: 1069724
Changes:
slurm-wlm (23.11.4-2) unstable; urgency=medium
.
* Team upload.
* d/clean: remove debian/plugin_packages{_dev_,_}filelist
and remove them from our VCS & source package as well.
Closes: #1069724.
Checksums-Sha1:
c683d0eba09dd00db51b8ab4bae02216f070014f 5695 slurm-wlm_23.11.4-2.dsc
a588fd8d2447c2218117fed3a7ef78701c6cb4e7 136460
slurm-wlm_23.11.4-2.debian.tar.xz
5f60902d28455b4378e2da091c8d7795784fb3de 6839
slurm-wlm_23.11.4-2_source.buildinfo
Checksums-Sha256:
052c027c66633896b8decd3fe2db9b153c4925ba2ece77b944c791a0d6a9500e 5695
slurm-wlm_23.11.4-2.dsc
9fe13def683f9f91705a340d0705a69f3c2a1a6b35c81952c59f24bb8d2fd388 136460
slurm-wlm_23.11.4-2.debian.tar.xz
c411a3acbe6105863d833dfdfd452a0930cf252588187d117358f3db43d5a5f8 6839
slurm-wlm_23.11.4-2_source.buildinfo
Files:
ac47f72a371c4fbcb7029c253bbb46eb 5695 admin optional slurm-wlm_23.11.4-2.dsc
e3873ec2411f115aea99bee9c80af7fe 136460 admin optional
slurm-wlm_23.11.4-2.debian.tar.xz
e169ffd8917ea9cbc4113979de002138 6839 admin optional
slurm-wlm_23.11.4-2_source.buildinfo
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEck1gkzcRPHEFUNdHPCZ2P2xn5uIFAmYw8/0ACgkQPCZ2P2xn
5uLgTg//f5iWQyG1eFpnDtc7PUz764BzAmggschX0zYTbUcMcKC3X/SmwE9qODaw
Es3pvPe40SBZaXTldNlKmTVZi2H9D3vqCgiCdZo+2qU0Qtta4l/SckTinNZaWCnv
V/49F+GejG7ZbYSF0rW1Q7JdpNHQx6zlumJxvC9DgDH3kpzeOc2kjODtWjGpRL1M
6YndXl6OGeIznPdLXwjS58wtGLPLF+kY1W+nP1hS8FKp82ByiJIPYK9FrSFM7K3Z
JwtLw4stbfaMgelcDe5bbt7cselIJhhH5v1NpSuO7YP+pZUhKyJ5w3cp/i7ayNTn
Bug#1069724: marked as pending in slurm-wlm
Control: tag -1 pending
Hello,
Bug #1069724 in slurm-wlm reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/hpc-team/slurm-wlm/-/commit/299514679722d1343bd6594bf3b1e63bb6868873
d/clean: remove debian/plugin_packages{_dev_,_}filelist
Closes: #1069724
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/1069724
Processed: Bug#1069724 marked as pending in slurm-wlm
Processing control commands: > tag -1 pending Bug #1069724 [src:slurm-wlm] slurm-wlm: autopkgtest regression on !amd64: trying to overwrite '/usr/lib/-linux-gnu/slurm-wlm/accounting_storage_mysql.so' Added tag(s) pending. -- 1069724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069724 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1068750: moment-timezone.js: FTBFS everywhere
# Fail the build if the tzdata package does not match TZVER. grep -q '^# version 2023d$' /usr/share/zoneinfo/tzdata.zi Yes, this is expected after each update to tzdata. I'm curious: Does this package embed the information from tzdata into javascript code, in such a way that a change in tzdata requires a rebuild? Yes. It is the only way I found to keep the package aligned with tzdata while ensuring it is fully built from source: upstream ships the pre-compiled tzdata information, so I regenerate those files using the tzdata package. I think it would be highly desirable to find a way for this package to do what it's supposed to do without having to fix it in oldstable and stable every year. Without a new upload, I cannot imagine how.. :-/ (In fact, I asked Paul Gevers about this, he says that a package which we know for sure that it will fail to build during the support time of the release is RC). It fails to build if tzdata is updated, but it never stops working. It just needs to be updated as often as tzdata is. But if you have a suggestion to make this more automatic, I would love to hear it.. Sorry, I still don't get it. Why does the package build needs to fail if tzdata is updated? What happens if we allow the package to be built anyway? (as in the attached patch). Would the resulting package be broken in any way? I have been doing this very repetitive maintenance for years! Well, I get that you have to make a new upload so that the package is current. What I don't get is that the package fails to build. At most, it would result in an improved package, not worse. Or maybe I'm missing anything. Thanks.--- a/debian/control +++ b/debian/control @@ -10,6 +10,7 @@ Build-Depends: debhelper-compat (= 13) , dh-sequence-nodejs , uglifyjs , ts-node + , tzdata (>= 2024a) , tzdata-legacy (>= 2024a) Standards-Version: 4.6.2 Vcs-Browser: https://salsa.debian.org/js-team/moment-timezone.js --- a/debian/rules +++ b/debian/rules @@ -23,10 +23,6 @@ all: binary %: dh $@ -execute_before_dh_auto_configure: - # Fail the build if the tzdata package does not match TZVER. - grep -q '^# version $(TZVER)$$' /usr/share/zoneinfo/tzdata.zi - override_dh_auto_build: $(TARGETS) execute_before_dh_auto_test: tests/zones/zulu.js
Bug#1070116: python-zeep: Build-depends on NBS libraries libxmlsec1 and libxmlsec1-openssl
