Bug#925987: marked as done (CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325)

[Debian Bug Tracking System]

Your message dated Wed, 29 May 2019 05:48:58 +
with message-id 
and subject line Bug#925987: fixed in jruby 9.1.17.0-3
has caused the Debian Bug report #925987,
regarding CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 
CVE-2019-8325
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jruby
Severity: grave
Tags: security

jruby embeds a version of rubygems, so it's affected by
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: jruby
Source-Version: 9.1.17.0-3

We believe that the bug you reported is fixed in the latest version of
jruby, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hideki Yamane  (supplier of updated jruby package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 29 May 2019 08:06:41 +0900
Source: jruby
Architecture: source
Version: 9.1.17.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Hideki Yamane 
Closes: 925987
Changes:
 jruby (9.1.17.0-3) unstable; urgency=medium
 .
   * Team upload.
   * debian/patches
 - add 0017-fix-rubygem-vulnerabilities.patch to fix CVEs (Closes: #925987)
   (CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324
CVE-2019-8325)
Checksums-Sha1:
 0e33a52eeb3835f5c04142bff714ef605a0197de 3046 jruby_9.1.17.0-3.dsc
 5dca189562bd81dbcc90962bfde6fc4a83d6b6f9 82092 jruby_9.1.17.0-3.debian.tar.xz
 32b06e43c305f72a3877efe990ce980d4d1a1d4c 16153 jruby_9.1.17.0-3_amd64.buildinfo
Checksums-Sha256:
 22b0b76c316744ef246865e1c74aad4746b3fce50add9dc43d89bd65b2da6a4a 3046 
jruby_9.1.17.0-3.dsc
 54415b4b29a7b5c5a09638d38b07b0ef74c71fc74051205b9cd2ed2417b6b533 82092 
jruby_9.1.17.0-3.debian.tar.xz
 8673df9d92e388cf2d18d82c3f7e7c4dfa31d3314462f55c9e964ed81a80bd3f 16153 
jruby_9.1.17.0-3_amd64.buildinfo
Files:
 63758c37404ac50fdc3eb356950eba10 3046 ruby optional jruby_9.1.17.0-3.dsc
 2d6dc0335e9e0a0fe9f4fab4e149f133 82092 ruby optional 
jruby_9.1.17.0-3.debian.tar.xz
 67d664d341b466d5a07b075e5fc070aa 16153 ruby optional 
jruby_9.1.17.0-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEWOEiL5aWyIWjzRBMXTKNCCqqsUAFAlzuGF4ACgkQXTKNCCqq
sUDbshAAoVP65USsuloRMurpU+119dKRJKsclKUe0pDY1+x3ihq/R/ujCMqvlkUW
0VLUUUZ1WcBOQGCCHd45c9kTDGFcAQgDfQC39/8km6UNN8TlwRG6sVigbV9bfuIG
IN71W3SODi/HjGgUUCLNn5HpwN/Leu9OHgwjBYJX1eRBcI73FfxxWjowIekZ7PWD
Kr3sUATu67ot8tfVrKnn7cDx8R9wwpc8jsY8+kJVPCHpG5yiHnZYyZQ+225JHiPm
EVqO7yqKKn4vo6nwS4kfyFAgta517mOaYVh8WYwEwItpFQbriisZ7qzDl2bJ+GY3
x8keZPXq6M7TkY9nAPWqXRNngQ6Ai7vmYnDP41iACyGXGdng4I3E1aDdhTwrP58g
fj/4xlcMW2Vh278nb4y/ZUYAJgKfwfWwUtiMhdBHn2ccIlNy4gGkfK6i/rSOUNM+
8vNOfwCN1K9TQsPqDmIsnsvFcLYcRzaA62kIXDdJtdW4V0eEVOAXyCZ9rZMjUBNP
B96YrU+/l9F6XsOzA6umqXcSou5NpWdwEABK04Ios0jGVdnSQ1JRPZaWcGvNVzg1
/cMCJn/gqjgtFiD1H5fpj54U9VzCc5os6wnRvSejQoqhEtYw75l5Vlb1xi70KBPO
1fNHzWmUdjiEa3BuPsnqLNCBp+8KIJLJS31CxpPARy2E7Eq2IzM=
=8dEs
-END PGP SIGNATURE End Message ---

Bug#924616: CVE-2018-15587

[Salvatore Bonaccorso]

Hi Jonas, hi Evolution maintainers,

What is the status here for buster?

Regards,
Salvatore

Bug#759410: Should not install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)

[Francois Marier]

On 2019-05-28 at 18:26:31, Andreas Beckmann wrote:
> safe-rm also breaks a stretch --merged-usr chroot, found while testing
> with piuparts stretch->buster upgrades with --merged-usr enabled.
> And it seems to be the only package causing outright havoc in such a
> scenario.

So if I understand correctly, this is only a problem when testing with this
tool, right? Because: (1) users can't upgrade their system to a merged-usr
one on stretch and (2) the default for new stretch installs was not
usr-merged.

> While a proper solution is too involved for stable, it should probably
> be OK for the preinst to check for merged /usr systems and error out if
> installation is attempted in such a case - instead of leaving a broken
> system.

I'd be happy to see it "fixed" that way in stretch. I don't have a lot of
free time at the moment to make the change myself but I would support such a
NMU.

Francois

-- 
https://fmarier.org/

Bug#926180: scilab: FTBFS on all - New trouble

[Tiago Daitx]

On Tue, 14 May 2019 00:39:07 +0200 Alexis Murzeau  wrote:
> Le 13/05/2019 à 08:08, Sylvestre Ledru a écrit :
> >
> > On 12/05/2019 22:10, Julien Puydt wrote:
> >> Hi,
> >>
> >> On 12/05/2019 11:46, Alexis Murzeau wrote:
> >>
> >>> I saw that there is a bugfix release 6.0.2 with many fixes [0].
> >> I had started to package 6.0.2 on salsa already in february. I removed
> >> the patch about Linenum as that was supposed to have been reworked and
> >> fixed, and it now fails with :
> >>
> >> ocamlopt -o XML2Modelica -I ./src/modelica_compiler -I
> >> ./src/xml2modelica  nums.cmxa ./src/xml2modelica/xMLTree.ml
> >> ./src/xml2modelica/linenum.ml ./src/xml2modelica/stringParser.ml
> >> ./src/xml2modelica/stringLexer.ml ./src/xml2modelica/xMLParser.ml
> >> ./src/xml2modelica/xMLLexer.ml
> >> ./src/xml2modelica/modelicaCodeGenerator.ml
> >> ./src/xml2modelica/xML2Modelica.ml
> >> File "./src/xml2modelica/xML2Modelica.ml", line 1:
> >> Error: Files ./src/xml2modelica/xMLParser.cmx
> >>and ./src/xml2modelica/linenum.cmx
> >>make inconsistent assumptions over implementation Linenum
> >>
> >> ie : it looks like upstream's fix isn't correct.
> >
> > + upstream
> >
> > S
> >
> >
>
> Reversing the order of the includes parameters when compiling
> XML2Modelica fix the build for me, ie. including xml2modelica first:
> `-I ./src/xml2modelica -I ./src/modelica_compiler`
>
> I think ocamlopt prefer to use a part of Linenum from
> ./src/modelica_compiler and the other one from ./src/xml2modelica which
> lead to the error.
>
> But I'm not sure this is the way to handle it cleanly.
> The files "linenum.mll" are almost the same between both directories.
> The only difference is the comment at the beginning of the file.
>
> Maybe some of these "linenum.mll" file can be removed to keep only one ?

Ubuntu has packaged 6.0.2 for Disco and Eoan, please see
https://launchpad.net/ubuntu/+source/scilab
or fetch the DSC directly from
https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/scilab/6.0.2-0ubuntu2/scilab_6.0.2-0ubuntu2.dsc

>
> --
> Alexis Murzeau
> PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F
>
>

Bug#921194: this bug is a bug

[Eryk Wdowiak]

The build failed.   :-(

make[3]: Leaving directory
'/home/eryk/other_stuff/DEBs_software/amarok/amarok-2.9.0/obj-x86_64-linux-gnu'
[ 78%] Built target amarok_collection-upnpcollection
make[2]: Leaving directory
'/home/eryk/other_stuff/DEBs_software/amarok/amarok-2.9.0/obj-x86_64-linux-gnu'
make[1]: *** [Makefile:144: all] Error 2
make[1]: Leaving directory
'/home/eryk/other_stuff/DEBs_software/amarok/amarok-2.9.0/obj-x86_64-linux-gnu'
dh_auto_build: cd obj-x86_64-linux-gnu && make -j4 "INSTALL=install
--strip-program=true" returned exit code 2
make: *** [debian/rules:35: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Bug#921194: this bug is not a bug

[Eryk Wdowiak]

The information provided in this bug report is not correct.  The package just 
needs a rebuild.  Nothing more.

Specifically, the particular build of Amarok that is currently in Sid  
(2.9.0-1) only depends on libmariadb18 because it is an old build.  Rebuilding 
the package resolves the dependency issue.

The source package depends on default-mysql-server-core which depends on 
mariadb-server-core-10.3.  And somehow libmariadb19 came along for the ride 
when I installed Amarok's build dependencies on Buster.

The package is building right now and this evening I will enjoy Amarok on 
Buster.  I hope you all will too.

Bug#927913: Really bad

[積丹尼 Dan Jacobson]

Causes loss of  data, dropped sessions, hung-up conference calls,
Other programs calling $BROWSER becomes equivalent to calling kill(1).

Processed: Re: Bug#928352: nvidia-kernel-dkms: dkms did not automatically rebuild nvidia module for newly installed kernel

[Debian Bug Tracking System]

Processing control commands:

> tag -1 unreproducible
Bug #928352 {Done: Andreas Beckmann } [nvidia-kernel-dkms] 
nvidia-kernel-dkms: dkms did not automatically rebuild nvidia module for newly 
installed kernel
Added tag(s) unreproducible.

-- 
928352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928352
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#928352: nvidia-kernel-dkms: dkms did not automatically rebuild nvidia module for newly installed kernel

[Andreas Beckmann]

Control: tag -1 unreproducible

make.log says

On 2019-05-29 00:07, gregory bahde wrote:
> gcc-8: internal compiler error: Erreur de segmentation signal terminated 
> program cc1
> Please submit a full bug report,
> with preprocessed source if appropriate.
> See  for instructions.

I cannot reproduce this in my module build chroot ...


Andreas

Bug#929615: marked as done (libconvert-units-perl: latest-debian-changelog-entry-reuses-existing-version)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 21:35:34 +
with message-id 
and subject line Bug#929615: fixed in libconvert-units-perl 1:0.43-11
has caused the Debian Bug report #929615,
regarding libconvert-units-perl: 
latest-debian-changelog-entry-reuses-existing-version
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929615
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libconvert-units-perl
Version: 1:0.43-2
Severity: serious

W: libconvert-units-perl: latest-debian-changelog-entry-reuses-existing-version 
1:0.43-2 == 0.43-2 (last used: Mon, 17 Dec 2001 22:33:30 +0100)
N: 
N:The latest changelog entry has a version that matches one used in the
N:specified previous entry. All versions of a source package must be
N:unique even after a leading epoch has been stripped off.
N:
N:Files generated by the current version of this source package would
N:conflict with some historical files. This is because the Debian archive
N:does not allow multiple files with the same name and different contents
N:and the generated .dsc, .deb, etc. do not embed the epoch in their
N:filenames.
N:
N:Please pick another version, for example by increasing the Debian
N:revision.
N:
N:Severity: normal, Certainty: certain
N:
N:Check: changelog-file, Type: binary

snapshot.debian.org knows about 0.43-9, the changelog mentions 0.43-10,
so 1:0.43-11 should be a safe new version number to use.


Andreas

PS: I do not want to repeat https://bugs.debian.org/929614
--- End Message ---
--- Begin Message ---
Source: libconvert-units-perl
Source-Version: 1:0.43-11

We believe that the bug you reported is fixed in the latest version of
libconvert-units-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann  (supplier of updated libconvert-units-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 28 May 2019 23:08:36 CEST
Source: libconvert-units-perl
Binary: 
Architecture: source
Version: 1:0.43-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: gregor herrmann 
Description: 
Closes: 929615
Changes:
 libconvert-units-perl (1:0.43-11) unstable; urgency=medium
 .
   * Team upload.
   * Re-upload with version bumped to 1:0.43-11 in order to avoid filename
 clashes between 1:0.43-2 and the pre-epoch 0.43-2 version.
 Thanks: Andreas Beckmann for the bug report.
 Closes: #929615
Checksums-Sha256: 
 5b08d41af88a3957e37b79b3c7a788a3bd3cfa3f1b17b476b80af6a9a15c 2066 
libconvert-units-perl_0.43-11.dsc
 d47313f39877bc9763048f3595a8bc248da91d523c91962a4499357ff8853b53 2328 
libconvert-units-perl_0.43-11.debian.tar.xz
 b9591ee9e8afcc0fa0efee1fa25536508b5311e35ea4e704391e1d00c3dc9f01 5518 
libconvert-units-perl_0.43-11_sourceonly.buildinfo
Checksums-Sha1: 
 5bacad58b92a77db41d2511cd253ea0a621b041c 2066 libconvert-units-perl_0.43-11.dsc
 c196144ac263781b0107d5a86aa070d4726c40ef 2328 
libconvert-units-perl_0.43-11.debian.tar.xz
 f14970af50975a984e687ec94b5e75b53131c9cd 5518 
libconvert-units-perl_0.43-11_sourceonly.buildinfo
Files: 
 0ba284355635138a9b1aeb7ec0bba144 2066 perl optional 
libconvert-units-perl_0.43-11.dsc
 0c2cbc2c1199a198c41c80cd9146be87 2328 perl optional 
libconvert-units-perl_0.43-11.debian.tar.xz
 0bdead043d54c1c5c551681fd9253f68 5518 - - 
libconvert-units-perl_0.43-11_sourceonly.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAlzto1RfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgY2AA/+I1kiyYs4nEx2XiiiosX8KUbZIkIOlC7U+3bsJLFVwCt8YQ4z4rhKwDhD
YM//4SQ4IBb6/1eoQ8vvitNeGH2WwEscls+IXfTHZVAMdfKk739d8lq8lcwBe6Lu
oECm4KTm7vRCIRS6/234pOVYIs/J9cXYQEL7t7sLSbJsyw0Mp+Cm5pL+0LQJI6V7
0F0MudMDxOXDK1eLZGbY856xXeGH3+8mhcyXD74RDWsnnyBlryzN+jw1P4E5tt1e
F7Vnb3Pj88o0DubtUZc61Fc2WDOmDnzM2kKKIklVATyvWK8PjyiHEPrRogw2IFUL

Bug#917755: phpmyadmin: FTBFS: PHP Fatal error: Uncaught Error: Class 'PHPUnit_Framework_TestCase' not found in /<>/test/PMATestCase.php:14

[Matthias Blümel]

possible duplicate of #883417

Processed: ca-certificates-java,default-jre-headless,openjdk-11-jre-headless: get rid of the circular dependency

[Debian Bug Tracking System]

Processing control commands:

> found -1 2:1.11-71
Bug #929685 [ca-certificates-java,default-jre-headless,openjdk-11-jre-headless] 
ca-certificates-java,default-jre-headless,openjdk-11-jre-headless: get rid of 
the circular dependency
There is no source info for the package 'ca-certificates-java' at version 
'2:1.11-71' with architecture ''
There is no source info for the package 'openjdk-11-jre-headless' at version 
'2:1.11-71' with architecture ''
Marked as found in versions java-common/0.71.
> found -1 11.0.3+1-1
Bug #929685 [ca-certificates-java,default-jre-headless,openjdk-11-jre-headless] 
ca-certificates-java,default-jre-headless,openjdk-11-jre-headless: get rid of 
the circular dependency
There is no source info for the package 'ca-certificates-java' at version 
'11.0.3+1-1' with architecture ''
There is no source info for the package 'default-jre-headless' at version 
'11.0.3+1-1' with architecture ''
Marked as found in versions openjdk-11/11.0.3+1-1.
> found -1 20190405
Bug #929685 [ca-certificates-java,default-jre-headless,openjdk-11-jre-headless] 
ca-certificates-java,default-jre-headless,openjdk-11-jre-headless: get rid of 
the circular dependency
There is no source info for the package 'default-jre-headless' at version 
'20190405' with architecture ''
There is no source info for the package 'openjdk-11-jre-headless' at version 
'20190405' with architecture ''
Marked as found in versions ca-certificates-java/20190405.
> affects -1 + astro-all
Bug #929685 [ca-certificates-java,default-jre-headless,openjdk-11-jre-headless] 
ca-certificates-java,default-jre-headless,openjdk-11-jre-headless: get rid of 
the circular dependency
Added indication that 929685 affects astro-all

-- 
929685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929685
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#923433: 0x51063B3: EncoderStrategy::Flush() (encoderstrategy.h:156)

[Mathieu Malaterre]

On Mon, May 20, 2019 at 4:50 PM Mathieu Malaterre  wrote:
>
> Gert,
>
> On Mon, May 20, 2019 at 3:31 PM Andreas Tille  wrote:
> >
> > Hint, hint, hint: Feel free to do an NMU / team upload of RC buggy
> > package.
>
> What's your opinion on this ? Revert to charls 1.x as suggested or
> investigated actual regression ?

debdiff attached. I've uploaded to delayed/10. Let me know of any issue.

Thanks


charls923433.debdiff
Description: Binary data

Processed: severity of 929667 is serious

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 929667 serious
Bug #929667 [debian-installer] debian-installer doesn't install Recommends of 
linux-image-*
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
929667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Should not install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)

[Debian Bug Tracking System]

Processing control commands:

> found -1 0.12-2
Bug #759410 {Done: Francois Marier } [safe-rm] Should not 
install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)
Marked as found in versions safe-rm/0.12-2.

-- 
759410: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759410
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#759410: Should not install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)

[Andreas Beckmann]

Followup-For: Bug #759410
Control: found -1 0.12-2

Hi,

safe-rm also breaks a stretch --merged-usr chroot, found while testing
with piuparts stretch->buster upgrades with --merged-usr enabled.
And it seems to be the only package causing outright havoc in such a
scenario.

While a proper solution is too involved for stable, it should probably
be OK for the preinst to check for merged /usr systems and error out if
installation is attempted in such a case - instead of leaving a broken
system.


Andreas


safe-rm_0.12-7.log.gz
Description: application/gzip

Processed: user debian...@lists.debian.org, unarchiving 759410, usertagging 759410, tagging 759410

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> unarchive 759410
Bug #759410 {Done: Francois Marier } [safe-rm] Should not 
install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)
Unarchived Bug 759410
> usertags 759410 piuparts
There were no usertags set.
Usertags are now: piuparts.
> tags 759410 + stretch
Bug #759410 {Done: Francois Marier } [safe-rm] Should not 
install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)
Added tag(s) stretch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
759410: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759410
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: numix-gtk-theme: Undocumented and very likely also broken Breaks against murrine-themes since 2.6.7-2

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #891493 [numix-gtk-theme] numix-gtk-theme: Undocumented and very likely 
also broken Breaks against murrine-themes since 2.6.7-2
Severity set to 'serious' from 'normal'

-- 
891493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891493
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#928948: hostapd: syslog is spammed every two seconds

[Kristofer Hansson]

Hi.

I did some digging into this and it seems that the issue is that the
debhelper includes sections from dh_installsystemd which both unmasks and
starts the service (irregardless of what has been done before).

A quick-and-dirty fix to this is to move the debhelper section in
debian/hostapd.postinst before the check if the package should be masked (I
tested this and it worked for me). The problem with this is that systemd
will try to activate the service once before masking it and that it relies
on the fact that hostapd has died before running the check.

What I decided to do for myself was to override the dh_installsystemd
target in the rules file and install it as an else if the package was not
decided to be masked. I'm not sure if this is what the package maintainer
aims to do with the postinst, but it should solve the problem described in
the bug.

I've attached a patch with the aforementioned fix, the patch is built on
d569f1dda5f4bd1c4b36bb438dc94fd6c85a6def (2:2.7+git20190128+0c1e29f-5)
commit 44d1af878437cb9becac07ec59a6b3591cf08606
Author: Kristofer Hansson 
Date:   Tue May 28 13:27:45 2019 +

wpa (2:2.7+git20190128+0c1e29f-5+nmu1) unstable; urgency=medium

* Made sure that hostapd is unmasked if no config available.
(Closes: #928948)

diff --git a/debian/changelog b/debian/changelog
index 35a81f4..72a2389 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+wpa (2:2.7+git20190128+0c1e29f-5+nmu1) unstable; urgency=medium
+
+  * Made sure that hostapd is unmasked if no config available.
+(Closes: #928948)
+
+ -- Kristofer Hansson   Tue, 28 May 2019 13:26:31 +
+
 wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high
 
   * Fix security issue 2019-5:
diff --git a/debian/hostapd.postinst.post-systemd b/debian/hostapd.postinst.post-systemd
new file mode 100644
index 000..6ed40de
--- /dev/null
+++ b/debian/hostapd.postinst.post-systemd
@@ -0,0 +1,2 @@
+fi
+fi
\ No newline at end of file
diff --git a/debian/hostapd.postinst b/debian/hostapd.postinst.pre-systemd
old mode 100755
new mode 100644
similarity index 72%
rename from debian/hostapd.postinst
rename to debian/hostapd.postinst.pre-systemd
index 8966f83..45e0cc8
--- a/debian/hostapd.postinst
+++ b/debian/hostapd.postinst.pre-systemd
@@ -1,16 +1,8 @@
-#!/bin/sh
-
-set -e
-
 if [ -d /run/systemd/system ] && [ "$1" = configure ]
 then
 DAEMON_CONF=
 . /etc/default/hostapd
 if [ -z "$DAEMON_CONF" ] && [ ! -r /etc/hostapd/hostapd.conf ] && ! systemctl --quiet is-active hostapd.service
 then
-	systemctl mask hostapd.service
-fi
-fi
-
-#DEBHELPER#
-exit 0
+systemctl mask hostapd.service
+else
diff --git a/debian/rules b/debian/rules
index 9f68be3..cd78839 100755
--- a/debian/rules
+++ b/debian/rules
@@ -87,6 +87,11 @@ override_dh_install:
 	install --mode=755 -D wpa_supplicant/wpa_supplicant-udeb \
 		debian/wpasupplicant-udeb/sbin/wpa_supplicant
 
+override_dh_installsystemd:
+	cat debian/hostapd.postinst.pre-systemd >> debian/.debhelper/generated/hostapd/postinst.service
+	dh_installsystemd
+	cat debian/hostapd.postinst.post-systemd >> debian/.debhelper/generated/hostapd/postinst.service
+
 override_dh_installchangelogs:
 	dh_installchangelogs --package=hostapd hostapd/ChangeLog
 	dh_installchangelogs --package=wpasupplicant wpa_supplicant/ChangeLog

Bug#865879: marked as done (calibre: external python-regex does not work)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 15:04:36 +
with message-id 
and subject line Bug#865879: fixed in calibre 3.43.0+dfsg-1
has caused the Debian Bug report #865879,
regarding calibre: external python-regex does not work
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865879: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865879
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: calibre
Version: 3.1.1+dfsg-1
Severity: normal

It seems calibre now needs a dependency on python3-regex package

calibre, version 3.1.1
ERROR: Startup error: There was an error during calibre startup. Parts of 
calibre may not function. Click Show details to learn more.

