Bug#980472: cubicsdr: CubicSDR crashes after lauch! (same effect on 2 clean bullseye OS)
On Tue, Jun 01, 2021 at 02:06:33AM +0300, Adrian Bunk wrote:
> Control: reassign -1 libhamlib4 4.0-6
> Control: fixed -1 4.1-1
> Control: affects -1 cubicsdr
> Control: forwarded -1
> https://sourceforge.net/p/hamlib/code/ci/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0/
>
> The oneline fix for hamlib above matches your analysis exactly.
And indeed it does! Thank you for the pointer Adrian.
I was able to reproduce the crash with cubicsdr locally using a basic
RTL2832U dongle. Then I built and tested with the reference patch and
cubicsdr is working for me. I also did a very quick check of wsjtx.
Any concerns with an upload to unstable, hopefully in time a last-second
unblock request for bullseye? (debdiff attached)
Cheers,
tony
diff -Nru hamlib-4.0/debian/changelog hamlib-4.0/debian/changelog
--- hamlib-4.0/debian/changelog 2021-05-11 10:03:12.0 -0700
+++ hamlib-4.0/debian/changelog 2021-07-15 21:31:14.0 -0700
@@ -1,3 +1,11 @@
+hamlib (4.0-7) unstable; urgency=medium
+
+ * Team upload.
+ * Allow rig_load_all_backends to be called more than once.
+(Closes: #980472)
+
+ -- tony mancill Thu, 15 Jul 2021 21:31:14 -0700
+
hamlib (4.0-6) unstable; urgency=medium
* Paper over a minor precision difference in dec2dms on i386.
diff -Nru hamlib-4.0/debian/patches/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0
hamlib-4.0/debian/patches/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0
--- hamlib-4.0/debian/patches/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0
1969-12-31 16:00:00.0 -0800
+++ hamlib-4.0/debian/patches/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0
2021-07-15 21:31:14.0 -0700
@@ -0,0 +1,17 @@
+Comment: Allow rig_load_all_backends to be called more than once
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980472
+Forwarded: not-needed
+Source:
https://sourceforge.net/p/hamlib/code/ci/31dedcf4f79d8fc5fcf287360e5d017842c8e4c0/
+Author: Michael Black W9MDB
+
+--- a/src/register.c
b/src/register.c
+@@ -454,6 +454,8 @@
+ {
+ int i;
+
++memset(rig_hash_table, 0 , sizeof(rig_hash_table));
++
+ for (i = 0; i < RIG_BACKEND_MAX && rig_backend_list[i].be_name; i++)
+ {
+ rig_load_backend(rig_backend_list[i].be_name);
diff -Nru hamlib-4.0/debian/patches/series hamlib-4.0/debian/patches/series
--- hamlib-4.0/debian/patches/series2021-05-11 10:03:12.0 -0700
+++ hamlib-4.0/debian/patches/series2021-07-15 21:31:14.0 -0700
@@ -7,3 +7,4 @@
cf858bfa3c8a36eda749c5078ef6f53a119fb285
0089964af7fa1f43757083b7bc7db195ba382fe0
1d74711a00dfa416a171cec87c841db315c5d9f7
+31dedcf4f79d8fc5fcf287360e5d017842c8e4c0
signature.asc
Description: PGP signature
Bug#990345: zookeeper: various security issues
On Thu, 2021-07-15 at 21:18 -0700, tony mancill wrote: > The Debian package disables building against Netty via this patch: > https://salsa.debian.org/java-team/zookeeper/-/blob/master/debian/patches/13-disable-netty-connection-factory.patch Ah I see. > This is certainly a valid point. There is not time to change the > situation for bullseye aside from filing an RM bug to prevent the > package from shipping with the release. That would impact transitive > dependencies of which I believe activemq is the most significant. Would it be possible to provide a more current version via backports... I mean if it's not possible to get it in via some st able-update or so? > As an aside, I took a quick look at the latest upstream activemq > source > release (https://activemq.apache.org/activemq-5016002-release) and it > specifies zookeeper 3.4.14 in its pom.xml (which makes me feel a > little > better). Isn’t that just telling the minimum version that works with it - not what they'd consider a safe use from a security PoV? > We can work on addressing the situation in bookworm. (One idea I > would > propose is paring down the package to build just libzookeeper-java, > because I imagine that many people use the Debian package to run > their > ZooKeeper ensembles, although maybe that's not true.) Well I for example use the daemon, too, but the software from which I use it would anyway already require some newer version and doesn't work with 3.4 anymore. So for me that wouldn't matter much. Thanks, Chris.
