Bug#977027: [Pkg-javascript-devel] Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"
Le jeu. 6 avr. 2023 à 11:24, Paul Gevers a écrit : > > Control: tags -1 pending patch > > On 06-04-2023 12:54, Paul Gevers wrote: > > I'm going to prepare NMU's for rhino and dojo and upload to DELAYED/5 > > Please find the debdiffs attached. Go ahead > > Paul > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#977027: [Pkg-javascript-devel] Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"
Le dim. 26 mars 2023 à 21:39, Markus Koschany a écrit : > Hi Graham, > > Am Sonntag, dem 26.03.2023 um 19:28 +0200 schrieb Graham Inggs: > > Hi Markus > > > > On Sun, 26 Mar 2023 at 16:34, Markus Koschany wrote: > > > 1. There is no transition needed because only shrinksafe is affected > by the > > > new > > > rhino version. > > > > How did you determine this? > > Rhino 1.7.14 was mostly API compatible meaning I only had to fix an issue > in > closure-compiler. All other packages can be built from source without > modifications. I didn't find any other runtime / ABI issues so far. > > > > > > 2. shrinksafe has no reverse-dependencies > > > > That is true, but src:dojo has ledgersmb and tt-rss as > reverse-dependencies. > > I used codesearch.debian.net and found only documentation or other minor > references of shrinksafe in affected packages. > > https://codesearch.debian.net/search?q=shrinksafe=1 > > Since all Java tests in dojo pass after the rebuild and almost all of the > code > in dojo is Javascript anyway, I don't see how ledgersmb and tt-rss can be > affected by the new rhino version. Wouldn't those packages depend on rhino > in > some way? To me it seems rhino is only required to build shrinksafe which > can > be used for compressing Javascript files. But maybe the dojo maintainers > can > chime in here. > Yes shrinksafe is only used for compression. Bastien > > > Regards, > > Markus > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel >
Bug#993301: prototypejs: FTBFS
Le mer. 17 nov. 2021 à 13:02, Andreas Beckmann a écrit : > Control: tag -1 moreinfo > > On Mon, 30 Aug 2021 12:23:22 + "=?utf-8?q?Bastien_Roucari=C3=A8s?=" > wrote: > > Source: prototypejs > > Severity: serious > > Justification: 4 > > > > Dear Maintainer, > > > > The source is https://github.com/prototypejs/prototype/tree/master and > need > > rake for building... > > > > So FTBFS > > I can rebuild prototypejs/1.7.1-3.1 in sid and bullseye without > problems. What errors do you encounter? > Yes but this not prefered source of modification... > There is a new upstream release 1.7.3 (from 2015) available on github. > Does that version fail? > > And how is this related to rake? > Sée thé salsa tree un order to understand why i need rake > > > Andreas >
Bug#996836: [Pkg-javascript-devel] Bug#996836: node-webpack: webpack embeds binary files in es-module-lexer component
Le mar. 19 oct. 2021 à 16:12, Yadd a écrit : > Source: node-webpack > Version: 5.58.2+~cs5.11.7-1 > Severity: serious > Justification: DFSG > > webpack 5.58 uses es-module-lexer. For now, this component is downloaded > including some binary files (WASM,...). This should be fixed before > going to unstable. > I really hate wasm... What is the source language ? Rust ? > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel >
Bug#994451: golang-github-containers-common: secomp.json does not include newer syscall used by stable kernel/glibc on arm
Le lun. 27 sept. 2021 à 16:08, Reinhard Tartler a écrit : > > > On Thu, Sep 16, 2021 at 4:18 AM Bastien Roucariès > wrote: >> >> Package: golang-github-containers-common >> Version: 0.33.4+ds1-1 >> Severity: critical >> Tags: upstream >> Forwarded: >> https://github.com/containers/common/commit/42d1db16bfc0dbaee5781d230dc2bcbaa0849c6e >> Control: fixed -1 0.42.1+ds1-1 >> >> Dear Maintainer, >> >> golang-github-containers-common in stable does not include recent syscall >> used >> by stable kernel/glibc breaking in my case simple container that do >> unattended- >> upgrade on arm >> particularly syscall=436 that is timer_settime64 >> >> I believe this should be fixed in a point release. > > > I agree. I realized that these syscall changes also affect amd64. I was able > to reproduce the issue > by running a distribution that ships with glibc 2.34, such as ubuntu impish. > The testcase would be: > > $ podman run --rm -it ubuntu:impish sh -c 'apt update -qq && apt -y > full-upgrade && apt install -y libc6 jq' > > The symptom is described in more detail at > https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1943049 > > The problem here is that the issue is not simply dealt with updating the > secomp.json file, but also some code changes are required > that allow setting the default return value for some syscalls. This means > that in order to fix this issue in stable, 3 uploads are needed: > > - golang-github-opencontainers-specs > - golang-github-containers-common > - libpod > > I'm cloning this bug appropriately so that these uploads can be tracked > separately. > For now,I've backported and verified the changes. For your convenience, I've > uploaded the packages I got so far to > https://people.debian.org/~siretart/bug.994451/ > >> >> BTW I strongly believe that seccomp.json is a config file and should be >> shipped in /etc and 988443 should also be shipped in stable. > > > I could get convinced if the issue was fixable by just upading the > seccomp.json policy file. > Sadly, that's not the case. It seems that recent version of this package allow to change at exec time the seccomp.json file. But for this version, you take the point it need rebuilt. Note that I have fixed this problem by manually using the unstable version on my stable. Bastien > Stable Release team, I think this bug should be cloned with those > instructions: > > > -- > regards, > Reinhard
Bug#994974: [Pkg-javascript-devel] Bug#994974: node-define-property: Please deembed and fix vulnereability
Le ven. 24 sept. 2021 à 08:16, Jonas Smedegaard a écrit : > > Hi Bastien, > > Quoting Bastien Roucariès (2021-09-24 09:49:37) > > Package: node-define-property > > Severity: serious > > Tags: security upstream fixed-upstream > > Justification: security bug > > Forwarded: https://github.com/jonschlinkert/define-property/pull/6 > > X-Debbugs-Cc: Debian Security Team > > > > Dear Maintainer, > > > > According to > > https://www.npmjs.com/advisories/1490 > > node-define-property is vulnerable > > > > > > Because it embed small modules that are vulnerable. > > Sorry, I don't see the advisory mentioning define-property anywhere, and > don't see our actual code calling "constructor" anywhere, as seems to be > what the security in the advisory is about. > > Your reference to a PR 6 seems to be tied to an older version of > define-property than in Debian. > > Please elaborate how this vulnerability affects code in Debian. > > > > Embdeding is bad and we have here another proof > > I was puzzled at first, but think I now understand your point: > > Embedding in general is not necessarily bad but is complex to do right - > embedding without proper tracking is bad. Yes it is lack of README.Sources, lack of lintian tag > > What confused me is that at first I thought you were ranting about > Debian practice of embedding, but it seems you are ranting about lack of > tracking of (either upstream or Debian-introduced) embedding. Do I > understand that correctly? Yes it is Fixed nevertheless > > Thanks for reporting, regardless, > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#994720: [Pkg-javascript-devel] Bug#994720: nodejs: Please depends of sse2-support
Le dim. 19 sept. 2021 à 21:03, Jérémy Lal a écrit : > > >> Le dim. 19 sept. 2021 à 22:33, Bastien Roucariès >> a écrit : >> >> Source: nodejs >> Severity: serious >> Tags: patch >> Justification: base arch >> Forwarded: >> https://chromium.googlesource.com/v8/v8.git/+/e825c4318eb2065ffdf9044aa6a5278635c36427 >> >> Dear Maintainer, >> >> libv8 need sse2 on i386 since 2017... >> >> I asked upstream better communication with us, but we must depends on >> sse2-support >> >> Patch because I will fix on git asap I have a bug number. >> > > [i386] sse2-support is already a dependency... but that fact has not made it > to buster. Yes and b-d should also depends > > Jérémy
Bug#994703: [Pkg-javascript-devel] Bug#994703: Bug#994703: nodejs: please documents deps or avoid it
Le dim. 19 sept. 2021 à 19:33, Jérémy Lal a écrit : > > > > Le dim. 19 sept. 2021 à 18:54, Bastien Roucariès > a écrit : >> >> Package: nodejs >> Version: 12.22.5~dfsg-2 >> Severity: serious >> >> Dear Maintainer, >> >> README.source should document the deps directory. >> >> It will be better to remove some libs from deps. Why libz is needed for node >> ? >> Could we push this plugin stuff to libz and so on. >> >> Acorn embdeded should be fixed by recent version. >> >> openssl one is worry some.. > > > Hi, > > What's in ./deps/ is mostly not used for building node. > It's pretty much obvious if you look at ./debian/rules configure flags. Yes but README.Source is in this case good > > I believe it is not common practice to remove unused files, as long as it's > okay with DFSG. Yes also > That's why > zlib, openssl, nghttp2, http-parser, uv, c-ares, brotli > are kept around in ./deps/ directory. > > This is actually useful, it makes debugging against "upstream-like" builds > easier. Yes but in order to be less worried about something in this huge code base use these files, I will really prefer to move the deps dir before configure or removing the -r bit in order to avoid something strange I was hit ten years ago by some leaking hardcoded path on a project I compiled, and I really prefer to be paraonoiac on this side Bastien > Jérémy > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#994603: errormsg
