Bug#950716: transition: ruby2.7
Am Montag, den 02.03.2020, 15:01 -0300 schrieb Lucas Kanashiro: > On 02/03/2020 08:35, Graham Inggs wrote: > > Hi Lucas > > > > I notice kamailio and klayout still appear red in the Debian tracker > > [1], but went green in Ubuntu [2]. > > > > Do you have any ideas? Do we miss something in Debian? > > Since we basically have the same version in Debian and Ubuntu I believe > the only difference is that in Ubuntu we already have Ruby 2.7 as the > only default, in Debian it is just in experimental. So when we upload > version 1:2.7~0 to unstable they should get green as in Ubuntu. Can yóu please schedule a rebuild of facter too? At least three FTBFS reports are caused by factor only providing the Ruby2.5 library (#952024, #952022, #952070). I cannot upload the fixed packages. If this is not the right place, please let me know. Regarding this issue: should the ben file include sources build-depending on ruby-all-dev? $ reverse-depends -lb ruby-all-dev broccoli-ruby facter gem2deb libprelude ruby-ffi ruby-pgplot rubygems-integration sonic-pi uwsgi xapian-bindings Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#951209: transition: libgusb
On Tue, 3 Mar 2020 20:19:12 +0100 Julien Cristau wrote: > On Wed, Feb 12, 2020 at 03:24:42PM +0100, Laurent Bigonville wrote: > > libgusb is carrying in debian a patch[0] to revert/fix an after the fact > > change that was done upstream in the versioning of the symbols. > > > > I don't think we should/can carry this patch forever and due to the fact > > that the number of reverse-dependencies is quite limited, I was planning > > to simply drop it, but that would require to binNMU them to be > > certain they are using the correct version of the symbol. > > > IMO we should keep compatibility with the old version until the next > upstream SONAME bump. That might mean keeping this patch, or something > different, if we can add properly versioned aliases for the affected > symbols? I'm not exactly sure how to do that TBH FTR, a more persistent link to the file was talking about in my initial mail https://salsa.debian.org/debian/libgusb/-/blob/80d3862872ff72b9cf10c90959973baf9755c7e9/debian/patches/revert-versioning.patch
Bug#950795: buster-pu: package puma/3.12.0-2
Am Dienstag, den 03.03.2020, 20:37 + schrieb Adam D. Barratt: > On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote: > > The proposed update will fix CVE-2019-16770 (#946312) for Buster > > users. The security team marked the issue no-dsa and asked to > > schedule the fix via the next point release. The debdiff is attached. > > The patch to fix the CVE has been taken from upstream's Git > > repository. > > +puma (3.12.0-2+deb10u1) buster-security; urgency=medium > > Just "buster" for p-u, please. Yes I already saw it. I prepared the upload first for security. But they asked me to do the upload via p-u. I'll fix this. > +Subject: Merge pull request from GHSA-7xx3-m584-x994 > + > +could monopolize a thread. Previously, this could make a DoS attack more > +severe. > > Is there a missing line (or at least words) before "could monopolize" > there? No. This is the original commit message I kept from upstream. > In any case, please go ahead (with the fixed distribution). Thanks. Regards, Daniel signature.asc Description: This is a digitally signed message part
Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Control: tags -1 -moreinfo +confirmed On Tue, 2020-03-03 at 20:43 +0100, Daniel Leidert wrote: > Package: release.debian.org > Followup-For: Bug #953005 > > Sorry. Now it should be. > Thanks, please go ahead. Regards, Adam
Processed: Re: Bug#950795: buster-pu: package puma/3.12.0-2
Processing control commands: > tags -1 + confirmed Bug #950795 [release.debian.org] buster-pu: package puma/3.12.0-2 Added tag(s) confirmed. -- 950795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#950795: buster-pu: package puma/3.12.0-2
Control: tags -1 + confirmed On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote: > The proposed update will fix CVE-2019-16770 (#946312) for Buster > users. The security team marked the issue no-dsa and asked to > schedule the fix via the next point release. The debdiff is attached. > The patch to fix the CVE has been taken from upstream's Git > repository. +puma (3.12.0-2+deb10u1) buster-security; urgency=medium Just "buster" for p-u, please. +Subject: Merge pull request from GHSA-7xx3-m584-x994 + +could monopolize a thread. Previously, this could make a DoS attack more +severe. Is there a missing line (or at least words) before "could monopolize" there? In any case, please go ahead (with the fixed distribution). Regards, Adam
Processed: Re: Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Processing control commands: > tags -1 -moreinfo +confirmed Bug #953005 [release.debian.org] buster-pu: package serverspec-runner/1.2.2-1+deb10u1 Removed tag(s) moreinfo. Bug #953005 [release.debian.org] buster-pu: package serverspec-runner/1.2.2-1+deb10u1 Added tag(s) confirmed. -- 953005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Package: release.debian.org Followup-For: Bug #953005 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sorry. Now it should be. - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAl5es1gACgkQS80FZ8KW 0F0jvw//Wp6PT3t3pNC8alsKBju7IbOwPFgBRKhe2LsG27JMWvYu/6VIzfay5K1Q FaTVGv+nYHLvf+NXUq/zymzRX/3CYOqbtmze07VCsBP6/jMzVFMmhIDEKhPyawzJ c5AXnsqOX/hiAstInS3ma9dJgMXUPTl/gh77G4YfprtKkwiIHdSOo9aderf7z5KY uFTDdeuuXuGmRa/68rCmhtvO1BCJkGxN5AA88TTYVaJj9AxI7m2h3xVKcM7sqVGH v8G0mhkKuc7NLD9Vnbv4hUlXpLSe4oc3yRQT4VDubN3y9a5NV3bZZUoxtjHg0MTj po+h18br9huPqRCoZmzSlRNZX5Sxm5nvDWOq2cxFazk4/lMrBUtDsJogL7lUFtdZ V+NyliM+/fOSP2TsGUlh4cmZY+wSAnZ7+jR6+oy+YSZJnubLGNo0KrPvZglfqgPi FAiobAN/qicxGANYoiWeOpYvwSBB5W4OAV7et0SbL1t0f6/I8yEH+4SPgFOuqegY ldhRPeqQ/d8zuhtDfxLlKYp6coSgmoh04HoG0ijjDN1eUkyZjvjNEcPJSC4j95+c 9fcn8s5DsKN1swljMwRFdUJrVBmjwCw6+PBheu24nDUnPa7dFESP31FUD6kflaW+ QK23ZRjHdDRhvbtnWyKXD5W//5diCWVNyfLI2Q/Zr3b7qc3iKDk= =ZiIa -END PGP SIGNATURE- diff -Nru serverspec-runner-1.2.2/debian/changelog serverspec-runner-1.2.2/debian/changelog --- serverspec-runner-1.2.2/debian/changelog2016-09-15 12:48:17.0 +0200 +++ serverspec-runner-1.2.2/debian/changelog2020-03-02 23:41:24.0 +0100 @@ -1,3 +1,11 @@ +serverspec-runner (1.2.2-1+deb10u1) buster; urgency=medium + + * d/patches/fix-yaml-load-document-missing: Add patch. +- Support Ruby 2.5 and replace YAML.load_documents (closes: #939645). + * d/patches/series: Add new patch. + + -- Daniel Leidert Mon, 02 Mar 2020 23:41:24 +0100 + serverspec-runner (1.2.2-1) unstable; urgency=medium * New upstream release. diff -Nru serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing --- serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing 1970-01-01 01:00:00.0 +0100 +++ serverspec-runner-1.2.2/debian/patches/fix-yaml-load-document-missing 2020-03-02 23:41:24.0 +0100 @@ -0,0 +1,19 @@ +From: hiracy +Date: Fri, 16 Nov 2018 19:43:15 +0900 +Acked-By: Daniel Leidert +Origin: https://github.com/hiracy/serverspec-runner/commit/c459787defe1b08bbe46a5acf0ea07039fe44f61.patch +Bug-Debian: https://bugs.debian.org/939645 +Description: [PATCH] Support ruby 2.5 over + Use YAML.load_stream instead of YAML.load_documents. + +--- a/Rakefile b/Rakefile +@@ -165,7 +165,7 @@ + end + + File.open(ENV['scenario'] || "#{ENV['specroot']}/scenario.yml") do |f| +-YAML.load_documents(f).each_with_index do |data, idx| ++YAML.load_stream(f).each_with_index do |data, idx| + if idx == 0 + scenarios = data + else diff -Nru serverspec-runner-1.2.2/debian/patches/series serverspec-runner-1.2.2/debian/patches/series --- serverspec-runner-1.2.2/debian/patches/series 2016-09-01 13:13:41.0 +0200 +++ serverspec-runner-1.2.2/debian/patches/series 2020-03-02 23:41:24.0 +0100 @@ -1 +1,2 @@ fix-path-issue +fix-yaml-load-document-missing
Bug#951209: transition: libgusb
On Wed, Feb 12, 2020 at 03:24:42PM +0100, Laurent Bigonville wrote: > libgusb is carrying in debian a patch[0] to revert/fix an after the fact > change that was done upstream in the versioning of the symbols. > > I don't think we should/can carry this patch forever and due to the fact > that the number of reverse-dependencies is quite limited, I was planning > to simply drop it, but that would require to binNMU them to be > certain they are using the correct version of the symbol. > IMO we should keep compatibility with the old version until the next upstream SONAME bump. That might mean keeping this patch, or something different, if we can add properly versioned aliases for the affected symbols? Cheers, Julien
Bug#952586: buster-pu: package backuppc/3.3.2-2
Control: tags -1 + confirmed On Wed, 2020-02-26 at 12:26 +, Jonathan Wiltshire wrote: > I'd like to fix an important bug in backuppc which prevents > `systemd reload backuppc.service` from failing. As a result of this > bug backuppc has to be restarted for systemd's supervision to be > reset, which interrupts ongoing jobs. > Please go ahead. Regards, Adam
Processed: Re: Bug#952586: buster-pu: package backuppc/3.3.2-2
Processing control commands: > tags -1 + confirmed Bug #952586 [release.debian.org] buster-pu: package backuppc/3.3.2-2 Added tag(s) confirmed. -- 952586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952586 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#952441: buster-pu: package user-mode-linux/4.19-1um-1+b1
Control: tags -1 -moreinfo +confirmed On Wed, 2020-02-26 at 11:02 +0100, Santiago R.R. wrote: > Control: fixed 951329 user-mode-linux/5.4-1um-2 > > El 25/02/20 a las 21:05, Adam D. Barratt escribió: > > Control: tags -1 + moreinfo > > > > On Mon, 2020-02-24 at 14:49 +0100, Santiago R.R. wrote: > > > I would like to upload user-mode-linux to buster to fix this > > > FTBFS: > > > https://bugs.debian.org/951329. Ritesh Raj Sarraf (rrs) has > > > already > > > given his ACK. > > > > > > > The metadata for that bug suggests that it affects the package in > > unstable, and is not currently fixed there. Is that correct? > > > > If it is, the issue should be fixed in unstable first. If not, the > > bug > > report should have an appropriate "fixed" version added, indicating > > the > > earliest upload that's unaffected. > > Hi Adam, > > Thanks! I forgot clarifying that this didn't affect unstable. > Hopefully > the above control command fix that. > > Also, I realised the changelog did not describe how the bug was > fixed. > Thanks, please go ahead. Regards, Adam
Processed: Re: Bug#952441: buster-pu: package user-mode-linux/4.19-1um-1+b1
Processing control commands: > tags -1 -moreinfo +confirmed Bug #952441 [release.debian.org] buster-pu: package user-mode-linux/4.19-1um-1+b1 Removed tag(s) moreinfo. Bug #952441 [release.debian.org] buster-pu: package user-mode-linux/4.19-1um-1+b1 Added tag(s) confirmed. -- 952441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#952785: buster-pu: package dojo/1.15.0+dfsg1-1+deb10u1
Control: tags -1 + confirmed On Mon, 2020-03-02 at 11:28 +0100, Xavier wrote: > Le 01/03/2020 à 22:52, Andreas Beckmann a écrit : > > > +#CVE-2019-10785.patch > > > > The patch is commented in the series file and thus does not get > > applied. > > > > Andreas > > Sorry for this error. Here is the real patch. > Thanks, please go ahead. Regards, Adam
Processed: Re: Bug#952785: buster-pu: package dojo/1.15.0+dfsg1-1+deb10u1
Processing control commands: > tags -1 + confirmed Bug #952785 [release.debian.org] buster-pu: package dojo/1.15.0+dfsg1-1+deb10u1 Added tag(s) confirmed. -- 952785: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952785 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Processing control commands: > tags -1 +confirmed -moreinfo Bug #952960 [release.debian.org] buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1 Added tag(s) confirmed. Bug #952960 [release.debian.org] buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1 Removed tag(s) moreinfo. -- 952960: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1
Control: tags -1 +confirmed -moreinfo On Mon, 2020-03-02 at 18:59 +0100, Daniel Leidert wrote: > Package: release.debian.org > Followup-For: Bug #952960 > > I've uploaded the fix to unstable and updated the diff (Vcs* fields > changed, see attached). > Thanks, please go ahead. Regards, Adam
Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Control: tags -1 + moreinfo On Tue, 2020-03-03 at 01:00 +0100, Daniel Leidert wrote: > This update is to fix #939645 [1]. The debdiff is attached. Apparently not. :-) Regards, Adam
Processed: Re: Bug#953005: buster-pu: package serverspec-runner/1.2.2-1+deb10u1
Processing control commands: > tags -1 + moreinfo Bug #953005 [release.debian.org] buster-pu: package serverspec-runner/1.2.2-1+deb10u1 Added tag(s) moreinfo. -- 953005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#953029: RM: node-nodedbi/1.0.13+dfsg-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, node-nodedbi is incompatible with Node.js ≥ 12 (#953028). I'd like to see it removed from testing (only) to permit Node.js 12 migration. Cheers, Xavier
Bug#953024: transition: zita-convolver
Yes, all should work fine. Bug fixes for jconvolver and zita-bls1 are waiting in experimental. Am 03.03.20 um 14:15 schrieb Emilio Pozuelo Monfort: > On 03/03/2020 13:19, Dennis Braun wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: transition >> >> With zita-convolver 4.0.3 the library name changes from libzita-convolver3 to >> libzita-convolver4. >> >> Affected packages: >> >> guitarix >> ir.lv2 >> jconvolver >> pulseeffects >> x42-plugins >> zita-bls1 >> zita-convolver > Do these build fine against the new zita-convolver? > > Emilio signature.asc Description: OpenPGP digital signature
Bug#953024: transition: zita-convolver
On 03/03/2020 13:19, Dennis Braun wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > With zita-convolver 4.0.3 the library name changes from libzita-convolver3 to > libzita-convolver4. > > Affected packages: > > guitarix > ir.lv2 > jconvolver > pulseeffects > x42-plugins > zita-bls1 > zita-convolver Do these build fine against the new zita-convolver? Emilio
Bug#953024: transition: zita-convolver
s/library name/package name of the library/g signature.asc Description: OpenPGP digital signature
Bug#953024: transition: zita-convolver
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition With zita-convolver 4.0.3 the library name changes from libzita-convolver3 to libzita-convolver4. Affected packages: guitarix ir.lv2 jconvolver pulseeffects x42-plugins zita-bls1 zita-convolver See: https://release.debian.org/transitions/html/auto-zita-convolver.html Ben file: title = "zita-convolver"; is_affected = .build-depends ~ /libzita-convolver-dev/ | .build-depends-indep ~ /libzita-convolver-dev/; is_affected = .depends ~ "libzita-convolver3" | .depends ~ "libzita- convolver4"; is_good = .depends ~ "libzita-convolver4"; is_bad = .depends ~ "libzita-convolver3"; -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled