Bug#1006009: fixed in libwebp 1.2.2-1
Yes, I made a mistake with respect to 1.2.2. Upstream's official patch is here. I am going to attempt a high urgency upload during the next houw with 1.2.2 + this patch. If that fails for any reason, NMU welcome without delay. https://chromium.googlesource.com/webm/libwebp/+/4f1839957115fa4713ed745ceb898657361a1195 >
Processed: Re: [debian-mysql] Bug#1006702: mariadb-10.6: Baseline violation on at least i386 via CXXFLAGS
Processing control commands: > Severity -1 wishlist Bug #1006702 [src:mariadb-10.6] mariadb-10.6: Baseline violation on at least i386 via CXXFLAGS Severity set to 'wishlist' from 'serious' -- 1006702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006702 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1006702: [debian-mysql] Bug#1006702: mariadb-10.6: Baseline violation on at least i386 via CXXFLAGS
Control: Severity -1 wishlist Based on replies from Daniel and Marko this code section is indeed correct. Also, based on git blame the section you suggest to be removed was not added in a MariaDB version. However, instead of closing this bug report as invalid, I leave it open as a wishlist item in case somebody would have a suggestion / upstream Pull Request / downstream Merge Request on how to rewrite it in a better way or at least how to properly document it with inline comments to avoid confusion about how it works. Current build status and FTBFS bugs filed for mariadb-10.6 are listed at https://buildd.debian.org/status/package.php?p=mariadb-10.6 Currently PowerPC and PowerPC 64 are failing, but ppc64el is passing. Any contributions to further debug or even fix the remaining issues are naturally welcome!
Bug#1002995: marked as done (ruby3.0: CVE-2021-41816 CVE-2021-41817 CVE-2021-41819)
Your message dated Mon, 14 Mar 2022 00:24:40 + with message-id and subject line Bug#1002995: fixed in ruby3.0 3.0.3-1 has caused the Debian Bug report #1002995, regarding ruby3.0: CVE-2021-41816 CVE-2021-41817 CVE-2021-41819 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1002995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002995 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby3.0 Version: 3.0.2-5 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for ruby3.0, they were fixed upstream in 3.0.3. CVE-2021-41816[0]: | Buffer Overrun in CGI.escape_html CVE-2021-41817[1]: | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS | (regular expression Denial of Service) via a long string. The fixed | versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CVE-2021-41819[2]: | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes | in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816 [1] https://security-tracker.debian.org/tracker/CVE-2021-41817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817 [2] https://security-tracker.debian.org/tracker/CVE-2021-41819 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ruby3.0 Source-Version: 3.0.3-1 Done: Antonio Terceiro We believe that the bug you reported is fixed in the latest version of ruby3.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1002...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro (supplier of updated ruby3.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 13 Mar 2022 21:02:08 -0300 Source: ruby3.0 Architecture: source Version: 3.0.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team Changed-By: Antonio Terceiro Closes: 1002995 Changes: ruby3.0 (3.0.3-1) unstable; urgency=medium . * New upstream version 3.0.3. Includes fixes for the following security issues (Closes: #1002995): - CVE-2021-41816: Buffer Overrun in CGI.escape_html - CVE-2021-41817: regular expression Denial of Service in Date.parse - CVE-2021-41819: mishandling of security prefixes in CGI::Cookie.parse * Refresh patches * autopkgtest: builtin-extensions: check openssl version * debian/libruby3.0.symbols: update * Fix generation of Provides: * Exclude some tests from TestGemServer Checksums-Sha1: 78d981777f973472a5df4befdcd775c5f33955b7 2477 ruby3.0_3.0.3-1.dsc 891095606c39f25d515f55e29e084ba18b7bca23 12809228 ruby3.0_3.0.3.orig.tar.xz 67236d1daf4bbfd48a276d3dc14eb0cba92b8d0d 160888 ruby3.0_3.0.3-1.debian.tar.xz ffb7a811c4c00f035aa83841e9c023b9abf98cc8 7497 ruby3.0_3.0.3-1_source.buildinfo Checksums-Sha256: 4bb292b2cdf86229f83216df8d40b59586d0d3d2ab1f7c9c9a3a0c52805f4d9d 2477 ruby3.0_3.0.3-1.dsc 4d84d58201c48c5aded812713b568f1f63f5a89c178fb07a85e6f965c7190b25 12809228 ruby3.0_3.0.3.orig.tar.xz 8a8e5d57c779c1577acae5974c255627d9369ace9b5291a09c01324f3aa5fb1d 160888 ruby3.0_3.0.3-1.debian.tar.xz 0c42f91067bb91f6dfc632407e226b7bc027b79e44b6c862de124ade8f9a91cd 7497 ruby3.0_3.0.3-1_source.buildinfo Files: dcd247f034a6aa4e08941338f9705d2e 2477 ruby optional ruby3.0_3.0.3-1.dsc fef95bb4917fa4930bd3224396cc3bf8 12809228 ruby optional ruby3.0_3.0.3.orig.tar.xz 34115b133dbb22cecce4aa37cb4a2581 160888 ruby optional ruby3.0_3.0.3-1.debian.tar.xz 1800860a7ffb9895fb0415f188523aee 7497 ruby optional ruby3.0_3.0.3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmIuhh4ACgkQ/A2xu81G C96LBQ/9FOuGawkQ5A4b9godBMUlWBoXvhczUC0PgLJFNDmWsJHvkHt2/zBIiTBI
Bug#1000336: Upgrading tbb
On Sun 13 Mar 2022 04:50:32 PM EDT, M. Zhou wrote: Recently I'm not able to test the build of libtbb-dev's reverse dependencies as my build machine was out of access. That blocks my submission of the transition bug and hence I'm stalled at this point. According to some archlinux developers, this transition breaks a lot of reverse dependencies since some of the core APIs have been changed. Please expect a relatively negative rebuild result. Help is welcome. I've built both mathicgb and macaulay2 in unstable against TBB 2021 from experimental and they're both ready to go for the transition. Doug signature.asc Description: PGP signature
Bug#1003027: marked as done (roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content)
Your message dated Mon, 14 Mar 2022 00:06:38 + with message-id and subject line Bug#1003027: fixed in roundcube 1.6~beta+dfsg-1 has caused the Debian Bug report #1003027, regarding roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: roundcube Severity: important Tags: security Control: found -1 1.3.17+dfsg.1-1~deb10u1 Control: found -1 1.4.12+dfsg.1-1~deb11u1 Control: fixed -1 1.5.1+dfsg-1 In a recent post roundcube webmail upstream has announced a fix for a cross-site scripting (XSS) vulnerability via HTML messages with malicious CSS content. Upstream fix for the 1.4 LTS branch: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 There was no new 1.3 LTS release but AFAICT 1.3 is affected as well and the same fix applies. -- Guilhem. [0] https://roundcube.net/news/2021/12/30/security-update-1.4.13-released https://roundcube.net/news/2021/12/30/update-1.5.2-released signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: roundcube Source-Version: 1.6~beta+dfsg-1 Done: Guilhem Moulin We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 14 Mar 2022 00:16:05 +0100 Source: roundcube Architecture: source Version: 1.6~beta+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Roundcube Maintainers Changed-By: Guilhem Moulin Closes: 1000642 1003027 Changes: roundcube (1.6~beta+dfsg-1) experimental; urgency=medium . * New beta upstream release. Highlights for major version 1.6 include: - Full PHP 8.1 support (closes: #1000642) - Unified and simplified services connection options: . renamed `default_host` resp. `smtp_server` to `imap_host` resp. `smtp_host` . removed `default_port`, `smtp_port`, `managesieve_port` and `managesieve_usetls` options - The classic and larry skins are no longer included in the upstream repository hence are excluded from this source package; we will ship in separate packages. * Add d/roundcube-core.NEWS to highlight the above. * Update default value for roundcube/hosts template to "localhost:143" to match the upstream default. * Update d/copyright. * Update d/sql. * Refresh d/patches. Remove the following patches (now obsolete or applied upstream): - fix-FTBFS-with-phpunit-8.patch - fix-file-list-in-phpunit-configuration.patch - fix-FTBFS-with-phpunit-9.patch * Add patch to fix `$rcmail->format_date(.., 'x')` calls. * Remove mismatched Lintian override. * Add 'Restrictions: rw-build-tree' to the phpunit DEP-8 test as it writes into tests/.phpunit.result.cache. * Add aspell-en and php-pspell to Build-Depends (unless under 'nocheck' build profile) and DEP-8 test to test Framework_SpellcheckerPspell. * Add hunspell-en-us and php-enchant to Build-Depends (unless under 'nocheck' build profile) and DEP-8 test to test Framework_SpellcheckerEnchant. * Add php-roundcube-rtf-html-php to Build-Depends (unless under 'nocheck' build profile) and DEP-8 test to test Framework_TnefDecoder. * Add php-bacon-qr-code to Build-Depends (unless under 'nocheck' build profile) and DEP-8 test to test Actions_Contacts_Qrcode. * d/rules, d/t/control: Mark flaky tests as such and run phpunit with `--exclude-group=flaky --fail-on-skipped` in build-time and DEP-8 tests. * CI: Disable piuparts which is bound to fail due to the schema upgrade. * d/rules: Replace '$(dir $@)' with '$(@D)'. . roundcube (1.5.2+dfsg-1) unstable; urgency=medium . * New upstream bugfix & security release
Bug#1000642: marked as done (roundcube: Failing test with PHP 8.1)
Your message dated Mon, 14 Mar 2022 00:06:38 + with message-id and subject line Bug#1000642: fixed in roundcube 1.6~beta+dfsg-1 has caused the Debian Bug report #1000642, regarding roundcube: Failing test with PHP 8.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1000642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: roundcube Version: 1.5.0+dfsg.1-2 Severity: normal Control: block 976811 by -1 Hi Guilhem, PHP 8.1 is now the default in experimental (soon in testing), and the command1 autopkgtest is failing in this environment: https://release.debian.org/britney/pseudo-excuses-experimental.html#php-defaults https://ci.debian.net/data/autopkgtest/unstable/amd64/r/roundcube/16973886/log.gz […] There were 3 failures: 1) Framework_VCard::test_import Detect charset in encoded values Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Iksiñski' +'Iksi卧ki' /tmp/autopkgtest-lxc.lmsre9bl/downtmp/build.kpd/src/tests/Framework/VCard.php:114 /usr/bin/phpunit:73 2) Actions_Contacts_Copy::test_copy_success Failed asserting that 1 is identical to '1'. /tmp/autopkgtest-lxc.lmsre9bl/downtmp/build.kpd/src/tests/Actions/Contacts/Copy.php:109 /usr/bin/phpunit:73 3) Actions_Contacts_List::test_list Failed asserting that string matches format description. --- Expected +++ Actual @@ @@ -this.add_contact_row("%i",{"name":"George Bush"},"person",{"name":"George Bush","email":"g.b...@gov.com","ID":"%i"}); +this.add_contact_row(4,{"name":"George Bush"},"person",{"name":"George Bush","email":"g.b...@gov.com","ID":4}); /tmp/autopkgtest-lxc.lmsre9bl/downtmp/build.kpd/src/tests/Actions/Contacts/List.php:39 /usr/bin/phpunit:73 FAILURES! Tests: 982, Assertions: 2455, Failures: 3, Skipped: 4, Incomplete: 94. autopkgtest [02:36:54]: test command1: ---] […] Thanks in advance for looking into this issue. Regards David signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: roundcube Source-Version: 1.6~beta+dfsg-1 Done: Guilhem Moulin We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1000...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 14 Mar 2022 00:16:05 +0100 Source: roundcube Architecture: source Version: 1.6~beta+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Roundcube Maintainers Changed-By: Guilhem Moulin Closes: 1000642 1003027 Changes: roundcube (1.6~beta+dfsg-1) experimental; urgency=medium . * New beta upstream release. Highlights for major version 1.6 include: - Full PHP 8.1 support (closes: #1000642) - Unified and simplified services connection options: . renamed `default_host` resp. `smtp_server` to `imap_host` resp. `smtp_host` . removed `default_port`, `smtp_port`, `managesieve_port` and `managesieve_usetls` options - The classic and larry skins are no longer included in the upstream repository hence are excluded from this source package; we will ship in separate packages. * Add d/roundcube-core.NEWS to highlight the above. * Update default value for roundcube/hosts template to "localhost:143" to match the upstream default. * Update d/copyright. * Update d/sql. * Refresh d/patches. Remove the following patches (now obsolete or applied upstream): - fix-FTBFS-with-phpunit-8.patch - fix-file-list-in-phpunit-configuration.patch - fix-FTBFS-with-phpunit-9.patch * Add patch to fix `$rcmail->format_date(.., 'x')` calls. * Remove mismatched Lintian override. * Add 'Restrictions: rw-build-tree' to the phpunit DEP-8 test as it writes into tests/.phpunit.result.cache. * Add aspell-en and php-pspell to Build-Depends (unless under 'nocheck' build profile) and DEP-8 test to test Framework_SpellcheckerPspell. * Add
Bug#1006690: marked as done (silx autopkg tests fail (missing test dependency))
Your message dated Sun, 13 Mar 2022 23:19:45 + with message-id and subject line Bug#1006690: fixed in silx 1.0.0+dfsg-3 has caused the Debian Bug report #1006690, regarding silx autopkg tests fail (missing test dependency) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006690 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:silx Version: 1.0.0+dfsg-2 Severity: serious Tags: sid bookworm silx autopkg tests fail (missing test dependency): [...] autopkgtest [21:49:30]: test command1: [--- Testing with python3.10: Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/silx/test/__init__.py", line 32, in import pytest ModuleNotFoundError: No module named 'pytest' autopkgtest [21:49:30]: test command1: ---] autopkgtest [21:49:31]: test command1: - - - - - - - - - - results - - - - --- End Message --- --- Begin Message --- Source: silx Source-Version: 1.0.0+dfsg-3 Done: Nilesh Patra We believe that the bug you reported is fixed in the latest version of silx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nilesh Patra (supplier of updated silx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 14 Mar 2022 02:04:04 +0530 Source: silx Architecture: source Version: 1.0.0+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers Changed-By: Nilesh Patra Closes: 1006690 Changes: silx (1.0.0+dfsg-3) unstable; urgency=medium . * Team Upload. * d/t/control: Add test dep on python3-pytest (Closes: #1006690) * d/t/control: Make test "not" no-op so as to wxit with non-zero exit code when it fails * Add patch to fix test with python3.10 * Add d/salsa-ci.yml Checksums-Sha1: 288344ad75ed453848318b8197996b5356674644 2813 silx_1.0.0+dfsg-3.dsc 91ab4bd822d7bc404111aeaea873a85f8ad917fe 13688 silx_1.0.0+dfsg-3.debian.tar.xz 65d190b6d370318edd17601a8f1e7242b23a6ee8 18278 silx_1.0.0+dfsg-3_amd64.buildinfo Checksums-Sha256: fb4f22ac1907c8bbfae8337f898b586af55f1b691ee785763c5da1d31c5c649f 2813 silx_1.0.0+dfsg-3.dsc 4217e8cd9fe79062d4c1da132141456b48a598e188f8f729533e36cbccd0a2d9 13688 silx_1.0.0+dfsg-3.debian.tar.xz bafcf0462fda6fd0c7ff4cfbbe3517374a185fa4426c95de7531ae54959df9fc 18278 silx_1.0.0+dfsg-3_amd64.buildinfo Files: e76d64155e14a36947889b6f04795bcb 2813 science optional silx_1.0.0+dfsg-3.dsc 8a6d7664da66218b047756bdf945d2aa 13688 science optional silx_1.0.0+dfsg-3.debian.tar.xz bde9f6b0ba3b2ae5e4258a397fb158a1 18278 science optional silx_1.0.0+dfsg-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEPpmlJvXcwMu/HO6mALrnSzQzafEFAmIueFcSHG5pbGVzaEBk ZWJpYW4ub3JnAAoJEAC650s0M2nxJMwQAIJxC+j9HzhZ6IuguOr6gJozEHFdmYWb iJ8PRV2eVCxY1NRRFH97ORTqlRPSfo5K7m1d/2OGoDB6m1T/cTV0jW1YdxW+O7Cs 6cc3QbeczEBMMYoBZxStNTDtv3ccS4ItFBLHN5mo+CJiw4by6JCtX9WtdtmYZ5hr TQTh1RqqOciED2FnB80dH0Wnr+R77t5535biJTp0+6xkyJ8wmvwC1k/y0fylnsnF yBKklYBunY8cDyhqOoFZR+vtA3RDBv57zyr1Hu2RVXm+dUO59q2HsXLqibZ+Vmks BuLqjID3Jn4X0O/HzfkxVDG41erJpcN60d/1surOWWpoGtm46BYAh23bTHbel1LA 1VCgY+zr/TJpNLf5QP2IfrAcxDoSOVjZY7BHsPS/NwVJUxNIUMjyTNA6wksKqh09 CAfHed/Xeb0UktHduGHQu0lQu2WeHdjSOKKhPkbAShQy2tOPzTekRFKmiJpoJFbA X8LbLFkk3zrDZAc/qAdd/0FmLzjrklz9rsZK0ib9AydY3dTv5JeHtMLqJnx9lcWC ac+yX4489VEy9zkMgKfCZOOmHq6/nDvQe3nXX8fNkRT0mopHJu7IYvYgPDDcsuCL gXRlecQs16v568amGZ1JJr1H0Qg8LmYC0Pn12jL4jUxcD9EFpHmJ90gR7o3s/FHW DDpzwzjLdgft =CNFL -END PGP SIGNATURE End Message ---
Processed: NMU for dokuwiki with new upstream release and multiple (RC) bug fixes imminent
Processing control commands: > tag -1 + pending Bug #994877 [dokuwiki] dokuwiki: During install error /var/lib/dpkg/info/dokuwiki.postinst:123 tempfile: not found Added tag(s) pending. -- 994877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: NMU for dokuwiki with new upstream release and multiple (RC) bug fixes imminent
Processing control commands: > tag -1 + pending Bug #1004330 [dokuwiki] dokuwiki: No more works with PHP 8.1: Array and string offset access syntax with curly braces is no longer supported in /usr/share/dokuwiki/inc/init.php on line 557 Added tag(s) pending. -- 1004330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004330 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1004330: makes the package useless with PHP 8
Hi Francesco, Francesco Potortì wrote: > >> The necessary change was > >> > >> -$conf['savedir'] = '/var/lib/dokuwiki/data'; //where to store all the > >> files > >> +$conf['savedir'] = './data'; //where to store all the files > > > >Do you remember why this was necessary, i.e. what didn't work without it? > > Dokuwiki cannot find the .data directory and says so in the web > browser. I suppose that an alternative is creating a data link to > /var/lib/dokuwiki/data. Maybe such link existed and I removed it in > the past and an upgrade does not restore it? Hrm, this is something which might be related to running multiple instances of DokuWiki on the same host. The non-default data directory should be created by the dokuwiki-addsite. That's also why that "./data" is relative and not absolute. Maybe this should go into a separate bug report. > >> I know nothing about how php is managed on Debian. However, I had to add > >> these links: > >> > >> /usr/share/dokuwiki/vendor/paragonie/random_compat/lib -> > >> /usr/share/php/random_compat > >> /usr/share/dokuwiki/vendor/phpseclib/phpseclib/phpseclib -> > >> /usr/share/php/phpseclib > > > >Good catch! This indeed could be something that I oversaw. > > By the way, those files are in the php-phpseclib and > php-random-compat packages. Dependencies for those libraries are already there, yes. Worked fine for me without these links. Maybe because I didn't use any function which needs them. Or because I just haven't noticed the corresponding glitches. Added them. Shouldn't cause any harm. > >> # /usr/share/dokuwiki/vendor/marcusschwarz/lesserphp/ > >> > >> I replaced all {0} with [0] > > > >That's one of the common changes I had to do. I though thought I had a > >patch for that already in the package on Salsa: > > > >https://salsa.debian.org/abe/dokuwiki/-/blob/master/debian/patches/cherrypick_6b6d27d9.patch > > I had just downloaded your package, so apparently you missed that one... Can't reproduce that anymore. Maybe your testing and my fix above overlapped. > >> Additionally, I get this in the Apache log: > >> > >> PHP Warning: Undefined array key "fperm" in > >> /usr/share/dokuwiki/inc/Search/Indexer.php on line 1070, referer: > >> http://wiki.potorti.it/egc2018/bilancio > > > >Yes. These are IIRC fixed upstream in git, but not in a release yet. I > >might add them to avoid the warning, but for now I just want to do the > >minimal thing to get it working again. Should probably tracked in a separate bug report as well and being tagged as fixed-upstream. > >> And unfortunately email sending still does not work: emails are sent > >> with an empty From: field, so they fail at the sendmail level. > > > >Funnily for me it's opposite: I get more mails than before, and also > >for changes I don't see via web interface. Still unclear why. Found the cause. Those changes are indeed seen in the webinterface. It were crawlers triggering restoration of old pages whose ACL was set to world-writable (on purpose back then, now only for authenticated users). > I get one email per edit, as expected, but they bounce (and I see > the bounce) because the To: header is empty. This has happened with > php8. After I had patched all the places generating an error in the > Apache log, I had this behaviour, which undortunately does not > generate an error, so I could not catch it... Hrm, leaving that out for now. Maybe file a bug report for this, too, after I've uploaded the new version. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#1007225: ruby-image-processing: CVE-2022-24720
Source: ruby-image-processing Version: 1.10.3-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for ruby-image-processing. CVE-2022-24720[0]: | image_processing is an image processing wrapper for libvips and | ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the | `#apply` method from image_processing to apply a series of operations | that are coming from unsanitized user input allows the attacker to | execute shell commands. This method is called internally by Active | Storage variants, so Active Storage is vulnerable as well. The | vulnerability has been fixed in version 1.12.2 of image_processing. As | a workaround, users who process based on user input should always | sanitize the user input by allowing only a constrained set of | operations. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720 [1] https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446 [2] https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada Regards, Salvatore
Bug#984059: marked as done (imview: ftbfs with GCC-11)
Your message dated Sun, 13 Mar 2022 21:28:38 + with message-id and subject line Bug#984059: fixed in imview 1.1.9h-4 has caused the Debian Bug report #984059, regarding imview: ftbfs with GCC-11 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984059 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:imview Version: 1.1.9h-3 Severity: normal Tags: sid bookworm User: debian-...@lists.debian.org Usertags: ftbfs-gcc-11 [This bug is not targeted to the upcoming bullseye release] Please keep this issue open in the bug tracker for the package it was filed for. If a fix in another package is required, please file a bug for the other package (or clone), and add a block in this package. Please keep the issue open until the package can be built in a follow-up test rebuild. The package fails to build in a test rebuild on at least amd64 with gcc-11/g++-11, but succeeds to build with gcc-10/g++-10. The severity of this report will be raised before the bookworm release, so nothing has to be done for the bullseye release. The full build log can be found at: http://people.debian.org/~doko/logs/20210228/filtered/gcc11/imview_1.1.9h-3_unstable_gcc11.log The last lines of the build log are at the end of this report. To build with GCC 11, either set CC=gcc-11 CXX=g++-11 explicitly, or install the gcc, g++, gfortran, ... packages from experimental. apt-get -t=experimental install g++ Common build failures are new warnings resulting in build failures with -Werror turned on, or new/dropped symbols in Debian symbols files. For other C/C++ related build failures see the porting guide at http://gcc.gnu.org/gcc-11/porting_to.html GCC 11 defaults to the GNU++17 standard. If your package installs header files in /usr/include, please don't work around C++17 issues by choosing a lower C++ standard for the package build, but fix these issues to build with the C++17 standard. [...] from /usr/include/c++/11/cstdio:42, from /usr/include/c++/11/ext/string_conversions.h:43, from /usr/include/c++/11/bits/basic_string.h:6595, from /usr/include/c++/11/string:55, from imview.hxx:53, from profileBox.cxx:45: /usr/include/x86_64-linux-gnu/bits/stdio2.h:36:34: note: ‘__builtin___sprintf_chk’ output between 2 and 14 bytes into a destination of size 10 36 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, | ^~ 37 | __bos (__s), __fmt, __va_arg_pack ()); | ~ g++ -D_REENTRANT -DLinux -Wdate-time -D_FORTIFY_SOURCE=2 -DUSE_X11 -I. -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16 -DFLTK_API_MINOR_VERSION=3 -I/usr/include -I/<>/extensions/Fl_Native_File_Chooser -O2 -Wall -Wno-return-type -Wno-unknown-pragmas -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated -I/<>/extensions/Fl_Native_File_Chooser -I. -I. -I../include -c progressInfo.cxx machine.cxx: In function ‘const char* myDirName(const char*)’: machine.cxx:173:20: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings] 173 | char *retval = "."; // default return value |^~~ machine.cxx: In function ‘void imtempnam(char*)’: machine.cxx:120:15: warning: ignoring return value of ‘char* tmpnam(char*)’ declared with attribute ‘warn_unused_result’ [-Wunused-result] 120 | tmpnam(filename); | ~~^~ g++ -D_REENTRANT -DLinux -Wdate-time -D_FORTIFY_SOURCE=2 -DUSE_X11 -I. -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/uuid
Processed: tagging 1007095, reassign 1007167 to src:synfig, tagging 1006383, tagging 990335, tagging 989409
Processing commands for cont...@bugs.debian.org: > tags 1007095 + pending Bug #1007095 [src:lmod] lmod: reproducible-builds: binary paths are embedded differently on usrmerge vs. non-usrmerge systems Added tag(s) pending. > reassign 1007167 src:synfig 1.4.0+dfsg-2.1 Bug #1007167 [src:synfix] _clock_system.h:34:27: error: using-declaration for non-member at class scope Warning: Unknown package 'src:synfix' Bug reassigned from package 'src:synfix' to 'src:synfig'. No longer marked as found in versions synfix/1.4.0+dfsg-2.1. Ignoring request to alter fixed versions of bug #1007167 to the same values previously set Bug #1007167 [src:synfig] _clock_system.h:34:27: error: using-declaration for non-member at class scope Marked as found in versions synfig/1.4.0+dfsg-2.1. > tags 1006383 + experimental Bug #1006383 [src:mercurial] mercurial: autopkgtest needs update for new version of pygments: output changed Added tag(s) experimental. > tags 990335 + sid bookworm Bug #990335 [src:volatildap] Test failure with OpenLDAP 2.5.5 Added tag(s) bookworm and sid. > tags 989409 + sid bookworm Bug #989409 [src:nss-pam-ldapd] nss-pam-ldapd's autopkgtest fails with OpenLDAP 2.5 Added tag(s) sid and bookworm. > thanks Stopping processing here. Please contact me if you need assistance. -- 1006383: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006383 1007095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007095 1007167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007167 989409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989409 990335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990335 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: mercurial: autopkgtest needs update for new version of pygments: output changed
Processing control commands: > tags -1 patch Bug #1006383 [src:mercurial] mercurial: autopkgtest needs update for new version of pygments: output changed Added tag(s) patch. -- 1006383: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006383 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1006383: mercurial: autopkgtest needs update for new version of pygments: output changed
Source: mercurial Followup-For: Bug #1006383 Control: tags -1 patch Dear maintainer, This issue is blocking pygments from migrating to testing. I tried to prepare an NMU, but with the attached patch for the original issue, autopkgtest fails locally for me on 4 other tests, so I'm unsure if it's enough. Paul diff --git a/debian/patches/series b/debian/patches/series index b639c36..7ff5f74 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ deb_specific__optional-dependencies deb_specific__disable_libdir_replacement.patch 0005-Tolerate-SIGINT-getting-the-kill-in-test-stdio.py.patch deb_specific__which_silence_warning.patch +tests-update-for-latest-pygments.patch diff --git a/debian/patches/tests-update-for-latest-pygments.patch b/debian/patches/tests-update-for-latest-pygments.patch new file mode 100644 index 000..a2477c8 --- /dev/null +++ b/debian/patches/tests-update-for-latest-pygments.patch @@ -0,0 +1,31 @@ +From: Paul Gevers +Date: Sun, 13 Mar 2022 20:42:58 +0100 +X-Dgit-Generated: 6.0.2-1.1 1565c552b0b79a69eea8b1ac12e2c211d01c3df1 +Subject: tests: update for latest pygments + +Closes: #1006383 + +--- + +--- mercurial-6.0.2.orig/tests/test-run-tests.t mercurial-6.0.2/tests/test-run-tests.t +@@ -176,14 +176,14 @@ test diff colorisation + running 1 tests using 1 parallel processes + + \x1b[38;5;124m--- $TESTTMP/test-failure.t\x1b[39m (esc) +- \x1b[38;5;34m+++ $TESTTMP/test-failure.t.err\x1b[39m (esc) ++ \x1b[38;5;28m+++ $TESTTMP/test-failure.t.err\x1b[39m (esc) + \x1b[38;5;90;01m@@ -1,4 +1,4 @@\x1b[39;00m (esc) +- $ echo "bar-baz"; echo "bar-bad"; echo foo +- \x1b[38;5;34m+ bar*baz (glob)\x1b[39m (esc) +- bar*bad (glob) ++ \x1b[38;5;250m \x1b[39m $ echo "bar-baz"; echo "bar-bad"; echo foo (esc) ++ \x1b[38;5;28m+ bar*baz (glob)\x1b[39m (esc) ++ \x1b[38;5;250m \x1b[39m bar*bad (glob) (esc) + \x1b[38;5;124m- bar*baz (glob)\x1b[39m (esc) + \x1b[38;5;124m- | fo (re)\x1b[39m (esc) +- \x1b[38;5;34m+ foo\x1b[39m (esc) ++ \x1b[38;5;28m+ foo\x1b[39m (esc) + + \x1b[38;5;88mERROR: \x1b[39m\x1b[38;5;9mtest-failure.t\x1b[39m\x1b[38;5;88m output changed\x1b[39m (esc) + !
Bug#1000336: Upgrading tbb
Hi, Recently I'm not able to test the build of libtbb-dev's reverse dependencies as my build machine was out of access. That blocks my submission of the transition bug and hence I'm stalled at this point. According to some archlinux developers, this transition breaks a lot of reverse dependencies since some of the core APIs have been changed. Please expect a relatively negative rebuild result. Help is welcome. On Mon, 2022-03-14 at 01:30 +0530, Nilesh Patra wrote: > Hi Mo, > > On 2/23/22 11:01 AM, M. Zhou wrote: > > Hello guys. Finally it's all green on our release architectures > > https://buildd.debian.org/status/package.php?p=onetbb=experimental > > > > I shall request the slot for transition once finished the rebuild > > of its reverse dependencies and filed FTBFS bugs if any. > > Did you get a chance to do this yet? > As we _really_ need numba at this point. > > Regards, > Nilesh > >
Processed: tagging 966726
Processing commands for cont...@bugs.debian.org: > tags 966726 + ftbfs Bug #966726 [src:condor] condor: Unversioned Python removal in sid/bullseye Added tag(s) ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 966726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: affects 990335
Processing commands for cont...@bugs.debian.org: > affects 990335 src:django-ldapdb Bug #990335 [src:volatildap] Test failure with OpenLDAP 2.5.5 Added indication that 990335 affects src:django-ldapdb > thanks Stopping processing here. Please contact me if you need assistance. -- 990335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990335 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 1007217
Processing commands for cont...@bugs.debian.org: > tags 1007217 + bookworm sid Bug #1007217 [src:golang-openldap] golang-openldap: openldap 2.5 transition Added tag(s) bookworm and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1007217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1000336: Upgrading tbb
Hi Mo, On 2/23/22 11:01 AM, M. Zhou wrote: Hello guys. Finally it's all green on our release architectures https://buildd.debian.org/status/package.php?p=onetbb=experimental I shall request the slot for transition once finished the rebuild of its reverse dependencies and filed FTBFS bugs if any. Did you get a chance to do this yet? As we _really_ need numba at this point. Regards, Nilesh OpenPGP_signature Description: OpenPGP digital signature
Processed: severity of 989409 is serious, severity of 990335 is serious, severity of 1007217 is serious
Processing commands for cont...@bugs.debian.org: > # openldap transition is ongoing > severity 989409 serious Bug #989409 [src:nss-pam-ldapd] nss-pam-ldapd's autopkgtest fails with OpenLDAP 2.5 Severity set to 'serious' from 'normal' > severity 990335 serious Bug #990335 [src:volatildap] Test failure with OpenLDAP 2.5.5 Severity set to 'serious' from 'normal' > severity 1007217 serious Bug #1007217 [src:golang-openldap] golang-openldap: openldap 2.5 transition Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1007217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007217 989409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989409 990335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990335 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1006009: fixed in libwebp 1.2.2-1
Hi Jeff, I'm planning to a NMU of libwebp in 2 days (Tues Mar 15th) to fix this bug, if you lack the time to fix it before then. Thanks, Andres On 3/13/22 01:22, Jeremy Bicha wrote: Please set the urgency to high when you do the upload to fix the new regression. That will automatically reduce the time to migrate to testing to 2 days since this transition has been open for several weeks now. Thank you, Jeremy Bicha
Bug#979958: marked as done (sockjs-client: node-uglify is deprecated in favor of uglifyjs)
Your message dated Sun, 13 Mar 2022 19:00:13 + with message-id and subject line Bug#979958: fixed in node-sockjs-client 1.5.2+dfsg1-1 has caused the Debian Bug report #979958, regarding sockjs-client: node-uglify is deprecated in favor of uglifyjs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979958 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sockjs-client Severity: important sockjs-client build depends on node-uglify which is deprecated and will be removed from bullseye (#958117), please update your (build) dependency in favor of uglifyjs or uglifyjs.terser https://bugs.debian.org/958117 (sent using mass-bug) --- End Message --- --- Begin Message --- Source: node-sockjs-client Source-Version: 1.5.2+dfsg1-1 Done: Andrius Merkys We believe that the bug you reported is fixed in the latest version of node-sockjs-client, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrius Merkys (supplier of updated node-sockjs-client package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Feb 2022 09:15:25 -0500 Source: node-sockjs-client Binary: node-sockjs-client Architecture: source all Version: 1.5.2+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Andrius Merkys Description: node-sockjs-client - provides a WebSocket-like object in browser Closes: 886155 979958 Changes: node-sockjs-client (1.5.2+dfsg1-1) unstable; urgency=medium . * Team upload. . [ Pirate Praveen ] * New upstream version (Closes: #886155, #979958) . [ Paolo Greppi ] * Update Vcs fields for migration to https://salsa.debian.org/ . [ lintian-brush ] * Trim trailing whitespace. * Use secure copyright file specification URI. * Bump debhelper from deprecated 9 to 12. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. . [ Andreas Tille ] * Merge packaging of 0.3.4+dfsg . [ Andrius Merkys ] * Renaming source and binary packages according to JS team practice. * Using nodejs build sequence. Checksums-Sha1: 7635cc23a12db2290224241d18eb65938c472f32 2272 node-sockjs-client_1.5.2+dfsg1-1.dsc ccbc1b1768c013c4db4cf88b23af27b428d2a17c 150752 node-sockjs-client_1.5.2+dfsg1.orig.tar.xz 9a293b0a3afafebf63bd07ea7044e11f3daa45a8 5720 node-sockjs-client_1.5.2+dfsg1-1.debian.tar.xz 296b7b7d7019ede1722cf7c5bc52e430843f372e 41264 node-sockjs-client_1.5.2+dfsg1-1_all.deb d6fa63dd0bb515aaa369bad51568009deda5ea10 9201 node-sockjs-client_1.5.2+dfsg1-1_amd64.buildinfo Checksums-Sha256: f6cddc791237a67bf9ccecc31a81c415f6c10ed1ca0bf8e3d6479de0dde34285 2272 node-sockjs-client_1.5.2+dfsg1-1.dsc 3ee5e6e63ea838c385beb86bbc95ff089f7ed1c19c127a9225fbf69d7cff04b2 150752 node-sockjs-client_1.5.2+dfsg1.orig.tar.xz 2ba3466ec213bddc0507606e0527d93e87090133b3c361e353f55fb740220d04 5720 node-sockjs-client_1.5.2+dfsg1-1.debian.tar.xz 5a7e74dda51f6bf2cb221d8679e6a330261225bb3de8e80aca20e6ff4bc79591 41264 node-sockjs-client_1.5.2+dfsg1-1_all.deb 42555177e93cbd5a96f81e177a03ee1ffa96a9a669aeb2effaa4c35a18d53614 9201 node-sockjs-client_1.5.2+dfsg1-1_amd64.buildinfo Files: 0b572dd866ecd7d9f4b7e3c595b9a1f7 2272 javascript optional node-sockjs-client_1.5.2+dfsg1-1.dsc f812cb07e2a525ffc874373e4cdbf419 150752 javascript optional node-sockjs-client_1.5.2+dfsg1.orig.tar.xz 2cefd5348794bbf367990da602bfd305 5720 javascript optional node-sockjs-client_1.5.2+dfsg1-1.debian.tar.xz 428ac1785c3d09c10b496c93f00704c1 41264 javascript optional node-sockjs-client_1.5.2+dfsg1-1_all.deb 3939f25431d75ba58959a028462fe8b1 9201 javascript optional node-sockjs-client_1.5.2+dfsg1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEdyKS9veshfrgQdQe5fQ/nCc08ocFAmIY5oESHG1lcmt5c0Bk ZWJpYW4ub3JnAAoJEOX0P5wnNPKHwcQP/1ZfVThCL/7YdHQw741Kp85pyPLYImuh dMtALodOlOvZG4iqrDJKdpQgR3VGpxOB/p5AdiVBjdJIbRMfXdnTgSm+YBXktpjM
Bug#997452: marked as done (libgnatcoll: FTBFS: '! LaTeX Error: File `tgtermes.sty' not found.')
Your message dated Sun, 13 Mar 2022 19:00:11 + with message-id and subject line Bug#997452: fixed in libgnatcoll 22.1.0-1 has caused the Debian Bug report #997452, regarding libgnatcoll: FTBFS: '! LaTeX Error: File `tgtermes.sty' not found.' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 997452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libgnatcoll Version: 21.0.0-4 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20211023 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[3]: Entering directory '/<>/docs' > make[3]: warning: jobserver unavailable: using -j1. Add '+' to parent make > rule. > latexmk -pdf -dvi- -ps- 'GNATColl.tex' > writing output... [ 20%] filling > writing output... [ 25%] geometry > writing output... [ 29%] index > writing output... [ 33%] intro > writing output... [ 37%] json > Rc files read: > /etc/LatexMk > latexmkrc > Latexmk: This is Latexmk, John Collins, 21 September 2021, version: 4.75. > Rule 'pdflatex': File changes, etc: >Changed files, or newly in use since previous run(s): > 'GNATColl.tex' > > Run number 1 of rule 'pdflatex' > > > Running 'pdflatex -interaction=errorstopmode -recorder "GNATColl.tex"' > > Latexmk: applying rule 'pdflatex'... > writing output... [ 41%] memory > This is pdfTeX, Version 3.141592653-2.6-1.40.22 (TeX Live 2022/dev/Debian) > (preloaded format=pdflatex) > restricted \write18 enabled. > reading sources... [ 95%] tribooleans > writing output... [ 45%] mmap > entering extended mode > (./GNATColl.tex > LaTeX2e <2021-06-01> patch level 1 > L3 programming layer <2021-08-27>reading sources... [100%] vfs > (./sphinxmanual.cls > Document Class: sphinxmanual 2019/12/01 v2.3.0 Document class (Sphinx manual) > (/usr/share/texlive/texmf-dist/tex/latex/base/report.cls > Document Class: report 2021/02/12 v1.4n Standard LaTeX document class > (/usr/share/texlive/texmf-dist/tex/latex/base/size10.clo))) > (/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty) > (/usr/share/texlive/texmf-dist/tex/latex/cmap/cmap.sty) > (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty<>) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsmath.sty > For additional information on amsmath, use the `?' option. > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amstext.sty > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsgen.sty)writing output... > [ 50%] pools > ) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsbsy.sty) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsopn.sty))writing > output... [ 54%] projects > > (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amssymb.sty > (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty)) > (/usr/share/texlive/texmf-dist/tex/generic/babel/babel.sty > > (/usr/share/texlive/texmf-dist/tex/generic/babel/babel.def/<>/docs/building.rst:61: > WARNING: Duplicate explicit target name: "building_gnatcoll". > looking for now-outdated files... writing output... [ 58%] promises > none found > pickling environment... > (/usr/share/texlive/texmf-dist/tex/generic/babel/txtbabel.def)done > checking consistency... done > preparing documents... )writing output... [ 62%] ravenscar > done > writing output... [ 4%] boyer_moore > > (/usr/share/texlive/texmf-dist/tex/generic/babel-english/english.ldf)) > > ! LaTeX Error: File `tgtermes.sty' not found. > > Type X to quit or to proceed, > or enter new name. (Default extension: sty) > > Enter file name: > ! Emergency stop. > > > l.37 \usepackage > {tgheros}^^M > ! ==> Fatal error occurred, no output PDF file produced! > Transcript written on GNATColl.log. > writing output... [ 66%] refcount > Latexmk: Missing input file 'tgtermes.sty' (or dependence on it) from > following: > '! LaTeX Error: File `tgtermes.sty' not found.' > Collected error summary (may duplicate other messages): > pdflatex: Command for 'pdflatex' gave return code 1 > Refer to 'GNATColl.log' for details > Latexmk: Use the -f option to force complete processing, > unless error was exceeding maximum runs, or warnings treated as errors. > Latexmk: Examining 'GNATColl.log' > === TeX engine is 'pdfTeX' > Latexmk: Errors, so I did not complete making targets > writing output... [ 70%] scripting > make[3]: *** [Makefile:29: GNATColl.pdf] Error 12 The full
Bug#995578: marked as done (libxmlada build-depends onunicode-data (< 14~) but testing/unstable has 14.0.0-1)
Your message dated Sun, 13 Mar 2022 19:00:12 + with message-id and subject line Bug#995578: fixed in libxmlada 22.0.0-1 has caused the Debian Bug report #995578, regarding libxmlada build-depends onunicode-data (< 14~) but testing/unstable has 14.0.0-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 995578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libxmlada Version: 21.0.0-4 Severity: serious Justification: rc policy - "packages must be buildable within the same release" Tags: bookworm, sid libxmlada build-depends onunicode-data (< 14~) but testing/unstable has 14.0.0-1, therefore your packages build-dependencies are unsatisfiable in testing and unstable. --- End Message --- --- Begin Message --- Source: libxmlada Source-Version: 22.0.0-1 Done: Nicolas Boulenguez We believe that the bug you reported is fixed in the latest version of libxmlada, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 995...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicolas Boulenguez (supplier of updated libxmlada package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 13 Mar 2022 11:17:22 + Binary: libxmlada-doc libxmlada-dom11-dev libxmlada-dom7 libxmlada-dom7-dbgsym libxmlada-input11-dev libxmlada-input7 libxmlada-input7-dbgsym libxmlada-sax11-dev libxmlada-sax7 libxmlada-sax7-dbgsym libxmlada-schema11-dev libxmlada-schema7 libxmlada-schema7-dbgsym libxmlada-unicode11-dev libxmlada-unicode7 libxmlada-unicode7-dbgsym Source: libxmlada Architecture: all amd64 source Version: 22.0.0-1 Distribution: experimental Urgency: medium Maintainer: Ludovic Brenta Changed-By: Nicolas Boulenguez Closes: 995578 Description: libxmlada-doc - XML/Ada, a full XML suite for Ada programmers (documentation) libxmlada-dom11-dev - XML/Ada, a full XML suite for Ada programmers (dom) libxmlada-dom7 - XML/Ada, a full XML suite for Ada programmers (dom runtime) libxmlada-input11-dev - XML/Ada, a full XML suite for Ada programmers (input sources) libxmlada-input7 - XML/Ada, a full XML suite for Ada programmers (input sources runt libxmlada-sax11-dev - XML/Ada, a full XML suite for Ada programmers (sax) libxmlada-sax7 - XML/Ada, a full XML suite for Ada programmers (sax runtime) libxmlada-schema11-dev - XML/Ada, a full XML suite for Ada programmers (schema) libxmlada-schema7 - XML/Ada, a full XML suite for Ada programmers (schema runtime) libxmlada-unicode11-dev - XML/Ada, a full XML suite for Ada programmers (unicode) libxmlada-unicode7 - XML/Ada, a full XML suite for Ada programmers (unicode runtime) Changes: libxmlada (22.0.0-1) experimental; urgency=medium . * Rebuild with gnat-11 in experimental. Build-Depend: unicode 15 (closes: #995578). New upstream version. Rename -dev packages per Ada policy. No need to bump soversion. * Build-Depend: tex-gyre for sphinx documentation. * Split unicode updates in small patches instead of rebasing. * Standards-Version: 4.6.0. * Add license for Ada code generated from Unicode data. * Add upstream metadata. * watch: remove unneeded filenamemangle uscan option. Checksums-Sha1: e348d0c759056515b1d2de3eee4dd40959a46ff4 2957 libxmlada_22.0.0-1.dsc daa00933eb42927ce23029be157264ace3b4f606 1022947 libxmlada_22.0.0.orig.tar.gz 5cc94c2b342d4714bb2f72806eaa444757328d0a 16176 libxmlada_22.0.0-1.debian.tar.xz 46c1c31946293fbe5936873e7fa78a5cdd1defc9 368672 libxmlada-doc_22.0.0-1_all.deb e7acf2ce362f45d3213a786fd0d459f3e7748b09 110612 libxmlada-dom11-dev_22.0.0-1_amd64.deb 64d9f16b9596100b060939ef659ad20b5fb0448a 93732 libxmlada-dom7-dbgsym_22.0.0-1_amd64.deb 9f9c32ab6f92dd56b15e0b745ac8601da71fc5ce 59252 libxmlada-dom7_22.0.0-1_amd64.deb f7e10633e6d09449ca660d33c9ca478cee1bbf23 45196 libxmlada-input11-dev_22.0.0-1_amd64.deb 0ee644cbf16060e53d3d7e99725d912e10674ca3 27776 libxmlada-input7-dbgsym_22.0.0-1_amd64.deb 5c98f594bddb711552e5ebfd337b5dadd96a72c8 27716 libxmlada-input7_22.0.0-1_amd64.deb c6aea9f91c97b9f17612a497b5309323d2ab7040 277112
Bug#997415: marked as done (gprbuild: FTBFS: '! LaTeX Error: File `tgtermes.sty' not found.')
Your message dated Sun, 13 Mar 2022 19:00:10 + with message-id and subject line Bug#997415: fixed in gprbuild 2022.0.0-1 has caused the Debian Bug report #997415, regarding gprbuild: FTBFS: '! LaTeX Error: File `tgtermes.sty' not found.' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 997415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997415 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gprbuild Version: 2021.0.0.0778b109-5 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20211023 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[3]: Entering directory '/<>/doc/pdf' > latexmk -pdf -dvi- -ps- 'gprbuild_ug.tex' > Rc files read: > /etc/LatexMk > latexmkrc > Latexmk: This is Latexmk, John Collins, 21 September 2021, version: 4.75. > Rule 'pdflatex': File changes, etc: >Changed files, or newly in use since previous run(s): > 'gprbuild_ug.tex' > > Run number 1 of rule 'pdflatex' > > > Running 'pdflatex -interaction=nonstopmode -recorder "gprbuild_ug.tex"' > > Latexmk: applying rule 'pdflatex'... > This is pdfTeX, Version 3.141592653-2.6-1.40.22 (TeX Live 2022/dev/Debian) > (preloaded format=pdflatex) > restricted \write18 enabled. > entering extended mode > (./gprbuild_ug.tex > LaTeX2e <2021-06-01> patch level 1 > L3 programming layer <2021-08-27> (./sphinxmanual.cls > Document Class: sphinxmanual 2019/12/01 v2.3.0 Document class (Sphinx manual) > (/usr/share/texlive/texmf-dist/tex/latex/base/report.cls > Document Class: report 2021/02/12 v1.4n Standard LaTeX document class > (/usr/share/texlive/texmf-dist/tex/latex/base/size10.clo))) > (/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty) > (/usr/share/texlive/texmf-dist/tex/latex/cmap/cmap.sty) > (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty<>) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsmath.sty > For additional information on amsmath, use the `?' option. > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amstext.sty > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsgen.sty)) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsbsy.sty) > (/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsopn.sty)) > (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amssymb.sty > (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty)) > (/usr/share/texlive/texmf-dist/tex/generic/babel/babel.sty > (/usr/share/texlive/texmf-dist/tex/generic/babel/babel.def > (/usr/share/texlive/texmf-dist/tex/generic/babel/txtbabel.def)) > (/usr/share/texlive/texmf-dist/tex/generic/babel-english/english.ldf)) > > ! LaTeX Error: File `tgtermes.sty' not found. > > Type X to quit or to proceed, > or enter new name. (Default extension: sty) > > Enter file name: > ! Emergency stop. > > > l.37 \usepackage > {tgheros}^^M > ! ==> Fatal error occurred, no output PDF file produced! > Transcript written on gprbuild_ug.log. > Latexmk: Missing input file 'tgtermes.sty' (or dependence on it) from > following: > '! LaTeX Error: File `tgtermes.sty' not found.' > Collected error summary (may duplicate other messages): > pdflatex: Command for 'pdflatex' gave return code 1 > Refer to 'gprbuild_ug.log' for details > Latexmk: Use the -f option to force complete processing, > unless error was exceeding maximum runs, or warnings treated as errors. > Latexmk: Examining 'gprbuild_ug.log' > === TeX engine is 'pdfTeX' > Latexmk: Errors, so I did not complete making targets > make[3]: *** [Makefile:29: gprbuild_ug.pdf] Error 12 The full build log is available from: http://qa-logs.debian.net/2021/10/23/gprbuild_2021.0.0.0778b109-5_unstable.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! If you reassign this bug to another package, please marking it as 'affects'-ing this package. See https://www.debian.org/Bugs/server-control#affects If you fail to reproduce this, please provide a build log and diff it with mine so that we can identify if something relevant changed in the meantime. --- End Message --- --- Begin Message --- Source: gprbuild Source-Version: 2022.0.0-1 Done: Nicolas Boulenguez We believe that the bug you reported is fixed in the latest version of gprbuild, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and
Bug#1005779: djangorestframework: autopkgtest needs update for new version of pygments
Source: djangorestframework Version: 3.12.4-2 Followup-For: Bug #1005779 Dear maintainer, I prepared an NMU to fix this issue, as it's blocking the migration of pygments to testing. I uploaded to DELAYED/5. Please cancel it or tell me to cancel it if you'd rather fix the issue yourself. Paul diff --git a/debian/changelog b/debian/changelog index 4c6bd9e..b2cd026 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +djangorestframework (3.12.4-2.1) unstable; urgency=medium + + * Non-maintainer upload + * tests: update for newer pygments (Closes: #1005779) + + -- Paul Gevers Sun, 13 Mar 2022 19:19:52 +0100 + djangorestframework (3.12.4-2) unstable; urgency=medium * debian/rules diff --git a/debian/patches/series b/debian/patches/series index 67355cd..0a97bd1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0002-Clean-all-privacy-breaches-in-the-package.patch 0002-Fix-asset-names-to-match-symlinks-to-packaged-files.patch 0003-Fix-tests-with-mock-timezone-7911.patch +tests-update-for-newer-pygments.patch diff --git a/debian/patches/tests-update-for-newer-pygments.patch b/debian/patches/tests-update-for-newer-pygments.patch new file mode 100644 index 000..b55900e --- /dev/null +++ b/debian/patches/tests-update-for-newer-pygments.patch @@ -0,0 +1,38 @@ +From: Paul Gevers +Date: Sun, 13 Mar 2022 17:12:30 +0100 +X-Dgit-Generated: 3.12.4-2.1 3e10ec7e98630c1f46952ca1d9b26237187c6c52 +Subject: tests: update for newer pygments + +Closes: #1005779 + +--- + +--- djangorestframework-3.12.4.orig/tests/test_description.py djangorestframework-3.12.4/tests/test_description.py +@@ -45,12 +45,20 @@ MARKDOWN_BASE = """hash style header%s""" + + MARKDOWN_gte_33 = """ +-[{\ +-alpha:\ +- 1,\ +-beta: this\ +- is a \ +-string}]\ ++[{\ ++\ ++alpha:\ ++ \ ++1,\ ++\ ++beta: \ ++this\ ++ is\ ++ a\ ++ \ ++stri\ ++ng\ ++}]\ + + """ +
Bug#1006333: Relaxed fix in expat for CVE-2022-25236 released
Hi all, An update for expat (landed in unstable earlier) and now as DSA 5085-2 for buster and bullseye as well is released which relaxes the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. So there is no immediate action for updating the affected packages from regressions ins buster and bulleye. For unstable (and bookworm) given the API docs of function XML_ParserCreateNS do advise against using URI characters in namespace searators and expat might be stricter in future about their use, it's still recomended to address these isses (I see biboumi in fact did already in #1006333, thanks Jonas, Slavko and Diane). Regards, Salvatore
Bug#1006047: ruby-pygments.rb: FTBFS: ERROR: Test "ruby3.0" failed.
Source: ruby-pygments.rb Version: 2.3.0+ds-2 Followup-For: Bug #1006047 Control: tags -1 pending Dear maintainers, I prepared an NMU to fix this issue. It's blocking the migration of pygments to testing. I uploaded to DELAYED/5, please cancel or tell me to cancel if you want to handle this yourself. Paul diff --git a/debian/changelog b/debian/changelog index 34cf687..0045c1a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +ruby-pygments.rb (2.3.0+ds-2.1) unstable; urgency=medium + + * Non-maintainer upload + * test: update for latest pygments (Closes: #1006047) + + -- Paul Gevers Sun, 13 Mar 2022 12:31:00 +0100 + ruby-pygments.rb (2.3.0+ds-2) unstable; urgency=medium * Team upload. diff --git a/debian/patches/series b/debian/patches/series index ea926c8..5ce9448 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ 0010-Disable-the-test-expecting-a-timeout.patch 0013-test-drop-test-that-depends-on-Python-internals.patch 0014-no-relative-path-to-mentos-py.patch +test-update-for-latest-pygments.patch diff --git a/debian/patches/test-update-for-latest-pygments.patch b/debian/patches/test-update-for-latest-pygments.patch new file mode 100644 index 000..51dd7a4 --- /dev/null +++ b/debian/patches/test-update-for-latest-pygments.patch @@ -0,0 +1,38 @@ +From: Paul Gevers +Date: Sun, 13 Mar 2022 12:29:11 +0100 +X-Dgit-Generated: 2.3.0+ds-2.1 5528a716afc2e62e4fc630c623c238e02259 +Subject: test: update for latest pygments + +Closes: #1006047 + +--- + +--- ruby-pygments.rb-2.3.0+ds.orig/test/test_pygments.rb ruby-pygments.rb-2.3.0+ds/test/test_pygments.rb +@@ -71,7 +71,7 @@ class PygmentsHighlightTest < Test::Unit + + def test_highlight_formatter_bbcode + code = P.highlight(RUBY_CODE, formatter: 'bbcode') +-assert_match 'color=#408080][i]#!/usr/bin/ruby[/i]', code ++assert_match 'color=#3D7B7B][i]#!/usr/bin/ruby[/i]', code + end + + def test_highlight_formatter_terminal +@@ -181,7 +181,7 @@ class PygmentsLexerClassTest < Test::Uni + assert_equal P::Lexer['PHP'], P::Lexer.find_by_extname('.php4') + assert_equal P::Lexer['PHP'], P::Lexer.find_by_extname('.php5') + assert_equal P::Lexer['Groff'], P::Lexer.find_by_extname('.1') +-assert_equal P::Lexer['Groff'], P::Lexer.find_by_extname('.3') ++#assert_equal P::Lexer['Groff'], P::Lexer.find_by_extname('.3') + assert_equal P::Lexer['C'], P::Lexer.find_by_extname('.c') + assert_equal P::Lexer['Python'], P::Lexer.find_by_extname('.py') + assert_equal P::Lexer['Java'], P::Lexer.find_by_extname('.java') +@@ -213,7 +213,7 @@ class PygmentsCssTest < Test::Unit::Test + end + + def test_css_default +-assert_match '.c { color: #408080; font-style: italic }', P.css ++assert_match '.c { color: #3D7B7B; font-style: italic }', P.css + end + + def test_css_colorful
Processed: Re: ruby-pygments.rb: FTBFS: ERROR: Test "ruby3.0" failed.
Processing control commands: > tags -1 pending Bug #1006047 [src:ruby-pygments.rb] ruby-pygments.rb: FTBFS: ERROR: Test "ruby3.0" failed. Added tag(s) pending. -- 1006047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006047 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1005800: sundials: FTBFS in sid (test failures)
Source: sundials Followup-For: Bug #1005800 This build failure doesn't seem to be reproducible. Reproducibility builds are still successful (tests passed), most recently 2022-03-12, https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/sundials.html We'll have a new rebuild shortly, against hypre 2.23.
Bug#968024: marked as done (netpbm-free: Unversioned Python removal in sid/bullseye)
Your message dated Sun, 13 Mar 2022 10:21:13 + with message-id and subject line Bug#968024: fixed in netpbm-free 2:10.97.00-1 has caused the Debian Bug report #968024, regarding netpbm-free: Unversioned Python removal in sid/bullseye to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968024: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968024 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: netpbm-free Version: 2:10.78.05-0.1 Severity: serious User: debian-pyt...@lists.debian.org Usertags: py2unversioned Python2 becomes end-of-live upstream, and Debian aims to remove Python2 from the distribution, as discussed in https://lists.debian.org/debian-python/2019/07/msg00080.html We will keep some Python2 package as discussed in https://lists.debian.org/debian-python/2020/07/msg00039.html but removing the unversioned python packages python-minimal, python, python-dev, python-dbg, python-doc. Your package either build-depends, depends on one of those packages. Please either convert these packages to Python3, or if that is not possible, replaces the dependencies on the unversioned Python packages with one of the python2 dependencies (python2, python2-dev, python2-dbg, python2-doc). Please check for dependencies, build dependencies AND autopkg tests. If there are questions, please refer to the wiki page for the removal: https://wiki.debian.org/Python/2Removal, or ask for help on IRC #debian-python, or the debian-pyt...@lists.debian.org mailing list. --- End Message --- --- Begin Message --- Source: netpbm-free Source-Version: 2:10.97.00-1 Done: Andreas Tille We believe that the bug you reported is fixed in the latest version of netpbm-free, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 968...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille (supplier of updated netpbm-free package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 13 Mar 2022 10:40:03 +0100 Source: netpbm-free Architecture: source Version: 2:10.97.00-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers Changed-By: Andreas Tille Closes: 209957 256402 386388 669365 813227 847241 854978 864796 968024 977007 1007030 Changes: netpbm-free (2:10.97.00-1) unstable; urgency=medium . * Team upload. * New upstream version - Closes: #977007, #386388, #847241 CVE-2017-2579, CVE-2017-2580 and CVE-2017-2581 before 10.61 thus - Closes: #854978 * debian/watch: Use svn mode * Move package to Debian Phototools team Closes: #813227, #864796 * Drop debian/gbp.conf by using branch names per team policy * Use Python3 in manpage creation Closes: #968024 * Provide userguide in debian/userguide since it is not part of the upstream source tarball obtained via svn mode * Standards-Version: 4.6.0 (routine-update) * debhelper-compat 13 (routine-update) * Remove trailing whitespace in debian/changelog (routine-update) * Remove trailing whitespace in debian/copyright (routine-update) * Remove trailing whitespace in debian/rules (routine-update) * Rules-Requires-Root: no (routine-update) * Fix day-of-week for changelog entry 1:19940301.2-4. * Use d-shlibs to install library and libdevel package * DEP3 * Add Build-Depends: ghostscrip to pass one test * Disable two remaining tests that are failing * Remove manweb completely since test had shown this does not work at all * Try hardening options * Enhance long descriptions Closes: #209957 * ppmqvga does not belong to the source any more Closes: #256402, #669365 * Previous upload to experimental switched to 3.0 source format Closes: #1007030 * DEP5 Checksums-Sha1: 88bbbddb4e5ad0e6d0fda5afd28b1c67094b8dd4 2306 netpbm-free_10.97.00-1.dsc 47af82b17a5ec1b4cb0e750fbdc9b2fb4cd099c3 2140072 netpbm-free_10.97.00.orig.tar.xz c25d9b6283b3c599939ff526a81f78bf1931348d 1546412 netpbm-free_10.97.00-1.debian.tar.xz b0f2b2ff09a6a63948fcb492a704e8697f09aad5 9180 netpbm-free_10.97.00-1_amd64.buildinfo Checksums-Sha256:
Processed: update bts meta info
Processing commands for cont...@bugs.debian.org: > reassign 1006003 src:ganeti 3.0.1-4 Bug #1006003 {Done: Apollon Oikonomopoulos } [src:pyparsing, src:ganeti] pyparsing breaks ganeti autopkgtest: module 'pyparsing' has no attribute 'operatorPrecedence' Bug reassigned from package 'src:pyparsing, src:ganeti' to 'src:ganeti'. No longer marked as found in versions ganeti/3.0.1-4 and pyparsing/3.0.7-1. No longer marked as fixed in versions ganeti/3.0.2-1. Bug #1006003 {Done: Apollon Oikonomopoulos } [src:ganeti] pyparsing breaks ganeti autopkgtest: module 'pyparsing' has no attribute 'operatorPrecedence' Marked as found in versions ganeti/3.0.1-4. > fixed 1006003 3.0.2-1 Bug #1006003 {Done: Apollon Oikonomopoulos } [src:ganeti] pyparsing breaks ganeti autopkgtest: module 'pyparsing' has no attribute 'operatorPrecedence' Marked as fixed in versions ganeti/3.0.2-1. > affects 1006003 src:pyparsing Bug #1006003 {Done: Apollon Oikonomopoulos } [src:ganeti] pyparsing breaks ganeti autopkgtest: module 'pyparsing' has no attribute 'operatorPrecedence' Added indication that 1006003 affects src:pyparsing > thanks Stopping processing here. Please contact me if you need assistance. -- 1006003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006003 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1007172: marked as done (r-cran-pki incompatible with OpenSSL 3)
Your message dated Sun, 13 Mar 2022 08:35:09 + with message-id and subject line Bug#1007172: fixed in r-cran-pki 0.1-10-1 has caused the Debian Bug report #1007172, regarding r-cran-pki incompatible with OpenSSL 3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1007172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007172 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: r-cran-pki Version: 0.1-9-1 Severity: serious Tags: patch experimental User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu jammy ubuntu-patch Hi Andreas, r-cran-pki is incompatible with OpenSSL 3, which is currently in experimental. This shows up as an autopkgtest failure: [...] > -- Ciphers info("Ciphers") > skey <- PKI.random(256) > for (cipher in c("aes256ecb", "aes256ofb", "bfcbc", "bfecb", "bfofb", > "bfcfb")) + assert(cipher, all(PKI.decrypt(PKI.encrypt(charToRaw("foo!"), skey, cipher), skey, cipher)[1:4] == charToRaw("foo!"))) . aes256ecb . aes256ofb . bfcbc Error in PKI.encrypt(charToRaw("foo!"), skey, cipher) : error:0308010C:digital envelope routines::unsupported Calls: assert -> stopifnot -> PKI.decrypt -> PKI.encrypt Execution halted autopkgtest [09:48:31]: test run-unit-test: ---] [...] (https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/r/r-cran-pki/20220223_094913_a5969@/log.gz) The issue is that r-cran-pki exposes use of various older, insecure algorithms which are no longer available in the default crypto provider in openssl, so additional steps are required in the code in order to enable use of these algorithms. I've prepared the attached patch which fixes the issue, and have uploaded it to Ubuntu, since we are shipping OpenSSL 3 for the upcoming release. Please consider including it in Debian as well (and forwarding upstream). -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch --- r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch 1969-12-31 16:00:00.0 -0800 +++ r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch 2022-03-12 00:09:19.0 -0800 @@ -0,0 +1,85 @@ +Description: Fix compatibility with OpenSSL 3 + Some algorithms exposed by PKI are now 'legacy' in OpenSSL and require + explicit enablement. +Author: Steve Langasek +Last-Update: 2022-03-12 +Forwarded: no + +Index: r-cran-pki-0.1-9/src/pki.h +=== +--- r-cran-pki-0.1-9.orig/src/pki.h r-cran-pki-0.1-9/src/pki.h +@@ -20,6 +20,10 @@ + #include + #include + ++#if OPENSSL_VERSION_NUMBER >= 0x3000L ++#include ++#endif ++ + #if __APPLE__ + #if defined MAC_OS_X_VERSION_10_7 && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 + /* use accelerated crypto on OS X instead of OpenSSL crypto */ +Index: r-cran-pki-0.1-9/src/pki-x509.c +=== +--- r-cran-pki-0.1-9.orig/src/pki-x509.c r-cran-pki-0.1-9/src/pki-x509.c +@@ -225,6 +225,28 @@ + static EVP_CIPHER_CTX *get_cipher(SEXP sKey, SEXP sCipher, int enc, int *transient, SEXP sIV) { + EVP_CIPHER_CTX *ctx; + PKI_init(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x3000L ++static OSSL_PROVIDER *legacy_provider = NULL; ++static OSSL_PROVIDER *default_provider = NULL; ++static OSSL_LIB_CTX *ossl_ctx = NULL; ++ ++if (!ossl_ctx) ++ ossl_ctx = OSSL_LIB_CTX_new(); ++if (!ossl_ctx) ++ Rf_error("OSSL_LIB_CTX_new failed\n"); ++ ++if (!legacy_provider) ++ legacy_provider = OSSL_PROVIDER_load(ossl_ctx, "legacy"); ++if (!legacy_provider) ++ Rf_error("OSSL_PROVIDER_load(legacy) failed\n"); ++ ++if (!default_provider) ++ default_provider = OSSL_PROVIDER_load(ossl_ctx, "default"); ++if (!default_provider) ++ Rf_error("OSSL_PROVIDER_load(default) failed\n"); ++#endif ++ + if (inherits(sKey, "symmeric.cipher")) { + if (transient) transient[0] = 0; + return (EVP_CIPHER_CTX*) R_ExternalPtrAddr(sCipher); +@@ -265,13 +287,29 @@ + else if (!strcmp(cipher, "aes256ofb")) + type = EVP_aes_256_ofb(); + else if (!strcmp(cipher, "blowfish") || !strcmp(cipher, "bfcbc")) ++#if OPENSSL_VERSION_NUMBER >=