Traceback (most recent call last):
  File "/usr/lib/calibre/calibre/gui2/main.py", line 292, in 
initialize_db_stage2
self.start_gui(db)
  File "/usr/lib/calibre/calibre/gui2/main.py", line 227, in start_gui
main = self.main = Main(self.opts, gui_debug=self.gui_debug)
  File "/usr/lib/calibre/calibre/gui2/ui.py", line 160, in __init__
ac = self.init_iaction(action)
  File "/usr/lib/calibre/calibre/gui2/ui.py", line 174, in init_iaction
ac = action.load_actual_plugin(self)
  File "/usr/lib/calibre/calibre/customize/__init__.py", line 614, in 
load_actual_plugin
ac = getattr(importlib.import_module(mod), cls)(gui,
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
  File "/usr/lib/calibre/calibre/gui2/actions/catalog.py", line 13, in 
from calibre.gui2.tools import generate_catalog
  File "/usr/lib/calibre/calibre/gui2/tools.py", line 16, in 
from calibre.gui2.convert.single import NoSupportedInputFormats
  File "/usr/lib/calibre/calibre/gui2/convert/single.py", line 20, in 
from calibre.gui2.convert.search_and_replace import SearchAndReplaceWidget
  File "/usr/lib/calibre/calibre/gui2/convert/search_and_replace.py", line 11, 
in 
from calibre.gui2.convert.search_and_replace_ui import Ui_Form
  File "/usr/lib/calibre/calibre/gui2/convert/search_and_replace_ui.py", line 
155, in 
from regex_builder import RegexEdit
  File "/usr/lib/calibre/calibre/gui2/convert/regex_builder.py", line 18, in 

from calibre.ebooks.conversion.search_replace import 
compile_regular_expression
  File "/usr/lib/calibre/calibre/ebooks/conversion/search_replace.py", line 7, 
in 
import regex
  File "/usr/lib/calibre/regex/__init__.py", line 392, in 
  File "/usr/lib/calibre/regex/_regex_core.py", line 21, in 
  File "/usr/lib/calibre/calibre/constants.py", line 207, in __getitem__
raise KeyError('No plugin named %r'%name)
KeyError: "No plugin named '_regex'"

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (990, 'testing-debug'), (990, 'testing'), (500, 
'unstable-debug'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.17+ (SMP w/4 CPU cores)
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IN:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages calibre depends on:
ii  calibre-bin  3.1.1+dfsg-1
ii  fonts-liberation 1:1.07.4-2
ii  imagemagick  8:6.9.7.4+dfsg-11
ii  imagemagick-6.q16 [imagemagick]  8:6.9.7.4+dfsg-11
ii  libjs-coffeescript   1.10.0~dfsg-1
ii  libjs-mathjax2.7.0-2
ii  poppler-utils0.48.0-2
ii  python-apsw  3.16.2-r1-2
ii  python-beautifulsoup 3.2.1-1
ii  python-chardet   3.0.4-1
ii  python-cherrypy3 3.5.0-2
ii  python-cssselect 1.0.1-1
ii  python-cssutils  1.0-4.1
ii  python-dateutil  2.5.3-2
ii  python-dbus  1.2.4-1+b1
ii  python-feedparser5.1.3-3
ii  python-imaging   4.0.0-4
ii  python-lxml  3.7.3-1
ii  python-markdown  2.6.8-1
ii  python-mechanize 1:0.2.5-3
ii  python-netifaces 0.10.4-0.1+b2
ii  python-pil   4.0.0-4
ii  python-pkg-resources 36.0.1-1
ii  python-pyparsing 2.1.10+dfsg1-1
ii  python-pyqt5 5.7+dfsg-5
ii  python-pyqt5.qtsvg   5.7+dfsg-5
ii  python-pyqt5.qtwebkit5.7+dfsg-5
ii  python-regex 0.1.20170117-1
ii  python-routes2.3.1-2
ii  python2.72.7.13-2
ii 

Bug#929048: tracker-extract: Allocates between 5 and 10 GiB of memory when examining certain DDS files

[Andreas Henriksson]

Control: tags -1 + unreproducible

Hello Bálint Kovács,

Thanks for your bug report. I'm not able to reproduce this issue.
Possibly I don't have things installed that's actually used to
parse this file format. (The bug is likely in some underlying
library for the file format rather than in tracker(-extract) itself.)
Would be great if you could gather some more detailed debug information
as your current info is apparently not enough to reproduce the issue.
I'd suggest you install dbgsym packages and run gdb on the
tracker-extract process and try to break it and see where it's at, then
continue running, then breaking again repeat a number of times and
make sure you have all the dbgsym packages installed.

The output I get below FWIW.

On Thu, May 16, 2019 at 01:42:44AM +0100, Bálint Kovács wrote:
> Package: tracker-extract
> Version: 2.1.6-1
> Severity: critical
> Justification: breaks the whole system
[...]
> Full output from an affected file:
> 
> $ /usr/lib/tracker/tracker-extract -v 2 -f bad.dds
> 00:57
> ** Message: 00:57:52.901: Starting tracker-extract 2.1.6
> ** Message: 00:57:52.901: General options:
> ** Message: 00:57:52.901:   Verbosity    2
> ** Message: 00:57:52.901:   Sched Idle  ...  1
> ** Message: 00:57:52.901:   Max bytes (per file)  .  1048576
> (tracker-extract:9171): dconf-DEBUG: 00:57:52.901: watch_established:
> "/org/freedesktop/tracker/extract/" (establishing: 1)
> Setting scheduler policy to SCHED_IDLE
> Setting priority nice level to 19
> Loading extractor rules... (/usr/share/tracker-miners/extract-rules)
> Extractor rules loaded
> MIME type guessed as 'image/x-dds' (from GIO)
> ../../../glib/gmem.c:105: failed to allocate 65687 bytes
> 
[...]

For me the same commands finishes in about no time and without putting
any memory pressure on the system at all.

$ /usr/lib/tracker/tracker-extract -v 2 -f /tmp/dds_examples/bad.dds 
** Message: 16:40:49.858: Starting tracker-extract 2.1.6
** Message: 16:40:49.858: General options:
** Message: 16:40:49.858:   Verbosity    2
** Message: 16:40:49.858:   Sched Idle  ...  1
** Message: 16:40:49.858:   Max bytes (per file)  .
1048576
Setting scheduler policy to SCHED_IDLE
Setting priority nice level to 19
(tracker-extract:3683): dconf-DEBUG: 16:40:49.858: watch_established:
"/org/freedesktop/tracker/extract/" (establishing: 1)
Loading extractor rules... (/usr/share/tracker-miners/extract-rules)
Extractor rules loaded
MIME type guessed as 'image/x-dds' (from GIO)
@prefix rdf:  .
@prefix nmm:  .
@prefix nfo: 
.

 a nfo:Image , nmm:Photo .

Regards,
Andreas Henriksson

Processed: Re: tracker-extract: Allocates between 5 and 10 GiB of memory when examining certain DDS files

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + unreproducible
Bug #929048 [tracker-extract] tracker-extract: Allocates between 5 and 10 GiB 
of memory when examining certain DDS files
Added tag(s) unreproducible.

-- 
929048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929048
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#929600: slurm-llnl: FTBFS on 32-bit architectures

[Gennaro Oliva]

Hi Andreas,

I have updated the package to fix the bug number in the changelog and
it's now available at the same url:
 
https://people.debian.org/~oliva/slurm-llnl-16.05.9-1+deb9u4/

new debdiff attached, diffstat follows:

changelog |6 --
patches/CVE-2019-6438 |   11 ---
2 files changed, 17 deletions(-)

Regards,
-- 
Gennaro Oliva
diff -Nru slurm-llnl-16.05.9/debian/changelog 
slurm-llnl-16.05.9/debian/changelog
--- slurm-llnl-16.05.9/debian/changelog 2019-05-27 09:48:30.0 +0200
+++ slurm-llnl-16.05.9/debian/changelog 2019-02-12 23:34:26.0 +0100
@@ -1,9 +1,3 @@
-slurm-llnl (16.05.9-1+deb9u4) stretch-security; urgency=medium
-
-  * Fix build regression on 32-bits architecture (Closes: #929600) 
-
- -- Gennaro Oliva   Mon, 27 May 2019 09:48:30 +0200
-
 slurm-llnl (16.05.9-1+deb9u3) stretch-security; urgency=high
 
   * Fix CVE-2019-6438 by adding mitigation for a potential
diff -Nru slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 
slurm-llnl-16.05.9/debian/patches/CVE-2019-6438
--- slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 2019-05-27 
09:07:56.0 +0200
+++ slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 2019-02-12 
23:32:08.0 +0100
@@ -65,14 +65,3 @@
  void *slurm_try_xmalloc(size_t , const char *, int , const char *);
  void slurm_xfree(void **, const char *, int, const char *);
  void *slurm_xrealloc(void **, size_t, bool, const char *, int, const char *);
 slurm-llnl-16.05.9.orig/contribs/perlapi/libslurm/perl/slurm-perl.h
-+++ slurm-llnl-16.05.9/contribs/perlapi/libslurm/perl/slurm-perl.h
-@@ -17,7 +17,7 @@
- #endif
- 
- extern void slurm_xfree(void **, const char *, int, const char *);
--extern void *slurm_xmalloc(size_t, bool, const char *, int, const char *);
-+extern void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *);
- 
- extern void slurm_api_clear_config(void);
- 

Bug#929673: marked as done (Missing Breaks/Replaces for /usr/sbin/update-secureboot-policy)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 13:48:39 +
with message-id 
and subject line Bug#929673: fixed in shim-signed 1.32
has caused the Debian Bug report #929673,
regarding Missing Breaks/Replaces for /usr/sbin/update-secureboot-policy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929673
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: shim-signed-common
Version: 1.31+15+1533136590.3beb971-5
Severity: serious

Hi,

When updating today I get the following error:

Sélection du paquet shim-signed-common précédemment désélectionné.
Préparation du dépaquetage de 
.../4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb ...
Dépaquetage de shim-signed-common (1.31+15+1533136590.3beb971-5) ...
dpkg: erreur de traitement de l'archive 
/tmp/apt-dpkg-install-KW6IMd/4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb
 (--unpack) :
 tentative de remplacement de « /usr/sbin/update-secureboot-policy », qui 
appartient aussi au paquet shim-signed 1.30+15+1533136590.3beb971-5
Préparation du dépaquetage de 
.../5-shim-signed_1.31+15+1533136590.3beb971-5_amd64.deb ...
Dépaquetage de shim-signed:amd64 (1.31+15+1533136590.3beb971-5) sur 
(1.30+15+1533136590.3beb971-5) ...
Des erreurs ont été rencontrées pendant l'exécution :
 
/tmp/apt-dpkg-install-KW6IMd/4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb


-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed-common depends on:
ii  debconf [debconf-2.0]  1.5.72
ii  mokutil0.3.0+1538710437.fb6250f-1

shim-signed-common recommends no packages.

shim-signed-common suggests no packages.

-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: shim-signed
Source-Version: 1.32

We believe that the bug you reported is fixed in the latest version of
shim-signed, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93...@debian.org> (supplier of updated shim-signed package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 28 May 2019 14:23:54 +0100
Binary: shim-signed shim-signed-common
Source: shim-signed
Architecture: all amd64 arm64 i386 source
Version: 1.32
Distribution: unstable
Urgency: medium
Maintainer: Debian EFI Team 
Changed-By: Steve McIntyre <93...@debian.org>
Closes: 929673
Description: 
 shim-signed - Secure Boot chain-loading bootloader (Microsoft-signed binary)
 shim-signed-common - Secure Boot chain-loading bootloader (common helper 
scripts)
Changes:
 shim-signed (1.32) unstable; urgency=medium
 .
   * Add Breaks/Replaces to shim-signed-common for
 update-secureboot-policy etc. Closes: #929673
Checksums-Sha1: 
 4cb0a8029d0c94b3829889582ad86c46e3cd3e6d 1824 shim-signed_1.32.dsc
 c36ebc9e87f962d73bf583c27f00e9c768a49404 831096 shim-signed_1.32.tar.xz
 9c87a0597375ea9adbb56929149bc3b0a2340a3e 13124 
shim-signed-common_1.32+15+1533136590.3beb971-5_all.deb
 2fcec789f7b4c377fb90cacbe575af1f31ac9499 334436 
shim-signed_1.32+15+1533136590.3beb971-5_amd64.deb
 96bb8e644739419cec5218635c64c86ebee8f849 5892 shim-signed_1.32_amd64.buildinfo
 8b80f21d3bc635a1e4a5a7353d9dd79920ffcbd4 260408 
shim-signed_1.32+15+1533136590.3beb971-5_arm64.deb
 bd1acfe17b6eea764d191c71878262e8846738ab 4387 shim-signed_1.32_arm64.buildinfo
 0baa17b78a6b1a1fc3be9d5b39b3f2f396d5c932 310596 
shim-signed_1.32+15+1533136590.3beb971-5_i386.deb
 f926f71996839f6bc3731129f5e5e0a6e0628b89 4329 shim-signed_1.32_i386.buildinfo
Checksums-Sha256: 
 85cc7a2d6cb2b4322cccb416233f1e19edff345b2f36d1503a9e97a068f4ddae 1824 
shim-signed_1.32.dsc
 

Bug#927674: marked as done (CVE-2019-3902)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 13:48:25 +
with message-id 
and subject line Bug#927674: fixed in mercurial 4.8.2-1+deb10u1
has caused the Debian Bug report #927674,
regarding CVE-2019-3902
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
927674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mercurial
Version: 4.8.2-1
Severity: grave
Tags: security

See https://www.mercurial-scm.org/wiki/WhatsNew from 4.9:

This was assigned CVE-2019-3902:
It was possible to use symlinks and subrepositories to defeat Mercurial's 
path-checking
logic and write files outside a repository. This has been fixed. Users on older 
versions
can either disable subrepositories with [subrepos] allowed=false in their 
configuration
or by ensuring any cloned repositories don't contain malicious symlinks.

This is fixed in sid, but buster still has 4.8.2.

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: mercurial
Source-Version: 4.8.2-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 927...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau  (supplier of updated mercurial package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 28 May 2019 15:12:35 +0200
Source: mercurial
Architecture: source
Version: 4.8.2-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Python Applications Packaging Team 

Changed-By: Julien Cristau 
Closes: 927674
Changes:
 mercurial (4.8.2-1+deb10u1) buster; urgency=medium
 .
   * CVE-2019-3902: it was possible to use symlinks and subrepositories to
 defeat Mercurial's path-checking logic and write files outside a
 repository.  Closes: #927674.
Checksums-Sha1:
 cff0183b2698bf7a6110b68b93e723f7d5a7539e 2709 mercurial_4.8.2-1+deb10u1.dsc
 d241c4a9469658335be2598efe4aa622799433ac 64940 
mercurial_4.8.2-1+deb10u1.debian.tar.xz
Checksums-Sha256:
 e47f77a1f9555e4648e3331100318853dc81215531a18c41f731d93383038df1 2709 
mercurial_4.8.2-1+deb10u1.dsc
 5673d16057e140b74c0939e509a15dc4b67e18ee71cf806e9940896a42c9130c 64940 
mercurial_4.8.2-1+deb10u1.debian.tar.xz
Files:
 9d22866948086cdf106def717f0510bf 2709 vcs optional 
mercurial_4.8.2-1+deb10u1.dsc
 c5ca6e06557021f72276e4f7dbf2821d 64940 vcs optional 
mercurial_4.8.2-1+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlztOXYUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60p7w/5AV8UiWVmoaGzSRIE0uffya/9BUK4
V4SFBrWpgKIyK1qYovIcghiHrgtJFB7HHwFz/ICWkNPLz0ujGJvmeV1AJaqTbVLc
Tuh84tek6wGC2+Ei9Sg0Mzs6jkznQzXppW2nbi5lBGclXP3S5jL8TxxyP4e/ZTel
uj4XesmkJNoIc2TCGQJXOBVBtq3Vit1gMFsg0dxgIoO7kxFReK62hsbvD9mZtQUP
WFV3DFlIw5p2VRtvJ5uvQvyKavOob14BWSDc6vW7Kz07iwZQCemiYRzwARoj8LuU
lU5X8lKTJ4Te+ZZlWe0jPNB0Batnha0MMqHvNq6YrRLZouAiEOHIY/f+Cf6r3kxh
LVIryr4HynHuwKEFfClb2uimKKpk2tWoT2HdjAYwPOzMP6OkQaeqCWR+GhrPJqA0
3WZuBuVzFtdcaMqEOK4PxOaK+D5RGl1WsQl3+ozkU4NzWFWXH6EfdoP35815iAbR
piTJ7xE6dpNaCXFQKnPU96cmOBT1YRU8ip7vCyiBDP3C6fBfR6mPx6jELCLwANix
95eU2BGDfGGh+JXzzEJhUCON4KIdId8uUoKoB3iDbNOkeDqzMH3zJLUGzJFPuVyB
KyOqlO3f740ofnFcn/B8SPY5ptKMNvg88SKCxmabwXOGb41Z8SnAvEwdwPq0YEl/
uYTKlMMuJWZetXU=
=tIsK
-END PGP SIGNATURE End Message ---

Bug#929618: closed by tony mancill (Bug#929618: fixed in t-digest 1:3.0-2)

[tony mancill]

On Tue, May 28, 2019 at 09:26:24AM +0200, Andreas Beckmann wrote:
> On 2019-05-28 07:21, Debian Bug Tracking System wrote:
> >* Use debhelper 12 and dh sequencer; drop cdbs build-dep
> 
> You won't get that unblocked for buster.

My initial plan was to simply file an RM bug.  The package has a popcon
of 5 and I wasn't able to find any reverse dependencies.  But when I
took a look at the upstream package, I thought that it might be useful
to some and so decided to update it.

Given how late it is in the freeze, I wasn't considering filing an
unblock request.  For what it's worth, debhelper 12 is part of buster
and the resulting binary packages are identical:

> debdiff t-digest_3.0-1_amd64.changes t-digest_3.0-2_amd64.changes
> File lists identical (after any substitutions)
> 
> Control files of package libt-digest-java: lines which differ (wdiff format)
> 
> Version: [-1:3.0-1-] {+1:3.0-2+}
> 
> Control files of package libt-digest-java-doc: lines which differ (wdiff 
> format)
> 
> Version: [-1:3.0-1-] {+1:3.0-2+}

So I think that a user of buster could easily build a package from the
sources in unstable.

All that said, if someone needs t-digest to be part of buster, please
feel free to revert the cdbs/debhelper change and upload a 1:3.0-3
package.

Cheers,
tony


signature.asc
Description: PGP signature

Processed: affects 929406, user debian...@lists.debian.org, usertagging 926180, affects 926180

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 929406 + libhdf5-openmpi-dev libhdf5-dev libhdf5-jni hdf5-tools 
> libhdf5-mpich-dev
Bug #929406 
[libhdf5-103-1,libhdf5-cpp-103-1,libhdf5-mpich-103-1,libhdf5-mpich-cpp-103-1,libhdf5-openmpi-103-1,libhdf5-openmpi-cpp-103-1]
 hdf5: libhdf5-*103-1 missing Breaks+Replaces: libhdf5-*103
Added indication that 929406 affects libhdf5-openmpi-dev, libhdf5-dev, 
libhdf5-jni, hdf5-tools, and libhdf5-mpich-dev
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 926180 piuparts
There were no usertags set.
Usertags are now: piuparts.
> affects 926180 + scilab-minimal-bin
Bug #926180 [src:scilab] scilab: FTBFS on all
Added indication that 926180 affects scilab-minimal-bin
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926180
929406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929406
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#927942: marked as done (gucharmap: FTBFS with unicode-data >= 12)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 12:48:30 +
with message-id 
and subject line Bug#927942: fixed in gucharmap 1:11.0.3-3
has caused the Debian Bug report #927942,
regarding gucharmap: FTBFS with unicode-data >= 12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
927942: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gucharmap
Version: 1:11.0.3-2
Severity: serious
Justification: Policy 4.2

unicode-data 12.0.0 is now in unstable/testing (Buster).
gucharmap FTBFS with this;

In file included from gucharmap-unicode-info.c:33:
unicode-versions.h:331:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_0’ undeclared 
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_11_0’?
  331 |   { 0x0C77, 0x0C77, GUCHARMAP_UNICODE_VERSION_12_0 },
  | ^~
  | GUCHARMAP_UNICODE_VERSION_11_0
unicode-versions.h:863:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_1’ undeclared 
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_2_1’?
  863 |   { 0x32FF, 0x32FF, GUCHARMAP_UNICODE_VERSION_12_1 },
  | ^~
  | GUCHARMAP_UNICODE_VERSION_2_1

regards
Alastair McKinstry



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_IE.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: gucharmap
Source-Version: 1:11.0.3-3

We believe that the bug you reported is fixed in the latest version of
gucharmap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 927...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hideki Yamane  (supplier of updated gucharmap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 28 May 2019 21:16:55 +0900
Source: gucharmap
Architecture: source
Version: 1:11.0.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Hideki Yamane 
Closes: 927942
Changes:
 gucharmap (1:11.0.3-3) unstable; urgency=medium
 .
   * Team upload
   * debian/patches
 - add update-to-unicode-12.1.patch to built with unicode-data
   12.1~pre1 (Closes: #927942)
Checksums-Sha1:
 8ce4af613c438bc83e1dcd933e98d2912d2a44de 2593 gucharmap_11.0.3-3.dsc
 570e443262838a295f21b18a237f957d7ee4e70f 13044 gucharmap_11.0.3-3.debian.tar.xz
 e6714b1f9bd35177909a95ffb0d087b685c5a10d 17326 
gucharmap_11.0.3-3_amd64.buildinfo
Checksums-Sha256:
 9433757417248585fd697ea37703ca28d139aff81846e7eecdb191de703aa342 2593 
gucharmap_11.0.3-3.dsc
 f6e452aef193676eedfe3ca00a23c8d3426732232463ad55e9567b4de2116853 13044 
gucharmap_11.0.3-3.debian.tar.xz
 3e9010f57a11593305d14b87a36cf33c2ef226b688bf638908cdf48a5b29026f 17326 
gucharmap_11.0.3-3_amd64.buildinfo
Files:
 d4baa0a26358c4895a44c0217258fba4 2593 gnome optional gucharmap_11.0.3-3.dsc
 55785d365468933bf53a739be1d67e79 13044 gnome optional 
gucharmap_11.0.3-3.debian.tar.xz
 cf7b5da46acb84e22b161beaf734cb28 17326 gnome optional 
gucharmap_11.0.3-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEWOEiL5aWyIWjzRBMXTKNCCqqsUAFAlztKUEACgkQXTKNCCqq
sUAVHA//e5iu6Or6eD22xE/MVArkuAkE2QXAjR1JhMb1fmmbfPeeGADeiPVr/9tz
lLYZbKiFYi90isfZtbrnQ+nfjYTm7/TPE7VeUxQAF2CbO9DiEnUSFaLNYdCPE8NH
6NxQrvj04JDtA6qDgXZA7gNxH1T8++uT/saC0XSbJT0kx0f7l/tB1w07tOPcJeIa
nKGkoDQ61e1QHkQw4xrGmQZGjmAGw9UYyxqYic1puAcizAJBxlYTwAVf23RoG2Jv
lBwmAE15QkSrZbJDUKEUyZULsydAhskC6kmMxssgIc9r6n+TuYMEUkzaKjK/8KOX
Ii5tteuYJnsX2gkH5npKnbnvz+h6/k6JVrR0ydtXZi3sefqrxO5pHm6s9/ojr+vI
cQpYCSuh3vUhlEDL5uMrEOiBUclXP928V92rU3HEcx1SyEJJ/FbxXpNgDtntbES9
UN/FtEZs7Ruw0na9NlyVyimwzwnVpJjs6F7rIKPSxbn0dd5G8P6Jtj+zWNjx4e7j
UqmMu8qKzz/FxVxxSWQsiSOQOAfbuuotWCtpwP7UuS7FFcRFkNM4KOVydLX9Ouni