Source: python-zeep Version: 4.2.1-1 Severity: serious Tags: ftbfs Justification: fails to build from source Once xmlsec1 is decrufted, python-zeep will FTBFS. The build-depends need to be updated to libxmlsec1t64 and libxmlsec1t64-openssl. Scott K
Bug#1069320: marked as done (FTBFS on mips64el: cannot find -lasan: No such file or directory)
Your message dated Tue, 30 Apr 2024 12:49:10 + with message-id and subject line Bug#1069320: fixed in datatype99 1.6.4-2 has caused the Debian Bug report #1069320, regarding FTBFS on mips64el: cannot find -lasan: No such file or directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069320 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: datatype99 Version: 1.6.4-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/fetch.php?pkg=datatype99=mips64el=1.6.4-1=1713121986=0 make[4]: Entering directory '/<>/testsbuild' [ 10%] Building C object CMakeFiles/tests.dir/tests.c.o [ 20%] Linking C executable tests /usr/bin/ld: cannot find libasan_preinit.o: No such file or directory /usr/bin/ld: cannot find -lasan: No such file or directory collect2: error: ld returned 1 exit status -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: datatype99 Source-Version: 1.6.4-2 Done: Roland Mas We believe that the bug you reported is fixed in the latest version of datatype99, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Mas (supplier of updated datatype99 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 14:27:27 +0200 Source: datatype99 Architecture: source Version: 1.6.4-2 Distribution: unstable Urgency: medium Maintainer: Roland Mas Changed-By: Roland Mas Closes: 1069319 1069320 Changes: datatype99 (1.6.4-2) unstable; urgency=medium . * Switch to Architecture: all. This fixes "FTBFS on mips64el: cannot find -lasan: No such file or directory", thanks to Andrey Rakhmatullin (Closes: #1069320) and "FTBFS on armel: undefined reference to `__atomic_store_8", thanks to Andrey Rakhmatullin (Closes: #1069319). Checksums-Sha1: 60b9262f93647a45a8940945dd84bea5e6caf12d 1898 datatype99_1.6.4-2.dsc 486ef9d9669a78c6ec3a46381cb321bc9b99aea6 2636 datatype99_1.6.4-2.debian.tar.xz 512afccfb91aa5ff8043c28e5247e91711285570 6908 datatype99_1.6.4-2_amd64.buildinfo Checksums-Sha256: b4428abed40bbdd4990c538a14974e4cebdcb9f6a4ffeb9da6caf2462f37ba90 1898 datatype99_1.6.4-2.dsc 2cdd55f12189e33878685239f52d32552e43995f0e55c41d48a4b28b34dfec33 2636 datatype99_1.6.4-2.debian.tar.xz 035f64f22d12b1dc82c2ccd23689229b455c1dca49bc04ec66e896de8a8baa75 6908 datatype99_1.6.4-2_amd64.buildinfo Files: 47d499f6f9806e1f7eb2b01c478a2644 1898 devel optional datatype99_1.6.4-2.dsc 61433688b4f260d76fa0e95737347e7c 2636 devel optional datatype99_1.6.4-2.debian.tar.xz 421ceb657c99f6f3462868086f1c3c3f 6908 devel optional datatype99_1.6.4-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtBU2D1kett1zr/uD0w3s0lmTIvwFAmYw5FMACgkQ0w3s0lmT IvzYVQ//V48cePi9T6RQNhRZvBI9sQYmkMi4uriXWpBuno+vsqT0/zgNAJ6jtGCZ nW2AE3n83tGpHCL3Wy2CgBH2zyq23M0BXLBnxK+NOfW0yKhYAg+6oWrixUiIWL6C HgHLVrISYhSrgaQ7X1Z5n0saa4X5YgzX0p/HbPcFP0d+2dCcozcN8TIFM6s82KkK uqdScArbp57tGduvgWQcF2tuMbRTf12xzU8aJDR+MjcrwzZCkOCkPZqhkkvBzm7t /nC8Lb4zQtE0hvPw11vQvsvcMuITYrsLFq97YmiLlbtFCgfK8vJKNLRX6YsBQogH gzNn1vLE6cpRipHl3tbxgDsdEpfqMI4CNeqxntX75CrhDDXwo5eFczzAJQ9b6pth mfBBwwvbrDBw2Xh1fmJBjixAMIMkIQCg0PteFE6JUVJp/1XRO71BM0GjVZDCmCM+ qKNmnyGPKJ4P29Kub00VQs1hzj/IYqdOWcDe/txbQSAPiHJmMXgaYFSAQ6+3I6gf FQ62eC0z1mgZqnBmKt8YYCSoKfkUhwbMiQsTns3r+p5hPr1Ts9O1C8qG9dgyOYh/ 9MA+dhquS30+OGkPCiLG86EbI7ocbuNeTkK3MZr2lX+dOsckwAznkyYORYMlSbA8 bdBoZiYFjqnYBZ0thr28zkllIjrzhltgeuc0M7jdJ3z+qePBVh0= =EmSi -END PGP
Bug#1069319: marked as done (FTBFS on armel: undefined reference to `__atomic_store_8')
Your message dated Tue, 30 Apr 2024 12:49:10 + with message-id and subject line Bug#1069319: fixed in datatype99 1.6.4-2 has caused the Debian Bug report #1069319, regarding FTBFS on armel: undefined reference to `__atomic_store_8' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069319 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: datatype99 Version: 1.6.4-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/fetch.php?pkg=datatype99=armel=1.6.4-1=1713120793=0 make[4]: Entering directory '/<>/testsbuild' [ 10%] Building C object CMakeFiles/tests.dir/tests.c.o [ 20%] Linking C executable tests /usr/bin/ld: /usr/lib/gcc/arm-linux-gnueabi/13/libasan.so: undefined reference to `__atomic_store_8' /usr/bin/ld: /usr/lib/gcc/arm-linux-gnueabi/13/libasan.so: undefined reference to `__atomic_load_8' /usr/bin/ld: /usr/lib/gcc/arm-linux-gnueabi/13/libasan.so: undefined reference to `__atomic_compare_exchange_8' collect2: error: ld returned 1 exit status -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: datatype99 Source-Version: 1.6.4-2 Done: Roland Mas We believe that the bug you reported is fixed in the latest version of datatype99, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Mas (supplier of updated datatype99 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 14:27:27 +0200 Source: datatype99 Architecture: source Version: 1.6.4-2 Distribution: unstable Urgency: medium Maintainer: Roland Mas Changed-By: Roland Mas Closes: 1069319 1069320 Changes: datatype99 (1.6.4-2) unstable; urgency=medium . * Switch to Architecture: all. This fixes "FTBFS on mips64el: cannot find -lasan: No such file or directory", thanks to Andrey Rakhmatullin (Closes: #1069320) and "FTBFS on armel: undefined reference to `__atomic_store_8", thanks to Andrey Rakhmatullin (Closes: #1069319). Checksums-Sha1: 60b9262f93647a45a8940945dd84bea5e6caf12d 1898 datatype99_1.6.4-2.dsc 486ef9d9669a78c6ec3a46381cb321bc9b99aea6 2636 datatype99_1.6.4-2.debian.tar.xz 512afccfb91aa5ff8043c28e5247e91711285570 6908 datatype99_1.6.4-2_amd64.buildinfo Checksums-Sha256: b4428abed40bbdd4990c538a14974e4cebdcb9f6a4ffeb9da6caf2462f37ba90 1898 datatype99_1.6.4-2.dsc 2cdd55f12189e33878685239f52d32552e43995f0e55c41d48a4b28b34dfec33 2636 datatype99_1.6.4-2.debian.tar.xz 035f64f22d12b1dc82c2ccd23689229b455c1dca49bc04ec66e896de8a8baa75 6908 datatype99_1.6.4-2_amd64.buildinfo Files: 47d499f6f9806e1f7eb2b01c478a2644 1898 devel optional datatype99_1.6.4-2.dsc 61433688b4f260d76fa0e95737347e7c 2636 devel optional datatype99_1.6.4-2.debian.tar.xz 421ceb657c99f6f3462868086f1c3c3f 6908 devel optional datatype99_1.6.4-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtBU2D1kett1zr/uD0w3s0lmTIvwFAmYw5FMACgkQ0w3s0lmT IvzYVQ//V48cePi9T6RQNhRZvBI9sQYmkMi4uriXWpBuno+vsqT0/zgNAJ6jtGCZ nW2AE3n83tGpHCL3Wy2CgBH2zyq23M0BXLBnxK+NOfW0yKhYAg+6oWrixUiIWL6C HgHLVrISYhSrgaQ7X1Z5n0saa4X5YgzX0p/HbPcFP0d+2dCcozcN8TIFM6s82KkK uqdScArbp57tGduvgWQcF2tuMbRTf12xzU8aJDR+MjcrwzZCkOCkPZqhkkvBzm7t /nC8Lb4zQtE0hvPw11vQvsvcMuITYrsLFq97YmiLlbtFCgfK8vJKNLRX6YsBQogH gzNn1vLE6cpRipHl3tbxgDsdEpfqMI4CNeqxntX75CrhDDXwo5eFczzAJQ9b6pth mfBBwwvbrDBw2Xh1fmJBjixAMIMkIQCg0PteFE6JUVJp/1XRO71BM0GjVZDCmCM+ qKNmnyGPKJ4P29Kub00VQs1hzj/IYqdOWcDe/txbQSAPiHJmMXgaYFSAQ6+3I6gf
Processed: Re: Bug#1060951: Build regression in multiarch g-ir-scanner (Was: libkkc: FTBFS: Marisa.gir] Error 1)
Processing control commands: > retitle -1 Build regression in multiarch g-ir-scanner Bug #1060951 [src:libkkc] libkkc: FTBFS: make[3]: *** [/usr/share/gobject-introspection-1.0/Makefile.introspection:156: Marisa.gir] Error 1 Changed Bug title to 'Build regression in multiarch g-ir-scanner' from 'libkkc: FTBFS: make[3]: *** [/usr/share/gobject-introspection-1.0/Makefile.introspection:156: Marisa.gir] Error 1'. > reassign -1 src:gobject-introspection Bug #1060951 [src:libkkc] Build regression in multiarch g-ir-scanner Bug reassigned from package 'src:libkkc' to 'src:gobject-introspection'. No longer marked as found in versions libkkc/0.3.5-8. Ignoring request to alter fixed versions of bug #1060951 to the same values previously set > severity -1 grave Bug #1060951 [src:gobject-introspection] Build regression in multiarch g-ir-scanner Severity set to 'grave' from 'serious' > affects -1 src:libkkc Bug #1060951 [src:gobject-introspection] Build regression in multiarch g-ir-scanner Added indication that 1060951 affects src:libkkc > affects -1 src:ibus-anthy Bug #1060951 [src:gobject-introspection] Build regression in multiarch g-ir-scanner Added indication that 1060951 affects src:ibus-anthy -- 1060951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060951 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1060951: Build regression in multiarch g-ir-scanner (Was: libkkc: FTBFS: Marisa.gir] Error 1)
