Bug#915765: FTBFS with pytest 3.10

2018-12-14 Thread Sébastien Delafond
Control: forwarded -1 Control: tag -1 + upstream Let's wait a bit for upstream's take on this issue, that was triggered when pytest 3.10 entered unstable last month. If need be, we could disable TestConfigurationWatcher::* when building the python2 package. Cheers, -- Seb

Bug#893723: 1.9.10 closing 4 bugs

2018-12-12 Thread Sébastien Delafond
Hi fellows, I've got a 1.9.10 nagvis package ready in salsa[0], that fixes four of the currently open bugs including this one. I've also manually included 1:1.7.10+dfsg1-3.2, which wasn't present in the salsa repository. Would you like an actual MR ? I'm also attaching a debdiff of debian/* to

Bug#893723: 893723

2018-12-11 Thread Sébastien Delafond
Control: tag -1 + upstream Control: forwarded -1 https://github.com/NagVis/nagvis/issues/79 This has apparently been closed in "recent releases", although upstream doesn't mention when that happened exactly. Scouring through git log, it appears to be in this commit: commit

Bug#910228: NMU

2018-12-05 Thread Sébastien Delafond
Hi, I just uploaded ruby-gitlab 4.5.0-2 to DELAYED/10. Don't hesitate to cancel or reschedule it if you need to. Cheers, --Seb

Bug#888011: #888011

2018-12-04 Thread Sébastien Delafond
Python3 package, plus upstream bump to 0.3.7, available at: https://github.com/sdelafond/python-jenkinsapi Would you be willing to share or hand over maintenance of this package, ideally on salsa ? Cheers, -- Seb

Bug#910228: Renaming to /usr/bin/ruby-gitlab

2018-11-27 Thread Sébastien Delafond
https://salsa.debian.org/ruby-team/ruby-gitlab/merge_requests/1

Bug#912106: test_auth_aws_region

2018-11-26 Thread Sébastien Delafond
The test_auth_aws_region test tries to make an actual HTTP request, it should be disabled in debian/rules. Cheers, -- Seb

Bug#910228: /usr/bin/ruby-gitlab

2018-11-26 Thread Sébastien Delafond
I'm OK with ruby-gitlab shipping /usr/bin/ruby-gitlab and /usr/share/man/man1/ruby-gitlab.1.gz, so unless someone disagrees I will do that this week. Cheers, -- Seb

Bug#910088: python-pyperclip: please provide a backport of python-pyperclip

2018-10-02 Thread Sébastien Delafond
On Oct/02, Mattia Rizzolo wrote: > Could you please provide a stretch-backports of python-pyperclip? > > If you wish, I'm happy to build such backport myself. Yes, that will be fine: please do ! Cheers, --Seb

Bug#907495: 907495

2018-09-09 Thread Sébastien Delafond
Sure, shipping this as a separate binary package makes sense. A patch would be most welcome. Cheers, --Seb

Bug#725408: org-mode-doc_9.1.14-1_amd64.changes ACCEPTED into unstable

2018-08-24 Thread Sébastien Delafond
On Aug/23, Nicholas D Steeves wrote: > Is that wrong info page bug still valid? It just occured to me that > it should be possible to add a few lines to the elpa-org-mode that > rebinds infopath to put org-mode-doc ahead of emacs' built-in when > elpa-org-mode is loaded. > > If the non emacs

Bug#906976: mitmproxy: FTBFS in buster/sid

2018-08-22 Thread Sébastien Delafond
Control: retitle -1 FTBFS in buster Control: tags -1 - sid + buster thanks In sid it builds fine during the 1st run, as shown here: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/mitmproxy.html The 2nd reproducible run fails because of the "date in the future" thing:

Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet

2018-08-21 Thread Sébastien Delafond
On Aug/21, Chris Lamb wrote: > a) You will take the lead on stable/DSA. > b) I'll carry on with LTS, etc. Yes. --Seb

Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet

2018-08-21 Thread Sébastien Delafond
On Aug/19, Chris Lamb wrote: > Would the security team be interested in one for stretch? If so, I can > return with a proposed debdiff. Sorry, missed your email about this. I'm actually done with the patch on my end. Cheers, --Seb

Bug#865505: php-horde-image 2.3.6-1+deb9u1 (CVE-2017-9773, CVE-2017-9774 & CVE-2017-14650)

2018-08-16 Thread Sébastien Delafond
On Jun/23, Chris Lamb wrote: > I've prepared an upload to fix the following: > > php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high > > * CVE-2017-9773: [...] > > * CVE-2017-9774: [...] > > * CVE-2017-14650: [...] > > The full debdiff is attached. Please let me know if

Bug#903325: delayed/10

2018-08-04 Thread Sébastien Delafond
Hi, I have just uploaded blinker 1.4+dfsg1-0.2, fixing this FTBFS, to DELAYED/10. Don't hesitate to cancel or reschedule it if you need to. Cheers, --Seb

Bug#887332: 887332

2018-07-19 Thread Sébastien Delafond
On Jul/19, Bastien wrote: > > For reference, upstream change is: > > https://code.orgmode.org/bzg/org-mode/commit/b186d1d7236c0dc397eadeb004c9a17eaffd3aab > > I've received this email with no context -- can you tell me more about > this issue at stake? Hi Bastien, this was Debian bug #887332 :

Bug#725408: org-mode 8 info does not show up in info index

2018-06-25 Thread Sébastien Delafond
On Jun/25, Nicholas D Steeves wrote: > I looked up this bug as soon as I remembered that I'd been neglecting > it for some time--thankfully I hadn't set myself as owner. Hi Nicholas, a quick test in unstable shows that: * with emacs25 installed but not emacs25-common-non-dfsg, both info(1)

Bug#894423: mlbviewer: No longer works starting in 2018

2018-06-25 Thread Sébastien Delafond
On Jun/25, Andreas Beckmann wrote: > On Fri, 30 Mar 2018 08:41:38 +0200 Sebastien Delafond > wrote: > > mlbviewer no longer works, starting in 2018[0]. A new implementation > > is in the works[1], with corresponding instructions[2]. It will be > > packaged later, but in the meantime I've filed

Bug#902032: aptly: please provide an aptly-api service

2018-06-22 Thread Sébastien Delafond
On Jun/21, Alexandre Viau wrote: > I would like to add that I am willing to provide a patch that > implements this. That'd be most welcome ! > However, I would only start working on it after aptly is moved to > dh-golang to avoid merging issues. See bug #902038 for that. I've just merged your

Bug#901036: no rm

2018-06-08 Thread Sébastien Delafond
Actually, that won't be possible: dam rm shows libspring-java among other rdeps. We'll just stick with the EOL in debian-security-support. Cheers, --Seb

Bug#897613: RM: redmine/3.0~20140825-8~deb8u4

2018-05-04 Thread Sébastien Delafond
On May/03, Adam D. Barratt wrote: > There's a few r-deps. Walking the tree gives us: > > - redmine-plugin-pretend > - redmine-plugin-recaptcha > - redmine-recaptcha > > I assume the intent is that those also be removed. That is correct, sorry for not mentioning the r-deps initially. Cheers,

Bug#893663: freeplane: CVE-2018-1000069 XXE vulnerability

2018-04-11 Thread Sébastien Delafond
On Apr/10, Felix Natter wrote: > Yes and no. On jessie the patch did not cleanly apply, so I would have > had to apply that change manually. Since removing the import has no > effect on the semantics of the program (as long as it still compiles), > I was too lazy. It should be ok. Let's leave it

Bug#893668: adminer: CVE-2018-7667

2018-03-22 Thread Sébastien Delafond
On Mar/22, Chris Lamb wrote: > > Can I get an ACK from you to upload those to *-security? > > Gentle ping on this? :) Salvatore is mostly away till the end of the week, but he marked those no-dsa on the 21st, so I guess that would go toward s-p-u instead. Cheers, --Seb

Bug#888316: jackson-databind: CVE-2018-5968

2018-02-10 Thread Sébastien Delafond
On Jan/27, Markus Koschany wrote: > I have prepared security updates of jackson-databind for Stretch and > Jessie and would appreciate another look at the patches. > > The fix for CVE-2018-5968 is straightforward. The blacklist is simply > extended. > > However upstream decided to refactor the

Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.

2018-02-10 Thread Sébastien Delafond
On Feb/09, Fabian Greffrath wrote: > Salvatore Bonaccorso wrote: > > The current issues which were fixed in DLA-1077-1 are all no-dsa, so > > thei did not warrant a DSA via security.d.o. Can you fix those issues > > via upcoming point releases? > > yes, probably. But I guess that's not Mikulas'

Bug#887332: 887332

2018-02-01 Thread Sébastien Delafond
Control: tag -1 + upstream Hi Russ, this doesn't seem to be supported directly in Org, but you could probably get the behavior you're after using function advising. The following (untested) is bit too far reaching, as ideally you'd save only the corresponding archive file, but should give you a

Bug#887333: 887333

2018-02-01 Thread Sébastien Delafond
Control: tag -1 + confirmed pending You're right, since 9.0.9+dfsg-2 modules under contrib/ are shipped just like the other org modules. This was a common request, see for instance #610699 and #728621). I'll remove the obsolete entry in README.Debian in the next upload. Cheers, --Seb

Bug#881282: 1.4 delayed/10

2018-01-11 Thread Sébastien Delafond
Hi, I have just uploaded blinker 1.4+dfsg1-0.1 (only the new upstream version, without any changes to the packaging) to DELAYED/10. Don't hesitate to cancel or reschedule it if you need to. Cheers, --Seb

Bug#886433: #886433

2018-01-06 Thread Sébastien Delafond
Control: tag -1 confirmed pending The testing/ directory is new in recent in org-mode releases, and I missed it when repacking org-mode-doc. I'll fix correct this with the next upstream release. Cheers, --Seb

Bug#881282: 1.4

2018-01-03 Thread Sébastien Delafond
severity -1 minor Hello, I'd really like for mitmproxy to be able to re-enter testing, and blinker > 1.4 is the last remaining requirement for this. I've built updated 1.4 blinker packages, and they seem to work fine so far: no changes needed under debian/, a simple uupdate did it. Please Let

Bug#884873: python-pyperclip: move to gtk+3 to avoid use of mutual exclusive gtk+2/gtk+3 modules

2018-01-01 Thread Sébastien Delafond
I had to slightly adjust the patch for 1.6.0, but it's in now. Cheers, --Seb On Dec/20, Corey Bryant wrote: > Package: python-pyperclip > Version: 1.5.32-1 > Severity: normal > Tags: patch > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu bionic ubuntu-patch > > Dear Maintainer,

Bug#882274: stretch-pu: package nova/2:14.0.0-4 - using uwsgi-plugin-python for nova-placement-api

2017-12-09 Thread Sébastien Delafond
On Dec/09, Adam D. Barratt wrote: > For the record, reviewing the diff of the -security upload, I notice > that the change actually adds *two* runtime dependencies - the second, > which was not mentioned in this pre-approval request, nor included in > the proposed diff, being python-pastescript.

Bug#882808: construct: construct 2.8 is not compatible with 2.5.

2017-11-29 Thread Sébastien Delafond
Hi Jonathan, I have just uploaded construct/2.8.16-0.2, closing #882808, to DELAYED/10. Don't hesitate to cancel or reschedule it if you need to. Cheers, --Seb

Bug#882808: construct: construct 2.8 is not compatible with 2.5.

2017-11-27 Thread Sébastien Delafond
On Nov/26, Hilko Bengen wrote: > The plaso and dfvfs packages are maintained by me and are affected by > the API breakage. > [...] > I think I am going to package construct-legacy, based upon > . This makes the most sense: I don't think it's

Bug#879718: aptly: Aptly can't handle deb packages built using dpkg 1.19.0+

2017-11-13 Thread Sébastien Delafond
On Nov/13, Boyuan Yang wrote: > Pushing changes only into backports repository might not be enough > since the backports repository is not enabled by default. Users of > Debian Stable will still encounter this bug with default installation. > > Could you please consider pushing the changes into

Bug#879718: aptly: Aptly can't handle deb packages built using dpkg 1.19.0+

2017-11-12 Thread Sébastien Delafond
On Nov/11, Boyuan Yang wrote: > However, aptly in Stretch and Jessie are still left unfixed. Will you > backport the patch and provide stable updates later? It's already in stretch-backports, but I don't plan on doing jessie-backports. Cheers, --Seb

Bug#849634: #849634 python3-construct: New upstream version 2.8 available

2017-11-09 Thread Sébastien Delafond
Hi Jonathan, I have just uploaded construct/2.8.16-0.1 (only the new upstream version, without any changes to the packaging) to DELAYED/10. Don't hesitate to cancel or reschedule it if you need to. Cheers, --Seb

Bug#861163: 861163

2017-11-02 Thread Sébastien Delafond
Sorry, never got around to actually looking into that. At this point the best I can do is provide 1.1.1 in stretch-backports I guess...

Bug#879718: aptly: Aptly can't handle deb packages built using dpkg 1.19.0+

2017-11-02 Thread Sébastien Delafond
On Nov/02, Boyuan Yang wrote: > Control: severity -1 grave > Control: tags -1 + fixed-upstream > > Upstream now has a fix in trunk code. Just cherry-picked the fix and > confirmed that everything works well. I'm looking forward to seeing a > fixed version into Debian testing/unstable and

Bug#873088: git-annex security issue backports

2017-10-26 Thread Sébastien Delafond
On Oct/26, Antoine Beaupré wrote: > Right, how does that look then? > > https://gitlab.com/anarcat/git-annex/commit/b21ccd25ecd4cad0efcc8f4f0c94ad99ce32cd04 Nah, +deb8u1 ;) > Then I can just upload this to security-master? Yep. Cheers, --Seb

Bug#873088: git-annex security issue backports

2017-10-26 Thread Sébastien Delafond
On Oct/26, Antoine Beaupré wrote: > I have also backported joey's patch to jessie. It was simpler than > wheezy because the code is much more similar. The resulting patch is > available here: > > https://gitlab.com/anarcat/git-annex/commit/58daf6cbe4c1ea1cf71f3a538a0e27b5075c7265 > > As

Bug#878258: OVAL title field improvement

2017-10-16 Thread Sébastien Delafond
On Oct/11, Philippe Thierry wrote: > The current Debian OVAL files title field contains the reference id, > making it redundant with the reference ref_id field. As a consequence, > the resulting report doesn't show the affected software. is it > possible to show the software name in the title

Bug#872078: confirmed

2017-08-14 Thread Sébastien Delafond
Control: tag -1 confirmed Indeed, the new libconfuse in sid (3.2+dfsg-1) causes i3status to first generate this statement: internal error in cfg_init_defaults(order) After that, it will fail to parse whatever follows, for instance: * no such option 'general' Downgrading libconfuse* to

Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection

2017-08-12 Thread Sébastien Delafond
On Aug/12, Thorsten Glaser wrote: > I’m attaching one for stretch, and if it pleases you, I’ll do them in > the same vain for jessie and wheezy and upload them. (As I said, they > will all look identical, the code has not changed in quite a while… > the file in question did not change *at all*,

Bug#871810: cvs: CVE-2017-12836: CVS and ssh command injection

2017-08-11 Thread Sébastien Delafond
On Aug/11, Thorsten Glaser wrote: > For {,{,old}old}stable-security, this should suffice: > [...] Would you be able to produce debdiffs for jessie and stretch, so we can review them and give you the go-ahead to upload to security-master ? Cheers, --Seb

Bug#871568: Debian OVAL Files Improvement

2017-08-09 Thread Sébastien Delafond
On Aug/09, Moritz Muehlenhoff wrote: > > I wanted to ask if it would be possible for the XML files that the > > script you run will include the rating of the DSA > > advisory? > > DSA advisories intentionally don't have a severity rating and we're > not planning to add one (since the severity

Bug#864728: binary package information

2017-07-25 Thread Sébastien Delafond
Hello, have you been able to explore either of those ways ? I'd be interested in looking at what you were able to implement :) Cheers, --Seb

Bug#849634: 2.8.12

2017-07-25 Thread Sébastien Delafond
For what it's worth, a plain uscan called produced a working 2.8.12 (most recent upstream version available) package for me this morning :) Cheers, --Seb

Bug#867421: python3-certifi: missing python3 dependency

2017-07-06 Thread Sébastien Delafond
Ah, thanks a lot, I'll fix it tomorrow ! Cheers, --Seb On Jul/06, Adrian Bunk wrote: > Package: python3-certifi > Version: 2016.2.28-1 > Severity: serious > Tags: patch > > Due to a cut'n'paste error the python3 dependency is missing. > > Fix: > > --- debian/control.old2017-07-06

Bug#867278: mitmproxy: DistributionNotFound: The 'typing==3.5.2.2' distribution was not found and is required by mitmproxy

2017-07-05 Thread Sébastien Delafond
I'm in the process of packaging the latest mitmproxy and its dependencies, and this unfortunately can't quite be done atomically. In the meantime, the failing/missing dependencies in sid can be gotten from jessie; I know it's a sub-par solution, but at this point there isn't much else I can do.

Bug#867250: 867250

2017-07-05 Thread Sébastien Delafond
I'm in the process of packaging the latest mitmproxy and its dependencies, and this unfortunately can't quite be done atomically. In the meantime, the missing dependencies in sid can be gotten from jessie; I know it's a sub-par solution, but at this point there isn't much else I can do. Cheers,

Bug#725408: Debian bug #725408

2017-06-29 Thread Sébastien Delafond
On Jun/28, Nicholas D Steeves wrote: > This bug hasn't seen any activity for some time, so I thought I'd > update it for 8.2.10-1 (jessie) with emacs24-common-non-dfsg > installed. The command "info org" shows the manual for Org version > 8.2.10; however, the Emacs info mode (C-h i m org) shows

Bug#826943: patch

2017-06-22 Thread Sébastien Delafond
tag -1 + patch thanks Hello Pierre, any plans to integrate this change ? Cheers, --Seb

Bug#838561: 503 on lw07

2017-06-20 Thread Sébastien Delafond
Following up on this, the problem seems to be varnish-related; on lw07, with a curl client eventually receiving a 503, the corresponding varnishlog conversation with its apache backend looks like this: * << BeReq>> 2818775 - Begin bereq 2818774

Bug#864728: OVAL & binary packages

2017-06-20 Thread Sébastien Delafond
No real preferences, but at first glance I'd be worried about performance. The OVAL files are generated several times a day, and fetching *all* the associated informations about binary packages for each vulnerability could potentially take time. I'd be willing to see a proof-of-concept, though,

Bug#864761: OVAL

2017-06-20 Thread Sébastien Delafond
Hello, thanks a lot for the patch. So, two things here: 1. the move away from minidom, which is undoubtedly a good thing. 2. switching to per-release instead of per-year, which is not as clear-cut IMO. We can do #1 right away, if you split the patch, but for #2 I'd like to hear more

Bug#862556: CVE-2017-9058

2017-05-18 Thread Sébastien Delafond
This was assigned CVE-2017-9058.

Bug#857343: #857343: logback deserialization vulnerability

2017-03-28 Thread Sébastien Delafond
On Mar/28, Markus Koschany wrote: > apparently logback < 1.2.0 is vulnerable to a deserialization issue. > They announced it on February 8th 2017 but it appears no CVE has been > assigned yet. [1] Fixing commit is at [2] The bug reporter claims it is > the same issue as CVE-2015-6420 but I cannot

Bug#856539: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)

2017-03-19 Thread Sébastien Delafond
On Mar/18, Holger Levsen wrote: > I've done all this now. > > Will you write and send the DSA? I guess the text should basically > just be something like what we wrote in debian/changelog: > > * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant > with apache 2.4.25

Bug#856539: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)

2017-03-16 Thread Sébastien Delafond
On Mar/10, Sébastien Delafond wrote: > I meant a debdiff specifically targetting jessie-security. Please > change jessie to jessie-security, set severity to high, and upload to > security-master (no source-only upload). Hi Petter, are you still planning to upload this ? Cheers, --Seb

Bug#856539: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)

2017-03-09 Thread Sébastien Delafond
On Mar/10, Petter Reinholdtsen wrote: > The debdiff for jessie is in bts already. I meant a debdiff specifically targetting jessie-security. Please change jessie to jessie-security, set severity to high, and upload to security-master (no source-only upload). Cheers, --Seb

Bug#856539: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)

2017-03-09 Thread Sébastien Delafond
On Mar/09, Holger Levsen wrote: > Dear security team, > > On Thu, Mar 09, 2017 at 07:20:40PM +, Adam D. Barratt wrote: > > On Thu, 2017-03-02 at 09:50 +, Holger Levsen wrote: > > > On Thu, Mar 02, 2017 at 09:12:34AM +0100, Petter Reinholdtsen wrote: > > > > Usertags: pu > > > > > > > >

Bug#856117: tnef update in unstable

2017-02-28 Thread Sébastien Delafond
Hi Kevin, those 4 security issues were fixed via DSA-3798-1 in jessie-security, by backporting the appropriate upstream changes (thanks to Thorsten for doing that). I've verified 1.4.13 only contains those security fixes, and no new major evolution or feature, so could you please prepare and

Bug#774055: tmuxp

2017-02-18 Thread Sébastien Delafond
I'll take care of packaging this. Cheers, --Seb

Bug#855142: security bug closed without fix

2017-02-15 Thread Sébastien Delafond
On Feb/16, Henri Salo wrote: > Shouldn't this be closed AFTER the fix is available? Especially since this is > a > security issue. Yes. Bastien, can you please reopen this ? Cheers, --Seb

Bug#855216: unblock: singularity-container/2.2-2

2017-02-15 Thread Sébastien Delafond
Dear Release Managers, the Security Team has reviewed the diff related to this security problem, and we support the unblock request. Cheers, --Seb

Bug#853082: dfvfs

2017-02-03 Thread Sébastien Delafond
Hello, I think this should be tracked as an upstream wishlist bug in dfvfs, so it supports construct >= 2.8.8. Do you want to file that upstream ? As for the freeze, I definitely agree python-construct 2.8.8 shouldn't enter stretch. Cheers, --Seb

Bug#852095: icicles: please migrate to emacs25 soon

2017-01-22 Thread Sébastien Delafond
On Jan/21, Rob Browning wrote: > We'd like to remove emacs24 from the archive, so please try to upgrade > to emacs25, or add optional support for emacs25 as soon as you can. > > For example, assuming the package works with emacs25, a dependency like > > emacs25-nox | emacs25 | emacs24 | ... >

Bug#851927: 851927

2017-01-19 Thread Sébastien Delafond
I see the same problem, even with -enable-rmeote-extensions (which seems to be about *installing* remote extensions, not enabling already-installed ones). However, my local extensions are still present (see ~/.config/chromium/Default/Extensions/*), and downgading to the version in stretch

Bug#850176: Regression

2017-01-13 Thread Sébastien Delafond
The Security Team will issue a DSA regression update shortly. Cheers, --Seb

Bug#849849: CVE-2016-9877 / #849849 fix for Jessie

2017-01-10 Thread Sébastien Delafond
On Jan/11, Thomas Goirand wrote: > Debdiff is attached (and also available from there). Please allow me > to upload. Thanks for your contribution, please upload. Cheers, --Seb

Bug#850611: src:org-mode: Please document elpa-like snapshot date in changelog

2017-01-08 Thread Sébastien Delafond
On Jan/08, Olivier Berger wrote: > It seems that upstream's elpa or melpa provide versions of the > packages, and there, versioning is like 20161224. However there's > nothing in /usr/share/doc/org-mode/ that indicates a corresponding > date. For this, you can hit something like

Bug#849531: Possible security problem, new logwatch sends mails with charset UTF-8

2017-01-02 Thread Sébastien Delafond
On Dec/31, Willi Mann wrote: > I would like to get your input on bug #849531 [1]. > [...] > So my question is: Is it a security issue if a script sends e-mails > with encoding=utf-8, but potentially containing invalid utf-8 strings? > If yes, what would be the (minimum) requirements to address

Bug#849648: mitmproxy: Unnecessary Build-Depends on python-cffi (and broken Vcs-Git field)

2016-12-30 Thread Sébastien Delafond
On Dec/31, Carlos Maddela wrote: > Sorry, this part was my fault. Don't sweat it, your previous patches helped tremendously. > > Patches attached. I had already fixed the issue in my git tree, and am currently waiting on an extra dependency to be uploaded for sid, so that I can package

Bug#846366: ITP: bcc -- Command line tools for BPF Compiler Collection (BCC)

2016-12-30 Thread Sébastien Delafond
On Dec/29, Ritesh Raj Sarraf wrote: > I've just pushed my changes to the git repo. Could you please review > it once ? I'd like you to have your comments/feedback before we > decide on uploading it. > > Apart from the main file name change, there are other minor changes. It all looks good to

Bug#846366: ITP: bcc -- Command line tools for BPF Compiler Collection (BCC)

2016-12-29 Thread Sébastien Delafond
On Dec/29, Ritesh Raj Sarraf wrote: > I think we should stick with this proposal of appending the type along > with the name. > > 1. On autocompletions, it'd autocomplete to "execsnoop-", which is an > invalid name either way. This will expect the user to pay attention > and fire the correct

Bug#848609: python-jsbeautifier: please provide a jsbeautifier binary (using python3?)

2016-12-19 Thread Sébastien Delafond
On Dec/18, Mattia Rizzolo wrote: > common way to package python application that also ship a module would > be to put the /usr/bin/foo in a 'foo' binary, and the python module > /usr/lib/python2.7/dist-packages/foo in a 'python-foo' binary. I > believe you're also getting lintian tags for this,

Bug#846850: mitmproxy uninstallable in current Sid and soon Stretch Testing (again)

2016-12-16 Thread Sébastien Delafond
On Dec/15, Maximilian Hils wrote: > (2) mitmproxy may still be installable, but it potentially just > breaks due to backwards-incompatible changes within the dependency. > If I understand things correctly, there's no automated testing that > would alert someone in either case, so (2) may be

Bug#846850: mitmproxy uninstallable in current Sid and soon Stretch Testing (again)

2016-12-15 Thread Sébastien Delafond
On Dec/14, Maximilian Hils wrote: > Upstream here. If there's anything we can do to make your life easier, > please let us know! > > We only list known compatible versions in setup.py as we'd like to > avoid running around with the fire extinguisher every time one of our > dependencies publishes

Bug#846850: mitmproxy uninstallable in current Sid and soon Stretch Testing (again)

2016-12-14 Thread Sébastien Delafond
On Dec/13, Bob Proulx wrote: > Therefore I don't have a good idea of what to do here. I only know > that it is an impossible system. I feel certain this can't be > necessary. While I appreciate your concern, and am also pained by seeing so many versioned conflicts, what you *feel* is

Bug#831857: Security update for libupnp (CVE-2016-6255, CVE-2016-8863)

2016-12-13 Thread Sébastien Delafond
On Dec/13, Uwe Kleine-König wrote: > I had the impression that the 2nd might be bad, too. There is no > public exploit available, but AFAIK writing to unallocated memory is > dangerous? Yes, it is, you're right. But the first one is such an obvious flaw, that it doesn't require any sort of

Bug#831857: Security update for libupnp (CVE-2016-6255, CVE-2016-8863)

2016-12-13 Thread Sébastien Delafond
On Dec/13, Uwe Kleine-König wrote: > Do you consider CVE-2016-6255 and CVE-2016-8863 bad enough to make a > security update for it? If so, I suggest the following debdiff. Yes, the first one is bad, so let's fix both via a DSA. Could you please provide a debdiff with

Bug#812388: Man page

2016-12-12 Thread Sébastien Delafond
On Dec/12, Carlos Maddela wrote: > I think it would still be worth it maintaining man pages. It's much > more convenient to quickly look something up in man pages than > elsewhere, so I've taken the time to create markdown files of the > documentation, which can be converted into man pages with

Bug#846850: mitmproxy uninstallable in current Sid and soon Stretch Testing (again)

2016-12-05 Thread Sébastien Delafond
On Dec/03, Bob Proulx wrote: > By my count there are 23 "<<" dependencies in use with mitmproxy! > Wow! That is a lot of very fragile and breakage prone packages. It > is doomed to have repeated breakages in Sid and Testing as those > modules get uploaded. It isn't a good way to do things.

Bug#846366: ITP: bcc -- Command line tools for BPF Compiler Collection (BCC)

2016-11-30 Thread Sébastien Delafond
Hi Ritesh, I agree with you, there is no reason we can't coexist :) However, perf-tools-unstable doesn't seem to be much more updated these days, and it sorta worries me, especially since Brendan Gregg mentions on his blog that bcc seems to be the future: in that light, do you still see a need

Bug#845059: python-fuse: Please provide a debug package

2016-11-22 Thread Sébastien Delafond
As I was looking into adding an explicit python-fuse-dbg package, I recalled that with recent versions of dh, -dbgsym packages are automatically provided on debug.mirrors.debian.org. See: https://wiki.debian.org/AutomaticDebugPackages

Bug#843687: mitmproxy: FTBFS: AttributeError: 'module' object has no attribute 'SSL_ST_INIT'

2016-11-09 Thread Sébastien Delafond
On Nov/09, Chris Lamb wrote: > > mitmproxy builds fine in an up-to-date sid amd64 chroot here. How can I > > reproduce your problem ? > > How up-to-date? :) I've just updated mine (again) and it fails with the same > error. tag 843687 + confirmed You're right, I just tried it this morning, and

Bug#843687: mitmproxy: FTBFS: AttributeError: 'module' object has no attribute 'SSL_ST_INIT'

2016-11-09 Thread Sébastien Delafond
Hi, mitmproxy builds fine in an up-to-date sid amd64 chroot here. How can I reproduce your problem ? Cheers, --Seb On Nov/08, Chris Lamb wrote: > Source: mitmproxy > Version: 0.18.1-2 > Severity: serious > Justification: fails to build from source > User:

Bug#842016: brotli: New version available upstream

2016-10-26 Thread Sébastien Delafond
On Oct/25, Tomasz Buchert wrote: > Hmm, where did you find the version 0.6.0? I see only 0.5.2 which I've > just uploaded and which should be good enough for you. Let me know if > you have problems. I see 0.6.0 here: https://pypi.python.org/pypi/brotlipy/0.6.0. But 0.5.2 will do just fine indeed

Bug#835725: #835725

2016-09-29 Thread Sébastien Delafond
python-netlib is now part of the mitmproxy source, and will disappear from unstable once a newer mitmproxy is packaged and uploaded. Cheers, --Seb

Bug#832908:

2016-08-02 Thread Sébastien Delafond
FWIW, the vendor has closed https://jira.mongodb.org/browse/SERVER-25335 with "Works as Designed". If someone wants to follow up on explaining to mongodb upstream why umask shouldn't prevent them from applying proper permissions where needed, they're welcome to do so. ssh-keygen(1) would be a

Bug#829288: org-mode & dh_elpa

2016-07-13 Thread Sébastien Delafond
tag 829288 - pending thanks As this is not as straightforward as it originally looked, I'm removing the pending tag: the packaging of org-mode in Debian doesn't use the version in ELPA, but instead uses an upstream tarball that doesn't include the non-DFSG-compatible documentation. The package

Bug#829588: org-mode: freemind exporter not activated/installed

2016-07-04 Thread Sébastien Delafond
On Jul/04, Arnaud Legrand wrote: > the /usr/share/org-mode/lisp/ox-freemind.el exporter shipped with > org-mode is not installed in /usr/share/emacs24/site-lisp/org-mode. As > a consequence a (require 'ox-freemind) fails and does not allow to > easily benefit from this exporter. Once a symbolic

Bug#738199: Progress

2016-07-04 Thread Sébastien Delafond
A quick note to report progress on this issue. I'm having a hard time working with CVS after such a long time, so I've setup a git repository for the oval generator: https://github.com/sdelafond/debian-oval I started with Nicholas' parseJSON2Oval.py, and am making progress toward aggregating

Bug#829288: please convert org-mode to use dh_elpa

2016-07-01 Thread Sébastien Delafond
tags + 829288 confirmed pending thanks Excellent suggestion, thanks: I'll convert it this week. Cheers, --Seb On Jul/02, Sean Whitton wrote: > Source: org-mode > Severity: wishlist > Version: 8.3.4-1 > > Dear maintainer, > > It would be great if you could convert org-mode to use the new

Bug#806635: Man page

2016-07-01 Thread Sébastien Delafond
Upstream doesn't provide a manpage, and is not interested in one; as I don't have the bandwidth to maintain it on my own, I think it should just be dropped from the Debian package: it's worse to have a non accurate manpage than none at all. Unless someone strongly disagrees, I'll do this next

Bug#823353: mitmproxy: Does not work with netlib 0.15

2016-05-09 Thread Sébastien Delafond
Hi Mathias, any chance you can your full list of dependencies like I asked in the previous message ? Otherwise I'll close this bug, as I really cannot reproduce it. Cheers, --Seb

Bug#823353: mitmproxy: Does not work with netlib 0.15

2016-05-04 Thread Sébastien Delafond
tag 823353 + moreinfo It certainly works fine here, with the following list of dependencies (provided by reportbug): Versions of packages mitmproxy depends on: ii python-blinker 1.3.dfsg2-1 ii python-click 6.2-2 ii python-configargparse 0.10.0-2 ii

Bug#819496: #819496

2016-04-04 Thread Sébastien Delafond
By default ~/.local seems to be 700, so I don't think you're correct in assuming anyone can read ~/.local/share/clipit/history. Am I missing something ? Cheers, --Seb

  1   2   3   >