Bug#990345: zookeeper: various security issues
On Sun, Jun 27, 2021 at 03:12:35PM +0200, Christoph Anton Mitterer wrote: > On Sun, 2021-06-27 at 14:46 +0200, Salvatore Bonaccorso wrote: > > To me this looks like CVEs in other products, but which zookeeper > > uses > > as dependency? Is this correct? > > Indeed, but I couldn't find that the zookeeper package depends on these > while it does contain: > zookeeper-3.4.13/src$ find . -iname "*nett*" > ./java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java > ./java/main/org/apache/zookeeper/server/NettyServerCnxn.java > ./java/test/org/apache/zookeeper/server/NettyServerCnxnTest.java > ./java/test/org/apache/zookeeper/test/NioNettySuiteTest.java > ./java/test/org/apache/zookeeper/test/NioNettySuiteHammerTest.java > ./java/test/org/apache/zookeeper/test/NioNettySuiteBase.java > > > ... so I figured these might still be affected? The Debian package disables building against Netty via this patch: https://salsa.debian.org/java-team/zookeeper/-/blob/master/debian/patches/13-disable-netty-connection-factory.patch > And apart from that... if they apparently don't support older versions > anymore, we'd like not even notice should these contain any security > issues. This is certainly a valid point. There is not time to change the situation for bullseye aside from filing an RM bug to prevent the package from shipping with the release. That would impact transitive dependencies of which I believe activemq is the most significant. As an aside, I took a quick look at the latest upstream activemq source release (https://activemq.apache.org/activemq-5016002-release) and it specifies zookeeper 3.4.14 in its pom.xml (which makes me feel a little better). We can work on addressing the situation in bookworm. (One idea I would propose is paring down the package to build just libzookeeper-java, because I imagine that many people use the Debian package to run their ZooKeeper ensembles, although maybe that's not true.) Help is always appreciated. Cheers, tony signature.asc Description: PGP signature
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
On Fri, 2021-07-16 at 12:41 +1000, Craig Small wrote: > I can add an alias easily enough. Using reload is very wrong so > corekeeper do the right thing but it's a one line change for procps. Can you elaborate on what you mean by "Using reload is very wrong"? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
I can add an alias easily enough. Using reload is very wrong so corekeeper do the right thing but it's a one line change for procps. - Craig On Fri, 16 Jul 2021, 12:31 Paul Wise, wrote: > On Fri, 2021-07-16 at 02:25 +, Thorsten Glaser wrote: > > > … this isn’t right. This is an RC bug in corekeeper but nōn-RC > > in procps because of Policy §9.3.2: > > I still think it is RC as it is a feature regression breaking install > of reverse dependencies in supported configurations (sysvinit). > > > So I think it’d be better to clone the bugreport, asking procps nicely > > to implement “reload” while fixing corekeeper for bullseye first. > > If the procps maintainer doesn't plan to fix this in bullseye and > buster, then I guess I will have to workaround it in corekeeper. > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise >
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
On Fri, 2021-07-16 at 02:25 +, Thorsten Glaser wrote: > … this isn’t right. This is an RC bug in corekeeper but nōn-RC > in procps because of Policy §9.3.2: I still think it is RC as it is a feature regression breaking install of reverse dependencies in supported configurations (sysvinit). > So I think it’d be better to clone the bugreport, asking procps nicely > to implement “reload” while fixing corekeeper for bullseye first. If the procps maintainer doesn't plan to fix this in bullseye and buster, then I guess I will have to workaround it in corekeeper. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
Paul Wise dixit: >> Yes, the procps init script does not have the action reload. > >Looks like this is a regression in procps in buster and later. Hrm. OK, but… >I've bounced the thread to the procps maintainer and reassigned. … this isn’t right. This is an RC bug in corekeeper but nōn-RC in procps because of Policy §9.3.2: | The "start", "stop", "restart", and "force-reload" options should be | supported by all init scripts. Supporting "status" is encouraged. The | "reload" and "try-restart" options are optional. So I think it’d be better to clone the bugreport, asking procps nicely to implement “reload” while fixing corekeeper for bullseye first. bye, //mirabilos PS: I was unclear in the previous mail… I found the bug while crossgrading but was actually installing corekeeper on my systems recently; apt insisted on remove+install which is what triggered this. -- you introduced a merge commit│ % g rebase -i HEAD^^ sorry, no idea and rebasing just fscked │ Segmentation should have cloned into a clean repo │ fault (core dumped) if I rebase that now, it's really ugh │ wuahh
Processed: Re: Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
Processing control commands: > reassign -1 procps 3.3.15-2 Bug #991151 [corekeeper] corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed. Bug reassigned from package 'corekeeper' to 'procps'. No longer marked as found in versions corekeeper/1.7. Ignoring request to alter fixed versions of bug #991151 to the same values previously set Bug #991151 [procps] corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed. There is no source info for the package 'procps' at version '3.3.15-2' with architecture '' Unable to make a source version for version '3.3.15-2' Marked as found in versions 3.3.15-2. > retitle -1 procps: dropped the reload option from the init script, breaking > corekeeper Bug #991151 [procps] corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed. Changed Bug title to 'procps: dropped the reload option from the init script, breaking corekeeper' from 'corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.'. > affects -1 corekeeper Bug #991151 [procps] procps: dropped the reload option from the init script, breaking corekeeper Added indication that 991151 affects corekeeper -- 991151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991151 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
Control: reassign -1 procps 3.3.15-2 Control: retitle -1 procps: dropped the reload option from the init script, breaking corekeeper Control: affects -1 corekeeper On Fri, 2021-07-16 at 01:15 +, Thorsten Glaser wrote: > Yes, the procps init script does not have the action reload. Looks like this is a regression in procps in buster and later. I've bounced the thread to the procps maintainer and reassigned. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
Paul Wise dixit:
>On Thu, 2021-07-15 at 21:34 +0200, Thorsten Glaser wrote:
>
>> invoke-rc.d: initscript procps, action "reload" failed.