Bug#927942: marked as pending in gucharmap

[Hideki Yamane]

Control: tag -1 pending

Hello,

Bug #927942 in gucharmap reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/gnome-team/gucharmap/commit/fe401950cdf5cb5601a6df79be13345e86f6880d


update changelog (Closes: #927942)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/927942

Processed: Bug#927942 marked as pending in gucharmap

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #927942 [src:gucharmap] gucharmap: FTBFS with unicode-data >= 12
Added tag(s) pending.

-- 
927942: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#929673: Missing Breaks/Replaces for /usr/sbin/update-secureboot-policy

[Laurent Bigonville]

Package: shim-signed-common
Version: 1.31+15+1533136590.3beb971-5
Severity: serious

Hi,

When updating today I get the following error:

Sélection du paquet shim-signed-common précédemment désélectionné.
Préparation du dépaquetage de 
.../4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb ...
Dépaquetage de shim-signed-common (1.31+15+1533136590.3beb971-5) ...
dpkg: erreur de traitement de l'archive 
/tmp/apt-dpkg-install-KW6IMd/4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb
 (--unpack) :
 tentative de remplacement de « /usr/sbin/update-secureboot-policy », qui 
appartient aussi au paquet shim-signed 1.30+15+1533136590.3beb971-5
Préparation du dépaquetage de 
.../5-shim-signed_1.31+15+1533136590.3beb971-5_amd64.deb ...
Dépaquetage de shim-signed:amd64 (1.31+15+1533136590.3beb971-5) sur 
(1.30+15+1533136590.3beb971-5) ...
Des erreurs ont été rencontrées pendant l'exécution :
 
/tmp/apt-dpkg-install-KW6IMd/4-shim-signed-common_1.31+15+1533136590.3beb971-5_all.deb


-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed-common depends on:
ii  debconf [debconf-2.0]  1.5.72
ii  mokutil0.3.0+1538710437.fb6250f-1

shim-signed-common recommends no packages.

shim-signed-common suggests no packages.

-- debconf information excluded

Bug#929527: [pkg-netfilter-team] Bug#929527: /usr/sbin/xtables-nft-multi: restoring IP Tables with an self-defined chain segfaults in libnftnl.so

[Arturo Borrero Gonzalez]

On 5/27/19 12:29 PM, Arturo Borrero Gonzalez wrote:
> On 5/25/19 6:49 PM, Thomas Lamprecht wrote:
>> Package: iptables
>> Version: 1.8.2-4
>> Severity: grave
>> File: /usr/sbin/xtables-nft-multi
>> Justification: renders package unusable by segfaulting on usage
>>
>> Reproducer:
>> # cat simple-segv-table
>> *filter
>> :NEW-OUTPUT - [0:0]
>> -A OUTPUT -j NEW-OUTPUT
>> -F NEW-OUTPUT
>> -A NEW-OUTPUT -j ACCEPT
>> COMMIT
>>
>> # iptables ./simple-segv-table
>> Segmentation fault
>>
>> # dmesg | tail -1
>> [12860.813350] traps: iptables-restor[19173] general protection 
>> ip:7f4894682793 sp:7ffcedc177d0 error:0 in 
>> libnftnl.so.11.0.0[7f4894677000+17000]
>>
>> # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0  -fCi $(printf 
>> "%x" $[0x7f2cb9882793 - 0x7f2cb9877000])
>> nftnl_batch_is_supported
>> ??:?
>>
> 
> I can reproduce this.
> 
> I'm already looking for a fix.
> 

This should be fixed in iptables 1.8.3, which just got released.

Processed: pluginhook: diff for NMU version 0~20150216.0~a320158-2.1

[Debian Bug Tracking System]

Processing control commands:

> tags 902959 + patch
Bug #902959 [src:pluginhook] pluginhook: switch Build-Depends to 
golang-golang-x-crypto-dev
Added tag(s) patch.
> tags 902959 + pending
Bug #902959 [src:pluginhook] pluginhook: switch Build-Depends to 
golang-golang-x-crypto-dev
Added tag(s) pending.

-- 
902959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902959
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#902959: pluginhook: diff for NMU version 0~20150216.0~a320158-2.1

[Keng-Yu Lin]

Control: tags 902959 + patch
Control: tags 902959 + pending

Dear maintainer,

I've prepared an NMU for pluginhook (versioned as 0~20150216.0~a320158-2.1) and
I am looking for a sponsor to uploaded it to DELAYED/7.
Please feel free to tell me if I should delay it longer.

Regards.
diff -Nru pluginhook-0~20150216.0~a320158/debian/changelog pluginhook-0~20150216.0~a320158/debian/changelog
--- pluginhook-0~20150216.0~a320158/debian/changelog	2015-07-01 15:31:36.0 +0800
+++ pluginhook-0~20150216.0~a320158/debian/changelog	2019-05-28 15:47:36.0 +0800
@@ -1,3 +1,20 @@
+pluginhook (0~20150216.0~a320158-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+- Replace golang-go.crypto-dev with golang-golang-x-crypto-dev
+  in Build-Depends. (Closes: #902959)
+- Bump Standards-Version to 4.3.0
+
+debian/control:
+  - Changed Priority from extra to optional, since the priority
+extra has been deprecated in Debian Policy version 4.0.1.
+
+debian/rules:
+  - override_auto_build to build in PIE mode, fixing the lintian
+warnings: hardening-no-relro and hardening-no-pie.
+
+ -- Keng-Yu Lin   Tue, 28 May 2019 15:47:36 +0800
+
 pluginhook (0~20150216.0~a320158-2) unstable; urgency=medium
 
   * Fix crypto's sub-repo import path (Closes: #790681)
diff -Nru pluginhook-0~20150216.0~a320158/debian/control pluginhook-0~20150216.0~a320158/debian/control
--- pluginhook-0~20150216.0~a320158/debian/control	2015-07-01 15:25:29.0 +0800
+++ pluginhook-0~20150216.0~a320158/debian/control	2019-05-28 15:47:36.0 +0800
@@ -1,14 +1,14 @@
 Source: pluginhook
 Section: utils
-Priority: extra
+Priority: optional
 Maintainer: Alessio Treglia 
 Build-Depends:
  debhelper (>= 9~),
  dh-golang,
  golang-go,
- golang-go.crypto-dev,
+ golang-golang-x-crypto-dev,
  golang-godebiancontrol-dev
-Standards-Version: 3.9.6
+Standards-Version: 4.3.0
 Homepage: http://github.com/progrium/pluginhook
 
 Package: pluginhook
diff -Nru pluginhook-0~20150216.0~a320158/debian/rules pluginhook-0~20150216.0~a320158/debian/rules
--- pluginhook-0~20150216.0~a320158/debian/rules	2015-07-01 15:25:29.0 +0800
+++ pluginhook-0~20150216.0~a320158/debian/rules	2019-05-28 15:47:36.0 +0800
@@ -2,12 +2,14 @@
 
 export DH_OPTIONS
 export DH_VERBOSE=1
-
 export DH_GOPKG := github.com/progrium/pluginhook
 
 %:
 	dh $@ --buildsystem=golang --with=golang
 
+override_dh_auto_build:
+	dh_auto_build -O--buildsystem=golang -- -buildmode=pie
+
 override_dh_auto_install:
 	dh_auto_install
 	rm -rf $(CURDIR)/debian/pluginhook/usr/share

Bug#927674: CVE-2019-3902

[Julien Cristau]

On Sun, May 26, 2019 at 09:07:11PM +0200, Moritz Mühlenhoff wrote:
> On Sun, Apr 21, 2019 at 12:32:13AM +0200, Moritz Muehlenhoff wrote:
> > Source: mercurial
> > Version: 4.8.2-1
> > Severity: grave
> > Tags: security
> > 
> > See https://www.mercurial-scm.org/wiki/WhatsNew from 4.9:
> > 
> > This was assigned CVE-2019-3902:
> > It was possible to use symlinks and subrepositories to defeat Mercurial's 
> > path-checking
> > logic and write files outside a repository. This has been fixed. Users on 
> > older versions
> > can either disable subrepositories with [subrepos] allowed=false in their 
> > configuration
> > or by ensuring any cloned repositories don't contain malicious symlinks.
> > 
> > This is fixed in sid, but buster still has 4.8.2.
> 
> A month later this is still unfixed in buster. Does anyone care about having 
> this
> in a stable release? Probably not, because noone cared about stretch already 
> either:
> https://security-tracker.debian.org/tracker/source-package/mercurial
> 
So initially my hope was to get 4.9 in buster, however that failed due
to reverse deps (hg-git and tortoisehg) not being ready in time.

And since I don't read bug mail I missed your messages here.

> If that's the case, let's drop it from buster?
> 
Let's not... I'll see what I can do.

Cheers,
Julien

Bug#769798: marked as done (openswan-modules-dkms: module FTBFS with linux-headers-3.2.0-4-amd64 3.2.63-2+deb7u1)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 10:05:18 +0200
with message-id 
and subject line openswan has been removed rom Debian
has caused the Debian Bug report #769798,
regarding openswan-modules-dkms: module FTBFS with linux-headers-3.2.0-4-amd64 
3.2.63-2+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
769798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openswan-modules-dkms
Version: 1:2.6.37-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

openswan-modules-dkms fails to build a module for the current wheezy
kernel:

  CC [M]  /var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.o
/var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.c: In function 
'ipsec_xmit_ipip':
/var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.c:1235:3: warning: 
passing argument 1 of 'ip_select_ident' from incompatible pointer type [enabled 
by default]
/usr/src/linux-headers-3.2.0-4-common/include/net/ip.h:292:20: note: expected 
'struct sk_buff *' but argument is of type 'struct iphdr *'
/var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.c:1235:3: warning: 
passing argument 2 of 'ip_select_ident' from incompatible pointer type [enabled 
by default]
/usr/src/linux-headers-3.2.0-4-common/include/net/ip.h:292:20: note: expected 
'struct sock *' but argument is of type 'struct dst_entry *'
/var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.c:1235:3: error: too 
many arguments to function 'ip_select_ident'
/usr/src/linux-headers-3.2.0-4-common/include/net/ip.h:292:20: note: declared 
here
make[4]: *** [/var/lib/dkms/openswan/2.6.37/build/modobj26/ipsec_xmit.o] Error 1


Full log attached.


Cheers,

Andreas

(I'm not interested in using this kernel module, just doing QA)


make.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Version: 1:2.6.38-1+rm

openswan was last released with Debian 7.0 (wheezy) in May 2013
and was removed from the Debian archive afterwards.
See https://bugs.debian.org/736557 for details on the removal.
Since support for wheezy and wheezy-LTS has now ended and the suites
have been archived, I'm closing all the remaining bugs reported against
this package.


Andreas--- End Message ---

Bug#929618: closed by tony mancill (Bug#929618: fixed in t-digest 1:3.0-2)

[Andreas Beckmann]

On 2019-05-28 07:21, Debian Bug Tracking System wrote:
>* Use debhelper 12 and dh sequencer; drop cdbs build-dep

You won't get that unblocked for buster.


Andreas

Bug#929067: marked as done (Support for MDS)

[Debian Bug Tracking System]

Your message dated Tue, 28 May 2019 07:18:46 +
with message-id 
and subject line Bug#929067: fixed in qemu 1:3.1+dfsg-8
has caused the Debian Bug report #929067,
regarding Support for MDS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929067
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qemu-system-x86
Severity: grave
Tags: security

These are not upstreamed due to the embargo period, but I'm attaching
the 3.1 patches from Ubuntu 19.04.

Cheers,
Moritz
>From a57fa50701c6a0fbe5ac7dbcc314c3c970bff899 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini 
Date: Fri, 1 Mar 2019 21:40:52 +0100
Subject: [qemu PATCH] target/i386: define md-clear bit

md-clear is a new CPUID bit which is set when microcode provides the
mechanism to invoke a flush of various exploitable CPU buffers by invoking
the VERW instruction.  Add the new feature, and pass it down to
Hypervisor.framework guests.

Signed-off-by: Paolo Bonzini 

[Backported to qemu 3.1 - sbeattie]

---
The last hunk is only needed for OS X, but anyway this is going
to be the patch that will be committed upstream.

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

 target/i386/cpu.c   | 2 +-
 target/i386/cpu.h   | 1 +
 target/i386/hvf/x86_cpuid.c | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d990070c59..16da90562c 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1075,7 +1075,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = 
{
 .feat_names = {
 NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
 NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
+NULL, NULL, "md-clear", NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, "pconfig", NULL,
 NULL, NULL, NULL, NULL,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 26412f15eb..cbfab1a421 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -692,6 +692,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 
 #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network 
Instructions */
 #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation 
Single Precision */
+#define CPUID_7_0_EDX_MD_CLEAR  (1U << 10) /* Microarchitectural Data 
Clear */
 #define CPUID_7_0_EDX_PCONFIG (1U << 18)   /* Platform Configuration */
 #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
 #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
index 9874a46e92..f76ba50424 100644
--- a/target/i386/hvf/x86_cpuid.c
+++ b/target/i386/hvf/x86_cpuid.c
@@ -103,7 +103,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t 
idx,
 }
 
 ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
-edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
+edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS | 
\
+   CPUID_7_0_EDX_MD_CLEAR;
 } else {
 ebx = 0;
 ecx = 0;
-- 
2.20.1

From: Paolo Bonzini 
Subject: [PATCH] target/i386: add MDS-NO feature

Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.

Some Intel processors use the ARCH_CAP_MDS_NO bit in the IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to guests.

Signed-off-by: Paolo Bonzini 
--
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 722c5514d4..558347e6c3 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1184,7 +1184,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = 
{
 .type = MSR_FEATURE_WORD,
 .feat_names = {
 "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-"ssb-no", NULL, NULL, NULL,
+"ssb-no", "mds-no", NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,

--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:3.1+dfsg-8

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the 

Processed: tagging 928311, severity of 909196 is important

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 928311 + sid
Bug #928311 [geany-plugin-spellcheck] geany-plugin-spellcheck : Depends: 
geany-abi-18176 but it is not installable
Added tag(s) sid.
> severity 909196 important
Bug #909196 [geany-plugin-webhelper] geany: webhelper seems ported to 
webkit2gtk, please reenable it
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
909196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909196
928311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems