Bug#869222: Invalid DNSSEC signatures

* Arnaud Launay [171010 15:48]: > Any chance on seeing this bug corrected in regular stretch (or at > least as a backport) ? stretch-pu bug: #878173 Cheers, C.

Bug#854210: libnet-xmpp-perl: sendxmpp can't send message to hangouts (work fine for 1.02-5)

Hey everyone, I've just stumbled across this bug, because we're using some not-packaged software that worked fine on jessie, and on stretch fails to connect to our internal jabber server. It basically does this: my $connection = Net::Jabber::Client -> new( debugLevel => $jabberdebug );

Bug#882958: stretch-pu: package pdns-recursor/4.0.4-1+deb9u2

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Security update using upstream patches to fix CVE-2017-15090, CVE-2017-15092, CVE-2017-15093, CVE-2017-15094. DSA has marked those as non-DSA but suggested fixing through a stable

Bug#882960: jessie-pu: package pdns-recursor/3.6.2-2+deb8u4

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Security update using upstream patch for CVE-2017-15093. DSA has marked this non-DSA but suggested fixing this through an (old)stable update. debdiff attached. Thanks, Chris diff

Bug#882959: stretch-pu: package pdns/4.0.3-1+deb9u2

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Security update using upstream patch, for CVE-2017-15091. DSA has marked this no-DSA but suggested that this should be fixed via stable-updates. 4.0.3-1+deb9u1 is already in p-u,

Bug#882961: jessie-pu: package pdns/3.4.1-4+deb8u8

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Security update for CVE-2017-15091. DSA has marked this no-DSA but suggested this goes through (old)-stable-updates. debdiff attached. Thanks, Chris diff -Nru

Bug#884069: Bug#883938: RFT: Candidate fix for boot failure of Debian 8.10 on various x86 systems

Hi, * Ben Hutchings [171214 11:37]: > Apologies for this regression. Salvatore Bonaccorso has tracked down > which change in 3.16-stable triggers the crash, and I identified some > related upstream changes which appear to fix it. An updated package is > available at: > >

Bug#880691: [DRE-maint] Bug#880691: ruby-yajl: diff for NMU version 1.2.0-3.1

* Salvatore Bonaccorso [171108 07:45]: > Dear maintainer, > > I've prepared an NMU for ruby-yajl (versioned as 1.2.0-3.1) and > uploaded it to DELAYED/5. Please feel free to tell me if I > should delay it longer. LGTM, feel free to reschedule to 0? Thanks, C.

Bug#878173: stretch-pu: package pdns/4.0.3-1+deb9u1

* Adam D. Barratt [171029 19:16]: > Control: tags -1 + confirmed > Please make the changelog distribution "stretch", and feel free to > upload. Changed and uploaded, thanks. > Does this also affect the package in jessie? After asking upstream about this and checking

Bug#859157: multipath-tools: after bootup multipathd timeout on commands - requires daemon restart

* Ritesh Raj Sarraf [180612 07:26]: > On Thu, 2018-05-31 at 15:29 +0200, Chris Hofstaedtler wrote: > > > For Debian, this could be a good candidate for a Stable update, > > > later after the > > > Stretch release. We should continue to keep this bug open until > &

Bug#900347: [DRE-maint] Bug#900347: Gitlab - wrong amount of pages

* Holger Wansing [180529 13:09]: > When watching the list of projects for a team, there is an issue > with the amount of pages for switching page-wise. > Means: go to the list of the installer team > https://salsa.debian.org/installer-team > and scroll down to the bottom, you see there are in

Bug#859157: multipath-tools: after bootup multipathd timeout on commands - requires daemon restart

Hey Ritesh, * Ritesh Raj Sarraf [180531 13:27]: > On Fri, 2017-04-07 at 15:45 +0200, Alban Browaeys wrote: > > upstream proposed fix : https://marc.info/?l=dm-devel=149154583809387 > > =2 . > > > > I tested a backport of this patch to release 0.6.4. > > Please find it attached. > > > > There

Bug#897279: [DRE-maint] Bug#897279: marked as done (libruby2.5: circular dependency hell)

Control: reopen 897279 > I have just uploaded fixed versions of rake and ruby-test-unit, therefore > breaking the cycles. But now: % rake zsh: /usr/bin/rake: bad interpreter: /usr/bin/ruby: no such file or directory I'd consider this to be more important than some alleged possible upgrade

Bug#888031: RM: pdns-recursor [armel] -- ROM; no longer builds; likely unusable

Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove pdns-recursor from armel. It no longer builds there, and considering the usefulness / runtime requirements any effort to fix that is in my opinion a timesink with no benefit. Thanks, Chris signature.asc Description: PGP

Bug#888089: botan1.10 EOL

Source: botan1.10 Upstream has announced that security support for botan1.10 will end latest December 2018. Given the small number of rdepends it might be wise to get botan1.10 out of testing. rdepends: monotone: monotone [amd64 arm64 armel armhf i386 mips mips64el mipsel powerpc ppc64el

Bug#889675: RM: botan1.10 -- ROM; obsolete

Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove botan1.10. It is obsolete. Note rgd. ROM: discussed this with Ondrej in person. Thanks, Chris

Bug#889798: pdns-backend-mysql: Queries calling stored procedures break PowerDNS in weird ways

I'm not opposed to this, but I consider this to be a higher risk change than you make it sound. As such I'd only merge this if it has seen enough testing first. Please get upstream to stick this into a stable release. In any case, d-release usually requires fixes to land in unstable before they

Bug#904870: autopkgtest: calls su with an empty username, thus fails

Package: autopkgtest Version: 5.4.1 Severity: grave Justification: renders package unusable Dear autopkgtest Maintainers, In various situations autopkgtest calls /bin/su with an empty string for the username. The old su (from login) ignored this, but newer su versions (from util-linux 2.32-0.2)

Bug#904736: grml-debootstrap: Enabling backports repo fails

Package: grml-debootstrap Version: 0.78 Severity: normal Installing stretch with --backportrepos fails with this error: Backports for stretch are not available. I imagine this is because http://backports.debian.org/ no longer directly serves any distribution files. NB: this is indeed the

Bug#882674: mount: Mounting a remote samba share in /etc/fstab as cifs mounts it read-only.

Control: tags -1 + moreinfo Tagging this moreinfo as I cannot reproduce the problem locally with these package versions: cifs-utils 2:6.8-2 linux-image-4.17.0-1-amd64 4.17.8-1 linux-image-amd64 4.17+95 util-linux 2.32-0.3

Bug#905742: bsdmainutils: use util-linux implementations of various utilities?

Package: bsdmainutils Hi Michael, I've noticed bsdmainutils ships a number of binaries that are also in the util-linux source. I don't know what the upstream/maintenance status of bsdmainutils is. Are you interested in letting util-linux ship these binaries instead of bsdmainutils? AFAICT the

Bug#847122: seriously outdated version, please upgrade

* Daniel Baumann [180809 09:46]: > 0.4 as found in unstable is from 2012. please upgrade to a recent > release (0.6 from july), [..] By now there's an 1.0 release. Chris

Bug#905528: mount: nofail

Control: reassign -1 systemd-sysv * Seamus de Mora [180812 18:02]: > Package: mount > Version: 2.29.2-1+deb9u1 > Severity: normal [..] > Distributor ID: Raspbian > Description: Raspbian GNU/Linux 9.4 (stretch) > Codename: stretch [..] > Init: systemd (via /run/systemd/system) Reassigning to

Bug#904307: stretch-pu: package multipath-tools/0.6.4-5+deb9u1

* Cyril Brulebois [180728 17:36]: > Adam D. Barratt (2018-07-28): > > Control: tags -1 + moreinfo d-i > > > > On Mon, 2018-07-23 at 06:34 +0000, Chris Hofstaedtler wrote: > > > The update would fix #859157, which is causing me headache on our > > > produc

Bug#689605: multipath-tools: no default multipath.conf

Control: tags -1 + moreinfo * Andreas Pflug [180812 17:12]: > Since the multipath-tools package includes no standard multipath.conf, > multipathd will grab any new block device. This can lead to surprising and > hard debug effects. > e.g. attaching a device in a XEN dom0 domain will render the

Bug#689605: multipath-tools: no default multipath.conf

Control: tags -1 + upstream Control: retitle -1 multipath-tools: blacklist Xen devices by default * Andreas Pflug [180811 14:47]: > Package: multipath-tools > Version: 0.4.8+git0.761c66f-10 > Severity: normal > > Since the multipath-tools package includes no standard multipath.conf, >

Bug#625200: Add debconf warning stating that the package can prevent boot

Hi Laurent, * Laurent Bigonville [180811 14:52]: > Version: 0.4.8+git0.761c66f-9 [..] > It could be interesting to add a debconf warning stating that the > package can prevent to boot if the package is installed and that the > local disk is not blacklisted in the config. Current versions

Bug#580312: multipath-tools: multipathd segfaults when restarted

Vincent, * Vincent McIntyre [180811 15:09]: > Package: multipath-tools > Version: 0.4.8-14+lenny2 > Severity: normal > > I have a simple setup with a Promise VTrak E610f direct-connected > to a Dell 2950 with LSI FC949SE card. There is only one FC connection. > Two LUNs are exposed by the

Bug#571617: multipath-tools: multipathd "switch multipath group" leads to strange state

Hello John, sorry for the late reply. * John Hughes [180811 19:37]: > Version: 0.4.8+git0.761c66f-7 [..] > doing repeated "switch multipath group" commands leaves a multipath in > a strange state with both paths "enabled". > >multipathd> show multipath 35000c50012b1450f topology >

Bug#891077: kpartx -d doesn't cleanup

Control: tags -1 + upstream confirmed > >> If I execute the following testcase: > >> #!/bin/bash -xe > >> IMAGE_PATH=bug.img [..] > >> sudo kpartx -a "${IMAGE_PATH}" > >> sudo kpartx -d "${IMAGE_PATH}" > >> then kpartx won't cleanup its loop devices: Indeed. The

Bug#896085: tk8.5: Time to remove from Debian

Control: clone 896085 -2 Control: reassign -2 ftp.debian.org Control: retitle -2 RM: tk8.5 -- ROQA; obsolete Control: affects -2 src:tk8.5 * Sergei Golovan [180809 20:47]: > Source: tk8.5 > > Tcl/Tk 8.5 has reached its end-of-life, so it's time to remove it from Debian. > Applications which use

Bug#889556: monotone: (Build-)Depends on obsolete libbotan1.10-dev

Hi Markus, * Markus Wanner [180809 20:52]: > On 03/09/2018 10:32 AM, Jack Lloyd wrote: > > 2.4.0 was just (in last week or so) packaged for buster - > > https://packages.debian.org/buster/libbotan-2-4 > > oh, very nice. Looks like I searched only "stable". Thank you for the hint. Is there any

Bug#889557: ovito: (Build-)Depends on obsolete libbotan1.10-dev

Dear ovito Maintainers, is there any update on progress of porting to botan2, or at least moving off botan1.10? Cheers, Chris

Bug#905409: upgrade of util-linux and login break the xhost command for other users

* Helge Kreutzmann [180808 18:57]: > On Tue, Aug 07, 2018 at 08:20:23PM +0100, Simon McVittie wrote: > > Andreas already asked for a merge request, so it seems that proposing a > > patch would indeed be welcome. > > I'll do, incorporating your excellent explaination. I'll do so until > the end

Bug#870901: deborphan: priority:extra is deprecated

Hi Mattia, * Mattia Rizzolo [180724 18:08]: > Package: deborphan > > Priority:extra is deprecated starting with the Debian Policy 4.0.1. > https://browse.dgit.debian.org/debian-policy.git/commit/?id=4b3e61ac3fa06d8b82433e09a76f42a4f8859306 > > deborphan uses the peculiar 'oldlibs/extra'

Bug#904251: gpgsigs: patch for dc18 ksp format

Package: signing-party Version: 2.7-2 Hi! for this years DebConf KSP, I had to apply the attached patch to make gpgsigs understand the incoming text file format. I imagine this is due to a change in the output of current gpg. Please consider applying it. Thanks, Chris --- gpgsigs.orig

Bug#866110: multipath-tools: mpathpersist segfaults. Newer version is available and fixed!

Upstream commit is: https://git.opensvc.com/gitweb.cgi?p=multipath-tools/.git;a=commit;h=fef089a6610f94a847541069f3008a5708044015

Bug#893501: ruby2.5 FTCBFS: configures for the build architecture

Hi Helmut, * Helmut Grohne [180722 13:55]: > ruby2.5 fails to cross build from source, because it fails passing > --host to ./configure. The simple solution to this problem is deferring > the task to dh_auto_configure. After doing so, one needs to pass > --libdir, because ruby uses a very

Bug#904307: stretch-pu: package multipath-tools/0.6.4-5+deb9u1

-0.6.4/debian/changelog 2018-07-23 06:16:34.0 + @@ -1,3 +1,18 @@ +multipath-tools (0.6.4-5+deb9u1) stretch; urgency=medium + + [ Chris Hofstaedtler ] + * Apply patch to avoid deadlock in udev triggers, based on upstream +10704bae99cdcc809aaba0546017cb2eb416c551, with adaptions

Bug#891008: grml-debootstrap: cannot setup stretch images

* Holger Levsen [180723 08:38]: > i'm trying to setup stretch images, and while the same commandline works > for jessie, it fails with stretch like this: [..] To give you some feedback on this: I tried reproducing this the other day, but couldn't get it to fail. I'm guessing there's something

Bug#904318: RM: file-rc -- ROM; superseded; little interest

Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove file-rc. It only works with sysvinit and its main usecases (faster boot, easy to override config) have been obsoleted by systemd. The current maintainers have little interest in continuing with this package. Thanks, Chris

Bug#904340: netgen: Depends on obsolete tk8.5

Package: netgen Version: 4.9.13.dfsg-11 Severity: serious In #896085 it has been suggested that tk8.5 should go away before stretch. This bug informs you of this ;-) C.

Bug#685024: deborphan: orphaner fails with multiarch

Hi, I realise that this is an old bug of yours, but I still want to follow up on it. * Matthew Gabeler-Lee [180724 16:32]: > After enabling multi-arch in dpkg (mostly to get wine stuff working), > deborphan > / orphaner is not working properly. > > Instead of displaying just the package name

Bug#908124: libh2o-evloop-dev: Depends on libwslay to link but doesn't say so in pkg-config file

Package: libh2o-evloop-dev Version: 2.2.5+dfsg1-6 Severity: important Hi, the libh2o-evloop shared library needs symbols from libwslay, but the pkg-config file does not specify this. As such, downstream users of libh2o-evloop need to manually add -lwslay to their command lines. Please add

Bug#908136: src:h2o: FTBFS on amd64

Package: src:h2o Version: 2.2.5+dfsg1-6 Severity: serious Dear Maintainer, when trying to build h2o from source on amd64, inside sbuild, it fails: h2o server (pid:14780) is ready to serve requests fetch-ocsp-response (using OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018) failed to extract

Bug#907322: [DRE-maint] Bug#907322: jekyll: NMU in deferred/4

* Gianfranco Costamagna [180911 06:48]: > control: tags -1 patch pending > the following diff is now in deferred/4, please let me know if you want me to > cancel or reschedule it. Please commit your changes on salsa; feel free to do a team upload (with no delay) then. Cheers, Chris

Bug#903451: RM: ruby-kpeg -- ROM; leaf library package; unused; last uploader lost interest

Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove ruby-kpeg. It is a library package previously used by jekyll which no longer uses it. Also, the last Uploader of this package has lost interest in it. Thanks, Chris, with a ruby team hat

Bug#903452: RM: ruby-jekyll-test-plugin -- ROM; leaf library package; unused; last uploader lost interest

Package: ftp.debian.org Severity: normal Dear ftpmasters, please remove ruby-jekyll-test-plugin. It's a library package previously used by jekyll, which no longer needs it. Also the last Uploader has lost interest in it. Thanks, Chris, with a ruby team hat on

Bug#892610: Address already in use /etc/init.d/pdns-recursor restart

Hi, * are...@buxtehude.debian.org [180311 11:51]: > When restarting pdns-recursor with the initscript, "/etc/init.d/pdns-recursor > restart", we sometimes get an Address already in use Exception: > Mar 11 06:55:09 recurse01 pdns_recursor[30857]: Exception: Resolver

Bug#889798: (Security) bugs in pdns in stretch

Hi everyone, thanks for reporting bugs against pdns in stretch. I intend to upload a new version to stretch to fix those bugs, but I cannot test all involved components personally. Please give this version a shot: https://people.debian.org/~zeha/pdns/source/ For your convenience, amd64 binaries

Bug#920052: rsync: Does not build automatic debug packages

Source: rsync Version: 3.1.3-2 Severity: normal rsync is a vital utility on many systems, therefore debug symbols should be readily available to our users. Please see https://wiki.debian.org/AutomaticDebugPackages on how to achieve this with debhelper. If rsync uses a different mechanism to

Bug#916408: pdns-server: TCP client queries to pdns-server with any backend ipv6 recursor fail

Control: tags -1 + wontfix confirmed > pdns-server in Stretch fails to answer TCP queries made by clients via > backend recursors reached over IPv6. I discovered this setting up > cloudflared, using it as the recursor, but have also replicated on a clean > install with Google and Cloudflare's

Bug#915667: stretch-pu: package pdns-recursor/4.0.4-1+deb9u4

* Adam D. Barratt [181224 18:45]: > On Wed, 2018-12-05 at 21:14 +0100, Chris Hofstaedtler wrote: > > pdns-recursor [..] > > Please go ahead. Thanks, uploaded. (I've fixed the suite in the changelog, oops.) Chris

Bug#914475: stretch-pu: package pdns/4.0.3-1+deb9u3

* Adam D. Barratt [181224 18:37]: > On Fri, 2018-11-23 at 17:54 +0000, Chris Hofstaedtler wrote: > > pdns/4.0.3-1+deb9u3 [..] > > Please go ahead. Thanks, uploaded. Chris

Bug#915667: stretch-pu: package pdns-recursor/4.0.4-1+deb9u4

-10 16:05:33.0 + @@ -1,3 +1,9 @@ +pdns-recursor (4.0.4-1+deb9u4) stretch-security; urgency=high + + * Security upload for CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 (Closes: #913162). + + -- Chris Hofstaedtler Sat, 10 Nov 2018 16:05:33 + + pdns-recursor (4.0.4-1+deb9u3) stretch

Bug#889798: Bug#913163: (Security) bugs in pdns in stretch

* Moritz Mühlenhoff [181123 14:09]: > On Sat, Nov 10, 2018 at 04:34:48PM +0100, Chris Hofstaedtler wrote: > > Hi everyone, > > > > thanks for reporting bugs against pdns in stretch. > > I intend to upload a new version to stretch to fix those bugs, but I > > ca

Bug#914475: stretch-pu: package pdns/4.0.3-1+deb9u3

0.0 + +++ pdns-4.0.3/debian/patches/911659-auth-reanimate-backends.patch 2018-11-10 13:36:22.0 + @@ -0,0 +1,228 @@ +From 8e4c354790ff43ca750a58c504ee31e570462ff8 Mon Sep 17 00:00:00 2001 +From: Chris Hofstaedtler +Date: Sat, 10 Nov 2018 15:26:01 +0100 +Subject: [PATCH] au

Bug#918661: pdns-server: EDNS Compliance Steps

* Dean Hamstead [190108 05:03]: > Version: 3.4.1-4+deb8u8 > > It seems that 'certain work arounds' are being removed on the 1st of Feb 2019 > according to https://dnsflagday.net/ > > I have generated this report https://ednscomp.isc.org/ednscomp/154f9de8ce > (nothing secret about it), but am

Bug#918661: pdns-server: EDNS Compliance Steps

* Dean Hamstead [190108 13:02]: > The same results are given when tested against: > > pdns-server (3.4.1-4+deb8u8) > pdns-server (4.0.3-1~bpo8+1) > pdns-server (4.0.3-1+deb9u2) Just for the record, your ednscomp links do not work - I think they expire after a short time. I'll have to see for

Bug#816640: Bug #816640 in ruby-eventmachine marked as pending

* Hideki Yamane [190103 03:40]: > On Fri, 16 Feb 2018 13:48:16 + z...@debian.org wrote: > > Bug #816640 in ruby-eventmachine reported by you has been fixed in the > > Git repository and is awaiting an upload. You can see the commit > > message below, and you can check the diff of the fix at:

Bug#640509: Bug#905042: Intent to NMU deborphaner (MU preferred)

Hey, * Helge Kreutzmann [181209 08:57]: > Hello Chris, > hello Carsten, > deborphaner has several documentation and translation bugs. Ideally > they would be solved in a MU, but if necessary they should be solved > in a NMU. If I don't hear back from you I will initiate the following > sequence

Bug#640509: Bug#905042: Intent to NMU deborphaner (MU preferred)

* Helge Kreutzmann [181209 13:04]: > Hello Chris, > On Sun, Dec 09, 2018 at 12:58:57PM +0100, Chris Hofstaedtler wrote: > > * Helge Kreutzmann [181209 08:57]: > > > Hello Chris, > > > hello Carsten, > > > deborphaner has several documentation and tra

Bug#919486: osinfo-db: diff for NMU version 0.20181120-1.1

Control: tags 919486 - pending Hi, * Guido Günther [190405 22:04]: > If we had stable links for CD images (3813797) this would be different > but I did not get around to look into this yet so help there would be > appreciated and would make this fixable for real. > > For now it would be cool

Bug#924634: libuima-as-java depends on the removed libspring-jms-java

Control: severity 924634 wishlist * Matthias Klose [190406 12:53]: > libuima-as-java depends on the removed libspring-jms-java in unstable. Lowering severity as libspring-jms-java is still built by libspring-java (4.3.22-3). If newer developments show up, please re-raise the severity. Cheers,

Bug#925498: Subject: Re: Bug#925498: afterstep: v2.2.12-12 FTBFS due to patch#57 generates libAfterImage/Makefile incorrectly.

Control: tags -1 + moreinfo Control: severity -1 normal * Jim Turner [190406 15:00]: > > The configure script is regenerated > > during the build process, so there > > is no need to change it via a patch. > > I was wondering a/b that, but it DOESN'T rebuild configure for me???!!!, > after

Bug#916145: closure-compiler: Not working with recent JS code

* Roland Gruber [190406 16:07]: > the current version is so old that it got incompatible with recent JS code. > E.g. jQuery 3.3.1 cannot be minified as the tool reports parsing errors. > > Please either update the tool or remove it from the archive. This is now > 5 years in unmaintained state.

Bug#909750: applications tries to write to /usr/* directories via libfontconfig1

* Thierry fa...@linux.ibm.com [190406 14:35]: > > >The only occurrence I'm seeing on my system is: > > > > > >openat(AT_FDCWD, "/usr/lib/firefox/fonts/.uuid.TMP-EWjEq0", > > >O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600) = -1 EACCES (Permission denied) > > > > Now it's the only occurrence for me, too.

Bug#924762: a bug in xfce4? / triage

Control: reassign -1 xfce4 Control: severity -1 normal * zieg...@uni-freiburg.de [190406 15:06]: > > "xterm -T ä" crashes the X-server too. > > So it seems rather to be a bug in xfce4. Given the bug history, this would look more like an isolated problem, certainly not a bug in emacs (which is

Bug#924966: pdns: diff for NMU version 4.1.6-1.1

* Salvatore Bonaccorso [190329 17:39]: > Control: tags 924966 + patch > Control: tags 924966 + pending > > > Dear maintainer, > > I've prepared an NMU for pdns (versioned as 4.1.6-1.1) and > uploaded it to DELAYED/5. Please feel free to tell me if I > should delay it longer. > > There is a

Bug#926097: unblock: pdns/4.1.6-2

+ + [ Salvatore Bonaccorso ] + * Insufficient validation in the HTTP remote backend (CVE-2019-3871) +(Closes: #924966) + + -- Chris Hofstaedtler Sun, 31 Mar 2019 12:48:59 + + pdns (4.1.6-1) unstable; urgency=medium * New upstream version 4.1.6 diff -Nru pdns-4.1.6/debian/patches/CVE-2019

Bug#919486: osinfo-db: diff for NMU version 0.20181120-1.1

Hi Guido, * Guido [190406 19:37]: > On Fri, Apr 05, 2019 at 11:50:54PM +0200, Chris Hofstaedtler wrote: > > * Guido Günther [190405 22:04]: > > > If we had stable links for CD images (3813797) this would be different > > > but I did not get around to look into t

Bug#924151: grub2-common: wrong grub.cfg for efi boot and fully encrypted disk

* Colin Watson [190406 19:50]: > Hmm. I tried doing that in a virt-manager VM as follows: > > * started with a buster alpha-5 netinst ISO rather than the full DVD >image, since my bandwidth is very limited > * configured VM to use UEFI > * guided partitioning; selected full-disk

Bug#848660: ruby: might need to strip -fdebug-prefix-map

Hi Chris, * Chris Lamb [190211 22:53]: > > dpkg-buildflags has started injecting -fdebug-prefix-map with a > > variable path into C(..)FLAGS. We need to figure out if we need to > > strip that. > > Strip it? As in, the output of CFLAGS ends up in the build...? Indeed: $ irb irb(main):001:0>

Bug#918661:

* Dean Hamstead [190131 12:06]: > Its all happening tomorrow. Kind of sad there isnt a solution in the > 'stable' versions? As Peter wrote, cache-ttl=0 makes pdns in stable compliant. Backporting the packetcache changes is not going to happen in my free time, sorry. Chris

Bug#930875: unblock: pdns/4.1.6-3

@@ -1,3 +1,12 @@ +pdns (4.1.6-3) unstable; urgency=medium + + * Fix Denial of service via crafted zone records (CVE-2019-10162) +using patch from upstream. + * Fix Denial of service via NOTIFY packets (CVE-2019-10163) +using patch from upstream. + + -- Chris Hofstaedtler Fri, 21 Jun 2019 19

Bug#923478: [Pkg-shadow-devel] Bug#923478: initscripts use unsafe `: >` shell command to create files

* Dmitry Bogatov [190425 16:13]: > [2019-04-22 09:18] "Serge E. Hallyn" > > > [ Dmitry Bogatov ] > > > Dear login maintainers, currently we have following core executed during > > > boot: > > > > > > # Create /var/run/utmp so we can login. > > > true > /var/run/utmp > > > if grep -q

Bug#928151: "net-snmp-config --agent-libs" lists libraries it shouldn't

Package: libsnmp-dev Version: 5.7.3+dfsg-5 Severity: important $ net-snmp-config --agent-libs -Wl,-z,relro -Wl,-z,now -L/usr/lib/x86_64-linux-gnu -lnetsnmpmibs -lsensors -lpci -ldl -lnetsnmpagent -lwrap -Wl,-E -lnetsnmp -lcrypto -lm This should really only be -L/usr/lib/x86_64-linux-gnu

Bug#923478: [Pkg-shadow-devel] Bug#923478: initscripts use unsafe `: >` shell command to create files

* Dmitry Bogatov [190429 01:14]: > [2019-04-26 13:17] Chris Hofstaedtler > > > According my experiments, it will. Even if I remove this code, something > > > (login/getty, maybe?) still creates /var/run/utmp, root:root. > > > > Which init was used in your experi

Bug#917847: ipsec-tools is unsuitable for inclusion in Debian

Hey Noah, * Noah Meyerhans [190711 14:17]: > If you disagree that ipsec-tools should be removed from future Debian > releases, please say so now. As we haven't really heard from anyone, should I go ahead and ask for final removal via ftpmaster? Cheers, Chris

Bug#927946: python-audit: SWIG-related type errors render module unusable

Dear Maintainer, the following patch fixes the problem for me, tested locally. Please consider applying it. Cheers, Chris --- audit-2.8.4.orig/bindings/swig/src/auditswig.i +++ audit-2.8.4/bindings/swig/src/auditswig.i @@ -41,6 +41,6 @@ typedef unsigned __u32; typedef unsigned uid_t; %include

Bug#909750: applications tries to write to /usr/* directories via libfontconfig1

* Niels Thykier [190413 18:28]: > Vincas Dargis: > > On 2019-04-13 12:50, Niels Thykier wrote: > >> What is the status of this bug? AFAICT, we have *some* fixes from > >> upstream but Chris's mail implies that the bug is not completely fixed. > > > > This bug disappeared from my logs long time

Bug#890892: lxc: Fail to create and run CentOS 6 container with kernel >= 4.11 due to segfaults

Control: reassign -1 linux-image-amd64 Control: affects -1 lxc * Andrii Senkovych [190424 10:23]: [..] [Centos6 binaries crash on Linux 4.11+] [..] > Adding "vsyscall=emulate" to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub > and restarting host resolves the issue. > [..] > >

Bug#927180: firefox-esr: does not launch (Power Mac G5)

Control: severity -1 normal * Noah Wolfe [190424 11:16]: > I installed firefox-esr via ftp.ports.debian.org, as I'm running the ppc64 > (BE) > port, and when launched from terminal, it puts out "Segmentation fault" > instead > of opening the application. Thank you for your report, but I'm

Bug#932307: multipath-tools does not update wwids file

* Silvan Raijer [190816 12:57]: > Hi, > > I've exact same problem. Have you tried the configuration change as suggested in this bug report, then? Cheers, Chris

Bug#935149: llvm-toolchain-9: New license, copyright file outdated

Package: llvm-toolchain-9 Version: 9~+rc2 Severity: important Dear Maintainers, LLVM has switched to Apache + LLVM Exceptions; the top-level NOTICE.txt in the extracted llvm-toolchain-9-9~+rc2 source shows this. However, it appears debian/copyright has not been updated to reflect this. As this

Bug#924505: [Pkg-shadow-devel] Bug#924505: bash: set shell to /bin/sh on removal

* Matthias Klose [190903 17:37]: > On 02.09.19 21:14, Dmitry Bogatov wrote: > > Subject: [PATCH] Change shells of users from /bin/bash to /bin/sh on removal > > sorry for joining in lately into this game, but I didn't want to do that in > parallel with my other Debian tasks. > > I don't like

Bug#933934: unmount bash completion complains about "awk: line 18: function gensub never defined"

Control: tags -1 + help confirmed Hi, * Laurent Bigonville [190805 13:19]: > On 5/08/19 12:22, Chris Hofstaedtler wrote: > > * Laurent Bigonville [190805 10:20]: > > > The unmount bash completion complains about "awk: line 18: function > > > gensub never

Bug#933934: unmount bash completion complains about "awk: line 18: function gensub never defined"

Hi, * Laurent Bigonville [190805 10:20]: > The unmount bash completion complains about "awk: line 18: function > gensub never defined" when trying to complete a device Can you confirm that your /usr/bin/awk is not gawk? If so, which one is it? Chris

Bug#932307: multipath-tools does not update wwids file

* root [190806 07:44]: > New Debian 10 Buster fresh installation with HBA cards and disks arrays > multi-attached ((2 HBA cards, 2 arrays of 12 disks, 4 links) > Disks are all listed correctly in /dev/ or /dev/disk/by-*/ [..] > The exact same machine works just fine on Debian 9 Stretch (with

Bug#934331: linux: backport "dm: disable DISCARD if the underlying storage no longer supports it"?

Package: linux Version: 4.9.168-1+deb9u4 Severity: normal Hi! Today I ran into an issue that matches the description of upstream commit bcb44433bba5eaff293888ef22ffa07f1f0347d6:

Bug#926486: RM: zapping -- RoQA; Orphaned in Debian since 2140days, popcon < 100, last upstream release was 2006

* Stefan Schörghofer [190721 15:38]: > Please remove the package zapping for the following reasons: > - package orphaned in Debian since 2140days While this is true, apparently Yavor Doganov cares enough to do semi-regular uploads. Would suggest closing this bug for now. Chris

Bug#932144: RM: ipsec-tools -- ROM; dead upstream, alternatives available

time, and the availability of next-generation tunneling systems such as wireguard, also would seem to limit its future value. Setkey's functionality has been subsumed by 'ip xfrm'. Thanks, Chris -- ,''`. Chris Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392

Bug#932267: pdns-recursor: PDNS Recursor by default does not support IPv6

* Mark Schouten [190717 10:09]: > 2: set local-address to 127.0.0.1, [::1] to enable listening on ::1 I'd agree with this, however this would currently result in startup failure in various popular environments that have no IPv6 support at all. I have some ideas on how to support this nicely, but

Bug#932267: pdns-recursor: PDNS Recursor by default does not support IPv6

* Mark Schouten [190726 11:15]: > Are there debian-based setups that don’t have ::1 on lo by default? If people > take the manual labor upon them to disable IPv6, I personally don’t see an > issue if they have to do more than just blacklist the ipv6 module. Yup, inside docker. > With regards

Bug#609730: kannel: Kannel on ARM based SheevaPlug rises PANIC in gwlib

* Vladimir Mach [191105 20:57]: > I am trying to set up default installation of kannel package, but if I try to > start it I always get following error (with or without any parameters). > > # /usr/sbin/bearerbox > 2011-01-11 23:06:21 [14196] [0] PANIC: gwlib/octstr.c:2479: seems_valid_real: >

Bug#946156: pg_createcluster_patroni fails with clustername with multiple dashes

Package: patroni Version: 1.6.1-1.pgdg100+1 Hi, we were trying to setup a patroni cluster with a scope name of "11-psql-ppo01". This ended up building a cluster of version 11, named "ppo01", and then obviously mismatching datadirs etc. Please consider applying the attached patch. Thanks, Chris

Bug#944699: bsdutils: logger uses username as process

Control: tags -1 upstream wontfix * Meeuwissen Olaf [191114 10:24]: [..] > In this case I would have expected the process to be `bash`, the shell > from which I ran the `logger` command, not my username. > > I don't know if using the username instead of the parent process name is > intended

Bug#940021: systemd: socket activation leads to OOM situation due to slices not getting cleaned up

* Michael Biebl [191004 21:51]: > Am 11.09.19 um 15:54 schrieb Julian Hübenthal: > > Just discovered something that may help to debug: >   > > > > It does not happen with a simple “Hello World” bash script instead of > > the Check MK Agent. > > > > It does not happen when the Encryption of the

Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

Hi John, thank you for your bug report. * John Shaft [200210 23:15]: > Package: dnsdist > Version: 1.4.0~rc5-1 > Severity: normal > > To run using systemd, libsystemd-dev is highly recommended in order to have > dnsdist be able to use > systemd-notify (...) > Hence, libsystemd-dev should be

Bug#949079: kannel FTCBFS: abuses AC_CHECK_FILE, uses mysql_config

Hi Helmut, * Helmut Grohne [200116 19:45]: > Source: kannel > Version: 1.4.5-7 > > kannel fails to cross build from source for two reasons. [..] > Please consider applying it. Thanks, applied. Chris

  1   2   3   4   5   6   7   8   9   10   >