debian/upstream To fix the situation please do the following: 1) Examine debian/copyright_* and referenced files 2) Update debian/copyright as needed 3) Replace debian/copyright_hints with debian/copyright_newhints touch debian/stamp-copyright-check touch debian/stamp-upstream-cruft node-gyp configure gyp info it worked if it ends with ok gyp info using node-gyp@7.1.2 gyp info using node@12.22.5 | linux | x64 gyp info find Python using Python version 3.9.7 found at "/usr/bin/python3" gyp info spawn /usr/bin/python3 gyp info spawn args [ gyp info spawn args '/usr/share/nodejs/node-gyp/gyp/gyp_main.py', gyp info spawn args 'binding.gyp', gyp info spawn args '-f', gyp info spawn args 'make', gyp info spawn args '-I', gyp info spawn args '/tmp/node-stringprep/build/config.gypi', gyp info spawn args '-I', gyp info spawn args '/usr/share/nodejs/node-gyp/addon.gypi', gyp info spawn args '-I', gyp info spawn args '/usr/include/nodejs/common.gypi', gyp info spawn args '-Dlibrary=shared_library', gyp info spawn args '-Dvisibility=default', gyp info spawn args '-Dnode_root_dir=/usr/include/nodejs', gyp info spawn args '-Dnode_gyp_dir=/usr/share/nodejs/node-gyp', gyp info spawn args '-Dnode_lib_file=/usr/include/nodejs/<(target_arch)/node.lib', gyp info spawn args '-Dmodule_root_dir=/tmp/node-stringprep', gyp info spawn args '-Dnode_engine=v8', gyp info spawn args '--depth=.', gyp info spawn args '--no-parallel', gyp info spawn args '--generator-output', gyp info spawn args 'build', gyp info spawn args '-Goutput_dir=.' gyp info spawn args ] gyp info ok touch debian/stamp-node-gyp-configure V=1 CC="cc" CXX="g++" CFLAGS="-g -O2 -ffile-prefix-map=/tmp/node-stringprep=. -fstack-protector-strong -Wformat -Werror=format-security" CXXFLAGS="-g -O2 -ffile-prefix-map=/tmp/node-stringprep=. -fstack-protector-strong -Wformat -Werror=format-security" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,relro -Wl,-z,now" \ node-gyp build gyp info it worked if it ends with ok gyp info using node-gyp@7.1.2 gyp info using node@12.22.5 | linux | x64 gyp info spawn make gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build' ] make[1] : on entre dans le répertoire « /tmp/node-stringprep/build » g++ -o Release/obj.target/node_stringprep/node-stringprep.o ../node-stringprep.cc '-DNODE_GYP_MODULE_NAME=node_stringprep' '-DUSING_UV_SHARED=1' '-DUSING_V8_SHARED=1' '-DV8_DEPRECATION_WARNINGS=1' '-DV8_DEPRECATION_WARNINGS' '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-D__STDC_FORMAT_MACROS' '-DBUILDING_NODE_EXTENSION' -I/usr/include/nodejs/include/node -I/usr/include/nodejs/src -I/usr/include/nodejs/deps/openssl/config -I/usr/include/nodejs/deps/openssl/openssl/include -I/usr/include/nodejs/deps/uv/include -I/usr/include/nodejs/deps/zlib -I/usr/include/nodejs/deps/v8/include -I../../../usr/share/nodejs/nan -fPIC -pthread -Wall -Wextra -Wno-unused-parameter -m64 -fPIC -O3 -fno-omit-frame-pointer -fno-rtti -std=gnu++1y `pkg-config icu-i18n --cflags` -MMD -MF ./Release/.deps/Release/obj.target/node_stringprep/node-stringprep.o.d.raw -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/tmp/node-stringprep=. -fstack-protector-strong -Wformat -Werror=format-security -c ../node-stringprep.cc:20:26: error: ‘Handle’ has not been declared 20 | static void Initialize(Handle target) | ^~ ../node-stringprep.cc:20:32: error: expected ‘,’ or ‘...’ before ‘<’ token 20 | static void Initialize(Handle target) |^ ../node-stringprep.cc:154:5: warning: dynamic exception specifications are deprecated in C++11 [-Wdeprecated] 154 | throw(UnknownProfileException) | ^ ../node-stringprep.cc: In static member function ‘static void StringPrep::Initialize(int)’: ../node-stringprep.cc:28:5: error: ‘target’ was not declared in this scope 28 | target->Set(Nan::New("StringPrep").ToLocalChecked(), t->GetFunction()); | ^~ ../node-stringprep.cc:28:81: error: no matching function for call to ‘v8::FunctionTemplate::GetFunction()’ 28 | target->Set(Nan::New("StringPrep").ToLocalChecked(), t->GetFunction()); | ^ In file included from /usr/include/nodejs/src/node.h:67, from ../../../usr/share/nodejs/nan/nan.h:56, from ../node-stringprep.cc:1: /usr/include/nodejs/deps/v8/include/v8.h:6126:46: note: candidate: ‘v8::MaybeLocal v8::FunctionTemplate::GetFunction(v8::Local)’ 6126 | V8_WARN_UNUSED_RESULT MaybeLocal GetFunction( | ^~~ /usr/include/nodejs/deps/v8/include/v8.h:6126:46: note: candidate expects 1 argument, 0 provided ../node-stringprep.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE StringPrep::New(Nan::NAN_METHOD_ARGS_TYPE)’: ../node-stringprep.cc:48:48: error: no matching function for call to
Bug#992150:
control: reassign -1 src:firefox-esr
Bug#992150: Please allow symlink in system extension
Followup-For: Bug #992150 Control: clone -1 -2 Control: assign -1 src:firefox-esr
Bug#980202: FTBFS: gscan2pdf tests fail
Hi, Just uploaded 6.9.11-58 as suggested by upstream. No changes unfortunately Bastien Le ven. 22 janv. 2021 à 19:30, Cristy a écrit : > > Subject "convert fails to create image with text" claims > > convert +matte -depth 1 -colorspace Gray -pointsize 12 -units PixelsPerInch > -density 300 label:"The quick brown fox" test.png > > returns unexpected results. We tried the command with ImageMagick 6.9.11-58 > and get expected results under Fedora 33 and Debian 4.19.160-2 I686. Can you > try -58 on your system? Do you get expected results (test-old.png from bug > report)? > > Thanks, > > ImageMagick Development Team
Bug#979942: [Pkg-javascript-devel] Bug#979942: Bug#979942: Bug#979942: embedding dead code is no fix to bug for removing that same dead code
Le mar. 12 janv. 2021 à 21:02, Jonas Smedegaard a écrit : > > Quoting Bastien ROUCARIES (2021-01-12 21:17:36) > > Fixed it was a little bit hard to test options of compression one by > > one but it work now. Hi, It was harder than I thought. This time I document the requirement for this package under https://salsa.debian.org/js-team/node-browser-pack/-/blob/master/debian/rules#L13 And I think I have suffisantly documented the bandaid method in case of future problems Could you confirm I am clear ? Bastien > > Great! Thanks! > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#979942: [Pkg-javascript-devel] Bug#979942: Bug#979942: embedding dead code is no fix to bug for removing that same dead code
Hi, Fixed it was a little bit hard to test options of compression one by one but it work now. Le mar. 12 janv. 2021 à 17:48, Xavier a écrit : > > Control: tags -1 reopen > Control: severity -1 serious > > Le 12/01/2021 à 18:17, Jonas Smedegaard a écrit : > > Quoting Debian FTP Masters (2021-01-12 18:06:40) > >> node-browser-pack (6.1.0+ds-7) unstable; urgency=medium > >> . > >>* Team upload > >>* Bump debhelper compatibility level to 13 > >>* Declare compliance with policy 4.5.1 > >>* Use dh-sequence-nodejs > >>* Remove dependency to node-uglify but embed node-uglify in > >> build_modules > >> else build file is wrong (Closes: #979942) > > > > Do I read the above correctly that node-browser-pack "fixes" node-uglify > > going away by embedding it, hidden? > > > > I disagree that that is a fix. > > OK, but I didn't succeed to fix that, let's reopen, upgrade severity and > wait for someone else to fix it > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#971216: Bug#977205: imagemagick: CVE-2020-29599
hi, I am ok with this but could you mention, the whole list of format instead of ghostscript format in changelog aka (pdf, eps, ps) Bastien Le dim. 3 janv. 2021 à 14:21, Salvatore Bonaccorso a écrit : > > Hi Bastien, > > Hope you are ok. > > On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote: > > Hi, > > > > As said on debian-provate go ahead please. I am late due to payjob issue. > > Alright attached is a proposed debdiff for covering the CVEs, but > please double check them as well please (it includes as well disabling > the ghostscript handled formats). > > There is though another RC bug, #971216 which needs handling for > bullseye and unstable. > > Can you take it from here in case you got more free time? > > Regards, > Salvatore
Bug#977205: imagemagick: CVE-2020-29599
Hi, As said on debian-provate go ahead please. I am late due to payjob issue. Bastien On Sat, Dec 12, 2020 at 3:06 PM Salvatore Bonaccorso wrote: > > Source: imagemagick > Version: 8:6.9.11.24+dfsg-1 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerability was published for imagemagick. > > A very extensive blogpost[1] explains the issue, and note that the > provided POC though does only work so far in ImageMagick7 the issue is > present as well in legacy ImageMagick 6, affected versions should be > around 6.9.8-1 onwards. > > The required fixes for ImageMagick6 are referenced in the > security-tracker. > > As a side node: For buster the issue is mitigated as the recent DSA > included the 200-disable-ghostscript-formats.patch patch and disables > ghostscript handled formats. As a hardening measure against those > issue it might be ideal to ship the disabling as well in bullseye. > > CVE-2020-29599[0]: > | ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the > | -authenticate option, which allows setting a password for password- > | protected PDF files. The user-controlled password was not properly > | escaped/sanitized and it was therefore possible to inject additional > | shell commands via coders/pdf.c. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-29599 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29599 > [1] > https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html > > Regards, > Salvatore > > -- System Information: > Debian Release: bullseye/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.0-rc6-amd64 (SMP w/8 CPU threads) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled >
Bug#952312: [Pkg-javascript-devel] Bug#952312: Bug#952312: Bug#952312: node-eslint-scope: FTBFS: tests failed
Le mar. 25 févr. 2020 à 19:48, Jonas Smedegaard a écrit : > control: reassign -1 node-espree > control: affects -1 node-eslint-scope > > Quoting Xavier (2020-02-25 18:29:35) > > Le 23/02/2020 à 14:50, Lucas Nussbaum a écrit : > > > During a rebuild of all packages in sid, your package failed to > > > build on amd64. > > > > Some test are incompatible with node-espree-6. The fix could be > > simply: > > Certainly not a fix to disable tests. > > The package node-espree has exactly one reverse dependency which is > node-eslint-scope, so this is a case of bad coordination. > > (yes, another fix would be to upgrade node-eslint-scope, but that is > more complex and less urgent, so let's roll back first and work on going > forward in experimental first Node-espree was upgraded due to not compatible with acorn6... So upgrade is safer > ) > > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private-- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#951398: Rebuild pax
On Mon, Feb 17, 2020 at 10:12 PM Norbert Preining wrote: > > Hi Bastien, > > On Mon, 17 Feb 2020, Bastien ROUCARIES wrote: > > For rebuilding pax you need to apply this patch then from > > Ok, it is not that easy but done that now. > > > source/pax/latex/pax run ant > > ok. > > This script generates **three** files: > texmf-dist/tex/latex/pax/pax.jargood > texmf-dist/tex/latex/pax/lib/commons-logging.jar > texmf-dist/tex/latex/pax/lib/pdfbox.jar > > Are the last two necessary there, i.e., should we replace them with > links to the respective files in the installed packages? They need to be replaced by link to their respective package (normally it is symlink to /usr/share/commons-logging.jar) Best Bastien > > Best > > Norbert > > -- > PREINING Norbert https://www.preining.info > Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev > GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#951398: Patch
control: tags -1 + patch Patch file
Bug#918642: imagemagick: identify 6.9.10-23 doesn't convert units (pixels per cm/in)
control: fowarded -1 https://github.com/ImageMagick/ImageMagick/issues/1442 Thanks On Mon, Jan 7, 2019 at 10:57 PM Cédric Boutillier wrote: > > Package: imagemagick > Version: 8:6.9.10.23+dfsg-1 > Severity: serious > Tags: upstream > > Dear Maintainer, > > After the upgrade from 6.9.10.14 to 6.9.10.23, I noticed that the > autopkgtests for the package ruby-mini-magick is failing due to one test > about checking units to show the size of the image in cm and inches. > > I could isolate the problem by running the `identify` command on a test > image (rgb.png in the spec/fixtures directory of the ruby-mini-magick > source package). > > Running: > identify -verbose -units PixelsPerInch rgb.png > output_in.txt > identify -verbose -units PixelsPerCentimeter rgb.png > output_cm.txt > diff -u output_in.txt output_cm.txt > > gives me the following with 8:6.9.10-14 from testing: > > --- /tmp/output_cm.txt 2019-01-07 22:32:49.257702663 +0100 > +++ /tmp/output_in.txt 2019-01-07 22:32:40.457055525 +0100 > @@ -3,9 +3,9 @@ >Mime type: image/png >Class: PseudoClass >Geometry: 16x12+0+0 > - Resolution: 118.11x118.11 > - Print size: 0.135467x0.1016 > - Units: PixelsPerCentimeter > + Resolution: 300x300 > + Print size: 0.053x0.04 > + Units: PixelsPerInch >Colorspace: sRGB >Type: Palette >Base type: Undefined > @@ -118,12 +118,11 @@ > signature: > 0d23f0078b8f89ca473e67bb38773cb94fd8ec5591e4207e83ff95cb27a6a0dd >Artifacts: > filename: rgb.png > -units: PixelsPerCentimeter > +units: PixelsPerInch > verbose: true >Tainted: False >Filesize: 359B >Number pixels: 192 > - Pixels per second: 19200B > - User time: 0.010u > - Elapsed time: 0:01.010 > + User time: 0.000u > + Elapsed time: 0:01.000 >Version: ImageMagick 6.9.10-14 Q16 x86_64 20181023 https://imagemagick.org > > whereas it gives the following with 8:6.9.10-23 (with a suffix -23 to > the text files). > > --- /tmp/output_cm-23.txt 2019-01-07 22:34:38.136761722 +0100 > +++ /tmp/output_in-23.txt 2019-01-07 22:34:45.201163917 +0100 > @@ -5,7 +5,7 @@ >Geometry: 16x12+0+0 >Resolution: 118.11x118.11 >Print size: 0.135467x0.1016 > - Units: PixelsPerCentimeter > + Units: PixelsPerInch >Colorspace: sRGB >Type: Palette >Base type: Undefined > @@ -118,7 +118,7 @@ > signature: > 0d23f0078b8f89ca473e67bb38773cb94fd8ec5591e4207e83ff95cb27a6a0dd >Artifacts: > filename: rgb.png > -units: PixelsPerCentimeter > +units: PixelsPerInch > verbose: true >Tainted: False >Filesize: 359B > > Maybe it was induced by this change? > https://github.com/ImageMagick/ImageMagick6/commit/8c7648a1adf7bba35594074f191affd3ff3263bb > > Attaching the reference image and the full output files. > > I am setting severity serious, as it breaks the testsuite of > ruby-mini-magick and provides wrong data when identifying images. > > Thank you in advance > > Cédric > > > > -- Package-specific info: > ImageMagick program version > --- > animate: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > compare: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > convert: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > composite: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > conjure: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > display: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > identify: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > import: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > mogrify: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > montage: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > stream: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org > > -- System Information: > Debian Release: buster/sid > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), > (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages imagemagick depends on: > ii imagemagick-6.q16 8:6.9.10.23+dfsg-1 > > imagemagick recommends no packages. > > imagemagick suggests no packages. > > -- no debconf information
Bug#916839: imagemagick: Silent ABI break in 6.9.10-11 on i386
Hi, I have uploaded a newer version fixing the problem. Could you ask release team a rebuild. BTW could you get a glimpse at ruby-mini-magick ? It seems choked Bastien On Sat, Jan 5, 2019 at 4:08 PM Balint Reczey wrote: > > Hi Bastien, > > On Fri, Jan 4, 2019 at 8:41 PM Balint Reczey > wrote: > > > > Hi, > > > > On Thu, Dec 20, 2018 at 6:46 AM Bastien ROUCARIES > > wrote: > > > > > > On Wed, Dec 19, 2018 at 12:09 PM Balint Reczey > > > wrote: > > > > > > > > Package: imagemagick > > > > Version: 8:6.9.10.14+dfsg-1 > > > > Severity: grave > > > > Control: forwareded -1 > > > > https://github.com/ImageMagick/ImageMagick6/issues/31 > > > > Control: tags -1 upstream fixed-upstream > > > > Control: affects -1 ruby-rmagick > > > > > > > > Hi, > > > > > > > > The ABI broke in 6.9.10-11 due to changing MagickDoubleType to double > > > > from long double. > > > > This breaks ruby-rmagick and possibly other reverse dependencies, thus > > > > after fixing imagemagick please check if some reverse dependencies > > > > need to be rebuilt. The fix will be available in the .18 upstream > > > > release. > > > > > > Exact, this will need a so bump I suppose... > > > > Since the ABI broke only in unstable and testing and only affected > > i386 and possibly a few rare arches not in Ubuntu I'd say a few > > rebuilds would suffice. Upstream did not do a major ABI bump either > > and released the fix. > > I have uploaded an NMU to DELAYED/5 with the attached fix, which is > already included in Ubuntu. > This will enter the archive before the transition freeze thus Buster > will be fixed even if no upload is made to imagemagick in the next > week, but feel free to override it an upload a better fix like a full > new upstream release. > > Cheers, > Balint > > > > > Cheers, > > Balint > > > > > > > > Bastien > > > > > > > > > > > > > > > > > Cheers, > > > > Balint > > > > > > > > -- > > > > Balint Reczey > > > > Ubuntu & Debian Developer > > > > > > > > > > > > -- > > Balint Reczey > > Ubuntu & Debian Developer > > > > -- > Balint Reczey > Ubuntu & Debian Developer
Bug#916839: imagemagick: Silent ABI break in 6.9.10-11 on i386
On Wed, Dec 19, 2018 at 12:09 PM Balint Reczey wrote: > > Package: imagemagick > Version: 8:6.9.10.14+dfsg-1 > Severity: grave > Control: forwareded -1 https://github.com/ImageMagick/ImageMagick6/issues/31 > Control: tags -1 upstream fixed-upstream > Control: affects -1 ruby-rmagick > > Hi, > > The ABI broke in 6.9.10-11 due to changing MagickDoubleType to double > from long double. > This breaks ruby-rmagick and possibly other reverse dependencies, thus > after fixing imagemagick please check if some reverse dependencies > need to be rebuilt. The fix will be available in the .18 upstream > release. Exact, this will need a so bump I suppose... Bastien > > Cheers, > Balint > > -- > Balint Reczey > Ubuntu & Debian Developer >
Bug#908081: NMU
Hi, I plan to do a NMU in a week about this bug. Can you ACK ? Thanks Bastien
Bug#876618: [Pkg-javascript-devel] Bug#876618: science.js build-depends on removed nodejs-legacy
Il Le ven. 28 sept. 2018 à 07:27, Petter Reinholdtsen a écrit : > Control: tags -1 + help upstream confirmed > > [Jérémy Lal] > > Depending on nodejs-legacy was a serious bug in the first place. > > Anyway (nodejs >= 6.11.2~) installs /usr/bin/node now. > > I had a look at this, and do not know how to fix it. Replacing > nodejs-legacy with nodejs in d/control is simple enough, but then the build > fail like this: > > cat science.core.js science.lin.js science.stats.js >> science.v1.js > uglifyjs < science.v1.js > science.v1.min.js > node src/package.js > package.json > (node:7549) [DEP0027] DeprecationWarning: util.puts is deprecated. Use > console.log instead. > rm science.stats.js science.lin.js science.core.js > make[2]: Leaving directory '/home/pere/src/debian/science.js-debian' > make[1]: Leaving directory '/home/pere/src/debian/science.js-debian' >debian/rules override_dh_auto_test > make[1]: Entering directory '/home/pere/src/debian/science.js-debian' > vows test/env-assert.js test/\*/\*-test.js > module.js:549 > throw err; > ^ > Vow need to be updated or your pa ckage néed to dépend to node-glob > > Error: Cannot find module 'glob' > at Function.Module._resolveFilename (module.js:547:15) > at Function.Module._load (module.js:474:25) > at Module.require (module.js:596:17) > at require (internal/module.js:11:18) > at Object. (/usr/lib/nodejs/vows/bin/vows:7:14) > at Module._compile (module.js:652:30) > at Object.Module._extensions..js (module.js:663:10) > at Module.load (module.js:565:32) > at tryModuleLoad (module.js:505:12) > at Function.Module._load (module.js:497:3) > make[1]: *** [debian/rules:17: override_dh_auto_test] Error 1 > make[1]: Leaving directory '/home/pere/src/debian/science.js-debian' > make: *** [debian/rules:8: build] Error 2 > dpkg-buildpackage: error: debian/rules build subprocess returned exit > status 2 > debuild: fatal error at line 1152: > dpkg-buildpackage -rfakeroot -us -uc -ui -ICVS -I.#* -I.cvsignore -I.bzr > -I.svn -I.git failed > > Note, the git repo is at salsa now, > https://salsa.debian.org/js-team/science.js.git >. > > -- > Happy hacking > Petter Reinholdtsen > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#903404: libopengl-image-perl: FTBFS with new imagemagick
control: reassign -1 src:imagemagick control: affects -1 libopengl-image-perl control: notfound -1 1.03-1 control: found -1 8:6.9.10.2+dfsg-2 On Mon, Jul 9, 2018 at 5:15 PM, gregor herrmann wrote: > Package: libopengl-image-perl > Version: 1.03-1 > Severity: serious > Tags: ftbfs sid buster > Justification: fails to build from source (but built successfully in the past) > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > As first discovered by ci.debian.net, libopengl-image-perl fails the > testsuite after the upgrade of imagemagick: > > - -imagemagick-6-common 8:6.9.9.39+dfsg-1 > +imagemagick-6-common 8:6.9.10.2+dfsg-2 > - -libimage-magick-perl 8:6.9.9.39+dfsg-1 > - -libimage-magick-q16-perl 8:6.9.9.39+dfsg-1 > +libimage-magick-perl 8:6.9.10.2+dfsg-2 > +libimage-magick-q16-perl 8:6.9.10.2+dfsg-2 > - -libmagickcore-6.q16-5 8:6.9.9.39+dfsg-1 > +libmagickcore-6.q16-6 8:6.9.10.2+dfsg-2 > > >dh_auto_test > make -j1 test TEST_VERBOSE=1 > make[1]: Entering directory '/build/libopengl-image-perl-1.03' > PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" > "-e" "undef *Test::Harness::Switches; test_harness(1, 'blib/lib', > 'blib/arch')" t/*.t > > > Testing OpenGL::Image > - > Using OpenGL v0.7 > * ok: OpenGL::Image module loaded: v1.03 > * skip: Image::Magick module not installed: Invalid version format > (non-numeric data) at /usr/lib/x86_64-linux-gnu/perl/5.26/DynaLoader.pm line > 204. > Compilation failed in require at /usr/share/perl/5.26/parent.pm line 16. > BEGIN failed--compilation aborted at /usr/share/perl5/Image/Magick.pm line 22. > Compilation failed in require at (eval 5) line 2. > BEGIN failed--compilation aborted at (eval 5) line 2. > > Testing OpenGL::Image::GetEngines(): > Magick: 6.9A > Targa: 1.01 > Targa is installed > Magick is installed > * ok: At least one imaging engine is installed > * ok: HasEngine('Targa') returned '1.01' > * ok: Instantiated OpenGL::Array > * ok: Instantiated OpenGL::Image(width=>128,height=>128) > * ok: GetPixel returns valid values used with SetPixel > * ok: Save('test.tga') created image > Bailout called. Further testing stopped: > * ok: Instantiated OpenGL::Image(source=>'test.tga') > Testing object parameters: > alpha: 1 > components: 4 > endian: 0 > engine: Targa > flipped: 0 > gl_format: 32993 > gl_internalformat: 32856 > gl_type: 5121 > height: 128 > length: 65536 > pixels: 16384 > size: 1 > source: test.tga > version: 1.01 > width: 128 > * ok: Get() returned parameters > * ok: Get('width','height','pixels') returned: 128 x 128 = 16384 > * ok: Set/Get Pixels within acceptable deviation: 0.000980392156862106 > * ok: IsPowerOf2() returned true > * ok: GetArray() contains 65536 elements > * ok: Ptr() returned a valid pointer > * ok: GetBlob() returned a blob of length: 65536 > * bail: Unable to instantiate > OpenGL::Image(engine=>'Magick',source=>'test.png') > > ::Magick::Q16::constant not defined. The required ImageMagick libraries > are not installed or not installed properly. > END failed--call queue aborted. > FAILED--Further testing stopped. > make[1]: *** [Makefile:837: test_dynamic] Error 22 > make[1]: Leaving directory '/build/libopengl-image-perl-1.03' > dh_auto_test: make -j1 test TEST_VERBOSE=1 returned exit code 2 > > > > This may or may not be > $VERSION = '6.9A'; > in /usr/lib/x86_64-linux-gnu/perl5/5.26/Image/Magick/Q16.pm > > /usr/share/perl5/Image/Magick.pm line 22 is > use parent qw/Image::Magick::Q16/; > > Cc'ing the libimage-magick-q16-perl maintainers. > > > Cheers, > gregor > > -BEGIN PGP SIGNATURE- > > iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAltDfA5fFIAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx > RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ > qgZhHA/+KRK1H2Vzc/vC2ZsJrz60ucvRgcpBxs2utwdSmkkd7QG1mYitfrTRVDCW > HfjO2A7GV1fNVwByvq7fnY103bHBRAp2SA3be4pvv7ZEwj5Rx7zgAMemsNGP4AAU > l+AqnyZ/3H/8De8KXAsD82Z2AQxQuNMXBkLSmG+HJ/LnDnD02BzcL4qTJZ9IdRy/ > D2Z178ai9oMVdBCZlaujttHLbThK1SPpUzzFTcBKkB3HoqyE7ONOpgbVZsDuv4NZ > TqYvDTu4HO/4NGKhW5YUt4jblaH7mBhmCR8wkxuJfmghWXnZzWK7kOBJjWAKPXaV > fFDWHnHN0gHyu5tvoLtwvF/ZG39QPoZRYAC6zG1hs31IaQVlpJp5DNJ6zTbABwhG > IcaxiUYamlpX9bEs90JLpMgrQKqMnJMnZDU67R0zExPwLTdcSdSzLO0o3yOj7+Ut > YQ1leNkJ4VzlNRQwwk23z0ARuKB1Tzh2mJRVkqjBJr7AXt/P3hQ+6vRkVf9V5Lk4 > Xqmz3q7q1EPs1KLiWPugSWZwzUkS34H2aA0/4lGU1s71fON56CDoRaBlHmWQeLwR > B9kJvjDULNdxLXV+7whdo/crFWF6pTXJAClTXoT+Fh2ki27lfYMTNC+tAgevl1NR > m84LnF7FLftZHJBXvCrvd+wV2evmKLbMNKfNUSyEuEPHVdHvu48= > =/l5i > -END PGP SIGNATURE- > > ___ > pkg-perl-maintainers mailing list > pkg-perl-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-perl-maintainers
Bug#900855: [qtquickcontrols2-opensource-src] FTBFS font fontenello
Hi, On Wed, Jun 6, 2018 at 2:34 PM, Lisandro Damián Nicanor Pérez Meyer wrote: > Hi Bastien! > > El mar., 5 de jun. de 2018 19:12, Bastien ROUCARIÈS > escribió: >> >> Package: qtquickcontrols2-opensource-src >> Severity: serious >> >> Hi, >> examples/quickcontrols2/swipetoremove/fonts/fontello.ttf >> >> fail to build from source >> >> In your case I suppose they are no need to wait that I upload the package. >> >> A repack will be quicker > > > Sorry, but I can't make sense of what you wrote Source of the file quoted are here https://github.com/fontello/fontelico.font it could not be build for now due to lack of depends. It is a policy violation to ship something that could not be built. They are a few solution: - repack and remove the files - wait, I am uploading a /fontelico.font Bastien
Bug#831548: [Pkg-javascript-devel] Bug#831548: RM: mtasc -- ROM; obsoleted by newer standard web technologies
Hi, On Sat, Jun 2, 2018 at 9:10 AM, Bastien ROUCARIES wrote: > > > Le sam. 2 juin 2018 à 08:59, Niels Thykier a écrit : >> >> On Sat, 23 Dec 2017 06:58:52 +0800 Paul Wise wrote: >> > Control: severity -1 serious >> > Control: severity 831553 normal >> > >> > Hi everyone, >> > >> > The buster cycle is the right time to remove mtasc from the Debian >> > archive. It has been unmaintained in Debian and upstream for years. The >> > web ecosystem is moving away from Flash towards standard web tech, >> > which can now replace most use of Flash. Debian should encourage our >> > upstreams to move towards standard web tech like HTML5 and JavaScript. >> > >> > Please talk to your upstreams about transitioning away from >> > ActionScript 2 towards HTML5 JavaScript. If they need to still >> > support Flash for some users, then they should switch to something >> > like Haxe but they should not build Flash files by default. >> > >> > On Fri, 22 Dec 2017 17:29:50 -0500 Scott Kitterman wrote: >> > >> > > 15 months later all but one of those bugs is still open. Can you >> > > either work >> > > with the maintainers to get them done or close this request until it's >> > > ripe >> > > for processing. >> > >> > -- >> > bye, >> > pabs >> > >> > https://wiki.debian.org/PaulWise >> >> Hi, >> >> This package (dojo) is officially maintained by the Javascript team but >> appears to be de facto unmaintained. It has several RC bugs and is >> stalling the removal of obsolete packages (admittedly only from unstable). >> >> If you are still interested in maintaining the package, then please >> resolve the RC bugs (at the very least this bug, which is blocking >> others). If there is no visible progress on resolving this bug in a >> month from now, I will assume you are no longer interested in it and >> that you will support a removal of dojo from unstable. >> >> I have explicitly included all listed maintainers and uploaders (except >> for Frank, which appears to have disclaimed interest in this package per >> #863693) >> >> Thanks, >> ~Niels I needed to merge shrinksafe back in dojo (upstream merge). I have modified the control file and will upload ASAP. Could you check if my merge is right (particularly d/control breaks/replaces). Repo is here https://salsa.debian.org/js-team/dojo Bastien > > Will get a glimpse. > > BTw it means that a few lintian warning are now fatal because ftbfs... > > Bastien >> >> >> -- >> Pkg-javascript-devel mailing list >> pkg-javascript-de...@alioth-lists.debian.net >> >> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel > > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#900636: [shrinksafe] Could not compile dojo: merge back with dojo
Package: shrinksafe Severity: grave Hi; This package fail to compile dojo. Dojo is the current upstream so merge back in dojo Bastien
Bug#831548: [Pkg-javascript-devel] RM: mtasc -- ROM; obsoleted by newer standard web technologies
Le sam. 2 juin 2018 à 08:59, Niels Thykier a écrit : > On Sat, 23 Dec 2017 06:58:52 +0800 Paul Wise wrote: > > Control: severity -1 serious > > Control: severity 831553 normal > > > > Hi everyone, > > > > The buster cycle is the right time to remove mtasc from the Debian > > archive. It has been unmaintained in Debian and upstream for years. The > > web ecosystem is moving away from Flash towards standard web tech, > > which can now replace most use of Flash. Debian should encourage our > > upstreams to move towards standard web tech like HTML5 and JavaScript. > > > > Please talk to your upstreams about transitioning away from > > ActionScript 2 towards HTML5 JavaScript. If they need to still > > support Flash for some users, then they should switch to something > > like Haxe but they should not build Flash files by default. > > > > On Fri, 22 Dec 2017 17:29:50 -0500 Scott Kitterman wrote: > > > > > 15 months later all but one of those bugs is still open. Can you > either work > > > with the maintainers to get them done or close this request until it's > ripe > > > for processing. > > > > -- > > bye, > > pabs > > > > https://wiki.debian.org/PaulWise > > Hi, > > This package (dojo) is officially maintained by the Javascript team but > appears to be de facto unmaintained. It has several RC bugs and is > stalling the removal of obsolete packages (admittedly only from unstable). > > If you are still interested in maintaining the package, then please > resolve the RC bugs (at the very least this bug, which is blocking > others). If there is no visible progress on resolving this bug in a > month from now, I will assume you are no longer interested in it and > that you will support a removal of dojo from unstable. > > I have explicitly included all listed maintainers and uploaders (except > for Frank, which appears to have disclaimed interest in this package per > #863693) > > Thanks, > ~Niels > Will get a glimpse. BTw it means that a few lintian warning are now fatal because ftbfs... Bastien > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#900598: [desmume] Include non free file
On Fri, Jun 1, 2018 at 10:21 PM, Markus Koschany wrote: > > Am 01.06.2018 um 22:16 schrieb Bastien ROUCARIES: > [...] >> No it is not a lintian bug. Unicode withdraw this code before applying >> the license change. >> >> Exhibit 1 does not apply in this case. >> >>> >>> http://www.unicode.org/copyright.html#Exhibit1 >>> >>> Also see https://bugs.debian.org/864729 for more information. In my >>> opinion this is merely a documentation bug but not a Policy violation. > > No. This is not correct. Please read #864729 and > > https://bugs.chromium.org/p/google-breakpad/issues/detail?id=270 > > why we are allowed to change the license too. Ok see it. It is nevertheless a bug (not serious) because this code is buggy and supperseded by ICU. Did you report this upstream ? Can you send a bug to lintian ? Will try to cook something Bastien > > Not a bug. > > Markus >
Bug#864729: Retitle
control: retitle -1 Use obsolete/buggy code control: severity -1 important ConvertUTF is nevertheless buggy/obsolete please use libicu Bastien
Bug#864729: Reopen
control: reopen -1 control: found -1 3.3.1~dfsg-5 This bug was not fixed. Unicode body withdraw this code from their website (due to bugs that are fixed in icu) long before applying relicencing. So it is not free Bastien
Bug#900598: [desmume] Include non free file
On Fri, Jun 1, 2018 at 10:07 PM, Markus Koschany wrote: > Hi, > > Am 01.06.2018 um 21:58 schrieb Bastien ROUCARIÈS: >> Package: desmume >> Severity: serious >> >> The following file source files include material under a non-free license >> from >> Unicode Inc. Therefore, it is not possible to ship this in main or contrib. >> >> src/utils/ConvertUTF.c >> >> This license does not grant any permission to modify the files (thus failing >> DFSG#3). Moreover, the license grant seems to attempt to restrict use to >> "products supporting the Unicode Standard" (thus failing DFSG#6). >> >> In this case a solution is to use libicu and to remove this code by >> repacking. >> >> If this is a false-positive, please report a bug against Lintian. >> >> Refer to https://bugs.debian.org/823100 for details. > > Indeed this is a Lintian bug. Unicode changed the license and the new > license can be found here: No it is not a lintian bug. Unicode withdraw this code before applying the license change. Exhibit 1 does not apply in this case. > > http://www.unicode.org/copyright.html#Exhibit1 > > Also see https://bugs.debian.org/864729 for more information. In my > opinion this is merely a documentation bug but not a Policy violation. > > Regards, > > Markus >
Bug#900032: [Pkg-javascript-devel] Bug#900032: Bug#900032: mocha: missing-copyright-file /usr/share/doc/mocha/copyright
Found close On Tue, May 29, 2018 at 3:25 PM, Bastien ROUCARIES wrote: > On Sat, May 26, 2018 at 11:11 PM, Andreas Moog > wrote: >> On Fri, May 25, 2018 at 12:40:48PM +0200, Bastien ROUCARIES wrote: >>> Hi, >>> >>> I am really clueless. You are right but it will do this only with upgrade. >>> >>> I have used correctly dpkg-maintscript-helper. >>> >>> Could you crosscheck, my script ? >> >> I think from reading the dpkg-maintscript-helper manpage the version you use >> is >> wrong: >> >> dir_to_symlink /usr/share/doc/mocha libjs-mocha 4.0.1-1~ >> >> meaning the version where the conversion is done must be lower than 4.0.1-1. >> >> My understanding is that you need to put 4.1.0+ds-1~ as version since you >> want >> to have the coversion done for all prior versions. > > No it does not work >> >> Kind regards // Viele Grüße >> >> Andreas Moog >> >> -- >> Pkg-javascript-devel mailing list >> pkg-javascript-de...@alioth-lists.debian.net >> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#900032: [Pkg-javascript-devel] Bug#900032: Bug#900032: mocha: missing-copyright-file /usr/share/doc/mocha/copyright
On Sat, May 26, 2018 at 11:11 PM, Andreas Moog wrote: > On Fri, May 25, 2018 at 12:40:48PM +0200, Bastien ROUCARIES wrote: >> Hi, >> >> I am really clueless. You are right but it will do this only with upgrade. >> >> I have used correctly dpkg-maintscript-helper. >> >> Could you crosscheck, my script ? > > I think from reading the dpkg-maintscript-helper manpage the version you use > is > wrong: > > dir_to_symlink /usr/share/doc/mocha libjs-mocha 4.0.1-1~ > > meaning the version where the conversion is done must be lower than 4.0.1-1. > > My understanding is that you need to put 4.1.0+ds-1~ as version since you want > to have the coversion done for all prior versions. No it does not work > > Kind regards // Viele Grüße > > Andreas Moog > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#900032: [Pkg-javascript-devel] Bug#900032: mocha: missing-copyright-file /usr/share/doc/mocha/copyright
Hi, I am really clueless. You are right but it will do this only with upgrade. I have used correctly dpkg-maintscript-helper. Could you crosscheck, my script ? Bastien On Thu, May 24, 2018 at 11:58 PM, Thorsten Glaserwrote: > Package: mocha > Version: 4.1.0+ds1-1 > Severity: serious > Justification: Policy 12.5 > > Adequate reports: > > mocha: missing-copyright-file /usr/share/doc/mocha/copyright > > And adequate is right, as /usr/share/doc/mocha/ is empty. > > -- System Information: > Debian Release: buster/sid > APT prefers unreleased > APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, > 'unstable'), (100, 'experimental') > Architecture: x32 (x86_64) > Foreign Architectures: i386, amd64 > > Kernel: Linux 4.15.0-1-amd64 (SMP w/8 CPU cores) > Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=C > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/lksh > Init: sysvinit (via /sbin/init) > > Versions of packages mocha depends on: > ii dpkg 1.19.0.5+b1 > ii libjs-mocha4.1.0+ds1-1 > ii node-browser-stdout1.3.0-1 > ii node-commander 2.12.2-1 > ii node-debug 3.1.0-2 > ii node-diff 1.4.0~dfsg-1 > ii node-escape-string-regexp 1.0.5-1 > ii node-glob 7.1.2-6 > ii node-growl 1.7.0-1 > ii node-he1.1.1-1 > ii node-mkdirp0.5.1-1 > ii node-supports-color4.4.0-2 > ii nodejs 10.1.0~dfsg-1 > ii oxygen-icon-theme 5:5.46.0-1 > > mocha recommends no packages. > > mocha suggests no packages. > > -- no debconf information > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#897536: [Pkg-javascript-devel] Bug#897536: mustache.js: FTBFS: make[1]: rake: Command not found
On Fri, May 11, 2018 at 12:12 PM, Jonas Meurerwrote: > Control: tag -1 +moreinfo > > Hello, > > I just tried to reproduce the FTBFS and failed. rake is defined as > build-dependency and correctly pulled in according to linked the build logs. > > My best guess is that rake 12.3.1-2 had some bug that got fixed in 12.3.1-3. > > Lucas, could you trigger another rebuild to see whether this got fixed > by the latest rake upload? > > In any case, it doesn't look like a bug in mustache.js package to me. In this case build-depends on 12.3.1-3. Bastien > > Cheers, > jonas > > On Wed, 2 May 2018 22:51:57 +0200 Lucas Nussbaum wrote: >> Source: mustache.js >> Version: 2.3.0-2 >> Severity: serious >> Tags: buster sid >> User: debian...@lists.debian.org >> Usertags: qa-ftbfs-20180502 qa-ftbfs >> Justification: FTBFS on amd64 >> >> Hi, >> >> During a rebuild of all packages in sid, your package failed to build on >> amd64. >> >> Relevant part (hopefully): >> > debian/rules build >> > dh build --builddirectory=/<>/build >> >dh_update_autotools_config -O--builddirectory=/<>/build >> >dh_auto_configure -O--builddirectory=/<>/build >> >debian/rules override_dh_auto_build >> > make[1]: Entering directory '/<>' >> > rake jquery >> > make[1]: rake: Command not found >> > make[1]: *** [debian/rules:13: override_dh_auto_build] Error 127 >> >> The full build log is available from: >>http://aws-logs.debian.net/2018/05/02/mustache.js_2.3.0-2_unstable.log >> >> A list of current common problems and possible solutions is available at >> http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! >> >> About the archive rebuild: The rebuild was done on EC2 VM instances from >> Amazon Web Services, using a clean, minimal and up-to-date chroot. Every >> failed build was retried once to eliminate random failures. >> >> > > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#887586: Fixed
control: affects -1 - src:node-connect-timeout On Thu, May 10, 2018 at 11:34 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > control: affects -1 - src:node-connect > > On Thu, May 10, 2018 at 9:57 PM, Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> control: affects -1 - src:node-cookie-parser
Bug#887586: Fixed
control: affects -1 - src:node-connect On Thu, May 10, 2018 at 9:57 PM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > control: affects -1 - src:node-cookie-parser
Bug#887586: Fixed
control: affects -1 - src:node-vhost
Bug#887586: Fixed
control: affects -1 - src:node-compression
Bug#887586: Fixed
control: affects -1 - src:node-errorhandler
Bug#887586: Fixed
control: affects -1 - src:node-cookie-parser
Bug#887586: workarround
control: tags -1 + patch problematic package should be updated or use mocha --exit
Bug#892690: Autoconf-archive bug
Hi, Could you recheck with newer version just uploaded ? And close if not found Bastien
Bug#871300:
control: noutfound -1 + 8:6.9.9.34+dfsg-1
Bug#889048: [node-source-map] FTBFS: lib/mappings.wasm
Please next time upload to experimental. It is a good idea to upload now newer version to experimental. BTW bug in reverse depends should be now important not serious
Bug#882852: Feature not a bug
control: severity -1 minor you could still use explicit coder in order to use rsvg. You should report this bug on internal coder upstream and report upstream issue here Thanks
Bug#882223: Reassign
control: assign -1 glibc-doc
Bug#882222: Document security problems with system.3 and popen.3 (argument injection)
Package: manpages-dev Version: 4.13-3 Severity: grave Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Justification: more than 20 security bugs filled in other package control: clone -1 -2 control: reaffect -2 glibc-doc Please document the implication of system.3 and popen.3, particularly argument injection. Please get inspiration from ENV33-C. Do not call system() Sugest to use execvp and please provide example of secure alternative for both API Note that escaping argument is not portable particularly if argument include control char for a POSIX shell. https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177 Use of the system() function can result in exploitable vulnerabilities, in the worst case allowing execution of arbitrary system commands. Situations in which calls to system() have high risk include the following: When passing an unsanitized or improperly sanitized command string originating from a tainted source If a command is specified without a path name and the command processor path name resolution mechanism is accessible to an attacker If a relative path to an executable is specified and control over the current working directory is accessible to an attacker If the specified executable program can be spoofed by an attacker
Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
Le 29 septembre 2017 19:34:24 GMT+02:00, "Jérémy Lal"a écrit : >2017-09-29 19:24 GMT+02:00 Andreas Beckmann : > >> Package: node-d3-color >> Version: 1.0.3-1 >> Severity: serious >> Justification: Build-Depends not satisfiable in testing >> Control: block -1 with 857986 >> Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 >> Control: reassign -2 node-d3-format 1.2.0-1 >> Control: retitle -2 node-d3-format: B-D npm not available in testing >> Control: block -2 with 857986 >> Control: reassign -3 node-d3-queue 3.0.7-1 >> Control: retitle -3 node-d3-queue: B-D npm not available in testing >> Control: block -3 with 857986 >> Control: reassign -4 node-d3-selection 1.1.0-1 >> Control: retitle -4 node-d3-selection: B-D npm not available in >testing >> Control: block -4 with 857986 >> Control: reassign -5 d3-timer 1.0.7-1 >> Control: retitle -5 d3-timer: B-D npm not available in testing >> Control: block -5 with 857986 >> Control: reassign -6 node-filesize 3.5.10+dfsg-1 >> Control: retitle -6 node-filesize: B-D npm not available in testing >> Control: block -6 with 857986 >> Control: reassign -7 node-gulp-babel 7.0.0-1 >> Control: retitle -7 node-gulp-babel: B-D npm not available in testing >> Control: block -7 with 857986 >> Control: reassign -8 node-babel-plugin-transform-define 1.3.0-1 >> Control: retitle -8 node-babel-plugin-transform-define: B-D npm not >> available in testing >> Control: block -8 with 857986 >> Control: reassign -9 node-babel 6.25.0+dfsg-8 >> Control: retitle -9 node-babel: B-D npm not available in testing >> Control: block -9 with 857986 >> Control: reassign -10 node-babylon 6.18.0-1 >> Control: retitle -10 node-babylon: B-D npm not available in testing >> Control: block -10 with 857986 >> >> >> Hi, >> >> with npm not available in testing (and according to #857986 this will >> not change in the near future), these node-* packages must be kept >> out of testing, since they cannot be rebuilt in testing (regardless >of >> any external resources they might need additionally). >> > >Build-Depending on npm is a sign something very wrong, policy-breaking, >is happening, like downloading a npm module during build. > >An example of how wrong the problem is: >``` >override_dh_auto_build: > npm install rollup >``` > >ouch > >I cc-ed everyone to make sure this doesn't happen again. Please fill a lintian bug > >Jérémy -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Bug#784475: Done some work but crash before main()
control: tags -1 + pending I have uploaded a new version waiting ftpmaster On Tue, Sep 5, 2017 at 9:11 PM, Lisandro Damián Nicanor Pérez Meyer <perezme...@gmail.com> wrote: > On 5 September 2017 at 15:51, Bastien ROUCARIES > <roucaries.bast...@gmail.com> wrote: >> Hi, >> >> I have done porting work but now it fail before main(): > > I'm afraid that the version you are working against is not yet ready for Qt5.
Bug#784475: Done some work but crash before main()
Hi, I have done porting work but now it fail before main(): *** Error in `/home/bastien/Documents/Personnel/soft/debian/kbibtex/kbibtex/obj-x86_64-linux-gnu/src/program/kbibtex': realloc(): invalid pointer: 0x559b5f549500 *** === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7fbba63b6bfb] /lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7fbba63bcfc6] /lib/x86_64-linux-gnu/libc.so.6(realloc+0x219)[0x7fbba63c17d9] /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(_ZN9QListData12realloc_growEi+0x31)[0x7fbb9e1b2211] /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(_ZN9QListData6appendEi+0x4f)[0x7fbb9e1b22af] /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(+0x1cc378)[0x7fbb9e277378] /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(_Z21qRegisterResourceDataiPKhS0_S0_+0x38d)[0x7fbb9e272b2d] /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(+0x7d533)[0x7fbb9e128533] /lib64/ld-linux-x86-64.so.2(+0xf89a)[0x7fbbaa27489a] /lib64/ld-linux-x86-64.so.2(+0xf9ab)[0x7fbbaa2749ab] /lib64/ld-linux-x86-64.so.2(+0xc5a)[0x7fbbaa265c5a] === Memory map: 559b5f2e7000-559b5f345000 r-xp 00:2c 9432217 /home/bastien/Documents/Personnel/soft/debian/kbibtex/kbibtex/obj-x86_64-linux-gnu/src/program/kbibtex 559b5f544000-559b5f548000 r--p 0005d000 00:2c 9432217 /home/bastien/Documents/Personnel/soft/debian/kbibtex/kbibtex/obj-x86_64-linux-gnu/src/program/kbibtex 559b5f548000-559b5f54a000 rw-p 00061000 00:2c 9432217 /home/bastien/Documents/Personnel/soft/debian/kbibtex/kbibtex/obj-x86_64-linux-gnu/src/program/kbibtex 559b5f54a000-559b5f54b000 rw-p 00:00 0 559b601f8000-559b60219000 rw-p 00:00 0 [heap] 7fbb9000-7fbb90021000 rw-p 00:00 0 7fbb90021000-7fbb9400 ---p 00:00 0 7fbb96b6e000-7fbb96b82000 r-xp 00:25 18223187 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0 7fbb96b82000-7fbb96d81000 ---p 00014000 00:25 18223187 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0 7fbb96d81000-7fbb96d82000 r--p 00013000 00:25 18223187 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0 7fbb96d82000-7fbb96d83000 rw-p 00014000 00:25 18223187 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0 7fbb96d83000-7fbb96dae000 r-xp 00:25 18226505 /usr/lib/x86_64-linux-gnu/libgraphite2.so.3.0.1 7fbb96dae000-7fbb96fad000 ---p 0002b000 00:25 18226505 /usr/lib/x86_64-linux-gnu/libgraphite2.so.3.0.1 7fbb96fad000-7fbb96faf000 r--p 0002a000 00:25 18226505 /usr/lib/x86_64-linux-gnu/libgraphite2.so.3.0.1 7fbb96faf000-7fbb96fb rw-p 0002c000 00:25 18226505 /usr/lib/x86_64-linux-gnu/libgraphite2.so.3.0.1 7fbb96fb-7fbb96fc r-xp 00:25 20304808 /usr/lib/x86_64-linux-gnu/libdrm.so.2.4.0 7fbb96fc-7fbb971bf000 ---p 0001 00:25 20304808 /usr/lib/x86_64-linux-gnu/libdrm.so.2.4.0 7fbb971bf000-7fbb971c r--p f000 00:25 20304808 /usr/lib/x86_64-linux-gnu/libdrm.so.2.4.0 7fbb971c-7fbb971c1000 rw-p 0001 00:25 20304808 /usr/lib/x86_64-linux-gnu/libdrm.so.2.4.0 7fbb971c1000-7fbb971c6000 r-xp 00:25 16672579 /usr/lib/x86_64-linux-gnu/libXxf86vm.so.1.0.0 7fbb971c6000-7fbb973c5000 ---p 5000 00:25 16672579 /usr/lib/x86_64-linux-gnu/libXxf86vm.so.1.0.0 7fbb973c5000-7fbb973c6000 r--p 4000 00:25 16672579 /usr/lib/x86_64-linux-gnu/libXxf86vm.so.1.0.0 7fbb973c6000-7fbb973c7000 rw-p 5000 00:25 16672579 /usr/lib/x86_64-linux-gnu/libXxf86vm.so.1.0.0 7fbb973c7000-7fbb973cb000 r-xp 00:25 13200896 /usr/lib/x86_64-linux-gnu/libxcb-dri2.so.0.0.0 7fbb973cb000-7fbb975ca000 ---p 4000 00:25 13200896 /usr/lib/x86_64-linux-gnu/libxcb-dri2.so.0.0.0 7fbb975ca000-7fbb975cb000 r--p 3000 00:25 13200896 /usr/lib/x86_64-linux-gnu/libxcb-dri2.so.0.0.0 7fbb975cb000-7fbb975cc000 rw-p 4000 00:25 13200896 /usr/lib/x86_64-linux-gnu/libxcb-dri2.so.0.0.0 7fbb975cc000-7fbb975e4000 r-xp 00:25 13214250 /usr/lib/x86_64-linux-gnu/libxcb-glx.so.0.0.0 7fbb975e4000-7fbb977e4000 ---p 00018000 00:25 13214250 /usr/lib/x86_64-linux-gnu/libxcb-glx.so.0.0.0 7fbb977e4000-7fbb977e6000 r--p 00018000 00:25 13214250 /usr/lib/x86_64-linux-gnu/libxcb-glx.so.0.0.0 7fbb977e6000-7fbb977e7000 rw-p 0001a000 00:25 13214250 /usr/lib/x86_64-linux-gnu/libxcb-glx.so.0.0.0 7fbb977e7000-7fbb977e8000 r-xp 00:25 15688696 /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1.0.0 7fbb977e8000-7fbb979e7000 ---p 1000 00:25 15688696 /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1.0.0 7fbb979e7000-7fbb979e8000 r--p 00:25 15688696 /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1.0.0 7fbb979e8000-7fbb979e9000 rw-p 1000 00:25 15688696 /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1.0.0 7fbb979e9000-7fbb979eb000 r-xp 00:25 21156571 /usr/lib/x86_64-linux-gnu/libXdamage.so.1.1.0 7fbb979eb000-7fbb97bea000 ---p 2000 00:25 21156571 /usr/lib/x86_64-linux-gnu/libXdamage.so.1.1.0 7fbb97bea000-7fbb97beb000 r--p 1000 00:25 21156571 /usr/lib/x86_64-linux-gnu/libXdamage.so.1.1.0 7fbb97beb000-7fbb97bec000 rw-p 2000 00:25 21156571
Bug#853656: Help needed with gcc-7 error
Use and make signed Le 27 août 2017 15:58:34 GMT+02:00, James Cowgilla écrit : >Hi, > >On 27/08/17 14:40, Andreas Tille wrote: >> Hi, >> >> when trying to build sga it results in an error: >> >> ... >> g++ -DHAVE_CONFIG_H -I. -I.. -I../Bigraph -I../Thirdparty >-Wdate-time -D_FORTIFY_SOURCE=2 -fopenmp -I/usr//include >-I/usr//include/bamtools -Wall -Wextra -Wno-unknown-pragmas -std=c++98 >-O3 -c -o libutil_a-VariantIndex.o `test -f 'VariantIndex.cpp' || echo >'./'`VariantIndex.cpp >> VariantIndex.cpp: In member function 'VariantRecordVector >VariantIndex::getNearVariants(const string&, int, int) const': >> VariantIndex.cpp:89:46: error: call of overloaded 'abs(long unsigned >int)' is ambiguous >> if(abs(record.position - position) < distance) >> ^ > >In C++11, you cannot call abs on an unsigned integer (which makes no >sense anyway). Probably "record.position" needs casting to a signed >type >(like long). > >Thanks, >James -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Bug#873148: Fails to properly escape the ;, {, }, <, and > characters
Package: node-shell-quote severity: serious forwarded: https://github.com/substack/node-shell-quote/issues/31 couple of open issues that seem reasonably serious for a package that appears to be intended for sanitising user input before passing it on to the shell:
Bug#872438: [Pkg-javascript-devel] Bug#872438: Bug#872438: Bug#872438: src:nodejs: FTBFS on mips64el: Can't determine the arch of ./node
On Fri, Aug 18, 2017 at 7:42 PM, Jérémy Lalwrote: > James Cowgill replied this to my give back request on mip64el: > >> My guess is this GCC-7 bug which is breaking lots of stuff on mips64el >> at the moment: >> https://bugs.debian.org/871514 > >> Thanks, >> James > > Cheers, > > Jérémy Thanks BTW why node has no debug symbols ? Bastien > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#872438: [Pkg-javascript-devel] Bug#872438: src:nodejs: FTBFS on mips64el: Can't determine the arch of ./node
Starting program: /home/rouca/nodejs-6.11.2~dfsg/node warning: GDB can't find the start of the function at 0xfff7fcd0c4. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/mips64el-linux-gnuabi64/libthread_db.so.1". warning: GDB can't find the start of the function at 0xfff7fcddc8. [New Thread 0xfff59db1e0 (LWP 516)] [New Thread 0xfff59bb1e0 (LWP 517)] [New Thread 0xfff51bb1e0 (LWP 518)] [New Thread 0xfff49bb1e0 (LWP 521)] [New Thread 0xfff41bb1e0 (LWP 522)] Thread 1 "node" received signal SIGBUS, Bus error. 0x0001 in ?? () (gdb) info register zero at v0 v1 R0 00ffda68 4500d051 53731e19 a0 a1 a2 a3 R4 0001 00ffda98 000120f81220 2ee04241 a4 a5 a6 a7 R8 2ee63501 2ee41019 0003 0003 t0 t1 t2 t3 R12 35436b00 84080018 811372e0 0009 s0 s1 s2 s3 R16 0001 00ffda98 0001 s4 s5 s6 s7 R20 2ee635c8 beeddead 000120f81258 2ee3ed41 t8 t9 k0 k1 R24 000120f82cc8 0001 0015 gp sp s8 ra R28 000120f424b0 00ffda60 00ffda88 3540610c status lo hi badvaddr 04109cf3 604189374cdec514 00ebe2a5 0001 cause pc 00800010 0001 fcsr fir restart dc64 00739600 (gdb) bt warning: GDB can't find the start of the function at 0x3540610b. #0 0x0001 in ?? () #1 0x3540610c in ?? () (gdb) frame #0 0x0001 in ?? () (gdb)
Bug#872438: [Pkg-javascript-devel] Bug#872438: src:nodejs: FTBFS on mips64el: Can't determine the arch of ./node
On Thu, Aug 17, 2017 at 3:54 PM, Felipe Satelerwrote: > Package: src:nodejs > Version: 6.11.2~dfsg-2 > Severity: serious > > nodejs failed to build with this error: > > make[1]: Entering directory '/<>' > # Clean up any leftover processes but don't error if found. > ps awwx | grep Release/node | grep -v grep | cat > /usr/bin/python tools/test.py -p tap \ > --mode=release --flaky-tests=dontcare \ > --arch=mips64el --timeout=3000 message parallel sequential > Can't determine the arch of: './node' > > Can't determine the arch of: './node' > > Can't determine the arch of: './node' The line are : vm = context.GetVm(arch, mode) if not exists(vm): print "Can't find shell executable: '%s'" % vm continue archEngineContext = Execute([vm, "-p", "process.arch"], context) vmArch = archEngineContext.stdout.rstrip() if archEngineContext.exit_code is not 0 or vmArch == "undefined": print "Can't determine the arch of: '%s'" % vm print archEngineContext.stderr.rstrip() continue env = { 'mode': mode, 'system': utils.GuessOS(), 'arch': vmArch, } > > No tests to run. > Makefile:220: recipe for target 'test-ci-js' failed > make[1]: *** [test-ci-js] Error 1 > make[1]: Leaving directory '/<>' > > > Full log at > https://buildd.debian.org/status/fetch.php?pkg=nodejs=mips64el=6.11.2~dfsg-2=1502862893=0 > > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#872433: [Pkg-javascript-devel] Bug#872433: Bug#872433: [with solution] Doesn't find modules installed in Debian directories
On Thu, Aug 17, 2017 at 2:49 PM, Julien Puydt <julien.pu...@laposte.net> wrote: > Hi, > > Le 17/08/2017 à 14:23, Bastien ROUCARIES a écrit : >> Could you get a glimpse at node-minimatch debian/test/runtestsuite ? > > Won't work, since we don't have all the test deps in Debian (lacking > object-keys -- beware we have object-key but that's not what it wants). Could you open a bug or point me to ITP bug ? > >> For the NMIU one lintian warning you are member of team javascript add >> a * team upload at the beginning of changelog. If not you should add a >> * NMU > > I know, but since I had a look at the package yesterday and only filled > the report today, I don't think it would be correct to push anything or > plan an upload (NMU or team, whatever) before I left Thorsten ample time > to answer. > > Cheers, > > Snark > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#872433: [Pkg-javascript-devel] Bug#872433: [with solution] Doesn't find modules installed in Debian directories
Could you get a glimpse at node-minimatch debian/test/runtestsuite ? For the NMIU one lintian warning you are member of team javascript add a * team upload at the beginning of changelog. If not you should add a * NMU On Thu, Aug 17, 2017 at 2:19 PM, Julien Puydt <julien.pu...@laposte.net> wrote: > Hi, > > Le 17/08/2017 à 14:04, Bastien ROUCARIES a écrit : >> Could you also modernize this package ? policy bump, autopkg-test (see >> node-tape) > > I bumped std-ver and dh compat if that's what you mean by policy bump. > There was already an autopkg-test directory and I added a test for my > patch (which has a DEP3 header). > > Here is what my git-log has to say on the changes since debian/1.1.7-2 > was released ; lintian only complains about unreleased-changes, > changelog-should-mention-nmu and source-nmu-has-incorrect-version-number > because I created a 1.4.0-1 and I'm not an uploader : > > commit 706643f1cc5c6a6d72b0fa092379ed6f029b6540 (HEAD -> master) > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Thu Aug 17 13:54:36 2017 +0200 > > Remove useless build-dep on dh-buildinfo > > commit c5cf00738e9a7c597a86406ddb9ae1c7a8e086a3 > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Thu Aug 17 13:52:23 2017 +0200 > > Add an autopkgtest for the patch to enable Debian paths > > commit 5303fa0df9bc3d0f223963a5af33da5f511cf245 > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Thu Aug 17 13:46:31 2017 +0200 > > Add a patch so node_modules isn't always added to searched paths > > commit 92349b284cad11524a4a6f7acb1b979794a1d818 > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Thu Aug 17 13:42:52 2017 +0200 > > Bump std-ver to 4.0.0 > > commit 9bce40b53ef272e9c1035bbd1ad6c8299b55b654 > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Thu Aug 17 13:41:45 2017 +0200 > > Bump dh compat to 10 > > commit 16f46e9d3789232de1c2d41471851fbb20490014 > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Wed Aug 16 19:36:15 2017 +0200 > > Package upstream 1.4.0 > > commit 2ad252931b6710dab0a6d708c11e4cbe30ead326 > Merge: febbf48 68dce8d > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Wed Aug 16 19:35:45 2017 +0200 > > Updated version 1.4.0 from 'upstream/1.4.0' > > with Debian dir 641fcf33ab138af6a27661a439a7b435ac210f03 > > commit 68dce8d4a97fd679c5214be9dc2e16658a7b7cf3 (tag: upstream/1.4.0, > upstream) > Author: Julien Puydt <julien.pu...@laposte.net> > Date: Wed Aug 16 19:35:39 2017 +0200 > > New upstream version 1.4.0 > > commit febbf4801383e0b650432dda8eceeeb1f6275248 (origin/master, origin/HEAD) > Author: Mike Gabriel <mike.gabr...@das-netzwerkteam.de> > Date: Thu Dec 15 11:21:37 2016 +0100 > > debian/control: Drop myself from Uploaders: field. > > commit b2e880ef277e4f2ebf7d20386066efc6ffc029fe (tag: debian/1.1.7-2) > Author: Thorsten Alteholz <deb...@alteholz.de> > Date: Fri Jun 17 19:56:34 2016 +0200 > > fix typo > > > > And here is what my d/ch entry looks like: > node-resolve (1.4.0-1) UNRELEASED; urgency=medium > > * New upstream release. > * Bump dh compat to 10. > * Bump std-ver to 4.0.0. > * Add a patch so node_modules isn't always added to search paths. > * Add an autopkgtest to check the patch mentioned above works. > * Remove build-dep on dh-buildinfo. > > -- Julien Puydt <julien.pu...@laposte.net> Wed, 16 Aug 2017 19:35:50 +0200 > > I think it doesn't look bad, but I'd rather have the uploader (Thorsten > Alteholz) tell me he's ok with me pushing those changes (or part of > them) and doing the upload. > > Cheers, > > Snark on #debian-js
Bug#872433: [Pkg-javascript-devel] Bug#872433: [with solution] Doesn't find modules installed in Debian directories
Let ping me at ro...@debian.org if needed Could you also modernize this package ? policy bump, autopkg-test (see node-tape) On Thu, Aug 17, 2017 at 1:40 PM, Julien Puydtwrote: > Package: node-resolve > Version: 1.1.7-2 > Severity: grave > > Hi, > > I'm surprised nobody reported it yet since it basically makes the > package useless as far as I see, but the current node resolve doesn't > find modules installed in Debian directories : while working on another > package, I was surprised that nothing was found. When investigating > using strace, I saw that resolve.sync was always adding "node_modules" > to the paths it tried, so of course it didn't find anything. > > I got things to work by editing node-modules-paths.js from: > > module.exports = function nodeModulesPaths(start, opts) { > var modules = opts && opts.moduleDirectory > ? [].concat(opts.moduleDirectory) > : ['node_modules']; > > to: > > module.exports = function nodeModulesPaths(start, opts) { > var modules = opts && opts.moduleDirectory > ? [].concat(opts.moduleDirectory) > : ['node_modules', '']; > > ie: I added '' to the list of things to add when generating paths to check. > > The following two lines fail with the unpatched node-resolve, and work > with the patched one: > resolve=require('resolve') > resolve.sync('resolve/lib/core.js', {basedir: '/usr/lib/nodejs'}) > (it should be added in debian/tests/) > > I'm part of the Debian Javascript maintainers team so I can add the > necessary patch (with the right header) and test [and probably push > higher upstream version, std-ver and dh] to the git repository to help > if you want -- but I'm no DD so can't upload myself. > > Cheers, > > Snark on #debian-js > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#871300: [Pkg-gmagick-im-team] Bug#871300: libmagick++-6.q16-7: requires rebuild against GCC 7 and symbols/shlibs bump
Le 7 août 2017 22:59:06 GMT+02:00, James Cowgilla écrit : >Hi, > >On 07/08/17 16:55, roucaries bastien wrote: >> On Mon, Aug 7, 2017 at 4:47 PM, wrote: >>> Package: libmagick++-6.q16-7 >>> Version: 8:6.9.7.4+dfsg-16 >>> Severity: serious >>> Tags: sid buster >>> User: debian-...@lists.debian.org >>> Usertags: gcc-7-op-mangling >>> >> >> I need a change that break ABI, I will release a new version. Does it >> exist in this case a short cut > >If you are going to rename the Debian package and trigger a package >transition, you do not need to add any of the extra symbols/shlibs >stuff. You should still build-depend on gcc (>= 4:7) however - I'm not >sure if all the buildds use GCC 7 by default yet. Should i depends on g++7 for libmagick++-dev ? >Thanks, >James -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Bug#869834: CVE-2017-11533: heap buffer overflow in uil coder
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 forwarded:https://github.com/ImageMagick/ImageMagick/issues/562 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
Bug#869728: Avoid a crash for mpc coder
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31438 Avoid a crash for mpc coder
Bug#869727: Memory exhaustion in mpc coder
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/546 When identify MPC file , imagemagick will allocate memory to store the data, here is the critical code: (Mpc.c , in function ReadMPCImage) image->colormap=(PixelInfo *) AcquireQuantumMemory(image->colors+1, //856 sizeof(*image->colormap)); The “image->colors" can be obtained from local value “options” as follow, and the options is controlled by image , in other words the “image->colors" can be read from input file. image->colors=StringToUnsignedLong(options); //402 The function StringToUnsignedLong convert string to unsigned long type, but the return value was not checked. Here is my policy.xml to limit memory usage,but 256MB limit can be bypassed.
Bug#869726: CVE-2017-11532: memory leak in coders/mpc.c.
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/563 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
Bug#869725: CVE-2017-11531: Memory Leak in coders/histogram.c.
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/566 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
Bug#869210: endless loop in ReadTXTImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.9.7.4+dfsg-11+deb9u1 control: found -1 8:6.8.9.9-5+deb8u10 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/591 original reported will open a bug fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
Bug#869209: [imagemagick] Null-Point reference in WriteOnePNGImage
Source: imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org X-Debbugs-CC: Salvatore Bonaccorsocontrol: found -1 8:6.9.7.4+dfsg-11+deb9u1 control: found -1 8:6.8.9.9-5+deb8u10 control: found -1 8:6.7.7.10-5+deb7u14 forwarded: https://github.com/ImageMagick/ImageMagick/issues/586 Original reporter will open a CVE
Bug#867896: [imagemagick] enable heap overflow check for stdin for mpc files
Source: src:imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://github.com/ImageMagick/ImageMagick/issues/556 Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. It was an oversight in the original patch. Fixed by https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
Bug#862967: Will try tomorrow
Hi, I plan to release a stable version tomorrow Bastien
Bug#862690: Found in unstable/testing/stable
control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.7.7.10-5+deb7u13 control: found -1 8:6.7.7.10-5+deb7u4
Bug#860735: CVE-2017-7942: memory leak in avs does not affect old version
control: notfound -1,8:6.6.0.4-3 control: notfound -1 8:6.7.7.10-5 control: notfound -1 8:6.8.9.9-5 control: notfound -1 8:6.8.9.9-5+deb8u8 control: notfound -1 8:6.7.7.10-5+deb7u13 > > Due to code change not affected
Bug#860735: CVE-2017-7942: memory leak in avs does not affect old version
control: notfound -1,8:6.6.0.4-3 control: notfound -1 8:6.7.7.10-5 control: notfound -1 8:6.8.9.9-5 control: notfound -1 6.8.9.9-5+deb8u8 control: notfound -1 6.7.7.10-5+deb7u13 Due to code change not affected
Bug#861172: [Pkg-javascript-devel] Bug#861172: node-jsonstream FTBFS in stretch: Build dependency node-tape is not available
control: owner -1 ro...@debian.org On Tue, Apr 25, 2017 at 2:10 PM, Adrian Bunkwrote: > Source: node-jsonstream > Version: 1.0.3-3 > Severity: serious > > node-jsonstream build-depends on node-tape, which is not in stretch. > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#860736: CVE-2017-7943 Memory leak in svg
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://github.com/ImageMagick/ImageMagick/issues/427 https://github.com/ImageMagick/ImageMagick/commit/b0e61972ff94e844fbb3ca927e476fc156c240a3
Bug#860735: CVE-2017-7942: memory leak in avs
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://github.com/ImageMagick/ImageMagick/issues/428 Fixed by 962282327f3a28ffb1138f3ad3fb0438b57ae6b1
Bug#860734: CVE-2017-7941 memory leak in sgi
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://github.com/ImageMagick/ImageMagick/issues/428 Fixed by https://github.com/ImageMagick/ImageMagick/commit/721dc1305b2bfff92e5ca605dc1a47c61ce90b9f
Bug#860382: Install in wrong dir useless
Package: node-jsonstream Version: 1.0.3-1 Severity: grave This package install files under jsonstream instead of JSONStream... Thus it is useless
Bug#847282: [Pkg-gmagick-im-team] Bug#847282:
Ok found why it fail: oldstable -> stable create images.dpkg-backup -> ../imagemagick/images and www.dpkg-backup -> ../imagemagick/www backup symlink. These are not owned by package... I suppose I could nuke them after checking if they point to something sensible Bastien
Bug#847282: [Pkg-gmagick-im-team] Bug#847282:
More information here https://piuparts.debian.org/wheezy222testing/fail/imagemagick-doc_8:6.9.7.4+dfsg-3.log
Bug#847282:
Followup-For: Bug #847282 Control: found -1 8:6.9.7.0+dfsg-3 Reopen found
Bug#859769: Infinite loop due to rounding error
Le 9 avril 2017 18:12:01 GMT+02:00, Salvatore Bonaccorso <car...@debian.org> a écrit : >Hi Bastien, > >On Fri, Apr 07, 2017 at 12:06:50PM +0200, Bastien ROUCARIES wrote: >> Package: src:imagemagick >> Version: 8:6.6.0.4-3 >> Severity: serious >> Tags: security >> X-Debbugs-CC: t...@security.debian.org >> control: found -1 8:6.7.7.10-5 >> control: found -1 8:6.8.9.9-5 >> forwarded: >https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31506 >> >> >> Fixed by 63757068c803f692bd70304b06ce3406e0b67c7f will open a CVE > >heard anything back for a CVE assignment? Open this morning at 0700Utc I am waiting > >Regards, >Salvatore -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Bug#859772: Fix include regression
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 forwarded: https://launchpadlibrarian.net/314715229/FixAcquireVirtualMemoryMemleak.patch Partial patch with problem
Bug#859771: Undefined behavoir in rle
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://github.com/ImageMagick/ImageMagick/issues/415 Undefined behavior in rle coder reading rle file could lead to lack of validation of rle file... Could be triggerd by corrupted file depending of compiler.
Bug#859769: Infinite loop due to rounding error
Package: src:imagemagick Version: 8:6.6.0.4-3 Severity: serious Tags: security X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.7.7.10-5 control: found -1 8:6.8.9.9-5 forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31506 Fixed by 63757068c803f692bd70304b06ce3406e0b67c7f will open a CVE
Bug#847715: [Pkg-javascript-devel] Bug#847715: Plan to do a NMU
Here the diff, quite trivial diff --git a/debian/changelog b/debian/changelog index 8d6a8ec..25d57f9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +node-resumer (0.0.0-2) unstable; urgency=medium + + * Team upload. + * Bug fix: "node-resumer depends on node-through2 (>= 2.3.4), but +only 2.0.3-1 is in unstable", thanks to Adrian Bunk (Closes: #847715). + + -- Bastien Roucariès <ro...@debian.org> Tue, 04 Apr 2017 00:12:33 +0200 + node-resumer (0.0.0-1) unstable; urgency=low * Initial release (Closes: #814286) diff --git a/debian/control b/debian/control index a06010f..9f4222e 100644 --- a/debian/control +++ b/debian/control @@ -15,7 +15,7 @@ Package: node-resumer Architecture: all Depends: ${misc:Depends}, nodejs, - node-through2 (>= 2.3.4) + node-through2 (>= 2.0) Description: through stream that starts paused and resumes on the next tick Return a through stream that starts out paused and resumes on the next tick, unless somebody called .pause(). On Tue, Apr 4, 2017 at 12:03 AM, Bastien ROUCARIES <roucaries.bast...@gmail.com> wrote: > Hi, > > I plan to do a NMU on this one. > > Do you want the diff ?. > > Bastien > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#847715: Plan to do a NMU
Hi, I plan to do a NMU on this one. Do you want the diff ?. Bastien
Bug#847282: Ping
On Mon, Apr 3, 2017 at 8:36 PM, Adrian Bunk <b...@debian.org> wrote: > Control: severity -1 serious > > On Sun, Mar 12, 2017 at 03:51:29PM +0100, Bastien ROUCARIES wrote: >> n 2017-01-22 18:02, Bastien ROUCARIES wrote: >> > Let decrease the severity to something not RC. I need to know if the >> > problem is in dpkg or imagemagick. And I do not want to block the >> > security update of imagemagick. > > Raising severity again, so that this issue won't get lost for stretch. > >> ACK. I'll try to take a more detailed look at it ... ping me if I don't >> report back ... >> >> Ping thus > > Adding Andreas, replying to the bug does not Cc the submitter. For this one adrian I need help... I do not know where the problem lie. In dpkg maint script or in imagemagick Trace welcome > > cu > Adrian > > -- > >"Is there not promise of rain?" Ling Tan asked suddenly out > of the darkness. There had been need of rain for many days. >"Only a promise," Lao Er said. >Pearl S. Buck - Dragon Seed >
Bug#858593: reopen
Control: reopen 858593 Control: found 1.20.1-6
Bug#857426: [Pkg-gmagick-im-team] Bug#857426: closed by Bastien ROUCARIES <roucaries.bast...@gmail.com> (does not affect sid, )
BTW I will open a CVE Moreover could you check if CVE-2016-10068 is fixed ? According to changelog it is and I could not apply patch (already applied) On Tue, Mar 14, 2017 at 7:23 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > Hello Bastien, > > On Sat, Mar 11, 2017 at 03:18:04PM +, Debian Bug Tracking System wrote: >> This is an automatic notification regarding your Bug report >> which was filed against the src:imagemagick package: >> >> #857426: [Bug 1671630] Memory leak in IsOptionMember function >> >> It has been closed by Bastien ROUCARIES <roucaries.bast...@gmail.com>. >> >> Their explanation is attached below along with your original report. >> If this explanation is unsatisfactory and you have not received a >> better one in a separate message then please contact Bastien ROUCARIES >> <roucaries.bast...@gmail.com> by >> replying to this email. >> >> >> -- >> 857426: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857426 >> Debian Bug Tracking System >> Contact ow...@bugs.debian.org with problems > >> Date: Sat, 11 Mar 2017 16:15:15 +0100 >> From: Bastien ROUCARIES <roucaries.bast...@gmail.com> >> To: 857426-d...@bugs.debian.org >> Subject: does not affect sid, >> Message-ID: >> <CAE2SPAYRbFdaiCkVS+ObYmXXGO0=hmg5cw2vjmi9le4jgp8...@mail.gmail.com> >> >> version: 8:6.9.7.4+dfsg-2 > > Hmm, I do not see that change from 8:6.9.7.4+dfsg-1 to > 8:6.9.7.4+dfsg-2. Are you sure that is the fixing version and not > already done somewhere earlier? > > Regards, > Salvatore > > ___ > Pkg-gmagick-im-team mailing list > pkg-gmagick-im-t...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gmagick-im-team
Bug#787338: Not free icc profile are not free
Upstream clarify licence, see http://www.color.org/srgbprofiles.xalter not free Bastien
Bug#857426: Fwd: [Bug 1671630] [NEW] Memleak in IsOptionMember
Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: serious Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.6.0.4-3 Does not affect sid/jessie -- Forwarded message -- From: Stefan Pöschel <1671...@bugs.launchpad.net> Date: Thu, Mar 9, 2017 at 10:21 PM Subject: [Bug 1671630] [NEW] Memleak in IsOptionMember To: roucaries.bastien+b...@gmail.com Public bug reported: The ImageMagick version shipped with Ubuntu 16.04 (version 8:6.8.9.9-7ubuntu5.5) is affected by a memory leak. This has been fixed in the following commit: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b So I request this fix to be backported to 16.04 (and other affect version, if applicable; 14.04 is not affected). The tool ODR-PadEnc which I maintain is affected by the bug: https://github.com/Opendigitalradio/ODR-PadEnc/issues/2 Here one of the outputs that Valgrind procudes for each invokation - in this case, I used 14.04 with http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9.orig.tar.xz as I have 16.04 only running in a VM. The patches within http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9-7ubuntu5.5.debian.tar.xz do NOT address this bug. ==1961== 455,322 bytes in 111 blocks are definitely lost in loss record 1,761 of 1,762 ==1961==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1961==by 0x5E2DB3E: AcquireString (string.c:132) ==1961==by 0x5E2FC10: StringToArgv (string.c:2196) ==1961==by 0x5DC46F7: IsOptionMember (option.c:2278) ==1961==by 0x5F3F789: WritePNGImage (png.c:11996) ==1961==by 0x5D12B11: WriteImage (constitute.c:1184) ==1961==by 0x5CDE340: ImageToBlob (blob.c:1607) ==1961==by 0x40D7A5: SLSManager::encodeFile(std::string const&, int, bool) (sls.cpp:392) ==1961==by 0x4038B1: main (odr-padenc.cpp:324) ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are subscribed to imagemagick in Ubuntu. https://bugs.launchpad.net/bugs/1671630 Title: Memleak in IsOptionMember Status in imagemagick package in Ubuntu: New Bug description: The ImageMagick version shipped with Ubuntu 16.04 (version 8:6.8.9.9-7ubuntu5.5) is affected by a memory leak. This has been fixed in the following commit: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b So I request this fix to be backported to 16.04 (and other affect version, if applicable; 14.04 is not affected). The tool ODR-PadEnc which I maintain is affected by the bug: https://github.com/Opendigitalradio/ODR-PadEnc/issues/2 Here one of the outputs that Valgrind procudes for each invokation - in this case, I used 14.04 with http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9.orig.tar.xz as I have 16.04 only running in a VM. The patches within http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9-7ubuntu5.5.debian.tar.xz do NOT address this bug. ==1961== 455,322 bytes in 111 blocks are definitely lost in loss record 1,761 of 1,762 ==1961==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1961==by 0x5E2DB3E: AcquireString (string.c:132) ==1961==by 0x5E2FC10: StringToArgv (string.c:2196) ==1961==by 0x5DC46F7: IsOptionMember (option.c:2278) ==1961==by 0x5F3F789: WritePNGImage (png.c:11996) ==1961==by 0x5D12B11: WriteImage (constitute.c:1184) ==1961==by 0x5CDE340: ImageToBlob (blob.c:1607) ==1961==by 0x40D7A5: SLSManager::encodeFile(std::string const&, int, bool) (sls.cpp:392) ==1961==by 0x4038B1: main (odr-padenc.cpp:324) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1671630/+subscriptions
Bug#856881: Not found in stable and oldstable
control: notfound - 1 8:6.8.9.9-5+deb8u7 control: notfound - 1 8:6.7.7.10-5+deb7u11 code is not present
Bug#856882: Fwd: Not found in stable and oldstable
control: notfound - 1 8:6.8.9.9-5+deb8u7 control: notfound - 1 8:6.7.7.10-5+deb7u11 code is not present
Bug#694308: forwarded
control: forwarded -1 https://github.com/adobe-type-tools/afdko/issues/172
Bug#856881: retitle
control: tag -1 + patch control: retitle -1 CVE-2017-6501: null pointer deref in xcf coder
Bug#856880: retitle
control: tag -1 + patch control: retitle -1 CVE-2017-6499: Magick++ memory leak
Bug#856879: retitle
control: tag -1 + patch control: retitle -1 CVE-2017-6500: sun file heap-based buffer over-read
Bug#856882: retitle
control: tags -1 + patch control: retitle -1 [CVE-2017-6497] Added missing null check in psd coder