>
>I don't have this problem on amd64 with systemd,
>can you reproduce it on amd64 with sysvinit?
Yes, the procps init script does not have the action reload.
| Usage: /etc/init.d/procps {start|stop|status|restart|try-restart|force-reload}
>I'm thinking of switching to systemd-coredump,
>are you interested in adopting corekeeper?
I’m trying to not increase the amount of time I sink into
Debian at this moment, sorry; corekeeper i̲s̲ useful though;
it just works as-is.
bye,
//mirabilos
--
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
On Thu, 2021-07-15 at 21:34 +0200, Thorsten Glaser wrote: > invoke-rc.d: initscript procps, action "reload" failed. I don't have this problem on amd64 with systemd, can you reproduce it on amd64 with sysvinit? I'm thinking of switching to systemd-coredump, are you interested in adopting corekeeper? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#991067: x4d-icons FTBFS with imagemagick with the #987504 change
Control: tag -1 patch
The attached patch should fix this by loading a more permissive policy.
Regards,
Dennis Filder.
Description: Override overly strict ImageMagick coder policy (#987504)
This creates a more permissive version of
/etc/ImageMagick-6/policy.xml and ensures it gets loaded after the
one from /etc.
.
It is done by means of a patch to make use of the debhelper-provided
$HOME visible by dh_auto_*.
.
The relevant code is at:
https://sources.debian.org/src/imagemagick/8:6.9.11.60+dfsg-1.3/magick/configure.c/#L860
Author: Dennis Filder
Last-Updated: 2021-07-15
--- a/generate.sh
+++ b/generate.sh
@@ -33,6 +33,29 @@
generate XML '1.0' xml10
generate XML '1.1' xml11
+# this relies on debhelper providing a $HOME directory for us to write
+# to
+polfile="/etc/$(convert -version|sed -n '/^Version: /s@Version: ImageMagick \([[:digit:]]\+\)\..*@ImageMagick-\1@p')"/policy.xml
+if [ ! -f "$polfile" ]; then
+echo "Error: generate.sh: Policy file not found: $polfile" >&2;
+exit 1
+fi
+if [ -e "$HOME"/.magick ]; then
+rm -Rf "$HOME"/.magick
+fi;
+if [ -e "$HOME"/.magick ]; then
+echo "Error: generate.sh: Failed to remove $HOME/.magick -- remove manually and try again." >&2;
+exit 1
+fi
+mkdir "$HOME"/.magick
+if [ ! -d "$HOME"/.magick ]; then
+echo "Error: generate.sh: Failed to create $HOME/.magick -- investigate, fix manually, then try again." >&2;
+exit 1;
+fi
+
+sed -e '//s@"none"@"read|write"@' "$polfile" \
+> "$HOME"/.magick/policy.xml
+
/bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -I{} convert -background none {}-v.svg {}.png
/bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -I{} convert -background none {}-v.svg {}.gif
/bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -I{} convert -background none {}-v.svg {}-v.eps
Processed: x4d-icons FTBFS with imagemagick with the #987504 change
Processing control commands: > tag -1 patch Bug #991067 [src:x4d-icons] x4d-icons FTBFS with imagemagick with the #987504 change Added tag(s) patch. -- 991067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#987486: marked as pending in intake
Control: tag -1 pending Hello, Bug #987486 in intake reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/intake/-/commit/a9d65fc397983ca3a888d7759c6e8c60fe194388 add fix-ftbfs-on-32bits.patch This fix/workaround seems to better translate the intent of the test, and fixes building the package on at least i386 and armel platforms. Closes: #987486 (this message was generated automatically) -- Greetings https://bugs.debian.org/987486
Processed: Bug#987486 marked as pending in intake
Processing control commands: > tag -1 pending Bug #987486 [src:intake] intake FTBFS on 32bit: test failure Added tag(s) pending. -- 987486: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987486 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990816: python3-nosehtmloutput: nosetests3 --with-html fails with RuntimeWarning
Control: tags -1 patch
Hi,
this was fixed upstream in:
https://opendev.org/openstack/nose-html-output/commit/71d12999b06908bbb019f69c89361bd44bec316c
Which is basically the only change in version 0.7. I would propose to
upload that and ask for an unblock. @Thomas: can you take care or should
I do a NMU?
Cheers Jochen
* Enrique [2021-07-08 11:27]:
Package: python3-nosehtmloutput
Version: 0.0.5-2
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: cqu...@arcor.de
Dear Maintainer,
I have installed python3-nosehtmloutput package but it seems as if the plugin
has a problem and it is not possible to use the --with-html option of
nosetests3 that would activate the plugin:
$ nosetests3 --with-html
/usr/lib/python3/dist-packages/nose/plugins/manager.py:394: RuntimeWarning:
Unable to load plugin html-output = htmloutput.htmloutput:HtmlOutput: No module
named 'version'
warn("Unable to load plugin %s: %s" % (ep, e),
Usage: nosetests3 [options]
nosetests3: error: no such option: --with-html
-- System Information:
Debian Release: 11.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-nosehtmloutput depends on:
ii python3 3.9.2-3
ii python3-nose 1.3.7-7
python3-nosehtmloutput recommends no packages.
python3-nosehtmloutput suggests no packages.
signature.asc
Description: PGP signature
Processed: Re: Bug#990816: python3-nosehtmloutput: nosetests3 --with-html fails with RuntimeWarning
Processing control commands: > tags -1 patch Bug #990816 [python3-nosehtmloutput] python3-nosehtmloutput: nosetests3 --with-html fails with RuntimeWarning Added tag(s) patch. -- 990816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990303: marked as done (trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks)
Your message dated Thu, 15 Jul 2021 20:33:34 + with message-id and subject line Bug#990303: fixed in trafficserver 8.1.1+ds-1.1 has caused the Debian Bug report #990303, regarding trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: trafficserver Version: 8.0.2+ds-1+deb10u4 Severity: grave Tags: security Justification: user security hole -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-17-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages trafficserver depends on: ii adduser 3.118 ii libbrotli1 1.0.7-2+deb10u1 ii libc62.28-10 ii libcap2 1:2.25-2 ii libcurl4 7.64.0-4+deb10u2 ii libgcc1 1:8.3.0-6 ii libgeoip11.6.12-1 ii libhwloc51.11.12-3 ii libluajit-5.1-2 2.1.0~beta3+dfsg-5.1 ii liblzma5 5.2.4-1 ii libncursesw6 6.1+20181013-2+deb10u2 ii libpcre3 2:8.39-12 ii libssl1.11.1.1d-0+deb10u6 ii libstdc++6 8.3.0-6 ii libtcl8.68.6.9+dfsg-2 ii libtinfo66.1+20181013-2+deb10u2 ii libunwind8 1.2.1-10~deb10u1 ii libyaml-cpp0.6 0.6.2-4 ii lsb-base 10.2019051400 ii perl 5.28.1-6+deb10u1 ii zlib1g 1:1.2.11.dfsg-1 trafficserver recommends no packages. Versions of packages trafficserver suggests: pn trafficserver-experimental-plugins -- Configuration Files: /etc/trafficserver/ip_allow.config changed [not included] /etc/trafficserver/records.config changed [not included] -- no debconf information Description: ATS is vulnerable to various HTTP/1.x and HTTP/2 attacks CVE: CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash CVE-2021-32567 Reading HTTP/2 frames too many times CVE-2021-35474 Dynamic stack buffer overflow in cachekey plugin Version Affected: ATS 7.0.0 to 7.1.12 ATS 8.0.0 to 8.1.1 ATS 9.0.0 to 9.0.1 Mitigation: 7.x users should upgrade to 8.1.2 or 9.0.2, or later versions 8.x users should upgrade to 8.1.2 or later versions 9.x users should upgrade to 9.0.2 or later versions --- End Message --- --- Begin Message --- Source: trafficserver Source-Version: 8.1.1+ds-1.1 Done: Salvatore Bonaccorso We believe that the bug you reported is fixed in the latest version of trafficserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated trafficserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Jul 2021 21:48:17 +0200 Source: trafficserver Architecture: source Version: 8.1.1+ds-1.1 Distribution: unstable Urgency: medium Maintainer: Jean Baptiste Favre Changed-By: Salvatore Bonaccorso Closes: 990303 Changes: trafficserver (8.1.1+ds-1.1) unstable; urgency=medium . * Non-maintainer upload. * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and CVE-2021-35474. - CVE-2021-27577: Incorrect handling of url fragment leads to cache poisoning - CVE-2021-32565: HTTP Request Smuggling, content length with invalid charters - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to crash - CVE-2021-32567: Reading HTTP/2 frames too many times - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin (Closes: #990303) Checksums-Sha1: 4925f90729116068bafa9eaa067d1d8b366f8b78 2881 trafficserver_8.1.1+ds-1.1.dsc 75eccf2d46c76923417e3c0408d46cefa884
Bug#990303: trafficserver: diff for NMU version 8.1.1+ds-1.1
Control: tags 990303 + patch
Hi Jean Baptiste,
I've prepared an NMU for trafficserver (versioned as 8.1.1+ds-1.1). The diff
is attached to this message. Given the timeframe for the full freeze I
went ahead with no delay, as Moritz would like to see as well a
buster-security update. I hope this was fine with you to go straight
with the NMU version to unstable, including a cherry-pick of the
commit Moritz referenced before.
Regards,
Salvatore
diff -Nru trafficserver-8.1.1+ds/debian/changelog trafficserver-8.1.1+ds/debian/changelog
--- trafficserver-8.1.1+ds/debian/changelog 2020-12-06 16:26:39.0 +0100
+++ trafficserver-8.1.1+ds/debian/changelog 2021-07-15 21:48:17.0 +0200
@@ -1,3 +1,20 @@
+trafficserver (8.1.1+ds-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and
+CVE-2021-35474.
+- CVE-2021-27577: Incorrect handling of url fragment leads to cache
+ poisoning
+- CVE-2021-32565: HTTP Request Smuggling, content length with invalid
+ charters
+- CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to
+ crash
+- CVE-2021-32567: Reading HTTP/2 frames too many times
+- CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin
+(Closes: #990303)
+
+ -- Salvatore Bonaccorso Thu, 15 Jul 2021 21:48:17 +0200
+
trafficserver (8.1.1+ds-1) unstable; urgency=medium
* New upstream version 8.1.0+ds
diff -Nru trafficserver-8.1.1+ds/debian/patches/0018-Fixes-7971.patch trafficserver-8.1.1+ds/debian/patches/0018-Fixes-7971.patch
--- trafficserver-8.1.1+ds/debian/patches/0018-Fixes-7971.patch 1970-01-01 01:00:00.0 +0100
+++ trafficserver-8.1.1+ds/debian/patches/0018-Fixes-7971.patch 2021-07-15 21:45:16.0 +0200
@@ -0,0 +1,153 @@
+From: Evan Zelkowitz
+Date: Tue, 22 Jun 2021 14:32:55 -0700
+Subject: Fixes (#7971)
+Origin: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27577
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32565
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32566
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32567
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-35474
+Bug-Debian: https://bugs.debian.org/990303
+
+* String the url fragment for outgoing requests (#7966)
+
+Co-authored-by: Susan Hinrichs
+(cherry picked from commit 2b13eb33794574e62249997b4ba654d943a10f2d)
+
+* Ensure that the content-length value is only digits (#7964)
+
+Co-authored-by: Susan Hinrichs
+(cherry picked from commit 668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca)
+
+* Schedule H2 reenable event only if it's necessary
+
+Co-authored-by: Katsutoshi Ikenoya
+
+* Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)
+
+* Fix dynamic-stack-buffer-overflow of cachekey plugin
+
+* Check dst_size include null termination
+
+(cherry picked from commit 5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b)
+
+Co-authored-by: Bryan Call
+Co-authored-by: Masakazu Kitajo
+Co-authored-by: Katsutoshi Ikenoya
+Co-authored-by: Masaori Koshiba
+---
+ plugins/cachekey/cachekey.cc | 2 +-
+ proxy/hdrs/HTTP.cc| 11 +++
+ proxy/http/HttpTransact.cc| 5 -
+ proxy/http2/Http2ClientSession.cc | 14 +++---
+ proxy/logging/LogUtils.cc | 2 +-
+ 5 files changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/plugins/cachekey/cachekey.cc b/plugins/cachekey/cachekey.cc
+index 5f128894bfa8..44925b3db280 100644
+--- a/plugins/cachekey/cachekey.cc
b/plugins/cachekey/cachekey.cc
+@@ -41,7 +41,7 @@ appendEncoded(String &target, const char *s, size_t len)
+ return;
+ }
+
+- char tmp[len * 2];
++ char tmp[len * 3 + 1];
+ size_t written;
+
+ /* The default table does not encode the comma, so we need to use our own table here. */
+diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
+index 6a2ecc41d3ad..48032dd9ddf4 100644
+--- a/proxy/hdrs/HTTP.cc
b/proxy/hdrs/HTTP.cc
+@@ -1202,6 +1202,17 @@ validate_hdr_content_length(HdrHeap *heap, HTTPHdrImpl *hh)
+ int content_length_len = 0;
+ const char *content_length_val = content_length_field->value_get(&content_length_len);
+
++// RFC 7230 section 3.3.2
++// Content-Length = 1*DIGIT
++//
++// If the content-length value contains a non-numeric value, the header is invalid
++for (int i = 0; i < content_length_len; i++) {
++ if (!isdigit(content_length_val[i])) {
++Debug("http", "Content-Length value contains non-digit, returning parse error");
++return PARSE_RESULT_ERROR;
++ }
++}
++
+ while (content_length_field->has_dups()) {
+ int content_length_len_2 = 0;
+ const char *content_length_val_2 = content_length_field->m_next_dup->value_get(&content_length
Processed: trafficserver: diff for NMU version 8.1.1+ds-1.1
Processing control commands: > tags 990303 + patch Bug #990303 [trafficserver] trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks Added tag(s) patch. -- 990303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#991151: corekeeper: postrm: invoke-rc.d: initscript procps, action "reload" failed.
Package: corekeeper
Version: 1.7
Severity: serious
Justification: does not uninstall
X-Debbugs-Cc: t...@mirbsd.de
Removing corekeeper:x32 (1.7) ...
Usage: /etc/init.d/procps {start|stop|status|restart|try-restart|force-reload}
invoke-rc.d: initscript procps, action "reload" failed.
dpkg: error processing package corekeeper:x32 (--remove):
installed corekeeper:x32 package post-removal script subprocess returned error
exit status 3
dpkg: too many errors, stopping
Errors were encountered while processing:
corekeeper:x32
-- System Information:
Debian Release: 11.0
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'),
(100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: x32, i386
Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages corekeeper depends on:
ii procps 2:3.3.17-5
corekeeper recommends no packages.
corekeeper suggests no packages.
-- no debconf information
Bug#989080: cifs-utils: Fix for CVE-2021-20208 breaks cifs.upcall
Is there anything a random outside user (like myself) can do to further this merge request along? I rely on KRB5 auth for CIFS mounts and having this still be broken is a bit frustrating. It looks like the merge request is still open and sitting there. I'm willing to help however I can. -- Sam Zarn Systems & Network Administrator
Processed: Re: Bug#991146: python3-libxml2: ambiguous package name 'python3-libxml2' with more than one installed instance
Processing commands for cont...@bugs.debian.org: > reassign 991146 dh-python Bug #991146 [python3-libxml2] python3-libxml2: ambiguous package name 'python3-libxml2' with more than one installed instance Bug reassigned from package 'python3-libxml2' to 'dh-python'. No longer marked as found in versions libxml2/2.9.10+dfsg-6.7. Ignoring request to alter fixed versions of bug #991146 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 991146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991146 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#991146: python3-libxml2: ambiguous package name 'python3-libxml2' with more than one installed instance
reassign 991146 dh-python
thanks
Thorsten Glaser dixit:
>Setting up python3-libxml2:amd64 (2.9.10+dfsg-6.7) ...
>dpkg-query: error: --listfiles needs a valid package name but
>'python3-libxml2' is not: ambiguous package name 'python3-libxml2' with more
>than one installed instance
>
>Use --help for help about querying packages.
>Traceback (most recent call last):
> File "/usr/bin/py3compile", line 319, in
>main()
> File "/usr/bin/py3compile", line 298, in main
>compile(files, versions,
> File "/usr/bin/py3compile", line 183, in compile
>for fn, versions_to_compile in filter_files(files, e_patterns, versions):
> File "/usr/bin/py3compile", line 128, in filter_files
>for fpath in files:
> File "/usr/share/python3/debpython/files.py", line 71, in filter_public
>for fn in files:
> File "/usr/share/python3/debpython/files.py", line 53, in from_package
>raise Exception("cannot get content of %s" % package_name)
>Exception: cannot get content of python3-libxml2
>dpkg: error processing package python3-libxml2:amd64 (--configure):
> installed python3-libxml2:amd64 package post-installation script subprocess
> returned error exit status 1
This affects python3-pil, python3-cairo, … as well. Going from…
-BEGIN cutting here may damage your screen surface-
root@tglase:~ # cat /var/lib/dpkg/info/python3-cairo\:amd64.postinst
#!/bin/sh
set -e
# Automatically added by dh_python3
if which py3compile >/dev/null 2>&1; then
py3compile -p python3-cairo
fi
if which pypy3compile >/dev/null 2>&1; then
pypy3compile -p python3-cairo || true
fi
# End automatically added section
-END cutting here may damage your screen surface-
… this is a bug in dh_python3 because changing to…
py3compile -p python3-cairo:amd64
… makes this succeed.
bye,
//mirabilos
--
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)
Bug#991146: python3-libxml2: ambiguous package name 'python3-libxml2' with more than one installed instance
Package: python3-libxml2
Version: 2.9.10+dfsg-6.7
Severity: serious
Justification: fails to install
X-Debbugs-Cc: t...@mirbsd.de
During crossgrading or when installing multiple versions of python3-libxml2
they fail to configure because of a bug in the postinst script:
Setting up python3-libxml2:amd64 (2.9.10+dfsg-6.7) ...
dpkg-query: error: --listfiles needs a valid package name but 'python3-libxml2'
is not: ambiguous package name 'python3-libxml2' with more than one installed
instance
Use --help for help about querying packages.
Traceback (most recent call last):
File "/usr/bin/py3compile", line 319, in
main()
File "/usr/bin/py3compile", line 298, in main
compile(files, versions,
File "/usr/bin/py3compile", line 183, in compile
for fn, versions_to_compile in filter_files(files, e_patterns, versions):
File "/usr/bin/py3compile", line 128, in filter_files
for fpath in files:
File "/usr/share/python3/debpython/files.py", line 71, in filter_public
for fn in files:
File "/usr/share/python3/debpython/files.py", line 53, in from_package
raise Exception("cannot get content of %s" % package_name)
Exception: cannot get content of python3-libxml2
dpkg: error processing package python3-libxml2:amd64 (--configure):
installed python3-libxml2:amd64 package post-installation script subprocess
returned error exit status 1
-- System Information:
Debian Release: 11.0
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'),
(100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: x32, i386
Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages python3-libxml2 depends on:
ii libc62.31-13
ii libxml2 2.9.10+dfsg-6.7
ii python3 3.9.2-3
python3-libxml2 recommends no packages.
python3-libxml2 suggests no packages.
-- no debconf information
Bug#991078: marked as done (gir1.2-aperture-0 has empty Depends)
Your message dated Thu, 15 Jul 2021 16:20:48 +
with message-id
and subject line Bug#991078: fixed in libaperture-0 0.1.0+git20200908-2
has caused the Debian Bug report #991078,
regarding gir1.2-aperture-0 has empty Depends
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
991078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991078
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gir1.2-aperture-0
Version: 0.1.0+git20200908-1
Severity: serious
${gir:Depends} needs "dh --with gir" in debian/rules.
--- End Message ---
--- Begin Message ---
Source: libaperture-0
Source-Version: 0.1.0+git20200908-2
Done: Henry-Nicolas Tourneur
We believe that the bug you reported is fixed in the latest version of
libaperture-0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 991...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henry-Nicolas Tourneur (supplier of updated libaperture-0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 15 Jul 2021 15:53:35 +
Source: libaperture-0
Architecture: source
Version: 0.1.0+git20200908-2
Distribution: unstable
Urgency: medium
Maintainer: DebianOnMobile Maintainers
Changed-By: Henry-Nicolas Tourneur
Closes: 991078
Changes:
libaperture-0 (0.1.0+git20200908-2) unstable; urgency=medium
.
* d/rules: ensure dh uses --with gir (Closes: #991078)
Checksums-Sha1:
e8313b160c2a3ca4027d483b074e279ffe5a7e87 2653
libaperture-0_0.1.0+git20200908-2.dsc
a0549fe2b52e1eb6e9364c3634971ebe59270889 3964
libaperture-0_0.1.0+git20200908-2.debian.tar.xz
1818691e469c29b5d8d581594a1409d231a680c8 20582
libaperture-0_0.1.0+git20200908-2_amd64.buildinfo
Checksums-Sha256:
e9fd8db028f13cb60de08d9b8b65139a37b8d8a3f393f2bce71f7358f9a62896 2653
libaperture-0_0.1.0+git20200908-2.dsc
26fdd29aaf0f6e9ab8fe9544396bb423e0125e07af17c07ed962290f657bb79e 3964
libaperture-0_0.1.0+git20200908-2.debian.tar.xz
4b78be6fe2fc0237e1e312f1c7b08825d8bc6eef544ba5098a5597fe13d80ef4 20582
libaperture-0_0.1.0+git20200908-2_amd64.buildinfo
Files:
3d2beff2770f7b426920751b751008b6 2653 libs optional
libaperture-0_0.1.0+git20200908-2.dsc
59f2eaaee9ca8dbd80f737bc9f4975cd 3964 libs optional
libaperture-0_0.1.0+git20200908-2.debian.tar.xz
b822f0dc06e65b521b08a4f73fbfec5b 20582 libs optional
libaperture-0_0.1.0+git20200908-2_amd64.buildinfo
-BEGIN PGP SIGNATURE-
iQJEBAEBCgAuFiEENS+/LT+kHSXcqokQ3QyVlN+SbJAFAmDwW+0QHGRlYmlhbkBu
aWx1eC5iZQAKCRDdDJWU35JskIhPEADEISbnyTXxmzliIWQaWDvP41GFjRu8dqbm
X8w79CbsYRXwuyImxzrKSNsj4wATvG9xx6HjwSGtUvB90nte9eafrE6lbGirAkIU
VrMv8BaOfPUColVSjbBPf+OBDNBTgTLz53XGFhW192xCSahSBkiW3F6pJphR7Vp5
JqtcSNkMJyU9GOuQp8n2FrefU8CiPs+v54MGPfv+kfEwwoCmZTULUSDJXVGfzfHS
XcKyFBnfPVZSUfgHG5Pc/KlW8px3X9TdnVb1D/W5OeWkLa4hABWVegpErQ8GvSvt
KwO/cuao8v/uq35ZAhN1YgtBFdHR4WeL4kO2qvmiRbIjB1ZtHP/W6Lg4nB0TYgWZ
toCEtfo1oO0/aoVfkPxUHQQk5bY75LbMXAde4G2t1rR3L9aHN0XnJAEA+i9Zs1C9
I4NT9Fl0ges9XVuqM8amh0WY41VIC8Ky5qI8Oy/dOiTTqJTe1nX0KK4zIlL3b+eq
Nwu1oqx65zGkoZg4rnpOp2abjvAidvyjEaUM5iamDDTwAx2IlfF7zlt3MuyA0cSX
pULuRwhPBDT2S2smukjn+DYRlfz9eZcQG0qWjcT8uN7pALCAw8JV0xdGakyipHrO
3F/4N95xsa3d/8DOf9Jgm1YOr1LgtxzqMRG2O/u03KpdLKJCeMQGIR0fIPqFtf9g
NBlxaaGMRQ==
=VuD1
-END PGP SIGNATURE End Message ---
Processed: user debian...@lists.debian.org, usertagging 990671, affects 990671, found 986480 in 4.8.8+repack-2 ...
Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 990671 piuparts There were no usertags set. Usertags are now: piuparts. > affects 990671 + libjdom2-java-doc Bug #990671 [src:libjdom2-java] libjdom2-java: CVE-2021-33813 Added indication that 990671 affects libjdom2-java-doc > found 986480 4.8.8+repack-2 Bug #986480 [expeyes,eyes17] expeyes,eyes17: broken symlinks: /usr/share/eyes*/helpFiles/??/schematics/*.svg -> ../../schematics/*.svg Marked as found in versions expeyes/4.8.8+repack-2. > affects 991003 + kpatch Bug #991003 [kpatch-dkms] kpatch-dkms: fails to build module for Linux 4.19.0-17 or newer: find_symbol is no longer exported by the kernel Added indication that 991003 affects kpatch > thanks Stopping processing here. Please contact me if you need assistance. -- 986480: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986480 990671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990671 991003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991003 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#987816: marked as done (dask.distributed: FTBFS due to a build-time test failure)
Your message dated Thu, 15 Jul 2021 10:48:27 + with message-id and subject line Bug#987816: fixed in dask.distributed 2021.01.0+ds.1-2.1 has caused the Debian Bug report #987816, regarding dask.distributed: FTBFS due to a build-time test failure to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 987816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: dask.distributed Version: 2021.01.0+ds.1-2 Severity: important Tags: ftbfs User: de...@lists.apertis.org Usertags: apertis-ftbfs X-Debbugs-Cc: de...@lists.apertis.org Dear Maintainer, While rebuilding your package for Apertis, I found that it fails to build because a few of the build-time tests fail. I rebuilt the package in Debian and received the same result. __ test_process_time ___ def test_process_time(): start = metrics.process_time() run_for(0.05) dt = metrics.process_time() - start > assert 0.03 <= dt <= 0.2 E assert 0.03 <= 0.0257041389835 distributed/tests/test_metrics.py:27: AssertionError ___ test_thread_time ___ def test_thread_time(): start = metrics.thread_time() run_for(0.05) dt = metrics.thread_time() - start > assert 0.03 <= dt <= 0.2 E assert 0.03 <= 0.02791333997788 distributed/tests/test_metrics.py:48: AssertionError … Please find the full bug report in the attachment. -- Cheers, Andrej dask.distributed_amd64-2021-04-30T08:46:30Z.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: dask.distributed Source-Version: 2021.01.0+ds.1-2.1 Done: Adrian Bunk We believe that the bug you reported is fixed in the latest version of dask.distributed, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 987...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk (supplier of updated dask.distributed package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 13 Jul 2021 19:19:56 +0300 Source: dask.distributed Architecture: source Version: 2021.01.0+ds.1-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Adrian Bunk Closes: 987816 988675 Changes: dask.distributed (2021.01.0+ds.1-2.1) unstable; urgency=medium . * Non-maintainer upload. * Backport upstream fix removing tests that fail under some circumstances. (Closes: #987816) * python-distributed-doc: Fix broken symlink to html5shiv.min.js, dh_link needs absolute paths. (Closes: #988675) Checksums-Sha1: 5105e3e99c58aae985dabf6665662b3b034fe223 3132 dask.distributed_2021.01.0+ds.1-2.1.dsc 907d36d95b7636a8d0f7510504c1c89cd5d8c505 2023892 dask.distributed_2021.01.0+ds.1-2.1.debian.tar.xz Checksums-Sha256: 9ee59eb7881eaa037b4ed2912ce185f9a61f13ee39f996e1e9d19c5cbaa97edf 3132 dask.distributed_2021.01.0+ds.1-2.1.dsc 5d04c13f6a692664913bdfca3d2504b197eac4014ec20d5cc3a29af28d80b58d 2023892 dask.distributed_2021.01.0+ds.1-2.1.debian.tar.xz Files: ab8b99bb687184d5962e735acdf1731e 3132 python optional dask.distributed_2021.01.0+ds.1-2.1.dsc f5321227d6840d500fda5d765ac11ab2 2023892 python optional dask.distributed_2021.01.0+ds.1-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmDtybgACgkQiNJCh6LY mLFOkA//d1OwZc82XOO+E6accEFm12G9Ly/gx4OuZQo3r8+a4IyoddN61JhM6O/M 68B/bpHCqf2/fRAGnAoPwbp+un1igyKuBERqYmaVc0Tev9tx8R17MmINQ//Nv2vr Vc9TCF/dGekaEWEz7hhEt4Jm3Yl3OR5HxUmhmhz7ys79/Jg1mRkJEMT5mS0DC2ep cDgBRlCKhzxUfItDcpN2qOAKo5vomk2L56cGmNS2jS8udgnNmN+IBnWTwSv+AI7h myGo3gdzJ3LDwXSpHLaYaJ1a/B3kwjDYEC53aXcu301DPrgUDKq8YyEq8+UWO9Eo sRXrH95Dz4Cpzk7FJsadcQvLY6HbFwBLGJaINrhWwHB36D2SfyiItBj57G3LUgmu MC7TnmOk90FGaMUO8KSI3YBIuxOjrBbIQ62M0QKH3rPIa7eRlp1aEJahDzZ/G8JZ 7PmSLAhfNVM4RFzwmmAgqTJa86GaGp5lAbLxyvm4oU+vj9OJ+pU6jYUHIatzxqxz UDHpS6GGV2yLBrjxt2JJJKN+RYAh7dGhjCwxMvPDmN4qx9YTYRifKuddFg3D7qle jkkc2XC5Olggu1xmNmzdrpquZhxuxZz
Bug#990344: Additional information
On 15 Jul 2021 at 8:40, Marc Haber wrote: > This has nothing to do with exim. If you intended to file a new > bug for the backintime package, please use the reportbug tool. Yes. It was a typo. I immediately sent notice to ow...@bugs.debian.org. --- Good afternoon: Please delete/disregard the last entry (Message #50) received at 990...@bugs.debian.org due to an rather unfortunate typo on my behalf. It obviously was intended to reach 990...@bugs.debian.org. --- Sorry for the inconvenience caused. Best,
