Bug#916902: Taking over pspp into Debian Science team maintenance (Was: pspp: CVE-2018-20230)
Hi Friedrich, I stumbled upon #916902 in my Buster bug squashing effort. I'm willing to apply and upload the suggested fix[1], but I feel our both time better spent if the changes are done in a repository on Salsa. Since the package perfectly fits into Debian Science scope I'd volunteer to move the package to Debian Science. In case I will not hear from you I in the next five days asume you agree with this. Kind regards Andreas. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902#32 -- http://fam-tille.de
Processed: Re: Bug#927753: gnome-maps: segmentation fault at startup
Processing control commands: > reassign -1 libgeocode-glib0 3.26.0-2 Bug #927753 [gnome-maps] gnome-maps: segmentation fault at startup Bug reassigned from package 'gnome-maps' to 'libgeocode-glib0'. No longer marked as found in versions gnome-maps/3.30.3-1. Ignoring request to alter fixed versions of bug #927753 to the same values previously set Bug #927753 [libgeocode-glib0] gnome-maps: segmentation fault at startup Marked as found in versions geocode-glib/3.26.0-2. > severity 925539 serious Bug #925539 [libgeocode-glib0] gnome-weather: Crashes when typing a place's name Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Ignoring request to change severity of Bug 925539 to the same value. Ignoring request to change severity of Bug 927728 to the same value. > forcemerge 925539 -1 Bug #925539 [libgeocode-glib0] gnome-weather: Crashes when typing a place's name Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Removed indication that 927728 affects gnome-maps and gnome-weather Added indication that 927728 affects gnome-weather,gnome-maps Removed indication that 925539 affects gnome-weather and gnome-maps Added indication that 925539 affects gnome-weather,gnome-maps Bug #927753 [libgeocode-glib0] gnome-maps: segmentation fault at startup Severity set to 'serious' from 'grave' Added indication that 927753 affects gnome-weather,gnome-maps Marked as fixed in versions geocode-glib/3.26.1-1. Added tag(s) upstream, patch, and fixed-upstream. Merged 925539 927728 927753 -- 925539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925539 927728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927728 927753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927753 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927753: gnome-maps: segmentation fault at startup
Control: reassign -1 libgeocode-glib0 3.26.0-2 Control: severity 925539 serious Control: forcemerge 925539 -1 On Tue, 23 Apr 2019 at 01:05:55 +0200, gpe wrote: > I confirm. Installing libgeocode-glib0 3.26.1-1 resolves the issue. Reassigning to libgeocode-glib0 and merging with the existing bug, then. Thanks for confirming this. smcv
Bug#927307: Bug#927688: graphicsmagick breaks mpfit autopkgtest: LockSemaphoreInfo: Assertion `semaphore_info != (SemaphoreInfo *) NULL' failed
Hi Ole, On Mon, Apr 22, 2019 at 3:45 PM Ole Streicher wrote: > On 21.04.19 12:46, László Böszörményi (GCS) wrote: > > I do _not_ want to NMU it as I consider that unwelcomed as Ole is > > alive and well. But please, do a fixed upload of gnudatalanguage soon. > > Thanks for the patience; I will check this in the next days; latest at > weekend (I am currently on easter vacation). Pls ping me if it is really > needed earlier. If possible, please do the upload by Wednesday or by Thursday. The recent GraphicsMagick uploads contain way too many security fixes that I would like to see in Buster. But I only can ask for a freeze exception if I don't break anything. The patch for gnudatalanguage is small and just need to be copied in. Thanks, Laszlo/GCS
Processed: Re: Bug#927764: evince crashes in poppler on unusual pdf document
Processing control commands: > forcemerge 924029 927764 Bug #924029 [libpoppler-glib8] evince: Crashes when opening a PDF Bug #927764 [libpoppler-glib8] evince crashes in poppler on unusual pdf document Severity set to 'grave' from 'normal' Added tag(s) upstream, fixed-upstream, and patch. Merged 924029 927764 -- 924029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924029 927764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927764 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927728: gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV)
Control: reassign -1 libgeocode-glib0 3.26.0-2 Control: severity 925539 serious Control: forcemerge 925539 -1 Control: affects 925539 + gnome-maps On Mon, 2019-04-22 at 15:07 +0200, Bernhard Übelacker wrote: > might this be related to #925539 ? Looks like it is indeed. > Can you still reproduce it when you install > libgeocode-glib0 3.26.1-1 from unstable? No, that fixes the issue :D Could you please get the fixed version into Debian buster? https://release.debian.org/buster/freeze_policy.html -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Processed: Re: Bug#927728: gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV)
Processing control commands: > reassign -1 libgeocode-glib0 3.26.0-2 Bug #927728 [gnome-maps] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Bug reassigned from package 'gnome-maps' to 'libgeocode-glib0'. No longer marked as found in versions gnome-maps/3.30.3-1 and gnome-maps/3.32.1-1. Ignoring request to alter fixed versions of bug #927728 to the same values previously set Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Marked as found in versions geocode-glib/3.26.0-2. > severity 925539 serious Bug #925539 [libgeocode-glib0] gnome-weather: Crashes when typing a place's name Severity set to 'serious' from 'important' > forcemerge 925539 -1 Bug #925539 [libgeocode-glib0] gnome-weather: Crashes when typing a place's name Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Added indication that 927728 affects gnome-weather Marked as fixed in versions geocode-glib/3.26.1-1. Added tag(s) upstream, patch, and fixed-upstream. Merged 925539 927728 > affects 925539 + gnome-maps Bug #925539 [libgeocode-glib0] gnome-weather: Crashes when typing a place's name Bug #927728 [libgeocode-glib0] gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV) Added indication that 925539 affects gnome-maps Added indication that 927728 affects gnome-maps -- 925539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925539 927728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927728 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#905772: libvirtd upgrade broken stretch->buster
Processing control commands: > severity -1 normal Bug #905772 [libvirt] virtlogd dependency loop causing upgrade failures Severity set to 'normal' from 'serious' -- 905772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#905772: libvirtd upgrade broken stretch->buster
control: severity -1 normal Hi. I ran a number of other upgrades today of libvirtd from stretch to buster and was not able to reproduce the problem in the environments I thought would cause it. I don't know what's up, but I don't think characterizing this as RC given the data we have is correct.
Bug#924591: this requires linking in libsparse, which is from Android sources
On Mon, Apr 22, 2019 at 10:19:46PM +0200, Hans-Christoph Steiner wrote: > > I don't really know how fastboot in stretch provided the mke2fs support, > but judging by the dependencies, it might have been that fastboot used > to do the formatting itself, based on being linked to > android-libext4-utils and android-libsparse. The buster version of > fastboot is clearly calling mk2efs, which in AOSP is built from an > inline e2fsprogs fork. Yes, that's correct. >From running strings on the fastboot binary from Stretch, it's using the statically linked-in make_ext4fs code. The make_ext4fs was code written years and years ago, back when Android senior management (rumor has it was that it was Andy Rubin himself) didn't want to use any GPL'ed code in userspace. Fortunately, that's no longer the case. The old make_ext4fs code was old, creaky, and didn't exactly work the same way as mke2fs (since it was written as a clean-room reimplementation from scratch). As a result I was very happy when we were finally able to take the make_ext4fs code and KILL IT WITH FIRE[1]. :-) [1] https://www.youtube.com/watch?v=Tnod9vtB4xA Unfortunately, the focus was to make the make_ext4fs replacement work with AOSP only. I wasn't aware of Debian's native Android tools; but even if I did, it's not clear that we could have gotten things working within the scope of the intern project to drop make_ext4fs support and port the necessary support code into e2fsprogs. This change started landing in AOSP in November 2016 (it was a Fall 2016 intern project). I'd have to check to be sure, but looking at the Debian changelog, the AOSP release with the actual KILL IT WITH FIRE commit probably landed in Debian sometime in late 2017. Alas, apparently no one had noticed the problem for well over a year. So I'm guessing Debian's fastboot, or at least its format command, is rarely used by Debian users. :-/ - Ted
Bug#927753: gnome-maps: segmentation fault at startup
Le mardi 23 avril 2019 à 00:44 +0200, Bernhard Übelacker a écrit : > Hello gpe, > this stack trace looks really like that one > submitted in https://bugs.debian.org/927728 . > > Possibly you can install just libgeocode-glib0 3.26.1-1 > from unstable? > > From my findings in https://bugs.debian.org/927728 > I would expect that this crash should then be gone. > > Kind regards, > Bernhard > I confirm. Installing libgeocode-glib0 3.26.1-1 resolves the issue. BR
Bug#927753: gnome-maps: segmentation fault at startup
Hello gpe, this stack trace looks really like that one submitted in https://bugs.debian.org/927728 . Possibly you can install just libgeocode-glib0 3.26.1-1 from unstable? >From my findings in https://bugs.debian.org/927728 I would expect that this crash should then be gone. Kind regards, Bernhard
Bug#927753: gnome-maps: segmentation fault at startup
Le mardi 23 avril 2019 à 00:20 +0200, Bernhard Übelacker a écrit : > Hello gpe92, > maybe you could add some more information for the maintainer > by following steps, if possible: > - install the package "systemd-coredump" > - try to start gnome-maps again > - forward the output of following command to this bug: > journalctl | sed -n '/dumped core/,/systemd-coredump@/p' > > I guess this issue could be the same as in bugs 925539 or 927728. > > Kind regards, > Bernhard Here is the result in the attached file. BR. journalctl | sed -n '/dumped core/,/systemd-coredump@/p' avril 23 00:25:08 reveillon systemd-coredump[5265]: Process 4680 (gnome-maps) of user 1000 dumped core. Stack trace of thread 4680: #0 0x7fbfc2a1bdc6 __GI_strtol_l_internal (libc.so.6) #1 0x7fbfaec9bd7e n/a (libgeocode-glib.so.0) #2 0x7fbfaec9d900 _geocode_parse_search_json (libgeocode-glib.so.0) #3 0x7fbfaec9da89 n/a (libgeocode-glib.so.0) #4 0x7fbfc3026719 n/a (libgio-2.0.so.0) #5 0x7fbfc3027196 n/a (libgio-2.0.so.0) #6 0x7fbfaec9c683 n/a (libgeocode-glib.so.0) #7 0x7fbfc3026719 n/a (libgio-2.0.so.0) #8 0x7fbfc3027196 n/a (libgio-2.0.so.0) #9 0x7fbfc2fde582 n/a (libgio-2.0.so.0) #10 0x7fbfc2ffa94d n/a (libgio-2.0.so.0) #11 0x7fbfc3026719 n/a (libgio-2.0.so.0) #12 0x7fbfc3026759 n/a (libgio-2.0.so.0) #13 0x7fbfc2e5edd8 g_main_context_dispatch (libglib-2.0.so.0) #14 0x7fbfc2e5f1c8 n/a (libglib-2.0.so.0) #15 0x7fbfc2e5f25c g_main_context_iteration (libglib-2.0.so.0) #16 0x7fbfc305199d g_application_run (libgio-2.0.so.0) #17 0x7fbfc24ed8ee ffi_call_unix64 (libffi.so.6) #18 0x7fbfc24ed2bf ffi_call (libffi.so.6) #19 0x7fbfc2d63819 n/a (libgjs.so.0) #20 0x7fbfc2d64f96 n/a (libgjs.so.0) #21 0x7fbfc1143474 n/a (libmozjs-60.so.0) #22 0x7fbfc11366e1 n/a (libmozjs-60.so.0) #23 0x7fbfc1142cf6 n/a (libmozjs-60.so.0) #24 0x7fbfc1144947 n/a (libmozjs-60.so.0) #25 0x7fbfc1144a6c n/a (libmozjs-60.so.0) #26 0x7fbfc1457d6e n/a (libmozjs-60.so.0) #27 0x7fbfc1457e7b n/a (libmozjs-60.so.0) #28 0x7fbfc2d8c36a gjs_eval_with_scope (libgjs.so.0) #29 0x7fbfc2d825c2 gjs_context_eval (libgjs.so.0) #30 0x55df5ed719cb main (gjs-console) #31 0x7fbfc2a0409b __libc_start_main (libc.so.6) #32 0x55df5ed71cca _start (gjs-console) Stack trace of thread 4685: #0 0x7fbfc24ff00c futex_wait_cancelable (libpthread.so.0) #1 0x7fbfc17a7aff _ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE (libmozjs-60.so.0) #2 0x7fbfc17a7cd5 _ZN7mozilla6detail21ConditionVariableImpl8wait_forERNS0_9MutexImplERKNS_16BaseTimeDurationINS_27TimeDurationValueCalculatorEEE (libmozjs-60.so.0) #3 0x7fbfc1524644 n/a (libmozjs-60.so.0) #4 0x
Bug#927753: gnome-maps: segmentation fault at startup
Hello gpe92, maybe you could add some more information for the maintainer by following steps, if possible: - install the package "systemd-coredump" - try to start gnome-maps again - forward the output of following command to this bug: journalctl | sed -n '/dumped core/,/systemd-coredump@/p' I guess this issue could be the same as in bugs 925539 or 927728. Kind regards, Bernhard
Bug#926958: marked as done (freeradius: VU#871675: Authentication bypass in EAP-PWD (CVE-2019-11234 CVE-2019-11235))
Your message dated Mon, 22 Apr 2019 22:04:40 + with message-id and subject line Bug#926958: fixed in freeradius 3.0.17+dfsg-1.1 has caused the Debian Bug report #926958, regarding freeradius: VU#871675: Authentication bypass in EAP-PWD (CVE-2019-11234 CVE-2019-11235) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:freeradius Severity: important Tags: security 3.0.19 has been released adressing some issues in EAP-PWD. The VU# linked in the original advisory is not (yet?) accessible and I haven't found a CVE for it. Since FreeRADIUS is orphaned I'll look at doing an NMU when I find some time, but likely not before early next week. https://freeradius.org/security/ 2019.04.10Authentication bypass in EAP-PWD The EAP-PWD module is vulnerable to multiple issues, including authentication bypass. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Version 3.0.0 through 3.0.18 are are affected. The EAP-PWD module is vulnerable to side-channel and cache-based attacks. The issue is discussed in more in Hostap 2019-2. The attack requires the attacker to be able to run a program on the target device. This is not commonly the case on an authentication server (EAP server), so the most likely target for this would be a client device using EAP-PWD. It is not clear at this time if the attack is possible between multiple virtual machines on the same hardware. Other issues with EAP-PWD were found earlier, and patched in Hostap. The FreeRADIUS team was not notified of these attacks until recently. We have now patched FreeRADIUS to address these issues. Additional issues were found by Mathy Vanhoef as part of a deep investigation into EAP-PWD. He also supplied patches to address the issues. His report is included below. This issue is recorded in VU#871675 We have released version 3.0.19 to address these issues. --- End Message --- --- Begin Message --- Source: freeradius Source-Version: 3.0.17+dfsg-1.1 We believe that the bug you reported is fixed in the latest version of freeradius, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 926...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt (supplier of updated freeradius package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Apr 2019 23:23:36 +0200 Source: freeradius Architecture: source Version: 3.0.17+dfsg-1.1 Distribution: unstable Urgency: high Maintainer: Debian FreeRADIUS Packaging Team Changed-By: Bernhard Schmidt Closes: 926958 Changes: freeradius (3.0.17+dfsg-1.1) unstable; urgency=high . * Non-maintainer upload. * Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 / VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading to authentication bypass) (Closes: #926958) Checksums-Sha1: 6dc2174ea6db4fadd7fd8bcfce44d2e9e109cf31 3818 freeradius_3.0.17+dfsg-1.1.dsc 96316f800b19d9fefa163a29bfcf451ae5ceaea5 63832 freeradius_3.0.17+dfsg-1.1.debian.tar.xz 2b9c90ca043f46c04ae942efd408330676fe5ada 19233 freeradius_3.0.17+dfsg-1.1_amd64.buildinfo Checksums-Sha256: e25c2c7483328e3b2b6bf01188493ac60d6ba1790a7f119a33427876636e0943 3818 freeradius_3.0.17+dfsg-1.1.dsc 70c32f02cf7878b03b748825eb1c4b625e1935c93fbc9a7ad6550b5bc0d0f273 63832 freeradius_3.0.17+dfsg-1.1.debian.tar.xz e287282ba2ab945fdf06c6280549370b733b3c9ff1d64fec6f251e52f6bc80e8 19233 freeradius_3.0.17+dfsg-1.1_amd64.buildinfo Files: d9c1e5636ebbbe0d8612dfc3716a8ad5 3818 net optional freeradius_3.0.17+dfsg-1.1.dsc e69edc14d18672215c22fe13408caba2 63832 net optional freeradius_3.0.17+dfsg-1.1.debian.tar.xz 56ef52b0d1de4d7ab9058efbb8cba26c 19233 net optional freeradius_3.0.17+dfsg-1.1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAly+NPsRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJNqJw//dHovzbcYPfGsY3lu7M4/PJVuL9HATPhq 5h4nneqwXrJyai+farBlALuDrEYmKE5VLb/lzn0ozfdqozGD0gJY9W
Processed: Bug #917535 in debian-archive-keyring marked as pending
Processing control commands: > tag -1 pending Bug #917535 [debian-archive-keyring] debian-archive-keyring: ftp-master key for buster Added tag(s) pending. -- 917535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#917535: Bug #917535 in debian-archive-keyring marked as pending
Control: tag -1 pending Hello, Bug #917535 in debian-archive-keyring reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/release-team/debian-archive-keyring/commit/0b974ff1469e647c508c785d817a4d73e513da5a Add Debian Archive Automatic Signing Key (10/buster) (ID: BCDDDC30D7C23CBBABEE) and Debian Security Archive Automatic Signing Key (10/buster) (ID: C5FF4DFAB270CAA96DFA) Closes: #917535 Signed-off-by: Jonathan Wiltshire (this message was generated automatically) -- Greetings https://bugs.debian.org/917535
Bug#917536: Bug #917536 in debian-archive-keyring marked as pending
Control: tag -1 pending Hello, Bug #917536 in debian-archive-keyring reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/release-team/debian-archive-keyring/commit/d67aee158440dbbd168dfb91e06bb6af278702ec Add Debian Stable Release key (10/buster) (ID: DCC9EFBF77E11517) Closes: #917536 Signed-off-by: Jonathan Wiltshire (this message was generated automatically) -- Greetings https://bugs.debian.org/917536
Processed: Bug #917536 in debian-archive-keyring marked as pending
Processing control commands: > tag -1 pending Bug #917536 [debian-archive-keyring] debian-archive-keyring: release key for buster Added tag(s) pending. -- 917536: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917536 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927765: debian-archive-keyring: Team maintainer but no human uploaders (policy 3.3)
Package: debian-archive-keyring Version: 2011.10.21 Severity: serious Justification: Policy 3.3 d-a-k has a team maintainer but no human uploaders, violating the "must" directive in policy 3.3. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debconf-show failed
Processed: Bug #927442 in runit marked as pending
Processing control commands: > tag -1 pending Bug #927442 [runit] runit: fails to install: ln: failed to create symbolic link '/etc/runit/runsvdir/current': No such file or directory Ignoring request to alter tags of bug #927442 to the same tags previously set -- 927442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927442: Bug #927442 in runit marked as pending
Control: tag -1 pending Hello, Bug #927442 in runit reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/runit/commit/6c03140f5fd199c2cb5162ae3eb68dac1cf6a542 Fix preinst script on fresh installation Closes: #927442 (this message was generated automatically) -- Greetings https://bugs.debian.org/927442
Bug#927442: Bug #927442 in runit marked as pending
Control: tag -1 pending Hello, Bug #927442 in runit reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/runit/commit/9faee1d81353fb3d49e3fbcc3fb6b74de04729eb Fix preinst script on fresh installation Closes: #927442 (this message was generated automatically) -- Greetings https://bugs.debian.org/927442
Processed: Bug #927442 in runit marked as pending
Processing control commands: > tag -1 pending Bug #927442 [runit] runit: fails to install: ln: failed to create symbolic link '/etc/runit/runsvdir/current': No such file or directory Added tag(s) pending. -- 927442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924976: marked as done (python3-kombu: Incompatible with python3-redis (>= 3))
Your message dated Mon, 22 Apr 2019 20:33:26 + with message-id and subject line Bug#924976: fixed in kombu 4.2.1-3 has caused the Debian Bug report #924976, regarding python3-kombu: Incompatible with python3-redis (>= 3) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python3-celery Version: 4.2.1-3 Severity: grave Justification: renders package unusable Should be fixed in the upstream, but current versions in repository are incompatible. https://github.com/celery/celery/issues/5175 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.0.1-1-MANJARO (SMP w/4 CPU cores; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages python3-celery depends on: ii python33.7.2-1 ii python3-billiard 3.6.0.0-1 ii python3-dateutil 2.7.3-3 ii python3-ephem 3.7.6.0-7+b1 ii python3-kombu 4.2.1-2 ii python3-memcache 1.59-1 ii python3-pkg-resources 40.8.0-1 ii python3-pyparsing 2.2.0+dfsg1-2 ii python3-tz 2018.9-1 python3-celery recommends no packages. Versions of packages python3-celery suggests: pn python-celery-doc ii python3-redis 3.2.0-2 ii python3-sqlalchemy 1.2.18+ds1-1 -- no debconf information --- End Message --- --- Begin Message --- Source: kombu Source-Version: 4.2.1-3 We believe that the bug you reported is fixed in the latest version of kombu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Fladischer (supplier of updated kombu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Apr 2019 21:04:43 +0200 Source: kombu Binary: python-kombu python-kombu-doc python3-kombu Architecture: source all Version: 4.2.1-3 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team Changed-By: Michael Fladischer Description: python-kombu - AMQP Messaging Framework for Python python-kombu-doc - AMQP Messaging Framework for Python (Documentation) python3-kombu - AMQP Messaging Framework for Python (Python3 version) Closes: 924976 Changes: kombu (4.2.1-3) unstable; urgency=medium . [ Josue Ortega ] * Team upload. * Add debian/patch/0005-Fix-compat-with-redis3.patch to fix compatibility with python-redis (>= 3) (Closes: #924976). Checksums-Sha1: 0f3700f71ca6a3f7d4a028ac16e0b43288ab2f1e 3045 kombu_4.2.1-3.dsc 6d85817a2ed282f58d402cf79e989611d7cfad63 423926 kombu_4.2.1.orig.tar.gz ca40e904d3bbb562b3ddeba731ca04be0bb3d880 12656 kombu_4.2.1-3.debian.tar.xz a1c199b9e4b96f9d481b44abf6299760a14e0bfe 10069 kombu_4.2.1-3_amd64.buildinfo 7c1606f3b4b43ca4b259a5719e3a1c24eab8e1b9 567116 python-kombu-doc_4.2.1-3_all.deb 6e63950b39c8efa02f38ba9752c700c485b547b5 163304 python-kombu_4.2.1-3_all.deb e91933536d33cf77a597332f0ef6cfc9dbe12585 162932 python3-kombu_4.2.1-3_all.deb Checksums-Sha256: b0b2627054ea21161756ea4f59693e2de0803b02a8a7e9bd1691f86891755cd4 3045 kombu_4.2.1-3.dsc 86adec6c60f63124e2082ea8481bbe4ebe04fde8ebed32c177c7f0cd2c1c9082 423926 kombu_4.2.1.orig.tar.gz f48be8472c6e044df64dbe1726e05c40f1d3cbdd52ca508dcd2a571d1f5bcaec 12656 kombu_4.2.1-3.debian.tar.xz dab809875f8fe7ff646be1c881c2940dafd1958e49acfda4b6131467b39e0ef2 10069 kombu_4.2.1-3_amd64.buildinfo 747a68d8a7a53db918fcbab4b0d20b82765a63cb66c4839657f54d796056e37e 567116 python-kombu-doc_4.2.1-3_all.deb f6f243676f87a5b260cf6cfe06762a7ff15d1b5f5ac7d4eb1823cc5204c44192 163304 python-kombu_4.2.1-3_all.deb d233d7e4503a25fab58da445dc2997bfd8bc631ae9f0d6f08848f451f46e027d 162932 python3-kombu_4.2.1-3_all.deb Files: 0fde73119116d05c4ce969f1e5a7fbdd 3045 python optional kombu_4.2.1-3.dsc 15e43bdeacef6805a61e2cdee717f748 423926 python optional kombu_4.2.1.ori
Bug#924591: this requires linking in libsparse, which is from Android sources
Theodore Ts'o: > On Mon, Apr 22, 2019 at 06:09:23PM +0200, Jonas Meurer wrote: >> Hans-Christoph Steiner: >>> Theodore Ts'o: So your choice --- we can either reassign this bug back to fastboot or android-sdk-platforms-tools, or I can downgrade the severity of this bug for e2fsprogs down to wishlist[1]. Let me know how you want to handle this. [1] This is because I view this both as a "feature request" and "bugs that are very difficult to fix due to major design considerations" (per https://www.debian.org/Bugs/Developer#severities), not to mention that it's going to affect a miniscule fraction of the e2fsprogs package's users. >>> >>> Makes sense to me. I'm fine with this being done post-Buster or as a >>> custom mke2fs in android-platform-system-core. >> >> So the bottom line here is that the ext4 formatting support in fastboot >> remains broken in Buster, right? That would be very unfortunate and a >> regression compared to Stretch. > > I'm not sure whether or not Stretch was using the old-style > make_ext4fs from AOSP, or was including the mke2fs from AOSP, but yes, > it sounds like it's a regression from stretch. I'm not sure how many > Debian users are using the Debian-native fastboot versus using the > version from the Google SDK or the AOSP binaries, though. > > It does seem that if this is considered high priority, the most > straightforward way to address this bug is going to be to include > building mke2fs from AOSP and placing it in > /usr/lib/android-sdk/platform-tools/mke2fs. I know some folks on the > android tools teams aren't excited with that approach, but that > probably is the best thing to do if you want to address this in > Buster. That approach sounds fine for buster. The only question in my mind is who will do the work... I don't really know how fastboot in stretch provided the mke2fs support, but judging by the dependencies, it might have been that fastboot used to do the formatting itself, based on being linked to android-libext4-utils and android-libsparse. The buster version of fastboot is clearly calling mk2efs, which in AOSP is built from an inline e2fsprogs fork. .hc
Processed: Bug #924976 in kombu marked as pending
Processing control commands: > tag -1 pending Bug #924976 [python-kombu] python3-kombu: Incompatible with python3-redis (>= 3) Added tag(s) pending. -- 924976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#924838: Any idea how to fix remote access when trying to build package?
Hi, any idea how to fix the attempt to access remote location when trying to build? Kind regards Andreas. -- http://fam-tille.de
Bug#924976: Bug #924976 in kombu marked as pending
Control: tag -1 pending Hello, Bug #924976 in kombu reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/modules/kombu/commit/cb9931842d6448ca4c824c43b4d62826ffcdfa31 Add debian/patch/0005-Fix-compat-with-redis3.patch to fix compatibility with python-redis (>= 3) (Closes: #924976). (this message was generated automatically) -- Greetings https://bugs.debian.org/924976
Bug#927152: teeworlds: CVE-2019-10877 CVE-2019-10878 CVE-2019-10879
On Mon, 15 Apr 2019 18:07:12 +0200 Markus Koschany wrote: > Package: teeworlds > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following vulnerabilities were published for teeworlds. > > CVE-2019-10877[0]: > | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in > | engine/shared/map.cpp that can lead to a buffer overflow, because > | multiplication of width and height is mishandled. > > > CVE-2019-10878[1]: > | In Teeworlds 0.7.2, there is a failed bounds check in > | CDataFileReader::GetData() and CDataFileReader::ReplaceData() and > | related functions in engine/shared/datafile.cpp that can lead to an > | arbitrary free and out-of-bounds pointer write, possibly resulting in > | remote code execution. > > > CVE-2019-10879[2]: > | In Teeworlds 0.7.2, there is an integer overflow in > | CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to > | a buffer overflow and possibly remote code execution, because size- > | related multiplications are mishandled. > > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-10877 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877 > [1] https://security-tracker.debian.org/tracker/CVE-2019-10878 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878 > [2] https://security-tracker.debian.org/tracker/CVE-2019-10879 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879 > > Please adjust the affected versions in the BTS as needed. > > Regards, > > Markus > Hi, Teeworlds 0.7.3 was released and includes the aforementioned patches: https://teeworlds.com/?page=journal&id=12806 > fix security vulnerabilities CVE-2019-10879, CVE-2019-10879, CVE-2019-10879 Greetings, Dune
Bug#926500: freecad: FreeCad crashes when attemting to edit a existing sketch
Hello Pere, This issue has also been reported in the FreeCAD forums, and there are two likely culprits. One user reported that temporarily moving the ~/.FreeCAD directory and then launching FreeCAD resulted in the issue no longer occurring, which would narrow the cause down to some file in that directory. The other possible issue is the presence of 3rd party extensions, whether installed from the FreeCAD Community Extras PPA or otherwise, causing upgrade issues which may or may not have been noticed. Could you try the "moving ~/.FreeCAD" workaround, and if that doesn't work, could you provide the output of `ls -l /usr/lib/freecad`?
Bug#927709: libetpan: GnuTLS timeouts are 1000 times shorter than configured
On Sun, Apr 21, 2019 at 09:10:26PM +0100, Chris Boot wrote: > Control: severity -1 serious > Control: tags -1 patch > > Dear Maintainer, > > I think this bug should be RC given that it appears to make some > important (to some people at least) software potentially unusable on > Buster. Please feel free to downgrade if you particularly disagree, though. Isn't that basically the definition of 'important' severity level? :-) Anyway, haven't looked at the bug or the fix, just arriving from a short trip, so if you feel serious is more appropriate, so be it. thanks, -- Ricardo Mones ~ I'm sorry, my responses are limited. You must ask the right questions. A hologram signature.asc Description: PGP signature
Bug#927753: gnome-maps: segmentation fault at startup
Package: gnome-maps Version: 3.30.3-1 Severity: grave Justification: renders package unusable Dear Maintainer, * What led up to the situation? starts gnome-maps * What exactly did you do (or not do) that was effective (or ineffective)? run gnome-maps in CLI * What was the outcome of this action? ~$ gnome-maps (org.gnome.Maps:29445): Gjs-WARNING **: 19:54:40.265: Some code called array.toString() on a Uint8Array instance. Previously this would have interpreted the bytes of the array as a string, but that is nonstandard. In the future this will return the bytes as comma-separated digits. For the time being, the old behavior has been preserved, but please fix your code anyway to explicitly call ByteArray.toString(array). (Note that array.toString() may have been called implicitly.) 0 ["resource:///org/gnome/Maps/js/osmTypes.js":32] 1 ["resource:///org/gnome/Maps/js/osmEditDialog.js":35] 2 ["resource:///org/gnome/Maps/js/osmEdit.js":25] 3 ["resource:///org/gnome/Maps/js/contextMenu.js":33] 4 ["resource:///org/gnome/Maps/js/mainWindow.js":33] 5 ["resource:///org/gnome/Maps/js/application.js":35] 6 ["resource:///org/gnome/Maps/js/main.js":43] 7 start() ["resource:///org/gnome/gjs/modules/package.js":209] 8 ["/usr/bin/gnome-maps":2] (org.gnome.Maps:29445): Gjs-WARNING **: 19:54:41.312: Some code called array.toString() on a Uint8Array instance. Previously this would have interpreted the bytes of the array as a string, but that is nonstandard. In the future this will return the bytes as comma-separated digits. For the time being, the old behavior has been preserved, but please fix your code anyway to explicitly call ByteArray.toString(array). (Note that array.toString() may have been called implicitly.) 0 load() ["resource:///org/gnome/Maps/js/placeStore.js":168] 1 _initPlaceStore() ["resource:///org/gnome/Maps/js/application.js":186] 2 vfunc_startup() ["resource:///org/gnome/Maps/js/application.js":233] 3 main() ["resource:///org/gnome/Maps/js/main.js":57] 4 run() ["resource:///org/gnome/gjs/modules/package.js":225] 5 start() ["resource:///org/gnome/gjs/modules/package.js":209] 6 ["/usr/bin/gnome-maps":2] Erreur de segmentation * What outcome did you expect instead? gnome-maps starts ... BR -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-maps depends on: ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 ii geoclue-2.0 2.5.2-1 ii gir1.2-champlain-0.120.12.16-3 ii gir1.2-clutter-1.0 1.26.2+dfsg-10 ii gir1.2-cogl-1.0 1.22.2-6 ii gir1.2-gdkpixbuf-2.0 2.38.1+dfsg-1 ii gir1.2-geoclue-2.0 2.5.2-1 ii gir1.2-geocodeglib-1.0 3.26.0-2 ii gir1.2-gfbgraph-0.2 0.2.3-3 ii gir1.2-glib-2.0 1.58.3-2 ii gir1.2-goa-1.0 3.30.1-2 ii gir1.2-gtk-3.0 3.24.5-1 ii gir1.2-gtkchamplain-0.12 0.12.16-3 ii gir1.2-gtkclutter-1.01.8.4-4 ii gir1.2-gweather-3.0 3.28.2-2 ii gir1.2-rest-0.7 0.8.1-1 ii gir1.2-secret-1 0.18.7-1 ii gir1.2-soup-2.4 2.64.2-2 ii gir1.2-webkit2-4.0 2.24.1-dmo1 ii gjs 1.54.3-1 ii libc62.28-8 ii libchamplain-0.12-0 0.12.16-3 ii libfolks25 0.11.4-1+b2 ii libgee-0.8-2 0.20.1-2 ii libgeocode-glib0 3.26.0-2 ii libglib2.0-0 2.58.3-1 ii libglib2.0-bin 2.58.3-1 ii librest-0.7-00.8.1-1 ii libxml2 2.9.4+dfsg1-7+b3 gnome-maps recommends no packages. gnome-maps suggests no packages. -- no debconf information
Bug#924591: this requires linking in libsparse, which is from Android sources
On Mon, Apr 22, 2019 at 06:09:23PM +0200, Jonas Meurer wrote: > Hans-Christoph Steiner: > > Theodore Ts'o: > >> So your choice --- we can either reassign this bug back to fastboot or > >> android-sdk-platforms-tools, or I can downgrade the severity of this > >> bug for e2fsprogs down to wishlist[1]. Let me know how you want to > >> handle this. > >> > >> [1] This is because I view this both as a "feature request" and "bugs > >> that are very difficult to fix due to major design considerations" > >> (per https://www.debian.org/Bugs/Developer#severities), not to mention > >> that it's going to affect a miniscule fraction of the e2fsprogs > >> package's users. > > > > Makes sense to me. I'm fine with this being done post-Buster or as a > > custom mke2fs in android-platform-system-core. > > So the bottom line here is that the ext4 formatting support in fastboot > remains broken in Buster, right? That would be very unfortunate and a > regression compared to Stretch. I'm not sure whether or not Stretch was using the old-style make_ext4fs from AOSP, or was including the mke2fs from AOSP, but yes, it sounds like it's a regression from stretch. I'm not sure how many Debian users are using the Debian-native fastboot versus using the version from the Google SDK or the AOSP binaries, though. It does seem that if this is considered high priority, the most straightforward way to address this bug is going to be to include building mke2fs from AOSP and placing it in /usr/lib/android-sdk/platform-tools/mke2fs. I know some folks on the android tools teams aren't excited with that approach, but that probably is the best thing to do if you want to address this in Buster. - Ted
Bug#924591: this requires linking in libsparse, which is from Android sources
Hans-Christoph Steiner: > Theodore Ts'o: >> So your choice --- we can either reassign this bug back to fastboot or >> android-sdk-platforms-tools, or I can downgrade the severity of this >> bug for e2fsprogs down to wishlist[1]. Let me know how you want to >> handle this. >> >> [1] This is because I view this both as a "feature request" and "bugs >> that are very difficult to fix due to major design considerations" >> (per https://www.debian.org/Bugs/Developer#severities), not to mention >> that it's going to affect a miniscule fraction of the e2fsprogs >> package's users. > > Makes sense to me. I'm fine with this being done post-Buster or as a > custom mke2fs in android-platform-system-core. So the bottom line here is that the ext4 formatting support in fastboot remains broken in Buster, right? That would be very unfortunate and a regression compared to Stretch. Cheers jonas signature.asc Description: OpenPGP digital signature
Bug#883872: bitlbee: Extremely incomplete d/copyright
>Side note: Considering that the maintainer of the package has no time >to care for RC bugs in copyright with patch attached the package might >be a good candidate for some force-modernise effort. That's a rather unfair way of phrasing it. I worked closely with wilmer on this issue, and we didn't take the first patch as it was clearly inadequate. But he said he's willing to take patches. After I merged my own PR we started discussing how to actually get it in testing, since as you have now found, the versions in testing and unstable are different upstream releases, which complicates things. Anyway, you figured that out, that's sorted, thanks for that. That said, about that "force-modernise", we'd definitely be happy to take any improvements to the packaging as PRs. It's certainly not the most modern thing out there, but our previous attempts to clean it up didn't get too far as the way we split bitlbee, bitlbee-libpurple, and bitlbee-common means we actually require a lot of the garbage in the rules file. So personally I decided I'd rather work on the longer term plan of refactoring the code to make libpurple into a real plugin.
Bug#927747: bind9_dlz backend is entirely broken in Debian
Package: samba Version: 2:4.9.5+dfsg-3 Severity: grave Hi, I upgraded a DC from stretch to buster, and DNS for AD (via bind9_dlz) started failing in strange ways. (In particular, when I changed the IP address of the DC, samba-tool dns query would return the correct addresses, but actual DNS lookups would return the old ones.) It turns out that upstream, bind9_dlz data has moved from /var/lib/samba/private to /var/lib/samba/bind-dns; however, there's no notice about this anywhere, and the path does not exist in Debian. (Thus, the .conf file in use didn't even mention the BIND 9.11 .so file, much less load it.) Furthermore, if you try to remedy this problem yourself by mkdir-ing the new directory and running samba_dnsupgrade, BIND will no longer start due to AppArmor policies being out of date: [84419.640664] audit: type=1400 audit(1555945763.230:88): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/lib/samba/bind-dns/named.conf" pid=9043 comm="isc-worker" requested_mask="r" denied_mask="r" fsuid=111 ouid=0 [84486.581899] audit: type=1400 audit(1555945830.170:89): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/lib/samba/bind-dns/named.conf" pid=9171 comm="isc-worker" requested_mask="r" denied_mask="r" fsuid=111 ouid=0 Given that AppArmor now seems to be default on in buster, this breaks the functionality completely, even for new installations (not just for upgrades from stretch). I would suppose that postinst needs to check whether BIND9_DLZ is in use, and if so, run samba_upgradedns --dns-backend=BIND9_DLZ and then finally pop up a message saying that the admin will have to change the .conf path in named.conf.local. And the AppArmor profile will need to be fixed. Even after this, I had to run samba_dnsupdate once with --use-samba-tool, and then it would finally run without “dns_tkey_gssnegotiate: TKEY is unacceptable” the next time. -- System Information: Debian Release: buster/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.6 (SMP w/40 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE=en_NO:en_US:en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages samba depends on: ii adduser 3.118 ii dpkg 1.19.6 ii init-system-helpers 1.56+nmu1 ii libbsd0 0.9.1-2 ii libc62.28-8 ii libldb1 2:1.5.1+really1.4.6-3 ii libpam-modules 1.3.1-5 ii libpam-runtime 1.3.1-5 ii libpopt0 1.16-12 ii libpython2.7 2.7.16-2 ii libtalloc2 2.1.14-2 ii libtdb1 1.3.16-2+b1 ii libtevent0 0.9.37-1 ii libwbclient0 2:4.9.5+dfsg-3 ii lsb-base 10.2019031300 ii procps 2:3.3.15-2 ii python 2.7.16-1 pn python-dnspython pn python-samba ii python2.72.7.16-2 pn samba-common pn samba-common-bin ii samba-libs 2:4.9.5+dfsg-3 pn tdb-tools ii update-inetd 4.49 Versions of packages samba recommends: ii attr1:2.4.48-4 ii logrotate 3.14.0-4 pn samba-dsdb-modules pn samba-vfs-modules Versions of packages samba suggests: pn bind9 pn bind9utils pn ctdb pn ldb-tools ii ntp1:4.2.8p12+dfsg-4 pn smbldap-tools pn ufw pn winbind
Bug#883872: Bug#927383: unblock: bitlbee/3.6-1.1
Andreas Tille: > Control: tags -1 - moreinfo > > Hi Niels, > > On Fri, Apr 19, 2019 at 06:05:00AM +, Niels Thykier wrote: > [...] > >> If the incomplete d/copyright also applies to testing, then it will need >> a fix via testing-proposed-updates. The bug metadata does not have any >> found version, so it is not clear to me if the issue existing before the >> new upstream version in sid or that version introduced the issue. > > I think the patch also applies to version in testing. I've now > uploaded to testing-proposed-updates - debdiff attached. > > [...] > > Kind regards > > Andreas. > Approved the tpu upload, thanks. ~Niels
Bug#883872: marked as done (bitlbee: Extremely incomplete d/copyright)
Your message dated Mon, 22 Apr 2019 14:33:35 + with message-id and subject line Bug#883872: fixed in bitlbee 3.5.1-1.3 has caused the Debian Bug report #883872, regarding bitlbee: Extremely incomplete d/copyright to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 883872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883872 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: bitlbee Justification: Policy 12.5, 12.5.1 Severity: serious This package has an extremely incorrect d/copyright file. Additionally, this file is not machine readable. It also lacks accurate information such as what "portions" of code a license refers to. Almost none of the copyright information found in the source is represented in d/copyright. A non-inclusive list of a couple unrepresented files: - lib/ftutil.(c|h) - lib/json.(c|h) - lib/Makefile - lib/ns_parse.c - lib/proxy.(c|h) - utils/bitlbee-ctl.pl - protocols/ft.h - protocols/jabber/hipchat.c - protocols/jabber/s5bytestream.c - protocols/jabber/si.c - protocols/msn/Makefile - protocols/oscar/* - [...] -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-1-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Michael Lustfield --- End Message --- --- Begin Message --- Source: bitlbee Source-Version: 3.5.1-1.3 We believe that the bug you reported is fixed in the latest version of bitlbee, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 883...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille (supplier of updated bitlbee package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Apr 2019 15:54:20 +0200 Source: bitlbee Binary: bitlbee bitlbee-libpurple bitlbee-common bitlbee-dev bitlbee-plugin-otr Architecture: source all amd64 Version: 3.5.1-1.3 Distribution: testing-proposed-updates Urgency: medium Maintainer: Wilmer van der Gaast Changed-By: Andreas Tille Description: bitlbee- IRC to other chat networks gateway (default version) bitlbee-common - IRC to other chat networks gateway (common files/docs) bitlbee-dev - IRC to other chat networks gateway (dev files) bitlbee-libpurple - IRC to other chat networks gateway (using libpurple) bitlbee-plugin-otr - IRC to other chat networks gateway (OTR plugin) Closes: 883872 Changes: bitlbee (3.5.1-1.3) testing-proposed-updates; urgency=medium . * Non-maintainer upload. * Apply patch to d/copyright provided by Jochen Sprickerhof Closes: #883872 Checksums-Sha1: 04f6f610c4b9c929de4006ea185572f260529d94 2271 bitlbee_3.5.1-1.3.dsc 9f800f329e44b056c66d67cf282f238c 16633 bitlbee_3.5.1-1.3.diff.gz bd40b5798e5ff5152563f00317eb05737977518b 79418 bitlbee-common_3.5.1-1.3_all.deb ca11dedba58f754ef0397097295e011558491c53 1057576 bitlbee-dbgsym_3.5.1-1.3_amd64.deb 1ffc3c6c431a97e004f61be03f6c61e1bce54b76 29714 bitlbee-dev_3.5.1-1.3_all.deb 4fdd303bb0c8fb2f66a1d7c95313a65599c772e0 626236 bitlbee-libpurple-dbgsym_3.5.1-1.3_amd64.deb 0fe9dfecc7ab757ac809e44308dda1f0c6b7b40b 131840 bitlbee-libpurple_3.5.1-1.3_amd64.deb b4dc7109d692a8a07127ef440e1a4f584bdbb88f 46620 bitlbee-plugin-otr-dbgsym_3.5.1-1.3_amd64.deb db09d3aba671b0fcb5d350de0f5b62d93b1d88e5 17240 bitlbee-plugin-otr_3.5.1-1.3_amd64.deb fa942ab61ea4180be775de0127eb7ee080099ebf 11435 bitlbee_3.5.1-1.3_amd64.buildinfo e3b612c21dfa7b11683c4be0f9f8acf77389f3e3 210788 bitlbee_3.5.1-1.3_amd64.deb Checksums-Sha256: 523e5850cfec457684d48b7763f08f669f5802a30686187316269498165d1fcb 2271 bitlbee_3.5.1-1.3.dsc 617753f249db676a547893dbdd910cc1f19073a3f3000964047b619637b55820 16633 bitlbee_3.5.1-1.3.diff.gz 0f7573ae6f78083b872cf38736961ac09bd57046f7ce401095d1e71b682bc6c0 79418 bitlbee-common_3.5.1-1.3_all.deb 2da971a27c02ee41098f7b0839f664f985babcf78f2c83022feb5db83082bf7f 1057576 bitlbee-dbgsym_3.5.1-1.3_amd64.deb 648768a15acdde4423256d675ff4d66bb4f
Processed: Re: Bug#927383: unblock: bitlbee/3.6-1.1
Processing control commands: > tags -1 - moreinfo Bug #883872 [src:bitlbee] bitlbee: Extremely incomplete d/copyright Ignoring request to alter tags of bug #883872 to the same tags previously set -- 883872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883872 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#883872: Bug#927383: unblock: bitlbee/3.6-1.1
Control: tags -1 - moreinfo
Hi Niels,
On Fri, Apr 19, 2019 at 06:05:00AM +, Niels Thykier wrote:
>
> Relative to testing, this request also includes a new upstream version
> with a lot of unrelated changes, which is a risk we are not ready to take.
Sure, I simply missed this.
> If the incomplete d/copyright also applies to testing, then it will need
> a fix via testing-proposed-updates. The bug metadata does not have any
> found version, so it is not clear to me if the issue existing before the
> new upstream version in sid or that version introduced the issue.
I think the patch also applies to version in testing. I've now
uploaded to testing-proposed-updates - debdiff attached.
Side note: Considering that the maintainer of the package has no time
to care for RC bugs in copyright with patch attached the package might
be a good candidate for some force-modernise effort.
Kind regards
Andreas.
--
http://fam-tille.de
diff -u bitlbee-3.5.1/debian/changelog bitlbee-3.5.1/debian/changelog
--- bitlbee-3.5.1/debian/changelog
+++ bitlbee-3.5.1/debian/changelog
@@ -1,3 +1,11 @@
+bitlbee (3.5.1-1.3) testing-proposed-updates; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply patch to d/copyright provided by Jochen Sprickerhof
+Closes: #883872
+
+ -- Andreas Tille Mon, 22 Apr 2019 15:54:20 +0200
+
bitlbee (3.5.1-1.2) unstable; urgency=medium
* Non-maintainer upload.
diff -u bitlbee-3.5.1/debian/copyright bitlbee-3.5.1/debian/copyright
--- bitlbee-3.5.1/debian/copyright
+++ bitlbee-3.5.1/debian/copyright
@@ -1,73 +1,147 @@
-This package was debianized by Wilmer van der Gaast on
-Mon, 8 Jul 2002 13:17:42 +0200.
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-The source can be downloaded from http://www.bitlbee.org/
+Files: *
+Copyright:
+ 1998-1999, Adam Fritzler
+ 2002-2006, Jelmer Vernooij
+ 2006, Marijn Kruisselbrink and others
+ 1998-1999, Mark Spencer
+ (and possibly other members of the Gaim team)
+ 2007-2013, Miklos Vajna
+ 2002, Sjoerd 'lucumo' Hemminga
+ 2008-2013, Sven Moritz Hallberg
+ 2007-2008, Uli Meis
+ 2001-2013, Wilmer 'Lintux' van der Gaast
+ 2015, Xamarin Inc
+License: GPL-2+
+
+Files: protocols/oscar/admin.c
+ protocols/oscar/admin.h
+ protocols/oscar/aim.h
+ protocols/oscar/aim_internal.h
+ protocols/oscar/aim_prefixes.h
+ protocols/oscar/auth.c
+ protocols/oscar/bos.c
+ protocols/oscar/bos.h
+ protocols/oscar/buddylist.c
+ protocols/oscar/buddylist.h
+ protocols/oscar/chat.c
+ protocols/oscar/chat.h
+ protocols/oscar/chatnav.c
+ protocols/oscar/chatnav.h
+ protocols/oscar/conn.c
+ protocols/oscar/icq.c
+ protocols/oscar/icq.h
+ protocols/oscar/im.c
+ protocols/oscar/im.h
+ protocols/oscar/info.c
+ protocols/oscar/info.h
+ protocols/oscar/Makefile
+ protocols/oscar/misc.c
+ protocols/oscar/msgcookie.c
+ protocols/oscar/oscar_util.c
+ protocols/oscar/rxhandlers.c
+ protocols/oscar/rxqueue.c
+ protocols/oscar/search.c
+ protocols/oscar/search.h
+ protocols/oscar/service.c
+ protocols/oscar/snac.c
+ protocols/oscar/ssi.c
+ protocols/oscar/ssi.h
+ protocols/oscar/stats.c
+ protocols/oscar/tlv.c
+ protocols/oscar/txqueue.c
+ protocols/twitter/twitter.c
+ protocols/twitter/twitter.h
+ protocols/twitter/twitter_http.c
+ protocols/twitter/twitter_http.h
+ protocols/twitter/twitter_lib.c
+ protocols/twitter/twitter_lib.h
+Copyright: 1998-1999, Adam Fritzler
+ 2009-2010, Geert Mulders
+ 2002-2013, Wilmer 'Lintux' van der Gaast
+License: LGPL-2.1
+
+Files: lib/json.c
+ lib/json.h
+Copyright: 2012-2014, James McLaughlin
+License: BSD-2-clause
+
+Files: lib/ns_parse.c
+Copyright: 1996-1999, Internet Software Consortium
+ 2004, Internet Systems Consortium, Inc. ("ISC")
+License: ISC
+
+Files: debian/*
+Copyright: 2002-2019, Wilmer van der Gaast
+License: GPL-2+
+
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR C
Bug#927745: openjdk-13-dbg: file conflict with openjdk-12-dbg
Package: openjdk-13-dbg Version: 13~17-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files. >From the attached log (scroll to the bottom...): Preparing to unpack .../openjdk-13-dbg_13~17-2_amd64.deb ... Unpacking openjdk-13-dbg:amd64 (13~17-2) ... dpkg: error processing archive /var/cache/apt/archives/openjdk-13-dbg_13~17-2_amd64.deb (--unpack): trying to overwrite '/usr/lib/debug/.build-id/0d/3930b740ed08f36bb7fe9187f3bfe5328e87bf.debug', which is also in package openjdk-12-dbg:amd64 12.0.1+12-1 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/openjdk-13-dbg_13~17-2_amd64.deb cheers, Andreas openjdk-12-dbg=12.0.1+12-1_openjdk-13-dbg=13~17-2.log.gz Description: application/gzip
Bug#924591: this requires linking in libsparse, which is from Android sources
Theodore Ts'o: > On Thu, Apr 18, 2019 at 09:32:06PM +0200, Hans-Christoph Steiner wrote: >> >> One possibility would be including libsparse as a patch, it doesn't >> change a lot: >> https://android.googlesource.com/platform/system/core/+log/master/libsparse >> >> But it depends on Android's libbase and libz-host. > > This might be "serious" bug from the fastboot package's perspective, > but there's no way in heck the release time is going to consider this > a bug that is "serious" priority for e2fsprogs. > > More to the point, there's now way in the world I (or the release and > installer teams) are going to make e2fsprogs, which is an > "important=yes" package with priority "required" drag in the > android-libsparse, android-libbase, and zlib1g packages. > > So the way you changed android-sdk-platforms-tools to use /sbin/mke2fs > was a really bad choice, especially this while we are in release > freeze for Buster. There's no way in the world we are going to make a > change like this to a package like e2fsprogs which is used by the > installer at this point. > > If we had more time, and if android-libsparse-dev shipped a static > library, we could have considered statically linking in > android-libsparse, android-libbase, and libz --- and see if they would > bloat the mke2fs and debugfs binaries by only a minimal amount. > > This would also require making changes to e2fsprogs configure and > Makefiles, since currently we only have support for linking in > libsparse in the AOSP build files. The reason for this is historical; > at the time when the intern working with Android team was working on > replace Android's make_ext4fs program with mke2fs and e2droid, there > was no distribution that was shipping libsparse, and trying to make > libsparse available to Linux desktop environments was *way* beyond the > scope of the Intern's project and time availability. > > We can work on this trying to find a solution post-Buster --- either > using static linking, or *possibly* figuring out a way to optionally > use dlopen() to pull in libsparse for sparse_io.c, much like the way > libss optionally pulls in the readline library using dlopen at > runtime, back when we cared about making mke2fs fit on a two 1.44 MiB > boot/root install floppies. :-) > > Alternatively, you can build your own version of mke2fs using the > libsparse from AOSP. If you want a solution that might make it in > during the Buster release freeze, that's probably the short-term > solution I would suggest. > > So your choice --- we can either reassign this bug back to fastboot or > android-sdk-platforms-tools, or I can downgrade the severity of this > bug for e2fsprogs down to wishlist[1]. Let me know how you want to > handle this. > > Cheers, > > - Ted > > [1] This is because I view this both as a "feature request" and "bugs > that are very difficult to fix due to major design considerations" > (per https://www.debian.org/Bugs/Developer#severities), not to mention > that it's going to affect a miniscule fraction of the e2fsprogs > package's users. Makes sense to me. I'm fine with this being done post-Buster or as a custom mke2fs in android-platform-system-core. .hc
Bug#927307: Bug#927688: graphicsmagick breaks mpfit autopkgtest: LockSemaphoreInfo: Assertion `semaphore_info != (SemaphoreInfo *) NULL' failed
Hi Lazlo, On 21.04.19 12:46, László Böszörményi (GCS) wrote: > I do _not_ want to NMU it as I consider that unwelcomed as Ole is > alive and well. But please, do a fixed upload of gnudatalanguage soon. Thanks for the patience; I will check this in the next days; latest at weekend (I am currently on easter vacation). Pls ping me if it is really needed earlier. Cheers Ole
Bug#927728: gnome-maps: search functionality (main or directions) causes a crash (SIGSEGV)
Hello Paul Wise, might this be related to #925539 ? Can you still reproduce it when you install libgeocode-glib0 3.26.1-1 from unstable? Kind regards, Bernhard https://bugs.debian.org/925539
Bug#927739: FTBFS: undefined reference to `yylex'
On Mon, 2019-04-22 at 14:22 +0200, Santiago Vila wrote: > > I can build libkate in my autobuilders. > > I also triggered a rebuild in reproducible-builds and it worked: > > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libkate.html > > Can you reproduce the failure in another system? > Does the failure happen always, or it happens randomly? I did some more testing. It happens only if libfl-dev is installed, which was on my system but is not part of the build dependencies. So this should either become part of Build-Conflicts or has to be fixed, but it's less bad than I thought :) To solve it, one can link with libfl.a instead of libfl.so apparently. signature.asc Description: This is a digitally signed message part
Bug#927739: FTBFS: undefined reference to `yylex'
Hi, I was not able to reproduce this neither in sbuild nor on my local system and reproducible builds doesn't show failures either. Interestingly debuild asked for bison, whereas sbuild installs neither flex nor bison. Maybe we should add both as build dependencies.. Can you send a full build log and the versions of the installed build dependencies? Cheers Jochen * Sebastian Dröge [2019-04-22 12:33]: Source: libkate Version: 0.4.1-9 Severity: serious Hi, Something seems to have changed with flex, which causes the package to now fail to build: /bin/bash ../libtool --tag=CC --silent --mode=link gcc -Wall -W -I/usr/include/libpng16 -g -O2 -fdebug-prefix-map=/home/slomo/tmp/foo/libkate-0.4.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o kateenc kateenc-kateenc.o kateenc-kate_lexer.o kateenc-kate_parser.o kateenc-kpng.o ../lib/liboggkate.la ../lib/libkate.la -logg -lpng16 -lz -lfl /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libfl.so: undefined reference to `yylex' collect2: error: ld returned 1 exit status Thanks! -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (700, 'unstable'), (500, 'unstable-debug'), (100, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled signature.asc Description: PGP signature
Bug#927739: FTBFS: undefined reference to `yylex'
On Mon, Apr 22, 2019 at 12:33:11PM +0300, Sebastian Dröge wrote: > Source: libkate > Version: 0.4.1-9 > Severity: serious > > Hi, > > Something seems to have changed with flex, which causes the package to now > fail to build: > > /bin/bash ../libtool --tag=CC --silent --mode=link gcc -Wall -W > -I/usr/include/libpng16 -g -O2 > -fdebug-prefix-map=/home/slomo/tmp/foo/libkate-0.4.1=. > -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro > -Wl,-z,now -o kateenc kateenc-kateenc.o kateenc-kate_lexer.o > kateenc-kate_parser.o kateenc-kpng.o ../lib/liboggkate.la ../lib/libkate.la > -logg -lpng16 -lz -lfl > /usr/bin/ld: > /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libfl.so: undefined > reference to `yylex' > collect2: error: ld returned 1 exit status I can build libkate in my autobuilders. I also triggered a rebuild in reproducible-builds and it worked: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/libkate.html Can you reproduce the failure in another system? Does the failure happen always, or it happens randomly? Thanks.
Bug#888547: CVE-2017-1000190
Hi, On Sun, Apr 14, 2019 at 11:57:26PM +0200, Emmanuel Bourg wrote: > Le 14/04/2019 à 23:27, Markus Koschany a écrit : > > > Simple-xml is only required to build carrotsearch-randomizedtesting. It > > is not a test-dependency though. > > > Apparently the removal makes no difference for lucene4.10. > > Indeed, because carrotsearch-randomizedtesting is just a test dependency > of lucene4.10. Thanks for the changes allowing simple-xml to be removed. I added a removal hint so simple-xml should be out of testing soon. Ivo
Bug#926985: marked as done (caffe: FTBFS, no output PDF file produced!)
Your message dated Mon, 22 Apr 2019 12:04:50 +0200
with message-id <20190422100447.noguk5lrmusyx...@debian.org>
and subject line Re: caffe: FTBFS, no output PDF file produced!
has caused the Debian Bug report #926985,
regarding caffe: FTBFS, no output PDF file produced!
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
926985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: caffe
Version: 1.0.0+git20180821.99bd997-2
Severity: serious
Tags: ftbfs buster sid
Hi Maintainer
Caffe recently FTBFS in buster and sid (last successful reproducible
build was on 2019-01-15 [1]) with the following error:
Package longtable Warning: Column widths have changed
(longtable)in table 5.5 on input line 97.
! Improper \prevdepth.
\tabu@verticalspacing ...tempdimc \the \prevdepth
\@tempdima \dimexpr \ht \t...
l.136 \end{DoxyParams}
?
! Emergency stop.
\tabu@verticalspacing ...tempdimc \the \prevdepth
\@tempdima \dimexpr \ht \t...
l.136 \end{DoxyParams}
! ==> Fatal error occurred, no output PDF file produced!
Transcript written on refman.log.
make[2]: *** [Makefile:6: refman.pdf] Error 1
make[2]: Leaving directory
'/build/caffe-1.0.0+git20180821.99bd997/doxygen/latex'
make[1]: *** [debian/rules:75: override_dh_auto_build-indep] Error 2
make[1]: Leaving directory '/build/caffe-1.0.0+git20180821.99bd997'
make: *** [debian/rules:59: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
Regards
Graham
[1] https://tests.reproducible-builds.org/debian/history/amd64/caffe.html
--- End Message ---
--- Begin Message ---
Hi,
On Sat, Apr 13, 2019 at 10:05:45AM +0200, Graham Inggs wrote:
> This is caused by #920459 in texlive-extra. A workaround [1] that
> skips building refman.pdf was uploaded to Ubuntu.
The build of caffe succeeds with the latest texlive-extra in unstable. It will
soon be in testing as well. This bug in caffe can be closed.
Thanks,
Ivo--- End Message ---
Bug#927467: dput-ng: FTBFS (failing tests)
Hi, I had a look into this and created a merge request to fix it in dput-ng: https://salsa.debian.org/debian/dput-ng/merge_requests/6 Please review and reassign this bug to dput-ng, if you agree. Cheers Jochen * Mattia Rizzolo [2019-04-21 16:19]: On Sat, Apr 20, 2019 at 11:46:26PM +0200, Santiago Vila wrote: On Sat, Apr 20, 2019 at 11:40:07PM +0200, Mattia Rizzolo wrote: > This is because ubuntu released disco, and now there is no development > release. Hmm, but why the building of a package should be affected by whatever happens in the outside world? Is dput-ng using Internet during the build? It doesn't use internet, it uses the static data contained in distro-info-data. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#927057: 1Gb of logs is too much
I think the issue here is that python's logging isn't compressing older files. total 1.1G -rw-r--r-- 1 matrix-synapse matrix-synapse 68M Apr 22 02:12 homeserver.log -rw-r--r-- 1 matrix-synapse matrix-synapse 100M Apr 18 05:13 homeserver.log.1 -rw-r--r-- 1 matrix-synapse matrix-synapse 100M Feb 25 13:29 homeserver.log.10 -rw-r--r-- 1 matrix-synapse matrix-synapse 100M Apr 11 19:04 homeserver.log.2 A patch is needed upstream in order to make it compress logs w/ python's logger: https://stackoverflow.com/questions/8467978/python-want-logging-with-log-rotation-and-compression As a workaround, the package could probably just ship a script in cron.daily to do the following: #!/bin/sh -e for log in /var/log/matrix-synapse/*.log.*[02-9]; do test -f $log && gzip $log; done After compression, things are a bit more reasonable: total 213M -rw-r--r-- 1 matrix-synapse matrix-synapse 68M Apr 22 02:32 homeserver.log -rw-r--r-- 1 matrix-synapse matrix-synapse 100M Apr 18 05:13 homeserver.log.1 -rw-r--r-- 1 matrix-synapse matrix-synapse 5.0M Feb 25 13:29 homeserver.log.10.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.0M Apr 11 19:04 homeserver.log.2.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.1M Apr 6 04:48 homeserver.log.3.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.1M Apr 1 00:35 homeserver.log.4.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.1M Mar 26 15:22 homeserver.log.5.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.1M Mar 21 00:08 homeserver.log.6.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.0M Mar 15 06:03 homeserver.log.7.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.1M Mar 9 20:34 homeserver.log.8.gz -rw-r--r-- 1 matrix-synapse matrix-synapse 5.0M Mar 3 09:15 homeserver.log.9.gz
Bug#927739: FTBFS: undefined reference to `yylex'
Source: libkate Version: 0.4.1-9 Severity: serious Hi, Something seems to have changed with flex, which causes the package to now fail to build: /bin/bash ../libtool --tag=CC --silent --mode=link gcc -Wall -W -I/usr/include/libpng16 -g -O2 -fdebug-prefix-map=/home/slomo/tmp/foo/libkate-0.4.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o kateenc kateenc-kateenc.o kateenc-kate_lexer.o kateenc-kate_parser.o kateenc-kpng.o ../lib/liboggkate.la ../lib/libkate.la -logg -lpng16 -lz -lfl /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libfl.so: undefined reference to `yylex' collect2: error: ld returned 1 exit status Thanks! -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (700, 'unstable'), (500, 'unstable-debug'), (100, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#927714: CVE-2019-3885 CVE-2018-16877 CVE-2018-16878
Hi, On Sun, Apr 21, 2019 at 10:27:30PM +0200, Moritz Muehlenhoff wrote: > Source: pacemaker > Severity: grave > Tags: security > > Please see https://www.openwall.com/lists/oss-security/2019/04/17/1 Please note that when fixing the issues, in the original patchsets there were some behaviour regressions, I think they should be adressed in the followups as noted in https://www.openwall.com/lists/oss-security/2019/04/18/2 (but not sure if they are complete). It references as well pull requests for master and 1.1 branches. Regards, Salvatore
