Control: reopen -1 =
I see on git that the bug was closed with a Conflicts+Replaces stanza, but
that's not the correct solution for this issue.
As discussed on this bugreport, the fix is to not ship the file.
Reopening to block the problematic package to migrate to testing.
Cheers,
--
Samuel
with this or have a preference on not following this
approach?
Regards,
--
Samuel Henrique
Hello Sakirnth,
> I am good and I hope you too.
All good on my side too :)
> On 4/29/24 22:24, Samuel Henrique wrote:
> > So maybe it even makes sense to get the latest releases for the transition.
>
> I agree. I normaly do both nghttp3 and ngtcp2 the same time, therefo
tt
> content-type: text/plain
> date: Sat, 11 May 2024 19:33:28 GMT
> server: Apache
>
> curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
I get both the payload and the error.
Regards
--
Samuel Henrique
a feature request for any option there that's mising. I
believe it won't be an issue to revert back to GnuTLS because that's what the
package was using before the latest upload.
Regards,
--
Samuel Henrique
would like, we could also put the package under the curl team. We are
not a "real team" in the sense that we don't gate contributions, that's just to
make it more easy and clear that people should feel free to do team-uploads.
Regards,
--
Samuel Henrique
blocks elfutils, which blocks GLib,
> which will likely be blocking a significant chunk of the 64-bit time_t
> transition.
I believe this is an issue on ruby-curb and not on curl, check the following
thread on curl-library for details and possible solutions:
https://curl.se/mail/lib-2024-03/0
ckend used by curl
(the cli) for the gnutls one, so we can enable http3.
Boyuan, can you provide any details on the issues you found? Otherwise I would
recommend staying with gnutls for now and so pycurl will soon make use of a
http3-enabled libcurl.
Cheers,
--
Samuel Henrique
b to be installed), while also making life easier for the people trying
> to re-bootstrap cargo.
I've uploaded curl 8.6.0-4 with the patches from #1066981 and #1066982, thank
you for those, Simon!
Cheers,
--
Samuel Henrique
feel free to push your
commits there once the upload is done (debian/experimental branch for
experimental).
Regards
--
Samuel Henrique
potted the
same issue as you.
https://ci.debian.net/packages/c/curl/testing/amd64/40802824/#S13
https://ci.debian.net/packages/c/curl/
Thank you for reporting this.
--
Samuel Henrique
ther information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-45853
https://www.cve.org/CVERecord?id=CVE-2023-45853
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Samuel Henrique
ther information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-45853
https://www.cve.org/CVERecord?id=CVE-2023-45853
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Samuel Henrique
for the trixie release.
Cheers,
[0] https://subdivi.de/~helmut/dep17.html
[1] https://salsa.debian.org/bottoms/pkg-airspy-host/-/merge_requests/3
--
Samuel Henrique
>From 88072b72a2a756df85f6760913363af2d23d8272 Mon Sep 17 00:00:00 2001
From: Samuel Henrique
Date: Fri, 24 Nov 2023 16:13:38 +
Subj
Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Samuel Henrique
Severity: wishlist
* Package name: legba
Version : 0.2.0
Upstream Contact: Simone Margaritelli
* URL : https://github.com/evilsocket/legba
* License : GPL-3.0
Programming Lang
:
https://github.com/curl/curl/commit/8c762f59983a3e9e2b80fdb34aa5e08f1d9a1c7d
(curl-7_88_0)
Fixing commit:
https://github.com/curl/curl/commit/744dcf22fac6cf12a9112df106b61864982afef9
(curl-8_1_0)
[0]: https://backports.debian.org/
Cheers,
--
Samuel Henrique
"Release-Date" line).
[ Other info ]
I'm opening -pu bugs against bullseye, bookworm, and I'll check with
the LTS team if they accept this change for buster.
--
Samuel Henrique
curl_7.74.0-1.3+deb11u11.debdiff
Description: Binary data
"Release-Date" line).
[ Other info ]
I'm opening -pu bugs against bullseye, bookworm, and I'll check with
the LTS team if they accept this change for buster.
