Bug#972310: buster-pu: package puma/3.12.0-2+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 There are several security advisories open for the puma version in Buster: CVE-2020-5247 CVE-2020-5249 CVE-2020-11076 CVE-2020-11077 This upload fixes all these issues with patches taken from upstream's git repository. The added patches contain references to the commits used. Furthermore the upload contains a two-liner to add patch headers to an existing patch. A few new tests from upstream are added as well and a few other have been ifixed to apply to the fixed sources. Non-necessary changes have been omitted. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [pending] the issue is verified as fixed in unstable Unstable contains the 4.x series of puma while buster contains the 3.12 series. The upload of puma 4.3.6 will follow within one or two days of this report. Please don't hesitate to contact me if any questions arise. Regards, Daniel - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.8.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl+I6K0ACgkQS80FZ8KW 0F1jSg//XplFcjLWUESWhyT6UWng0bRxafeQvBen5rhi35WCpQdkkGR5VVH7WiEQ cPLXjVifn66vJtP7/BKpqIWKJkZnotdNRtNXPslYkRb6WvQqTPUguPKQUM7fxOw3 qkKJN0bY49lPnWObiw+CFcXlZQ+lwwbKh7/Ud4MBNoHDd5nWRLwFzs2QndARR2u0 i7nv31ihaD85evcSX6MWKtqXLUzGY4dtp7RR0ecyzcQmyxwT8GEcNxqWBzzVqisk CkRwvHZESGM+eqcTiqIRFmvMEj+0H4foo5SxGPq/WKlH0/ENvt2VwnDKswyavc5q YuC1ZUB+hI5uJLJtQ3/ES3FrNgPdH9hjFutG3qzBWi1+M76rrSpT281dr0DYe33R ycDk2+PDbGpAg13j819MXWSDfR91nYDZ0TOWq1Kx+s2xQ5ObIw/KtvX/K93Vjwb4 SyPrYvqLoeZyAm+erNjyx+BhkrNnzQmkCVgNAD/9N9tHmN1DIOpH4CNNc1zCQfWK vXmK8ZLuKxGQWNmOMy0JHnDxlHNy1XDvJ8tJOdmjHg6ylncueepFhwQu5nUDv8rs eW+ICHejvc/W/tBO9TOyB2AE6yMLafAyzMH9qHn/mZPkcR0+s1F3Pu1A96fnz2vn hMDVrBeoLOD/UUuLe6yR5Reehewmfk3HxoTIFKipB9T+imiTLbw= =llit -END PGP SIGNATURE- diff -Nru puma-3.12.0/debian/changelog puma-3.12.0/debian/changelog --- puma-3.12.0/debian/changelog2020-03-04 00:15:43.0 +0100 +++ puma-3.12.0/debian/changelog2020-10-15 23:39:36.0 +0200 @@ -1,3 +1,23 @@ +puma (3.12.0-2+deb10u2) buster; urgency=medium + + * Team upload. + * d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and +bug tracker information. + * d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247. +- Fix header value could inject their own HTTP response (closes: #952766). + * d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249. +- Fix splitting newlines in headers and another vector for HTTP injection + (closes: #953122). + * d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076. +- Better handle client input to fix HTTP Smuggling via Transfer-Encoding + header (closes: #972102). + * d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077. +- Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding + header (closes: #972102). + * d/patches/series: Enable new patches. + + -- Daniel Leidert Thu, 15 Oct 2020 23:39:36 +0200 + puma (3.12.0-2+deb10u1) buster; urgency=medium * Team upload. diff -Nru puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch --- puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch 2020-03-04 00:15:43.0 +0100 +++ puma-3.12.0/debian/patches/0009-disable-tests-failing-in-single-cpu.patch 2020-10-15 23:39:36.0 +0200 @@ -1,9 +1,19 @@ +From: Pirate Praveen +Date: Sun, 10 Feb 2019 18:56:23 +0530 +Subject: disable-tests-failing-in-single-cpu + Disable test failing on single cpu -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921931 +Bug-Debian: https://bugs.debian.org/921931 +--- + test/test_pumactl.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test_pumactl.rb b/test/test_pumactl.rb +index 813ec32..11466b2 100644 --- a/test/test_pumactl.rb +++ b/test/test_pumactl.rb -@@ -33,7 +33,7 @@ +@@ -33,7 +33,7 @@ class TestPumaControlCli < Minitest::Test def test_control_url skip if Puma.jruby? || Puma.windows? diff -Nru puma-3.12.0/debian/patches/CVE-2020-11076.patch puma-3.12.0/debian/patches/CVE-2020-11076.patch --- puma-3.12.0/debian/patches/CVE-2020-11076.patch 1970-01-01 01:00:00.0 +0100 +++
Bug#972255: transition: postgresql-common/221
Re: Sebastian Ramacher > > autopkgtest for omnidb/2.17.0+ds-2: amd64: Regression ♻ (reference ♻), > > arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > > Regression ♻ (reference ♻) > > The autopkgtests for omnidb 2.17.0+ds-4 also fails: > https://ci.debian.net/data/autopkgtest/testing/amd64/o/omnidb/7482609/log.gz > The tests is using postgresql-common from testing. Is that missing a > tighter dependency somewhere? Right, sorry for missing that. Fix uploaded as 2.17.0+ds-5. Christoph
Bug#972255: transition: postgresql-common/221
Re: Sebastian Ramacher > Removal hint added. Could you please file an RC bug against > postgresql-multicorn so that once removed from testing britney doesn't > try to migrate? Thanks. Bug: #972285 Christoph
Bug#968912: transition: perl 5.32
On 2020-10-15 18:27:08 +0100, Niko Tyni wrote: > On Sun, Aug 23, 2020 at 07:25:19PM +0100, Dominic Hargreaves wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > X-Debbugs-Cc: debian-p...@lists.debian.org > > > > Hi, perl 5.32 has been in experimental since June and I think it's going > > to be ready for sid/bullseye within the next month or so - this is the > > version we expect to ship with bullseye (given the freeze in January). > > > > The main blockers at present are the perl-tk update (I've just > > pinged #960863) and, indirectly, the ipv6-only build related problems > > described in #964902. > > These are resolved now, and all known regressions found in our test > rebuilds are marked as blocking this bug. > > The libpod-parser-perl dependencies are trivial to add. > > There's no fix for libdata-alias-perl, and I expect we'll need to remove > it from testing. It's just an optional dependency for other packages > AFAICS, so I don't expect much fallout (as long as the build dependencies > are relaxed in libio-stream-perl and libmethod-signatures-perl first.) > > Could we raise the remaining bugs to 'serious' now? Do you have any > guesstimate on the timing for a transition slot? There is some overlap with the currently ongoing ocaml transition. So let's wait until that one is done. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature
Bug#968378: marked as done (transition: libraw)
Your message dated Thu, 15 Oct 2020 22:30:28 +0200 with message-id <20201015203028.gd1708...@ramacher.at> and subject line Re: Bug#968378: transition: libraw has caused the Debian Bug report #968378, regarding transition: libraw to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968378 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear Release Team, I'm filing this bug for a new transition of libraw package. On July 23, 2020 the 0.20.0 stable version has been released by upstream. On August 04, 2020, after initial upload to experimental accepted by FTP Masters, a couple of testing-purpose packages has been uploaded to experimental, the first as first-hand attempt to check the packaging on all architectures, the latter to fix a bunch of FTBFS due to C++ symbols. So, following the auto-libraw checklist[1], here is the list of source packages reverse-depending on libraw and the results of the builds: * deepin-image-viewer_5.0.0-1 => OK * efl_1.24.3-5 => OK * entangle_3.0-1 => OK * fotoxx_20.08-1 => OK * freeimage_3.18.0+ds2-5 => FTBFS (possibly LibRaw-related) * gegl_0.4.24-1 => OK * gthumb_3:3.8.0-2.1 => OK * hdrmerge_0.5+git20200117-2 => OK * krita_1:4.3.0+dfsg-1 => OK * kstars_5:3.4.3-1 => OK * libkf5kdcraw_20.04.3-1 => OK * luminance-hdr_2.6.0+dfsg-2 => OK * nomacs_3.12.0+dfsg-3 => OK * openimageio_2.1.18.1~dfsg0-1 => OK * shotwell_0.30.10-1 => OK * siril_0.9.12-3 => OK * theli_3.0.2-1.1 => FTBFS (possibly LibRaw-related) Both FTBFS seem to be caused by some changes in libraw 0.20.0 compared to older 0.19.x version. Thanks for your time and patience. mfv [1] https://release.debian.org/transitions/html/auto-libraw.html Ben file: title = "libraw"; is_affected = .depends ~ "libraw19" | .depends ~ "libraw20"; is_good = .depends ~ "libraw20"; is_bad = .depends ~ "libraw19"; -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On 2020-08-14 00:12:56 +0200, Matteo F. Vescovi wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Dear Release Team, > > I'm filing this bug for a new transition of libraw package. This transition finished a while ago. Cheers > > On July 23, 2020 the 0.20.0 stable version has been released by > upstream. > > On August 04, 2020, after initial upload to experimental accepted by FTP > Masters, a couple of testing-purpose packages has been uploaded to > experimental, the first as first-hand attempt to check the packaging on > all architectures, the latter to fix a bunch of FTBFS due to C++ > symbols. > > So, following the auto-libraw checklist[1], here is the list of source > packages reverse-depending on libraw and the results of the builds: > > * deepin-image-viewer_5.0.0-1 => OK > * efl_1.24.3-5 => OK > * entangle_3.0-1 => OK > * fotoxx_20.08-1 => OK > * freeimage_3.18.0+ds2-5 => FTBFS (possibly LibRaw-related) > * gegl_0.4.24-1 => OK > * gthumb_3:3.8.0-2.1 => OK > * hdrmerge_0.5+git20200117-2 => OK > * krita_1:4.3.0+dfsg-1 => OK > * kstars_5:3.4.3-1 => OK > * libkf5kdcraw_20.04.3-1 => OK > * luminance-hdr_2.6.0+dfsg-2 => OK > * nomacs_3.12.0+dfsg-3 => OK > * openimageio_2.1.18.1~dfsg0-1 => OK > * shotwell_0.30.10-1 => OK > * siril_0.9.12-3 => OK > * theli_3.0.2-1.1 => FTBFS (possibly LibRaw-related) > > Both FTBFS seem to be caused by some changes in libraw 0.20.0 compared > to older 0.19.x version. > > Thanks for your time and patience. > > mfv > > > [1] https://release.debian.org/transitions/html/auto-libraw.html > > > Ben file: > > title = "libraw"; > is_affected = .depends ~ "libraw19" | .depends ~ "libraw20"; > is_good = .depends ~ "libraw20"; > is_bad = .depends ~ "libraw19"; > > > -- System Information: > Debian Release: bullseye/sid
Bug#972255: transition: postgresql-common/221
On 2020-10-15 12:34:43 +0200, Christoph Berg wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, > > I think I have put everything in place that needs to be done to have > postgresql-common/221 migrate to testing, which makes the switch from > PostgreSQL 12 to 13 as the "supported" version concerning extension > module packages. > > In the first round of extension I uploaded everything that was listed > as regression on the postgresql-common excuses page. > > https://qa.debian.org/excuses.php?package=postgresql-common > > Remaining issues listed there are: > > autopkgtest for check-postgres/2.25.0-1: amd64: Pass, arm64: Pass, armhf: > Regression ♻ (reference ♻), i386: Pass > > -> The testsuite is flaky and the armhf problem hopefully goes away by > retrying (I already clicked the button). In any case, the regression > is test-only. > > autopkgtest for gvmd/9.0.1-4: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> Fixed in -4.1 in unstable > > autopkgtest for osm2pgrouting/2.3.6-1: amd64: Regression ♻ (reference ♻), > arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> I believe I fixed that in -2 in unstable, but debci is currently > still picking up the old postgis packages from unstable for the test. > In any case, the regression is test-only. > > autopkgtest for omnidb/2.17.0+ds-2: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) The autopkgtests for omnidb 2.17.0+ds-4 also fails: https://ci.debian.net/data/autopkgtest/testing/amd64/o/omnidb/7482609/log.gz The tests is using postgresql-common from testing. Is that missing a tighter dependency somewhere? Cheers > autopkgtest for pg-checksums/1.0-3: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > autopkgtest for pgtap/1.1.0-2: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> I added Breaks: for these in the last postgresql-common upload, the > issues are all fixed in unstable. (But the packages can only > transition along with postgresql-common.) > > autopkgtest for postgresql-multicorn/1.4.0-2: amd64: Regression ♻ (reference > ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), > i386: Regression ♻ (reference ♻) > > -> The only real problem, upstream has not yet released a fix for PG13 > yet. Please remove postgresql-multicorn/1.4.0-2 from testing so we can > proceed. > > (I have probably missed a few "not built on buildd" blockers on some of > the extension packages. Please schedule binnmus there, thanks.) > > So, in summary: please > * remove postgresql-multicorn/1.4.0-2 from testing > * unblock postgresql-common/221 > > Thanks, > Christoph > -- Sebastian Ramacher signature.asc Description: PGP signature
Bug#972255: transition: postgresql-common/221
Hi Christoph On 2020-10-15 12:34:43 +0200, Christoph Berg wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, > > I think I have put everything in place that needs to be done to have > postgresql-common/221 migrate to testing, which makes the switch from > PostgreSQL 12 to 13 as the "supported" version concerning extension > module packages. > > In the first round of extension I uploaded everything that was listed > as regression on the postgresql-common excuses page. > > https://qa.debian.org/excuses.php?package=postgresql-common > > Remaining issues listed there are: > > autopkgtest for check-postgres/2.25.0-1: amd64: Pass, arm64: Pass, armhf: > Regression ♻ (reference ♻), i386: Pass > > -> The testsuite is flaky and the armhf problem hopefully goes away by > retrying (I already clicked the button). In any case, the regression > is test-only. > > autopkgtest for gvmd/9.0.1-4: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> Fixed in -4.1 in unstable > > autopkgtest for osm2pgrouting/2.3.6-1: amd64: Regression ♻ (reference ♻), > arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> I believe I fixed that in -2 in unstable, but debci is currently > still picking up the old postgis packages from unstable for the test. > In any case, the regression is test-only. > > autopkgtest for omnidb/2.17.0+ds-2: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > autopkgtest for pg-checksums/1.0-3: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > autopkgtest for pgtap/1.1.0-2: amd64: Regression ♻ (reference ♻), arm64: > Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: > Regression ♻ (reference ♻) > > -> I added Breaks: for these in the last postgresql-common upload, the > issues are all fixed in unstable. (But the packages can only > transition along with postgresql-common.) > > autopkgtest for postgresql-multicorn/1.4.0-2: amd64: Regression ♻ (reference > ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), > i386: Regression ♻ (reference ♻) > > -> The only real problem, upstream has not yet released a fix for PG13 > yet. Please remove postgresql-multicorn/1.4.0-2 from testing so we can > proceed. > > (I have probably missed a few "not built on buildd" blockers on some of > the extension packages. Please schedule binnmus there, thanks.) > > So, in summary: please > * remove postgresql-multicorn/1.4.0-2 from testing Removal hint added. Could you please file an RC bug against postgresql-multicorn so that once removed from testing britney doesn't try to migrate? Cheers > * unblock postgresql-common/221 > > Thanks, > Christoph > -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: transition: qtbase-opensource-src
Processing control commands: > block -1 by 957436 972154 972155 972156 972157 972158 972160 972175 972176 > 972177 972178 972179 Bug #972278 [release.debian.org] transition: qtbase-opensource-src 972278 was not blocked by any bugs. 972278 was not blocking any bugs. Added blocking bug(s) of 972278: 972176, 972178, 972157, 972154, 972155, 972175, 972177, 972179, 972158, 972156, 957436, and 972160 -- 972278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972278 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#972278: transition: qtbase-opensource-src
Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Control: block -1 by 957436 972154 972155 972156 972157 972158 972160 972175 972176 972177 972178 972179 Dear Release team, We the Qt maintainers would like to request a transition for Qt 5.15.1. There are currently some blockers, but I hope we will get them sorted out within a couple of weeks. In the mean time, please set up a tracker. Here is the ben file that is based on one from the previous transition: https://salsa.debian.org/release-team/transition-data/-/blob/master/old/qtbase-abi-5-15-1.ben title = "qtbase-opensource-src and qtdeclarative-opensource-src"; is_affected = .depends ~ "qtdeclarative-abi-5-14-2" | .depends ~ "qtdeclarative-abi-5-15-1" | .depends ~ "qtbase-abi-5-14-2" | .depends ~ "qtbase-abi-5-15-1"; is_good = .depends ~ "qtbase-abi-5-15-1" | .depends ~ "qtdeclarative-abi-5-15-1"; is_bad = .depends ~ "qtbase-abi-5-14-2" | .depends ~ "qtdeclarative-abi-5-14-2"; -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#968912: transition: perl 5.32
On Sun, Aug 23, 2020 at 07:25:19PM +0100, Dominic Hargreaves wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > X-Debbugs-Cc: debian-p...@lists.debian.org > > Hi, perl 5.32 has been in experimental since June and I think it's going > to be ready for sid/bullseye within the next month or so - this is the > version we expect to ship with bullseye (given the freeze in January). > > The main blockers at present are the perl-tk update (I've just > pinged #960863) and, indirectly, the ipv6-only build related problems > described in #964902. These are resolved now, and all known regressions found in our test rebuilds are marked as blocking this bug. The libpod-parser-perl dependencies are trivial to add. There's no fix for libdata-alias-perl, and I expect we'll need to remove it from testing. It's just an optional dependency for other packages AFAICS, so I don't expect much fallout (as long as the build dependencies are relaxed in libio-stream-perl and libmethod-signatures-perl first.) Could we raise the remaining bugs to 'serious' now? Do you have any guesstimate on the timing for a transition slot? Thanks for your work, -- Niko Tyni nt...@debian.org
Processed: libio-stream-perl: build-depends on libdata-alias-perl, incompatible with Perl 5.32
Processing control commands: > block 968912 with -1 Bug #968912 [release.debian.org] transition: perl 5.32 968912 was blocked by: 972274 961157 964902 961208 960863 968913 961154 971969 961152 961155 968912 was not blocking any bugs. Added blocking bug(s) of 968912: 972275 -- 968912: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968912 972275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libmethod-signatures-perl: build-depends on libdata-alias-perl, incompatible with Perl 5.32
Processing control commands: > block 968912 with -1 Bug #968912 [release.debian.org] transition: perl 5.32 968912 was blocked by: 960863 961155 968913 961152 964902 961208 961154 971969 961157 968912 was not blocking any bugs. Added blocking bug(s) of 968912: 972274 -- 968912: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968912 972274: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972274 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#972255: transition: postgresql-common/221
Re: Christian Marillat > Bug #971586 against postgresql-debversion is not fixed (missing a > package for postgresql 13). That is not related to the first step of the transition. The remaining modules will follow once the first step is through. Christoph
Bug#972255: transition: postgresql-common/221
On 15 oct. 2020 12:34, Christoph Berg wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, > > I think I have put everything in place that needs to be done to have > postgresql-common/221 migrate to testing, which makes the switch from > PostgreSQL 12 to 13 as the "supported" version concerning extension > module packages. Bug #971586 against postgresql-debversion is not fixed (missing a package for postgresql 13). Christian
Bug#972253: transition: python3.9 as default
On Thu, 15 Oct 2020 at 12:33, Matthias Klose wrote: > While we are still in the first phase, adding 3.9 as a supported python3 > version, please setup a tracker for 3.9 as the default python3 version, > re-using > the tracker for 3.8 as the default. I've set up a tracker, it should appear in a couple of hours.
Bug#972255: transition: postgresql-common/221
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, I think I have put everything in place that needs to be done to have postgresql-common/221 migrate to testing, which makes the switch from PostgreSQL 12 to 13 as the "supported" version concerning extension module packages. In the first round of extension I uploaded everything that was listed as regression on the postgresql-common excuses page. https://qa.debian.org/excuses.php?package=postgresql-common Remaining issues listed there are: autopkgtest for check-postgres/2.25.0-1: amd64: Pass, arm64: Pass, armhf: Regression ♻ (reference ♻), i386: Pass -> The testsuite is flaky and the armhf problem hopefully goes away by retrying (I already clicked the button). In any case, the regression is test-only. autopkgtest for gvmd/9.0.1-4: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) -> Fixed in -4.1 in unstable autopkgtest for osm2pgrouting/2.3.6-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) -> I believe I fixed that in -2 in unstable, but debci is currently still picking up the old postgis packages from unstable for the test. In any case, the regression is test-only. autopkgtest for omnidb/2.17.0+ds-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) autopkgtest for pg-checksums/1.0-3: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) autopkgtest for pgtap/1.1.0-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) -> I added Breaks: for these in the last postgresql-common upload, the issues are all fixed in unstable. (But the packages can only transition along with postgresql-common.) autopkgtest for postgresql-multicorn/1.4.0-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻) -> The only real problem, upstream has not yet released a fix for PG13 yet. Please remove postgresql-multicorn/1.4.0-2 from testing so we can proceed. (I have probably missed a few "not built on buildd" blockers on some of the extension packages. Please schedule binnmus there, thanks.) So, in summary: please * remove postgresql-multicorn/1.4.0-2 from testing * unblock postgresql-common/221 Thanks, Christoph
Bug#972253: transition: python3.9 as default
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition While we are still in the first phase, adding 3.9 as a supported python3 version, please setup a tracker for 3.9 as the default python3 version, re-using the tracker for 3.8 as the default.
Bug#971757: marked as done (transition: libhx)
Your message dated Thu, 15 Oct 2020 08:35:29 +0200 with message-id <20201015063529.ga1539...@ramacher.at> and subject line Re: Bug#971757: transition: libhx has caused the Debian Bug report #971757, regarding transition: libhx to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 971757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971757 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, upstream has changed the SONAME from libHX.so.28 to libHX.so.32. Therefore I bump the library package name to libhx32. Compiling the dependent programs against the new library was without errors: - - hxtools - - libpam-mount Only the package - - kopanocore has an FTBFS (see bug #969297: FTBFS: undefined reference to symbol 'pthread_join@@GLIBC_2.2.5'). This bug is not caused by libhx. Ben file: title = "libhx"; is_affected = .depends ~ "libhx28" | .depends ~ "libhx32"; is_good = .depends ~ "libhx32"; is_bad = .depends ~ "libhx28"; CU Jörg - -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (300, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.8.0-2-amd64 (SMP w/6 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAl98jkEACgkQCfifPIyh 0l2xKhAApPWW30PuDvopESMpfttWLP8EkfLgl8ppTP5WTDhC9HFzMLdbCykmk2zp 9crirCNjKmTSj7d0lkTPqWveBKnFn1fNDfpyjFduw6HgIqC9Fiyj54UYmFXsU0iu 4ymuh8FrhYiVUKpmZpPCBAlnPCfUT6ugmHKpSw4TZXNBvAA1R5VnVN8X5NaIa0/O AfpCi1m74KCe7L2KFiynFgkpulXUvErOXU8KcltjiFBQKgUspBoIgC/FzajhW0VV Dgvjq//IQ4kJn74ukS+GdSBrRUSia8h29mYhszQ6hjtqFpJl3FlpnqcwZlLCyNh6 xgxTDymRGuLibVe5o/ivMfV0+xXlJmlH5L8LkBKzMVNbgeCBCWPw9C/oRdgR9zkg tOZUACdfs2LM4W7xPZ8b8YSEpQP5wCmW1pL8tFkVFOD8ceoJa+MNEVyuOAQHLp1J gQ/af8qNJS1UUcdvzmZJil1Ezspg20abGWMIeadIMmNZyPo1DpkWbCsMU+71C1a+ lLsSYk+fvtVKNBnD21+zmBMWFstFrJ7SZqp7uMLdOJETkBPcGv66W3HkAEn0Wo3V sG1S/NjOHh9WCyjOXSIQHSFg++z0di9vwN/nNX2zynlXP4+AVHC4FlJ9BLEh+Gok LYjqc5dWP+Cojy6zMEDvizI5wgje+wIRmzUMAl2NDgUelm80kMc= =ww3q -END PGP SIGNATURE- --- End Message --- --- Begin Message --- On 2020-10-06 17:33:21 +0200, Jörg Frings-Fürst wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hello, > > upstream has changed the SONAME from libHX.so.28 to libHX.so.32. > Therefore I bump the library package name to libhx32. libhx | 3.25-2| testing| source Cheers -- Sebastian Ramacher signature.asc Description: PGP signature --- End Message ---
Processed: forcibly merging 971669 972236
Processing commands for cont...@bugs.debian.org: > forcemerge 971669 972236 Bug #971669 {Done: Alastair McKinstry } [libopenmpi3] libopenmpi3: armel mipsel: mca_pmix_pmix3x.so: undefined symbol: OPAL_MCA_PMIX3X_PMIx_Get_version Bug #971669 {Done: Alastair McKinstry } [libopenmpi3] libopenmpi3: armel mipsel: mca_pmix_pmix3x.so: undefined symbol: OPAL_MCA_PMIX3X_PMIx_Get_version Added tag(s) ftbfs. Bug #972236 [libopenmpi3] libopenmpi3: mca_pmix_pmix3x.so is still shipped on armel/mipsel 971347 was blocked by: 971669 971347 was not blocking any bugs. Added blocking bug(s) of 971347: 972236 Marked Bug as done Removed indication that 972236 affects src:med-fichier Added indication that 972236 affects src:gromacs,src:mumps,src:dolfinx,src:petsc,src:dolfin The source openmpi and version 4.0.5-7 do not appear to match any binary packages Marked as fixed in versions openmpi/4.0.5-7. Marked as found in versions openmpi/4.0.5-5. Merged 971669 972236 > thanks Stopping processing here. Please contact me if you need assistance. -- 971347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971347 971669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971669 972236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972236 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems