Processed: Re: rdiff-backup-fs: segmentation fault
Processing control commands: > tags -1 moreinfo Bug #858316 [rdiff-backup-fs] rdiff-backup-fs: segmentation fault Added tag(s) moreinfo. -- 858316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858316: rdiff-backup-fs: segmentation fault
Control: tags -1 moreinfo Hi Christian! > rdiff-backup-fs crash > Here is the gdb bt and rdiff-backup-fs output > (...) Could you provide a little more information on what exactly you did to provoke the crash? Does rdiff-backup-fs always segfault or just under certain circumstances? Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#858316: rdiff-backup-fs: segmentation fault
On 21 mars 2017 08:20, John Paul Adrian Glaubitz wrote: > Control: tags -1 moreinfo > > Hi Christian! > >> rdiff-backup-fs crash >> Here is the gdb bt and rdiff-backup-fs output >> (...) > > Could you provide a little more information on what exactly you did to provoke > the crash? Does rdiff-backup-fs always segfault or just under certain > circumstances? Nothing special. I don't use rdiff-backup-fs daily so this I don't know since when rdiff-backup-fs crash. I called rdiff-backup-fs with sudo, same crash. I did a try with two differents backups, same crash. I don't see this bug on an amd64 machine (kernel 4.1.39) I restored a directory today with rdiff-backup without problem. Also I don't use the Debian kernel, but instead 4.1 (4.1.39 now) Christian
Bug#858316: rdiff-backup-fs: segmentation fault
Hi Christian! On 03/21/2017 08:37 AM, Christian Marillat wrote: > I called rdiff-backup-fs with sudo, same crash. > I did a try with two differents backups, same crash. Ok, thanks. Will try to reproduce it. > I don't see this bug on an amd64 machine (kernel 4.1.39) Interesting. So it occurs on in i386 only. > I restored a directory today with rdiff-backup without problem. That was on amd64, I asumme? > Also I don't use the Debian kernel, but instead 4.1 (4.1.39 now) Ok, then I definitely have to test it myself because I need to make sure it's not caused by your setup then. The kernel you are using is not officially part of any current Debian release, so it may be a problem on your machine. Thanks, Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#847571: smartly-lexer NMUed, please merge NMU into git
Hi Holger, On Mo 20 Mär 2017 22:48:23 CET, Holger Levsen wrote: On Mon, Mar 20, 2017 at 06:21:38PM +, Mike Gabriel wrote: I am not sure, did we reach a conclusion on the smarty3 upload?. uhm, yes: [11:15] < sunweaver> I'll do the upload to unstable now, or do we want to ping the RT first? [11:15] < h01ger> | do it now [11:15] < h01ger> | it already has been discussed Personally, I'd say that we should bump the versioned BD on snarty-lexer to the just uploaded version. Don't you think? do. Uploaded and B-D on smarty-lexer raised. Can you follow up on the unblock? (Thanks!) Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpgHxHy4qysm.pgp Description: Digitale PGP-Signatur
Bug#858095: marked as done (atlc FTBFS on mips: Build killed with signal TERM after 360 minutes of inactivity)
Your message dated Tue, 21 Mar 2017 10:25:13 + with message-id and subject line Re: Bug#858095: atlc FTBFS on mips: Build killed with signal TERM after 360 minutes of inactivity has caused the Debian Bug report #858095, regarding atlc FTBFS on mips: Build killed with signal TERM after 360 minutes of inactivity to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: atlc Version: 4.6.1-1 Severity: serious https://buildd.debian.org/status/logs.php?pkg=atlc&arch=mips ... PASS: 13a-check_rect_cen_in_rect.test PASS: 13b-check_rect_cen_in_rect.test PASS: 13c-check_rect_cen_in_rect.test PASS: 13d-check_rect_cen_in_rect.test PASS: 14a-check-circ-in-rect.test PASS: 14b-check-circ-in-rect.test PASS: 14c-check-circ-in-rect.test PASS: 14d-check-circ-in-rect.test PASS: WARNING-The-next-test-is-a-benchmark-and-takes-a-long-while.test E: Caught signal ‘Terminated’: terminating immediately make[3]: *** wait: No child processes. Stop. make[3]: *** Waiting for unfinished jobs make[3]: *** wait: No child processes. Stop. make[2]: *** wait: No child processes. Stop. make[2]: *** Waiting for unfinished jobs make[2]: *** wait: No child processes. Stop. make[1]: *** wait: No child processes. Stop. make[1]: *** Waiting for unfinished jobs make[1]: *** wait: No child processes. Stop. make: *** wait: No child processes. Stop. make: *** Waiting for unfinished jobs make: *** wait: No child processes. Stop. Build killed with signal TERM after 360 minutes of inactivity The latest successful build of the same source took 17 minutes. This includes configuring, building and running all tests. Now one test is taking over 6 hours (is that completely hanging?). --- End Message --- --- Begin Message --- Hi, On 19/03/17 14:11, Adrian Bunk wrote: > On Sun, Mar 19, 2017 at 07:28:47AM -0600, Bdale Garbee wrote: >> Adrian Bunk writes: >> >>> Now one test is taking over 6 hours (is that completely hanging?). >> >> I have no idea. Never seen that happen. Makes me wonder what's changed >> in your kernel or toolchain since the last build? > > Nothing of this is "mine", this is a build failure seen on the > Debian buildds: > https://buildd.debian.org/status/logs.php?pkg=atlc&arch=mips > > The latest successful build was in 2011 using gcc 4.6 on a machine > running kernel 2.6.32 > > The failing attempts are with gcc 6 and kernel 3.16 After a few attempts atlc built again. This is probably caused by the MIPS builders which do not have an FPU. To do floating point they have to trap into the kernel which is very slow. James signature.asc Description: OpenPGP digital signature --- End Message ---
Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
Control: reassign -1 perl 5.24.0~rc3-1 Control: affects -1 nama Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault Dear Perl Maintainers, On Fri, 30 Sep 2016 10:09:01 +0100 Chris Lamb wrote: > Source: nama > Version: 1.208-1 > Severity: serious > Justification: fails to build from source > User: reproducible-bui...@lists.alioth.debian.org > Usertags: ftbfs > X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org > > Dear Maintainer, > > nama fails to build from source in unstable/amd64: > > [..] > > ok 57 - set JACK client as input > sax: JACK source port is sax_in. Make connections manually. > > Track sax: source set to JACK manual port sax_in > Failed 69/126 subtests > t/13_io.t ... > 1..1 > ok 1 - use Audio::Nama::IO; > ok > > Test Summary Report > --- > t/12_nama.t (Wstat: 139 Tests: 57 Failed: 0) > Non-zero wait status: 139 > Parse errors: Bad plan. You planned 126 tests but ran 57. > Files=7, Tests=91, 5 wallclock secs ( 0.03 usr 0.01 sys + 2.29 cusr > 0.43 csys = 2.76 CPU) > Result: FAIL > Failed 1/7 test programs. 0/91 subtests failed. > Makefile:930: recipe for target 'test_dynamic' failed > make[1]: *** [test_dynamic] Error 255 > make[1]: Leaving directory > '/home/lamby/temp/cdt.20160930095107.55GhkE5sL3.db.nama/nama-1.208' > dh_auto_test: make -j1 test TEST_VERBOSE=1 returned exit code 2 > debian/rules:4: recipe for target 'build' failed > make: *** [build] Error 2 > > [..] This looks like a problem in perl itself possibly causing random crashes elsewhere, too. Reproduction with the perl-debug package shows the internal assertion: sudo apt-get install perl-debug sudo apt-get build-dep nama apt source nama cd nama-* dpkg-buildpackage ... ok 57 - set JACK client as input sax: JACK source port is sax_in. Make connections manually. Track sax: source set to JACK manual port sax_in Failed 69/126 subtests t/13_io.t ... 1..1 ok 1 - use Audio::Nama::IO; ok .. PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 "/usr/bin/debugperl" \ "-MExtUtils::Command::MM" "-MTest::Harness" "-e" " test_harness(1, \ 'inc', 'blib/lib', 'blib/arch')" t/12_nama.t ... ok 57 - set JACK client as input sax: JACK source port is sax_in. Make connections manually. Track sax: source set to JACK manual port sax_in debugperl: sv.c:6438: Perl_sv_clear: Assertion `SvTYPE(sv) != (svtype)SVTYPEMASK' failed. Failed 69/126 subtests ... Address Sanitizer shows the crash with non-debug perl: LD_PRELOAD=libasan.so.3 PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 \ "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" " test_harness(1, 'inc', 'blib/lib', 'blib/arch')" t/12_nama.t ... sax: JACK source port is sax_in. Make connections manually. Track sax: source set to JACK manual port sax_in ASAN:DEADLYSIGNAL = ==13877==ERROR: AddressSanitizer: SEGV on unknown address 0x00ff0012 (pc 0x559191b15fd8 bp 0x62100013f578 sp 0x7fffaa838b00 T0) #0 0x559191b15fd7 (/usr/bin/perl+0xd9fd7) #1 0x559191b1616d in Perl_sv_unmagic (/usr/bin/perl+0xda16d) #2 0x559191b1513a in Perl_sv_clear (/usr/bin/perl+0xd913a) #3 0x559191b15a8f in Perl_sv_free2 (/usr/bin/perl+0xd9a8f) #4 0x559191b4624e in Perl_leave_scope (/usr/bin/perl+0x10a24e) #5 0x559191b49707 (/usr/bin/perl+0x10d707) #6 0x559191b4ebab in Perl_die_unwind (/usr/bin/perl+0x112bab) #7 0x559191aea518 in Perl_vcroak (/usr/bin/perl+0xae518) #8 0x559191aeafb3 in Perl_croak (/usr/bin/perl+0xaefb3) #9 0x559191b1d592 in Perl_sv_setsv_flags (/usr/bin/perl+0xe1592) #10 0x559191b08ca9 in Perl_pp_sassign (/usr/bin/perl+0xccca9) #11 0x559191b08605 in Perl_runops_standard (/usr/bin/perl+0xcc605) #12 0x559191a8e6c8 in perl_run (/usr/bin/perl+0x526c8) #13 0x559191a6787c in main (/usr/bin/perl+0x2b87c) #14 0x7fa31be502b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #15 0x559191a678b9 in _start (/usr/bin/perl+0x2b8b9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/bin/perl+0xd9fd7) ==13877==ABORTING Dubious, test returned 1 (wstat 256, 0x100) Failed 69/126 subtests Cheers, Balint
Processed: Re: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
Processing control commands: > reassign -1 perl 5.24.0~rc3-1 Bug #839218 [src:nama] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57. Bug reassigned from package 'src:nama' to 'perl'. No longer marked as found in versions nama/1.208-1. Ignoring request to alter fixed versions of bug #839218 to the same values previously set Bug #839218 [perl] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57. There is no source info for the package 'perl' at version '5.24.0~rc3-1' with architecture '' Unable to make a source version for version '5.24.0~rc3-1' Marked as found in versions 5.24.0~rc3-1. > affects -1 nama Bug #839218 [perl] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57. Added indication that 839218 affects nama > retitle -1 perl: Perl 24 makes nama FTBFS due to segfault Bug #839218 [perl] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57. Changed Bug title to 'perl: Perl 24 makes nama FTBFS due to segfault' from 'nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.'. -- 839218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
Processing control commands: > retitle -1 Perl 5.24 makes nama FTBFS due to segfault Bug #839218 [perl] perl: Perl 24 makes nama FTBFS due to segfault Changed Bug title to 'Perl 5.24 makes nama FTBFS due to segfault' from 'perl: Perl 24 makes nama FTBFS due to segfault'. -- 839218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
Control: retitle -1 Perl 5.24 makes nama FTBFS due to segfault # or "Perl 5, version 24, ..." On Tue, 21 Mar 2017 13:14:53 +0100, Balint Reczey wrote: > Control: reassign -1 perl 5.24.0~rc3-1 > Control: affects -1 nama > Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault > This looks like a problem in perl itself possibly causing random crashes > elsewhere, too. I wonder why you picked 5.24.0~rc3-1 as the broken perl version, since this version doesn't exist in debian anymore (and actually was only in experimental, and for exactly one day in April 2016). Does this problem also show up with 5.24.1-1 in testing and/or 5.24.1-2 in unstable? Cheers, gregor -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- BOFH excuse #215: High nuclear activity in your area.
Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote: > > This looks like a problem in perl itself possibly causing random crashes > > elsewhere, too. > Does this problem also show up with 5.24.1-1 in testing and/or > 5.24.1-2 in unstable? Looking at the upstream ticket at https://rt.cpan.org/Public/Bug/Display.html?id=109852 it seems that the segfaults started with perl 5.23.x, that a perl bug was fixed in 5.24.0, and that nama still segfaults. -- So not sure where the problem lies; my guess would be nama. Cheers, gregor -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- BOFH excuse #407: Route flapping at the NAP.
Bug#858316: rdiff-backup-fs: segmentation fault
On 21 mars 2017 08:40, John Paul Adrian Glaubitz wrote: > Hi Christian! > > On 03/21/2017 08:37 AM, Christian Marillat wrote: >> I called rdiff-backup-fs with sudo, same crash. >> I did a try with two differents backups, same crash. > > Ok, thanks. Will try to reproduce it. > >> I don't see this bug on an amd64 machine (kernel 4.1.39) > > Interesting. So it occurs on in i386 only. Yes. >> I restored a directory today with rdiff-backup without problem. > > That was on amd64, I asumme? No on the i386 machine. >> Also I don't use the Debian kernel, but instead 4.1 (4.1.39 now) > > Ok, then I definitely have to test it myself because I need to > make sure it's not caused by your setup then. The kernel you are > using is not officially part of any current Debian release, so it > may be a problem on your machine. I see the same with the latest Debian kernel 4.9.13-1 Christian
Bug#858316: rdiff-backup-fs: segmentation fault
On 03/21/2017 03:32 PM, Christian Marillat wrote: >>> I restored a directory today with rdiff-backup without problem. >> >> That was on amd64, I asumme? > > No on the i386 machine. Ah, sorry, I missed the difference between rdiff-backup and rdiff-backup-fs. >> Ok, then I definitely have to test it myself because I need to >> make sure it's not caused by your setup then. The kernel you are >> using is not officially part of any current Debian release, so it >> may be a problem on your machine. > > I see the same with the latest Debian kernel 4.9.13-1 OK. I will do my own tests as well, so that I can confirm the bug. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Bug#858348: pmw-doc: uninstallable in sid after binNMU of pmw
Package: pmw-doc Version: 1:4.28-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: pmw-doc : Depends: pmw (= 1:4.28-2) but it is not going to be installed This is due to dh_installdocs --link-doc generating overly strict dependencies between arch:all and arch:any packages (#766711). Cheers, Andreas
Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.
Hi Gregor, On Tue, Mar 21, 2017 at 1:36 PM, gregor herrmann wrote: > On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote: > >> > This looks like a problem in perl itself possibly causing random crashes >> > elsewhere, too. >> Does this problem also show up with 5.24.1-1 in testing and/or >> 5.24.1-2 in unstable? Yes, in every later version. I chose the first version BTS knew about. > Looking at the upstream ticket at > https://rt.cpan.org/Public/Bug/Display.html?id=109852 > it seems that the segfaults started with perl 5.23.x, that a perl bug > was fixed in 5.24.0, and that nama still segfaults. -- So not sure > where the problem lies; my guess would be nama. As I read the report there have been numerous fixes after the following commit: https://github.com/Perl/perl5/commit/a5f48505593c7e1ca478de383e24d5cc2541f3ca re-implement OPpASSIGN_COMMON mechanism This commit almost completely replaces the current mechanism for detecting and handing common vars in list assignment, e.g. ... It looks like not all regression are fixed after the re-implementation and the one affecting nama is one of them. I think it should be impossible to trigger an internal assertion in Perl with pure Perl code like nama. Cheers, Balint > > > Cheers, > gregor > > -- > .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org > : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 > `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe >`- BOFH excuse #407: Route flapping at the NAP. -- -- Balint Reczey Debian & Ubuntu Developer
Bug#858215: marked as done (aodh-api: Missing dependency to net-tools)
Your message dated Tue, 21 Mar 2017 15:04:30 + with message-id and subject line Bug#858215: fixed in keystone 2:10.0.0-7 has caused the Debian Bug report #858215, regarding aodh-api: Missing dependency to net-tools to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: aodh-api Version: 3.0.0-2 Severity: normal Dear Maintainer, config script uses pkgos_register_endpoint_config() of pkgos, which itself uses /sbin/route , which is part of net-tools. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: keystone Source-Version: 2:10.0.0-7 We believe that the bug you reported is fixed in the latest version of keystone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Rabel (supplier of updated keystone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 19 Mar 2017 22:31:50 +0100 Source: keystone Binary: python-keystone keystone keystone-doc Architecture: source all Version: 2:10.0.0-7 Distribution: unstable Urgency: medium Maintainer: PKG OpenStack Changed-By: David Rabel Description: keystone - OpenStack identity service keystone-doc - OpenStack identity service - documentation python-keystone - OpenStack identity service - library Closes: 858215 Changes: keystone (2:10.0.0-7) unstable; urgency=medium . * Team upload. * Dependency added: net-tools (Closes: #858215) Checksums-Sha1: 3a2dce6d5e67c81a432ca19c70c0d16edc76a412 3705 keystone_10.0.0-7.dsc d5794d613778e87ca843344b607b57f7c13ac960 36556 keystone_10.0.0-7.debian.tar.xz 8bb87562b420dc66cb4dbb3530629172b4c05451 240632 keystone-doc_10.0.0-7_all.deb 42550f56ac4605b38c5a7769a1ab4e6f49a0e9e5 71468 keystone_10.0.0-7_all.deb 5542d3f9099269bad0a49e9d877f6a59958c0b4a 14789 keystone_10.0.0-7_amd64.buildinfo 2d2c80b60b13a3c1ff622cec858d6371e5a43cec 680908 python-keystone_10.0.0-7_all.deb Checksums-Sha256: f74c53127b811572559f04b0030c88edc268aebbb1efaa7f4f4f2b79dc73553d 3705 keystone_10.0.0-7.dsc ef7e34e97fbfcd1d5f14bdc4418be81300097f902fe89bf1d0ae65c7f74bb5bf 36556 keystone_10.0.0-7.debian.tar.xz 2b08baa536f260f59b4cd57ddf32169ceb112a66a9b6bec62cbbcdd61ef1d7a3 240632 keystone-doc_10.0.0-7_all.deb 85c42b567203e6bf6477b36f5714e3c63c4be619cff0d68bc94cdc0d234dc68b 71468 keystone_10.0.0-7_all.deb 5aec196c7451172ab36c8dc626c62e4f003dad610d6339d51da48f5fdb58a31a 14789 keystone_10.0.0-7_amd64.buildinfo 4501b7bd52f1bf7264a22a84bbca1b3e0f7addfb0f57246731a30b69c8f73d52 680908 python-keystone_10.0.0-7_all.deb Files: 9282259b5930f097afd4ccfdd3531816 3705 net extra keystone_10.0.0-7.dsc effdf84d2342b2ece926f7c04bdb6082 36556 net extra keystone_10.0.0-7.debian.tar.xz 1ed2196e6df209a1596f96c7261e7c1b 240632 doc extra keystone-doc_10.0.0-7_all.deb c33e5bb9ce333ca018acc6b58569de74 71468 net extra keystone_10.0.0-7_all.deb d2af56409ba0be2f1454c1f8d317fac4 14789 net extra keystone_10.0.0-7_amd64.buildinfo eb9d3af65c3dbf8e63e9d8b22c52b52e 680908 python extra python-keystone_10.0.0-7_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAljRLpwACgkQ1BatFaxr Q/5iEg/+KgQxefpDe6yZnIrmVa4cVs033ILD6wTd81AAIUVUojvZln5QXoBZqzjs LwWQ984X098HVIkjKc32zZOozb+VxAfNlwMPbCSvSMyx/TQxScQ2nrltMKp2cMFH 77L5ZPNK72XAEOtxL2pcKKSXXWStwGZ3mX/quveJZvvCXU3Y0TxSXQV8mtOvRRZx LIEwYZjspbYP0TNLasQJIJYt4C6NQi2+7+BIkcTz9rNapRPmCC6Hh+ICtL3FapAX GcbZPSw+7zUmIZkF32Z69chLg3i56p1ahzPH0t/M2DGAzlMhVLUSOacigFR64yJf 4cgFwVkioV+I0smXPTkcV1erwXItgT0VKbZcu0iTPo5ct1hao0RBKjDhIr3F/4Os BQhMpkfzrWfaCSgs5KaITwVydoEWmbjKeQNc7rO/ofvHCf0Jhj3xyVGa0JopBiyE w79wuTuzx4V6xx+hp6YArOvCQPmnt6wSR+5x0bRt4ve4hnvnUF2YPewyTfutHq6U E4ttfzGJxFD9CFZJThxUn3pGu5N6Q6fcd8TJ7NET5nLYKNd
Processed: Re: libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7
Processing control commands: > tag -1 pending patch Bug #856599 [libktpcommoninternals9] libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7 Added tag(s) pending and patch. -- 856599: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856599 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#856599: libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7
Followup-For: Bug #856599
Control: tag -1 pending patch
Hi,
I just uploaded the attached patch as a NMU to DELAYED/5.
Please let me know if I should delay it longer.
Andreas
diff -Nru ktp-common-internals-15.08.3/debian/changelog ktp-common-internals-15.08.3/debian/changelog
--- ktp-common-internals-15.08.3/debian/changelog 2015-12-03 06:18:57.0 +0100
+++ ktp-common-internals-15.08.3/debian/changelog 2017-03-21 16:20:51.0 +0100
@@ -1,3 +1,11 @@
+ktp-common-internals (15.08.3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * libktpcommoninternals9: Add Breaks: libktpcommoninternalsprivate7 to
+ensure smooth upgrade paths from jessie. (Closes: #856599)
+
+ -- Andreas Beckmann Tue, 21 Mar 2017 16:20:51 +0100
+
ktp-common-internals (15.08.3-1) unstable; urgency=medium
* New upstream release.
diff -Nru ktp-common-internals-15.08.3/debian/control ktp-common-internals-15.08.3/debian/control
--- ktp-common-internals-15.08.3/debian/control 2015-11-10 18:53:48.0 +0100
+++ ktp-common-internals-15.08.3/debian/control 2017-03-02 19:29:26.0 +0100
@@ -57,7 +57,7 @@
Package: libktpcommoninternals9
Replaces: libktpcommoninternalsprivate6 (<< 0.7.80)
-Breaks: libktpcommoninternalsprivate6 (<< 0.7.80)
+Breaks: libktpcommoninternalsprivate6 (<< 0.7.80), libktpcommoninternalsprivate7
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libkf5people5 (>= 0.3.0),
libtelepathy-logger-qt5 (>= 15.04),
Processed: close keystone bug
Processing commands for cont...@bugs.debian.org: > fixed 858217 2:10.0.0-7 Bug #858217 [src:keystone] keystone: Missing dependency to net-tools Marked as fixed in versions keystone/2:10.0.0-7. > End of message, stopping processing here. Please contact me if you need assistance. -- 858217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858366: libwhy-coq: sourceful upload needed to update coq dependency
Package: libwhy-coq Version: 2.36-5 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: libwhy-coq : Depends: coq-8.5+4.02.3 but it is not installable A binNMU is not possible since libwhy-coq is arch:all. Please also consider relaxing the frama-c-base dependency to not require a binNMU for every frama-c upload. Cheers, Andreas
Processed: user debian...@lists.debian.org, usertagging 851986, usertagging 724479, usertagging 856645 ...
Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 851986 piuparts There were no usertags set. Usertags are now: piuparts. > usertags 724479 piuparts There were no usertags set. Usertags are now: piuparts. > usertags 856645 piuparts There were no usertags set. Usertags are now: piuparts. > found 856645 1.11.2~ds1-6 Bug #856645 [src:docker.io] docker.io: can't install in sid: docker.io 1.11 depends on runc which breaks docker < 1.12 Marked as found in versions docker.io/1.11.2~ds1-6. > usertags 846757 piuparts Usertags were: qa-ftbfs-20161202 qa-ftbfs. Usertags are now: qa-ftbfs-20161202 piuparts qa-ftbfs. > thanks Stopping processing here. Please contact me if you need assistance. -- 846757: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846757 856645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856645 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858215: marked as done (aodh-api: Missing dependency to net-tools)
Your message dated Tue, 21 Mar 2017 16:33:55 + with message-id and subject line Bug#858215: fixed in aodh 3.0.0-3 has caused the Debian Bug report #858215, regarding aodh-api: Missing dependency to net-tools to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: aodh-api Version: 3.0.0-2 Severity: normal Dear Maintainer, config script uses pkgos_register_endpoint_config() of pkgos, which itself uses /sbin/route , which is part of net-tools. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: aodh Source-Version: 3.0.0-3 We believe that the bug you reported is fixed in the latest version of aodh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Rabel (supplier of updated aodh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 19 Mar 2017 22:11:59 +0100 Source: aodh Binary: python-aodh aodh-common aodh-api aodh-evaluator aodh-notifier aodh-listener aodh-expirer aodh-doc Architecture: source all Version: 3.0.0-3 Distribution: unstable Urgency: medium Maintainer: PKG OpenStack Changed-By: David Rabel Description: aodh-api - OpenStack Telemetry (Ceilometer) Alarming - API server aodh-common - OpenStack Telemetry (Ceilometer) Alarming - common files aodh-doc - OpenStack efficient metering counters system - doc aodh-evaluator - OpenStack Telemetry (Ceilometer) Alarming - alarm evaluator aodh-expirer - OpenStack Telemetry (Ceilometer) Alarming - expirer aodh-listener - OpenStack Telemetry (Ceilometer) Alarming - listener aodh-notifier - OpenStack Telemetry (Ceilometer) Alarming - alarm notifier python-aodh - OpenStack Telemetry (Ceilometer) Alarming - Python libraries Closes: 858215 Changes: aodh (3.0.0-3) unstable; urgency=medium . [ David Rabel ] * Team upload. * Dependency added: net-tools (Closes: #858215) Checksums-Sha1: 24050095f8af4398ddab4b628d393a298440fc6c 3797 aodh_3.0.0-3.dsc fccdff62ba074f0e577926b0bc15e0ca4b622a59 25804 aodh_3.0.0-3.debian.tar.xz 3a6966dfd1c987e628e7b3ae1fa85ec2eff39db2 27852 aodh-api_3.0.0-3_all.deb 2e0d1331b5490932a2b56f4be87cbaabe1ce3b37 37078 aodh-common_3.0.0-3_all.deb 677ee7f53945554949b0dd0e43e987716f4d9494 82436 aodh-doc_3.0.0-3_all.deb 3f57c575bca593e2a13b4637cc6d4c90e2bc1ed7 6728 aodh-evaluator_3.0.0-3_all.deb 9ee8bd80153e10d72eb43703ae6fc74a0af1faa5 6780 aodh-expirer_3.0.0-3_all.deb 7f46fd28893d181c7317c20d2c69613122137ca7 6744 aodh-listener_3.0.0-3_all.deb e066b3a79d3cef113e340b50371a89a5216a5d0e 6728 aodh-notifier_3.0.0-3_all.deb 35a816f0db8e0a23944d3a3594149d017114e102 17053 aodh_3.0.0-3_amd64.buildinfo 04b9ace69db69c309963b49032393af5c3d98e6c 111692 python-aodh_3.0.0-3_all.deb Checksums-Sha256: 5cc54601db8ec8df84edb97c52864188466f1ba3658639ec0eab20b94fe8a59a 3797 aodh_3.0.0-3.dsc d7fcf12b04582b18d7a8dc0a5c36202bb8fa8cfa6d2fca7c729a91ecf52e390c 25804 aodh_3.0.0-3.debian.tar.xz 35731849b744c6f08829546db50fd39d0b98cad8e217953985576b72bdefc338 27852 aodh-api_3.0.0-3_all.deb ce07ece8459e3d43c7e9c547d4bb0e324d0613f90339b2d94a60a0b98c57bf42 37078 aodh-common_3.0.0-3_all.deb 36d3237a09294ea0cc276d5836c2edd42194da8fe23f7275dfc79b185ece9e09 82436 aodh-doc_3.0.0-3_all.deb 67bead08ffe2a9f2ab0665e6579f4d455648aff0f505c87bfb93750b288ef841 6728 aodh-evaluator_3.0.0-3_all.deb 50748eece74ab56901f8880bcb5e06f8841babb3b2fbab6a4283ede26827384c 6780 aodh-expirer_3.0.0-3_all.deb d8b90387c79163e7bfeb51ede30046211ebec1b6925ce4187ebe479a33e25eb2 6744 aodh-listener_3.0.0-3_all.deb 92dc2e0b33c061036f09f7175e93c0dbb6f416cff2a1fb893f868c45fe9da905 6728 aodh-notifier_3.0.0-3_all.deb 6e8d99481a611d3bb71fef9116f2d0199911a535b30b3ff2f53c6771fb5
Bug#858372: mono-fpm-server: dependency on arch:any package libfpm-helper0 is not binNMU-safe
Package: mono-fpm-server
Version: 4.2-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
mono-fpm-server (arch:all) is no longer installable after the recent binNMU of
xsp:
The following packages have unmet dependencies:
mono-fpm-server : Depends: libfpm-helper0 (= 4.2-2) but 4.2-2+b1 is to be
installed
The Depends: libfpm-helper0 (= ${source:Version}) is too strict.
You can probably use
Depends: libfpm-helper0 (>= ${source:Version}), libfpm-helper0 (<<
${source:Version}+ba~)
to cover binNMUs, too.
Please also check the other arch:all packages built from src:xsp.
Andreas
Processed: [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k
Processing commands for cont...@bugs.debian.org: > severity 857296 important Bug #857296 [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 857296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857296 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#857296: [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k
severity 857296 important thanks Greetings and thanks for your report! Am looking into this now Take care, -- Camm Maguirec...@maguirefamily.org == "The earth is but one country, and mankind its citizens." -- Baha'u'llah
Bug#858375: libmongo-client-doc: uninstallable after binNMU
Package: libmongo-client-doc Version: 0.1.8-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: libmongo-client-doc : Depends: libmongo-client0 (= 0.1.8-2) but 0.1.8-2+b2 is to be installed The wrong dependencies are generated by using dh_installdocs --link-doc between arch:all and arch:any packages. (#766711) Cheers, Andreas
Bug#858377: libblkmaker: doesn't support current bitcoin block version
Package: libblkmaker Version: 0.5.3-1 Severity: grave Tags: fixed-upstream Hi, The version of libblkmaker in sid/stretch supports bitcoin blocks up to version 4 only: http://sources.debian.net/src/libblkmaker/0.5.3-1/blkmaker.h/#L15 But since early 2016, the tip of the blockchain uses predemonantly versions 0x2000 or later: https://data.bitcoinity.org/bitcoin/block_version/5y?c=block_version&t=a That seems to make bfgminer unusable; it looks at the tip of the bitcoin blockchain and throws the error, failing to start: "Unrecognized block version, and not allowed to reduce or force it" The current Git master of libblkmaker added support for this: https://github.com/bitcoin/libblkmaker/commit/ae7055df8bbb72dd42dcb6a8d1440ca87da6b0f3 https://github.com/bitcoin/libblkmaker/commit/0d8212c1dcf9dab28d749c08bd107ce0f06d45e3 but I found that bfgminer would still not work unless it also sets BMM_VERFORCE in tmpl->mutations I'm not entirely familiar with any of the above-mentioned software but hopefully the upstream author luke-kr (in Cc:) could comment on these issues. Many thanks! -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 10.1-0-amd64 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Processed: Version tracking fix
Processing commands for cont...@bugs.debian.org: > found 857991 0.2.6-1 Bug #857991 [npm2deb] npm2deb: Please Recommend npm instead of Depend Marked as found in versions npm2deb/0.2.6-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 857991: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857991 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858380: llvm-toolchain-3.7: FTBFS in stretch (failing tests)
Package: src:llvm-toolchain-3.7 Version: 1:3.7.1-3 Severity: serious Dear maintainer: I tried to build this package in stretch with "dpkg-buildpackage -A" but it failed: [...] debian/rules build-indep dh build-indep --with ocaml dh_testdir -i dh_update_autotools_config -i debian/rules override_dh_auto_configure make[1]: Entering directory '/<>' for f in debian/*.in; do \ f2=$(echo $f | sed 's/\.in$//;s/X\.Y/3.7/'); \ echo "$f => $f2"; \ sed -e 's|@DEB_HOST_MULTIARCH@|x86_64-linux-gnu|g' \ -e "s|@OCAML_STDLIB_DIR@|/usr/lib/ocaml|g" \ -e "s|@LLVM_VERSION_FULL@|3.7.1|g" \ -e "s|@LLVM_VERSION@|3.7|g" $f > $f2; \ done [... snipped ...] LLVM :: ExecutionEngine/MCJIT/cross-module-sm-pic-a.ll LLVM :: ExecutionEngine/MCJIT/eh-lg-pic.ll LLVM :: ExecutionEngine/MCJIT/eh-sm-pic.ll LLVM :: ExecutionEngine/MCJIT/multi-module-sm-pic-a.ll LLVM :: ExecutionEngine/MCJIT/remote/cross-module-sm-pic-a.ll LLVM :: ExecutionEngine/MCJIT/remote/multi-module-sm-pic-a.ll LLVM :: ExecutionEngine/MCJIT/remote/test-global-init-nonzero-sm-pic.ll LLVM :: ExecutionEngine/MCJIT/remote/test-ptr-reloc-sm-pic.ll LLVM :: ExecutionEngine/MCJIT/stubs-sm-pic.ll LLVM :: ExecutionEngine/MCJIT/test-global-init-nonzero-sm-pic.ll LLVM :: ExecutionEngine/MCJIT/test-ptr-reloc-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/cross-module-sm-pic-a.ll LLVM :: ExecutionEngine/OrcMCJIT/eh-lg-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/eh-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/multi-module-sm-pic-a.ll LLVM :: ExecutionEngine/OrcMCJIT/remote/cross-module-sm-pic-a.ll LLVM :: ExecutionEngine/OrcMCJIT/remote/multi-module-sm-pic-a.ll LLVM :: ExecutionEngine/OrcMCJIT/remote/test-global-init-nonzero-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/remote/test-ptr-reloc-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/stubs-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/test-global-init-nonzero-sm-pic.ll LLVM :: ExecutionEngine/OrcMCJIT/test-ptr-reloc-sm-pic.ll Failing Tests (2): LLVM-Unit :: ADT/Release/ADTTests/APIntTest.LargeAPIntConstruction LLVM-Unit :: ADT/Release/ADTTests/APIntTest.nearestLogBase2 Expected Passes: 13858 Expected Failures : 97 Unsupported Tests : 209 Unexpected Passes : 22 Unexpected Failures: 2 Makefile:103: recipe for target 'check-local' failed make[3]: *** [check-local] Error 1 make[3]: Leaving directory '/<>/build-llvm/test' /<>/Makefile.rules:1792: recipe for target 'check' failed make[2]: *** [check] Error 2 make[2]: Leaving directory '/<>/build-llvm' debian/rules:413: recipe for target 'override_dh_auto_test' failed make[1]: *** [override_dh_auto_test] Error 2 make[1]: Leaving directory '/<>' debian/rules:134: recipe for target 'build-indep' failed make: *** [build-indep] Error 2 dpkg-buildpackage: error: debian/rules build-indep gave error exit status 2 I've put several of my build logs here: https://people.debian.org/~sanvila/build-logs/llvm-toolchain-3.7/ but this also happens in the reproducible builds autobuilders: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/llvm-toolchain-3.7.html Apparently, this has been happening since 2016-11. Note: Yes, I see that this package has been requested to be removed in Bug #836602, but apparently ghc still needs it, so I don't really know if that will be done or not. Thanks.
Processed: Re: dhclient should perform additional validity checks
Processing control commands: > severity -1 important Bug #844584 [isc-dhcp-client] dhclient should perform additional validity checks Severity set to 'important' from 'serious' -- 844584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#809167: cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation
Control: severity -1 important Hi, On Sun, Jan 29, 2017 at 07:32:59PM +, Ben Hutchings wrote: > (I think this probably can be downgraded. At least on Linux, I expect > memory allocation to either succeed or kill the program. But this > should be fixed, anyway) Doing so now. Cheers, Ivo
Bug#844584: dhclient should perform additional validity checks
Control: severity -1 important Hi, On Thu, Nov 17, 2016 at 08:10:34AM +, Anton Ivanov wrote: > https://samy.pl/poisontap/ > > This is a variation on an ancient "gem" by a DSL Modem vendor > where the router pretends to be the entire internet by spoofing > arp so that it captures all traffic. > > The best way to deal with this is to set an upper limit on the > size of acceptable netmask in /etc/default/isc-dhcp-client and > verify it in a hook (which can be debian specific). > > This way dhcp reply of 0.0.0.0/0 or anything larger than a class > A will raise a security alert instead of blindly exposing the > machine to a spoofing attack. When an attacker can attach devices to your machine, there are lots of possible ways they can mess with it. Filtering certain dhcp replies will not change this that much (they could remove the network cable, if there is a switch to disable wifi they could use that, etc), so I'm lowering the severity of this bug. Cheers, Ivo
Processed: Re: Bug#809167: cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation
Processing control commands: > severity -1 important Bug #809167 [cron] cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation Severity set to 'important' from 'critical' -- 809167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: downgrade 858382
Processing commands for cont...@bugs.debian.org: > severity 858382 wishlist Bug #858382 [gambas3] gambas3: No documentation Severity set to 'wishlist' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 858382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858382 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858177: not affected
Almost all of the Android CVEs are for the Android OS, not the Android SDK. The tricky part is that they are built from the same source tree. Another thing to note is that some of the Android SDK libs used in the SDK run at elevated privileges in Android OS, but not when part of the SDK. So there is a whole class of exploits that are irrelevant to the SDK. And we haven't packaged any part of the Android SDK that interacts with the network, so anything saying "remote code execution on Android" seems unlikely to be relevant. So anyone who wants to look out for these should only look for CVEs that affect the Android SDK, not Android, e.g. https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-13517/Google-Android-Sdk.html CVE-2016-3861 - not affected * no remote access * nothing runs as a privileged process * some affected files not included in any Debian package: * libs/binder/Parcel.cpp * media/libmediaplayerservice/MediaPlayerService.cpp * looks worth fixing as a usability bug CVE-2016-3885 - not affected * debuggerd/debuggerd.cpp is not included in any Debian package * the whole debuggerd is not packaged CVE-2016-3921 - not affected * libsysutils/src/FrameworkListener.cpp is not included in any Debian package * the whole libsysutils is not packaged So my question to you is: how can we make it easier to ignore these? I think its safe to ignore Android CVEs, since there have been some separate Android SDK CVEs. I can't think of a security bug in Android that has affected the SDK in any significant way.
Bug#858177: CVE-2016-3921
Control: severity -1 important Control: tags -1 -security
Processed: Re: Bug#858177: CVE-2016-3921
Processing control commands: > severity -1 important Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885 CVE-2016-3861 Severity set to 'important' from 'grave' > tags -1 -security Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885 CVE-2016-3861 Removed tag(s) security. -- 858177: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858177 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cmtk -> 1.1
Processing commands for cont...@bugs.debian.org:
> user pkg-openssl-de...@lists.alioth.debian.org
Setting user to pkg-openssl-de...@lists.alioth.debian.org (was
sebast...@breakpoint.cc).
> # PKGNAME
> unarchive 844828
Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
build-dependency not installable: libssl-dev
Unarchived Bug 844828
> clone 844828 -1
Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
build-dependency not installable: libssl-dev
Bug 844828 cloned as bug 858388
> archive 844828
Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
build-dependency not installable: libssl-dev
archived 844828 to archive/28 (from 844828)
> reopen -1
Bug #858388 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
build-dependency not installable: libssl-dev
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions cmtk/3.3.1-1.1.
> retitle -1 cmtk: Please migrate to openssl1.1 in buster
Bug #858388 [src:cmtk] cmtk: FTBFS: build-dependency not installable: libssl-dev
Changed Bug title to 'cmtk: Please migrate to openssl1.1 in buster' from 'cmtk:
FTBFS: build-dependency not installable: libssl-dev'.
> unblock 827061 with -1
Bug #827061 [release.debian.org] transition: openssl
827061 was blocked by: 828599 828431 828476 828571 828596 828448 828290 828436
828337 850882 828548 854470 828295 844800 828590 843988 844018 844877 837960
828348 828543 828235 828352 828423 828534 828291 828567 835804 835585 828609
828284 835793 828387 828517 828426 828289 828495 828422 828461 828362 828478
828456 828296 828507 850880 828416 828264 828379 828392 828383 828325 844534
828470 828395 828366 845729 828528 828375 828354 828256 828482 828336 828406
828390 828578 828496 845030 828479 828388 828540 844366 828377 844951 844845
828270 828491 835798 829465 828418 828579 828316 828257 828488 828365 828587
828304 828242 828228 828452 843871 828389 828465 828344 828569 828559 822380
828277 828512 828083 828555 828563 828359 828404 828460 828440 828487 828457
828282 828303 828306 828537 828581 835811 828364 828474 828511 828285 828415
828287 828339 844833 843532 844213 844870 844949 828450 828447 828525 844920
828594 828530 828238 835794 828253 828267 828350 828391 828399 828412 828573
828532 844347 828463 844836 844907 828414 828600 828251 828360 828430 828405
844936 828407 828469 828357 844301 828515 828545 808669 828324 828335 828536
835549 844926 828589 828274 844271 828531 828411 828542 828553 828384 828468
828546 828433 854257 828292 828551 828305 828351 828300 845016 828523 835789
828459 828373 828585 828293 828315 828343 828400 828574 828252 828275 850883
828432 828544 828527 828341 828378 828263 828279 828231 828458 828346 828254
828497 828566 828428 828417 828333 828403 828280 828593 828427 828419 828500
828597 828347 828322 846113 828506 828240 835799 844948 844904 828504 828480
828372 828565 828521 828363 828302 828393 835785 828604 828082 844928 828241
828127 828261 828244 828233 828355 828368 828606 828535 828494 828473 828262
828371 828320 854253 828444 835796 828570 828533 828505 828246 828437 828294
827068 828443 828313 828396 828598 828308 828564 828229 828510 828524 828317
828319 828518 828234 828340 828321 828508 828345 844254 828358 828561 828568
828616 828485 828386 828420 828382 828318 828608 835797 828271 828558 845106
828502 828467 828249 828620 828503 828493 828276 828239 828314 828591 828547
828516 836419 828250 828549 855007 828409 828442 843682 828421 828268 828260
835786 828556 843852 828438 828462 854468 828584 828489 828453 828307 828592
844975 828583 828255 844706 828539 828402 828298 828232 828349 828472 828529
828374 828618 828265 828376 828605 846769 828434 828611 828552 828454 844234
828272 844503 828455 828601 828338 828334 809271 828519 828526 828603 828538
828398 828586 844931 828429 828380 828301 828394 828610 857199 828445 828554
844815 828259 844345 829452 828230 828582 828607 828580 828397 828541 850881
828258 828281 844916 828562 828309 828492 828331 828617 828139 828385 844664
828602 828326 828490 828328 835790 828575 828464 828248 828619 828424 828439
814600 828612 828243 828330 844906 844945 828613 828323 844838 828288 828297
828614 828361 828615 828311 828550 841635 828514 828446 828269 828381 828342
828356 828401 828484 828435 835800 844311 828286 828278 828509 846908 828283
828501 828237 844947 844909 828595 828466 828310 828577 828576 828367 828370
828369 828410 828588 828499 844663
827061 was not blocking any bugs.
Removed blocking bug(s) of 827061: 858388
> severity -1 important
Bug #858388 [src:cmtk] cmtk: Please migrate to openssl1.1 in buster
Severity set to 'important' from 'serious'
> tags -1 = sid buster
Bug #858388 [src:cmtk] cmtk: Please migrate to openssl1.1 in buster
Added tag(s) buster; removed tag(s) stretch and patch.
> usertag -1 openssl-1.1-trans
There were no usertags set.
Usertags a
Bug#734101: openlp in Stretch in danger due to RC bug in libjs-jquery-mobile
Hi Raoul, On 20-03-17 21:32, Raoul Snyman wrote: >> If that is all, that would be a great solution to the problem at hand >> indeed. Does it require other adaptations? I guess one would need to >> guarantee that the migrate calls are actually included. How did you do >> that? I guess every package depending on libjs-jquery-mobile would need >> to load the libjs-jquery-migrate calls? Do you know if this can be done >> inside libjs-jquery-mobile itself? > > Sadly it's not quite that simple. The application using > libjs-jquery-mobile has to also pull in libjs-jquery-migrate, this is > how openlp does it. Unfortunately client-side Javascript libraries are > not like libraries in other languages like Python where the library > internally refers to the other libraries. In client-side Javascript the > developer using the libraries has to manually include the dependencies > in their code. Exactly as I expected indeed. > Here's the documentation for using jQuery Migrate: > https://github.com/jquery/jquery-migrate/tree/1.x-stable#readme Have you tested your workaround with libjs-jquery-migrate-1 recently? The jQuery package in Debian got upgraded to 3.1.1 last October and I read on the page you link above: """ Note that jQuery 3.0 has a separate version of jQuery Migrate. The two versions cannot be used simultaneously on a page, so you should fix any upgrade issues identified by Migrate 1.x before attempting an upgrade. """ which leaves me to wonder if your package is now broken (including the embedded version you normally ship), or that the jQuery Migrate design is such that the 3.0 version is just meant to fix issue that arose from delta's between 2 and 3, and Migrate 1 even works for delta's between 1 and 3. It sounds to me only delta's over one major release are included, which would make the libjs-jquery-migrate-1 package in Debian useless. Paul signature.asc Description: OpenPGP digital signature
Bug#787338: marked as done (ftp.debian.org: incorrect lintian error leads to auto-rejection)
Your message dated Tue, 21 Mar 2017 22:14:05 +0100 with message-id and subject line Not free has caused the Debian Bug report #787338, regarding ftp.debian.org: incorrect lintian error leads to auto-rejection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 787338: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787338 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ftp.debian.org Severity: serious Justification: falsly rejects packages Dear ftp-masters, I recently learned that an upcoming upload of TeX Live 2015 to the archive will be auto-rejected due to the following non-overridable lintian error: E: texlive-extra source: license-problem-md5sum-non-free-file texmf-dist/tex/latex/pdfx/sRGB_IEC61966-2-1_black_scaled.icc usual name is sRGB_IEC61966-2-1_black_scaled.icc. Does not allow modification See also https://packages.debian.org/sid/icc-profiles. The problem here is that the icc profiles as packaged in icc-profiles are outdated and use a incorrect license statement, while the TeX Live files, and several other projects (eg pdf libraries) ship the icc profiles with the correct ICC license statement according to the current status. (TL contains a current ICC_Licenses file) I assume that the decision on a non-overridable lintian error was made based on the license statement in the icc-package, which reads: *** Files: sRGB_* ISO22028* Copyright: International Color Consortium License: ICC To anyone who acknowledges that the files "sRGB_IEC61966-2-1_no_black_scaling.icc" and "sRGB_IEC61966-2-1_black scaled.icc" are provided "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTY, permission to use, copy and distribute these file for any purpose is hereby granted without fee, provided that the files are not changed including the ICC copyright notice tag, and that the name of ICC shall not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. ICC makes no representations about the suitability of this software for any purpose. *** But the current status has changed, and the web site of the International Color Consortium now reads as follows: http://www.color.org/profiles2.xalter ** Licensing The copyright owner and terms of use of an ICC profile are normally identified in the Creator field in the profile header and in the Copyright tag. Where ICC is the copyright owner, the following license terms apply: "This profile is made available by the International Color Consortium, and may be copied, distributed, embedded, made, used, and sold without restriction. Altered versions of this profile shall have the original identification and copyright information removed and shall not be misrepresented as the original profile." *** Paul Wise mentioned in his remarks on the lintian bug 786946 that the *new* license does not allow for modifications, which I consider an "interesting" interpretation, since the second sentence clearly states that Altered versions of this profile ... which can of course only exist if modifications are allowed. Anyway, at least several OSS projects seem to have no problem with this license, thus I ask for a clarification from side of the ftp-masters, as requested by Bastien Roucaries in the above mentioned bug report against lintian. Thanks a lot for your work and all the best Norbert --- End Message --- --- Begin Message --- Done not free--- End Message ---
Bug#734101: openlp in Stretch in danger due to RC bug in libjs-jquery-mobile
Hi Paul, Have you tested your workaround with libjs-jquery-migrate-1 recently? The jQuery package in Debian got upgraded to 3.1.1 last October and I read on the page you link above: Hrm, I hadn't noticed this. Thanks for the heads up. which leaves me to wonder if your package is now broken (including the embedded version you normally ship), or that the jQuery Migrate design is such that the 3.0 version is just meant to fix issue that arose from delta's between 2 and 3, and Migrate 1 even works for delta's between 1 and 3. It sounds to me only delta's over one major release are included, which would make the libjs-jquery-migrate-1 package in Debian useless. Indeed, I just tested it and the workaround doesn't work anymore. Thankfully it doesn't actually break the application, just one small feature within it that doesn't affect the rest of the operation of the application. Again, upstream bundles the correct versions in the source, so I could easily drop the dependency and just use the bundled libraries (although it's not really the way we should be doing things in Debian). Raoul
Bug#857794: reportbug: crash when encountering some non-ASCII characters
Thank you for your report, and for the nice recipe to reproduce the bug.
Can you try the attached patch?
>From f42c5879b91b11a986e93f7f92244cf938dae0fb Mon Sep 17 00:00:00 2001
From: Nis Martensen
Date: Tue, 21 Mar 2017 22:23:49 +0100
Subject: [PATCH] Stop using subprocess.getoutput()
To avoid crashes with non-ascii characters and locale mismatch, we need
to use something that allows specifying an error handler. getoutput is a
legacy API that does not allow that, so switch to subprocess.run() and
use a little wrapper function for readability.
---
reportbug/utils.py | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/reportbug/utils.py b/reportbug/utils.py
index 2de91ae..e134bcd 100644
--- a/reportbug/utils.py
+++ b/reportbug/utils.py
@@ -180,6 +180,13 @@ def search_pipe(searchfile, use_dlocate=True):
return (pipe, use_dlocate)
+def get_command_output(cmd):
+use_shell = False
+if isinstance(cmd, str) and ' ' in cmd:
+use_shell = True
+return subprocess.run(cmd, shell=use_shell, stdout=subprocess.PIPE).stdout.decode(errors='backslashreplace')
+
+
def query_dpkg_for(filename, use_dlocate=True):
try:
x = os.getcwd()
@@ -353,10 +360,10 @@ def get_package_status(package, avail=False):
packarg = pipes.quote(package)
if avail:
-output = subprocess.getoutput(
+output = get_command_output(
"COLUMNS=79 dpkg --print-avail %s 2>/dev/null" % packarg)
else:
-output = subprocess.getoutput(
+output = get_command_output(
"COLUMNS=79 dpkg --status %s 2>/dev/null" % packarg)
for line in output.split(os.linesep):
@@ -511,7 +518,7 @@ def get_avail_database():
def available_package_description(package):
-data = subprocess.getoutput('apt-cache show ' + pipes.quote(package))
+data = get_command_output('apt-cache show ' + pipes.quote(package))
descre = re.compile('^Description(?:-.*)?: (.*)$')
for line in data.split('\n'):
m = descre.match(line)
@@ -523,7 +530,7 @@ def available_package_description(package):
def get_source_name(package):
packages = []
-data = subprocess.getoutput('apt-cache showsrc ' + pipes.quote(package))
+data = get_command_output('apt-cache showsrc ' + pipes.quote(package))
packre = re.compile(r'^Package: (.*)$')
for line in data.split('\n'):
m = packre.match(line)
@@ -537,7 +544,7 @@ def get_source_package(package):
retlist = []
found = {}
-data = subprocess.getoutput('apt-cache showsrc ' + pipes.quote(package))
+data = get_command_output('apt-cache showsrc ' + pipes.quote(package))
binre = re.compile(r'^Binary: (.*)$')
for line in data.split('\n'):
m = binre.match(line)
@@ -704,7 +711,7 @@ def get_changed_config_files(conffiles, nocompress=False):
confinfo[filename] = msg
continue
-filemd5 = subprocess.getoutput('md5sum ' + pipes.quote(filename)).split()[0]
+filemd5 = get_command_output('md5sum ' + pipes.quote(filename)).split()[0]
if filemd5 == md5sum:
continue
@@ -732,7 +739,7 @@ DISTORDER = ['oldstable', 'stable', 'testing', 'unstable', 'experimental']
def get_debian_release_info():
debvers = debinfo = verfile = warn = ''
dists = []
-output = subprocess.getoutput('apt-cache policy 2>/dev/null')
+output = get_command_output('apt-cache policy 2>/dev/null')
if output:
mre = re.compile('\s+(\d+)\s+.*$\s+release\s.*o=(Ubuntu|Debian|Debian Ports),a=([^,]+),', re.MULTILINE)
found = {}
@@ -776,11 +783,11 @@ def get_debian_release_info():
def lsb_release_info():
-return subprocess.getoutput('lsb_release -a 2>/dev/null') + '\n'
+return get_command_output('lsb_release -a 2>/dev/null') + '\n'
def get_arch():
-arch = subprocess.getoutput('COLUMNS=79 dpkg --print-architecture 2>/dev/null')
+arch = get_command_output('COLUMNS=79 dpkg --print-architecture 2>/dev/null')
if not arch:
un = os.uname()
arch = un[4]
@@ -791,7 +798,7 @@ def get_arch():
def get_multiarch():
-out = subprocess.getoutput('COLUMNS=79 dpkg --print-foreign-architectures 2>/dev/null')
+out = get_command_output('COLUMNS=79 dpkg --print-foreign-architectures 2>/dev/null')
return ', '.join(out.splitlines())
--
2.1.4
Bug#858397: odin FTBFS on armel/armhf/i386: FAIL: cmdline-utils/odintestsuite
Source: odin Version: 2.0.3-0.1 Severity: serious https://buildd.debian.org/status/package.php?p=odin&suite=sid ... /usr/bin/make check-TESTS make[4]: Entering directory '/«PKGBUILDDIR»' make[5]: Entering directory '/«PKGBUILDDIR»' ./test-driver: line 107: 3180 Aborted "$@" > $log_file 2>&1 FAIL: cmdline-utils/odintestsuite Testsuite summary for odin 2.0.3 # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See ./test-suite.log Makefile:711: recipe for target 'test-suite.log' failed make[5]: *** [test-suite.log] Error 1
Bug#858402: hangs on install when trying to start
Package: docker.io Version: 1.11.2~ds1-6 Severity: grave I tried to install docker.io in Debian stretch (I know, it's banned, but I figured I'd try my luck) and it completely hangs apt-get install: $ LANG=C sudo dpkg --configure -a Setting up docker.io (1.11.2~ds1-6) ... addgroup: The group `docker' already exists as a system group. Exiting. That is a rerun with a english locale, the original run was actually this: Paramétrage de docker.io (1.11.2~ds1-6) ... Ajout du groupe « docker » (GID 136)... Fait. Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. ... it hung there. I see those two processes launched by the postinst script: systemctl start docker.service /bin/systemd-tty-ask-password-agent --watch Killing both gives me: Terminated invoke-rc.d: initscript docker, action "start" failed. ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled) Active: activating (start) since Tue 2017-03-21 20:00:33 EDT; 3min 34s ago Docs: https://docs.docker.com Main PID: 27169 (docker) Tasks: 8 Memory: 4.9M CPU: 50ms CGroup: /system.slice/docker.service └─27169 /usr/bin/docker daemon -H fd:// mar 21 20:00:33 curie systemd[1]: Starting Docker Application Container Engine... mar 21 20:00:33 curie docker[27169]: time="2017-03-21T20:00:33.334891574-04:00" level=info msg="New containerd process, pid: 27175\n" mar 21 20:00:33 curie docker[27169]: time="2017-03-21T20:00:33.344914324-04:00" level=fatal msg="bad listen address format /var/run/docker/libcontainerd/d…to://address" mar 21 20:00:39 curie docker[27169]: time="2017-03-21T20:00:39.336564442-04:00" level=info msg="New containerd process, pid: 27182\n" mar 21 20:00:39 curie docker[27169]: time="2017-03-21T20:00:39.346250248-04:00" level=fatal msg="bad listen address format /var/run/docker/libcontainerd/d…to://address" Hint: Some lines were ellipsized, use -l to show in full. dpkg: erreur de traitement du paquet docker.io (--configure) : le sous-processus script post-installation installé a retourné une erreur de sortie d'état 143 The ellipsized line is something like this: mar 21 20:00:33 curie docker[27169]: time="2017-03-21T20:00:33.344914324-04:00" level=fatal msg="bad listen address format /var/run/docker/libcontainerd/docker-containerd.sock, expected proto://address" This is hardcoded in the Go source code... a. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (1, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: armhf Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages docker.io depends on: ii adduser 3.115 ii containerd 0.2.3~git20161117.78.03e5862~ds1-1 ii init-system-helpers 1.47 ii iptables 1.6.0+snapshot20161117-5 ii libapparmor1 2.11.0-2 ii libc62.24-9 ii libdevmapper1.02.1 2:1.02.137-1 ii libsqlite3-0 3.16.2-3 ii libsystemd0 232-19 ii runc 0.1.1+dfsg1-2 Versions of packages docker.io recommends: ii ca-certificates 20161130 ii cgroupfs-mount 1.3 ii git 1:2.11.0-2 ii xz-utils 5.2.2-1.2+b1 Versions of packages docker.io suggests: pn aufs-tools ii btrfs-progs 4.7.3-1 ii debootstrap 1.0.88 pn docker-doc pn rinse pn zfs-fuse | zfsutils -- no debconf information
Bug#801564: marked as done (squid: prompting due to modified conffiles which were not modified by the user: /etc/squid/squid.conf)
Your message dated Wed, 22 Mar 2017 00:18:56 + with message-id and subject line Bug#801564: fixed in squid3 3.5.23-2 has caused the Debian Bug report #801564, regarding squid: prompting due to modified conffiles which were not modified by the user: /etc/squid/squid.conf to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 801564: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: squid Version: 3.5.10-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed the piuparts upgrade test because dpkg detected a conffile as being modified and then prompted the user for an action. As there is no user input, this fails. But this is not the real problem, the real problem is that this prompt shows up in the first place, as there was nobody modifying this conffile at all, the package has just been installed and upgraded... This is a violation of policy 10.7.3, see https://www.debian.org/doc/debian-policy/ch-files.html#s10.7.3, which says "[These scripts handling conffiles] must not ask unnecessary questions (particularly during upgrades), and must otherwise be good citizens." https://wiki.debian.org/DpkgConffileHandling should help with figuring out how to do this properly. In https://lists.debian.org/debian-devel/2009/08/msg00675.html and followups it has been agreed that these bugs are to be filed with severity serious. >From the attached log (scroll to the bottom...): Preparing to unpack .../squid-langpack_20150704-1_all.deb ... Unpacking squid-langpack (20150704-1) over (20140506-1) ... Preparing to unpack .../squid-common_3.5.10-1_all.deb ... Unpacking squid-common (3.5.10-1) over (2.7.STABLE9-4.1+deb7u1) ... Preparing to unpack .../squid_3.5.10-1_amd64.deb ... Unpacking squid (3.5.10-1) over (2.7.STABLE9-4.1+deb7u1) ... Setting up squid (3.5.10-1) ... Installing new version of config file /etc/init.d/squid ... Installing new version of config file /etc/logrotate.d/squid ... Installing new version of config file /etc/resolvconf/update-libc.d/squid ... Configuration file '/etc/squid/squid.conf' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** squid.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package squid (--configure): end of file on stdin at conffile prompt Processing triggers for libc-bin (2.19-22) ... Processing triggers for systemd (226-4) ... Errors were encountered while processing: squid This was observed on the upgrade path wheezy -> jessie -> stretch. There was no squid package in jessie, so this is effectively an upgrade from 2.7 to 3.5. Which also means there is no automatic upgrade path from squid 2.7 in wheezy to squid3 in jessie! cheers, Andreas squid_3.5.10-1.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: squid3 Source-Version: 3.5.23-2 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 801...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Garcia Mantinan (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 19 Mar 2017 23:23:57 +0100 Source: squid3 Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge Architecture: source amd64 all Version: 3.5.23-2 Distribution: unstable Urgency: medium Maintainer: Luigi Gangitano Changed-By: Santiago Garcia Mantinan Description: squid - Full featured Web Proxy cache (HTTP proxy) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-
Bug#857794: reportbug: crash when encountering some non-ASCII characters
Hi Nis, Others may have some additional comments but a couple of thoughts from an observer (I'm not the maintainer). C.UTF-8 is provided within glibc (it's in the libc-bin package so it is always available). Is it worth setting that as the locale for all communication with subprocesses? It strikes me that could simplify some parts of this encoding handling. If we're touching every invocation subprocess.* anyway, can we also take this opportunity to get rid of any invocations via the shell? +def get_command_output(cmd): +use_shell = False +if isinstance(cmd, str) and ' ' in cmd: +use_shell = True +return subprocess.run(cmd, shell=use_shell, stdout=subprocess.PIPE).stdout.decode(errors='backslashreplace') specifically, my suggestion is that we *require* cmd to be a list or tuple and always force use_shell=False. Then we never need to worry about nasty characters going near the shell, there's also one less subprocess being used. Associated with that: * redirection of stderr to /dev/null can be done in python instead * the uses of COLUMNS=79 are either no-ops because the command doesn't respect COLUMNS anyway or no-ops because the command ignores COLUMNS when invoked within a pipe. cheers Stuart -- Stuart Prescotthttp://www.nanonanonano.net/ stu...@nanonanonano.net Debian Developer http://www.debian.org/ stu...@debian.org GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
Processed: gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers
Processing control commands: > fixed -1 8.13.11+dfsg-7 Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers Marked as fixed in versions gitlab/8.13.11+dfsg-7. -- 858410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858410 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#858410: gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers
Source: gitlab Version: 8.13.11+dfsg-2 Severity: grave Tags: patch upstream security fixed-upstream Control: fixed -1 8.13.11+dfsg-7 Hi, the following vulnerability was published for gitlab. CVE-2017-0882[0]: Information Disclosure in Issue and Merge Request Trackers If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-0882 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0882 [1] https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ Regards, Salvatore
Bug#858410: closing 858410
close 858410 8.13.11+dfsg-7 thanks
Processed: closing 858410
Processing commands for cont...@bugs.debian.org: > close 858410 8.13.11+dfsg-7 Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers Ignoring request to alter fixed versions of bug #858410 to the same values previously set Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 858410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858410 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