--
Samuel Henrique
curl_7.88.1-10+deb12u5.debdiff
Description: Binary data
/changelog 2023-10-01 15:01:42.0 +0100
+++ curl-8.3.0/debian/changelog 2023-10-05 22:26:40.0 +0100
@@ -1,3 +1,9 @@
+curl (8.3.0-3) unstable; urgency=high
+
+ * Add patches to fix CVE-2023-38545 and CVE-2023-38546
+
+ -- Samuel Henrique Thu, 05 Oct 2023 22:26:40 +0100
+
curl (8.3.0-2
bargo, whether
the new vulnerability only affects 8.3.0 or not).
Cheers,
--
Samuel Henrique
://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/merge_requests/119
Cheers,
--
Samuel Henrique
-toolchain/-/merge_requests/119
I would really appreciate it if this could be uploaded to unstable in
the next couple of days, my wish is for these fixes to get to testing
before ~15th September.
Cheers,
--
Samuel Henrique
.: You might also want to do that change on llvm-toolchain-17, but
that one does not block the migration.
Cheers,
--
Samuel Henrique
potentially credible issue. I would gladly help
> investigate this further on, if you need so.
What did you look for when investigating this as a false positive?
Do you get the same finding when scanning the package's source code?
https://salsa.debian.org/pkg-security-team/aircrack-ng
Thank you for the report,
--
Samuel Henrique
tex-common
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
"""
We might need to 0-day NMU this with high urgency so it fixes the
upgrade breakage, users will be very confused by this.
Cheers,
--
Samuel Henrique
riscv
takes a lot of effort at a not-so-great time (no binNMUs required for
riscv).
Note: llvm-toolchain-16, which is going to be the new default, has
already fixed the B-D and the package has been uploaded, so that's why
there's no action for that one.
Thank you,
--
Samuel Henrique
gs.debian.org/1043551
eg25-manager: build-depends on deprecated libcurl4-nss-dev, will be
dropped in August 2023
https://bugs.debian.org/1043547
Thank you,
--
Samuel Henrique
-manager_0.4.6-1
https://bugs.debian.org/1050977
--
Samuel Henrique
curl without
NSS support"
--
Samuel Henrique
Right, so gmail added breaklines, correct command is:
nmu llvm-toolchain-14_1:14.0.6-13 . all amd64 arm64 armel armhf i386 mips64el
ppc64el s390x hurd-i386 sparc64 . unstable . -m "Rebuild against curl without
NSS support"
Cheers,
--
Samuel Henrique
armhf i386 mips64el
ppc64el s390x . unstable . -m "Rebuild against curl without NSS support"
--
Samuel Henrique
armhf i386
mips64el ppc64el s390x hurd-i386 sparc64 . unstable . -m "Rebuild
against curl without NSS support"
--
Samuel Henrique
UX improvement for the installation process and I
really hope the change is made, thank you for filling this, Jonathan!
Cheers,
--
Samuel Henrique
s) or to
update to Debian 11 (consider going to 12).
Thank you,
--
Samuel Henrique
to give it a go at reproducing this on stable, but wanted to check
with you whether the latest version fixes the issue.
Thank you,
--
Samuel Henrique
ops the nss packages.
The first option is better for me as the dependency can be removed
earlier and it will be less work for me, but number 2 doesn't require
any actions from you (thus why this bug is being cut late).
What would be your preferred option?
Thank you,
--
Samuel Henrique
ops the nss packages.
The first option is better for me as the dependency can be removed
earlier and it will be less work for me, but number 2 doesn't require
any actions from you (thus why this bug is being cut late).
What would be your preferred option?
Thank you,
--
Samuel Henrique
ops the nss packages.
The first option is better for me as the dependency can be removed
earlier and it will be less work for me, but number 2 doesn't require
any actions from you (thus why this bug is being cut late).
What would be your preferred option?
Thank you,
--
Samuel Henrique
didn't catch it
when doing the initial search for rdeps, the change will be simple for
this package due to it already accepting other backends through
"libcurl-dev".
This is only a matter of changing the prefered one and getting a build
that links against something other than the nss va
And noticed just now: both curl and nmap's debci results are not
up-to-date on tracker.
[0] https://tracker.debian.org/pkg/grequests
[1] https://tracker.debian.org/pkg/nmap
[2] https://tracker.debian.org/pkg/licenseutils
[3] https://tracker.debian.org/pkg/dd-opentracing-cpp
I believe there's something wrong with tracker's interface.
Cheers,
--
Samuel Henrique
scripts, I wasn't able to reproduce it manually on an
interactive bash session.
[0] https://github.com/nmap/nmap/commit/4e6c8feb153c0c9ff8a68cd841669d650319ab45
Thank you, everyone!
--
Samuel Henrique
Upstream stopped providing .deb files after 0.8.3 :(
James, let me know if there's anything I can do to help packaging the
latest release, in case you have more than one package pending.
Thanks for maintaining nvim.
--
Samuel Henrique
e any issues.
Thank you,
--
Samuel Henrique
n't cause any issues.
Thank you,
--
Samuel Henrique
n't cause any issues.
Thank you,
--
Samuel Henrique
n't cause any issues.
Thank you,
--
Samuel Henrique
this won't cause any issues.
Thank you,
--
Samuel Henrique
to ensure there are no packages on testing blocking the
migration of the curl release when that happens.
--
Samuel Henrique
nding the configuration that triggers this so we can test locally.
Once we get something to reproduce, we can do a bisect to find the
commit that introduces the issue and possibly get close to a safe fix.
Thank you,
--
Samuel Henrique
Hey everyone,
Considering this will be the only fix we get, leaving the release team
to decide between not shipping reaver at all or shipping "1.6.6-0.1",
I went ahead and sponsored the upload from Leandro.
The debdiff is attached.
Thank you,
--
Samuel Henrique
reaver_1.6.6-0
fers quite a bit from these since tons of reverse-deps
use it to fetch resources over the network and that's always flaky
(not sure if it's the case with cwitool specifically, but I'm used to
this sort of thing by now).
Cheers,
--
Samuel Henrique
kage on Debian using that.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
Please also shorten the bake time in unstable, is possible (and needed).
unblock curl/7.88.1-10
> On Tue, May 23, 2023 at 10:21:35PM +0100, Samuel Henrique wrote:
> > Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his
> > fix:
> > https://salsa.debian.org/leandrocunha/reaver
> Do you think this change will be appro
know if you disagree, we will have to act quickly due to
the freeze.
Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his fix:
https://salsa.debian.org/leandrocunha/reaver
Cheers,
--
Samuel Henrique
will be working on the latest CVEs that have been published for curl
but I'll push those fixes in a different upload.
--
Samuel Henrique
curl_7.74.0-1.3+deb11u8.debdiff
Description: Binary data
if that's not too much work
for the release team).
unblock curl/7.88.1-8
--
Samuel Henrique
curl_7.88.1-8.debdiff
Description: Binary data
--- libcurl4-openssl-dev_7.88.1-7_amd64.deb
+++ libcurl4-openssl-dev_7.88.1-8_amd64.deb
├── file list
│ @@ -1,3 +1,3 @@
│ --rw-r--r-- 000
and
the autopkgtests (coming in rev 8) in testing before asking for
8.0.1's unblock.
PS.: I've made a typo in the changelog entry where I mention "5 CVEs"
rather than 6, but it's fine since all of the 6 CVEs are listed
anyway.
unblock curl/7.88.1-7
--
Samuel Henrique
curl_7.88.1-7.debdiff
D
already) because I want to push 6 CVE fixes after this
upload. I will also request for the CVE fixes to be unblocked but I
would like this version to migrate first so it happens sooner (trying
to avoid baking this for an extra 20 days).
unblock curl/7.88.1-6
Thank you,
--
Samuel Henrique
curl_7.88.1
hose test results).
Me and sergiodj are also currently investigating a test issue related
to ppc64el, we have got some good insights already, but would like to
fully understand what's going on and have a patch ready before
reporting. Also that issue only affects curl's own tests so it can't
be r
e7739e3ca0bafe5a9a14c3/RELEASE-NOTES
Regards,
--
Samuel Henrique
Malte :)
Cheers,
--
Samuel Henrique
Control: fixed 989689 ansible-lint/6.12.2-1
I'm not sure exactly which version fixed this issue but I know the one
on testing and unstable are working.
We should still try to identify what's wrong on stable.
Thank you for reporting this.
--
Samuel Henrique
Hello Guido,
> You need to fixup the tests too though
I have updated the Github PR and also attached the new patch with the
unit tests fixed.
Thank you,
--
Samuel Henrique
From b2a7100730306d7e333ce84c00ccdaf693e6f081 Mon Sep 17 00:00:00 2001
From: Samuel Henrique
Date: Mon, 1 Aug 2022
e's also a bunch of new ones we need to get).
Are you looking into help maintaining the package as well?
[0] https://bugs.debian.org/1021749
[1] https://bugs.debian.org/1023945
Thank you,
--
Samuel Henrique
There have been a few bug reports about this in the past but I don't
remember seeing a reply.
Here's mine:
https://bugs.debian.org/1012865
It would be really unfortunate to release bookwork in this state, we are
going one step forward with non-free-firmware and two steps backwards with
this
for the first line:
* Day-of-Week Month Day Year Name Surname - Version-Release
...
I have provided a patch on Github at
https://github.com/agx/git-buildpackage/pull/89
The patch is also attached to this bug report.
Thank you,
--
Samuel Henrique
From 310db2177f3a43e1584682f21c43ac0de6c495e6 Mon Sep 17
gone from testing.
Regards,
--
Samuel Henrique
Control: severity -1 serious
Bumping the severity of this bug to block it from going into the next
stable release.
We should remove it from unstable as well once it's removed from testing.
I'm opening a similar bug request for adapta-kde.
Regards,
--
Samuel Henrique
ld
> easily add it then.
Sounds good, I have given you permission to push to the salsa repo.
Thanks,
--
Samuel Henrique
Hello Helge,
> Please tell me if you are currently preparing a new release yourself
> and would like me to skip the NMU.
Since the package is team maintained (under the Python team), I would
prefer it if you did a team upload rather than an NMU. Honestly I
wouldn't complain if you went with an
, and mention somewhere that the bindings for vim are in that
package (not sure where yet), but it's worth noting that they are two
separate projects with their own codebase each (although they look
pretty much the same).
Thank you for reporting this,
--
Samuel Henrique
It would be really nice if there was a column for open security issues
under DDPO. I'm sure this would result in maintainers being more
proactive in fixing security issues on stable, as it's too easy to
miss them right now.
Thank you,
--
Samuel Henrique
This should be fixed by curl 7.87.0-2, which I uploaded just now.
curl BTS bug for reference: https://bugs.debian.org/1027564
Thanks,
--
Samuel Henrique
s.
We don't really use this bugtracker for packages in the backports
repository, so I'm not sure I can/should tag the bug as closed for
"7.87.0-1~bpo11+1", but at least we have this workaround documented
here for others.
Thanks for helping!
--
Samuel Henrique
These two bugs are related, I don't know if the owners want them
merged so I'm sending this to at least link them together for the
readers.
https://bugs.debian.org/955208
https://bugs.debian.org/1026333
Cheers,
--
Samuel Henrique
Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Samuel Henrique
X-Debbugs-Cc: samuel...@debian.org
Severity: wishlist
* Package name: check-jsonschema
Version : 0.19.2
Upstream Contact: Stephen Rosen
* URL : https://github.com/python-jsonschema/check
ema >= 4.10.0, so I'm opening this bug to track the
request to update python-jsonschema.
The latest release of ansible-lint as of now is 6.10.0, and it
requires jsonschema >= 4.10.0,
For reference, previous bug report asking for an update:
https://bugs.debian.org/1017629
Thank you!
--
Samuel
ideally before the freeze so we can take any
required actions.
Thank you,
[0] At least one issue that I've seen raised is present in all
versions of nmap we ship (since the first iteration of NPSL), which
would mean even our package in oldstable and stable is non-free.
--
Samuel Henrique
Hello Thomas,
Sending another ping just in case you dropped this (but still, no rush
in doing so, feel free to take your time).
On Fri, 14 Oct 2022 at 19:09, Samuel Henrique wrote:
>
> Hello Thomas, I hope you're well,
>
> Not meaning to rush you, just a heads up in case it was m
Hello Markus,
Would you have some time to investigate this issue, please?
Thank you, (and thank you Raimon for reporting this)
--
Samuel Henrique
to testing smoothly:
https://qa.debian.org/excuses.php?experimental=1=python-jsonschema
Thank you for your work :)
--
Samuel Henrique
y and I understand
we're dealing with compromises where ideally we would probably want to
have more than one version available in the repos.
Cheers,
--
Samuel Henrique
Hello Paul,
On Wed, 21 Sept 2022 at 19:58, Paul Gevers wrote:
> On 21-09-2022 20:50, Samuel Henrique wrote:
> > Please let me know if there is anything besides aircrack-ng blocked by
> > this, as it increases the priority of fixing this.
>
> Well, I pinged you because I n
this, as it increases the priority of fixing this.
Thank you,
[0] Since most of the reverse deps will also have to be removed, I
think the only one which stays is forensics-all.
--
Samuel Henrique
releases?
Thank you,
--
Samuel Henrique
Hello,
I have uploaded rsync 3.2.6-2 to experimental a few minutes ago, it
contains an upstream patch which should fix this as noted on
https://github.com/WayneD/rsync/issues/356
Can you try it out and let upstream know if this addressed the issue, please?
Thank you.
--
Samuel Henrique
using wolfSSL with QUIC implementations like ngtcp2"
https://github.com/wolfSSL/wolfssl/blob/aa036b6ea402e9159d2a9b12c7f05701d44a4f09/ChangeLog.md#new-feature-additions
ngtcp2 is packaged on Debian so that opens up the opportunity of
having HTTP3 through WolfSSL.
Regards,
--
Samuel Henrique
affected and that can
give me an indication that the finding itself is broken or that the
issue only affects certain types of packages.
In case the finding seems to be broken, I confirm by looking for
opened bugs against lintian (and can report it if there's none).
Thank you.
--
Samuel Henrique
repo by
their tags (not branches).
Or maybe you want to keep this outside of the git repo until it
reaches experimental? Either way is fine for me.
Thank you!
--
Samuel Henrique
.
The new release (1.7) is blocked on this removal so it can migrate to testing.
Thank you,
--
Samuel Henrique
6.0.
The new releases of ansible-lint (>= 6.4.0) now depend on
python3-jsonschema >= 4.9.0, so I'm opening this bug to track the
request to update python-jsonschema.
Thank you!
--
Samuel Henrique
to look out
for regressions earlier, they're free to go ahead.
Thanks,
--
Samuel Henrique
at some point
in the near future, since the licensing issue has been addressed, and
the bluetooth one is TODO to figure out why it's disabled.
Thanks,
--
Samuel Henrique
ple to it if they're interested in following it?
Thanks for considering!
--
Samuel Henrique
ow.
I'm gonna resolve this bug as the package is not really orphan.
Nonetheless, I'm always open to co-maintain packages with other people.
Do you have changes pending to be merged in salsa, Ileana? I've got
that understanding from Bastian's email but there's no open MR or
patches in BTS.
Thanks,
--
Samuel Henrique
The build is now failing with another error, but both FTBFS are not
caused by shellcheck, and can't be fixed by it.
There's something weird going on with haskell packages, I believe the
error will eventually be solved in the next few weeks, let's see...
Regards,
--
Samuel Henrique
or disabled), I prefer
enabled.
Regards,
--
Samuel Henrique
ease allow a few days until I get some replies.
Awesome, thank you!
--
Samuel Henrique
ecific which will break openstack
or is it because it hasn't been tested yet?
Thank you,
--
Samuel Henrique
or).
I'm gonna switch the dependency to ansible-core in the next upload,
which is currently pending on python-ansible-compat going through NEW.
--
Samuel Henrique
1 - 100 of 359 matches
Mail list logo