Bug#927825: arm: mvneta driver used on Armada XP GP boards does not receive packets (regression from 4.9)
On 2019-04-23 22:16, Aurelien Jarno wrote: > Source: linux > Version: 4.19.28-2 > Severity: important > > After upgrading hartmann.debian.org (an armhf buildd using an Armada XP > GP board) from buster to stretch, the ethernet device is not working More precisely the board is a "Marvell Armada XP Development Board DB-MV784MP-GP" > anymore. Using tcpdump on both the buildd and a remote host, it appears > that the packets correctly leave the board and that the reception side > fails. > > The module used for the ethernet device is mvneta. The corresponding DT > compatible entry is "marvell,armada-xp-neta". > I have started a "bisection" with the kernels from snapshot. This is what I have found so far: This one works: - linux-image-4.19.0-rc6-armmp-lpae_4.19~rc6-1~exp1_armhf.deb The following ones don't: - linux-image-4.19.0-rc7-armmp-lpae_4.19~rc7-1~exp1_armhf.deb - linux-image-5.0.0-trunk-armmp_5.0.2-1~exp1_armhf.deb My guess (I don't have time to try more now) is that the issue is caused by the following change: | [ Uwe Kleine-König ] | * [armhf] enable MVNETA_BM_ENABLE and CAN_FLEXCAN as a module Add Uwe as Cc: so that he can comment on the change. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#927956: systemd-sysv: /var/run/postgresql is owned by root - postgres does not start after a reboot
Package: systemd-sysv Version: 215-17+deb8u12 Severity: important Dear Maintainer, Today I did an an apt-get update / upgrade on Jessie for these packages Get:9 http://security.debian.org/ jessie/updates/main libsystemd0 amd64 215-17+deb8u12 [90.4 kB] Get:10 http://security.debian.org/ jessie/updates/main libpam-systemd amd64 215-17+deb8u12 [127 kB] Get:11 http://security.debian.org/ jessie/updates/main systemd amd64 215-17+deb8u12 [2,554 kB] Get:12 http://security.debian.org/ jessie/updates/main systemd-sysv amd64 215-17+deb8u12 [37.4 kB] This results - after a reboot - in postgres being unable to start as /var/run/postgresql is owned by root:root not postgres:postgres 2019-04-25 12:34:20.758 BST [1372] FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied 2019-04-25 12:34:20.758 BST [1372] LOG: database system is shut down pg_ctl: could not start server * What exactly did you do that was effective sudo chown postgres:postgres /var/run/postgresql sudo systemctl start postgres OR sudo sh /usr/share/postgresql-common/init.d-functions The above script is referenced in /etc/init.d/postgresql and has a section that checks for and sets the ownership of /var/run/postgresql correctly. The update to the various systemd packages seems not to run that script Result - until you manually fix the permissions of /var/run/postgresql postgresql does not start after a reboot. -- System Information: Debian Release: 8.11 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-8-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd-sysv depends on: ii systemd 215-17+deb8u12 systemd-sysv recommends no packages. systemd-sysv suggests no packages. -- no debconf information
Bug#927955: python-rdkit: missing module pyAvalonTools
Package: python-rdkit Severity: important Dear maintainer, there should be a module pyAvalonTools in module Avalon, as it is imported also at several places in the module itself. Thank you Fulvio -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python-rdkit depends on: ii fonts-freefont-ttf20120503-9 ii libboost-python1.67.0 1.67.0-13 ii libboost-serialization1.67.0 1.67.0-13 ii libc6 2.28-8 ii libgcc1 1:8.3.0-6 ii libpython2.7 2.7.16-2 pn librdkit1 pn libschroedinger-coordgenlibs1 pn libschroedinger-maeparser1 ii libstdc++68.3.0-6 ii python2.7.16-1 ii python-numpy [python-numpy-abi9] 1:1.16.2-1 pn rdkit-data python-rdkit recommends no packages. Versions of packages python-rdkit suggests: pn rdkit-doc
Bug#927953: systemd: user and group files ignored in tmpfiles.d files
Hi mika, great, thanks for the info! Didn't think of checking the mailing list in addition to open bugs... Well, I guess such a quickly resolved bug report is great for statistics at least. Cheers, flosch On 4/25/19 1:37 PM, Michael Prokop wrote: * Florian Schmidt [Thu Apr 25, 2019 at 01:29:45PM +0200]: Package: systemd Version: 215-17+deb8u12 Severity: important it seems the recent security update led to systemd ignoring the user and group columns in tmpfiles.d files. This immediately leads to postgresql in the current oldstable version (postgresql-9.4 9.4.21-0+deb8u1, postgresql-common 165+deb8u3) breaking on reboot. [...] JFYI, this is already known and work in progress, see https://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/2019-April/038787.html regards -mika-
Bug#926719: Info received (Bug#926719: SFTP ProFTPD terminating (signal 11) after Update to 1.3.5e-0+deb8u1)
hi, We are still using the old package not protected from the vulnerability, any idea when sftp on jessie will work again ? Is there anything i can do to help it ? regards, Ghislain.
Bug#919058: itstool maintainer's help needed
Control: clone -1 -2 Control: reassign -2 src:mate-utils Control: retitle -2 gsearchtool: flawed msgstr in help/pt.po Control: severity -2 grave Hi, On Thu, 25 Apr 2019 02:03:01 +0200 Lars Skovlund wrote: > Hi Mike, > > I've just noticed this bug report: > > https://github.com/mate-desktop/mate-applets/issues/388 > > It's been closed, so apparently the problem can be worked around by > manipulating the XML. Of course, itstool still needs to be fixed. > > So far, there is no response on either the RedHat bug or on the > respective GitHub issues. There is a new itstool version available, > but it only includes the fixes that we've had available as long as this > bug has been open. > > Best regards, > > Lars I could isolated the buggy msgstr in gsearchtool/help/pt.po and will upload an amended mate-utils. Mike
Bug#927954: konqueror: Exit when opening http https' ftps' links
Package: konqueror Version: 4:18.12.0-1 Severity: normal Dear Maintainer, when opening konqueror, it works fine with local files and ftp links. But it exites when opening http://, https://, ftps:// links. -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages konqueror depends on: ii dolphin 4:18.08.0-1 ii install-info 6.5.0.dfsg.1-5 ii kio 5.54.1-1 ii libc62.28-8 ii libkf5archive5 5.54.0-1 ii libkf5bookmarks5 5.54.0-1 ii libkf5codecs55.54.0-1 ii libkf5completion55.54.0-1 ii libkf5configcore55.54.0-1 ii libkf5configgui5 5.54.0-1 ii libkf5configwidgets5 5.54.0-1 ii libkf5coreaddons55.54.0-1 ii libkf5crash5 5.54.0-1 ii libkf5dbusaddons55.54.0-1 ii libkf5i18n5 5.54.0-1 ii libkf5iconthemes55.54.0-1 ii libkf5itemviews5 5.54.0-1 ii libkf5jobwidgets55.54.0-1 ii libkf5kcmutils5 5.54.0-1 ii libkf5kdelibs4support5 5.54.0-1 ii libkf5khtml5 5.54.0-1 ii libkf5kiocore5 5.54.1-1 ii libkf5kiofilewidgets55.54.1-1 ii libkf5kiogui55.54.1-1 ii libkf5kiowidgets55.54.1-1 ii libkf5konq6 4:18.12.0-1 ii libkf5parts5 5.54.0-1 ii libkf5service-bin5.54.0-1 ii libkf5service5 5.54.0-1 ii libkf5sonnetcore55.54.0-1 ii libkf5sonnetui5 5.54.0-1 ii libkf5wallet-bin 5.54.0-1 ii libkf5wallet55.54.0-1 ii libkf5widgetsaddons5 5.54.0-1 ii libkf5windowsystem5 5.54.0-1 ii libkf5xmlgui55.54.0-1 ii libqt5core5a 5.11.3+dfsg1-1 ii libqt5dbus5 5.11.3+dfsg1-1 ii libqt5gui5 5.11.3+dfsg1-1 ii libqt5network5 5.11.3+dfsg1-1 ii libqt5printsupport5 5.11.3+dfsg1-1 ii libqt5webenginecore5 5.11.3+dfsg-2+b1 ii libqt5webenginewidgets5 5.11.3+dfsg-2+b1 ii libqt5widgets5 5.11.3+dfsg1-1 ii libqt5x11extras5 5.11.3-2 ii libqt5xml5 5.11.3+dfsg1-1 ii libstdc++6 8.3.0-6 Versions of packages konqueror recommends: ii kfind 4:17.08.3-2 Versions of packages konqueror suggests: ii konq-plugins 4:18.12.0-1 -- no debconf information
Bug#927716: [Pkg-javascript-devel] Bug#927716: Bug#927716: CVE-2018-1109
Control: tags -1 + moreinfo Le 22/04/2019 à 07:38, Xavier a écrit : > Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit : >> Package: node-braces >> Severity: important >> Tags: security >> >> Please see https://snyk.io/vuln/npm:braces:20180219 >> >> Patch: >> https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 >> >> Cheers, >> Moritz > > Buster version (2.0.2) seems not easily to patch. It seems that the vulnerable regexp doesn't exist in node-braces 2.0.2. I can't find any exploit to verify this. Could someone help here ?
Bug#924445: pulseaudio crashes randomly, no diagnostic on terminal, possibly associated with Wesnoth
On Tue, 12 Mar 2019 19:33:18 -0700 Joshua wrote: > Package: pulseaudio > Version: 12.2-4 > Severity: important > > Dear Maintainer, > >* What led up to the situation? > > Youtoube sound not playing > >* What exactly did you do (or not do) that was effective (or > ineffective)? > > Restarted pulseaudio and everything that cares about it > > Can be somewhat reliably reproduced by starting Wesnoth, joining a > multiplayer game, cancelling due to > missing add-ons, quitting Wesnoth with the X, then starting Firefox. This > doesn't even make sense. The `pactl info` output indicates that there is an invalid configuration file in /home/joshua/.pulse/client.conf. Could you try removing that, logging out, and logging in again to see if it fixes the problem? -- Regards, Scott Leggett. signature.asc Description: PGP signature
Bug#927953: systemd: user and group files ignored in tmpfiles.d files
* Florian Schmidt [Thu Apr 25, 2019 at 01:29:45PM +0200]: > Package: systemd > Version: 215-17+deb8u12 > Severity: important > it seems the recent security update led to systemd ignoring the user and > group columns in tmpfiles.d files. This immediately leads to postgresql > in the current oldstable version (postgresql-9.4 9.4.21-0+deb8u1, > postgresql-common 165+deb8u3) breaking on reboot. [...] JFYI, this is already known and work in progress, see https://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/2019-April/038787.html regards -mika- signature.asc Description: Digital signature
Bug#920994: [debian-mysql] Bug#920994: Bug#920994: Bug#920994: mariadb-10.3: FTBFS on kfreebsd-amd64
Some solutions have been suggested in downstream issue: https://github.com/facebook/rocksdb/issues/5223 As I focus on the packaging level bugs in MariaDB in Debian, I hope somebody else who knows more about FreeBSD and malloc libraries would produce a patch and test it...
Bug#927953: systemd: user and group files ignored in tmpfiles.d files
Package: systemd Version: 215-17+deb8u12 Severity: important Dear Maintainer, it seems the recent security update led to systemd ignoring the user and group columns in tmpfiles.d files. This immediately leads to postgresql in the current oldstable version (postgresql-9.4 9.4.21-0+deb8u1, postgresql-common 165+deb8u3) breaking on reboot. This is /usr/lib/tmpfiles.d/postgrestql.conf from postgresql-common 165+deb8u3: # Directory for PostgreSQL sockets, lockfiles and stats tempfiles d /var/run/postgresql 2775 postgres postgres - - User and group postgres exist on the system. However, after reboot, /var/run/postgresql has root:root as owner: # stat /var/run/postgresql File: ‘/var/run/postgresql’ Size: 60 Blocks: 0 IO Block: 4096 directory Device: eh/14d Inode: 9690Links: 3 Access: (0775/drwxrwxr-x) Uid: (0/root) Gid: (0/root) Access: 2019-04-25 13:19:45.279148802 +0200 Modify: 2019-04-25 13:19:48.963148802 +0200 Change: 2019-04-25 13:19:48.963148802 +0200 Birth: - This means postgres can't write its lock file in that directory, and fails to start: # systemctl status postgresql@9.4-main.service -l ● postgresql@9.4-main.service - PostgreSQL Cluster 9.4-main Loaded: loaded (/lib/systemd/system/postgresql@.service; disabled) Active: failed (Result: exit-code) since Thu 2019-04-25 13:19:49 CEST; 15s ago Process: 352 ExecStart=postgresql@%i %i start (code=exited, status=1/FAILURE) Apr 25 13:19:49 [server] postgresql@9.4-main[352]: The PostgreSQL server failed to start. Please check the log output: Apr 25 13:19:49 [server] postgresql@9.4-main[352]: 2019-04-25 11:19:49 UTC [390-1] FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied Apr 25 13:19:49 [server] systemd[1]: postgresql@9.4-main.service: control process exited, code=exited status=1 Apr 25 13:19:49 [server] systemd[1]: Failed to start PostgreSQL Cluster 9.4-main. Apr 25 13:19:49 [server] systemd[1]: Unit postgresql@9.4-main.service entered failed state. I wonder whether that has something to do with the following item in the change log: * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. Though protected_hardlinks is on: # cat /proc/sys/fs/protected_hardlinks 1 And a directory can't be hardlinked anyway, so the relationship to that change log entry might be a red herring. -- Package-specific info: -- System Information: Debian Release: 8.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii acl 2.2.52-2 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-59 ii libacl1 2.2.52-2 ii libaudit1 1:2.4-1+b1 ii libblkid1 2.25.2-6 ii libc6 2.19-18+deb8u10 ii libcap2 1:2.24-8 ii libcap2-bin 1:2.24-8 ii libcryptsetup4 2:1.6.6-5 ii libgcrypt20 1.6.3-2+deb8u5 ii libkmod218-3 ii liblzma55.1.1alpha+20120614-2+b3 ii libpam0g1.1.8-3.1+deb8u2+b1 ii libselinux1 2.3-2 ii libsystemd0 215-17+deb8u12 ii mount 2.25.2-6 ii sysv-rc 2.88dsf-59 ii udev215-17+deb8u12 ii util-linux 2.25.2-6 Versions of packages systemd recommends: ii dbus1.8.22-0+deb8u1 pn libpam-systemd Versions of packages systemd suggests: pn systemd-ui -- Configuration Files: /etc/systemd/timesyncd.conf changed [not included] -- no debconf information
Bug#927949: O: fwlogwatch -- analyseur de journaux de pare-feu
Package: wnpp The current maintainer of fwlogwatch, J.S.Junior , is apparently not active anymore. Therefore, I orphan this package now. Maintaining a package requires time and skills. Please only adopt this package if you will have enough time and attention to work on it. If you want to be the new maintainer, please see https://www.debian.org/devel/wnpp/#howto-o for detailed instructions how to adopt a package properly. Some information about this package: Package: fwlogwatch Binary: fwlogwatch Version: 1.4-1 Maintainer: J.S.Junior Build-Depends: zlib1g-dev, debhelper (>= 9), flex, lsb-base (>= 3.2-13) Architecture: any Standards-Version: 3.9.6 Format: 3.0 (quilt) Files: a8560e96d95dd29f2cc98f45e9a6ef07 1740 fwlogwatch_1.4-1.dsc b76bad368ea311677dabb0618ec6c8cf 128431 fwlogwatch_1.4.orig.tar.gz 9c081764cb3d05815972e64e58fb795a 24768 fwlogwatch_1.4-1.debian.tar.xz Checksums-Sha256: 68f0ae7897bddeef787c5a4d51966d12d6776fa260d7ec238e955f8d42cea458 1740 fwlogwatch_1.4-1.dsc 784c667fc4b2cb45a551290aa31e176a98eedf87686e8f45e5e50794aa951c79 128431 fwlogwatch_1.4.orig.tar.gz 8f4d31f48fc785811f92cbad1d2f8211597bb69039bf058bedc6613bd7ae 24768 fwlogwatch_1.4-1.debian.tar.xz Homepage: http://fwlogwatch.inside-security.de/ Package-List: fwlogwatch deb net optional arch=any Directory: pool/main/f/fwlogwatch Priority: source Section: net Package: fwlogwatch Version: 1.4-1 Installed-Size: 474 Maintainer: J.S.Junior Architecture: amd64 Depends: postfix | mail-transport-agent, debconf (>= 1.2.0) | debconf-2.0, rsyslog | system-log-daemon, libc6 (>= 2.15), zlib1g (>= 1:1.1.4) Description-fr: analyseur de journaux de pare-feu Fwlogwatch produit des rapports sommaires de journaux pour ipchains, netfilter/iptables, ipfilter, Cisco IOS et Cisco PIX sous forme textuelle ou HTML, et possède des tas d’options pour trouver et afficher les modèles correspondants dans les tentatives de connexion. Avec les données trouvées, il peut aussi générer des rapports d’incidents à partir de modèles et les expédier aux contacts de sites frauduleux ou des centres de coordination CERT. Enfin, il peut aussi être exécuté comme démon et rapporter les anomalies ou démarrer des contremesures. Description-md5: 9fb0eca840377b5b84c214320b65b9ff Homepage: http://fwlogwatch.inside-security.de/ Tag: interface::daemon, network::server, role::program, security::log-analyzer, use::scanning, works-with::logfile Section: net Priority: optional Filename: pool/main/f/fwlogwatch/fwlogwatch_1.4-1_amd64.deb Size: 151864 MD5sum: eb63f0d3b860ee8978bcbd7b3e735356 SHA256: 9b1e43e3cac3f45164188932cb265c30b4ba54285ac08375fedf1c2ebe006e16 -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#927950: O: mini-httpd -- Small HTTP server
Package: wnpp The current maintainer of mini-httpd, J.S.Junior , is apparently not active anymore. Therefore, I orphan this package now. Maintaining a package requires time and skills. Please only adopt this package if you will have enough time and attention to work on it. If you want to be the new maintainer, please see https://www.debian.org/devel/wnpp/#howto-o for detailed instructions how to adopt a package properly. Some information about this package: Package: mini-httpd Binary: mini-httpd Version: 1.30-0.2 Maintainer: Jose dos Santos Junior Build-Depends: debhelper (>= 9), libssl-dev Architecture: any Standards-Version: 3.9.7 Format: 3.0 (quilt) Files: 5c03f3678a4f48d83f091394fa1624b3 2010 mini-httpd_1.30-0.2.dsc 5b6c820cbc7adbb9a3ec733c997d908a 43889 mini-httpd_1.30.orig.tar.gz 1250b77e54d6eb48e67c94713f5c4430 14708 mini-httpd_1.30-0.2.debian.tar.xz Vcs-Browser: https://salsa.debian.org/debian/mini-httpd Vcs-Git: https://salsa.debian.org/debian/mini-httpd.git Checksums-Sha256: 9ad8231bda19454015c0805f8577d612419edc0f1ee9ff7f44f5562fe667f78c 2010 mini-httpd_1.30-0.2.dsc 9c4481802af8dde2e164062185c279e9274525c3af93d014fdc0b80cf30bca6e 43889 mini-httpd_1.30.orig.tar.gz deae465da61c420ef27ff516c57d6bccdd86d9bacc0f1e5f5e782fb4330a2a83 14708 mini-httpd_1.30-0.2.debian.tar.xz Homepage: http://www.acme.com/software/mini_httpd Dgit: b179588dc075d421c3db3830a40397d66abf5524 debian archive/debian/1.30-0.2 https://git.dgit.debian.org/mini-httpd Package-List: mini-httpd deb web optional arch=any Directory: pool/main/m/mini-httpd Priority: source Section: httpd Package: mini-httpd Version: 1.30-0.2 Installed-Size: 122 Maintainer: Jose dos Santos Junior Architecture: amd64 Provides: httpd, httpd-cgi Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.0) Recommends: apache2-utils Description-en: Small HTTP server mini-httpd implements all basic features of a HTTPD, including: GET,HEAD,POST methods, common MIME types, basic authentication, virtual hosting, CGI, directory listing, trailing-slash redirection, standard logging, custom error pages etc. It also can be configured to do SSL and IPv6. Description-md5: cde209078834de0384dbd9b92617a9e0 Homepage: http://www.acme.com/software/mini_httpd Section: httpd Priority: optional Filename: pool/main/m/mini-httpd/mini-httpd_1.30-0.2_amd64.deb Size: 43584 MD5sum: d0939a8cf3d0690cb3fd9210ed6c49fa SHA256: 54f6d2b8153e4477215a562db77effc6e7a030254c204e8432efad60d1892a92 -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#927951: O: openresolv -- management framework for resolv.conf
Package: wnpp The current maintainer of openresolv, J.S.Junior , is apparently not active anymore. Therefore, I orphan this package now. Maintaining a package requires time and skills. Please only adopt this package if you will have enough time and attention to work on it. If you want to be the new maintainer, please see https://www.debian.org/devel/wnpp/#howto-o for detailed instructions how to adopt a package properly. Some information about this package: Package: openresolv Binary: openresolv Version: 3.8.0-1 Maintainer: Jose dos Santos Junior Build-Depends: debhelper (>= 9) Architecture: any Standards-Version: 3.9.7 Format: 3.0 (quilt) Files: 08668d9d05338ebff9072e0c1d55ec07 1872 openresolv_3.8.0-1.dsc 8eead6f2ee873f8d11f13af47e09e3a0 18388 openresolv_3.8.0.orig.tar.xz 9015c25a3ce920558ed53a34d73d6e09 4808 openresolv_3.8.0-1.debian.tar.xz Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/openresolv.git Vcs-Git: https://anonscm.debian.org/git/collab-maint/openresolv.git Checksums-Sha256: 33fa68fe2a97177e76a5a0078e8091bf02ad75b475f8b3bf80bddf708029b157 1872 openresolv_3.8.0-1.dsc cf1c3c6fd6f54806808262e8a57cdf4f81fde0add782c0bccfa22f49a9d589bd 18388 openresolv_3.8.0.orig.tar.xz e859244d38ed15dfb6acf64172dc585f7e59b4eb809b044e0fc54bd994e52474 4808 openresolv_3.8.0-1.debian.tar.xz Homepage: http://roy.marples.name/projects/openresolv/home Package-List: openresolv deb net optional arch=any Directory: pool/main/o/openresolv Priority: source Section: net Package: openresolv Version: 3.8.0-1 Installed-Size: 91 Maintainer: Jose dos Santos Junior Architecture: amd64 Provides: resolvconf Conflicts: resolvconf Description-en: management framework for resolv.conf Allows multiple daemons to manage resolv.conf and configures local resolvers such as dnsmasq and unbound. . This package may require some manual configuration. Please read resolvconf(8) and resolvconf.conf(5) for detailed instructions. Description-md5: 6e7537951e253b4f50975d1c54aa3407 Homepage: http://roy.marples.name/projects/openresolv/home Section: net Priority: optional Filename: pool/main/o/openresolv/openresolv_3.8.0-1_amd64.deb Size: 22870 MD5sum: 9952e73dc41bdfe83d5373d4d74418b2 SHA256: 408e1b1d0cf2f0f03fa212060ac7a711ebc24255e488ba38d9e7f884e212e21a -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Bug#927952: duply: ssh connection fails when known_hosts doesn't exists
Package: duply Version: 1.11.3-1 Severity: normal Dear Maintainer, On a freshly installed stretch server, on first run, when using ssh, duply (or a dependency) fails if file known_hosts doesn't exist. I expected duply to create the file if it's missing. A simple work around is to connect using ssh first, so that the file is created. Here are the log: $ duply hostname status Start duply v1.11.3, time is 2019-04-25 09:46:42. Using profile '/root/.duply/hostname'. Using installed duplicity version 0.7.11, python 2.7.13, gpg 2.1.18 (Home: /root/.gnupg), awk 'mawk 1.3.3 Nov 1996, Copyright (C) Michael D. Brennan', grep 'grep (GNU grep) 2.27', bash '4.4.12(1)-release (x86_64-pc-linux-gnu)'. Autoset found secret key of first GPG_KEY entry '785A86B399C9BD78' for signing. Checking TEMP_DIR '/tmp' is a folder and writable (OK) Test - Encrypt to '785A86B399C9BD78' & Sign with '785A86B399C9BD78' (OK) Test - Decrypt (OK) Test - Compare (OK) Cleanup - Delete '/tmp/duply.9853.1556185603_*'(OK) Backup PUB key '785A86B399C9BD78' to profile. (OK) Write file 'gpgkey.785A86B399C9BD78.pub.asc' (OK) Backup SEC key '785A86B399C9BD78' to profile. (OK) Write file 'gpgkey.785A86B399C9BD78.sec.asc' (OK) INFO: duply exported new keys to your profile. You should backup your changed profile folder now and store it in a safe place. --- Start running command STATUS at 09:46:43.401 --- The authenticity of host 'ouqo6z3ijgz7sn7k.onion' can't be established. SSH-RSA key fingerprint is ce:2c:7d:15:8a:d0:ea:86:8c:fe:e9:cc:7d:c1:8d:f8. Are you sure you want to continue connecting (yes/no)? yes BackendException: ssh connection to u...@mybackupserver.com:22 failed: [Errno 2] No such file or directory: '/root/.ssh/known_hosts' 09:46:54.361 Task 'STATUS' failed with exit code '23'. --- Finished state FAILED 'code 23' at 09:46:54.361 - Runtime 00:00:10.959 --- -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages duply depends on: ii duplicity 0.7.11-1 ii gnupg 2.1.18-8~deb9u4 duply recommends no packages. Versions of packages duply suggests: ii openssh-client 1:7.4p1-10+deb9u6 -- no debconf information
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Am 25.04.19 um 12:24 schrieb Norbert Preining: > Hi > >> From v228 >> https://github.com/systemd/systemd/blob/master/NEWS#L3926 > >> From v209 >> https://github.com/systemd/systemd/blob/master/NEWS#L6855 > > Ok, but the documentation o freedesktop.org and the man pages do not > mention that, and in fact mention the contrary ... The man pages say that %h and %u are resolved to the root user if you are using the system instance (PID 1). That is consistent with the behaviour you are getting. If I missed a part which mentions the contrary, could you quote the relevant bits from the documentation, so it can be fixed? That said, I do acknowledge that the systemd.unit(5) man page could be clearer what effect it has on %h and %u when setting `User=` when Which is why I filed the upstream bug report. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#924616: RFT and RFC: Updates for evolution{,-data-server}
Hi Jonas
[Adding security team alias, as debian-lts is not followed
automatically]
On Wed, Apr 24, 2019 at 11:08:44AM +0200, Jonas Meurer wrote:
> Hello,
>
> The last days, I spent quite some hours on backporting and debugging
> patches for CVE-2018-15587 (Signature Spoofing in PGP encrypted email)
> to evolution and evolution-data-server packages for Jessie LTS.
>
> One problem is that the scope of CVE-2018-15587 is a bit blurry. While
> the CVE description speaks specifically about the possibility to craft
> emails in a way that they spuriously appear to be *signed* - a
> vulnerability that got revealed in the aftermath of SigSpoof - the
> corresponding bugreports link to several related OpenPGP weaknesses in
> evolution{-data-server}.
[...]
You are right that the CVE is specifically for the signature spoofing
issue. It's still not fully clear, but I think it is best to stick to
that. This is the reason I yesterday reverted my previous f6f251cff480
("Track evolution-data-server under CVE-2018-15587 and add upstream
references")[1] following the reasoning, in 34c907a0fb48[2] ("Do not
track evolution-data-server under CVE-2018-15587").
[1]
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6f251cff4801a452acddc3256bbb77e8e4050b8
[2]
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c907a0fb48667022f6b16fef327318a8f1ada8
If at all, but I expect not at the moment, the issues related to
emails to appear to be encrypted issue, will recieve a CVE we can
start track those in the tracker. As well for the other source
packages if they arise.
OTOH at least some other distros seem to relate the CVE to the
secondary issues as well. But I think the strict interpetation of the
CVE assignment is as you outlined.
Regards,
Salvatore
Bug#927722: Correct fix for this bug
On 4/25/19 12:49 PM, Thomas Goirand wrote: > Hi, > > Please fine attached to this message the *CORRECT* debdiff to fix it. > I've uploaded it to DELAYED/7 (after dcuting the wrong package...). Let > me know if you think it's still wrong and I should still dcut it... > LGTM
Bug#927722: Correct fix for this bug
Hi, Please fine attached to this message the *CORRECT* debdiff to fix it. I've uploaded it to DELAYED/7 (after dcuting the wrong package...). Let me know if you think it's still wrong and I should still dcut it... Cheers, Thomas Goirand (zigo) diff -Nru ipset-6.38/debian/changelog ipset-6.38/debian/changelog --- ipset-6.38/debian/changelog 2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/changelog 2019-04-25 11:37:45.0 +0200 @@ -1,3 +1,11 @@ +ipset (6.38-1.1) unstable; urgency=medium + + * Non maintainer upload. + * use dpkg-maintscript-helper rm_conffile to clean up old bash-completion +file in /etc (Closes: #927722). + + -- Cyril de Bourgues Thu, 25 Apr 2019 11:37:45 +0200 + ipset (6.38-1) unstable; urgency=medium * [b80dcfb] New upstream version 6.38 (Closes: #898851) diff -Nru ipset-6.38/debian/ipset.postinst ipset-6.38/debian/ipset.postinst --- ipset-6.38/debian/ipset.postinst2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/ipset.postinst2019-04-25 11:37:45.0 +0200 @@ -3,9 +3,7 @@ set -e # Cleanup obsoleted bash completion configuration file -if [ -f /etc/bash_completion.d/ipset ]; then - rm -f /etc/bash_completion.d/ipset -fi +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" #DEBHELPER# diff -Nru ipset-6.38/debian/ipset.postrm ipset-6.38/debian/ipset.postrm --- ipset-6.38/debian/ipset.postrm 1970-01-01 01:00:00.0 +0100 +++ ipset-6.38/debian/ipset.postrm 2019-04-25 11:37:45.0 +0200 @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru ipset-6.38/debian/ipset.preinst ipset-6.38/debian/ipset.preinst --- ipset-6.38/debian/ipset.preinst 1970-01-01 01:00:00.0 +0100 +++ ipset-6.38/debian/ipset.preinst 2019-04-25 11:37:45.0 +0200 @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ ipset -- "$@" + +#DEBHELPER# + +exit 0
Bug#927922: SSL error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Control: retitle 900984 w3m: SSL error: wrong signature type Control: retitle -1 w3m: SSL error: unsupported protocol Thanks, -- Tatsuya Kinoshita
Bug#927948: xwayland: GPU hang on OpenGL apps with Wayland
Package: xwayland Version: 2:1.20.3-1 Severity: important Dear Maintainer, I'm using Debian testing (buster) and face random crashes when using OpenGL apps. Those occur often after only a few minutes. The display freezes (keeping the picture of the last rendered frame) and I have no choice than to force reboot the computer. I recently found that this behavior occur when using a Gnome/Wayland session but not with the oldschool Gnome/Xorg session. So there is a clue here. I have no other display issue with Gnome/Wayland for daily use. I use Firefox to browse the web and play Youtube videos without any issue. I have an AMD R580 GPU. I can reproduce the crashes easily on my machine. I can reproduce the crashes with many 3D apps. Tell me how I can produce the log files you need to investigate. (I'm not an expert in the display stack) -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8), LANGUAGE=fr_BE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xwayland depends on: ii libaudit1 1:2.8.4-2 ii libbsd0 0.9.1-2 ii libc6 2.28-8 ii libdrm2 2.4.97-1 ii libegl1 1.1.0-1 ii libepoxy0 1.5.3-0.1 ii libgbm1 18.3.4-2 ii libgcrypt20 1.8.4-5 ii libgl1 1.1.0-1 ii libpixman-1-0 0.36.0-1 ii libselinux1 2.8-1+b1 ii libsystemd0 241-3 ii libunwind8 1.2.1-9 ii libwayland-client0 1.16.0-1 ii libxau6 1:1.0.8-1+b2 ii libxdmcp6 1:1.1.2-3 ii libxfont2 1:2.0.3-1 ii libxshmfence1 1.3-1 ii xserver-common 2:1.20.3-1 xwayland recommends no packages. xwayland suggests no packages. -- no debconf information
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Hi > From v228 > https://github.com/systemd/systemd/blob/master/NEWS#L3926 > From v209 > https://github.com/systemd/systemd/blob/master/NEWS#L6855 Ok, but the documentation o freedesktop.org and the man pages do not mention that, and in fact mention the contrary ... Nobody is supposed to wade through old NEWS, right? > Thanks. So with the above, what you should get is that %h is resolved to > /root, as you run that service as a system service. Or is %h not > expanded at all? No, it was expanded to "/" Apr 25 08:40:46 bulldog systemd[1]: Started OneDrive Free Client for norbert. Apr 25 08:40:46 bulldog onedrive[17137]: std.file.FileException@std/file.d(3011): //.config: Permission denied so %h/.config -> //.config Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#927922: SSL error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Control: severity 900984 wishlist Control: severity -1 wishlist On April 25, 2019 at 11:47AM +0800, jidanni (at jidanni.org) wrote: > Lynx, chromium work fine. > $ w3m > https://branch.taipower.com.tw/content/Messagess/Contents.aspx?SiteID=564732602442427467=564732602561157543=564734220745242356 > SSL error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported > protocol The site seems offer TLS 1.0, disabled by default in /etc/ssl/openssl.cnf, so downgrading MinProtocol from TLSv1.2 to TLSv1 is a workaround. ```:/etc/ssl/openssl.cnf MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1 ``` cf. https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1 /usr/share/doc/libssl1.1/NEWS.Debian.gz Thanks, -- Tatsuya Kinoshita
Bug#927722: Fixing the changelog entry
Woops, I'm fixing the bad changelog entry (ie: dcut, rebuild and reupload). Sorry for this. Cheers, Thomas Goirand (zigo)
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Am 25.04.19 um 11:33 schrieb Michael Biebl: > Am 25.04.19 um 11:28 schrieb Michael Biebl: >> Thanks. So with the above, what you should get is that %h is resolved to >> /root, as you run that service as a system service. Or is %h not >> expanded at all? > > Actually, I think systemd resolves %h for PID 1 to '/'. Would need to > double check though. > Re-reading the systemd.unit man page, it says for %u and %h that it resolves to the root user for the systemd manager instance. While this correctly describes the behaviour, it could be a bit clearer, documenting that setting `User=` has no effect. I've filed https://github.com/systemd/systemd/issues/12389 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#927722: [pkg-netfilter-team] Bug#927722: Uploaded to delayed/7
On 4/25/19 11:44 AM, Thomas Goirand wrote: > Hi, > > I've uploaded the fix to DELAYED/7. Debdiff attached. > Let me know if I should dcut rm the upload. > > Cheers, > LGTM
Bug#927722: Uploaded to delayed/7
Hi, I've uploaded the fix to DELAYED/7. Debdiff attached. Let me know if I should dcut rm the upload. Cheers, Thomas Goirand (zigo) diff -Nru ipset-6.38/debian/changelog ipset-6.38/debian/changelog --- ipset-6.38/debian/changelog 2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/changelog 2019-04-25 11:37:45.0 +0200 @@ -1,3 +1,11 @@ +ipset (6.38-1.1) unstable; urgency=medium + + * Non maintainer upload. + * use dpkg-maintscript-helper rm_conffile to clean up old bash-completion +file in /etc (Closes: #927722). + + -- Cyril de Bourgues Thu, 25 Apr 2019 11:37:45 +0200 + ipset (6.38-1) unstable; urgency=medium * [b80dcfb] New upstream version 6.38 (Closes: #898851) @@ -17,7 +25,7 @@ * Add patch to fix ipset bash completion on bash (>= 4.4.18) Thanks to Martin Großhauser for the patch - -- Neutron Soutmun Sun, 02 Sep 2018 00:28:18 +0700 + -- Thomas Goirand Thu, 25 Apr 2019 11:37:01 +0200 ipset (6.34-1) unstable; urgency=medium diff -Nru ipset-6.38/debian/ipset.postinst ipset-6.38/debian/ipset.postinst --- ipset-6.38/debian/ipset.postinst2018-09-01 19:28:18.0 +0200 +++ ipset-6.38/debian/ipset.postinst2019-04-25 11:35:11.0 +0200 @@ -4,7 +4,7 @@ # Cleanup obsoleted bash completion configuration file if [ -f /etc/bash_completion.d/ipset ]; then - rm -f /etc/bash_completion.d/ipset + dpkg-maintscript-helper rm_conffile conffile 6.25.1-1~ ipset -- "$@" fi #DEBHELPER#
Bug#927946: python-audit: SWIG-related type errors render module unusable
Dear Maintainer, the following patch fixes the problem for me, tested locally. Please consider applying it. Cheers, Chris --- audit-2.8.4.orig/bindings/swig/src/auditswig.i +++ audit-2.8.4/bindings/swig/src/auditswig.i @@ -41,6 +41,6 @@ typedef unsigned __u32; typedef unsigned uid_t; %include "/usr/include/linux/audit.h" #define __extension__ /*nothing*/ -%include "/usr/include/stdint.h" +%include %include "../lib/libaudit.h"
Bug#927463: wpa: EAP-pwd message reassembly issue with unexpected fragment
Hi, On Sat, 20 Apr 2019 at 08:15, Salvatore Bonaccorso wrote: > Hi > > From [1] > > > EAP-pwd message reassembly issue with unexpected fragment > > > > Published: April 18, 2019 > > Latest version available from: https://w1.fi/security/2019-5/ Thanks for filing the bug. I was aware of this issue but since I was about to leave for a holiday, I did nothing on that front :) I will address it tomorrow. -- Cheers, Andrej
Bug#924659: ITP: fossology -- FOSSology is an open source license compliance software system and toolkit.
Hi, On Thu, 25 Apr 2019 14:44:08 +0530 Gaurav Mishra wrote: > Thanks for the support. I have created public repository just for the > purpose of Debian packaging on salsa.debian.org. > > Here is the link: https://salsa.debian.org/fossology-team/fossology Thanks, I'll ask to join to it, and send MergeRequest :) Some quick questions - It allows to depend on php5, is it intended one? - Upstream has debian directory but it may cause some trouble. Debian packaging should be updated in salsa (every Debian developers has a right to commit), but it may conflict to upstream. I suggest upstream to remove debian directory on master branch, and suggest you to create branch like debian/sid and do packaging stuff on it. - And...why not update debian/copyright! :) -- Hideki Yamane
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Am 25.04.19 um 11:28 schrieb Michael Biebl: > Thanks. So with the above, what you should get is that %h is resolved to > /root, as you run that service as a system service. Or is %h not > expanded at all? Actually, I think systemd resolves %h for PID 1 to '/'. Would need to double check though. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Am 25.04.19 um 11:09 schrieb Norbert Preining: > Hi Michael, > > On Thu, 25 Apr 2019, Michael Biebl wrote: >> Looks like a duplicate of >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868269 > > Indeed. Interesting that systemd changed the behaviour but it is not > documented ... (well ... we know). > Well, there are the following paragraphs from the systemd NEWS file From v228 https://github.com/systemd/systemd/blob/master/NEWS#L3926 * In unit files the behaviour of %u, %U, %h, %s has changed. These specifiers will now unconditionally resolve to the various user database fields of the user that the systemd instance is running as, instead of the user configured in the specific unit via User=. Note that this effectively doesn't change much, as resolving of these specifiers was already turned off in the --system instance of systemd, as we cannot do NSS lookups from PID 1. In the --user instance of systemd these specifiers where correctly resolved, but hardly made any sense, since the user instance lacks privileges to do user switches anyway, and User= is hence useless. Moreover, even in the --user instance of systemd behaviour was awkward as it would only take settings from User= assignment placed before the specifier into account. In order to unify and simplify the logic around this the specifiers will now always resolve to the credentials of the user invoking the manager (which in case of PID 1 is the root user). From v209 https://github.com/systemd/systemd/blob/master/NEWS#L6855 * %h, %s, %U specifier support is not available anymore when used in unit files for PID 1. This is because NSS calls are not safe from PID 1. They stay available for --user instances of systemd, and as special case for the root user. >> Can you attach the full .service file please. > > Here is the .in version that is then configure-d into the .service file Thanks. So with the above, what you should get is that %h is resolved to /root, as you run that service as a system service. Or is %h not expanded at all? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#927946: python-audit: SWIG-related type errors render module unusable
Package: python-audit Version: 1:2.8.4-2 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, The following operations fail due to a SWIG-related type error: ``` % sudo python Python 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import audit >>> fd = audit.audit_open() >>> audit.audit_set_enabled(fd, 1) Traceback (most recent call last): File "", line 1, in TypeError: in method 'audit_set_enabled', argument 2 of type 'uint32_t' >>> ``` Relevant discussion: http://swig.10945.n7.nabble.com/SWIG-vs-uint32-t-td15045.html Best regards, Michael -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-audit depends on: ii libaudit11:2.8.4-2 ii libauparse0 1:2.8.4-2 ii libc62.28-8 ii python 2.7.16-1 python-audit recommends no packages. python-audit suggests no packages. -- no debconf information signature.asc Description: Digital signature
Bug#924659: ITP: fossology -- FOSSology is an open source license compliance software system and toolkit.
Hello Hideki, Thanks for the support. I have created public repository just for the purpose of Debian packaging on salsa.debian.org. Here is the link: https://salsa.debian.org/fossology-team/fossology Thanks and regards, Gaurav Mishra On Thu, 25 Apr 2019 at 14:33, Hideki Yamane wrote: > Hi, > > On Mon, 18 Mar 2019 12:09:39 +0530 > Gaurav Mishra wrote: > > Thank you for the pointers. I will follow it and create a RFS following > the > > same. > > Just curious, is there any public repository for the packaging? > If not, I'll create it on salsa.debian.org. > > > -- > Hideki Yamane >
Bug#926634: Delays opening dialogs, possibly related to defunct fc-list process
Hey, sorry for the lack of engagement on my part. I've been travelling and on family holidays. I won't be back to the machine that had the problem until July, but I've made a note to specifically verify this bug fix then. Thanks a lot — as always — for your fast turnaround! -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems "being shot is not as bad as i always thought it might be. as long as you can keep the fear from your mind." -- special agent dale cooper digital_signature_gpg.asc Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#926915: RFS: fossology/3.5.0-1 [ITP] -- OSS license compliance tool
Hello, I have updated the dependencies and made them specific to Debian Stretch. I have also tested the same using pbuilder. Can you please check again? With best regards, Gaurav Mishra -Original Message- From: Adam Borowski Sent: 15 April 2019 13:00 To: Mishra, Gaurav (IOT DS AA DTS CNP CT) ; 926...@bugs.debian.org Subject: Re: Bug#926915: RFS: fossology/3.5.0-1 [ITP] -- OSS license compliance tool On Mon, Apr 15, 2019 at 11:45:31AM +0500, Andrey Rahmatullin wrote: > On Mon, Apr 15, 2019 at 06:40:41AM +, Mishra, Gaurav wrote: > > FOSSology currently supports Debian Jessie and Stretch both. And Jessie > > still have a year left to meet its end of life that is the reason we still > > support it. And that is the reason php5-cli is still there. > Please keep in the official packages only stuff needed by the official > packages. > You will need to maintain a separate changelog anyway. On the other hand, if the official package has a priority, I don't see a problem with having support for unofficial/other distro/etc stuff. > > And for Stretch, we have added the regex `php5-cli|php7.0-cli|php7.2-cli` > > in the control file. > It's not a regex. And only the first alternative is considered by the > official buildds. For the ease of backports, you can have other alternatives later -- but official buildds indeed use only the first listed one. This is done to ensure consistent packages during a transition. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Did ya know that typing "test -j8" instead of "ctest -j8" ⢿⡄⠘⠷⠚⠋⠀ will make your testsuite pass much faster, and fix bugs? ⠈⠳⣄
Bug#610839: New Email Address
Hello, Thank you for contacting the Good Food Foundation! This email address is no longer active. Please contact us at conn...@goodfoodfdn.org and update your records to reflect the change. All the best, The Good Food Foundation Team
Bug#927947: tripwire: default config for /var/log is SEC_CONFIG, should probably be SEC_LOG
Package: tripwire
Version: 2.4.3.1-2+b4
Severity: normal
Tags: newcomer
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
Daily tripwire emails reported modifications of log files. Of course log files
are modified.
Closer look at /etc/tripwire/twpol.txt revealed that /var/log WAS setup to use
SEC_CONFIG definition
and not better fitting SEC_LOG definition. This setup is probably the default
in debian stretch, and
I dont think it should be.
Simply changing the definition in the line containing /var/log to SEC_LOG made
daily tripwire emails
much shorter
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8),
LANGUAGE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages tripwire depends on:
ii debconf [debconf-2.0] 1.5.61
ii exim4-daemon-light [mail-transport-agent] 4.89-2+deb9u3
tripwire recommends no packages.
tripwire suggests no packages.
-- Configuration Files:
/etc/tripwire/twpol.txt changed:
@@section GLOBAL
TWBIN = /usr/sbin;
TWETC = /etc/tripwire;
TWVAR = /var/lib/tripwire;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_BIN = $(ReadOnly) ;# Binaries that should not change
SEC_CONFIG= $(Dynamic) ; # Config files that are changed
# infrequently but accessed
# often
SEC_LOG = $(Growing) ; # Files that grow, but that
# should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never
# change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of
# minimal security impact
SIG_MED = 66 ; # Non-critical files that are of
# significant security impact
SIG_HI= 100 ;# Critical files that are
# significant points of
# vulnerability
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen -> $(SEC_BIN) ;
$(TWBIN)/tripwire -> $(SEC_BIN) ;
$(TWBIN)/twadmin-> $(SEC_BIN) ;
$(TWBIN)/twprint-> $(SEC_BIN) ;
}
(
rulename = "Tripwire Data Files",
severity = $(SIG_HI)
)
{
$(TWVAR)/$(HOSTNAME).twd-> $(SEC_CONFIG) -i ;
$(TWETC)/tw.pol -> $(SEC_BIN) -i ;
$(TWETC)/tw.cfg -> $(SEC_BIN) -i ;
$(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
$(TWETC)/site.key -> $(SEC_BIN) ;
#don't scan the individual reports
$(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ;
}
(
rulename = "Critical system boot files",
severity = $(SIG_HI)
)
{
/boot -> $(SEC_CRIT) ;
/lib/modules-> $(SEC_CRIT) ;
}
(
rulename = "Boot Scripts",
severity = $(SIG_HI)
)
{
/etc/init.d -> $(SEC_BIN) ;
/etc/rcS.d -> $(SEC_BIN) ;
/etc/rc0.d -> $(SEC_BIN) ;
/etc/rc1.d -> $(SEC_BIN) ;
/etc/rc2.d -> $(SEC_BIN) ;
/etc/rc3.d -> $(SEC_BIN) ;
/etc/rc4.d -> $(SEC_BIN) ;
/etc/rc5.d -> $(SEC_BIN) ;
/etc/rc6.d -> $(SEC_BIN) ;
}
(
rulename = "Root file-system executables",
severity = $(SIG_HI)
)
{
/bin-> $(SEC_BIN) ;
/sbin -> $(SEC_BIN) ;
}
(
rulename = "Root file-system libraries",
severity = $(SIG_HI)
)
{
/lib-> $(SEC_BIN) ;
}
(
rulename = "Security Control",
severity = $(SIG_MED)
)
{
/etc/passwd -> $(SEC_CONFIG) ;
/etc/shadow -> $(SEC_CONFIG) ;
}
(
rulename = "System boot changes",
severity = $(SIG_HI)
)
{
/var/lock -> $(SEC_CONFIG) ;
/var/run-> $(SEC_CONFIG) ; # daemon PIDs
/var/log-> $(SEC_LOG) ;
}
(
rulename = "Root config files",
severity = 100
)
{
/root -> $(SEC_CRIT) ; # Catch all additions
to /root
/root/.bashrc -> $(SEC_CONFIG) ;
/root/.bash_history -> $(SEC_CONFIG) ;
}
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev-> $(Device) ;
}
(
rulename = "Other configuration files",
severity =
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Hi Michael, On Thu, 25 Apr 2019, Michael Biebl wrote: > Looks like a duplicate of > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868269 Indeed. Interesting that systemd changed the behaviour but it is not documented ... (well ... we know). > Can you attach the full .service file please. Here is the .in version that is then configure-d into the .service file - [Unit] Description=OneDrive Free Client for %i Documentation=https://github.com/abraunegg/onedrive After=network-online.target Wants=network-online.target [Service] ExecStart=@prefix@/bin/onedrive --monitor --confdir=%h/.config/onedrive User=%i Group=users Restart=on-failure RestartSec=3 [Install] WantedBy=multi-user.target -- Best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#927938: openscap: Can't parse recent Debian OVAL files
Additional information: How to reproduce (on Debian Stretch): sudo apt update sudo apt install libopenscap8 wget https://www.debian.org/security/oval/oval-definitions-stretch.xml oscap oval eval oval-definitions-stretch.xml this produces the error: OpenSCAP Error: Schema file not found when trying to validate 'oval-definitions-stretch.xml' [../../../src/source/validate.c:243] Invalid OVAL Definition (5.11.2) content in oval-definitions-stretch.xml. [../../../src/source/oscap_source.c:316] Maybe it is possible to backport libopenscap8 to Stretch, as the newer version 1.2.16-2+b2 in Buster is aware of the new Schema. -- *Joerg Kuenstner* Software Project Leader Roche Diagnostics International AG SIS, Dia Common Assets, OS-Engineering, DSXCL Erlenring 2 Room Er2-02-131 Forrenstrasse 2 CH-6343 Rotkreuz Switzerland Office+41 - 41 - 79 85640 Fax +41 - 41 - 79 87721 Cellular +41 - 79 - 79 88480 joerg.kuenst...@roche.com www.roche-rotkreuz.com
Bug#927945: RFP: prometheus-ipmi-exporter -- Exports IPMI data for consumption by Prometheus
Package: wnpp Severity: wishlist * Package name: prometheus-ipmi-exporter Version : 11f380924f70eb6469bb2fb18de1fb70d6dc0477 Upstream Author : SoundCloud Ltd., Conrad Hoffmann, Björn Rabenstein, Jarred Trainor, René Treffer, Yuyin Yang * URL : https://github.com/soundcloud/ipmi_exporter * License : MIT Programming Lang: Go Description : Exports IPMI data for consumption by Prometheus This is an IPMI exporter for Prometheus. It complements the existing prometheus-node-exporter Debian package (that is, one would run both on physical - non-VM - machines). This allows Prometheus to monitor important metrics such as temperatures, power consumption, fan speeds, voltages and other sensor data. On some systems BMC data such as firmware version will also be made available. The maintainwers have not provided release tags in their Git repository, which is why a git commit appears at "Version:" above. The exporter relies on tools from the FreeIPMI suite for the actual IPMI implementation. The package requires go-1.10+ in order to build since it uses strings.Builder. A patch to replace this with fmt.Sprintf and string joining would be trivial and allow the code to build with go-1.7 on Debian stretch. There is an alternative choice of IPMI exporter (also with no Debian package) at https://github.com/lovoo/ipmi_exporter. I'm not certain about whether there is a relationship between the two packages.
Bug#924659: ITP: fossology -- FOSSology is an open source license compliance software system and toolkit.
Hi, On Mon, 18 Mar 2019 12:09:39 +0530 Gaurav Mishra wrote: > Thank you for the pointers. I will follow it and create a RFS following the > same. Just curious, is there any public repository for the packaging? If not, I'll create it on salsa.debian.org. -- Hideki Yamane
Bug#927943: libxmlada: FTBFS with unicode-data >= 12.0.0
Source: libxmlada Version: 18-3 Severity: serious Justification: Policy 4.2 unicode-data 12.0.0 is now in unstable/testing (Buster). libxmlada FTBFS with this: raised SYSTEM.ASSERTIONS.ASSERT_FAILURE : file name too long: Egyptian_Hieroglyph_Format_Controls make[1]: *** [debian/rules:83: unicode/unicode-names-basic_latin.ads] Error 1 make[1]: Leaving directory '/tmp/libxmlada-18' regards Alastair McKinstry -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927911: systemd: Does not expand %h identifier in ExecStart
Am 25.04.19 um 01:55 schrieb Norbert Preining: > Package: systemd > Version: 241-3 > Severity: important > > Hi > > it seems that the documentation of systemd is incorrect, or incomplete, > as it states that > suffix. In the unit file itself, the instance parameter may be referred > to using "%i" and other > specifiers, see below. > (man page of systemd.unit) > and down there %h is listed as home directory of the user. > > We use a systemd unit file that has onedrive@.service > ExecStart=/usr/bin/onedrive --monitor > --confdir=/home/%i/.config/onedrive > which works as expected. But the moment I change it to > ExecStart=/usr/bin/onedrive --monitor --confdir=%h/.config/onedrive > it breaks because %h is not expanded. Looks like a duplicate of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868269 Can you attach the full .service file please. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#927944: node-unicode-data: FTBFS with unicode-data >= 12.0.0
Source: node-unicode-data Version: 0~20181101+gitaddfb440-1 Severity: serious Justification: Policy 4.2 node-unicode-data FTBFS with unicode-data 12.0.0 and needs to be updated. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927942: gucharmap: FTBFS with unicode-data >= 12
Source: gucharmap
Version: 1:11.0.3-2
Severity: serious
Justification: Policy 4.2
unicode-data 12.0.0 is now in unstable/testing (Buster).
gucharmap FTBFS with this;
In file included from gucharmap-unicode-info.c:33:
unicode-versions.h:331:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_0’ undeclared
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_11_0’?
331 | { 0x0C77, 0x0C77, GUCHARMAP_UNICODE_VERSION_12_0 },
| ^~
| GUCHARMAP_UNICODE_VERSION_11_0
unicode-versions.h:863:21: error: ‘GUCHARMAP_UNICODE_VERSION_12_1’ undeclared
here (not in a function); did you mean ‘GUCHARMAP_UNICODE_VERSION_2_1’?
863 | { 0x32FF, 0x32FF, GUCHARMAP_UNICODE_VERSION_12_1 },
| ^~
| GUCHARMAP_UNICODE_VERSION_2_1
regards
Alastair McKinstry
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to
en_IE.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Bug#897993: random black flickering
On 2019-04-25 1:35 a.m., Eduard Bloch wrote: > On Mon, 7 May 2018 12:15:37 +0200 =?UTF-8?Q?Michel_D=c3=a4nzer?= > wrote: >> On 2018-05-05 04:20 PM, Eduard Bloch wrote: >>> Package: xserver-xorg-video-amdgpu >>> Version: 18.0.1-1 >>> Severity: normal >>> >>> Hello, >>> >>> my card (cheaper version of Rx560) has been working quite well for months. >>> But I made a dist-upgrade a few weeks ago and since then I see strange >>> flickering happening every few minutes, sometimes even multiple times >>> per minute. Feels like a quick insertion of a black frame. Maybe a >>> silent GPU reset or something? >>> >>> It seems to happen more often when mouse is moving and/or Firefox is >>> active. First I suspected the application where I saw it most in the >>> first days (another web browser) but now I see this happen from time to >>> time with other applications, like the gvim window I see in front of me >>> right now. >>> >>> First I attribute this to the amdgpu.dc=1 kernel option which I have set >>> for testing purposes before, but removing it did not change the >>> behavior. >> >> That's because DC is enabled by default for you, you need amdgpu.dc=0 to >> disable it. This is a DC issue which is fixed in current 4.16.y upstream. > > Hi, > > not sure this was the issue or maybe the root cause is somewhere else. > I got my graphics card replaced in the meantime (now a RX580) and the > problem still appears, although less frequent. I can reproduce it well > when screen config is set to 2560x1440 and 75Hz, latest Sid version of > xserver-xorg-video-amdgpu. Which kernel version? Have you tried disabling DC? > And the temporarily visible overlay looks more like garbage (i.e. it > feels like a quick GPU restart). A GPU reset would take more time, and would likely leave your session unusable without at least restarting Xorg. > The flickering is much less disturbing if the moved window is a simple > one, like xterm, so it might have some connection to the drawing > performance? It might be related to GPU load, e.g. to the GPU memory clock being changed dynamically. You could try if forcing the clock to a certain value avoids the problem. -- Earthling Michel Dänzer | https://www.amd.com Libre software enthusiast | Mesa and X developer
Bug#927852: Info received (Bug#927852: Acknowledgement (xwayland: GNOME Shell crashes after connecting ThinkPad Thunderbolt 3 Dock Gen 2 via Thunderbolt to a Lenovo T470))
On 2019-04-25 9:16 a.m., - wrote: > This morning I applied all available updates, did a reboot, waited ~10 > sec and then connected the dock. Monitor arrangement was fine and GNOME > Shell did not crash. > But this time Chromium was not responding correctly (e.g. right click > to open a folder from the bookmarks in incognito window) and then > finally just crashed and closed. > > There are two interesting parts in the log I think. > > First one is after bolt started > > " > ... > Apr 25 08:46:11 debian-t470 boltd[1708]: bolt 0.7 starting up. > Apr 25 08:46:11 debian-t470 boltd[1708]: config: loading user config > Apr 25 08:46:11 debian-t470 boltd[1708]: bouncer: initializing polkit > Apr 25 08:46:11 debian-t470 boltd[1708]: udev: initializing udev > ... > Apr 25 08:46:16 debian-t470 gnome-session-binary[837]: WARNING: > Application 'org.gnome.SettingsDaemon.A11ySettings.desktop' killed by > signal 15 > [...] Signal 15 is SIGTERM, so this looks like something terminates a lot (most / all?) of processes in your session. Maybe Xwayland is another victim of that. There is no evidence here of anything going wrong in Xwayland itself. -- Earthling Michel Dänzer | https://www.amd.com Libre software enthusiast | Mesa and X developer
Bug#927941: utf8proc: FTBFS with unicode-data >= 12.0.0
Source: utf8proc Version: 2.2.0-1 Severity: serious Justification: Policy 4.2 unicode-data 12.0.0 is now in unstable/testing (Buster). utf8proc 2.2.0-1 FTBFS with this; it needs updating to 2.3.0. It is expected that unicoode-data will be updated to 12.1.* (probably 12.1.0~pre1-1) for Buster to include 'Reiwa' for Japanese era handling. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) (ignored: LC_ALL set to en_IE.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927940: libqt5core5a: Applications rely on libQt5Core.so.5 cannot find libQt5Core.so.5
Package: libqt5core5a Version: 5.11.3+dfsg1-1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Maintainer, Applications rely on libQt5Core.so.5, e.g. paraview or qml, does not start with following error: $ paraview /usr/lib/paraview/paraview: error while loading shared libraries: libQt5Core.so.5: cannot open shared object file: No such file or directory $ ldd /usr/lib/paraview/paraview shows the followin output: ...snip... libQt5Widgets.so.5 => /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 (0x7f24e44e) libQt5Gui.so.5 => /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5 (0x7f24e3f5) libQt5Core.so.5 => not found ...snip... I believe the installed library and the symlinks are correct: $ ls -lAFi /usr/lib/x86_64-linux-gnu/libQt5C* 10273300 lrwxrwxrwx 1 root root 20 3月 15 16:20 /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 -> libQt5Core.so.5.11.3 10274154 lrwxrwxrwx 1 root root 20 3月 15 16:20 /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.11 -> libQt5Core.so.5.11.3 10273295 -rw-r--r-- 1 root root 5200168 3月 15 16:20 /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.11.3 Best regards, - -- Ryo IGARASHI, Ph.D. rigar...@gmail.com - -- System Information: Debian Release: 10.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/3 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libqt5core5a depends on: ii libc6 2.28-8 ii libdouble-conversion1 3.1.0-3 ii libgcc11:8.3.0-6 ii libglib2.0-0 2.58.3-1 ii libicu63 63.1-6 ii libpcre2-16-0 10.32-5 ii libstdc++6 8.3.0-6 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages libqt5core5a recommends: ii qttranslations5-l10n 5.11.3-2 Versions of packages libqt5core5a suggests: ii libthai0 0.1.28-2 - -- no debconf information -BEGIN PGP SIGNATURE- iQJHBAEBCgAxFiEEutlx4yjziVJWQGpT7HmigGoZIxkFAlzBaFsTHHJpZ2FyYXNo QGdtYWlsLmNvbQAKCRDseaKAahkjGY6YD/4jIwhFjEsG0uBsrSBv81cRH9nnnGd7 2qz3k40+dqe+/q8dju27tw91ApcJfIBdoAYm0xq4aGvW7wYV815qR4vuXwVgB6iy TSp6HFE/s/GBSUhXFTLYpuoND9GsQo/0OlKu9fk7T+v725Hgx0HodGvnIBafyJwI 4JorNBWnzuDfqO6QHFaTl1MpwkQyRy5N4eR78JNIjYbdqXbHrW5FcMMy0fGUKHcU MSunBiobhFlu1UX0wRRSgnLPIt7MoX9ZJ6BsevgAN86N8EDSjoatnb3gOTEUgZtF 4GWRyRtnTZtbGqiWLaNuG57dyGu/siFQrnVdbURRnYbRMIMyh4kUy2770DRZRi+2 8vlR0D9sllqi8WV/QA+RBnKUheTg8/r2kaHz//zEgwe921NMI0LbewgFYPn/bZyo KVgA/C6l1WduL90P56qUPBblMah0nmCpiPVUhWCNn3zpmzIpIUa59OxCnoDOw8h6 Fiti7KWLkB9xjyTKil2mF8Q6JqYjJ+jsFYVI6XB1B2qKd3E/sKEn3XzEWcGDq9eo 1EmeidrQqxhHm2MVm8/a3JF4ULd7FWz04O+kCKWQ78+mcqH6ws/qcCqPTBxPZHfI JB0j9a3kmZMHrEevwZr6SPg/t62t+mijRRpcaFbag35kywdk6qBj4euympDut0rJ 9KY94C+/x1yV8w== =KjBW -END PGP SIGNATURE-
Bug#927939: 389-ds-base: CVE-2019-3883
Source: 389-ds-base Version: 1.4.0.22-1 Severity: important Tags: security upstream Forwarded: https://pagure.io/389-ds-base/issue/50329 Control: found -1 1.4.0.21-1 Hi, The following vulnerability was published for 389-ds-base. CVE-2019-3883[0]: | In 389-ds-base up to version 1.4.1.2, requests are handled by workers | threads. Each sockets will be waited by the worker for at most | 'ioblocktimeout' seconds. However this timeout applies only for un- | encrypted requests. Connections using SSL/TLS are not taking this | timeout into account during reads, and may hang longer.An | unauthenticated attacker could repeatedly create hanging LDAP requests | to hang all the workers, resulting in a Denial of Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3883 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3883 [1] https://pagure.io/389-ds-base/issue/50329 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#927938: openscap: Can't parse recent Debian OVAL files
Source: openscap Version: 1.2.9-1+b2 Severity: normal The schema used to generate the Debian OVAL files was updated last week[0], to take advantage of the new debian_evr_string datatype in OVAL schema version 5.11.1. Because of this, the version of openscap in stretch can't parse them anymore. [0] https://salsa.debian.org/webmaster-team/webwml/merge_requests/116 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-3-amd64 (SMP w/36 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927937: RFS: scdoc/1.9.4-2
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "scdoc" * Package name : scdoc Version : 1.9.4-2 Upstream Author : Drew DeVault * Url : https://git.sr.ht/~sircmpwn/scdoc * Licenses : MIT Programming Lang : C Section : text scdoc is a tool designed to make the process of writing man pages more friendly. It reads scdoc syntax from stdin and writes roff to stdout, suitable for reading with man(1). It builds those binary packages: * scdoc To access further information about this package, visit the following URL: https://mentors.debian.net/package/scdoc Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/s/scdoc/scdoc_1.9.4-2.dsc Alternatively, you can access package debian/ directory via git from URL: https://salsa.debian.org/bisco-guest/scdoc.git More information about scdoc can be obtained from https://git.sr.ht/~sircmpwn/scdoc Changes since last upload: * d/rules: Set PREFIX also for build, so that the scdoc.pc file gets generated correctly (Closes: 927919) cheers, Birger
Bug#927936: c3p0: CVE-2019-5427
Source: c3p0 Version: 0.9.1.2-10 Severity: important Tags: security upstream Control: found -1 0.9.1.2-9+deb9u1 Control: found -1 0.9.1.2-9 Hi, The following vulnerability was published for c3p0. CVE-2019-5427[0]: | c3p0 version 0.9.5.4 may be exploited by a billion laughs attack | when loading XML configuration due to missing protections against | recursive entity expansion when loading configuration. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-5427 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5427 [1] https://hackerone.com/reports/509315 [2] https://github.com/swaldman/c3p0/commit/f38f27635c384806c2a9d6500d80183d9f09d78b Regards, Salvatore
Bug#810890: caddy in Debian
Caddy just got a 1.0.0 release. What is the progress of packaging?
Bug#927932: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
I’ll have a patch for platforms without atomic support for you. -- Ondřej Surý > On 25 Apr 2019, at 08:49, Bernhard Schmidt wrote: > > Package: src:bind9 > Severity: grave > Tags: security, upstream > > CVE: CVE-2018-5743 > Document version:2.0 > Posting date:24 April 2019 > Program impacted:BIND > Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, > 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview > Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. > Versions 9.13.0 -> 9.13.7 of the 9.13 development branch > are also affected. Versions prior to BIND 9.9.0 have not > been evaluated for vulnerability to CVE-2018-5743. > Severity:High > Exploitable: Remotely > > Description: > > By design, BIND is intended to limit the number of TCP clients > that can be connected at any given time. The number of allowed > connections is a tunable parameter which, if unset, defaults to > a conservative value for most servers. Unfortunately, the code > which was intended to limit the number of simultaneous connections > contains an error which can be exploited to grow the number of > simultaneous connections beyond this limit. > > Impact: > > By exploiting the failure to limit simultaneous TCP connections, > an attacker can deliberately exhaust the pool of file descriptors > available to named, potentially affecting network connections > and the management of files such as log files or zone journal > files. > > In cases where the named process is not limited by OS-enforced > per-process limits, this could additionally potentially lead to > exhaustion of all available free file descriptors on that system. > > CVSS Score: 7.5 > CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > > For more information on the Common Vulnerability Scoring System and > to obtain your specific environmental score please visit: > https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. > > Workarounds: > > None. > > Active exploits: > > No known deliberate exploits, but the situation may occur > accidentally on busy servers. > > It is possible for operators to mistakenly believe that their > configured (or default) limit is sufficient for their typical > operations, when in fact it is not. Following an upgrade to a > version that effectively applies limits, named may deny connections > which were previously improperly permitted. Operators can monitor > their logs for rejected connections, keep an eye on "rndc status" > reports of simultaneous connections, or use other tools to monitor > whether the now-effective limits are causing problems for > legitimate clients. Should this be the case, increasing the value > of the tcp-clients setting in named.conf to an appropriate value > would be recommended. > > Solution: > > Upgrade to a version of BIND containing a fix for the ineffective > limits. > > - BIND 9.11.6-P1 > - BIND 9.12.4-P1 > - BIND 9.14.1 > > BIND Supported Preview Edition is a special feature preview > branch of BIND provided to eligible ISC support customers. > > - BIND 9.11.5-S6 > - BIND 9.11.6-S1 > > Acknowledgements: > > ISC would like to thank AT for helping us to discover this > issue. > > Document revision history: > > 1.0 Advance Notification, 16 January 2019 > 1.1 Recall due to error in original fix, 17 January 2019 > 1.3 Replacement fix delivered to Advance Notification customers, 15 > April 2019 > 1.4 Corrected Versions affected and Solution, 16 April 2019 > 1.5 Added reference to BIND 9.11.6-S1 > 2.0 Public disclosure, 24 April 2019 > > Related documents: > > See our BIND 9 Security Vulnerability Matrix for a complete > listing of security vulnerabilities and versions affected. > > Do you still have questions? Questions regarding this advisory > should go to security-offi...@isc.org. To report a new issue, please > encrypt your message using security-offi...@isc.org's PGP key which > can be found here: > https://www.isc.org/downloads/software-support-policy/openpgp-key > If you are unable to use encrypted email, you may also report new > issues at: https://www.isc.org/community/report-bug/. > > Note: > > ISC patches only currently supported versions. When possible we > indicate EOL versions affected. (For current information on which > versions are actively supported, please see > https://www.isc.org/downloads/.) > > ISC Security Vulnerability Disclosure Policy: > > Details of our current security advisory policy and practice can > be found in the ISC Software Defect and Security Vulnerability > Disclosure Policy. > > Legal Disclaimer: > > Internet Systems Consortium (ISC) is providing this notice on > an "AS IS" basis. No warranty or guarantee of any kind is
Bug#927934: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
Source: bind9 Version: 1:9.11.5.P4+dfsg-3 Severity: grave Tags: security upstream Justification: user security hole Control: clone -1 -2 Control: reassign -2 src:bind 1:9.13.3-1 Control: retitle -2 bind: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective Control: found -1 1:9.11.6+dfsg-1 Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u4 Control: found -1 1:9.10.3.dfsg.P4-12.3 Hi, The following vulnerability was published for bind9. CVE-2018-5743[0]: Limiting simultaneous TCP clients is ineffective If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 [1] https://kb.isc.org/docs/cve-2018-5743 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#927808: gmsh: FTBFS in buster (c++: error: unrecognized command line option '-Wint-to-void-pointer-cast')
This could all be fixed in master (where we have Gmsh 4.3.0). Should
perhaps be uploaded soon.
On Wed, Apr 24, 2019 at 8:33 PM Juhani Numminen
wrote:
>
> Control: retitle -1 gmsh: FTBFS in buster
> ("/usr/include/occt/Standard_Version.hxx" cannot be read)
>
>
> Hi,
>
> I believe the relevant error message is actually this:
>
> CMake Error at CMakeLists.txt:1161 (file):
> file STRINGS file "/usr/include/occt/Standard_Version.hxx" cannot be read.
>
> It seems that /usr/include/occt was changed to /usr/include/opencascade.
> https://salsa.debian.org/science-team/opencascade/commit/05357f551748a6842bf2788e2bbc604daa0dfc16
>
> Kurt, will you be able to make gmsh 4.1.3+ds1-1 buildable in ‘testing’?
>
> Regards,
> Juhani
>
Bug#927933: icu: Please update to deal with Japanese new era "Reiwa"
Package: icu Tags: fixed-upstream, l10n Hi, As http://site.icu-project.org/home, upstream says > These maintenance updates for past ICU versions include support for new > Japanese era Reiwa (令和) However, it also seems to include other changes (in 63.2) > $ diff -urN /tmp/icu-63.1 icu|wc -l > >2685 Debian9 has 57.1-6+deb9u2, and 57.2 corresponds to it -- Hideki Yamane
Bug#926043: CVE-2019-0816
On 4/24/19 10:02 PM, Salvatore Bonaccorso wrote: > Hi Thomas, > > On Tue, Apr 02, 2019 at 10:29:33PM +0200, Moritz Mühlenhoff wrote: >> severity 926043 important >> thanks >> >> On Tue, Apr 02, 2019 at 01:56:35PM +0200, Thomas Goirand wrote: >>> On 4/2/19 12:46 PM, Moritz Muehlenhoff wrote: On Tue, Apr 02, 2019 at 12:33:10PM +0200, Thomas Goirand wrote: > On 4/1/19 11:44 PM, Moritz Mühlenhoff wrote: >> Instead of arguing over bug severities, can't we rather fix the bug? > > Sure. > >> Ubuntu fixed this already and their versions seems fairly close. > > That's the thing. I went into the launchpad bug report, and it's full of > small, incremental commits, from which it is very hard to figure out > which one is really fixing the issue. Also, the Ubuntu package is just > getting a snapshot from upstream, it's not integrating any patch. If > someone can point at the correct patch, I'll do the update work. Actually, given Bastian's reply, we can just close the bug, or am I missing something? Cheers, Moritz >>> >>> Well, not 100%. "we" don't support cloud-init provisioning yet. Though >>> someone running Debian, building their own image, cloud be affected by >>> the bug. Which is why I'd suggest downgrading the bug to important, as >>> it would only affect, only potentially, a very small subset of users. >> >> OK, I see! Downgrading makes total sense, then. Doing that now. >> >>> I still believe we should try to get this fixed in time for Buster, and >>> backport it to Stretch. >> >> Ack. > > Did you had a chance to look into this specifically for unstable and > possibly buster (still agreeing on the reasoning, but was looking > trough some pending mails and spotted the intend above). > > Regards, > Salvatore My appologies, I found the patch in the cloud-init Git, and it applies almost cleanly to the current Sid/Buster release of cloud-init (just a few offsets...). I'm uploading the fix then... Thanks for pushing me to do a better job! :) Cheers, Thomas Goirand (zigo)
Bug#927931: bind: CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
Source: bind Version: 1:9.13.3-1 Severity: grave Tags: security upstream Justification: user security hole Hi See https://kb.isc.org/docs/cve-2019-6467 (only affecting bind versions in experimental). Regards, Salvatore
Bug#927932: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
Package: src:bind9 Severity: grave Tags: security, upstream CVE: CVE-2018-5743 Document version:2.0 Posting date:24 April 2019 Program impacted:BIND Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. Severity:High Exploitable: Remotely Description: By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections beyond this limit. Impact: By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. CVSS Score: 7.5 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Workarounds: None. Active exploits: No known deliberate exploits, but the situation may occur accidentally on busy servers. It is possible for operators to mistakenly believe that their configured (or default) limit is sufficient for their typical operations, when in fact it is not. Following an upgrade to a version that effectively applies limits, named may deny connections which were previously improperly permitted. Operators can monitor their logs for rejected connections, keep an eye on "rndc status" reports of simultaneous connections, or use other tools to monitor whether the now-effective limits are causing problems for legitimate clients. Should this be the case, increasing the value of the tcp-clients setting in named.conf to an appropriate value would be recommended. Solution: Upgrade to a version of BIND containing a fix for the ineffective limits. - BIND 9.11.6-P1 - BIND 9.12.4-P1 - BIND 9.14.1 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. - BIND 9.11.5-S6 - BIND 9.11.6-S1 Acknowledgements: ISC would like to thank AT for helping us to discover this issue. Document revision history: 1.0 Advance Notification, 16 January 2019 1.1 Recall due to error in original fix, 17 January 2019 1.3 Replacement fix delivered to Advance Notification customers, 15 April 2019 1.4 Corrected Versions affected and Solution, 16 April 2019 1.5 Added reference to BIND 9.11.6-S1 2.0 Public disclosure, 24 April 2019 Related documents: See our BIND 9 Security Vulnerability Matrix for a complete listing of security vulnerabilities and versions affected. Do you still have questions? Questions regarding this advisory should go to security-offi...@isc.org. To report a new issue, please encrypt your message using security-offi...@isc.org's PGP key which can be found here: https://www.isc.org/downloads/software-support-policy/openpgp-key If you are unable to use encrypted email, you may also report new issues at: https://www.isc.org/community/report-bug/. Note: ISC patches only currently supported versions. When possible we indicate EOL versions affected. (For current information on which versions are actively supported, please see https://www.isc.org/downloads/.) ISC Security Vulnerability Disclosure Policy: Details of our current security advisory policy and practice can be found in the ISC Software Defect and Security Vulnerability Disclosure Policy. Legal Disclaimer: Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or
Bug#927930: [mecab-ipadic] lack of Japan's new era
Package: mecab-ipadic Version: 2.7.0-20070801+main-2 Severity: important We need the new entry of Japanese emperical era name. Similar issue had reported to mozc: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927030 The patch is there: https://salsa.debian.org/nlp-ja-team/mecab-ipadic/blob/reiwa/debian/patches/0001-new-Japanese-era-reiwa-entry.patch
Bug#927929: [anthy] lack of Japan's new era
Package: anthy Version: 1:0.3-8 Severity: important We need the new entry of Japanese emperical era name. Similar issue had reported to mozc: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927030 The patch is there: https://salsa.debian.org/debian/anthy/blob/reiwa/debian/patches/0002-new-Japanese-era-reiwa-entry.patch
Bug#926043: CVE-2019-0816
On 4/24/19 10:02 PM, Salvatore Bonaccorso wrote: > Hi Thomas, > > On Tue, Apr 02, 2019 at 10:29:33PM +0200, Moritz Mühlenhoff wrote: >> severity 926043 important >> thanks >> >> On Tue, Apr 02, 2019 at 01:56:35PM +0200, Thomas Goirand wrote: >>> On 4/2/19 12:46 PM, Moritz Muehlenhoff wrote: On Tue, Apr 02, 2019 at 12:33:10PM +0200, Thomas Goirand wrote: > On 4/1/19 11:44 PM, Moritz Mühlenhoff wrote: >> Instead of arguing over bug severities, can't we rather fix the bug? > > Sure. > >> Ubuntu fixed this already and their versions seems fairly close. > > That's the thing. I went into the launchpad bug report, and it's full of > small, incremental commits, from which it is very hard to figure out > which one is really fixing the issue. Also, the Ubuntu package is just > getting a snapshot from upstream, it's not integrating any patch. If > someone can point at the correct patch, I'll do the update work. Actually, given Bastian's reply, we can just close the bug, or am I missing something? Cheers, Moritz >>> >>> Well, not 100%. "we" don't support cloud-init provisioning yet. Though >>> someone running Debian, building their own image, cloud be affected by >>> the bug. Which is why I'd suggest downgrading the bug to important, as >>> it would only affect, only potentially, a very small subset of users. >> >> OK, I see! Downgrading makes total sense, then. Doing that now. >> >>> I still believe we should try to get this fixed in time for Buster, and >>> backport it to Stretch. >> >> Ack. > > Did you had a chance to look into this specifically for unstable and > possibly buster (still agreeing on the reasoning, but was looking > trough some pending mails and spotted the intend above). > > Regards, > Salvatore Hi, We are probably better off packaging the latest upstream release, as it's kind of hard to find out what commit fixes the issue. However, I'm really not sure if the release team is comfortable with it at this point. Your thoughts? Cheers, Thomas Goirand (zigo)
Bug#927928: unblock: scoop/0.7.1.1-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package scoop
* QA upload.
* Replace deprecated Sphinx module pngmath with imgmath
Closes: #924838
* Ignore test result (attempt to access remote host)
* Secure URI in watch file
unblock scoop/0.7.1.1-3
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru scoop-0.7.1.1/debian/changelog scoop-0.7.1.1/debian/changelog
--- scoop-0.7.1.1/debian/changelog 2018-02-20 15:07:26.0 +0100
+++ scoop-0.7.1.1/debian/changelog 2019-04-25 07:34:03.0 +0200
@@ -1,3 +1,13 @@
+scoop (0.7.1.1-3) unstable; urgency=medium
+
+ * QA upload.
+ * Replace deprecated Sphinx module pngmath with imgmath
+Closes: #924838
+ * Ignore test result (attempt to access remote host)
+ * Secure URI in watch file
+
+ -- Andreas Tille Thu, 25 Apr 2019 07:34:03 +0200
+
scoop (0.7.1.1-2) unstable; urgency=medium
* Orphan package.
diff -Nru scoop-0.7.1.1/debian/patches/series
scoop-0.7.1.1/debian/patches/series
--- scoop-0.7.1.1/debian/patches/series 2018-02-20 14:59:23.0 +0100
+++ scoop-0.7.1.1/debian/patches/series 2019-04-25 07:34:03.0 +0200
@@ -1,3 +1,4 @@
no-updated-timestamp-in-docs.patch
restore-testsuite.patch
no-adsense.patch
+sphinx.ext.pngmath.patch
diff -Nru scoop-0.7.1.1/debian/patches/sphinx.ext.pngmath.patch
scoop-0.7.1.1/debian/patches/sphinx.ext.pngmath.patch
--- scoop-0.7.1.1/debian/patches/sphinx.ext.pngmath.patch 1970-01-01
01:00:00.0 +0100
+++ scoop-0.7.1.1/debian/patches/sphinx.ext.pngmath.patch 2019-04-25
07:34:03.0 +0200
@@ -0,0 +1,16 @@
+Description: Replace deprecated Sphinx module pngmath with imgmath
+Bug-Debian: https://bugs.debian.org/924838
+Author: Andreas Tille
+Last-Update: Thu, 11 Apr 2019 11:19:49 +0200
+
+--- a/doc/conf.py
b/doc/conf.py
+@@ -50,7 +50,7 @@ needs_sphinx = '1.0'
+ # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+ extensions = ['sphinx.ext.autodoc',
+ 'sphinx.ext.coverage',
+- 'sphinx.ext.pngmath',
++ 'sphinx.ext.imgmath',
+ 'sphinx.ext.viewcode',
+ 'sphinx.ext.intersphinx']
+
diff -Nru scoop-0.7.1.1/debian/rules scoop-0.7.1.1/debian/rules
--- scoop-0.7.1.1/debian/rules 2018-02-20 14:59:23.0 +0100
+++ scoop-0.7.1.1/debian/rules 2019-04-25 07:34:03.0 +0200
@@ -10,7 +10,7 @@
override_dh_auto_test:
PYBUILD_SYSTEM=custom \
PYBUILD_TEST_ARGS="cd {dir}/test; {interpreter} tests.py" \
- dh_auto_test
+ dh_auto_test || true
override_dh_auto_install:
dh_auto_install
diff -Nru scoop-0.7.1.1/debian/watch scoop-0.7.1.1/debian/watch
--- scoop-0.7.1.1/debian/watch 2018-02-20 14:59:23.0 +0100
+++ scoop-0.7.1.1/debian/watch 2019-04-25 07:34:03.0 +0200
@@ -1,4 +1,4 @@
version=3
opts=uversionmangle=s/\.release/$1/ \
-http://pypi.debian.net/scoop/ \
+https://pypi.debian.net/scoop/ \
scoop-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
Bug#927456: irrlicht makefile does not honor CFLAGS (was: irrlicht makefiles does not honors CFLAGS and CXXFLAGS, so neither hardening)
Control: retitle -1 irrlicht makefile does not honor CFLAGS Control: severity -1 minor On Fri, 19 Apr 2019 23:33:53 -0400 PICCORO McKAY Lenz wrote: > in Makefile line 84 we have a non override CFLAG set as: > > irrlicht-1.8.4.0/source/Irrlicht/Makefile > > CFLAGS := -O3 -fexpensive-optimizations -DPNG_THREAD_UNSAFE_OK > -DPNG_NO_MMX_CODE -DPNG_NO_MNG_FEATUR > ES > > so i set to serious due irrlicht on Debian uses system PNG and JPEG > libraries.. so here we can see more that just only not honor the CFLAGS.. > take a shot to the "NO_MMX_CODE" After looking at the build logs[1], I think this is not as serious as it first seems. You are correct that CFLAGS is overridden, but I can't see any C code being compiled. The Makefile honors the CXXFLAGS, CPPFLAGS and LDFLAGS and so the compiled library is indeed hardened. [1] https://buildd.debian.org/status/package.php?p=irrlicht Regards, Juhani
Bug#927927: --with-fortran-interfaces=1 and --useThreads=0 deprecated
Package: libpetsc-real3.11 Version: 3.11.0+dfsg1-1exp1 The --with-fortran-interfaces=1 and --useThreads=0 are no longer valid options for configure. configure --help does not show them and removing them causes no issues on my ubuntu PPA https://launchpad.net/~mardie/+archive/ubuntu/damask/+packages -- --- Max-Planck-Institut für Eisenforschung GmbH Max-Planck-Straße 1 D-40237 Düsseldorf Handelsregister B 2533 Amtsgericht Düsseldorf Geschäftsführung Prof. Dr. Gerhard Dehm Prof. Dr. Jörg Neugebauer Prof. Dr. Dierk Raabe Dr. Kai de Weldige Ust.-Id.-Nr.: DE 11 93 58 514 Steuernummer: 105 5891 1000 - Please consider that invitations and e-mails of our institute are only valid if they end with …@mpie.de. If you are not sure of the validity please contact r...@mpie.de Bitte beachten Sie, dass Einladungen zu Veranstaltungen und E-Mails aus unserem Haus nur mit der Endung …@mpie.de gültig sind. In Zweifelsfällen wenden Sie sich bitte an r...@mpie.de signature.asc Description: This is a digitally signed message part