Control: retitle -1 Build regression in multiarch g-ir-scanner Control: reassign -1 src:gobject-introspection Control: severity -1 grave Control: affects -1 src:libkkc Control: affects -1 src:ibus-anthy X-Debbugs-CC: s...@debian.org jbi...@debian.org Hi, This looks like a regression introduced in gobject-introspection 1.78.1-17. For the problematic line below: * When manually invoking using /usr/bin/g-ir-scanner, the build is fine. * When invoking using /usr/bin/x86_64-linux-gnu-g-ir-scanner, the build error (libm not found) will happen, as shown in the build log attached. Comparing the invocation of g-ir-scanner with native compilation, the only extra flag is the addition of "--use-ldd- wrapper=/usr/libexec/gobject-introspection-bin/deb-elf-get-needed". I guess this wrapper is doing something bad. This bug is affecting multiple packages, including src:libkkc and src:ibus-anthy (via https://bugs.debian.org/1060953 ). Please consider looking into them. Please let me know if more debug info is needed. Thanks! Regards, Boyuan Yang On Tue, 16 Jan 2024 20:44:13 +0100 Lucas Nussbaum wrote: > Source: libkkc > Version: 0.3.5-8 > Severity: serious > Justification: FTBFS > Tags: trixie sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20240115 ftbfs-trixie > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. > > > CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" CFLAGS="-g -O2 -ffile- prefix-map=/<>=. -fstack-protector-strong -fstack-clash- protection -Wformat -Werror=format-security -fcf-protection -Wall - pedantic" LDFLAGS="-Wl,-z,relro -Wl,--as-needed" CC="gcc" PKG_CONFIG="/usr/bin/pkg-config" GI_HOST_OS="" DLLTOOL="false" /usr/bin/x86_64-linux-gnu-g-ir-scanner --add-include-path=. -- namespace=Marisa.gir --nsversion=Marisa --libtool="/bin/bash ../libtool" --include=GLib-2.0 --include=GObject-2.0 --include=Gio-2.0-- library=libmarisa-glib.la --pkg-export=marisa-glib --pkg=marisa -- namespace=Marisa -lstdc++ -lm -lgcc_s -lc -lgcc_s --cflags-begin - I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include - pthread -I/usr/include/libmount -I/usr/include/blkid -I.. --cflags-end marisa-key.cc marisa-keyset.cc marisa-agent.cc marisa-trie.cc marisa- key.h marisa-keyset.h marisa-agent.h marisa-trie.h libmarisa-glib.la -- output Marisa.gir > g-ir-scanner: link: /bin/bash ../libtool --mode=link --tag=CC gcc -o /<>/marisa-glib/tmp-introspectfgvk9o6l/Marisa-Marisa - export-dynamic -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix- map=/<>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wall -pedantic /<>/marisa-glib/tmp-introspectfgvk9o6l/Marisa-Marisa.o -L. libmarisa-glib.la -lstdc++ -lm -lgcc_s -lc -lgcc_s -lgio-2.0 -lgobject- 2.0 -Wl,--export-dynamic -lgmodule-2.0 -pthread -lglib-2.0 -lglib-2.0 - lmarisa -Wl,-z,relro -Wl,--as-needed > libtool: link: gcc -o /<>/marisa-glib/tmp- introspectfgvk9o6l/Marisa-Marisa -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 - ffile-prefix-map=/<>=. -fstack-protector-strong -fstack- clash-protection -Wformat -Werror=format-security -fcf-protection -Wall - pedantic /<>/marisa-glib/tmp-introspectfgvk9o6l/Marisa- Marisa.o -Wl,--export-dynamic -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-- export-dynamic -L. ./.libs/libmarisa-glib.a -lstdc++ -lm -lc -lgcc_s - lgio-2.0 -lgobject-2.0 -lgmodule-2.0 -lglib-2.0 -lmarisa -pthread > ERROR: can't resolve libraries to shared libraries: m > make[3]: *** [/usr/share/gobject-introspection- 1.0/Makefile.introspection:156: Marisa.gir] Error 1 > The full build log is available from: http://qa-logs.debian.net/2024/01/15/libkkc_0.3.5-8_unstable.log signature.asc Description: This is a digitally signed message part
Bug#1056798: marked as done (dioptas: ftbfs with cython 3.0.x)
Your message dated Tue, 30 Apr 2024 10:34:22 + with message-id and subject line Bug#1056798: fixed in dioptas 0.6.0-1 has caused the Debian Bug report #1056798, regarding dioptas: ftbfs with cython 3.0.x to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1056798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056798 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:dioptas Version: 0.5.2-4 Severity: important Tags: sid trixie User: debian-pyt...@lists.debian.org Usertags: cython3 [This bug is targeted to the upcoming trixie release] The package fails to build in a test rebuild on at least arm64 with cython 3.0.5, but succeeds to build with cython 0.29.36. Please update the package to build with cython 3.0.5 (available in experimental). If the package cannot be built with cython 3.0.5, please change the build dependency from cython3 to cython3-legacy (available now in unstable). There is no replacement for cython3-dbg. Build logs building with cython 3.0.5 can be found at https://people.debian.org/~stefanor/cython3/cython-3.0.5/ See also https://lists.debian.org/debian-python/2023/11/msg00034.html --- End Message --- --- Begin Message --- Source: dioptas Source-Version: 0.6.0-1 Done: Roland Mas We believe that the bug you reported is fixed in the latest version of dioptas, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1056...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Mas (supplier of updated dioptas package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 12:13:56 +0200 Source: dioptas Architecture: source Version: 0.6.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PaN Maintainers Changed-By: Roland Mas Closes: 1040551 1056798 1059944 Changes: dioptas (0.6.0-1) unstable; urgency=medium . * New upstream release 0.6.0. . dioptas (0.5.9+git20240322-2) UNRELEASED; urgency=medium . * Depend on python3-xypattern. . dioptas (0.5.9+git20240322-1) unstable; urgency=medium . * New snapshot from upstream Git. . dioptas (0.5.9-1) UNRELEASED; urgency=medium . * Team Upload. * New upstream version 0.5.9 (Closes: #1056798) * add new pybuild-plugin-pyproject build-dep * add dependency on libjs-mathjax (Closes: #1040551) * refresh existing patches * remove usage of python3-future (Closes: #1059944) . [ Debian Janitor ] * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse. * Update standards version to 4.6.2, no further changes needed. . [ Andreas Tille ] * Testsuite: autopkgtest-pkg-python (routine-update) * Build-Depends: s/dh-python/dh-sequence-python3/ (routine-update) * Rules-Requires-Root: no (routine-update) * Set upstream metadata fields: Repository. Checksums-Sha1: a86ee13d113eee80b37eb580d8e6c35123ff2b81 2433 dioptas_0.6.0-1.dsc cd0ee66da7acd70c6daaace204086e86e10e3f96 74948930 dioptas_0.6.0.orig.tar.gz b0e9c6cc68ba86266b04b4cdb7fb3386e3fba77a 7588 dioptas_0.6.0-1.debian.tar.xz a8e2115d5339f49b2688904f23b55a6efa9e66be 22050 dioptas_0.6.0-1_amd64.buildinfo Checksums-Sha256: a424bd845d618da1c8d95474824518af317bdb6d36ce336b0f5a8fd08e1b766b 2433 dioptas_0.6.0-1.dsc 5c19d0f72cbe0f587ac0f4157cc2a0d7bebd8b909cb011f4eda7e0c9cf1ad9a8 74948930 dioptas_0.6.0.orig.tar.gz f786b2f633b714507c2cbb3a0fb5424ac3bdd88b7d62acc8b3816bcb1906893b 7588 dioptas_0.6.0-1.debian.tar.xz 1d6d8947464d8e259a67dbcf0884218eb835cd23458e23dca8b43613568461a7 22050 dioptas_0.6.0-1_amd64.buildinfo Files: 32f11f8e978c63f071a6b421a30c37be 2433 python optional dioptas_0.6.0-1.dsc 51498eb2992e09b6bc40ed9ae3ee0edf 74948930 python optional dioptas_0.6.0.orig.tar.gz 368412a3b4c6d08847aa4fd7663fbcb8 7588 python optional dioptas_0.6.0-1.debian.tar.xz 628d462f6919ecd769efc4fc51e01bea 22050 python optional dioptas_0.6.0-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtBU2D1kett1zr/uD0w3s0lmTIvwFAmYwxRUACgkQ0w3s0lmT IvyEsA//SHeYa0bR7XJ661rYMjzpGUTdwL1nFWWy7A6xOKu7TnCYFPqMuRHnbMas
Bug#1070113: kylin-nm: predictable filenames under /tmp with system()
Package: kylin-nm
Version: 3.0.3.1-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
the kylin_network_get_activecon_info() function in
src/kylin-network-interface.c uses predictable filenames under /tmp
and invokes system() on it:
| activecon *kylin_network_get_activecon_info()
| {
| struct passwd *pwd;
| pwd = getpwuid(getuid());
| char *name = pwd->pw_name;
| char *tmpPrefix = "/tmp/kylin-nm-activecon-";
| char *chr = "nmcli connection show -active > ";
|
| char *cmd;
| asprintf(, "%s%s%s", chr, tmpPrefix, name);
| char *path;
| asprintf(, "%s%s", tmpPrefix, name);
| int status = system(cmd);
| if (status != 0)
| syslog(LOG_ERR, "execute 'nmcli connection show -active' in function
'kylin_network_get_activecon_info' failed");
| free(cmd);
Predictable filenames under /tmp and executing system() on it is
highly problematic and a potential security issue. It should instead
use e.g. mkstemp() and the execl-family of functions or similar.
FTR: the same code is present also in ukui-screensaver, which seems
to have a copy of the KylinNM source code included.
regards
-mika-
signature.asc
Description: PGP signature
Bug#1070112: ipykernel: nose-style setup/teardown is no longer supported in pytest 8
Source: ipykernel Version: 6.29.3-1 Severity: serious Tags: patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear maintainer, your package uses setup() and teardown() functions which used to be part of the nose compatibility layer in pytest. However, these functions have been deprecated since pytest 7.2 and support for nose has been permanently removed as of pytest 8: https://docs.pytest.org/en/8.1.x/deprecations.html#setup-teardown You can probably just replace setup() and teardown() by setup_method() and teardown_method(), respectively. Cheers Timo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEmwPruYMA35fCsSO/zIxr3RQD9MoFAmYwxPkACgkQzIxr3RQD 9MpmdA//QJJ0rP8SwT2BDr+p2tTDDbn7LLxna1KUThQQAHbOA6telFy3+LCrvB35 GQhA+00so2IWvgXK0P0WNyvpkBcCaUx+7Dwoyx1GWFz+La+2erMsIXeGdBuZ8S0e rr6iDdfSq3urZ/FnW0Lj0DtHW2u8x10AVIl6f3u1S5wEDf4GCG6IKH6NZqeM59Ee N4hKcl8aWFW+3/j2k67pmY9GntY4hSZw99hibrWDlZMu4v/zQNbsS8OhQYqBQ8kR axGfL5tasprIOD9nqtSTiUrYWtUh/Neu9P6w0KaVZcmP0jJ03GE67P8y5srCVo4s PVYLTQ+NzRX1f0CajaWFGyP47bBfpOX89mGt383lFPkVYeDOowLM68iv7POGqmWs xcNzeD+4f3pN/nlgaQfPdl6Q+700njiQCwaCpLpH/HTwA+L7fFash4HBeQX2pjYv Z9GOzrwPccjfKXRhe8Wy87pYJZ8Zp0mccL1ItYK7XSDdTqduKHqvfxY08dPJTxqs MlntK4Bnp77hWLXVejBIN9cFHWWHOBjFcsKnlfuTkrS3gKerl8ObPFcHSgHOduOj cWVcZF1JJBnCTKgCxgvvrUX/MPeKA+nZwgtbrtuyDuY+RHGE4a5GfzBP6O3vAx5A chzTjOft7gyKyHksB2O2Nsj7D7437x/hmhhM50hyaTf1IA/ZEq8= =s0ox -END PGP SIGNATURE-
Processed: fixed 1070077 in 1.1.2+ds-1
Processing commands for cont...@bugs.debian.org: > fixed 1070077 1.1.2+ds-1 Bug #1070077 [onionprobe] ships files directly in /usr/onionprobe Marked as fixed in versions onionprobe/1.1.2+ds-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1070077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070077 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 1070077
Processing commands for cont...@bugs.debian.org: > tags 1070077 + bookworm Bug #1070077 [onionprobe] ships files directly in /usr/onionprobe Added tag(s) bookworm. > thanks Stopping processing here. Please contact me if you need assistance. -- 1070077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070077 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 2 errors): Re: Bug#1065625: libmtp9t64 / libmtp-runtime dependency problem makes dpkg fail with attempt of removal of libmtp-common
Processing control commands: > severity -1 important Bug #1065625 [aptitude] libmtp9t64 / libmtp-runtime dependency problem makes dpkg fail with attempt of removal of libmtp-common Severity set to 'important' from 'serious' > user release.debian@packages.debian.org Unknown command or malformed arguments to command. > usertags -1 time-t-downgrade Unknown command or malformed arguments to command. -- 1065625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1065625: libmtp9t64 / libmtp-runtime dependency problem makes dpkg fail with attempt of removal of libmtp-common
Control: severity -1 important Control: user release.debian@packages.debian.org Control: usertags -1 time-t-downgrade On Thu, Mar 07, 2024 at 04:00:35PM +0100, Vincent Lefevre wrote: > Package: libmtp9t64 > Version: 1.1.21-3.1 > Severity: serious > > During an upgrade with aptitude: > > dpkg: dependency problems prevent removal of libmtp-common: > libmtp9t64:amd64 depends on libmtp-common. > libmtp-runtime depends on libmtp-common. > > dpkg: error processing package libmtp-common (--purge): > dependency problems - not removing > Errors were encountered while processing: > libmtp-common > > Note that "apt install -f" has nothing to fix; this upgrade just > triggered a dpkg error (similar to bug 1065603). > > Moreover, like in bug 1065603, aptitude did not propose the removal > of libmtp-common: > > Aptitude 0.8.13: log report > Thu, Mar 7 2024 15:49:03 +0100 > > IMPORTANT: this log only lists intended actions; actions which fail > due to dpkg problems may not be completed. > > Will install 11 packages, and remove 3 packages. > 8192 B of disk space will be used > > [...] > [HOLD, DEPENDENCIES] libmtp-common:amd64 1.1.21-3 > [...] > [INSTALL, DEPENDENCIES] libgphoto2-6t64:amd64 2.5.31-2.1 > [INSTALL, DEPENDENCIES] libgphoto2-port12t64:amd64 2.5.31-2.1 > [INSTALL, DEPENDENCIES] libmtp9t64:amd64 1.1.21-3.1 > [REMOVE, DEPENDENCIES] libgphoto2-6:amd64 2.5.31-2 > [REMOVE, DEPENDENCIES] libgphoto2-port12:amd64 2.5.31-2 > [REMOVE, DEPENDENCIES] libmtp9:amd64 1.1.21-3 > [...] > [UPGRADE] gvfs:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] gvfs-backends:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] gvfs-common:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] gvfs-daemons:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] gvfs-fuse:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] gvfs-libs:amd64 1.53.90-2 -> 1.53.90-3 > [UPGRADE] libgphoto2-l10n:amd64 2.5.31-2 -> 2.5.31-2.1 > [UPGRADE] libmtp-runtime:amd64 1.1.21-3 -> 1.1.21-3.1 > This bug has since been reassigned to aptitude. Solver limitations in aptitude wrt t64 handling should not be considered release critical, it makes no sense to remove aptitude from testing for it; there are still plenty of other valid use cases that are unaffected by these particular bugs, so I am downgrading it to important. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#1070047: marked as done (python3-django-pipeline: installs files into aliased locations)
Your message dated Tue, 30 Apr 2024 09:34:23 +
with message-id
and subject line Bug#1070047: fixed in django-pipeline 3.0.0-2
has caused the Debian Bug report #1070047,
regarding python3-django-pipeline: installs files into aliased locations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1070047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-django-pipeline
Version: 3.0.0-1
Severity: serious
Justification: introduces new aliasing
Tags: patch
Control: affects -1 + python3-distutils
User: helm...@debian.org
Usertags: dep17p6
The last upload of python3-django-pipeline moved all of its files from
/usr/lib to /lib. Whils this works somewhat on a /usr-merged
installations, it causes subtle bugs due to dpkg not being prepared with
aliasing. In DEP17, we're resolving this by moving all files out of
aliased locations and python3-django-pipelines has just introduced new.
Hence, I'm filing this at RC severity. I think the move was accidental
and can be fixed by dropping the faulty "mv" command in favour of
setting PYBUILD_NAME to the package name rather than the module name.
I'm attaching a patch for your convenience.
Helmut
diff --minimal -Nru django-pipeline-3.0.0/debian/changelog
django-pipeline-3.0.0/debian/changelog
--- django-pipeline-3.0.0/debian/changelog 2024-04-28 19:35:05.0
+0200
+++ django-pipeline-3.0.0/debian/changelog 2024-04-29 10:17:13.0
+0200
@@ -1,3 +1,10 @@
+django-pipeline (3.0.0-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Do not install into /lib. (Closes: #-1)
+
+ -- Helmut Grohne Mon, 29 Apr 2024 10:17:13 +0200
+
django-pipeline (3.0.0-1) unstable; urgency=medium
* Team Upload
diff --minimal -Nru django-pipeline-3.0.0/debian/rules
django-pipeline-3.0.0/debian/rules
--- django-pipeline-3.0.0/debian/rules 2024-04-28 19:35:05.0 +0200
+++ django-pipeline-3.0.0/debian/rules 2024-04-29 10:17:13.0 +0200
@@ -4,7 +4,7 @@
include /usr/share/dpkg/pkg-info.mk
export SETUPTOOLS_SCM_PRETEND_VERSION=${DEB_VERSION_UPSTREAM}
-export PYBUILD_NAME=pipeline
+export PYBUILD_NAME=django-pipeline
export PYBUILD_AFTER_BUILD_python3=PYTHONPATH=. sphinx-build -b html -d
docs/.build/.doctrees -N docs docs/.build/html
# Uncomment this to turn on verbose mode.
@@ -25,6 +25,5 @@
PYBUILD_SYSTEM=custom PYBUILD_TEST_ARGS="PYTHONPATH=. python{version}
/usr/bin/django-admin test --settings=tests.settings" dh_auto_test
execute_after_dh_auto_install:
- mv debian/python3-pipeline/* debian/python3-django-pipeline/
find -type f -name '*.pyc' -delete
find -type d -name __pycache__ -empty -delete
--- End Message ---
--- Begin Message ---
Source: django-pipeline
Source-Version: 3.0.0-2
Done: Alexandre Detiste
We believe that the bug you reported is fixed in the latest version of
django-pipeline, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1070...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexandre Detiste (supplier of updated django-pipeline
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 30 Apr 2024 11:08:34 +0200
Source: django-pipeline
Architecture: source
Version: 3.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team
Changed-By: Alexandre Detiste
Closes: 1070047
Changes:
django-pipeline (3.0.0-2) unstable; urgency=medium
.
* Team Upload
* Revert failed attempt to fix Salsa CI that made things worse
(Closes: #1070047)
Checksums-Sha1:
c7c76875e869f65949824f456a4a6df5ce2f04f3 2327 django-pipeline_3.0.0-2.dsc
8003f00b7405d46a1708cc369628b966c78d051b 8088
django-pipeline_3.0.0-2.debian.tar.xz
9347938b3bed18928ebe7a7b1f581df89cc197d4 8092
django-pipeline_3.0.0-2_source.buildinfo
Checksums-Sha256:
bd9374956afc57aa86800171e361a7e96225929240bd1c4c0728ead816d5f88b 2327
django-pipeline_3.0.0-2.dsc
de124a043cb1efa9debe03665f47feb890570afa4b440923c5cc689aff6c3971 8088
django-pipeline_3.0.0-2.debian.tar.xz
Bug#1069724: slurm-wlm: autopkgtest regression on !amd64: trying to overwrite '/usr/lib/-linux-gnu/slurm-wlm/accounting_storage_mysql.so'
Hi, On Tue, 2024-04-23 at 19:56 +0200, Paul Gevers wrote: > Source: slurm-wlm > Version: 23.11.4-1.4 > X-Debbugs-CC: bdr...@debian.org, vor...@debian.org, mckins...@debian.org > Severity: serious > User: debian...@lists.debian.org > Usertags: regression > > Dear maintainer(s), > > With a recent upload of slurm-wlm the autopkgtest of slurm-wlm fails in > testing when that autopkgtest is run with the binary packages of > slurm-wlm from unstable. It passes when run with only packages from > testing. In tabular form: > > passfail > slurm-wlm from testing23.11.4-1.4 > all others from testingfrom testing > > I copied some of the output at the bottom of this report. > > Currently this regression is blocking the migration to testing [1]. Can > you please investigate the situation and fix it? > > More information about this bug and the reason for filing it can be found on > https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation > > Paul > > [1] https://qa.debian.org/excuses.php?package=3Dslurm-wlm > > https://ci.debian.net/data/autopkgtest/testing/arm64/s/slurm-wlm/45786802/log.gz > > 96s Unpacking slurm-wlm-mysql-plugin (23.11.4-1.4) ... > 96s dpkg: error processing archive > /tmp/apt-dpkg-install-zn5wp3/17-slurm-wlm-mysql-plugin_23.11.4-1.4_arm64.deb > (--unpack): > 96s trying to overwrite > '/usr/lib/aarch64-linux-gnu/slurm-wlm/accounting_storage_mysql.so', > which is also in package slurm-wlm-basic-plugins 23.11.4-1.4 Looking at the package contents, /usr/lib/*/slurm-wlm/accounting_storage_mysql.so is shipped in slurm- wlm-basic-plugins and slurm-wlm-mysql-plugin. The package in testing only ships it in slurm-wlm-mysql-plugin. So it should be removed from slurm-wlm-basic-plugins. -- Benjamin Drung Debian & Ubuntu Developer
Processed: various uploads made
Processing commands for cont...@bugs.debian.org:
> fixed 1067630 1:26.1+1-3.2+deb10u5
Bug #1067630 {Done: Rob Browning } [src:emacs] emacs:
CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205
Bug #1067717 {Done: Rob Browning } [src:emacs]
emacs-common: Security issues with emacs; remote code execution in Gnus
The source 'emacs' and version '1:26.1+1-3.2+deb10u5' do not appear to match
any binary packages
Marked as fixed in versions emacs/1:26.1+1-3.2+deb10u5.
Marked as fixed in versions emacs/1:26.1+1-3.2+deb10u5.
> fixed 1067663 9.1.14+dfsg-3+deb10u2
Bug #1067663 [org-mode] org-mode: CVE-2024-30202 CVE-2024-30205
There is no source info for the package 'org-mode' at version
'9.1.14+dfsg-3+deb10u2' with architecture ''
Unable to make a source version for version '9.1.14+dfsg-3+deb10u2'
Marked as fixed in versions 9.1.14+dfsg-3+deb10u2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1067630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067630
1067663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067663
1067717: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067717
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1067630: various uploads made
fixed 1067630 1:26.1+1-3.2+deb10u5 fixed 1067663 9.1.14+dfsg-3+deb10u2 thanks I've uploaded to Emacs and Org-mode to buster-security and bullseye-proposed-updates, and Emacs to bookworm-proposed-updates. -- Sean Whitton
Bug#1070077: [Pkg-privacy-maintainers] Bug#1070077: ships files directly in /usr/onionprobe
Hi, Thanks for the report. On 24-04-29 16:19:21, Antoine Beaupre wrote: > Package: onionprobe > Version: 1.0.0+ds-2.1+deb12u1 > Severity: serious > > The Debian package shipped in bookworm right now changed the path to > the examples/ directory. It used to be: > > /usr/lib/python3/dist-packages/onionprobe/examples/tpo.py > > and now seems to be: > > /usr/onionprobe/examples/tpo.py > > Apart from the gratuitous change, this seems to be a violation of the > FHS policy, packages shouldn't ship their own stuff directly under > /usr like this... Indeed -- I wasn't aware, or probably forgot, that bookworm is affected. Given the severity, this might warrant a bookworm-pu, I guess? > I haven't checked in unstable to see if this is fixed. This was reported via #1025508 and fixed in unstable via 1.1.2+ds-1. Cheers, Georg
Bug#1070069: fossil: CVE-2024-24795 unreleated breakage
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit : > Bastien, > > Okay, got it. Thanks for letting me know. > > I can cherry-pick that fossil commit, but you know the right magic for > a versioned apache2 breakage and how to deal with proposed-updates. > So I think it would make sense for you to do all of this in a > coordinated fashion? > If that's okay with you, please feel free to just do a regular upload > if you want, or an NMU, as you please. > I will push your changes into the debian fossil branch, unless you'd > like write access to my fossil packaging repo > https://people.debian.org/~bap/fossil.fsl > which I'd be happy to set up. Hi I give up for fossil patches (i am not fossil fluent) The bookworm version will need: - to add the patch - Breaks against apache2-bin ( 2.4.59-1~) The bullseye version will need: - to add the patch - Breaks against apache2-bin ( 2.4.59-1~) We have done a full backport of apache due to several bug BTW I suppose that sid version should for extra safety break against apache2-bin ( 2.4.59-1~) instead of apache2 You should begin and apache2 will follow ASAP Bastien For buster I will reprod you when done, > > Cheers, > > --Barak. > signature.asc Description: This is a digitally signed message part.
Processed: retitle 1069163 to libkf5kmanagesieve5: CVE-2023-52723: sends password as username when authenticating against sieve servers
Processing commands for cont...@bugs.debian.org:
> retitle 1069163 libkf5kmanagesieve5: CVE-2023-52723: sends password as
> username when authenticating against sieve servers
Bug #1069163 {Done: Patrick Franz } [libkf5kmanagesieve5]
libkf5kmanagesieve5: sends password as username when authenticating against
sieve servers
Changed Bug title to 'libkf5kmanagesieve5: CVE-2023-52723: sends password as
username when authenticating against sieve servers' from 'libkf5kmanagesieve5:
sends password as username when authenticating against sieve servers'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1069163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
