Bug#929399: virtualbox-guest-dkms: error in building kernel module
Package: virtualbox-guest-dkms Version: 6.0.8-dfsg-5 Followup-For: Bug #929399 Dear Maintainer, make error is (probably added in -5 toi fix build for 5.2 kernel) : LD [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxsf/vboxsf.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/hgsmi_base.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/modesetting.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/vbox_fb.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/vbox_drv.o /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxvideo/vbox_fb.c:336: error: unterminated #else #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) -- System Information: Debian Release: 10.0 APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.45 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages virtualbox-guest-dkms depends on: ii dkms 2.6.1-4 virtualbox-guest-dkms recommends no packages. virtualbox-guest-dkms suggests no packages.
Bug#929381: needs cdrecord binary which isn't in Debian
Hi, Debian's simpleburn depends among others on cdrskin. If it asks for cdrecord, then it has not been properly adapted to this dependency. A simple workaround would be to create a symbolic link sudo ln -s /usr/bin/cdrskin /usr/bin/cdrecord cdrskin understands many cdrecord options as of year 2006. It has capabilities and options added for DVD and BD. If you need all CD burning features of cdrecord (at the expense of DVD and BD burning), then install wodim and use it as cdrecord: sudo ln -s /usr/bin/wodim /usr/bin/cdrecord wodim understands all cdrecord options as of year 2006. The only occasion in https://sources.debian.org/src/simpleburn/1.8.0-1/src/simpleburn.sh/ where this might be neccessary is in line 204: cdrecord -v -eject speed=$WRITESPEED gracetime=3 dev=$device -audio -pad -useinfo -text *.wav This expects for any X.wav file a file X.inf with CD-TEXT info. cdrskin will ignore this option. wodim will try to obey. The .inf files are probably created by runs of cdda2wav in simpleburn.sh. For them you need wodim's companion icedax and create a link sudo ln -s /usr/bin/icedax /usr/bin/cdda2wav -- The simpleburn package urgently needs a patch to adapt to cdrskin or wodim instead of cdrecord and to icedax instead of cdda2wav. It should also be checked whether other cdrtools programs need to be replaced by cdrkit programs. It should be quite easy for an end user to adapt simpleburn.sh to the programs of cdrkit (wodim, icedax, ...). cdrskin would be of interest only if you plan to burn DVD or BD media and if simpleburn is prepared to handle these media types at all. The difference between adapted and not adapted script would constitute a patch that should be added to the packages debian/patches directory. https://sources.debian.org/src/simpleburn/1.8.0-1/debian/patches/ Have a nice day :) Thomas
Bug#929283: zookeeper: CVE-2019-0201: information disclosure vulnerability
[Adding t...@security.debian.org to CC] Hi, > zookeeper: CVE-2019-0201: information disclosure vulnerability Happy to prepare an update for stretch; I plan to do one for jessie LTS (which, helpfully, has the same version...) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#929297: minissdpd: CVE-2019-12106
Hi, > > The following vulnerability was published for minissdpd. > > > > CVE-2019-12106[0]: > > | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and > > | 1.5 allows a remote attacker to crash the process due to a Use After > > | Free vulnerability. […] > Chris, thanks for your proposal to update Stretch, I very much > appreciate it. Ping, security team? :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-
Bug#923930: FTBFS: FAIL test_chain
Heimdal's hx509 relies on ctime(), gmtime(), strptime() and tm2time() all of which are constrained by glibc's concept of time. Please advise when Debian provides 64-bit time versions of these functions on i386. Jeffrey Altman Heimdal Project Manager smime.p7s Description: S/MIME Cryptographic Signature
Bug#923930: FTBFS: FAIL test_chain
On 5/22/2019 6:25 PM, Brian May wrote: > To me it really sounds like Heimdal is dropping support for 32 bit > architectures then. > > However Debian doesn't have the luxury of being able to drop the 32 bit > version of Heimdal, just for the sake of a faulty test. Particularly > when existing versions have known security issues. Heimdal isn't dropping support for 32-bit architectures; Debian is failing to support timestamps past 19 Jan 2038 03:14:07 UTC using the standard integer type for time: time_t. Heimdal uses time_t in its public api. Therefore, we cannot simply change from 32-bit time_t or (time_t *) in a public api and replace it with int64_t and (int64_t *) without breaking the API and ABI contracts. We certainly are not going to do so in a minor release. Even if we did Debian wouldn't accept the change in its stable distributions because doing so would break the API and ABI contracts. > Does this problem affect Heimdal versions < 7.5.0? It sounds like > these version should be fine (thinking of Jessie and Stretch security > updates here). I'm not sure if you are asking about the 32-bit time limitation on platforms that provide 32-bit time_t or the security vulnerabilities. The range of affected Heimdal versions was published as part of the CVE-2018-16860 announcement. Quoting from that text: == CVE ID#: CVE-2018-16860 == == Versions:All Samba versions since Samba 4.0 == All releases of Heimdal from 0.8 including 7.5.0 == and any products that ship a KDC derived from one of == those Heimdal releases. Since Jessie and Stretch distribute vulnerable versions of Heimdal, Debian should update them. The 32-bit time limitation imposed by OS platforms whose time_t is 32-bit affects all versions of Heimdal. Our advice to Debian is to replace the certificate with one that has an expiration date before 19 Jan 2038 03:14:07 UTC. Otherwise, Debian will fail to detect failures of the certificate validation code caused by patches that might be applied to OpenSSL. Changes to the API and ABI can occur as part of a major release such as 8.0. These is an open issue to address the problem as part of Heimdal 8.0. Jeffrey Altman Heimdal Project Manager smime.p7s Description: S/MIME Cryptographic Signature
Bug#923930: FTBFS: FAIL test_chain
Jeffrey Altman writes: > Background on this test failure. > > The reason that the Heimdal 7.5.0 tests began to fail after they > previously succeeded is because the failing test relies upon an X.509 > certificate that expired on March 4 2019. > > Then post 7.5.0 support was added to support OpenSSL 1.1 which included > the ability to handle certificates with expiration dates post 19 Jan > 2038 03:14:07 UTC. > > Heimdal also updated the test suite certificates to last 500 years. > These certificates work fine on platforms with 64-bit time_t but on > platforms such as Debian Linux i386 where time_t is 32-bit, the tests > will fail. > > There has been no code change to Heimdal and there is no intention to > replace the use of time_t within Heimdal for a Heimdal specific time > integer type within the Heimdal 7.x series. Making such a change would > alter not only APIs but ABIs. Its unclear when or if we could make such > a change for the same reasons that Debian cannot alter the size of > time_t on i386. To me it really sounds like Heimdal is dropping support for 32 bit architectures then. However Debian doesn't have the luxury of being able to drop the 32 bit version of Heimdal, just for the sake of a faulty test. Particularly when existing versions have known security issues. To solve this for the immediate short term, I am seriously considering disabling all 6 tests that are failing (see patch below). This in turn will solve the FTBFS bug, and allow us to solve the security issues (which are probably more important then the tests). Hopefully this in turn will get accepted into Buster. Does this problem affect Heimdal versions < 7.5.0? It sounds like these version should be fine (thinking of Jessie and Stretch security updates here). === cut === From: Brian May Date: Wed, 22 May 2019 17:19:48 +1000 Subject: Disable tests that are failing due to expired cert See https://bugs.debian.org/923930 --- lib/hx509/Makefile.am | 3 --- tests/kdc/Makefile.am | 3 --- 2 files changed, 6 deletions(-) diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am index bd71225..2880676 100644 --- a/lib/hx509/Makefile.am +++ b/lib/hx509/Makefile.am @@ -220,10 +220,7 @@ PROGRAM_TESTS =\ test_expr SCRIPT_TESTS = \ - test_ca \ test_cert \ - test_chain \ - test_cms\ test_crypto \ test_nist \ test_nist2 \ diff --git a/tests/kdc/Makefile.am b/tests/kdc/Makefile.am index 57b8f9a..b4f3d77 100644 --- a/tests/kdc/Makefile.am +++ b/tests/kdc/Makefile.am @@ -27,13 +27,10 @@ SCRIPT_TESTS = \ check-fast \ check-kadmin \ check-hdb-mitdb \ - check-kdc \ - check-kdc-weak \ check-keys \ check-kpasswdd \ check-pkinit \ check-referral \ - check-tester \ check-uu TESTS = $(SCRIPT_TESTS) === cut === -- Brian May
Bug#929408: ruby-inherited-resources: /usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb is already shipped by ruby-jbuilder
Package: ruby-inherited-resources Version: 1.9.0-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces >From the attached log (scroll to the bottom...): Preparing to unpack .../ruby-inherited-resources_1.9.0-1_all.deb ... Unpacking ruby-inherited-resources (1.9.0-1) ... dpkg: error processing archive /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb (--unpack): trying to overwrite '/usr/lib/ruby/vendor_ruby/generators/rails/templates/controller.rb', which is also in package ruby-jbuilder 2.7.0-1 Errors were encountered while processing: /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb cheers, Andreas ruby-jbuilder=2.7.0-1_ruby-inherited-resources=1.9.0-1.log.gz Description: application/gzip
Bug#929407: ruby-inherited-resources: /usr/lib/ruby/vendor_ruby/generators/rails/USAGE is already shipped by ruby-active-model-serializers
Package: ruby-inherited-resources Version: 1.9.0-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces >From the attached log (scroll to the bottom...): Preparing to unpack .../ruby-inherited-resources_1.9.0-1_all.deb ... Unpacking ruby-inherited-resources (1.9.0-1) ... dpkg: error processing archive /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb (--unpack): trying to overwrite '/usr/lib/ruby/vendor_ruby/generators/rails/USAGE', which is also in package ruby-active-model-serializers 0.10.8-1 Errors were encountered while processing: /var/cache/apt/archives/ruby-inherited-resources_1.9.0-1_all.deb cheers, Andreas ruby-active-model-serializers=0.10.8-1_ruby-inherited-resources=1.9.0-1.log.gz Description: application/gzip
Bug#929406: hdf5: libhdf5-*103-1 missing Breaks+Replaces: libhdf5-*103
Package: libhdf5-103-1,libhdf5-cpp-103-1,libhdf5-mpich-103-1,libhdf5-mpich-cpp-103-1,libhdf5-openmpi-103-1,libhdf5-openmpi-cpp-103-1 Version: 1.10.5+repack-1~exp6 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'experimental' to 'experimental'. It installed fine in 'experimental', then the upgrade to 'experimental' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces >From the attached log (scroll to the bottom...): Selecting previously unselected package libhdf5-103-1:amd64. Preparing to unpack .../libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb ... Unpacking libhdf5-103-1:amd64 (1.10.5+repack-1~exp6) ... dpkg: error processing archive /var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_serial.so.103.1.0', which is also in package libhdf5-103:amd64 1.10.5+repack-1~exp5 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libhdf5-103-1_1.10.5+repack-1~exp6_amd64.deb Selecting previously unselected package libhdf5-openmpi-103-1:amd64. Preparing to unpack .../libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb ... Unpacking libhdf5-openmpi-103-1:amd64 (1.10.5+repack-1~exp6) ... dpkg: error processing archive /var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_openmpi.so.103', which is also in package libhdf5-openmpi-103:amd64 1.10.4+repack-10 Selecting previously unselected package libhdf5-openmpi-cpp-103-1:amd64. Preparing to unpack .../libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb ... Unpacking libhdf5-openmpi-cpp-103-1:amd64 (1.10.5+repack-1~exp6) ... dpkg: error processing archive /var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/libhdf5_openmpi_cpp.so.103.1.0', which is also in package libhdf5-openmpi-cpp-103:amd64 1.10.5+repack-1~exp5 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libhdf5-openmpi-103-1_1.10.5+repack-1~exp6_amd64.deb /var/cache/apt/archives/libhdf5-openmpi-cpp-103-1_1.10.5+repack-1~exp6_amd64.deb I didn't check all failures, but I assume it's the same problem in all packages. cheers, Andreas libhdf5-openmpi-cpp-103=1.10.5+repack-1~exp5_libhdf5-openmpi-cpp-103-1=1.10.5+repack-1~exp6.log.gz Description: application/gzip
Bug#929386: Can you please run `inject-into-salsa-git` on your local clone (Was: Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends))
Hi Steffen, can you please run `inject-into-salsa-git` on your local clone. There is no Git repository at https://salsa.debian.org/r-pkg-team/r-cran-webgestaltr Kind regards Andreas. -- http://fam-tille.de
Bug#929399: virtualbox-guest-dkms: error in building kernel module
Package: virtualbox-guest-dkms Version: 6.0.8-dfsg-4 Severity: grave Justification: renders package unusable Dear Maintainer, Since last update (installed on my machine about a day ago) the package can't build kernel module because of failing of building vboxvideo. I've only found out that in the build directory of vboxvideo wrong include library path is used. -- System Information: Distributor ID: Parrot Description:Parrot GNU/Linux 4.6 Release:4.6 Codename: n/a Architecture: x86_64 Kernel: Linux 5.1.0-parrot1-3t-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages virtualbox-guest-dkms depends on: ii dkms 2.6.1-4 virtualbox-guest-dkms recommends no packages. virtualbox-guest-dkms suggests no packages. -- no debconf information DKMS make.log for virtualbox-guest-6.0.8 for kernel 5.1.0-parrot1-3t-amd64 (x86_64) Wed 22 May 22:51:02 MSK 2019 make: Entering directory '/usr/src/linux-headers-5.1.0-parrot1-3t-amd64' CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuest-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuest.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibGenericRequest.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibHGCMInternal.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibInit.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibPhysHeap.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/VBoxGuestR0LibVMMDev.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/alloc-r0drv.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/initterm-r0drv.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/memobj-r0drv.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/mpnotification-r0drv.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/powernotification-r0drv.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/alloc-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/assert-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/initterm-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/memobj-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/memuserkernel-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/mp-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/mpnotification-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/process-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semevent-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semeventmulti-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semfastmutex-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/semmutex-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/spinlock-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/thread-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/thread2-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/time-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/timer-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/linux/RTLogWriteDebugger-r0drv-linux.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/r0drv/generic/semspinmutex-r0drv-generic.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/alloc/alloc.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/RTErrConvertFromErrno.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/RTErrConvertToErrno.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/err/errinfo.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/log.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logellipsis.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logrel.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logrelellipsis.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logcom.o CC [M] /var/lib/dkms/virtualbox-guest/6.0.8/build/vboxguest/common/log/logformat.o CC [M] /var/lib/dkms
Bug#929398: jasperreports: Should jasperreports be removed from unstable?
Source: jasperreports Version: 6.3.1-2 Severity: serious Justification: unfit for a Debian release Hi Given the discussion around https://bugs.debian.org/880467#10 and the fact that removing jasperreports from unstable will cause no issues with reverse (build) dependencies anymore: > $ dak rm --suite=sid -n -R jasperreports > Will remove the following packages from sid: > > jasperreports |6.3.1-2 | source > libjasperreports-java |6.3.1-2 | all > > Maintainer: Debian Java Maintainers > > > --- Reason --- > > -- > > Checking reverse dependencies... > No dependency problem found. Should jasperreports now be removed from the archive? Regards, Salvatore
Processed: retitle 928526 to linux-image-4.19.0-4-amd64: data corruption with swap file on filesystem with encrypted SSD, LVM and TRIM enabled
Processing commands for cont...@bugs.debian.org: > # Mention the fact that only swap files seen affected, see > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928526#10 > retitle 928526 linux-image-4.19.0-4-amd64: data corruption with swap file on > filesystem with encrypted SSD, LVM and TRIM enabled Bug #928526 [src:linux] linux-image-4.19.0-4-amd64: data corruption when swapping to encrypted SSD with LVM and TRIM enabled Changed Bug title to 'linux-image-4.19.0-4-amd64: data corruption with swap file on filesystem with encrypted SSD, LVM and TRIM enabled' from 'linux-image-4.19.0-4-amd64: data corruption when swapping to encrypted SSD with LVM and TRIM enabled'. > thanks Stopping processing here. Please contact me if you need assistance. -- 928526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929395: marked as done (typecatcher: FTBFS: dh: unable to load addon python3)
Your message dated Wed, 22 May 2019 19:03:32 + with message-id and subject line Bug#929395: fixed in typecatcher 0.3-1.1 has caused the Debian Bug report #929395, regarding typecatcher: FTBFS: dh: unable to load addon python3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929395 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: typecatcher Version: 0.3-1 Severity: serious dpkg-buildpackage: info: source package typecatcher dpkg-buildpackage: info: source version 0.3-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Andrew Starr-Bochicchio dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build . dpkg-source: info: using options from typecatcher-0.3/debian/source/options: --extend-diff-ignore=(^|/)(po/typecatcher\.pot)$ fakeroot debian/rules clean dh clean --with python3 --buildsystem=pybuild dh: unable to load addon python3: Can't locate Debian/Debhelper/Sequence/python3.pm in @INC (you may need to install the Debian::Debhelper::Sequence::python3 module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 12) line 1. BEGIN failed--compilation aborted at (eval 12) line 1. make: *** [debian/rules:6: clean] Error 2 dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit status 2 -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: typecatcher Source-Version: 0.3-1.1 We believe that the bug you reported is fixed in the latest version of typecatcher, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mattia Rizzolo (supplier of updated typecatcher package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 22 May 2019 20:40:43 +0200 Source: typecatcher Binary: typecatcher Architecture: source all Version: 0.3-1.1 Distribution: unstable Urgency: medium Maintainer: Andrew Starr-Bochicchio Changed-By: Mattia Rizzolo Description: typecatcher - Download Google webfonts for off-line use Closes: 929395 Changes: typecatcher (0.3-1.1) unstable; urgency=medium . * Non-Maintainer Upload. . [ Ondřej Nový ] * d/control: Remove ancient X-Python3-Version field * d/copyright: Use https protocol in Format field * d/changelog: Remove trailing whitespaces * d/control: Set Vcs-* to salsa.debian.org . [ Mattia Rizzolo ] * Add missing build-dependency on dh-python (Closes: #929395). * Bump debhelper compat level to 12. * Bump Standards-Version to 4.3.0, no changes needed. Checksums-Sha1: ea72656bc9d23da550e4c63ee17fce3207b62543 1974 typecatcher_0.3-1.1.dsc 79ec77485c314ec1ce5734eb4a578c7edf7d0607 9272 typecatcher_0.3-1.1.debian.tar.xz fe7e1506ccf2fa75c047ed1e50ddafbda89a10e2 94780 typecatcher_0.3-1.1_all.deb b05fad612bd5503ce7198f61e2226c7e07ce8849 12034 typecatcher_0.3-1.1_amd64.buildinfo Checksums-Sha256: c7f3e1482993182dc5eab1121e8ae25fca8663701209ea34d51b57d46a8712b1 1974 typecatcher_0.3-1.1.dsc c502ecac19066fe083a0bbc08d328a08145f6606ca46567aaa0a991822c315b5 9272 typecatcher_0.3-1.1.debian.tar.xz 642203415a74f7a02acca8f0f2638c3335338e65b8923dbcc983053e80d1615e 94780 typecatcher_0.3-1.1_all.deb b16a67baf9c4858f81142d673a940b900f24c040b043604ca61eef7e43f21ab4 12034 typecatcher_0.3-1.1_amd64.buildinfo Files: 75920ce6c2e19735cd8bce0f37654b0b 1974 fonts optional typecatcher_0.3-1.1.dsc d8c4252a3c768c701fea8a9ebc3e2968 9272 fonts optional typecatcher_0.
Bug#923930: FTBFS: FAIL test_chain
Background on this test failure. The reason that the Heimdal 7.5.0 tests began to fail after they previously succeeded is because the failing test relies upon an X.509 certificate that expired on March 4 2019. Then post 7.5.0 support was added to support OpenSSL 1.1 which included the ability to handle certificates with expiration dates post 19 Jan 2038 03:14:07 UTC. Heimdal also updated the test suite certificates to last 500 years. These certificates work fine on platforms with 64-bit time_t but on platforms such as Debian Linux i386 where time_t is 32-bit, the tests will fail. There has been no code change to Heimdal and there is no intention to replace the use of time_t within Heimdal for a Heimdal specific time integer type within the Heimdal 7.x series. Making such a change would alter not only APIs but ABIs. Its unclear when or if we could make such a change for the same reasons that Debian cannot alter the size of time_t on i386. Jeffrey Altman Heimdal Project Manager smime.p7s Description: S/MIME Cryptographic Signature
Processed: typecatcher: diff for NMU version 0.3-1.1
Processing control commands: > tags 929395 + patch Bug #929395 [src:typecatcher] typecatcher: FTBFS: dh: unable to load addon python3 Added tag(s) patch. > tags 929395 + pending Bug #929395 [src:typecatcher] typecatcher: FTBFS: dh: unable to load addon python3 Added tag(s) pending. -- 929395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929395 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929395: typecatcher: diff for NMU version 0.3-1.1
Control: tags 929395 + patch Control: tags 929395 + pending Dear maintainer, I've prepared an NMU for typecatcher (versioned as 0.3-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- diffstat for typecatcher-0.3 typecatcher-0.3 changelog | 25 + compat|1 - control | 14 +++--- copyright |2 +- rules |2 -- 5 files changed, 29 insertions(+), 15 deletions(-) diff -Nru typecatcher-0.3/debian/changelog typecatcher-0.3/debian/changelog --- typecatcher-0.3/debian/changelog 2017-09-04 02:48:32.0 +0200 +++ typecatcher-0.3/debian/changelog 2019-05-22 20:40:43.0 +0200 @@ -1,3 +1,20 @@ +typecatcher (0.3-1.1) unstable; urgency=medium + + * Non-Maintainer Upload. + + [ Ondřej Nový ] + * d/control: Remove ancient X-Python3-Version field + * d/copyright: Use https protocol in Format field + * d/changelog: Remove trailing whitespaces + * d/control: Set Vcs-* to salsa.debian.org + + [ Mattia Rizzolo ] + * Add missing build-dependency on dh-python (Closes: #929395). + * Bump debhelper compat level to 12. + * Bump Standards-Version to 4.3.0, no changes needed. + + -- Mattia Rizzolo Wed, 22 May 2019 20:40:43 +0200 + typecatcher (0.3-1) unstable; urgency=medium * New upstream release. @@ -5,10 +22,10 @@ * Add debian/watch file. * debian/control: - Depend on gir1.2-webkit2-4.0 and drop gir1.2-webkit-3.0. - - "Extra" priority has been deprecated; now "optional." - - Move to "fonts" section (Closes: #820386). + - "Extra" priority has been deprecated; now "optional." + - Move to "fonts" section (Closes: #820386). - Bump Standards-Version to 4.1.0. - * Bump debian/compat to 10. + * Bump debian/compat to 10. -- Andrew Starr-Bochicchio Sun, 03 Sep 2017 20:48:32 -0400 @@ -17,7 +34,7 @@ * Move VCS to to git. * debian/control: - Drop unneeded dh-python build dep. - - Build depend on python3-gi for tests (Closes: #812181). + - Build depend on python3-gi for tests (Closes: #812181). - Bump Standards-Version to 3.9.6, no changes. -- Andrew Starr-Bochicchio Fri, 22 Jan 2016 12:07:44 -0800 diff -Nru typecatcher-0.3/debian/compat typecatcher-0.3/debian/compat --- typecatcher-0.3/debian/compat 2017-09-04 02:46:25.0 +0200 +++ typecatcher-0.3/debian/compat 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -10 diff -Nru typecatcher-0.3/debian/control typecatcher-0.3/debian/control --- typecatcher-0.3/debian/control 2017-09-04 02:46:40.0 +0200 +++ typecatcher-0.3/debian/control 2019-05-22 20:36:28.0 +0200 @@ -2,18 +2,18 @@ Maintainer: Andrew Starr-Bochicchio Section: fonts Priority: optional -Build-Depends: debhelper (>= 10), - python3 (>= 3.2), - python3-distutils-extra, +Build-Depends: debhelper-compat (= 12), + dh-python, gir1.2-glib-2.0, gir1.2-gtk-3.0, gir1.2-webkit2-4.0, + python3 (>= 3.2), + python3-distutils-extra, python3-gi -Standards-Version: 4.1.0 -Vcs-Git: git://anonscm.debian.org/collab-maint/typecatcher.git -Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/typecatcher.git +Standards-Version: 4.3.0 +Vcs-Git: https://salsa.debian.org/debian/typecatcher.git +Vcs-Browser: https://salsa.debian.org/debian/typecatcher Homepage: https://launchpad.net/typecatcher -X-Python3-Version: >= 3.2 Package: typecatcher Architecture: all diff -Nru typecatcher-0.3/debian/copyright typecatcher-0.3/debian/copyright --- typecatcher-0.3/debian/copyright 2017-09-04 02:15:17.0 +0200 +++ typecatcher-0.3/debian/copyright 2019-05-22 20:33:45.0 +0200 @@ -1,4 +1,4 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: typecatcher Upstream-Contact: Andrew Starr-Bochicchio Source: https://launchpad.net/typecatcher diff -Nru typecatcher-0.3/debian/rules typecatcher-0.3/debian/rules --- typecatcher-0.3/debian/rules 2016-01-22 02:44:40.0 +0100 +++ typecatcher-0.3/debian/rules 2019-05-22 20:40:24.0 +0200 @@ -5,5 +5,3 @@ else dh $@ --with python3 --buildsystem=pybuild endif - - signature.asc Description: PGP signature
Bug#929395: typecatcher: FTBFS: dh: unable to load addon python3
Source: typecatcher Version: 0.3-1 Severity: serious dpkg-buildpackage: info: source package typecatcher dpkg-buildpackage: info: source version 0.3-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Andrew Starr-Bochicchio dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build . dpkg-source: info: using options from typecatcher-0.3/debian/source/options: --extend-diff-ignore=(^|/)(po/typecatcher\.pot)$ fakeroot debian/rules clean dh clean --with python3 --buildsystem=pybuild dh: unable to load addon python3: Can't locate Debian/Debhelper/Sequence/python3.pm in @INC (you may need to install the Debian::Debhelper::Sequence::python3 module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 12) line 1. BEGIN failed--compilation aborted at (eval 12) line 1. make: *** [debian/rules:6: clean] Error 2 dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit status 2 -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Processed: closing 890754
Processing commands for cont...@bugs.debian.org: > # this bug is not typecatcher's anymore. opening a new bug since it keeps > ftbfsing > close 890754 Bug #890754 [src:typecatcher] python3.6 3.6.4-4 makes typecatcher FTBFS Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 890754: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890754 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed:
Processing control commands: > tags -1 - buster-ignore Bug #921694 [src:mdk4] mdk4: FTBFS randomly when built in parallel (undefined reference to `getFrequencyFromChannel') Removed tag(s) buster-ignore. -- 921694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#921694:
Control: tags -1 - buster-ignore Removing tag as that is making the package not being removed from Testing, I thought it would be useful so it wouldn't be listed as a buster RC bug but I will have to remove the tag now. -- Samuel Henrique
Processed: tagging 928959
Processing commands for cont...@bugs.debian.org: > tags 928959 + pending Bug #928959 [src:papi] papi: DFSG-unfree file in source Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 928959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928959 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#923726: A lot of time wasted on previous version.
Hi, I am using Sid and had a problem using monero version v0-13-0-4. That problem arised because that version is still available under Sid. I noticed that it is not available in testing and stable (that is good). I suggest that when you get a notice of a fork in any crypto-currency package, that you delete the old version package from any version (including Sid), until you can setup the new fork's version. I do not see any good reason to keep an old version (already forked) even in the unstable debian version. https://monero.stackexchange.com/questions/11241/just-mined-with-an-old-version-v0-13-0-4-and-upgraded-to-v0-14-0-2-reward-now-m Thank you, -- pipo
Bug#929386: r-cran-webgestaltr: FTBFS (missing builds-depends)
Package: src:r-cran-webgestaltr Version: 0.3.0-1 Severity: serious Tags: ftbfs Dear maintainer: I tried to build this package in sid but it failed: [...] debian/rules build-arch dh build-arch --buildsystem R dh_update_autotools_config -a -O--buildsystem=R dh_autoreconf -a -O--buildsystem=R dh_auto_configure -a -O--buildsystem=R dh_auto_build -a -O--buildsystem=R dh_auto_test -a -O--buildsystem=R create-stamp debian/debhelper-build-stamp fakeroot debian/rules binary-arch dh binary-arch --buildsystem R dh_testroot -a -O--buildsystem=R dh_prep -a -O--buildsystem=R dh_auto_install -a -O--buildsystem=R I: R Package: WebGestaltR Version: 0.3.0 I: Building using R version 3.6.0-2 I: R API version: r-api-3.5 I: Using built-time from d/changelog: Mon, 18 Feb 2019 14:47:58 +0100 mkdir -p /<>/debian/r-cran-webgestaltr/usr/lib/R/site-library R CMD INSTALL -l /<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . "--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'" ERROR: dependency 'apcluster' is not available for package 'WebGestaltR' * removing '/<>/debian/r-cran-webgestaltr/usr/lib/R/site-library/WebGestaltR' dh_auto_install: R CMD INSTALL -l /<>/debian/r-cran-webgestaltr/usr/lib/R/site-library --clean . "--built-timestamp='Mon, 18 Feb 2019 14:47:58 +0100'" returned exit code 1 make: *** [debian/rules:4: binary-arch] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary-arch subprocess returned exit status 2 Looks like a missing build-depends. Thanks.
Bug#929381: needs cdrecord binary which isn't in Debian
Package: simpleburn Version: 1.8.0-1+b3 Severity: grave I tried burning an iso with simpleburn but it completely fails due to depending on cdrecord: $ simpleburn command: simpleburn.sh /dev/cdrom b-iso 'debian-buster-DI-rc1-amd64-netinst.iso' /usr/bin/simpleburn.sh: line 171: cdrecord: command not found cdrecord isn't avaible even in oldstable. -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages simpleburn depends on: ii cdrdao 1:1.2.4-1 ii cdrskin 1.5.0-1 ii icedax 9:1.1.11-3+b2 ii libatk1.0-0 2.30.0-2 ii libc62.28-10 ii libcairo-gobject21.16.0-4 ii libcairo21.16.0-4 ii libcddb2 1.3.2-6 ii libcdio-utils2.0.0-2 ii libcdio182.0.0-2 ii libdvdread4 6.0.1-1 ii libfribidi0 1.0.5-3.1 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-1 ii libgtk-3-0 3.24.5-1 ii libpango-1.0-0 1.42.4-6 ii libpangocairo-1.0-0 1.42.4-6 ii xorriso 1.5.0-1 Versions of packages simpleburn recommends: pn flac pn mencoder pn mpg123 pn mplayer | mplayer2 pn normalize-audio pn vorbis-tools simpleburn suggests no packages. -- no debconf information
Bug#928040: marked as done (lprng: fails to install)
Your message dated Wed, 22 May 2019 14:44:13 + with message-id and subject line Bug#928040: fixed in lprng 3.8.B-2.2 has caused the Debian Bug report #928040, regarding lprng: fails to install to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lprng Version: 3.8.B-2.1 Severity: grave Justification: renders package unusable Hi, lprng fails to upgrade from stretch to buster, and also fails to install on top of itself: # LC_ALL=C dpkg -i /var/cache/apt/archives/lprng_3.8.B-2.1_amd64.deb (Reading database ... 634188 files and directories currently installed.) Preparing to unpack .../lprng_3.8.B-2.1_amd64.deb ... start-stop-daemon: matching only on non-root pidfile /var/run/lprng/lpd.515 is insecure invoke-rc.d: initscript lprng, action "stop" failed. dpkg: warning: old lprng package pre-removal script subprocess returned error exit status 1 dpkg: trying script from the new package instead ... start-stop-daemon: matching only on non-root pidfile /var/run/lprng/lpd.515 is insecure invoke-rc.d: initscript lprng, action "stop" failed. dpkg: error processing archive /var/cache/apt/archives/lprng_3.8.B-2.1_amd64.deb (--install): new lprng package pre-removal script subprocess returned error exit status 1 invoke-rc.d: initscript lprng, action "start" failed. dpkg: error while cleaning up: installed lprng package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/lprng_3.8.B-2.1_amd64.deb Simon -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.9.0-8-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages lprng depends on: ii debconf [debconf-2.0] 1.5.71 ii libc6 2.28-8 ii libcomerr2 1.44.5-1 ii libk5crypto3 1.17-2 ii libkrb5-3 1.17-2 ii libssl1.1 1.1.1b-2 ii lsb-base 10.2019031300 lprng recommends no packages. Versions of packages lprng suggests: pn lprng-doc pn magicfilter -- debconf information: lprng/setuid_tools: false lprng/start_lpd: true lprng/twolpd_conf: lprng/twolpd_perms: --- End Message --- --- Begin Message --- Source: lprng Source-Version: 3.8.B-2.2 We believe that the bug you reported is fixed in the latest version of lprng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman (supplier of updated lprng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 09:18:03 -0400 Source: lprng Architecture: source Version: 3.8.B-2.2 Distribution: unstable Urgency: medium Maintainer: Craig Small Changed-By: Sam Hartman Closes: 908770 928040 Changes: lprng (3.8.B-2.2) unstable; urgency=medium . * Non-maintainer upload. * Specify executable and user to stop-start-daemon; closes security issue and fixes starting with buster dpkg, Closes: #928040 * Use --oknodo on start so that systemd doesn't fail if lprng is already running, Closes: #908770 Checksums-Sha1: ecfa3d51134d7e2d7dac3eddf78720ed96e1ee2c 1553 lprng_3.8.B-2.2.dsc a83f97d41471918b34a17cc9955d1501bde176c8 31884 lprng_3.8.B-2.2.debian.tar.xz Checksums-Sha256: 5fd70a48bb10a84e9326b815da057e55b5ab657a5e57f89526cd6031e74fb180 1553 lprng_3.8.B-2.2.dsc 63f6482b25aa5f5c449da5e028ee712786849ebec9abce2b7020ffdff11b8bbf 31884 lprng_3.8.B-2.2.debian.tar.xz Files: d364b36a9e2f85a4212bf4c280e89297 1553 net extra lprng_3.8.B-2.2.dsc ac5c73ec35a6ea0f677bd3be82f4 31884 net extra lprng_3.8.B-2.2.debian.tar.xz -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE9Li3nMNy++OFgPTCQe7SUh/WssoFAlzlUl0ACgkQQe7SUh/W ssqnvgf/SGIMifhI5xYmopRZp25qmJ/09i7JNmn
Bug#927058: marked as done (lprng: /etc/init.d/lprng stop does not terminate lpd)
Your message dated Wed, 22 May 2019 14:44:13 + with message-id and subject line Bug#928040: fixed in lprng 3.8.B-2.2 has caused the Debian Bug report #928040, regarding lprng: /etc/init.d/lprng stop does not terminate lpd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lprng Version: 3.8.B-2.1 Severity: normal Dear Maintainer, Neither "/etc/init.d/lprng stop" nor "systemctl stop lprng.service" terminates the printer daemon "lpd". After "systemctl stop lprng.service" the following is in the journal: systemd[1]: Stopping LSB: Start lpd to allow printing... lprng[19130]: start-stop-daemon: matching only on non-root pidfile /var/run/lprng/lpd.515 is insecure systemd[1]: lprng.service: Control process exited, code=exited, status=1/FAILURE systemd[1]: lprng.service: Failed with result 'exit-code'. systemd[1]: Stopped LSB: Start lpd to allow printing. The owernship and permissions of /var/run/lprng/lpd.515 are -rw-r--r-- 1 daemon lp 6 Apr 14 14:21 /var/run/lprng/lpd.515 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.0.7-00827-ge88393b95946 (SMP w/4 CPU cores) Kernel taint flags: TAINT_USER Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages lprng depends on: ii debconf [debconf-2.0] 1.5.71 ii libc6 2.28-8 pn libcomerr2 ii libk5crypto3 1.17-2 ii libkrb5-3 1.17-2 ii libssl1.1 1.1.1b-1 ii lsb-base 10.2019031300 lprng recommends no packages. Versions of packages lprng suggests: pn lprng-doc ii magicfilter 1.2-65 -- debconf information: lprng/twolpd_perms: lprng/start_lpd: true lprng/setuid_tools: false lprng/twolpd_conf: --- End Message --- --- Begin Message --- Source: lprng Source-Version: 3.8.B-2.2 We believe that the bug you reported is fixed in the latest version of lprng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman (supplier of updated lprng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 09:18:03 -0400 Source: lprng Architecture: source Version: 3.8.B-2.2 Distribution: unstable Urgency: medium Maintainer: Craig Small Changed-By: Sam Hartman Closes: 908770 928040 Changes: lprng (3.8.B-2.2) unstable; urgency=medium . * Non-maintainer upload. * Specify executable and user to stop-start-daemon; closes security issue and fixes starting with buster dpkg, Closes: #928040 * Use --oknodo on start so that systemd doesn't fail if lprng is already running, Closes: #908770 Checksums-Sha1: ecfa3d51134d7e2d7dac3eddf78720ed96e1ee2c 1553 lprng_3.8.B-2.2.dsc a83f97d41471918b34a17cc9955d1501bde176c8 31884 lprng_3.8.B-2.2.debian.tar.xz Checksums-Sha256: 5fd70a48bb10a84e9326b815da057e55b5ab657a5e57f89526cd6031e74fb180 1553 lprng_3.8.B-2.2.dsc 63f6482b25aa5f5c449da5e028ee712786849ebec9abce2b7020ffdff11b8bbf 31884 lprng_3.8.B-2.2.debian.tar.xz Files: d364b36a9e2f85a4212bf4c280e89297 1553 net extra lprng_3.8.B-2.2.dsc ac5c73ec35a6ea0f677bd3be82f4 31884 net extra lprng_3.8.B-2.2.debian.tar.xz -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE9Li3nMNy++OFgPTCQe7SUh/WssoFAlzlUl0ACgkQQe7SUh/W ssqnvgf/SGIMifhI5xYmopRZp25qmJ/09i7JNmnDNZhI2WvK1Auy82zfIkVSIJOh BX8H6jQntsvHQFmcI8SXdKLAi6WgJ90IYxdfZSt6I4Dy3nnqIMxa8vPxRqEjGR2/ OUcq341BIwExBUakwfijZ8RjK7O9Y5W2+nHDXaDGJCWT/8nN28+yeVlILuxUNLWS qHNR0daRMCPmcqX5y5yW6HjNF5N5VT8fjEKKE4WYhv7qT+3KjkDIANFvrNHTtk/P jFYQb99gvZTVCbN9JGMwAh96XsKaLjtMS+aNQxf0OTNAxL1M++ufPJH9M7LYcHA3 FmEBr/kg64zEPm1bd4lp6mcIoTT4yw== =PFFS -END PGP SIGNATURE End Message ---
Processed: limit source to lprng, tagging 908770, tagging 928040
Processing commands for cont...@bugs.debian.org: > limit source lprng Limiting to bugs with field 'source' containing at least one of 'lprng' Limit currently set to 'source':'lprng' > tags 908770 + pending Bug #908770 [lprng] lprng: Will not cofigure on systemd init Added tag(s) pending. > tags 928040 + pending Bug #928040 [lprng] lprng: fails to install Bug #927058 [lprng] lprng: /etc/init.d/lprng stop does not terminate lpd Added tag(s) pending. Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 908770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908770 927058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927058 928040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: owner 928040
Processing commands for cont...@bugs.debian.org: > owner 928040 hartm...@debian.org Bug #928040 [lprng] lprng: fails to install Bug #927058 [lprng] lprng: /etc/init.d/lprng stop does not terminate lpd Owner recorded as hartm...@debian.org. Owner recorded as hartm...@debian.org. > thanks Stopping processing here. Please contact me if you need assistance. -- 927058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927058 928040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928944: CVE-2019-12046: lemonldap-ng tokens allows anonymous session when stored in session DB
On Wed, 22 May 2019 at 07:34:06 +0200, Xavier wrote: > It seems that Clément has fixed something related to that feature. > Could you try > https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commit/deff50f072c64898d1204daa28c01fdcc7275ea4 > ? That solves the issue indeed, thanks for the pointer! I ended up amending the patch as attached though: * Not setting the ‘Access-Control-Allow-Origin: *’ header is upstream issue #1519, fixed in e6c034a38aa0e7dadcf0ce87809193b327fbc0e5. * The second to last hunk from deff50f072c64898d1204daa28c01fdcc7275ea4 (-2134,8 +2137,10) doesn't apply, and as it's only cosmetic (whitespace change) I just skipped it. Cheers, -- Guilhem. --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm @@ -1049,7 +1049,7 @@ sub updatePersistentSession { } -## @method void updateSession(hashRef infos, string id) +## @method void updateSession(hashRef infos, string id, string kind) # Update session stored. # If no id is given, try to get it from cookie. # If the session is available, update datas with $info. @@ -1057,9 +1057,10 @@ sub updatePersistentSession { # server local cache, if there are several LL::NG servers. # @param infos hash reference of information to update # @param id Session ID +# @param kind Session kind # @return nothing sub updateSession { -my ( $self, $infos, $id ) = @_; +my ( $self, $infos, $id, $kind ) = @_; # Return if no infos to update return () unless ( ref $infos eq 'HASH' and %$infos ); @@ -1084,7 +1085,9 @@ sub updateSession { } # Update session in global storage -if ( my $apacheSession = $self->getApacheSession( $id, 1 ) ) { +if ( my $apacheSession = +$self->getApacheSession( $id, 1, undef, $kind ) ) +{ # Store updateTime $infos->{updateTime} = strftime( "%Y%m%d%H%M%S", localtime() ); @@ -1567,9 +1570,8 @@ sub process { { if ( ( my $code = $self->{error} ) > 0 ) { print $self->header( --status=> '401 Unauthorizated', -'-WWW-Authenticate'=> "SSO $self->{portal}", -'-Access-Control-Allow-Origin' => '*', +-status => '401 Unauthorizated', +'-WWW-Authenticate' => "SSO $self->{portal}", ); $self->quit; } @@ -2744,7 +2746,7 @@ sub autoRedirect { $cdaInfos->{cookie_name} = $self->{cookieName} . "http"; } -$self->updateSession( $cdaInfos, $cdaSession->id ); +$self->updateSession( $cdaInfos, $cdaSession->id, "CDA" ); $self->{urldc} .= ( $self->{urldc} =~ /\?/ ? '&' : '?' ) signature.asc Description: PGP signature
Bug#929334: marked as done (libvirt: CVE-2019-10132: Insecure permissions for systemd socket for virtlockd/virtlogd)
Your message dated Wed, 22 May 2019 11:34:44 + with message-id and subject line Bug#929334: fixed in libvirt 5.0.0-3 has caused the Debian Bug report #929334, regarding libvirt: CVE-2019-10132: Insecure permissions for systemd socket for virtlockd/virtlogd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libvirt Version: 5.0.0-2 Severity: grave Tags: security upstream Control: found -1 5.0.0-2.1 Control: found -1 5.2.0-2 Hi, The following vulnerability was published for libvirt. CVE-2019-10132[0]: Insecure permissions for systemd socket for virtlockd/virtlogd If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10132 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132 [1] https://security.libvirt.org/2019/0003.html Please adjust the affected versions in the BTS as needed, looks like the issue is introduced upstream in v4.1.0-rc1 though. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libvirt Source-Version: 5.0.0-3 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 12:31:08 +0200 Source: libvirt Architecture: source Version: 5.0.0-3 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers Changed-By: Guido Günther Closes: 897394 926999 927310 929334 Changes: libvirt (5.0.0-3) unstable; urgency=medium . [ Guido Günther ] * [6bc6e60] CVE-2019-10132: Fix vir{lock,log}d socket access. All patches were cherry-picked from upstream's v5.0-maint branch. (Closes: #929334) * [09016dd] d/patches: Move security fixes into security/ . [ Joachim Falk ] * [5d96699] lxc: Fix killing of lxc containers if cgroup backend v2 is unavailable. (Closes: #926999) * [ea7a491] lxc: Fix container shutdown and host reboot (Closes: #927310, #897394) Checksums-Sha1: 47b830f4255c0ad5bbb52fe77392569f73970423 4353 libvirt_5.0.0-3.dsc ee72696860a2ceec1ce07247e0bef503ee4825c1 76996 libvirt_5.0.0-3.debian.tar.xz 9d6e5a04213d249e66f593df63fd4c470b2e009e 19472 libvirt_5.0.0-3_amd64.buildinfo Checksums-Sha256: 258b58ec682c741d364e9e70004dcebb0609fb8e9dd748ff0317856af011d331 4353 libvirt_5.0.0-3.dsc 66ba224b7168fa44b382d9a158515cf34596ab072f3ef53d6f7083d90044e1cb 76996 libvirt_5.0.0-3.debian.tar.xz 7d2a4222f31bdb03342cadf1523d1a47cf04c023b10932cba77c296f625c0d08 19472 libvirt_5.0.0-3_amd64.buildinfo Files: dde11a7557b74fc06dab5aa627027918 4353 libs optional libvirt_5.0.0-3.dsc b426861e183f010e1499ec2bf574932e 76996 libs optional libvirt_5.0.0-3.debian.tar.xz cfd0537811f61479d7c29e7182612d8e 19472 libs optional libvirt_5.0.0-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAlzlLMIACgkQB7i3sOqY EgvJlA//WiOQZfZG6SAi3c+5rO4UQ8l2nI7p4nQNE0DFmnWU6whRa+2j2qZaKfkM Qo2fWiy6dOT/5+ci4rxDBcEHvqhQEOhk7KbBQOxI9yftQ+mzlMKt9/0xWoxM7CSB j9/IagUnErZqZvdzFpOzIC1dAWuWPasbDwN7X2MJgILidpy5sADeRjOI5/BS5zl9 WwKkRmFCcshmwYYppu5sjSLLQYroA2vlW2odlWBKBwaKNscYmSy+GoRPReOL68sp GlIr9nTN/htbd9tWjrEvXCIE2tfVXNIsarIxKcs514uhHzadixWN1HOIsaWpyDSq HWtasfG/9oKdYEuntZtm7tmAbxhI2zQMFMKifj8s9Z/Yml1CljDbItEwunhS+g+9 dxlcglsNCOykDT+yWFNBP0UmkT/5UIc8MVNM0/H+jnUyQDVkeOhTimH0mB48ODjY sufAQ8r1H8I9OS92Tjo2G/CrpCWJv3+LDex94qruiZ9ys0lHfri0TEmZP5TnP4ZN qd0r9l+pOCLr6NemwwnUNUpGBi5mcVtWjgZ0vJz/Oq8UHJAi+Rh22yM73XxK4CdE LcS9cr7aSgmqM+Q5sNGzGIB9Lk4T8YUYBKTevxojZJFe/4NNgaZzxKfl7BtJYKk2 8c6r1/XzG3+xn2gJY1u7fESwZSlgIJTIanK7GgFdLL87mDlSHNo= =svda -END PGP SIGNATURE End Message ---
Bug#926999: marked as done (libvirt-daemon: LXC container cannot be killed, e.g., virsh -c lxc:// destroy , if cgroup backend v2 missing.)
Your message dated Wed, 22 May 2019 11:34:44 + with message-id and subject line Bug#926999: fixed in libvirt 5.0.0-3 has caused the Debian Bug report #926999, regarding libvirt-daemon: LXC container cannot be killed, e.g., virsh -c lxc:// destroy , if cgroup backend v2 missing. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 926999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926999 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libvirt-daemon Version: 5.0.0-1 Severity: grave Tags: upstream Justification: renders package unusable Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Joachim Falk To: Debian Bug Tracking System Subject: libvirt-daemon: LXC container cannot be killed, e.g., virsh -c lxc:// destroy , if cgroup backend v2 missing. Message-ID: <155514522514.793.7421956223092571453.report...@buster.jfalk.de> X-Mailer: reportbug 7.5.2 Date: Sat, 13 Apr 2019 10:47:05 +0200 Package: libvirt-daemon Version: 5.0.0-1 Severity: grave Tags: upstream Justification: renders package unusable Dear maintainer, there is a problem with killing LXC containers when only one cgroup backend is available. Cgroup backend v2 is not available on the default install of libvirt-daemon-system and, thus, killing LXC containers fails. This seemes to be fixed by upstream with commit 401030499bfb03b182da14f7e00f4a82beab9a8e == >From 401030499bfb03b182da14f7e00f4a82beab9a8e Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Thu, 24 Jan 2019 17:20:58 +0100 Subject: [PATCH] vircgroup: Try harder to kill cgroup Prior to rewrite of cgroup code we only had one backend to try. After the rewrite the virCgroupBackendGetAll() returns both backends (for v1 and v2). However, not both have to really be present on the system which results in killRecursive callback failing which in turn might mean we won't try the other backend. At the same time, this function reports no error as it should. == This commit is also part of upstream version 5.1.0. Hence, a bump to a newer upstream should also fix the issue. Symptoms of the problem are as follows in /var/log/libvirt/libvirtd.log: 2019-04-13 08:10:17.708+: 532: debug : virLXCDomainObjBeginJob:108 : Starting job: modify 2019-04-13 08:10:17.708+: 532: debug : virLXCProcessStop:831 : Stopping VM name=flummy pid=701 reason=2 2019-04-13 08:10:17.708+: 532: debug : virCgroupKillPainfully:2647 : cgroup=0x7f5f38005c50 path= 2019-04-13 08:10:17.708+: 532: debug : virCgroupKillRecursive:2617 : group=0x7f5f38005c50 path= signum=15 2019-04-13 08:10:17.708+: 532: debug : virCgroupKillPainfully:2658 : Iteration 0 rc=-1 2019-04-13 08:10:17.708+: 532: debug : virCgroupKillPainfully:2665 : Complete -1 2019-04-13 08:10:17.708+: 532: info : virObjectNew:248 : OBJECT_NEW: obj=0x7f5f24001b20 classname=virDomainEventLifecycle 2019-04-13 08:10:17.708+: 532: debug : virLXCDomainObjEndJob:146 : Stopping job: modify You have to enable debugging to get these logs, i.e., --- libvirtd.conf.orig 2019-03-30 19:43:46.110699728 +0100 +++ libvirtd.conf 2019-03-30 19:47:37.306130440 +0100 @@ -389,6 +389,7 @@ # rest of the util code: # #log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util" +log_filters="3:remote 4:event 3:json 3:rpc 1:*" # Logging outputs: # An output is one of the places to save logging information @@ -411,7 +412,7 @@ # e.g. to log all warnings and errors to syslog under the libvirtd ident: #log_outputs="3:syslog:libvirtd" # - +log_outputs="1:file:/var/log/libvirt/libvirtd.log 3:syslog:libvirtd" ## # Best, Joachim Falk -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvirt-daemon depends on: ii libacl1 2.2.53-4 ii libapparmor12.13.2-10 ii libaudit1 1:2.8.4-2 ii libavahi-client30.7-4+b1 ii libavahi-common30.7-4+b1 ii libblkid1 2.33.1-0.1 ii libc6 2.28-8 ii libcap-ng0 0.7.9-2 ii libcurl3-gnutls 7.64.0-2 ii libdbus-1-3
Bug#927310: marked as done (libvirt-daemon: LXC container shut down, e.g., virsh -c lxc:// shutdown , is ignored)
Your message dated Wed, 22 May 2019 11:34:44 + with message-id and subject line Bug#927310: fixed in libvirt 5.0.0-3 has caused the Debian Bug report #927310, regarding libvirt-daemon: LXC container shut down, e.g., virsh -c lxc:// shutdown , is ignored to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927310 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libvirt-daemon Version: 5.0.0-2 Severity: grave Tags: patch Justification: renders package unusable Dear maintainer, LXC container shut down is ignore. Amongst others, this will induce a hang on host shut down as the libvirt daemon waits 3 minutes per active container for shut down. Relevant patches from upstram are >From 64eca3d5e30030147383bc63eba77e723563d4e2 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Fri, 25 Jan 2019 12:37:53 +0100 Subject: [PATCH 1/2] virinitctl: Expose fifo paths and allow caller to chose one So far the virInitctlSetRunLevel() is fully automatic. It finds the correct fifo to use to talk to the init and it will set the desired runlevel. Well, callers (so far there is just one) will need to inspect the fifo a bit just before the runlevel is set. Therefore, expose the internal list of fifos and also allow caller to explicitly use one. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety >From 94fce255461ad6bf0366dd4428921d7d41ba1a8f Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Fri, 25 Jan 2019 12:42:54 +0100 Subject: [PATCH 2/2] lxc: Don't reboot host on virDomainReboot If the container is really a simple one (init is just bash and the whole root is passed through) then virDomainReboot and virDomainShutdown will talk to the actual init within the host. Therefore, 'virsh shutdown $dom' will result in shutting down the host. True, at that point the container is shut down too but looks a bit harsh to me. The solution is to check if the init inside the container is or is not the same as the init running on the host. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety >From 14b6a1854fb4c02c5fb2f51679f8ff099f28f53c Mon Sep 17 00:00:00 2001 From: Maxim Kozin Date: Wed, 6 Mar 2019 21:39:11 +0300 Subject: [PATCH] lxc: Try harder to stop/reboot containers If shutting down a container via setting the runlevel fails, the control jumps right onto endjob label and doesn't even try sending the signal. If flags allow it, we should try both methods. Signed-off-by: Maxim Kozin Signed-off-by: Michal Privoznik -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvirt-daemon depends on: ii libacl1 2.2.53-4 ii libapparmor12.13.2-10 ii libaudit1 1:2.8.4-2 ii libavahi-client30.7-4+b1 ii libavahi-common30.7-4+b1 ii libblkid1 2.33.1-0.1 ii libc6 2.28-8 ii libcap-ng0 0.7.9-2 ii libcurl3-gnutls 7.64.0-2 ii libdbus-1-3 1.12.12-1 ii libdevmapper1.02.1 2:1.02.155-2 ii libfuse22.9.9-1 ii libgcc1 1:8.3.0-6 ii libgnutls30 3.6.6-2 ii libnetcf1 1:0.2.8-1+b2 ii libnl-3-200 3.4.0-1 ii libnl-route-3-200 3.4.0-1 ii libnuma12.0.12-1 ii libparted2 3.2-24 ii libpcap0.8 1.8.1-6 ii libpciaccess0 0.14-1 ii libsasl2-2 2.1.27+dfsg-1 ii libselinux1 2.8-1+b1 ii libssh2-1 1.8.0-2.1 ii libudev1241-3 hi libvirt05.0.0-2 ii libxenmisc4.11 4.11.1+26-g87f51bf366-3 ii libxenstore3.0 4.11.1+26-g87f51bf366-3 ii libxentoollog1 4.11.1+26-g87f51bf366-3 ii libxml2 2.9.4+dfsg1-7+b3 ii libyajl22.1.0-3 Versions of packages libvirt-daemon recommends: ii libxml2-utils 2.9.4+dfsg1-7+b3 ii netcat-openbsd 1.195-2 ii qemu-kvm1:3.1+dfsg-7 Versions of packages libvirt-daemon suggests: pn libvirt-daemon-driver-storage-gluster pn libvirt-daemon-driver-storage-rbd pn libvirt-daemon-driver-storage-zfs hi libvirt-daemon-system 5.0.0-2 ii numad 0.5+20150602-5 -- no debconf information >From 64eca3d5e30030147383bc63eba77e723563d4e2 Mon Sep 17 00:00:00 2001 From: Michal P
Processed: Bug#929334 marked as pending in libvirt
Processing control commands: > tag -1 pending Bug #929334 [src:libvirt] libvirt: CVE-2019-10132: Insecure permissions for systemd socket for virtlockd/virtlogd Added tag(s) pending. -- 929334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927310: marked as pending in libvirt
Control: tag -1 pending Hello, Bug #927310 in libvirt reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/libvirt-team/libvirt/commit/ea7a491c3adcc0fc4f79a21fbc4b9d49aec179b2 lxc: Fix container shutdown and host reboot Closes: #927310, #897394 (this message was generated automatically) -- Greetings https://bugs.debian.org/927310
Processed: Bug#927310 marked as pending in libvirt
Processing control commands: > tag -1 pending Bug #927310 [libvirt-daemon] libvirt-daemon: LXC container shut down, e.g., virsh -c lxc:// shutdown , is ignored Added tag(s) pending. -- 927310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927310 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929334: marked as pending in libvirt
Control: tag -1 pending Hello, Bug #929334 in libvirt reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/libvirt-team/libvirt/commit/6bc6e60d903933fe231d834d9d9296b4258c0981 CVE-2019-10132: Fix vir{lock,log}d socket access All patches were cherry-picked from upstream's v5.0-maint branch. Closes: #929334 (this message was generated automatically) -- Greetings https://bugs.debian.org/929334
Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables
On 5/22/19 3:32 PM, Afif Elghraoui wrote: > You hadn't Cc'd Jonathan (but I am, now) and I doubt that he's > subscribed to this bug, so he probably never saw these messages. I'm > just checking in here as a concerned maintainer of a reverse-dependency > threatened with autoremoval. Hmm I'm a bit clumsy with the bugtracker, sorry, and thanks for following up :)
Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables
Hi, Arnaud On Fri, 10 May 2019 09:03:41 +0700 Arnaud Rebillout wrote:> > As I mentioned above, there's a discussion with a work in progress to > fix that upstream: https://github.com/docker/libnetwork/pull/2339 > > I don't think it will be ready in time for buster though. So I see two > solutions going forward: > > - 1 Jonathan lower the severity of the bug so that it's not RC. > > - 2 I import the patch from github, even though it's work in progress. I > will follow up and update the patch as soon as upstream release a proper > fix, and it will be included in a point release of buster. > > If I don't get any feedback from you Jonathan in the following days, > I'll go for solution number 2 then. > You hadn't Cc'd Jonathan (but I am, now) and I doubt that he's subscribed to this bug, so he probably never saw these messages. I'm just checking in here as a concerned maintainer of a reverse-dependency threatened with autoremoval. thanks and regards Afif -- Afif Elghraoui | عفيف الغراوي https://afif.ghraoui.name
Bug#929332: marked as done (ironic-inspector: CVE-2019-10141: SQL Injection vulnerability when receiving introspection data)
Your message dated Wed, 22 May 2019 07:48:38 + with message-id and subject line Bug#929332: fixed in ironic-inspector 8.0.0-3 has caused the Debian Bug report #929332, regarding ironic-inspector: CVE-2019-10141: SQL Injection vulnerability when receiving introspection data to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ironic-inspector Version: 8.0.0-2 Severity: grave Tags: security upstream Hi, The following vulnerability was published for ironic-inspector. CVE-2019-10141[0]: SQL Injection vulnerability when receiving introspection data If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10141 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10141 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1711722 [2] https://review.opendev.org/#/c/660234/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ironic-inspector Source-Version: 8.0.0-3 We believe that the bug you reported is fixed in the latest version of ironic-inspector, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand (supplier of updated ironic-inspector package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 09:20:30 +0200 Source: ironic-inspector Binary: ironic-inspector python3-ironic-inspector Architecture: source all Version: 8.0.0-3 Distribution: unstable Urgency: high Maintainer: Debian OpenStack Changed-By: Thomas Goirand Description: ironic-inspector - discovering hardware properties for OpenStack Ironic - Daemon python3-ironic-inspector - discovering hardware properties for OpenStack Ironic - Python 2.7 Closes: 929332 Changes: ironic-inspector (8.0.0-3) unstable; urgency=high . * CVE-2019-10141: SQL Injection vulnerability when receiving introspection data. Applied upstream fix: Eliminate SQL injection vulnerability in node_cache (Closes: #929332). Checksums-Sha1: 1e027abad1b3935a684ee58f99b7f4a2b3cd9546 3376 ironic-inspector_8.0.0-3.dsc b37910abfe0cbcddce0f02d1629d30c9b928150b 8064 ironic-inspector_8.0.0-3.debian.tar.xz 4c9c0066df7a59213e207b2e9bd4922a9cdfbad5 36696 ironic-inspector_8.0.0-3_all.deb d82962177a8d29d80db7594b87806f49413d8d98 13830 ironic-inspector_8.0.0-3_amd64.buildinfo 75e9a09e1d14aa1672ff735809cf8cf58b0b56ec 110688 python3-ironic-inspector_8.0.0-3_all.deb Checksums-Sha256: 5fe39181f0d03d0bd95260b72019be0c124fcacb0079945538ba12ff4315b54c 3376 ironic-inspector_8.0.0-3.dsc 69cc07db88cbf14ec43b6ecadd849d08d4e71e66273132e4e461f4422582b288 8064 ironic-inspector_8.0.0-3.debian.tar.xz a257d34974a3c2237dea8a213bdae72d6d644f41b7b6bda4345923c8e58fed1e 36696 ironic-inspector_8.0.0-3_all.deb 9293ee9dfe83d1b611a39f4dcce1e87a1eba1df044e8c335584c2659a996dda5 13830 ironic-inspector_8.0.0-3_amd64.buildinfo 5fd03311854e5df3354100c9081e2653c0651f5c887f1cebfb43379fb55a7bcf 110688 python3-ironic-inspector_8.0.0-3_all.deb Files: badb303748ace3baef903dd6f9ba1c07 3376 python optional ironic-inspector_8.0.0-3.dsc 88173ab7635893eb2e2476de61eaf33c 8064 python optional ironic-inspector_8.0.0-3.debian.tar.xz f81e2dc1cfc0dfeb9be43d11a307811d 36696 python optional ironic-inspector_8.0.0-3_all.deb 6c4d49676788a5650862b27acdebc8a8 13830 python optional ironic-inspector_8.0.0-3_amd64.buildinfo 7b318a170c3540e58692fff4bd96942b 110688 python optional python3-ironic-inspector_8.0.0-3_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlzk+XsACgkQq1PlA1ho d6Z2og//fcCFWVXlJ1O/bzYMtLppGPThRiqtiAi0BYdgfNU0YLXxhT8uyy1G1ktu 5pTL6oB3Gt2C7Wr4e4k5MSgk+q5bFqFN5FG/xFivkmMpW+jgFzJGBwvohINFMMVJ LmTWRN3KRW7X69OVdiveYNA1vT6j4txDE5RIv62Y7zpg+BdF7CHRYYRlCZ5ecj1p zFS+nW/foSnU4BE+Zve0JuasqDVL3PfaKTbmjs5ZSRAY1m5P97AsA/2o9vVP
Bug#929332: marked as pending in ironic-inspector
Control: tag -1 pending Hello, Bug #929332 in ironic-inspector reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/openstack-team/services/ironic-inspector/commit/07b571df2e84514751146e89a6671c73a0b55e0c * CVE-2019-10141: SQL Injection vulnerability when receiving introspection data. Applied upstream fix: Eliminate SQL injection vulnerability in node_cache (Closes: #929332). (this message was generated automatically) -- Greetings https://bugs.debian.org/929332
Processed: Bug#929332 marked as pending in ironic-inspector
Processing control commands: > tag -1 pending Bug #929332 [src:ironic-inspector] ironic-inspector: CVE-2019-10141: SQL Injection vulnerability when receiving introspection data Added tag(s) pending. -- 929332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems