Hi Dominik,
On 26/12/18 2:16 am, Dominik George wrote:
> Heisann, alle sammen,
>
> as announced in the recent thread about maintaining, I hereby propose a
> repository that allows making “backports” of packages available to users
> of the stable distribution, if those packages cannot be
Hey,
On Mon, Aug 19, 2019 at 8:27 PM Julien Puydt
wrote:
> Hi,
>
> Le 19/08/2019 à 15:23, Pirate Praveen a écrit :
> > On 2019, ഓഗസ്റ്റ് 19 6:26:14 PM IST, Julien Puydt <
> julien.pu...@laposte.net> wrote:
> >> Hi,
> >>
> >> Le 16/08/2019 à 18:49, Pirate Praveen a écrit :
> >>> Try removing
Hey,
On 24/07/19 10:53 am, Salvatore Bonaccorso wrote:
> Hey!
>
> On Wed, Jul 24, 2019 at 10:43:40AM +0530, Utkarsh Gupta wrote:
>> Hey Salvatore,
>>
>> On Tue, 16 Jul 2019 21:07:05 + Salvatore Bonaccorso
>> wrote:
>>> Source: ruby-mini-magick
>
Hey Salvatore,
On Tue, 16 Jul 2019 21:07:05 + Salvatore Bonaccorso
wrote:
> Source: ruby-mini-magick
> Source-Version: 4.9.2-1+deb10u1
>
> We believe that the bug you reported is fixed in the latest version of
> ruby-mini-magick, which is due to be installed in the Debian FTP archive.
Where
Package: telegram-desktop
Version: 1.8.8-1
Severity: grave
Dear Maintainer,
While opening up telegram-desktop, I encountered the following problems:
Could not start Telegram Desktop!
You can see complete log below:
[2019.09.22 15:07:07] Executable path before check:
/usr/bin/telegram-desktop
Hi Dmitry,
On Sat, 02 Nov 2019 11:13:57 +1100 Dmitry Smirnov
wrote:
> Package: gitlab
> Version: 12.2.9-1
> Severity: serious
> Usertags: dfsg
>
>
> In most recent upload Utkarsh Gupta circumvented legitimate Lintian error
>
>
> E: gitlab source: source-is-mis
required :)
Requesting you to fix the same at the earliest.
Best,
Utkarsh
Description: Add patch to fix CVE-2019-14824.
For deref plugin we are only concerned with "read" access, not
"search" access. Removed the SLAPI_ACL_SEARCH right flag when
checking access for an a
rliest :)).
Hope this helps and gets this fixed asap :)
Best,
Utkarsh
Description: This patch fixes CVE-2019-18849.
Fix strdup() on possibly unterminated string.
Author: Paul Dreik
Author: Utkarsh Gupta
Origin: https://github.com/verdammelt/tnef/pull/40
Bug-Debian: https://bugs.debian.org/9
Hiya,
On Sat, Dec 21, 2019 at 3:51 PM Paul Gevers wrote:
> Your package has an autopkgtest, great. However, I noticed that without
> any change from your side it started failing, and while doing so also
> doesn't finish, hence timing out on ci.debian.net. Obviously this isn't
> your fault, but
Hi all,
Thank you for reporting this.
This, indeed, was a regression and has been fixed in +deb8u2 now.
The announcement for the same could be found here[1].
Best,
Utkarsh
---
[1]: https://lists.debian.org/debian-lts-announce/2020/03/msg3.html
Package: chef
Version: 13.8.7-4
Severity: critical
Dear Maintainer,
chef currently doesn't have support for Ruby2.7 and the latest version
of bundler, that is, 2.1.4.
The logs for Ruby2.7 failures are as follows:
Package: klayout
Version: 0.26.2-1
Severity: critical
User pkg-ruby-extras-maintain...@lists.alioth.debian.org
Usertags: ruby2.7-transition
Dear Maintainer,
There's FTBFS against Ruby2.7 on different architectures which is
blocking our transition going on right now.
I reported this upstream, too
Package: ruby-serverengine
Version: 2.2.0-1
Severity: critical
User pkg-ruby-extras-maintain...@lists.alioth.debian.org
Usertags: ruby2.7-transition
Dear Maintainer,
Whilst building ruby-serverengine against Ruby2.5 and Ruby2.7, I
noticed that all the tests are failing and at one point, the
Control: tag -1 pending
Hello,
Bug #952162 in golang-github-karlseguin-expect reported by you has been fixed
in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Hi all,
On Sun, Mar 8, 2020 at 1:15 PM Hideki Yamane wrote:
> I've investigated it and it seems that failure happens with ruby-rspec
> 3.9.0c1e0m1s2-1, not 3.8.0c0e1m0s0-1 in buster.
Hm, interesting.
Could someone take a look at this whenever free?
I, myself, don't have enough time to take a
Hi Nils,
On Sat, 30 May 2020 15:34:30 +0200 Nils Dagsson Moskopp
wrote:
> a friend just suggested that I try the “micro” text editor.
> I installed the software using “sudo apt-get install micro”.
Great, thank you for choosing to do so!
> I executed the command “micro” from a terminal. Instead
Package: nheko
Version: 0.7.2-3
Severity: grave
Dear maintainer,
Whilst trying to open nheko, it fails to open with the following message:
```
$ nheko
nheko: symbol lookup error: nheko: undefined symbol: _ZTIN3fmt2v612format_errorE
```
Is that known? Any idea what caused this regression or
Hi Hubert,
On Tue, Dec 29, 2020 at 11:17 PM Hubert Chathi wrote:
> Hmm. Can you try installing libfmt7 (from sid) and see if that fixes
> it?
The issue could be fixed by rebuilding nheko against the newly updated
libfmt-dev version. I've prepared and pushed a fix to the salsa
repository. If
Hi Praveen,
On Wed, Dec 2, 2020 at 8:06 PM Pirate Praveen wrote:
> I can see there is already a patch for relaxing faraday.
> https://salsa.debian.org/puppet-team/ruby-puppet-forge/-/blob/master/debian/patches/002_loosen_deps.patch
> This will need to be extended to cover ruby-faraday-middleware
Hi Hubert,
On Thu, Dec 31, 2020 at 3:21 AM Hubert Chathi wrote:
> binNMU requested at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978722
>
> Apparently waiting for an update to spdlog.
Awesome, thanks for processing this!
- u
Hi Sébastien,
On Thu, Jan 21, 2021 at 12:42 PM Sébastien Delafond wrote:
> > Aah, okay. So I ran sbuild + autopkgtest 10 times, all passed for me.
> > But when I ran these tests locally with rake, it failed for me exactly
> > like the report just for the first time. And then passed all 9 times
>
On Thu, Jan 21, 2021 at 12:50 PM Sébastien Delafond wrote:
> I'm not expecting upstream to fix it either, but it'd feel more
> comfortable to close this bug on our side while still linking to an
> existing upstream issue.
Of course. Here it is: https://github.com/samwoods1/in-parallel/issues/8
Hi Sébastien,
On Thu, Jan 21, 2021 at 11:51 AM Utkarsh Gupta wrote:
> I've started to look into it already but I wasn't able to reproduce
> it. All tests pass for me + autopkgtest (which is what I fixed last
> time). So I am not sure what's going wrong here.
Aah, okay. So I r
Hi Sébastien,
On Thu, Jan 21, 2021 at 11:37 AM Sébastien Delafond wrote:
> since you took care of the last upload, do you also plan to fix this
> FTBFS? If not, please let me know and I'll look into it.
I've started to look into it already but I wasn't able to reproduce
it. All tests pass for
Hi Salvatore,
On Sun, Jan 3, 2021 at 1:34 AM Salvatore Bonaccorso wrote:
> Not any right now. Well there is CVE-2020-26247 but that one might be
> too risky at this stage (AFAIU it is a breaking change, and thus ws
> moved to the 1.11.x version).
Lucas uploaded a new version, thereby fixing
Hi Salvatore,
On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > Of course. Uploaded a fix! :)
> > (thanks for the explicit CC, please do it next time as well if you
> > want me to take care of something which falls under the Ruby team).
>
> Thanks! About the explicit CC, well
Hello,
On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> While strictly speaking this issue is no-dsa for buster, I'm raising
> the severity to RC, would it be possible to address this issue for
> unstable (and so bullseye) before the freeze?
Of course. Uploaded a fix! :)
(thanks for
Hello,
On Fri, Dec 11, 2020 at 2:52 PM Pirate Praveen wrote:
> On Wed, 2 Dec 2020 22:11:27 +0100 Paul Gevers wrote:
> > I love tests. As one of the maintainers of the ci.debian.net
> > infrastructure, I really do. However, with my Release Team member hat
> > on, I'm asking you to stop
Hi,
On Mon, Feb 1, 2021 at 9:48 PM Julien Cristau wrote:
> stretch is EOL, so I am not planning on touching it myself.
> Cc:ing the team that looks after stretch-lts in case they want to handle
> this.
Thanks, I'll start to take a look at it.
IIUC, this commit[1] needs a backport to stretch,
Hi Jose,
Patch attached. Please let me know if I can upload to unstable
directly? This also needs to go to buster-pu.
Let me know if you have questions or concerns.
- u
--- a/src/term.c
+++ b/src/term.c
@@ -1176,6 +1176,11 @@
case 'E':
scr_add_lines((unsigned char *)
Hi Jose,
On Thu, Jun 10, 2021 at 11:08 PM Jose Antonio Jimenez Madrid
wrote:
> Thank you so much Utkarsh for the patch,
Of course, no problem! :)
> Please, upload it to unstable, as I have to upload it by Debian Mentors
> so it will reach testing faster if you upload it to fix this security
Hello,
That's pretty unfortunate what happened. Since I fixed this in jessie
(back when it was LTS), I'll take care of stretch (now that it's LTS)
and subsequently buster as well. Thanks!
Hi Håvard,
On Tue, May 11, 2021 at 3:09 AM Håvard Flaget Aasen
wrote:
> I wasn't aware this versioning could be a problem.
Yep, a big one sometimes :)
> I can make a release to buster if you want. I would need a sponsor
> though, so if your determined, I won't rip it out of your hands.
That'd
Hi Håvard,
On Wed, May 12, 2021 at 9:05 PM Håvard Flaget Aasen
wrote:
> Thanks for the sponsoring Utkarsh!
You're very welcome! :)
> I made a package for stretch as well, and uploaded it to mentors. [0]
> Though I'm not sure about this lts stuff. So far this package I made
> just targets
Hi Håvard,
On Wed, May 12, 2021 at 2:11 AM Håvard Flaget Aasen
wrote:
> I've got the release ready for buster and uploaded it to mentors [0]. I
> also sent a request to the RM, for buster-pu, but haven't got any
> response yet [1].
Thanks for the buster update; uploaded! \o/
You'll not receive
Hi Paul,
On Fri, Jun 4, 2021 at 1:38 AM Paul Gevers wrote:
> > You haven't answered my question: "does rails still work with the old
> > version of ruby-marcel and can the version bump be reverted"
>
> Ping. Without a proper answer, I can't decide.
Thanks, I'm yet to figure that out and
Hi Paul,
On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers wrote:
> This new rails version renewed its versioned dependency on ruby-marcel.
> The new ruby-marcel version doesn't look like a targeted fix, so it
> doesn't fit the freeze policy. If I read the changelog correctly, this
> dependency is
Hello,
On Tue, Feb 2, 2021 at 5:09 PM Utkarsh Gupta wrote:
> On Mon, Feb 1, 2021 at 9:48 PM Julien Cristau wrote:
> > stretch is EOL, so I am not planning on touching it myself.
> > Cc:ing the team that looks after stretch-lts in case they want to handle
> > this.
>
>
Hello,
On Wed, Feb 10, 2021 at 6:56 PM Utkarsh Gupta wrote:
> I'll take care of fixing stretch and jessie and I am aware of all this
> since I was the one who got this CVE assigned! :D
Somewhat related, I also got CVE-2021-27135 assigned for xterm.
I'll take care of the updates when the
On Wed, Feb 10, 2021 at 6:56 PM Utkarsh Gupta wrote:
> I'll take care of fixing stretch and jessie and I am aware of all this
> since I was the one who got this CVE assigned! :D
Oh, I forgot to mention, I say this with my LTS and ELTS hat on!^
But in case if you want to work on the p
Hi Axel,
On Wed, Feb 10, 2021 at 5:17 PM Axel Beckert wrote:
> Thanks for the heads up! Hadn't notice that upstream bug report
> yesterday, but I do have it in my inbox.
>
> https://savannah.gnu.org/bugs/?60030 got locked down in the meanwhile
> as it seems.
>
> Can you keep me in the loop wrt.
Hi Ivo,
On Fri, Mar 19, 2021 at 3:41 AM Ivo De Decker wrote:
> Note that this doesn't actually ensure that it doesn't fail. The 'else' case
> only happens when the if statement fails, so when the hook doesn't exist. But
> when the hook script fails for some reason, dpkg will still abort. I think
Control: tag -1 pending
Hello,
Bug #984539 in debian-security-support reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Control: tag -1 pending
Hello,
Bug #984539 in debian-security-support reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Awesome, thank you for the confirmation. I've rolled out the
announcement and published the website update.
Thanks, everyone! \o/
- u
Hi Praveen,
On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen wrote:
> It looks like we will have to remove ruby-vcr and we will have to
> disable tests for the following packages. I don't think there is
> another way, thoughts?
Maybe worth opening an issue upstream and discuss the cons of this
On Sun, Mar 7, 2021 at 10:49 PM Utkarsh Gupta wrote:
> On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen
> wrote:
> > It looks like we will have to remove ruby-vcr and we will have to
> > disable tests for the following packages. I don't think there is
> > another way, t
Hi Thorsten
On Sat, Mar 6, 2021 at 2:25 AM Thorsten Glaser wrote:
> debian/patches/CVE-2021-27135.patch changes button.c line (after
> patching) 3747 to:
>
>line = realloc(line, screen->selection_size);
>
> But “line” is a local variable, the address of the buffer must
> be stored in the
Hi Sebastian,
Sebastian Andrzej Siewior wrote:
> My plan is to get 103.2 into Buster after I spent the day today
> to look what should be backported and what not.
Do we not generally backport clamav as-is to buster (of course, after
thoroughly checking) so as to get the latest release there?
I
Hi Praveen,
On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen wrote:
> I think the separate package was introduced by mistake without seeing
> the copy embedded in ruby. I think the right way is to fix this in ruby
> and remove this separate package. But I'd like someone from ruby team
> to confirm
Hello,
On Wed, Apr 14, 2021 at 12:32 AM Sebastian Andrzej Siewior
wrote:
> Usually yes, I let it slide (unfortunatelly) and was checking best
> options moving forward. After all I need reasons to present to the
> release team.
I just noticed that the only CVE that affects buster is
Hi Axel,
On Mon, Feb 15, 2021 at 12:13 PM Axel Beckert wrote:
> Please slow down!
>
> What so far was in git in the stretch and buster branches was
> incomplete and did FTBFS for multiple reasons. (Just pushed a bunch of
> fixes. It at least builds now on both releases.)
>
> And in Stretch the
Hi Axel,
On Tue, Feb 16, 2021 at 11:12 PM Axel Beckert wrote:
> I'm running these patches (as in git) now for about 1.5 days on
> Stretch and Buster in production. I'd say if I don't find any
> regression until Wednesday evening (i.e. in 1 day), feel free to
> finalise the packages as needed
Hi Axel,
On Fri, Feb 12, 2021 at 11:07 AM Salvatore Bonaccorso wrote:
> Thanks for all your coordinaton, investigation, work on this!
Seconded! Thanks for all your awesome and super fast work, really! \o/
> Sounds good. I propose to have the potential final patch as well first
> slightly
Hi,
On Sun, Feb 14, 2021 at 9:03 PM Axel Beckert wrote:
> > Since it's been ~3 days, do you think now would be the time to prepare
> > and upload to buster and stretch?
>
> While I prepared the uploads in git, I haven't yet tested them on
> Stretch and Buster. Currently still running the patch
Hi Axel,
Sorry for the late reply, I was a bit occupied with my school homework.
On Wed, Feb 17, 2021 at 8:59 AM Axel Beckert wrote:
> > So I created one with the latest dsc (4.2.1-3+deb8u1) and added 2
> > commits on top of it.
>
> Thanks for the effort, but this seems to have a separate git
Hi Axel, Salvatore,
On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert wrote:
> No issue popped up so far during production use on Stretch and Buster.
> I'd say, we can publish these in good conscience.
Perfect, thanks for all your work on this! \o/
I've uploaded to stretch-security (& pushed the
Hi Chris,
On Fri, Sep 15, 2023 at 8:09 PM Chris Frey wrote:
> Attached is a patch that applies to the unpackaged sources of Debian Buster's
> version of mutt 1.10.
>
> It includes 3 patches:
>
> upstream/Fix-rfc2047-base64-decoding-to-abort-on-illegal-char.patch
>
Hi Bernhard, Kees,
On Wed, Jun 7, 2023 at 6:58 PM Schmidt, Bernhard
wrote:
> > I've prepared a fix for the regression and uploaded the binaries at:
> > https://people.debian.org/~utkarsh/lts/ruby2.5/
> >
> > Can you please give these a try and see if that fixes the regression
> > you're seeing?
Hi Chris,
On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
> fixes the broken +deb10u5 upload, but I don't see it in the archive
> yet.
>
> Although you mentioned you were going to wait a bit more, I'm just
> 100%-checking you
Hi Chris,
On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso wrote:
> Can you please have a look, as this seems to be caused by the DLA
> issued as DLA-3447-1.
This has been caused by the ruby2.5 update. Can you please TAL? This
is perhaps because of the URI version in buster v/s URI version
Hi Kees,
On Wed, Jun 7, 2023 at 6:53 PM Kees Meijs | Nefos wrote:
> I know you were asking Bernhard, but I downloaded and installed as well.
> Our Puppet agent seems to be happy again.
I had missed your comment in the bug but super, many thanks for
testing this out! I'll wait a bit more before
Hi Bernhard,
On Wed, Jun 7, 2023 at 4:16 PM Utkarsh Gupta wrote:
> Yep, I'm taking a look to prep something for 2.5.
I've prepared a fix for the regression and uploaded the binaries at:
https://people.debian.org/~utkarsh/lts/ruby2.5/
Can you please give these a try and see if that fi
Hiya,
On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff wrote:
> Specifically
> https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
> states:
>
> | For Ruby 2.7: Update to uri 0.10.0.1
> | For Ruby 3.0: Update to uri 0.10.2
> | For Ruby 3.1: Update to uri 0.11.1
> | For
64 matches
Mail list logo
