Your message dated Sat, 11 Aug 2018 13:19:36 +0000 with message-id <e1fotns-000bl3...@fasolo.debian.org> and subject line Bug#902628: fixed in curl 7.61.0-1 has caused the Debian Bug report #902628, regarding curl: segfaults with http2 on libcurl 7.60.0 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 902628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: curl Version: 7.60.0-1 Severity: normal Control: affects -1 src:r-cran-curl Forwarded: https://github.com/curl/curl/issues/2674 User: debian...@lists.debian.org Usertags: breaks Hi Maintainer The issue below, detected by autopkgtests, appears to be related to a known bug in curl. Regards Graham On 20 May 2018 at 20:11, Paul Gevers <elb...@debian.org> wrote: > Dear maintainers, > > [This e-mail is automatically sent. V3.2 (20180518)] > > tl;dr: curl/7.60.0-1 appears to break r-cran-curl/3.2-1 autopkgtest in testing > see: https://ci.debian.net/packages/r/r-cran-curl/testing/amd64/ > and https://qa.debian.org/excuses.php?package=curl > > As recently announced [1] Debian is now running autopkgtests in testing > to check if the migration of a new source package causes regressions. It > does this with the binary packages of the new version of the source > package from unstable. > > With a recent upload of curl the autopkgtest of r-cran-curl > started to fail in testing [2]. This is currently delaying the migration > of curl version 7.60.0-1 [3]. > > This e-mail is meant to trigger prompt direct communication between the > maintainers of the involved packages as one party has insight in what > changed and the other party insight in what is being tested. Please > therefore get in touch with each other with your ideas about what the > causes of the problem might be, proposed patches, etc. A regression in a > reverse dependency can be due to one of the following reasons (of course > not complete): > * new bug in the candidate package (fix the package) > * bug in the test case that only gets triggered due to the update (fix > the reverse dependency, but see below) > * out-of-date reference date in the test case that captures a former bug > in the candidate package (fix the reverse dependency, but see below) > * deprecation of functionality that is used in the reverse dependency > and/or its test case (discussion needed) > * regression due to other packages from unstable that are installed to > fulfill (versioned) Depends (contact maintainers of those). > Triaging tips are being collected on the Debian Wiki [4]. > > Unfortunately sometimes a regression is only intermittent. Ideally this > should be fixed, but it may be OK to just have the autopkgtest retried > (a link is available in the excuses [3]). > > There are cases where it is required to have multiple packages migrate > together to have the test cases pass, e.g. when there was a bug in a > regressing test case of a reverse dependency and that got fixed. In that > case the test cases need to be triggered with both packages from > unstable (reply to this e-mail and/or contact the ci-team [5]) or just > wait until the aging time is over (if the fixed reverse dependency > migrates before that time, the failed test can be retriggered [3]). > > Of course no system is perfect. In case a framework issue is suspected, > don't hesitate to raise the issue via BTS or to the ci-team [5] (reply to > me is also fine for initial cross-check). > > To avoid stepping on peoples toes, this e-mail does not automatically > generate a bug in the BTS, but it is highly recommended to forward this > e-mail there (psuedo-header boilerplate below [6,7]) in case it is > clear which package should solve this regression. > > It can be appropriate to file an RC bug against the depended-on package, > if the regression amounts to an RC bug in the depending package, and to > keep it open while the matter is investigated. That will prevent > migration of an RC regression. > > If the maintainers of the depending package don't have available effort > to fix a problem, it is appropriate for the maintainers of the > depended-on package to consider an NMU of the depending package. Any > such an NMU should take place in accordance with the normal NMU rules. > > Neither of the above steps should be seen as hostile; they are part of > trying to work together to keep Debian in tip-top shape. > > If you find that you are not able to agree between you about the right > next steps, bug severities, etc., please try to find a neutral third > party to help you mediate and/or provide a third opinion. Failing that > your best bet is probably to post to debian-devel. > > [1] https://lists.debian.org/debian-devel-announce/2018/05/msg00001.html > [2] https://ci.debian.net/packages/r/r-cran-curl/testing/amd64/ > [3] https://qa.debian.org/excuses.php?package=curl > [4] https://wiki.debian.org/ContinuousIntegration/TriagingTips > [5] #debci on oftc or debian...@lists.debian.org > [6] curl has an issue > ============ > Source: curl > Version: 7.60.0-1 > Severity: normal or higher > Control: affects -1 src:r-cran-curl > User: debian...@lists.debian.org > Usertags: breaks > ============ > [7] r-cran-curl has an issue > ============ > Source: r-cran-curl > Version: 3.2-1 > Severity: normal or higher > Control: affects -1 src:curl > User: debian...@lists.debian.org > Usertags: needs-update > ============
--- End Message ---
--- Begin Message ---Source: curl Source-Version: 7.61.0-1 We believe that the bug you reported is fixed in the latest version of curl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 902...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 11 Aug 2018 13:32:28 +0100 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: source Version: 7.61.0-1 Distribution: unstable Urgency: medium Maintainer: Alessandro Ghedini <gh...@debian.org> Changed-By: Alessandro Ghedini <gh...@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Closes: 883174 888449 902628 903546 Changes: curl (7.61.0-1) unstable; urgency=medium . * New upstream release + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546) https://curl.haxx.se/docs/adv_2018-70a2.html + Fix some crashes related to HTTP/2 (Closes: #902628) * Disable libssh2 on Ubuntu. Thanks to Gianfranco Costamagna for the patch (Closes: #888449) * Bump Standards-Version to 4.2.0 (no changes needed) * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174) Checksums-Sha1: dcf093da928a4d426bf2e3cec1c75658a784def3 2662 curl_7.61.0-1.dsc 34c0f89e01c27070fe3b6f86371791390f464602 3964862 curl_7.61.0.orig.tar.gz 44217062c4c8d1865cc4945076b544543bc0094f 28348 curl_7.61.0-1.debian.tar.xz 8ad4ea8cf3e79e73288018fdd3ff27979d9d1c7f 11241 curl_7.61.0-1_amd64.buildinfo Checksums-Sha256: f7a9c3d60f75ff16dae8bde2efc632d12b5d306d2dd2f0b7bad5ebc61c3f2830 2662 curl_7.61.0-1.dsc 64141f0db4945268a21b490d58806b97c615d3d0c75bf8c335bbe0efd13b45b5 3964862 curl_7.61.0.orig.tar.gz 3bdcd5605cf1e7fdf10aa7009e55ae16fd518e6ae193e262ade19a1d24ce5134 28348 curl_7.61.0-1.debian.tar.xz a18d09d63f19bac9e479335b0dba7ade9380b3dbfb1638094c65b179d1b36864 11241 curl_7.61.0-1_amd64.buildinfo Files: 806380fc99162f0062c118202d9731dc 2662 web optional curl_7.61.0-1.dsc ef343f64daab4691f528697b58a2d984 3964862 web optional curl_7.61.0.orig.tar.gz f8e140d57aa9ebf8fd59cf88b5ba3187 28348 web optional curl_7.61.0-1.debian.tar.xz 9a51930dab5a720745ae8cc6607db3b5 11241 web optional curl_7.61.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAltu3qwACgkQbwzL4CFi RyhBqA/8DbwgvjjRkO/fXo30hfkgn+6EI/mIErGedAHpqJwwHMcWz2WHYU9Zmqti YV4CKoBD+gDol+bYCcNUePrjc1P+WZLjTqQGJGzhO+RR5YwlI/CO8fRRn2SMFd40 v9kSqvT9RP2uQi0bxKiDJhb1vuv2vn6mXDR2RKfnULJAG3LDOs/VIetljp240znw thZKfzwHbKbliFRUu/1uzVJ9zN3zz38gGl3Dlq5/bpC+taUnTLL2AUoGD5DTU8l+ hRhPkSwM/yKHYLytJHvcJVY6USKP9xi75j+2ftyjr/AZyrN9dMTqCOYJs+YUVjve sM8KrOvMcOV4Wb5ZTgSBCm/p4dqKuj1MnUa1k2+7/onMQu+VlZI6uLrhm/L148uB ouD7mt0aqiBQPrsdpRjwTEq91rtHvBRI7nhMGQuONTBwY9+3RJl3KL5IpAkKjNj0 YmtBf1Vlx6FG6alp6mMjV4FX5gH4jHT5MgAfNzFl/lpP1GPEMmJ9/utyNpx3ev6K pQ03nZtk9EKN6MM4xXOi0X8WBl7+59fxXOJ9GCBHEMZZWsTGFYkeVKD5c0ErJH/W c2DVR9CAixKD/ZGB0Lcm+jgQUQCxMEZxEvbVDuxuUGrd43YgT58nXVCD1gQV4C/e Ahxq3OLqoluhTzLe1GSJiMHZO56y+O+cvdwub2lA+c9IGp/7ViA= =cSOr -----END PGP SIGNATURE-----
--- End Message ---
